We should use UserID object to identify users instead of username.

chrome/browser/chromeos/login/existing_user_controller.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/existing_user_controller.h"
 
 #include <vector>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
@@ skipping 46 matching lines @@
 #include "chromeos/dbus/power_manager_client.h"
 #include "chromeos/dbus/session_manager_client.h"
 #include "chromeos/login/user_names.h"
 #include "chromeos/settings/cros_settings_names.h"
 #include "components/google/core/browser/google_util.h"
 #include "components/policy/core/common/cloud/cloud_policy_core.h"
 #include "components/policy/core/common/cloud/cloud_policy_store.h"
 #include "components/policy/core/common/policy_map.h"
 #include "components/policy/core/common/policy_service.h"
 #include "components/policy/core/common/policy_types.h"
+#include "components/user_manager/user_id.h"
 #include "components/user_manager/user_manager.h"
 #include "components/user_manager/user_type.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/user_metrics.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "net/http/http_auth_cache.h"
 #include "net/http/http_network_session.h"
@@ skipping 68 matching lines @@
 
 }  // namespace
 
 // static
 ExistingUserController* ExistingUserController::current_controller_ = NULL;
 
 ////////////////////////////////////////////////////////////////////////////////
 // ExistingUserController, public:
 
 ExistingUserController::ExistingUserController(LoginDisplayHost* host)
-    : auth_status_consumer_(NULL),
+    : public_session_auto_login_user_id_(std::string(), std::string()),
+      auth_status_consumer_(NULL),
+      last_login_attempt_user_id_(std::string(), std::string()),

[Denis Kuznetsov (DE-MUC), 2015/06/10 16:50:46]

EmptyUserID()
here and above?

       host_(host),
       login_display_(host_->CreateLoginDisplay(this)),
       num_login_attempts_(0),
       cros_settings_(CrosSettings::Get()),
       offline_failed_(false),
       is_login_in_progress_(false),
+      online_succeeded_for_(std::string(), std::string()),

[Denis Kuznetsov (DE-MUC), 2015/06/10 16:50:46]

EmptyUserID()?

       password_changed_(false),
       auth_mode_(LoginPerformer::AUTH_MODE_EXTENSION),
       signin_screen_ready_(false),
       network_state_helper_(new login::NetworkStateHelper),
       weak_factory_(this) {
   DCHECK(current_controller_ == NULL);
   current_controller_ = this;
 
   registrar_.Add(this,
                  chrome::NOTIFICATION_USER_LIST_CHANGED,
@@ skipping 50 matching lines @@
   cros_settings_->GetBoolean(kAccountsPrefShowUserNamesOnSignIn,
                              &show_users_on_signin);
   for (user_manager::UserList::const_iterator it = users.begin();
        it != users.end();
        ++it) {
     // TODO(xiyuan): Clean user profile whose email is not in whitelist.
     bool meets_supervised_requirements =
         (*it)->GetType() != user_manager::USER_TYPE_SUPERVISED ||
         user_manager::UserManager::Get()->AreSupervisedUsersAllowed();
     bool meets_whitelist_requirements =
-        CrosSettings::IsWhitelisted((*it)->email(), NULL) ||
+        CrosSettings::IsWhitelisted((*it)->GetUserID(), NULL) ||
         !(*it)->HasGaiaAccount();
 
     // Public session accounts are always shown on login screen.
     bool meets_show_users_requirements =
         show_users_on_signin ||
         (*it)->GetType() == user_manager::USER_TYPE_PUBLIC_ACCOUNT;
     if (meets_supervised_requirements &&
         meets_whitelist_requirements &&
         meets_show_users_requirements) {
       filtered_users.push_back(*it);
@@ skipping 80 matching lines @@
 
 void ExistingUserController::CancelPasswordChangedFlow() {
   login_performer_.reset(NULL);
   PerformLoginFinishedActions(true /* start public session timer */);
 }
 
 void ExistingUserController::CreateAccount() {
   content::RecordAction(base::UserMetricsAction("Login.CreateAccount"));
   guest_mode_url_ = google_util::AppendGoogleLocaleParam(
       GURL(kCreateAccountURL), g_browser_process->GetApplicationLocale());
-  Login(UserContext(user_manager::USER_TYPE_GUEST, std::string()),
+  Login(UserContext(user_manager::USER_TYPE_GUEST, login::GetGuestUserID()),
         SigninSpecifics());
 }
 
 void ExistingUserController::CompleteLogin(const UserContext& user_context) {
   login_display_->set_signin_completed(true);
   if (!host_) {
     // Complete login event was generated already from UI. Ignore notification.
     return;
   }
 
