| Index: chrome/browser/policy/user_policy_signin_service.cc
|
| diff --git a/chrome/browser/policy/user_policy_signin_service.cc b/chrome/browser/policy/user_policy_signin_service.cc
|
| deleted file mode 100644
|
| index caaaafff41ccc77fa8a42818d86f3b4c1c5b19bf..0000000000000000000000000000000000000000
|
| --- a/chrome/browser/policy/user_policy_signin_service.cc
|
| +++ /dev/null
|
| @@ -1,365 +0,0 @@
|
| -// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "chrome/browser/policy/user_policy_signin_service.h"
|
| -
|
| -#include "base/values.h"
|
| -#include "chrome/browser/browser_process.h"
|
| -#include "chrome/browser/policy/browser_policy_connector.h"
|
| -#include "chrome/browser/policy/cloud_policy_service.h"
|
| -#include "chrome/browser/policy/user_cloud_policy_manager.h"
|
| -#include "chrome/browser/policy/user_cloud_policy_manager_factory.h"
|
| -#include "chrome/browser/prefs/pref_service.h"
|
| -#include "chrome/browser/profiles/profile.h"
|
| -#include "chrome/browser/signin/signin_manager.h"
|
| -#include "chrome/browser/signin/signin_manager_factory.h"
|
| -#include "chrome/browser/signin/token_service.h"
|
| -#include "chrome/browser/signin/token_service_factory.h"
|
| -#include "chrome/common/chrome_notification_types.h"
|
| -#include "chrome/common/pref_names.h"
|
| -#include "content/public/browser/notification_details.h"
|
| -#include "content/public/browser/notification_source.h"
|
| -#include "google_apis/gaia/gaia_constants.h"
|
| -#include "google_apis/gaia/gaia_urls.h"
|
| -#include "google_apis/gaia/oauth2_access_token_fetcher.h"
|
| -
|
| -namespace {
|
| -// Various OAuth service scopes required to do CloudPolicyClient registration.
|
| -const char kServiceScopeChromeOSDeviceManagement[] =
|
| - "https://www.googleapis.com/auth/chromeosdevicemanagement";
|
| -const char kServiceScopeGetUserInfo[] =
|
| - "https://www.googleapis.com/auth/userinfo.email";
|
| -
|
| -// The key under which the hosted-domain value is stored in the UserInfo
|
| -// response.
|
| -const char kGetHostedDomainKey[] = "hd";
|
| -} // namespace
|
| -
|
| -namespace policy {
|
| -
|
| -UserPolicySigninService::UserPolicySigninService(
|
| - Profile* profile)
|
| - : ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)),
|
| - profile_(profile),
|
| - pending_fetch_(false) {
|
| -
|
| - if (profile_->GetPrefs()->GetBoolean(prefs::kDisableCloudPolicyOnSignin))
|
| - return;
|
| -
|
| - // Initialize/shutdown the UserCloudPolicyManager when the user signs out.
|
| - registrar_.Add(this,
|
| - chrome::NOTIFICATION_GOOGLE_SIGNED_OUT,
|
| - content::Source<Profile>(profile));
|
| -
|
| - // Listen for an OAuth token to become available so we can register a client
|
| - // if for some reason the client is not already registered (for example, if
|
| - // the policy load failed during initial signin).
|
| - registrar_.Add(this,
|
| - chrome::NOTIFICATION_TOKEN_AVAILABLE,
|
| - content::Source<TokenService>(
|
| - TokenServiceFactory::GetForProfile(profile)));
|
| -
|
| - // TokenService should not yet have loaded its tokens since this happens in
|
| - // the background after PKS initialization - so this service should always be
|
| - // created before the oauth token is available.
|
| - DCHECK(!TokenServiceFactory::GetForProfile(profile_)->HasOAuthLoginToken());
|
| -
|
| - // Register a listener to be called back once the current profile has finished
|
| - // initializing, so we can startup the UserCloudPolicyManager.
|
| - registrar_.Add(this,
|
| - chrome::NOTIFICATION_PROFILE_ADDED,
|
| - content::Source<Profile>(profile));
|
| -}
|
| -
|
| -UserPolicySigninService::~UserPolicySigninService() {}
|
| -
|
| -void UserPolicySigninService::FetchPolicyForSignedInUser(
|
| - const std::string& oauth2_access_token,
|
| - const PolicyFetchCallback& callback) {
|
| - if (!ShouldLoadPolicyForSignedInUser()) {
|
| - callback.Run(false);
|
| - return;
|
| - }
|
| -
|
| - // If the DeviceManagementService is not yet initialized, start it up now.
