chrome/browser/supervised_user/child_accounts/permission_request_creator_apiary.cc - chromium/src - Git at Google

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "chrome/browser/supervised_user/child_accounts/permission_request_creator_apiary.h"

 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/values.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/supervised_user/child_accounts/kids_management_api.h"
 #include "chrome/browser/supervised_user/supervised_user_constants.h"
 #include "chrome/common/chrome_switches.h"
 #include "components/data_use_measurement/core/data_use_user_data.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_manager.h"
 #include "components/signin/core/browser/signin_manager_base.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/storage_partition.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_status_code.h"
 #include "net/traffic_annotation/network_traffic_annotation.h"
 #include "services/network/public/cpp/resource_request.h"
 #include "services/network/public/cpp/shared_url_loader_factory.h"
 #include "services/network/public/cpp/simple_url_loader.h"
 #include "url/gurl.h"

 const char kPermissionRequestApiPath[] = "people/me/permissionRequests";
 const char kPermissionRequestApiScope[] =
     "https://www.googleapis.com/auth/kid.permission";

 const int kNumPermissionRequestRetries = 1;

 // Request keys.
 const char kEventTypeKey[] = "eventType";
 const char kObjectRefKey[] = "objectRef";
 const char kStateKey[] = "state";

 // Request values.
 const char kEventTypeURLRequest[] = "PERMISSION_CHROME_URL";
 const char kEventTypeInstallRequest[] = "PERMISSION_CHROME_CWS_ITEM_INSTALL";
 const char kEventTypeUpdateRequest[] = "PERMISSION_CHROME_CWS_ITEM_UPDATE";
 const char kState[] = "PENDING";

 // Response keys.
 const char kPermissionRequestKey[] = "permissionRequest";
 const char kIdKey[] = "id";

 struct PermissionRequestCreatorApiary::Request {
   Request(const std::string& request_type,
           const std::string& object_ref,
           SuccessCallback callback);
   ~Request();

   std::string request_type;
   std::string object_ref;
   SuccessCallback callback;
   std::unique_ptr<OAuth2TokenService::Request> access_token_request;
   std::string access_token;
   bool access_token_expired;
   std::unique_ptr<network::SimpleURLLoader> simple_url_loader;
 };

 PermissionRequestCreatorApiary::Request::Request(
     const std::string& request_type,
     const std::string& object_ref,
     SuccessCallback callback)
     : request_type(request_type),
       object_ref(object_ref),
       callback(std::move(callback)),
       access_token_expired(false) {}

 PermissionRequestCreatorApiary::Request::~Request() {}

 PermissionRequestCreatorApiary::PermissionRequestCreatorApiary(
     OAuth2TokenService* oauth2_token_service,
     const std::string& account_id,
     scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory)
     : OAuth2TokenService::Consumer("permissions_creator"),
       oauth2_token_service_(oauth2_token_service),
       account_id_(account_id),
       url_loader_factory_(std::move(url_loader_factory)),
       retry_on_network_change_(true) {}

 PermissionRequestCreatorApiary::~PermissionRequestCreatorApiary() {}

 // static
 std::unique_ptr<PermissionRequestCreator>
 PermissionRequestCreatorApiary::CreateWithProfile(Profile* profile) {
   ProfileOAuth2TokenService* token_service =
       ProfileOAuth2TokenServiceFactory::GetForProfile(profile);
   SigninManagerBase* signin = SigninManagerFactory::GetForProfile(profile);
   return base::WrapUnique(new PermissionRequestCreatorApiary(
       token_service, signin->GetAuthenticatedAccountId(),
       content::BrowserContext::GetDefaultStoragePartition(profile)
           ->GetURLLoaderFactoryForBrowserProcess()));
 }

 bool PermissionRequestCreatorApiary::IsEnabled() const {
   return true;
 }

 void PermissionRequestCreatorApiary::CreateURLAccessRequest(
     const GURL& url_requested,
     SuccessCallback callback) {
   CreateRequest(kEventTypeURLRequest, url_requested.spec(),
                 std::move(callback));
 }

 void PermissionRequestCreatorApiary::CreateExtensionInstallRequest(
     const std::string& id,
     SuccessCallback callback) {
   CreateRequest(kEventTypeInstallRequest, id, std::move(callback));
 }

 void PermissionRequestCreatorApiary::CreateExtensionUpdateRequest(
     const std::string& id,
     SuccessCallback callback) {
   CreateRequest(kEventTypeUpdateRequest, id, std::move(callback));
 }