@@ skipping 32 matching lines @@
   BootTimesRecorder::Get()->RecordLoginAttempted();
 
   // Use the same LoginPerformer for subsequent login as it has state
   // such as Authenticator instance.
   if (!login_performer_.get() || num_login_attempts_ <= 1) {
     // Only one instance of LoginPerformer should exist at a time.
     login_performer_.reset(NULL);
     login_performer_.reset(new ChromeLoginPerformer(this));
   }
 
-  if (gaia::ExtractDomainName(user_context.GetUserID()) ==
+  if (gaia::ExtractDomainName(user_context.GetUserID().GetUserEmail()) ==

[Denis Kuznetsov (DE-MUC), 2015/06/10 16:50:46]

Maybe add chromeos::login::IsSupervisedUser(UserID) method?

       chromeos::login::kSupervisedUserDomain) {
     login_performer_->LoginAsSupervisedUser(user_context);
   } else {
     login_performer_->PerformLogin(user_context, auth_mode);
     RecordPasswordLoginEvent(user_context);
   }
   SendAccessibilityAlert(
       l10n_util::GetStringUTF8(IDS_CHROMEOS_ACC_LOGIN_SIGNING_IN));
 }
 
@@ skipping 113 matching lines @@
 //
 
 void ExistingUserController::OnAuthFailure(const AuthFailure& failure) {
   offline_failed_ = true;
   guest_mode_url_ = GURL::EmptyGURL();
   std::string error = failure.GetErrorString();
 
   PerformLoginFinishedActions(false /* don't start public session timer */);
 
   if (ChromeUserManager::Get()
-          ->GetUserFlow(last_login_attempt_username_)
+          ->GetUserFlow(last_login_attempt_user_id_)
           ->HandleLoginFailure(failure)) {
     return;
   }
 
   if (failure.reason() == AuthFailure::OWNER_REQUIRED) {
     ShowError(IDS_LOGIN_ERROR_OWNER_REQUIRED, error);
     content::BrowserThread::PostDelayedTask(
         content::BrowserThread::UI, FROM_HERE,
         base::Bind(&SessionManagerClient::StopSession,
                    base::Unretained(DBusThreadManager::Get()->
                                     GetSessionManagerClient())),
         base::TimeDelta::FromMilliseconds(kSafeModeRestartUiDelayMs));
   } else if (failure.reason() == AuthFailure::TPM_ERROR) {
     ShowTPMError();
   } else if (!online_succeeded_for_.empty()) {
     ShowGaiaPasswordChanged(online_succeeded_for_);
-  } else if (last_login_attempt_username_ == chromeos::login::kGuestUserName) {
+  } else if (last_login_attempt_user_id_ == chromeos::login::GetGuestUserID()) {

[Denis Kuznetsov (DE-MUC), 2015/06/10 16:50:46]

Maybe introduce chromeos::login::IsGuestUser(UserID) method?

