Google Git
Sign in
weave / weave / libweave / 390d1911a68b765eef645026756f7290bacb2e15^! / . / buffet / device_registration_info.cc
commit390d1911a68b765eef645026756f7290bacb2e15[log] [tgz]
authorDavid Zeuthen <zeuthen@chromium.org>Tue Mar 03 14:54:48 2015 -0500
committerChromeOS Commit Bot <chromeos-commit-bot@chromium.org>Thu Mar 05 02:39:26 2015 +0000
tree1fea987972009e543f2702d5e02c6c6769d986ea
parent2d0369ec99bd56d27878a651149b13a872a3e2d1 [diff] [blame]
buffet: Forcibly refresh access token when handling HTTP error 401.

It's not enough to just check that the access token hasn't expired so
always fetch a new access token when the server specifically tells us
that the access token is wrong (e.g. HTTP error code 401).

BUG=brillo:275
TEST=Unit tests pass.

Change-Id: Ib619883a9629e313c9f76679232bcd245bf83bb9
Reviewed-on: https://chromium-review.googlesource.com/255590
Reviewed-by: Nathan Bullock <nathanbullock@google.com>
Reviewed-by: Christopher Wiley <wiley@chromium.org>
Tested-by: David Zeuthen <zeuthen@chromium.org>
Commit-Queue: David Zeuthen <zeuthen@chromium.org>

diff --git a/buffet/device_registration_info.cc b/buffet/device_registration_info.cc
index 0b98cb7..72d6d67 100644
--- a/buffet/device_registration_info.cc
+++ b/buffet/device_registration_info.cc

@@ -268,7 +268,7 @@
 
 bool DeviceRegistrationInfo::CheckRegistration(chromeos::ErrorPtr* error) {
   return HaveRegistrationCredentials(error) &&
-         ValidateAndRefreshAccessToken(error);
+         MaybeRefreshAccessToken(error);
 }
 
 bool DeviceRegistrationInfo::HaveRegistrationCredentials(
@@ -311,7 +311,7 @@
   return resp;
 }
 
-bool DeviceRegistrationInfo::ValidateAndRefreshAccessToken(
+bool DeviceRegistrationInfo::MaybeRefreshAccessToken(
     chromeos::ErrorPtr* error) {
   LOG(INFO) << "Checking access token expiration.";
   if (!access_token_.empty() &&
@@ -320,7 +320,12 @@
     LOG(INFO) << "Access token is still valid.";
     return true;
   }
+  return RefreshAccessToken(error);
+}
 
+bool DeviceRegistrationInfo::RefreshAccessToken(
+    chromeos::ErrorPtr* error) {
+  LOG(INFO) << "Refreshing access token.";
   auto response = chromeos::http::PostFormDataAndBlock(GetOAuthURL("token"), {
     {"refresh_token", refresh_token_},
     {"client_id", client_id_},
@@ -687,7 +692,8 @@
     if (error->HasError(chromeos::errors::http::kDomain,
                         std::to_string(chromeos::http::status_code::Denied))) {
       chromeos::ErrorPtr reauthorization_error;
-      if (!self->ValidateAndRefreshAccessToken(&reauthorization_error)) {
+      // Forcibly refresh the access token.
+      if (!self->RefreshAccessToken(&reauthorization_error)) {
         // TODO(antonm): Check if the device has been actually removed.
         error_cb(request_id, reauthorization_error.get());
         return;