 GURL PermissionRequestCreatorApiary::GetApiUrl() const {
   if (base::CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kPermissionRequestApiUrl)) {
     GURL url(base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
         switches::kPermissionRequestApiUrl));
     LOG_IF(WARNING, !url.is_valid())
         << "Got invalid URL for " << switches::kPermissionRequestApiUrl;
     return url;
   }

   return kids_management_api::GetURL(kPermissionRequestApiPath);
 }

 std::string PermissionRequestCreatorApiary::GetApiScope() const {
   if (base::CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kPermissionRequestApiScope)) {
     return base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
         switches::kPermissionRequestApiScope);
   } else {
     return kPermissionRequestApiScope;
   }
 }

 void PermissionRequestCreatorApiary::CreateRequest(
     const std::string& request_type,
     const std::string& object_ref,
     SuccessCallback callback) {
   requests_.push_back(
       std::make_unique<Request>(request_type, object_ref, std::move(callback)));
   StartFetching(requests_.back().get());
 }

 void PermissionRequestCreatorApiary::StartFetching(Request* request) {
   OAuth2TokenService::ScopeSet scopes;
   scopes.insert(GetApiScope());
   request->access_token_request = oauth2_token_service_->StartRequest(
       account_id_, scopes, this);
 }

 void PermissionRequestCreatorApiary::OnGetTokenSuccess(
     const OAuth2TokenService::Request* request,
     const std::string& access_token,
     const base::Time& expiration_time) {
   auto it = requests_.begin();
   while (it != requests_.end()) {
     if (request == (*it)->access_token_request.get())
       break;
     ++it;
   }
   DCHECK(it != requests_.end());
   (*it)->access_token = access_token;

   net::NetworkTrafficAnnotationTag traffic_annotation =
       net::DefineNetworkTrafficAnnotation("permission_request_creator", R"(
         semantics {
           sender: "Supervised Users"
           description:
             "Requests permission for the user to access a blocked site."
           trigger: "Initiated by the user."
           data:
             "The request is authenticated with an OAuth2 access token "
             "identifying the Google account and contains the URL that the user "
             "requests access to."
           destination: GOOGLE_OWNED_SERVICE
         }
         policy {
           cookies_allowed: NO
           setting:
             "This feature cannot be disabled in settings and is only enabled "
             "for child accounts. If sign-in is restricted to accounts from a "
             "managed domain, those accounts are not going to be child accounts."
           chrome_policy {
             RestrictSigninToPattern {
               policy_options {mode: MANDATORY}
               RestrictSigninToPattern: "*@manageddomain.com"
             }
           }
         })");

   base::DictionaryValue dict;
   dict.SetKey(kEventTypeKey, base::Value((*it)->request_type));
   dict.SetKey(kObjectRefKey, base::Value((*it)->object_ref));
   dict.SetKey(kStateKey, base::Value(kState));
   std::string body;
   base::JSONWriter::Write(dict, &body);