     // Show no errors, just re-enable input.
     login_display_->ClearAndEnablePassword();
     StartPublicSessionAutoLoginTimer();
   } else {
     // Check networking after trying to login in case user is
     // cached locally or the local admin account.
     bool is_known_user = user_manager::UserManager::Get()->IsKnownUser(
-        last_login_attempt_username_);
+        last_login_attempt_user_id_);
     if (!network_state_helper_->IsConnected()) {
       if (is_known_user)
         ShowError(IDS_LOGIN_ERROR_AUTHENTICATING, error);
       else
         ShowError(IDS_LOGIN_ERROR_OFFLINE_FAILED_NETWORK_NOT_CONNECTED, error);
     } else {
       // TODO(nkostylev): Cleanup rest of ClientLogin related code.
       if (failure.reason() == AuthFailure::NETWORK_AUTH_FAILED &&
           failure.error().state() ==
               GoogleServiceAuthError::HOSTED_NOT_ALLOWED) {
         ShowError(IDS_LOGIN_ERROR_AUTHENTICATING_HOSTED, error);
       } else {
         if (!is_known_user)
           ShowError(IDS_LOGIN_ERROR_AUTHENTICATING_NEW, error);
         else
           ShowError(IDS_LOGIN_ERROR_AUTHENTICATING, error);
       }
     }
     login_display_->ClearAndEnablePassword();
     StartPublicSessionAutoLoginTimer();
   }
 
   // Reset user flow to default, so that special flow will not affect next
   // attempt.
-  ChromeUserManager::Get()->ResetUserFlow(last_login_attempt_username_);
+  ChromeUserManager::Get()->ResetUserFlow(last_login_attempt_user_id_);
 
   if (auth_status_consumer_)
     auth_status_consumer_->OnAuthFailure(failure);
 
   // Clear the recorded displayed email so it won't affect any future attempts.
   display_email_.clear();
 
   // TODO(ginkage): Fix this case once crbug.com/469990 is ready.
   /*
     if (failure.reason() == AuthFailure::COULD_NOT_MOUNT_CRYPTOHOME) {
-      RecordReauthReason(last_login_attempt_username_,
+      RecordReauthReason(last_login_attempt_user_id_,
                          ReauthReason::MISSING_CRYPTOHOME);
     }
   */
 }
 
 void ExistingUserController::OnAuthSuccess(const UserContext& user_context) {
   is_login_in_progress_ = false;
   offline_failed_ = false;
   login_display_->set_signin_completed(true);
 
@@ skipping 45 matching lines @@
   // Reenable clicking on other windows and status area.
   login_display_->SetUIEnabled(true);
 
   if (browser_launched)
     host_ = NULL;
 
   // Inform |auth_status_consumer_| about successful login.
   // TODO(nkostylev): Pass UserContext back crbug.com/424550
   if (auth_status_consumer_) {
     auth_status_consumer_->
-        OnAuthSuccess(UserContext(last_login_attempt_username_));
+        OnAuthSuccess(UserContext(last_login_attempt_user_id_));
   }
 }
 
 void ExistingUserController::OnOffTheRecordAuthSuccess() {
   is_login_in_progress_ = false;
   offline_failed_ = false;
 
   // Mark the device as registered., i.e. the second part of OOBE as completed.
   if (!StartupUtils::IsDeviceRegistered())
     StartupUtils::MarkDeviceRegistered(base::Closure());
@@ skipping 11 matching lines @@
   // Must not proceed without signature verification.
   if (CrosSettingsProvider::TRUSTED != cros_settings_->PrepareTrustedValues(
       base::Bind(&ExistingUserController::OnPasswordChangeDetected,
                  weak_factory_.GetWeakPtr()))) {
     // Value of owner email is still not verified.
     // Another attempt will be invoked after verification completion.
     return;
   }
 
   if (ChromeUserManager::Get()
-          ->GetUserFlow(last_login_attempt_username_)
+          ->GetUserFlow(last_login_attempt_user_id_)
           ->HandlePasswordChangeDetected()) {
     return;
   }
 
   // True if user has already made an attempt to enter old password and failed.
   bool show_invalid_old_password_error =
       login_performer_->password_changed_callback_count() > 1;
 
