Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(48)

Side by Side Diff: chrome/browser/ui/webui/signin/inline_login_handler_impl.cc

Issue 1220843003: Perform online reauth when password is changed for a locked profile. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: polish Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ui/webui/signin/inline_login_handler_impl.h" 5 #include "chrome/browser/ui/webui/signin/inline_login_handler_impl.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/callback_helpers.h" 10 #include "base/callback_helpers.h"
(...skipping 18 matching lines...) Expand all
29 #include "chrome/browser/signin/signin_manager_factory.h" 29 #include "chrome/browser/signin/signin_manager_factory.h"
30 #include "chrome/browser/signin/signin_promo.h" 30 #include "chrome/browser/signin/signin_promo.h"
31 #include "chrome/browser/sync/profile_sync_service.h" 31 #include "chrome/browser/sync/profile_sync_service.h"
32 #include "chrome/browser/sync/profile_sync_service_factory.h" 32 #include "chrome/browser/sync/profile_sync_service_factory.h"
33 #include "chrome/browser/ui/browser_finder.h" 33 #include "chrome/browser/ui/browser_finder.h"
34 #include "chrome/browser/ui/browser_window.h" 34 #include "chrome/browser/ui/browser_window.h"
35 #include "chrome/browser/ui/chrome_pages.h" 35 #include "chrome/browser/ui/chrome_pages.h"
36 #include "chrome/browser/ui/tab_modal_confirm_dialog.h" 36 #include "chrome/browser/ui/tab_modal_confirm_dialog.h"
37 #include "chrome/browser/ui/tab_modal_confirm_dialog_delegate.h" 37 #include "chrome/browser/ui/tab_modal_confirm_dialog_delegate.h"
38 #include "chrome/browser/ui/tabs/tab_strip_model.h" 38 #include "chrome/browser/ui/tabs/tab_strip_model.h"
39 #include "chrome/browser/ui/user_manager.h"
39 #include "chrome/browser/ui/webui/signin/inline_login_ui.h" 40 #include "chrome/browser/ui/webui/signin/inline_login_ui.h"
40 #include "chrome/browser/ui/webui/signin/login_ui_service.h" 41 #include "chrome/browser/ui/webui/signin/login_ui_service.h"
41 #include "chrome/browser/ui/webui/signin/login_ui_service_factory.h" 42 #include "chrome/browser/ui/webui/signin/login_ui_service_factory.h"
42 #include "chrome/common/url_constants.h" 43 #include "chrome/common/url_constants.h"
43 #include "chrome/grit/chromium_strings.h" 44 #include "chrome/grit/chromium_strings.h"
44 #include "chrome/grit/generated_resources.h" 45 #include "chrome/grit/generated_resources.h"
45 #include "components/signin/core/browser/about_signin_internals.h" 46 #include "components/signin/core/browser/about_signin_internals.h"
46 #include "components/signin/core/browser/account_tracker_service.h" 47 #include "components/signin/core/browser/account_tracker_service.h"
47 #include "components/signin/core/browser/profile_oauth2_token_service.h" 48 #include "components/signin/core/browser/profile_oauth2_token_service.h"
48 #include "components/signin/core/browser/signin_error_controller.h" 49 #include "components/signin/core/browser/signin_error_controller.h"
(...skipping 439 matching lines...) Expand 10 before | Expand all | Expand 10 after
488 // This method is not called with webview sign in enabled. 489 // This method is not called with webview sign in enabled.
489 void InlineLoginHandlerImpl::DidCommitProvisionalLoadForFrame( 490 void InlineLoginHandlerImpl::DidCommitProvisionalLoadForFrame(
490 content::RenderFrameHost* render_frame_host, 491 content::RenderFrameHost* render_frame_host,
491 const GURL& url, 492 const GURL& url,
492 ui::PageTransition transition_type) { 493 ui::PageTransition transition_type) {
493 if (!web_contents()) 494 if (!web_contents())
494 return; 495 return;
495 496
496 // Returns early if this is not a gaia iframe navigation. 497 // Returns early if this is not a gaia iframe navigation.
497 const GURL kGaiaExtOrigin( 498 const GURL kGaiaExtOrigin(
498 "chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/"); 499 GaiaUrls::GetInstance()->signin_completed_continue_url().GetOrigin());
499 content::RenderFrameHost* gaia_frame = InlineLoginUI::GetAuthFrame( 500 content::RenderFrameHost* gaia_frame = InlineLoginUI::GetAuthFrame(
500 web_contents(), kGaiaExtOrigin, "signin-frame"); 501 web_contents(), kGaiaExtOrigin, "signin-frame");
501 if (render_frame_host != gaia_frame) 502 if (render_frame_host != gaia_frame)
502 return; 503 return;
503 504
504 // Loading any untrusted (e.g., HTTP) URLs in the privileged sign-in process 505 // Loading any untrusted (e.g., HTTP) URLs in the privileged sign-in process
505 // will require confirmation before the sign in takes effect. 506 // will require confirmation before the sign in takes effect.