|
| - g_browser_process->browser_policy_connector()->
|
| - ScheduleServiceInitialization(0);
|
| -
|
| - // The user has just signed in, so the UserCloudPolicyManager should not yet
|
| - // be initialized, and the client should not be registered because there
|
| - // should be no cached policy. This routine will proactively ask the client
|
| - // to register itself without waiting for the CloudPolicyService to finish
|
| - // initialization.
|
| - DCHECK(!GetManager()->core()->service());
|
| - InitializeUserCloudPolicyManager();
|
| - DCHECK(!GetManager()->IsClientRegistered());
|
| -
|
| - DCHECK(!pending_fetch_);
|
| - pending_fetch_ = true;
|
| - pending_fetch_callback_ = callback;
|
| -
|
| - // Register the client using this access token.
|
| - RegisterCloudPolicyService(oauth2_access_token);
|
| -}
|
| -
|
| -void UserPolicySigninService::StopObserving() {
|
| - UserCloudPolicyManager* manager = GetManager();
|
| - if (manager) {
|
| - if (manager->core()->service())
|
| - manager->core()->service()->RemoveObserver(this);
|
| - if (manager->core()->client())
|
| - manager->core()->client()->RemoveObserver(this);
|
| - }
|
| -}
|
| -
|
| -void UserPolicySigninService::StartObserving() {
|
| - UserCloudPolicyManager* manager = GetManager();
|
| - // Manager should be fully initialized by now.
|
| - DCHECK(manager);
|
| - DCHECK(manager->core()->service());
|
| - DCHECK(manager->core()->client());
|
| - manager->core()->service()->AddObserver(this);
|
| - manager->core()->client()->AddObserver(this);
|
| -}
|
| -
|
| -void UserPolicySigninService::Observe(
|
| - int type,
|
| - const content::NotificationSource& source,
|
| - const content::NotificationDetails& details) {
|
| - // If using a TestingProfile with no SigninManager or UserCloudPolicyManager,
|
| - // skip initialization.
|
| - if (!GetManager() || !SigninManagerFactory::GetForProfile(profile_)) {
|
| - DVLOG(1) << "Skipping initialization for tests due to missing components.";
|
| - return;
|
| - }
|
| -
|
| - switch (type) {
|
| - case chrome::NOTIFICATION_GOOGLE_SIGNED_OUT:
|
| - ShutdownUserCloudPolicyManager();
|
| - break;
|
| - case chrome::NOTIFICATION_PROFILE_ADDED: {
|
| - // A new profile has been loaded - if it's signed in, then initialize the
|
| - // UCPM, otherwise shut down the UCPM (which deletes any cached policy
|
| - // data). This must be done here instead of at constructor time because
|
| - // the Profile is not fully initialized when this object is constructed
|
| - // (DoFinalInit() has not yet been called, so ProfileIOData and
|
| - // SSLConfigServiceManager have not been created yet).
|
| - // TODO(atwilson): Switch to using a timer instead, to avoid contention
|
| - // with other services at startup (http://crbug.com/165468).
|
| - SigninManager* signin_manager =
|
| - SigninManagerFactory::GetForProfile(profile_);
|
| - if (signin_manager->GetAuthenticatedUsername().empty())
|
| - ShutdownUserCloudPolicyManager();
|
| - else
|
| - InitializeUserCloudPolicyManager();
|
| - break;
|
| - }
|
| - case chrome::NOTIFICATION_TOKEN_AVAILABLE: {
|
| - const TokenService::TokenAvailableDetails& token_details =
|
| - *(content::Details<const TokenService::TokenAvailableDetails>(
|
| - details).ptr());
|
| - if (token_details.service() ==
|
| - GaiaConstants::kGaiaOAuth2LoginRefreshToken) {
|
| - // TokenService now has a refresh token (implying that the user is
|
| - // signed in) so initialize the UserCloudPolicyManager.
|
| - InitializeUserCloudPolicyManager();
|
| - }
|
| - break;
|
| - }
|
| - default:
|
| - NOTREACHED();
|
| - }
|
| -}
|
| -
|
| -bool UserPolicySigninService::ShouldLoadPolicyForSignedInUser() {
|
| - if (profile_->GetPrefs()->GetBoolean(prefs::kDisableCloudPolicyOnSignin))
|
| - return false; // Cloud policy is disabled.