   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = GetApiUrl();
   resource_request->load_flags =
       net::LOAD_DO_NOT_SEND_COOKIES | net::LOAD_DO_NOT_SAVE_COOKIES;
   resource_request->method = "POST";
   resource_request->headers.AddHeaderFromString(base::StringPrintf(
       supervised_users::kAuthorizationHeaderFormat, access_token.c_str()));
   (*it)->simple_url_loader = network::SimpleURLLoader::Create(
       std::move(resource_request), traffic_annotation);
   (*it)->simple_url_loader->AttachStringForUpload(body, "application/json");
   if (retry_on_network_change_) {
     (*it)->simple_url_loader->SetRetryOptions(
         kNumPermissionRequestRetries,
         network::SimpleURLLoader::RETRY_ON_NETWORK_CHANGE);
   }
   // TODO(https://crbug.com/808498): Re-add data use measurement once
   // SimpleURLLoader supports it.
   // ID=data_use_measurement::DataUseUserData::SUPERVISED_USER
   (*it)->simple_url_loader->DownloadToStringOfUnboundedSizeUntilCrashAndDie(
       url_loader_factory_.get(),
       base::BindOnce(&PermissionRequestCreatorApiary::OnSimpleLoaderComplete,
                      base::Unretained(this), std::move(it)));
 }

 void PermissionRequestCreatorApiary::OnGetTokenFailure(
     const OAuth2TokenService::Request* request,
     const GoogleServiceAuthError& error) {
   auto it = requests_.begin();
   while (it != requests_.end()) {
     if (request == (*it)->access_token_request.get())
       break;
     ++it;
   }
   DCHECK(it != requests_.end());
   LOG(WARNING) << "Token error: " << error.ToString();
   DispatchResult(it, false);
 }

 void PermissionRequestCreatorApiary::OnSimpleLoaderComplete(
     RequestList::iterator it,
     std::unique_ptr<std::string> response_body) {
   Request* request = it->get();
   std::unique_ptr<network::SimpleURLLoader> simple_url_loader =
       std::move(request->simple_url_loader);
   int net_error = simple_url_loader->NetError();
   int response_code = -1;
   if (simple_url_loader->ResponseInfo() &&
       simple_url_loader->ResponseInfo()->headers) {
     response_code = simple_url_loader->ResponseInfo()->headers->response_code();
   }

   if (response_code == net::HTTP_UNAUTHORIZED &&
       !request->access_token_expired) {
     request->access_token_expired = true;
     OAuth2TokenService::ScopeSet scopes;
     scopes.insert(GetApiScope());
     oauth2_token_service_->InvalidateAccessToken(account_id_, scopes,
                                                  request->access_token);
     StartFetching(request);
     return;
   }

   if (response_code != net::HTTP_OK) {
     LOG(WARNING) << "HTTP error " << response_code;
     DispatchResult(std::move(it), false);
     return;
   }

   if (net_error != net::OK) {
     LOG(WARNING) << "Network error " << net_error;
     DispatchResult(std::move(it), false);
     return;
   }

   std::string body;
   if (response_body)
     body = std::move(*response_body);

   std::unique_ptr<base::Value> value = base::JSONReader::Read(body);
   base::DictionaryValue* dict = NULL;
   if (!value || !value->GetAsDictionary(&dict)) {
     LOG(WARNING) << "Invalid top-level dictionary";
     DispatchResult(std::move(it), false);
     return;
   }
   base::DictionaryValue* permission_dict = NULL;
   if (!dict->GetDictionary(kPermissionRequestKey, &permission_dict)) {
     LOG(WARNING) << "Permission request not found";
     DispatchResult(std::move(it), false);
     return;
   }
   std::string id;
   if (!permission_dict->GetString(kIdKey, &id)) {
     LOG(WARNING) << "ID not found";
     DispatchResult(std::move(it), false);
     return;
   }
   DispatchResult(std::move(it), true);
 }

 void PermissionRequestCreatorApiary::DispatchResult(RequestList::iterator it,
                                                     bool success) {
   std::move((*it)->callback).Run(success);
   requests_.erase(it);
 }
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "chrome/browser/supervised_user/child_accounts/permission_request_creator_apiary.h"