506 if (!url.is_empty()) { 507 if (!url.is_empty()) {
507 GURL origin(url.GetOrigin()); 508 GURL origin(url.GetOrigin());
508 if (url.spec() != url::kAboutBlankURL && 509 if (url.spec() != url::kAboutBlankURL &&
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after
633 634
634 base::string16 password_string16; 635 base::string16 password_string16;
635 dict->GetString("password", &password_string16); 636 dict->GetString("password", &password_string16);
636 std::string password(base::UTF16ToASCII(password_string16)); 637 std::string password(base::UTF16ToASCII(password_string16));
637 638
638 base::string16 gaia_id_string16; 639 base::string16 gaia_id_string16;
639 dict->GetString("gaiaId", &gaia_id_string16); 640 dict->GetString("gaiaId", &gaia_id_string16);
640 DCHECK(!gaia_id_string16.empty()); 641 DCHECK(!gaia_id_string16.empty());
641 std::string gaia_id = base::UTF16ToASCII(gaia_id_string16); 642 std::string gaia_id = base::UTF16ToASCII(gaia_id_string16);
642 643
643 // When doing a SAML sign in, this email check may result in a false
644 // positive. This happens when the user types one email address in the
645 // gaia sign in page, but signs in to a different account in the SAML sign in
646 // page.
647 std::string default_email;
648 std::string validate_email;
649 if (net::GetValueForKeyInQuery(current_url, "email", &default_email) &&
650 net::GetValueForKeyInQuery(current_url, "validateEmail",
651 &validate_email) &&
652 validate_email == "1") {
653 if (!gaia::AreEmailsSame(email, default_email)) {
654 HandleLoginError(
655 l10n_util::GetStringFUTF8(IDS_SYNC_WRONG_EMAIL,
656 base::UTF8ToUTF16(default_email)));
657 return;
658 }
659 }
660
661 base::string16 session_index_string16; 644 base::string16 session_index_string16;
662 dict->GetString("sessionIndex", &session_index_string16); 645 dict->GetString("sessionIndex", &session_index_string16);
663 std::string session_index = base::UTF16ToASCII(session_index_string16); 646 std::string session_index = base::UTF16ToASCII(session_index_string16);
664 DCHECK(!session_index.empty()); 647 DCHECK(!session_index.empty());
665 648
666 bool choose_what_to_sync = false; 649 bool choose_what_to_sync = false;
667 dict->GetBoolean("chooseWhatToSync", &choose_what_to_sync); 650 dict->GetBoolean("chooseWhatToSync", &choose_what_to_sync);
668 651
669 signin_metrics::Source source = signin::GetSourceForPromoURL(current_url); 652 content::StoragePartition* partition =
653 content::BrowserContext::GetStoragePartitionForSite(
654 contents->GetBrowserContext(), signin::GetSigninPartitionURL());
655
656 // If this was called from the user manager to reauthenticate the profile,
657 // the URL has a profile index parameter. In this case, the profile used with
658 // FinishCompleteLogin() must not be taken from web_ui(). The profile may
659 // not even be open, so may need to open it first.
660 size_t profile_index = signin::GetProfileIndexForPromoURL(current_url);
661 if (profile_index == std::string::npos) {
662 FinishCompleteLogin(
bcwhite 2015/07/21 13:28:39 Is this the "not called to reauthenticate" case?
Roger Tawa OOO till Jul 10th 2015/07/22 00:12:33 This is the "not called from the user manager to r
bcwhite 2015/07/22 13:42:21 The comment says "if A then B" but the code says "
Roger Tawa OOO till Jul 10th 2015/07/22 15:29:54 Switched order of code.
663 FinishCompleteLoginParams(this, partition, current_url,
664 confirm_untrusted_signin_, email, gaia_id,
665 password, session_index, choose_what_to_sync),
666 Profile::FromWebUI(web_ui()),
667 Profile::CREATE_STATUS_CREATED);
668 } else {
669 // Open the profile and finish the login. Don't pass a handler pointer
670 // since it will be destroyed before the callback runs.
