| Index: components/policy/core/common/cloud/cloud_policy_validator.cc
|
| diff --git a/components/policy/core/common/cloud/cloud_policy_validator.cc b/components/policy/core/common/cloud/cloud_policy_validator.cc
|
| index db015fd0ce75b3c52a6febb2e5b84b73e7a534a5..401a3e947056e30990f005218a787c1354868311 100644
|
| --- a/components/policy/core/common/cloud/cloud_policy_validator.cc
|
| +++ b/components/policy/core/common/cloud/cloud_policy_validator.cc
|
| @@ -11,6 +11,7 @@
|
| #include "base/single_thread_task_runner.h"
|
| #include "base/stl_util.h"
|
| #include "components/policy/core/common/cloud/cloud_policy_constants.h"
|
| +#include "components/user_manager/user_id.h"
|
| #include "crypto/signature_verifier.h"
|
| #include "google_apis/gaia/gaia_auth_util.h"
|
| #include "policy/proto/device_management_backend.pb.h"
|
| @@ -79,10 +80,10 @@ void CloudPolicyValidatorBase::ValidateTimestamp(
|
| }
|
|
|
| void CloudPolicyValidatorBase::ValidateUsername(
|
| - const std::string& expected_user,
|
| + const user_manager::UserID& expected_user_id,
|
| bool canonicalize) {
|
| validation_flags_ |= VALIDATE_USERNAME;
|
| - user_ = expected_user;
|
| + user_id_ = expected_user_id;
|
| canonicalize_user_ = canonicalize;
|
| }
|
|
|
| @@ -175,6 +176,7 @@ CloudPolicyValidatorBase::CloudPolicyValidatorBase(
|
| timestamp_not_after_(0),
|
| timestamp_option_(TIMESTAMP_REQUIRED),
|
| dm_token_option_(DM_TOKEN_REQUIRED),
|
| + user_id_(std::string(), std::string()),
|
| canonicalize_user_(false),
|
| allow_key_rotation_(false),
|
| background_task_runner_(background_task_runner) {}
|
| @@ -476,14 +478,14 @@ CloudPolicyValidatorBase::Status CloudPolicyValidatorBase::CheckUsername() {
|
| return VALIDATION_BAD_USERNAME;
|
| }
|
|
|
| - std::string expected = user_;
|
| - std::string actual = policy_data_->username();
|
| + std::string expected_user_email = user_id_.GetUserEmail();
|
| + std::string actual_email = policy_data_->username();
|
| if (canonicalize_user_) {
|
| - expected = gaia::CanonicalizeEmail(gaia::SanitizeEmail(expected));
|
| - actual = gaia::CanonicalizeEmail(gaia::SanitizeEmail(actual));
|
| + expected_user_email = gaia::CanonicalizeEmail(gaia::SanitizeEmail(expected_user_email));
|
| + actual_email = gaia::CanonicalizeEmail(gaia::SanitizeEmail(actual_email));
|
| }
|
|
|
| - if (expected != actual) {
|
| + if (expected_user_email != actual_email) {
|
| LOG(ERROR) << "Invalid user name " << policy_data_->username();
|
| return VALIDATION_BAD_USERNAME;
|
| }
|
|
|
Chromium Code Reviews
Issue 1165323004:
We should use UserID object to identify users instead of username.
Base URL: https://chromium.googlesource.com/chromium/src.git@master