   // Note: We allow owner using "full sync" mode which will recreate
   // cryptohome and deal with owner private key being lost. This also allows
   // us to recover from a lost owner password/homedir.
   // TODO(gspencer): We shouldn't have to erase stateful data when
   // doing this.  See http://crosbug.com/9115 http://crosbug.com/7792
   login_display_->ShowPasswordChangedDialog(show_invalid_old_password_error,
-                                            display_email_);
+                                            user_manager::UserID::FromUserEmail(display_email_));
 
   if (auth_status_consumer_)
     auth_status_consumer_->OnPasswordChangeDetected();
 
   display_email_.clear();
 }
 
-void ExistingUserController::WhiteListCheckFailed(const std::string& email) {
+void ExistingUserController::WhiteListCheckFailed(const user_manager::UserID& user_id) {
   PerformLoginFinishedActions(true /* start public session timer */);
   offline_failed_ = false;
 
   if (StartupUtils::IsWebviewSigninEnabled()) {
     login_display_->ShowWhitelistCheckFailedError();
   } else {
     if (g_browser_process->platform_part()
             ->browser_policy_connector_chromeos()
             ->IsEnterpriseManaged()) {
-      ShowError(IDS_ENTERPRISE_LOGIN_ERROR_WHITELIST, email);
+      ShowError(IDS_ENTERPRISE_LOGIN_ERROR_WHITELIST, user_id.GetUserEmail());
     } else {
-      ShowError(IDS_LOGIN_ERROR_WHITELIST, email);
+      ShowError(IDS_LOGIN_ERROR_WHITELIST, user_id.GetUserEmail());
     }
-    login_display_->ShowSigninUI(email);
+    login_display_->ShowSigninUI(user_id);
   }
 
   if (auth_status_consumer_) {
     auth_status_consumer_->OnAuthFailure(
         AuthFailure(AuthFailure::WHITELIST_CHECK_FAILED));
   }
 
   display_email_.clear();
 }
 
 void ExistingUserController::PolicyLoadFailed() {
   ShowError(IDS_LOGIN_ERROR_OWNER_KEY_LOST, "");
 
   PerformLoginFinishedActions(false /* don't start public session timer */);
   offline_failed_ = false;
   display_email_.clear();
 }
 
-void ExistingUserController::OnOnlineChecked(const std::string& username,
+void ExistingUserController::OnOnlineChecked(const user_manager::UserID& user_id,
                                              bool success) {
-  if (success && last_login_attempt_username_ == username) {
-    online_succeeded_for_ = username;
+  if (success && last_login_attempt_user_id_ == user_id) {
+    online_succeeded_for_ = user_id;
     // Wait for login attempt to end, if it hasn't yet.
     if (offline_failed_ && !is_login_in_progress_)
-      ShowGaiaPasswordChanged(username);
+      ShowGaiaPasswordChanged(user_id);
   }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // ExistingUserController, private:
 
 void ExistingUserController::DeviceSettingsChanged() {
   // If login was already completed, we should avoid any signin screen
   // transitions, see http://crbug.com/461604 for example.
   if (host_ != NULL && !login_display_->is_signin_completed()) {
@@ skipping 12 matching lines @@
 
 bool ExistingUserController::password_changed() const {
   if (login_performer_)
     return login_performer_->password_changed();
 
   return password_changed_;
 }
 
 void ExistingUserController::LoginAsGuest() {
   PerformPreLoginActions(UserContext(user_manager::USER_TYPE_GUEST,
-                                     chromeos::login::kGuestUserName));
+                                     chromeos::login::GetGuestUserID()));
 
   bool allow_guest;
   cros_settings_->GetBoolean(kAccountsPrefAllowGuest, &allow_guest);
   if (!allow_guest) {
     // Disallowed. The UI should normally not show the guest pod but if for some
     // reason this has been made available to the user here is the time to tell
     // this nicely.
     if (g_browser_process->platform_part()
             ->browser_policy_connector_chromeos()
             ->IsEnterpriseManaged()) {
@@ skipping 75 matching lines @@
             new_user_context),
         locale);
     return;
   }
 
   // The user chose a locale and a suitable keyboard layout or left both unset.
   // Login can continue immediately.
   LoginAsPublicSessionInternal(new_user_context);
 }
 
-void ExistingUserController::LoginAsKioskApp(const std::string& app_id,
+void ExistingUserController::LoginAsKioskApp(const user_manager::UserID& user_id,
                                              bool diagnostic_mode) {
   const bool auto_start = false;
-  host_->StartAppLaunch(app_id, diagnostic_mode, auto_start);
+  host_->StartAppLaunch(user_id.GetUserEmail(), diagnostic_mode, auto_start);

[Denis Kuznetsov (DE-MUC), 2015/06/10 16:50:46]

Please add ToDo that app id can be at some point be separated to another field
(appId rather than e-mail).