671 ProfileManager* manager = g_browser_process->profile_manager();
672 const ProfileInfoCache& info_cache = manager->GetProfileInfoCache();
673 base::FilePath path = info_cache.GetPathOfProfileAtIndex(profile_index);
674 FinishCompleteLoginParams params(NULL, partition, current_url,
675 confirm_untrusted_signin_, email, gaia_id,
676 password, session_index,
677 choose_what_to_sync);
678 ProfileManager::CreateCallback callback = base::Bind(
679 &InlineLoginHandlerImpl::FinishCompleteLogin, params);
680 profiles::SwitchToProfile(path, chrome::GetActiveDesktop(), true, callback,
681 ProfileMetrics::SWITCH_PROFILE_UNLOCK);
682 }
683
684 web_ui()->CallJavascriptFunction("inline.login.closeDialog");
685 }
686
687 InlineLoginHandlerImpl::FinishCompleteLoginParams::FinishCompleteLoginParams(
688 InlineLoginHandlerImpl* handler,
689 content::StoragePartition* partition,
690 const GURL& url,
691 bool confirm_untrusted_signin,
692 const std::string& email,
693 const std::string& gaia_id,
694 const std::string& password,
695 const std::string& session_index,
696 bool choose_what_to_sync)
697 : handler(handler),
698 partition(partition),
699 url(url),
700 confirm_untrusted_signin(confirm_untrusted_signin),
701 email(email),
702 gaia_id(gaia_id),
703 password(password),
704 session_index(session_index),
705 choose_what_to_sync(choose_what_to_sync) {}
706
707 InlineLoginHandlerImpl::
708 FinishCompleteLoginParams::~FinishCompleteLoginParams() {}
709
710 // static
711 void InlineLoginHandlerImpl::FinishCompleteLogin(
712 const FinishCompleteLoginParams& params,
713 Profile* profile,
714 Profile::CreateStatus) {
715 // When doing a SAML sign in, this email check may result in a false
716 // positive. This happens when the user types one email address in the
717 // gaia sign in page, but signs in to a different account in the SAML sign in
718 // page.
719 std::string default_email;
720 std::string validate_email;
721 if (net::GetValueForKeyInQuery(params.url, "email", &default_email) &&
722 net::GetValueForKeyInQuery(params.url, "validateEmail",
723 &validate_email) &&
724 validate_email == "1") {
725 if (!gaia::AreEmailsSame(params.email, default_email)) {
726 if (params.handler) {
727 params.handler->HandleLoginError(
728 l10n_util::GetStringFUTF8(IDS_SYNC_WRONG_EMAIL,
729 base::UTF8ToUTF16(default_email)));
730 }
731 return;
732 }
733 }
734
735 signin_metrics::Source source = signin::GetSourceForPromoURL(params.url);
670 LogHistogramValue(signin_metrics::HISTOGRAM_ACCEPTED); 736 LogHistogramValue(signin_metrics::HISTOGRAM_ACCEPTED);
671 bool switch_to_advanced = 737 bool switch_to_advanced =
672 choose_what_to_sync && (source != signin_metrics::SOURCE_SETTINGS); 738 params.choose_what_to_sync && (source != signin_metrics::SOURCE_SETTINGS);
673 LogHistogramValue( 739 LogHistogramValue(
674 switch_to_advanced ? signin_metrics::HISTOGRAM_WITH_ADVANCED : 740 switch_to_advanced ? signin_metrics::HISTOGRAM_WITH_ADVANCED :
675 signin_metrics::HISTOGRAM_WITH_DEFAULTS); 741 signin_metrics::HISTOGRAM_WITH_DEFAULTS);
676 742
677 CanOfferFor can_offer_for = CAN_OFFER_FOR_ALL; 743 CanOfferFor can_offer_for = CAN_OFFER_FOR_ALL;
678 switch (source) { 744 switch (source) {
679 case signin_metrics::SOURCE_AVATAR_BUBBLE_ADD_ACCOUNT: 745 case signin_metrics::SOURCE_AVATAR_BUBBLE_ADD_ACCOUNT:
680 can_offer_for = CAN_OFFER_FOR_SECONDARY_ACCOUNT; 746 can_offer_for = CAN_OFFER_FOR_SECONDARY_ACCOUNT;
681 break; 747 break;
682 case signin_metrics::SOURCE_REAUTH: { 748 case signin_metrics::SOURCE_REAUTH: {
683 std::string primary_username = 749 std::string primary_username =
684 SigninManagerFactory::GetForProfile( 750 SigninManagerFactory::GetForProfile(profile)
685 Profile::FromWebUI(web_ui()))->GetAuthenticatedUsername(); 751 ->GetAuthenticatedUsername();
686 if (!gaia::AreEmailsSame(default_email, primary_username)) 752 if (!gaia::AreEmailsSame(default_email, primary_username))
687 can_offer_for = CAN_OFFER_FOR_SECONDARY_ACCOUNT; 753 can_offer_for = CAN_OFFER_FOR_SECONDARY_ACCOUNT;
688 break; 754 break;
689 } 755 }
690 default: 756 default:
691 // No need to change |can_offer_for|. 757 // No need to change |can_offer_for|.