|
| -
|
| - const std::string& username = SigninManagerFactory::GetForProfile(profile_)->
|
| - GetAuthenticatedUsername();
|
| -
|
| - if (username.empty())
|
| - return false; // Not signed in.
|
| -
|
| - return !BrowserPolicyConnector::IsNonEnterpriseUser(username);
|
| -}
|
| -
|
| -void UserPolicySigninService::InitializeUserCloudPolicyManager() {
|
| - if (!ShouldLoadPolicyForSignedInUser()) {
|
| - VLOG(1) << "Policy load not enabled for user: " <<
|
| - SigninManagerFactory::GetForProfile(profile_)->
|
| - GetAuthenticatedUsername();
|
| - return;
|
| - }
|
| -
|
| - UserCloudPolicyManager* manager = GetManager();
|
| - DCHECK(!SigninManagerFactory::GetForProfile(profile_)->
|
| - GetAuthenticatedUsername().empty());
|
| - if (!manager->core()->service()) {
|
| - // If there is no cached DMToken then we can detect this below (or when
|
| - // the OnInitializationCompleted() callback is invoked).
|
| - BrowserPolicyConnector* connector =
|
| - g_browser_process->browser_policy_connector();
|
| - manager->Connect(g_browser_process->local_state(),
|
| - connector->device_management_service());
|
| - DCHECK(manager->core()->service());
|
| - StartObserving();
|
| - }
|
| -
|
| - // If the CloudPolicyService is initialized, kick off registration. If the
|
| - // TokenService doesn't have an OAuth token yet (e.g. this is during initial
|
| - // signin, or when dynamically loading a signed-in policy) this does nothing
|
| - // until the OAuth token is loaded.
|
| - if (manager->core()->service()->IsInitializationComplete())
|
| - OnInitializationCompleted(manager->core()->service());
|
| -}
|
| -
|
| -void UserPolicySigninService::ShutdownUserCloudPolicyManager() {
|
| - // Stop any in-progress token fetch.
|
| - oauth2_access_token_fetcher_.reset();
|
| - user_info_fetcher_.reset();
|
| - oauth_access_token_.clear();
|
| -
|
| - StopObserving();
|
| - NotifyPendingFetchCallback(false);
|
| -
|
| - UserCloudPolicyManager* manager = GetManager();
|
| - if (manager) // Can be null in unit tests.
|
| - manager->DisconnectAndRemovePolicy();
|
| -}
|
| -
|
| -void UserPolicySigninService::OnInitializationCompleted(
|
| - CloudPolicyService* service) {
|
| - UserCloudPolicyManager* manager = GetManager();
|
| - DCHECK_EQ(service, manager->core()->service());
|
| - DCHECK(service->IsInitializationComplete());
|
| - // The service is now initialized - if the client is not yet registered, then
|
| - // it means that there is no cached policy and so we need to initiate a new
|
| - // client registration.
|
| - DVLOG_IF(1, manager->IsClientRegistered())
|
| - << "Client already registered - not fetching DMToken";
|
| - if (!manager->IsClientRegistered()) {
|
| - std::string token = TokenServiceFactory::GetForProfile(profile_)->
|
| - GetOAuth2LoginRefreshToken();
|
| - if (token.empty()) {
|
| - // No token yet - this class listens for NOTIFICATION_TOKEN_AVAILABLE
|
| - // and will re-attempt registration once the token is available.
|
| - DLOG(WARNING) << "No OAuth Refresh Token - delaying policy download";
|
| - return;
|
| - }
|
| - RegisterCloudPolicyService(token);
|
| - }
|
| -}
|
| -
|
| -void UserPolicySigninService::RegisterCloudPolicyService(
|
| - std::string login_token) {
|
| - DCHECK(!GetManager()->IsClientRegistered());
|
| - DVLOG(1) << "Fetching new DM Token";
|
| - // Do nothing if already starting the registration process.
|
| - if (oauth2_access_token_fetcher_.get() ||
|
| - user_info_fetcher_.get() ||
|
| - !oauth_access_token_.empty()) {
|
| - return;
|
| - }
|
| -
|
| - // Start fetching an OAuth2 access token for the device management and
|
| - // userinfo services.