	#include "base/callback.h"
	#include "base/command_line.h"
	#include "base/json/json_reader.h"
	#include "base/json/json_writer.h"
	#include "base/logging.h"
	#include "base/memory/ptr_util.h"
	#include "base/strings/stringprintf.h"
	#include "base/values.h"
	#include "chrome/browser/profiles/profile.h"
	#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
	#include "chrome/browser/signin/signin_manager_factory.h"
	#include "chrome/browser/supervised_user/child_accounts/kids_management_api.h"
	#include "chrome/browser/supervised_user/supervised_user_constants.h"
	#include "chrome/common/chrome_switches.h"
	#include "components/data_use_measurement/core/data_use_user_data.h"
	#include "components/signin/core/browser/profile_oauth2_token_service.h"
	#include "components/signin/core/browser/signin_manager.h"
	#include "components/signin/core/browser/signin_manager_base.h"
	#include "content/public/browser/browser_context.h"
	#include "content/public/browser/storage_partition.h"
	#include "google_apis/gaia/google_service_auth_error.h"
	#include "net/base/load_flags.h"
	#include "net/base/net_errors.h"
	#include "net/http/http_status_code.h"
	#include "net/traffic_annotation/network_traffic_annotation.h"
	#include "services/network/public/cpp/resource_request.h"
	#include "services/network/public/cpp/shared_url_loader_factory.h"
	#include "services/network/public/cpp/simple_url_loader.h"
	#include "url/gurl.h"

	const char kPermissionRequestApiPath[] = "people/me/permissionRequests";
	const char kPermissionRequestApiScope[] =
	"https://www.googleapis.com/auth/kid.permission";

	const int kNumPermissionRequestRetries = 1;

	// Request keys.
	const char kEventTypeKey[] = "eventType";
	const char kObjectRefKey[] = "objectRef";
	const char kStateKey[] = "state";

	// Request values.
	const char kEventTypeURLRequest[] = "PERMISSION_CHROME_URL";
	const char kEventTypeInstallRequest[] = "PERMISSION_CHROME_CWS_ITEM_INSTALL";
	const char kEventTypeUpdateRequest[] = "PERMISSION_CHROME_CWS_ITEM_UPDATE";
	const char kState[] = "PENDING";

	// Response keys.
	const char kPermissionRequestKey[] = "permissionRequest";
	const char kIdKey[] = "id";

	struct PermissionRequestCreatorApiary::Request {
	Request(const std::string& request_type,
	const std::string& object_ref,
	SuccessCallback callback);
	~Request();

	std::string request_type;
	std::string object_ref;
	SuccessCallback callback;
	std::unique_ptr<OAuth2TokenService::Request> access_token_request;
	std::string access_token;
	bool access_token_expired;
	std::unique_ptr<network::SimpleURLLoader> simple_url_loader;
	};

	PermissionRequestCreatorApiary::Request::Request(
	const std::string& request_type,
	const std::string& object_ref,
	SuccessCallback callback)
	: request_type(request_type),
	object_ref(object_ref),
	callback(std::move(callback)),
	access_token_expired(false) {}

	PermissionRequestCreatorApiary::Request::~Request() {}

	PermissionRequestCreatorApiary::PermissionRequestCreatorApiary(
	OAuth2TokenService* oauth2_token_service,
	const std::string& account_id,
	scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory)
	: OAuth2TokenService::Consumer("permissions_creator"),
	oauth2_token_service_(oauth2_token_service),
	account_id_(account_id),
	url_loader_factory_(std::move(url_loader_factory)),
	retry_on_network_change_(true) {}

	PermissionRequestCreatorApiary::~PermissionRequestCreatorApiary() {}

	// static
	std::unique_ptr<PermissionRequestCreator>
	PermissionRequestCreatorApiary::CreateWithProfile(Profile* profile) {
	ProfileOAuth2TokenService* token_service =
	ProfileOAuth2TokenServiceFactory::GetForProfile(profile);
	SigninManagerBase* signin = SigninManagerFactory::GetForProfile(profile);
	return base::WrapUnique(new PermissionRequestCreatorApiary(
	token_service, signin->GetAuthenticatedAccountId(),
	content::BrowserContext::GetDefaultStoragePartition(profile)
	->GetURLLoaderFactoryForBrowserProcess()));
	}

