sync/oauth2.cc - mozc (debian/1.5.1053.102-3)

Tree @debian/1.5.1053.102-3 (Download .tar.gz)

oauth2.cc @debian/1.5.1053.102-3 — raw · history · blame

// Copyright 2010-2012, Google Inc.
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
//     * Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
//     * Redistributions in binary form must reproduce the above
// copyright notice, this list of conditions and the following disclaimer
// in the documentation and/or other materials provided with the
// distribution.
//     * Neither the name of Google Inc. nor the names of its
// contributors may be used to endorse or promote products derived from
// this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#include "sync/oauth2.h"

#include <string>
#include <vector>

#include "base/base.h"
#include "base/util.h"
#include "net/http_client.h"
#include "storage/registry.h"
#include "third_party/jsoncpp/json.h"

namespace mozc {
namespace sync {
namespace {
// Constants defined in OAuth2 protocol
const char kOAuth2ContentType[] = "application/x-www-form-urlencoded";
const char kOAuth2AccessTokenKey[] = "access_token";
const char kOAuth2RefreshTokenKey[] = "refresh_token";
}  // namespace

void OAuth2::GetAuthorizeUri(const string &authorize_client_uri,
                             const string &client_id,
                             const string &redirect_uri,
                             const string &scope, const string &state,
                             string *auth_uri) {
  DCHECK(auth_uri);

  vector<pair<string, string> > params;
  params.push_back(make_pair("response_type", "code"));
  params.push_back(make_pair("client_id", client_id));
  params.push_back(make_pair("redirect_uri", redirect_uri));
  if (!scope.empty()) {
    params.push_back(make_pair("scope", scope));
  }
  if (!state.empty()) {
    params.push_back(make_pair("state", state));
  }

  *auth_uri = authorize_client_uri + "?";
  Util::AppendCGIParams(params, auth_uri);
}

bool OAuth2::AuthorizeToken(const string &authorize_token_uri,
                            const string &client_id,
                            const string &client_secret,
                            const string &redirect_uri,
                            const string &auth_token, const string &scope,
                            const string &state, string *access_token,
                            string *refresh_token) {
  DCHECK(access_token);

  vector<pair<string, string> > params;
  // REQUIRED parameters
  params.push_back(make_pair("grant_type", "authorization_code"));
  params.push_back(make_pair("client_id", client_id));
  params.push_back(make_pair("client_secret", client_secret));
  params.push_back(make_pair("redirect_uri", redirect_uri));
  params.push_back(make_pair("code", auth_token));
  // OPTIONAL parameters
  if (!scope.empty()) {
    params.push_back(make_pair("scope", scope));
  }
  if (!state.empty()) {
    params.push_back(make_pair("state", state));
  }

  string request;
  Util::AppendCGIParams(params, &request);
  VLOG(2) << "Request to server:" << request;
  mozc::HTTPClient::Option option;
  option.headers.push_back(string("Content-Type: ") + kOAuth2ContentType);
  string response;
  if (!mozc::HTTPClient::Post(authorize_token_uri,
                              request, option, &response)) {
    LOG(ERROR) << "Cannot connect to " << authorize_token_uri
               << " or bad request.";
    return false;
  }

  // Parse JSON and save access_token and refresh_token
  Json::Value root;
  Json::Reader reader;
  if (!reader.parse(response, root)) {
    LOG(INFO) << "Parsing JSON error.";
    return false;
  }
  if (!root.isMember(kOAuth2AccessTokenKey)) {
    LOG(ERROR) << "Cannot find access_token "
               << "in response from authorized server.";
    return false;
  }

  *access_token = root[kOAuth2AccessTokenKey].asString();
  if (NULL != refresh_token && root.isMember(kOAuth2RefreshTokenKey)) {
    *refresh_token = root[kOAuth2RefreshTokenKey].asString();
  }

  return true;
}

// Currently, this method corresponds with only one style of requesting
// while OAuth2 defines several access token types.
// TODO(peria): Make generalized accessor(s)
bool OAuth2::GetProtectedResource(const string &resource_uri,
                                  const string &access_token,
                                  string *output) {
  DCHECK(output);

  mozc::HTTPClient::Option option;
  option.headers.push_back("Authorization: OAuth " + access_token);
  return mozc::HTTPClient::Get(resource_uri, option, output);
}

bool OAuth2::RefreshTokens(const string &refresh_uri,
                           const string &client_id,
                           const string &client_secret,
                           const string &scope,
                           string *refresh_token,
                           string *access_token) {
  DCHECK(refresh_token);
  DCHECK(access_token);

  vector<pair<string, string> > params;
  // REQUIRED parameters
  params.push_back(make_pair("grant_type", "refresh_token"));
  params.push_back(make_pair("client_id", client_id));
  params.push_back(make_pair("client_secret", client_secret));
  params.push_back(make_pair("refresh_token", *refresh_token));
  if (!scope.empty()) {
    params.push_back(make_pair("scope", scope));
  }

  string request;
  Util::AppendCGIParams(params, &request);
  VLOG(2) << "Request to server:" << request;
  mozc::HTTPClient::Option option;
  option.headers.push_back(string("Content-Type: ") + kOAuth2ContentType);
  string response;
  if (!mozc::HTTPClient::Post(refresh_uri, request, option, &response)) {
    LOG(ERROR) << "Cannot connect to " << refresh_uri << " or bad request.";
    return false;
  }

  LOG(INFO) << response;
  // Parse JSON and save access_token and refresh_token
  Json::Value root;
  Json::Reader reader;
  if (!reader.parse(response, root)) {
    LOG(INFO) << "Parsing JSON error.";
    return false;
  }
  if (!root.isMember(kOAuth2AccessTokenKey)) {
    LOG(ERROR) << "cannot find " << kOAuth2AccessTokenKey
               << " in response from authorized server.";
    return false;
  }
  *access_token = root[kOAuth2AccessTokenKey].asString();

  if (root.isMember(kOAuth2RefreshTokenKey)) {
    *refresh_token = root[kOAuth2RefreshTokenKey].asString();
  } else {
    LOG(INFO) << "cannot find " << kOAuth2RefreshTokenKey
              << " in response from authorized server.";
    // This is not an error so pass through.
  }

  return true;
}

};  // namespace sync
};  // namespace mozc