692 break; 758 break;
693 } 759 }
694 760
695 std::string error_msg; 761 std::string error_msg;
696 bool can_offer = CanOffer(Profile::FromWebUI(web_ui()), can_offer_for, 762 bool can_offer = CanOffer(profile, can_offer_for, params.gaia_id,
697 gaia_id, email, &error_msg); 763 params.email, &error_msg);
698 if (!can_offer) { 764 if (!can_offer) {
699 HandleLoginError(error_msg); 765 if (params.handler)
766 params.handler->HandleLoginError(error_msg);
700 return; 767 return;
701 } 768 }
702 769
703 AboutSigninInternals* about_signin_internals = 770 AboutSigninInternals* about_signin_internals =
704 AboutSigninInternalsFactory::GetForProfile(Profile::FromWebUI(web_ui())); 771 AboutSigninInternalsFactory::GetForProfile(profile);
705 about_signin_internals->OnAuthenticationResultReceived("Successful"); 772 about_signin_internals->OnAuthenticationResultReceived("Successful");
706 773
707 content::StoragePartition* partition =
708 content::BrowserContext::GetStoragePartitionForSite(
709 contents->GetBrowserContext(), signin::GetSigninPartitionURL());
710
711 SigninClient* signin_client = 774 SigninClient* signin_client =
712 ChromeSigninClientFactory::GetForProfile(Profile::FromWebUI(web_ui())); 775 ChromeSigninClientFactory::GetForProfile(profile);
713 std::string signin_scoped_device_id = 776 std::string signin_scoped_device_id =
714 signin_client->GetSigninScopedDeviceId(); 777 signin_client->GetSigninScopedDeviceId();
778 base::WeakPtr<InlineLoginHandlerImpl> handler_weak_ptr;
779 if (params.handler)
780 handler_weak_ptr = params.handler->GetWeakPtr();
781
715 // InlineSigninHelper will delete itself. 782 // InlineSigninHelper will delete itself.
716 new InlineSigninHelper(GetWeakPtr(), partition->GetURLRequestContext(), 783 new InlineSigninHelper(handler_weak_ptr,
717 Profile::FromWebUI(web_ui()), current_url, 784 params.partition->GetURLRequestContext(), profile,
718 email, gaia_id, password, session_index, 785 params.url,
719 signin_scoped_device_id, choose_what_to_sync, 786 params.email, params.gaia_id, params.password,
720 confirm_untrusted_signin_); 787 params.session_index, signin_scoped_device_id,
788 params.choose_what_to_sync,
789 params.confirm_untrusted_signin);
721 790
722 web_ui()->CallJavascriptFunction("inline.login.closeDialog"); 791 // If opened from user manager to reauthenticate, make sure the user manager
792 // is closed and that the profile is marked as unlocked.
793 size_t profile_index = signin::GetProfileIndexForPromoURL(params.url);
794 if (profile_index != std::string::npos) {
795 UserManager::Hide();
796 ProfileManager* profile_manager = g_browser_process->profile_manager();
797 if (profile_manager) {
798 ProfileInfoCache& cache = profile_manager->GetProfileInfoCache();
799 cache.SetProfileSigninRequiredAtIndex(profile_index, false);
800 }
801 }
723 } 802 }
724 803
725 void InlineLoginHandlerImpl::HandleLoginError(const std::string& error_msg) { 804 void InlineLoginHandlerImpl::HandleLoginError(const std::string& error_msg) {
726 SyncStarterCallback(OneClickSigninSyncStarter::SYNC_SETUP_FAILURE); 805 SyncStarterCallback(OneClickSigninSyncStarter::SYNC_SETUP_FAILURE);
727 806
728 Browser* browser = GetDesktopBrowser(); 807 Browser* browser = GetDesktopBrowser();
729 if (browser && !error_msg.empty()) { 808 if (browser && !error_msg.empty()) {
730 LoginUIServiceFactory::GetForProfile(Profile::FromWebUI(web_ui()))-> 809 LoginUIServiceFactory::GetForProfile(Profile::FromWebUI(web_ui()))->
731 DisplayLoginResult(browser, base::UTF8ToUTF16(error_msg)); 810 DisplayLoginResult(browser, base::UTF8ToUTF16(error_msg));
732 } 811 }
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
783 } 862 }
784 } 863 }
785 864
786 if (show_account_management) { 865 if (show_account_management) {
787 browser->window()->ShowAvatarBubbleFromAvatarButton( 866 browser->window()->ShowAvatarBubbleFromAvatarButton(
788 BrowserWindow::AVATAR_BUBBLE_MODE_ACCOUNT_MANAGEMENT, 867 BrowserWindow::AVATAR_BUBBLE_MODE_ACCOUNT_MANAGEMENT,
789 signin::ManageAccountsParams()); 868 signin::ManageAccountsParams());
790 } 869 }
791 } 870 }
792 } 871 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698