We should use UserID object to identify users instead of username.

chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h"
 
 #include <keyhi.h>
 
 #include <algorithm>
 #include <string>
@@ skipping 30 matching lines @@
 
 using content::BrowserThread;
 using ownership::OwnerKeyUtil;
 using ownership::PrivateKey;
 using ownership::PublicKey;
 
 namespace chromeos {
 
 namespace {
 
-bool IsOwnerInTests(const std::string& user_id) {
+bool IsOwnerInTests(const user_manager::UserID& user_id) {
   if (user_id.empty() ||
       !base::CommandLine::ForCurrentProcess()->HasSwitch(
           ::switches::kTestType) ||
       !CrosSettings::IsInitialized()) {
     return false;
   }
   const base::Value* value = CrosSettings::Get()->GetPref(kDeviceOwner);
   if (!value || value->GetType() != base::Value::TYPE_STRING)
     return false;
-  return static_cast<const base::StringValue*>(value)->GetString() == user_id;
+  return static_cast<const base::StringValue*>(value)->GetString() == user_id.GetUserEmail();
 }
 
 void LoadPrivateKeyByPublicKey(
     const scoped_refptr<OwnerKeyUtil>& owner_key_util,
     scoped_refptr<PublicKey> public_key,
     const std::string& username_hash,
     const base::Callback<void(const scoped_refptr<PublicKey>& public_key,
                               const scoped_refptr<PrivateKey>& private_key)>&
         callback) {
   crypto::EnsureNSSInit();
@@ skipping 117 matching lines @@
 OwnerSettingsServiceChromeOS::ManagementSettings::~ManagementSettings() {
 }
 
 OwnerSettingsServiceChromeOS::OwnerSettingsServiceChromeOS(
     DeviceSettingsService* device_settings_service,
     Profile* profile,
     const scoped_refptr<OwnerKeyUtil>& owner_key_util)
     : ownership::OwnerSettingsService(owner_key_util),
       device_settings_service_(device_settings_service),
       profile_(profile),
+      user_id_(std::string(), std::string()),

[Denis Kuznetsov (DE-MUC), 2015/06/10 16:50:45]

EmptyUserId()

       waiting_for_profile_creation_(true),
       waiting_for_tpm_token_(true),
       has_pending_fixups_(false),
       has_pending_management_settings_(false),
       weak_factory_(this),
       store_settings_factory_(this) {
   if (TPMTokenLoader::IsInitialized()) {
     TPMTokenLoader::TPMTokenStatus tpm_token_status =
         TPMTokenLoader::Get()->IsTPMTokenEnabled(
             base::Bind(&OwnerSettingsServiceChromeOS::OnTPMTokenReady,
@@ skipping 67 matching lines @@
   em::ChromeDeviceSettingsProto settings;
   if (tentative_settings_.get()) {
     settings = *tentative_settings_;
   } else if (device_settings_service_->status() ==
                  DeviceSettingsService::STORE_SUCCESS &&
              device_settings_service_->device_settings()) {
     settings = *device_settings_service_->device_settings();
   }
   UpdateDeviceSettings(setting, value, settings);
   em::PolicyData policy_data;
-  policy_data.set_username(user_id_);
+  policy_data.set_username(user_id_.GetUserEmail());
   CHECK(settings.SerializeToString(policy_data.mutable_policy_value()));
   FOR_EACH_OBSERVER(OwnerSettingsService::Observer, observers_,
                     OnTentativeChangesInPolicy(policy_data));
   StorePendingChanges();
   return true;
 }
 
 bool OwnerSettingsServiceChromeOS::AppendToList(const std::string& setting,
                                                 const base::Value& value) {
   DCHECK(thread_checker_.CalledOnValidThread());
@@ skipping 17 matching lines @@
       old_value ? static_cast<const base::ListValue*>(old_value)->DeepCopy()
                 : new base::ListValue());
   new_value->Remove(value, nullptr);
   return Set(setting, *new_value);
 }
 
 bool OwnerSettingsServiceChromeOS::CommitTentativeDeviceSettings(
     scoped_ptr<enterprise_management::PolicyData> policy) {
   if (!IsOwner() && !IsOwnerInTests(user_id_))
     return false;
-  if (policy->username() != user_id_) {
+  if (user_manager::UserID::FromUserEmail(policy->username()) != user_id_) {
     LOG(ERROR) << "Username mismatch: " << policy->username() << " vs. "
-               << user_id_;
+               << user_id_.GetUserEmail();
     return false;
   }
   tentative_settings_.reset(new em::ChromeDeviceSettingsProto);
   CHECK(tentative_settings_->ParseFromString(policy->policy_value()));
   StorePendingChanges();
   return true;
 }
 
 void OwnerSettingsServiceChromeOS::Observe(
     int type,
@@ skipping 80 matching lines @@
       BrowserThread::IO,
       FROM_HERE,
       base::Bind(base::IgnoreResult(&crypto::InitializeNSSForChromeOSUser),
                  user_hash,
                  ProfileHelper::GetProfilePathByUserIdHash(user_hash)),
       base::Bind(&DoesPrivateKeyExistAsync, owner_key_util, callback));
 }
 