 }
 
 void ExistingUserController::ConfigurePublicSessionAutoLogin() {
   std::string auto_login_account_id;
   cros_settings_->GetString(kAccountsPrefDeviceLocalAccountAutoLoginId,
                             &auto_login_account_id);
   const std::vector<policy::DeviceLocalAccount> device_local_accounts =
       policy::GetDeviceLocalAccounts(cros_settings_);
 
-  public_session_auto_login_username_.clear();
+  public_session_auto_login_user_id_.clear();
   for (std::vector<policy::DeviceLocalAccount>::const_iterator
            it = device_local_accounts.begin();
        it != device_local_accounts.end(); ++it) {
     if (it->account_id == auto_login_account_id) {
-      public_session_auto_login_username_ = it->user_id;
+      public_session_auto_login_user_id_ = it->user_id;
       break;
     }
   }
 
   const user_manager::User* user = user_manager::UserManager::Get()->FindUser(
-      public_session_auto_login_username_);
+      public_session_auto_login_user_id_);
   if (!user || user->GetType() != user_manager::USER_TYPE_PUBLIC_ACCOUNT)
-    public_session_auto_login_username_.clear();
+    public_session_auto_login_user_id_.clear();
 
   if (!cros_settings_->GetInteger(
           kAccountsPrefDeviceLocalAccountAutoLoginDelay,
           &public_session_auto_login_delay_)) {
     public_session_auto_login_delay_ = 0;
   }
 
-  if (!public_session_auto_login_username_.empty())
+  if (!public_session_auto_login_user_id_.empty())
     StartPublicSessionAutoLoginTimer();
   else
     StopPublicSessionAutoLoginTimer();
 }
 
 void ExistingUserController::ResetPublicSessionAutoLoginTimer() {
   // Only restart the auto-login timer if it's already running.
   if (auto_login_timer_ && auto_login_timer_->IsRunning()) {
     StopPublicSessionAutoLoginTimer();
     StartPublicSessionAutoLoginTimer();
   }
 }
 
 void ExistingUserController::OnPublicSessionAutoLoginTimerFire() {
-  CHECK(signin_screen_ready_ && !public_session_auto_login_username_.empty());
+  CHECK(signin_screen_ready_ && !public_session_auto_login_user_id_.empty());
   Login(UserContext(user_manager::USER_TYPE_PUBLIC_ACCOUNT,
-                    public_session_auto_login_username_),
+                    public_session_auto_login_user_id_),
         SigninSpecifics());
 }
 
 void ExistingUserController::StopPublicSessionAutoLoginTimer() {
   if (auto_login_timer_)
     auto_login_timer_->Stop();
 }
 
 void ExistingUserController::StartPublicSessionAutoLoginTimer() {
   if (!signin_screen_ready_ ||
       is_login_in_progress_ ||
-      public_session_auto_login_username_.empty()) {
+      public_session_auto_login_user_id_.empty()) {
     return;
   }
 
   // Start the auto-login timer.
   if (!auto_login_timer_)
     auto_login_timer_.reset(new base::OneShotTimer<ExistingUserController>);
 
   auto_login_timer_->Start(
       FROM_HERE,
       base::TimeDelta::FromMilliseconds(
@@ skipping 26 matching lines @@
   } else {
     // login_performer_ will be null if an error occurred during OAuth2 token
     // fetch. In this case, show a generic error.
     help_topic_id = HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT;
   }
 
   if (error_id == IDS_LOGIN_ERROR_AUTHENTICATING) {
     if (num_login_attempts_ > 1) {
       const user_manager::User* user =
           user_manager::UserManager::Get()->FindUser(
-              last_login_attempt_username_);
+              last_login_attempt_user_id_);
       if (user && (user->GetType() == user_manager::USER_TYPE_SUPERVISED))
         error_id = IDS_LOGIN_ERROR_AUTHENTICATING_2ND_TIME_SUPERVISED;
     }
   }
 