|
| - oauth2_access_token_fetcher_.reset(
|
| - new OAuth2AccessTokenFetcher(this, profile_->GetRequestContext()));
|
| - std::vector<std::string> scopes;
|
| - scopes.push_back(kServiceScopeChromeOSDeviceManagement);
|
| - scopes.push_back(kServiceScopeGetUserInfo);
|
| - GaiaUrls* gaia_urls = GaiaUrls::GetInstance();
|
| - oauth2_access_token_fetcher_->Start(
|
| - gaia_urls->oauth2_chrome_client_id(),
|
| - gaia_urls->oauth2_chrome_client_secret(),
|
| - login_token,
|
| - scopes);
|
| -}
|
| -
|
| -void UserPolicySigninService::OnGetTokenFailure(
|
| - const GoogleServiceAuthError& error) {
|
| - DLOG(WARNING) << "Could not fetch access token for "
|
| - << kServiceScopeChromeOSDeviceManagement;
|
| - oauth2_access_token_fetcher_.reset();
|
| - // If there was a pending fetch request, let them know the fetch failed.
|
| - NotifyPendingFetchCallback(false);
|
| -}
|
| -
|
| -void UserPolicySigninService::OnGetTokenSuccess(
|
| - const std::string& access_token,
|
| - const base::Time& expiration_time) {
|
| - oauth_access_token_ = access_token;
|
| - DVLOG(1) << "Fetched new scoped OAuth token:" << oauth_access_token_;
|
| - oauth2_access_token_fetcher_.reset();
|
| - // Now we've gotten our access token - contact GAIA to see if this is a
|
| - // hosted domain.
|
| - user_info_fetcher_.reset(new UserInfoFetcher(this,
|
| - profile_->GetRequestContext()));
|
| - user_info_fetcher_->Start(oauth_access_token_);
|
| -}
|
| -
|
| -void UserPolicySigninService::OnGetUserInfoFailure(
|
| - const GoogleServiceAuthError& error) {
|
| - user_info_fetcher_.reset();
|
| - NotifyPendingFetchCallback(false);
|
| -}
|
| -
|
| -void UserPolicySigninService::OnGetUserInfoSuccess(
|
| - const DictionaryValue* data) {
|
| - user_info_fetcher_.reset();
|
| - if (!data->HasKey(kGetHostedDomainKey)) {
|
| - VLOG(1) << "User not from a hosted domain - skipping registration";
|
| - NotifyPendingFetchCallback(false);
|
| - return;
|
| - }
|
| - VLOG(1) << "Registering CloudPolicyClient for user from hosted domain";
|
| - // The user is from a hosted domain, so it's OK to register the
|
| - // CloudPolicyClient and make requests from DMServer.
|
| - GetManager()->RegisterClient(oauth_access_token_);
|
| -}
|
| -
|
| -void UserPolicySigninService::OnRegistrationStateChanged(
|
| - CloudPolicyClient* client) {
|
| - DCHECK_EQ(GetManager()->core()->client(), client);
|
| - if (pending_fetch_) {
|
| - UserCloudPolicyManager* manager = GetManager();
|
| - if (manager->IsClientRegistered()) {
|
| - // Request a policy fetch.
|
| - manager->core()->service()->RefreshPolicy(
|
| - base::Bind(
|
| - &UserPolicySigninService::NotifyPendingFetchCallback,
|
| - weak_factory_.GetWeakPtr()));
|
| - } else {
|
| - // Shouldn't be possible for the client to get unregistered.
|
| - NOTREACHED() << "Client unregistered while waiting for policy fetch";
|
| - }
|
| - }
|
| -}
|
| -
|
| -void UserPolicySigninService::NotifyPendingFetchCallback(bool success) {
|
| - if (pending_fetch_) {
|
| - pending_fetch_ = false;
|
| - pending_fetch_callback_.Run(success);
|
| - }
|
| -}
|
| -
|
| -void UserPolicySigninService::OnPolicyFetched(CloudPolicyClient* client) {
|
| - // Do nothing when policy is fetched - if the policy fetch is successful,
|
| - // NotifyPendingFetchCallback will be invoked.
|
| -}
|
| -
|
| -void UserPolicySigninService::OnClientError(CloudPolicyClient* client) {
|
| - NotifyPendingFetchCallback(false);
|
| -}
|
| -
|
| -void UserPolicySigninService::Shutdown() {
|
| - StopObserving();
|
| -}
|
| -
|
| -UserCloudPolicyManager* UserPolicySigninService::GetManager() {
|
| - return UserCloudPolicyManagerFactory::GetForProfile(profile_);
|
| -}
|
| -
|
| -} // namespace policy
|
|
|
Chromium Code Reviews
Issue 12189011:
Split up chrome/browser/policy subdirectory (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src