 // static
 scoped_ptr<em::PolicyData> OwnerSettingsServiceChromeOS::AssemblePolicy(
-    const std::string& user_id,
+    const user_manager::UserID& user_id,
     const em::PolicyData* policy_data,
     bool apply_pending_management_settings,
     const ManagementSettings& pending_management_settings,
     em::ChromeDeviceSettingsProto* settings) {
   scoped_ptr<em::PolicyData> policy(new em::PolicyData());
   if (policy_data) {
     // Preserve management settings.
     if (policy_data->has_management_mode())
       policy->set_management_mode(policy_data->management_mode());
     if (policy_data->has_request_token())
@@ skipping 15 matching lines @@
       policy->set_request_token(pending_management_settings.request_token);
 
     if (pending_management_settings.device_id.empty())
       policy->clear_device_id();
     else
       policy->set_device_id(pending_management_settings.device_id);
   }
   policy->set_policy_type(policy::dm_protocol::kChromeDevicePolicyType);
   policy->set_timestamp(
       (base::Time::Now() - base::Time::UnixEpoch()).InMilliseconds());
-  policy->set_username(user_id);
+  policy->set_username(user_id.GetUserEmail());
   if (policy_data->management_mode() == em::PolicyData::LOCAL_OWNER ||
       policy_data->management_mode() == em::PolicyData::CONSUMER_MANAGED) {
     FixupLocalOwnerPolicy(user_id, settings);
   }
   if (!settings->SerializeToString(policy->mutable_policy_value()))
     return scoped_ptr<em::PolicyData>();
 
   return policy.Pass();
 }
 
 // static
 void OwnerSettingsServiceChromeOS::FixupLocalOwnerPolicy(
-    const std::string& user_id,
+    const user_manager::UserID& user_id,
     enterprise_management::ChromeDeviceSettingsProto* settings) {
   if (!settings->has_allow_new_users())
     settings->mutable_allow_new_users()->set_allow_new_users(true);
 
   em::UserWhitelistProto* whitelist_proto = settings->mutable_user_whitelist();
   if (whitelist_proto->user_whitelist().end() ==
       std::find(whitelist_proto->user_whitelist().begin(),
-                whitelist_proto->user_whitelist().end(), user_id)) {
-    whitelist_proto->add_user_whitelist(user_id);
+                whitelist_proto->user_whitelist().end(), user_id.GetUserEmail())) {
+    whitelist_proto->add_user_whitelist(user_id.GetUserEmail());
   }
 }
 
 // static
 void OwnerSettingsServiceChromeOS::UpdateDeviceSettings(
     const std::string& path,
     const base::Value& value,
     enterprise_management::ChromeDeviceSettingsProto& settings) {
   if (path == kAccountsPrefAllowNewUser) {
     em::AllowNewUsersProto* allow = settings.mutable_allow_new_users();
@@ skipping 126 matching lines @@
       NOTREACHED();
   } else if (path == kAccountsPrefUsers) {
     em::UserWhitelistProto* whitelist_proto = settings.mutable_user_whitelist();
     whitelist_proto->clear_user_whitelist();
     const base::ListValue* users;
     if (value.GetAsList(&users)) {
       for (base::ListValue::const_iterator i = users->begin();
            i != users->end();
            ++i) {
         std::string email;
-        if ((*i)->GetAsString(&email))
-          whitelist_proto->add_user_whitelist(email);
+        if ((*i)->GetAsString(&email)) {
+          const user_manager::UserID user_id(user_manager::UserID::FromUserEmail(email));
+          whitelist_proto->add_user_whitelist(user_id.GetUserEmail());
+        }
       }
     }
   } else if (path == kAccountsPrefEphemeralUsersEnabled) {
     em::EphemeralUsersEnabledProto* ephemeral_users_enabled =
         settings.mutable_ephemeral_users_enabled();
     bool ephemeral_users_enabled_value = false;
     if (value.GetAsBoolean(&ephemeral_users_enabled_value)) {
       ephemeral_users_enabled->set_ephemeral_users_enabled(
           ephemeral_users_enabled_value);
     } else {
@@ skipping 65 matching lines @@
 
     LOG(FATAL) << "Device setting " << path << " is read-only.";
   }
 }
 
 void OwnerSettingsServiceChromeOS::OnPostKeypairLoadedActions() {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   const user_manager::User* user =
       ProfileHelper::Get()->GetUserByProfile(profile_);
-  user_id_ = user ? user->GetUserID() : std::string();
+  user_id_ = user ? user->GetUserID() : user_manager::EmptyUserID();
 
   const bool is_owner = IsOwner() || IsOwnerInTests(user_id_);
   if (is_owner && device_settings_service_)
     device_settings_service_->InitOwner(user_id_, weak_factory_.GetWeakPtr());
 
   has_pending_fixups_ = true;
 }
 
 void OwnerSettingsServiceChromeOS::ReloadKeypairImpl(const base::Callback<
     void(const scoped_refptr<PublicKey>& public_key,
@@ skipping 79 matching lines @@
   std::vector<OnManagementSettingsSetCallback> callbacks;
   pending_management_settings_callbacks_.swap(callbacks);
   for (const auto& callback : callbacks) {
     if (!callback.is_null())
       callback.Run(success);
   }
   StorePendingChanges();
 }
 
 }  // namespace chromeos