	bool PermissionRequestCreatorApiary::IsEnabled() const {
	return true;
	}

	void PermissionRequestCreatorApiary::CreateURLAccessRequest(
	const GURL& url_requested,
	SuccessCallback callback) {
	CreateRequest(kEventTypeURLRequest, url_requested.spec(),
	std::move(callback));
	}

	void PermissionRequestCreatorApiary::CreateExtensionInstallRequest(
	const std::string& id,
	SuccessCallback callback) {
	CreateRequest(kEventTypeInstallRequest, id, std::move(callback));
	}

	void PermissionRequestCreatorApiary::CreateExtensionUpdateRequest(
	const std::string& id,
	SuccessCallback callback) {
	CreateRequest(kEventTypeUpdateRequest, id, std::move(callback));
	}

	GURL PermissionRequestCreatorApiary::GetApiUrl() const {
	if (base::CommandLine::ForCurrentProcess()->HasSwitch(
	switches::kPermissionRequestApiUrl)) {
	GURL url(base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
	switches::kPermissionRequestApiUrl));
	LOG_IF(WARNING, !url.is_valid())
	<< "Got invalid URL for " << switches::kPermissionRequestApiUrl;
	return url;
	}

	return kids_management_api::GetURL(kPermissionRequestApiPath);
	}

	std::string PermissionRequestCreatorApiary::GetApiScope() const {
	if (base::CommandLine::ForCurrentProcess()->HasSwitch(
	switches::kPermissionRequestApiScope)) {
	return base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
	switches::kPermissionRequestApiScope);
	} else {
	return kPermissionRequestApiScope;
	}
	}

	void PermissionRequestCreatorApiary::CreateRequest(
	const std::string& request_type,
	const std::string& object_ref,
	SuccessCallback callback) {
	requests_.push_back(
	std::make_unique<Request>(request_type, object_ref, std::move(callback)));
	StartFetching(requests_.back().get());
	}

	void PermissionRequestCreatorApiary::StartFetching(Request* request) {
	OAuth2TokenService::ScopeSet scopes;
	scopes.insert(GetApiScope());
	request->access_token_request = oauth2_token_service_->StartRequest(
	account_id_, scopes, this);
	}

	void PermissionRequestCreatorApiary::OnGetTokenSuccess(
	const OAuth2TokenService::Request* request,
	const std::string& access_token,
	const base::Time& expiration_time) {
	auto it = requests_.begin();
	while (it != requests_.end()) {
	if (request == (*it)->access_token_request.get())
	break;
	++it;
	}
	DCHECK(it != requests_.end());
	(*it)->access_token = access_token;

	net::NetworkTrafficAnnotationTag traffic_annotation =
	net::DefineNetworkTrafficAnnotation("permission_request_creator", R"(
	semantics {
	sender: "Supervised Users"
	description:
	"Requests permission for the user to access a blocked site."
	trigger: "Initiated by the user."
	data:
	"The request is authenticated with an OAuth2 access token "
	"identifying the Google account and contains the URL that the user "
	"requests access to."
	destination: GOOGLE_OWNED_SERVICE
	}
	policy {
	cookies_allowed: NO
	setting:
	"This feature cannot be disabled in settings and is only enabled "
	"for child accounts. If sign-in is restricted to accounts from a "
	"managed domain, those accounts are not going to be child accounts."
	chrome_policy {
	RestrictSigninToPattern {
	policy_options {mode: MANDATORY}
	RestrictSigninToPattern: "*@manageddomain.com"
	}
	}
	})");

	base::DictionaryValue dict;
	dict.SetKey(kEventTypeKey, base::Value((*it)->request_type));
	dict.SetKey(kObjectRefKey, base::Value((*it)->object_ref));
	dict.SetKey(kStateKey, base::Value(kState));
	std::string body;
	base::JSONWriter::Write(dict, &body);