   login_display_->ShowError(error_id, num_login_attempts_, help_topic_id);
 }
 
 void ExistingUserController::ShowGaiaPasswordChanged(
-    const std::string& username) {
+    const user_manager::UserID& user_id) {
   // Invalidate OAuth token, since it can't be correct after password is
   // changed.
   user_manager::UserManager::Get()->SaveUserOAuthStatus(
-      username, user_manager::User::OAUTH2_TOKEN_STATUS_INVALID);
-  RecordReauthReason(username, ReauthReason::OTHER);
+      user_id, user_manager::User::OAUTH2_TOKEN_STATUS_INVALID);
+  RecordReauthReason(user_id, ReauthReason::OTHER);
 
   login_display_->SetUIEnabled(true);
-  login_display_->ShowGaiaPasswordChanged(username);
+  login_display_->ShowGaiaPasswordChanged(user_id);
 }
 
 void ExistingUserController::SendAccessibilityAlert(
     const std::string& alert_text) {
   AutomationManagerAura::GetInstance()->HandleAlert(
       ProfileHelper::GetSigninProfile(), alert_text);
 }
 
 void ExistingUserController::SetPublicSessionKeyboardLayoutAndLogin(
     const UserContext& user_context,
@@ skipping 24 matching lines @@
   login_performer_->LoginAsPublicSession(user_context);
   SendAccessibilityAlert(
       l10n_util::GetStringUTF8(IDS_CHROMEOS_ACC_LOGIN_SIGNIN_PUBLIC_ACCOUNT));
 }
 
 void ExistingUserController::PerformPreLoginActions(
     const UserContext& user_context) {
   // Disable clicking on other windows and status tray.
   login_display_->SetUIEnabled(false);
 
-  if (last_login_attempt_username_ != user_context.GetUserID()) {
-    last_login_attempt_username_ = user_context.GetUserID();
+  if (last_login_attempt_user_id_ != user_context.GetUserID()) {

[Denis Kuznetsov (DE-MUC), 2015/06/10 16:50:46]

Same question about (un)equality as above.

+    last_login_attempt_user_id_ = user_context.GetUserID();
     num_login_attempts_ = 0;
 
     // Also reset state variables, which are used to determine password change.
     offline_failed_ = false;
     online_succeeded_for_.clear();
   }
 
   // Guard in cases when we're called twice but login process is still active.
   // This might happen when login process is paused till signed settings status
   // is verified which results in Login* method called again as a callback.
@@ skipping 67 matching lines @@
 
 void ExistingUserController::DoCompleteLogin(
     const UserContext& user_context_wo_device_id) {
   UserContext user_context = user_context_wo_device_id;
   std::string device_id =
       user_manager::UserManager::Get()->GetKnownUserDeviceId(
           user_context.GetUserID());
   if (device_id.empty()) {
     bool is_ephemeral =
         ChromeUserManager::Get()->AreEphemeralUsersEnabled() &&
-        user_context.GetUserID() != ChromeUserManager::Get()->GetOwnerEmail();
+        user_context.GetUserID() != ChromeUserManager::Get()->GetOwnerID();
     device_id = ChromeSigninClient::GenerateSigninScopedDeviceID(is_ephemeral);
   }
   user_context.SetDeviceId(device_id);
 
   PerformPreLoginActions(user_context);
 
   if (!time_init_.is_null()) {
     base::TimeDelta delta = base::Time::Now() - time_init_;
     UMA_HISTOGRAM_MEDIUM_TIMES("Login.PromptToCompleteLoginTime", delta);
     time_init_ = base::Time();  // Reset to null.
@@ skipping 105 matching lines @@
   if (!success) {
     LOG(ERROR) << "OAuth2 token fetch failed.";
     OnAuthFailure(AuthFailure(AuthFailure::FAILED_TO_INITIALIZE_TOKEN));
     return;
   }
   UserSessionManager::GetInstance()->OnOAuth2TokensFetched(user_context);
   PerformLogin(user_context, LoginPerformer::AUTH_MODE_EXTENSION);
 }
 
 }  // namespace chromeos