We should use UserID object to identify users instead of username.

chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/files/file_util.h"
@@ skipping 31 matching lines @@
   VALIDATION_FAILURE_LOAD_KEY,
   VALIDATION_FAILURE_SIZE,
 };
 
 void SampleValidationFailure(ValidationFailure sample) {
   UMA_HISTOGRAM_ENUMERATION("Enterprise.UserPolicyValidationFailure",
                             sample,
                             VALIDATION_FAILURE_SIZE);
 }
 
-// Extracts the domain name from the passed username.
-std::string ExtractDomain(const std::string& username) {
-  return gaia::ExtractDomainName(gaia::CanonicalizeEmail(username));
+// Extracts the domain name from the passed user_email.
+std::string ExtractDomain(const std::string& user_email) {
+  return gaia::ExtractDomainName(gaia::CanonicalizeEmail(user_email));
 }
 
 }  // namespace
 
 // Helper class for loading legacy policy caches.
 class LegacyPolicyCacheLoader : public UserPolicyTokenLoader::Delegate,
                                 public UserPolicyDiskCache::Delegate {
  public:
   typedef base::Callback<void(const std::string&,
                               const std::string&,
@@ skipping 102 matching lines @@
       return CloudPolicyStore::STATUS_LOAD_ERROR;
   }
   NOTREACHED();
   return CloudPolicyStore::STATUS_OK;
 }
 
 UserCloudPolicyStoreChromeOS::UserCloudPolicyStoreChromeOS(
     chromeos::CryptohomeClient* cryptohome_client,
     chromeos::SessionManagerClient* session_manager_client,
     scoped_refptr<base::SequencedTaskRunner> background_task_runner,
-    const std::string& username,
+    const user_manager::UserID& user_id,
     const base::FilePath& user_policy_key_dir,
     const base::FilePath& legacy_token_cache_file,
     const base::FilePath& legacy_policy_cache_file)
     : UserCloudPolicyStoreBase(background_task_runner),
       cryptohome_client_(cryptohome_client),
       session_manager_client_(session_manager_client),
-      username_(username),
+      user_id_(user_id),
       user_policy_key_dir_(user_policy_key_dir),
       legacy_cache_dir_(legacy_token_cache_file.DirName()),
       legacy_loader_(new LegacyPolicyCacheLoader(legacy_token_cache_file,
                                                  legacy_policy_cache_file,
                                                  background_task_runner)),
       legacy_caches_loaded_(false),
       policy_key_loaded_(false),
       weak_factory_(this) {}
 
 UserCloudPolicyStoreChromeOS::~UserCloudPolicyStoreChromeOS() {}
 
 void UserCloudPolicyStoreChromeOS::Store(
     const em::PolicyFetchResponse& policy) {
   // Cancel all pending requests.
   weak_factory_.InvalidateWeakPtrs();
   scoped_ptr<em::PolicyFetchResponse> response(
       new em::PolicyFetchResponse(policy));
   EnsurePolicyKeyLoaded(
       base::Bind(&UserCloudPolicyStoreChromeOS::ValidatePolicyForStore,
                  weak_factory_.GetWeakPtr(),
                  base::Passed(&response)));
 }
 
 void UserCloudPolicyStoreChromeOS::Load() {
   // Cancel all pending requests.
   weak_factory_.InvalidateWeakPtrs();
   session_manager_client_->RetrievePolicyForUser(
-      username_,
+      user_id_,
       base::Bind(&UserCloudPolicyStoreChromeOS::OnPolicyRetrieved,
                  weak_factory_.GetWeakPtr()));
 }
 
 void UserCloudPolicyStoreChromeOS::LoadImmediately() {
   // This blocking DBus call is in the startup path and will block the UI
   // thread. This only happens when the Profile is created synchronously, which
   // on ChromeOS happens whenever the browser is restarted into the same
   // session. That happens when the browser crashes, or right after signin if
   // the user has flags configured in about:flags.
   // However, on those paths we must load policy synchronously so that the
   // Profile initialization never sees unmanaged prefs, which would lead to
   // data loss. http://crbug.com/263061
   std::string policy_blob =
-      session_manager_client_->BlockingRetrievePolicyForUser(username_);
+      session_manager_client_->BlockingRetrievePolicyForUser(user_id_);
   if (policy_blob.empty()) {
     // The session manager doesn't have policy, or the call failed.
     // Just notify that the load is done, and don't bother with the legacy
     // caches in this case.
     NotifyStoreLoaded();
     return;
   }
 
   scoped_ptr<em::PolicyFetchResponse> policy(new em::PolicyFetchResponse());
   if (!policy->ParseFromString(policy_blob)) {
     status_ = STATUS_PARSE_ERROR;
     NotifyStoreError();
     return;
   }
 
   std::string sanitized_username =
-      cryptohome_client_->BlockingGetSanitizedUsername(username_);
+      cryptohome_client_->BlockingGetSanitizedUsername(user_id_);
   if (sanitized_username.empty()) {
     status_ = STATUS_LOAD_ERROR;
     NotifyStoreError();
     return;
   }
 
   policy_key_path_ = user_policy_key_dir_.Append(
       base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str()));
   LoadPolicyKey(policy_key_path_, &policy_key_);
   policy_key_loaded_ = true;
 