	auto resource_request = std::make_unique<network::ResourceRequest>();
	resource_request->url = GetApiUrl();
	resource_request->load_flags =
	net::LOAD_DO_NOT_SEND_COOKIES \| net::LOAD_DO_NOT_SAVE_COOKIES;
	resource_request->method = "POST";
	resource_request->headers.AddHeaderFromString(base::StringPrintf(
	supervised_users::kAuthorizationHeaderFormat, access_token.c_str()));
	(*it)->simple_url_loader = network::SimpleURLLoader::Create(
	std::move(resource_request), traffic_annotation);
	(*it)->simple_url_loader->AttachStringForUpload(body, "application/json");
	if (retry_on_network_change_) {
	(*it)->simple_url_loader->SetRetryOptions(
	kNumPermissionRequestRetries,
	network::SimpleURLLoader::RETRY_ON_NETWORK_CHANGE);
	}
	// TODO(https://crbug.com/808498): Re-add data use measurement once
	// SimpleURLLoader supports it.
	// ID=data_use_measurement::DataUseUserData::SUPERVISED_USER
	(*it)->simple_url_loader->DownloadToStringOfUnboundedSizeUntilCrashAndDie(
	url_loader_factory_.get(),
	base::BindOnce(&PermissionRequestCreatorApiary::OnSimpleLoaderComplete,
	base::Unretained(this), std::move(it)));
	}

	void PermissionRequestCreatorApiary::OnGetTokenFailure(
	const OAuth2TokenService::Request* request,
	const GoogleServiceAuthError& error) {
	auto it = requests_.begin();
	while (it != requests_.end()) {
	if (request == (*it)->access_token_request.get())
	break;
	++it;
	}
	DCHECK(it != requests_.end());
	LOG(WARNING) << "Token error: " << error.ToString();
	DispatchResult(it, false);
	}

	void PermissionRequestCreatorApiary::OnSimpleLoaderComplete(
	RequestList::iterator it,
	std::unique_ptr<std::string> response_body) {
	Request* request = it->get();
	std::unique_ptr<network::SimpleURLLoader> simple_url_loader =
	std::move(request->simple_url_loader);
	int net_error = simple_url_loader->NetError();
	int response_code = -1;
	if (simple_url_loader->ResponseInfo() &&
	simple_url_loader->ResponseInfo()->headers) {
	response_code = simple_url_loader->ResponseInfo()->headers->response_code();
	}

	if (response_code == net::HTTP_UNAUTHORIZED &&
	!request->access_token_expired) {
	request->access_token_expired = true;
	OAuth2TokenService::ScopeSet scopes;
	scopes.insert(GetApiScope());
	oauth2_token_service_->InvalidateAccessToken(account_id_, scopes,
	request->access_token);
	StartFetching(request);
	return;
	}

	if (response_code != net::HTTP_OK) {
	LOG(WARNING) << "HTTP error " << response_code;
	DispatchResult(std::move(it), false);
	return;
	}

	if (net_error != net::OK) {
	LOG(WARNING) << "Network error " << net_error;
	DispatchResult(std::move(it), false);
	return;
	}

	std::string body;
	if (response_body)
	body = std::move(*response_body);

	std::unique_ptr<base::Value> value = base::JSONReader::Read(body);
	base::DictionaryValue* dict = NULL;
	if (!value \|\| !value->GetAsDictionary(&dict)) {
	LOG(WARNING) << "Invalid top-level dictionary";
	DispatchResult(std::move(it), false);
	return;
	}
	base::DictionaryValue* permission_dict = NULL;
	if (!dict->GetDictionary(kPermissionRequestKey, &permission_dict)) {
	LOG(WARNING) << "Permission request not found";
	DispatchResult(std::move(it), false);
	return;
	}
	std::string id;
	if (!permission_dict->GetString(kIdKey, &id)) {
	LOG(WARNING) << "ID not found";
	DispatchResult(std::move(it), false);
	return;
	}
	DispatchResult(std::move(it), true);
	}

	void PermissionRequestCreatorApiary::DispatchResult(RequestList::iterator it,
	bool success) {
	std::move((*it)->callback).Run(success);
	requests_.erase(it);
	}