   scoped_ptr<UserCloudPolicyValidator> validator =
       CreateValidatorForLoad(policy.Pass());
   validator->RunValidation();
   OnRetrievedPolicyValidated(validator.get());
 }
 
 void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore(
     scoped_ptr<em::PolicyFetchResponse> policy) {
   // Create and configure a validator.
   scoped_ptr<UserCloudPolicyValidator> validator =
       CreateValidator(policy.Pass(),
                       CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
-  validator->ValidateUsername(username_, true);
+  validator->ValidateUsername(user_id_, true);
   if (policy_key_.empty()) {
     validator->ValidateInitialKey(GetPolicyVerificationKey(),
-                                  ExtractDomain(username_));
+                                  ExtractDomain(user_id_.GetUserEmail()));
   } else {
     const bool allow_rotation = true;
     validator->ValidateSignature(policy_key_,
                                  GetPolicyVerificationKey(),
-                                 ExtractDomain(username_),
+                                 ExtractDomain(user_id_.GetUserEmail()),
                                  allow_rotation);
   }
 
   // Start validation. The Validator will delete itself once validation is
   // complete.
   validator.release()->StartValidation(
       base::Bind(&UserCloudPolicyStoreChromeOS::OnPolicyToStoreValidated,
                  weak_factory_.GetWeakPtr()));
 }
 
@@ skipping 13 matching lines @@
   }
 
   std::string policy_blob;
   if (!validator->policy()->SerializeToString(&policy_blob)) {
     status_ = STATUS_SERIALIZE_ERROR;
     NotifyStoreError();
     return;
   }
 
   session_manager_client_->StorePolicyForUser(
-      username_,
+      user_id_,
       policy_blob,
       base::Bind(&UserCloudPolicyStoreChromeOS::OnPolicyStored,
                  weak_factory_.GetWeakPtr()));
 }
 
 void UserCloudPolicyStoreChromeOS::OnPolicyStored(bool success) {
   if (!success) {
     status_ = STATUS_STORE_ERROR;
     NotifyStoreError();
   } else {
@@ skipping 87 matching lines @@
     const std::string& device_id,
     Status status,
     scoped_ptr<em::PolicyFetchResponse> policy) {
   status_ = status;
   if (policy.get()) {
     // Create and configure a validator for the loaded legacy policy. Note that
     // the signature on this policy is not verified.
     scoped_ptr<UserCloudPolicyValidator> validator =
         CreateValidator(policy.Pass(),
                         CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);
-    validator->ValidateUsername(username_, true);
+    validator->ValidateUsername(user_id_, true);
     validator.release()->StartValidation(
         base::Bind(&UserCloudPolicyStoreChromeOS::OnLegacyPolicyValidated,
                    weak_factory_.GetWeakPtr(),
                    dm_token,
                    device_id));
   } else {
     InstallLegacyTokens(dm_token, device_id);
   }
 }
 
@@ skipping 91 matching lines @@
   callback.Run();
 }
 
 void UserCloudPolicyStoreChromeOS::EnsurePolicyKeyLoaded(
     const base::Closure& callback) {
   if (policy_key_loaded_) {
     callback.Run();
   } else {
     // Get the hashed username that's part of the key's path, to determine
     // |policy_key_path_|.
-    cryptohome_client_->GetSanitizedUsername(username_,
+    cryptohome_client_->GetSanitizedUsername(user_id_,
         base::Bind(&UserCloudPolicyStoreChromeOS::OnGetSanitizedUsername,
                    weak_factory_.GetWeakPtr(),
                    callback));
   }
 }
 
 void UserCloudPolicyStoreChromeOS::OnGetSanitizedUsername(
     const base::Closure& callback,
     chromeos::DBusMethodCallStatus call_status,
     const std::string& sanitized_username) {
   // The default empty path will always yield an empty key.
   if (call_status == chromeos::DBUS_METHOD_CALL_SUCCESS &&
       !sanitized_username.empty()) {
     policy_key_path_ = user_policy_key_dir_.Append(
         base::StringPrintf(kPolicyKeyFile, sanitized_username.c_str()));
   } else {
     SampleValidationFailure(VALIDATION_FAILURE_DBUS);
   }
   ReloadPolicyKey(callback);
 }
 
 scoped_ptr<UserCloudPolicyValidator>
 UserCloudPolicyStoreChromeOS::CreateValidatorForLoad(
     scoped_ptr<em::PolicyFetchResponse> policy) {
   scoped_ptr<UserCloudPolicyValidator> validator = CreateValidator(
       policy.Pass(), CloudPolicyValidatorBase::TIMESTAMP_NOT_BEFORE);
-  validator->ValidateUsername(username_, true);
+  validator->ValidateUsername(user_id_, true);
   const bool allow_rotation = false;
   const std::string empty_key = std::string();
   // The policy loaded from session manager need not be validated using the
   // verification key since it is secure, and since there may be legacy policy
   // data that was stored without a verification key. Hence passing an empty
   // value for the verification key.
   validator->ValidateSignature(
-      policy_key_, empty_key, ExtractDomain(username_), allow_rotation);
+      policy_key_, empty_key, ExtractDomain(user_id_.GetUserEmail()), allow_rotation);
   return validator.Pass();
 }
 }  // namespace policy