Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(615)

Side by Side Diff: chrome/browser/ui/webui/signin/inline_login_handler_impl.cc

Issue 1220843003: Perform online reauth when password is changed for a locked profile. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Address review comments Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ui/webui/signin/inline_login_handler_impl.h" 5 #include "chrome/browser/ui/webui/signin/inline_login_handler_impl.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/callback_helpers.h" 10 #include "base/callback_helpers.h"
(...skipping 18 matching lines...) Expand all
29 #include "chrome/browser/signin/signin_manager_factory.h" 29 #include "chrome/browser/signin/signin_manager_factory.h"
30 #include "chrome/browser/signin/signin_promo.h" 30 #include "chrome/browser/signin/signin_promo.h"
31 #include "chrome/browser/sync/profile_sync_service.h" 31 #include "chrome/browser/sync/profile_sync_service.h"
32 #include "chrome/browser/sync/profile_sync_service_factory.h" 32 #include "chrome/browser/sync/profile_sync_service_factory.h"
33 #include "chrome/browser/ui/browser_finder.h" 33 #include "chrome/browser/ui/browser_finder.h"
34 #include "chrome/browser/ui/browser_window.h" 34 #include "chrome/browser/ui/browser_window.h"
35 #include "chrome/browser/ui/chrome_pages.h" 35 #include "chrome/browser/ui/chrome_pages.h"
36 #include "chrome/browser/ui/tab_modal_confirm_dialog.h" 36 #include "chrome/browser/ui/tab_modal_confirm_dialog.h"
37 #include "chrome/browser/ui/tab_modal_confirm_dialog_delegate.h" 37 #include "chrome/browser/ui/tab_modal_confirm_dialog_delegate.h"
38 #include "chrome/browser/ui/tabs/tab_strip_model.h" 38 #include "chrome/browser/ui/tabs/tab_strip_model.h"
39 #include "chrome/browser/ui/user_manager.h"
39 #include "chrome/browser/ui/webui/signin/inline_login_ui.h" 40 #include "chrome/browser/ui/webui/signin/inline_login_ui.h"
40 #include "chrome/browser/ui/webui/signin/login_ui_service.h" 41 #include "chrome/browser/ui/webui/signin/login_ui_service.h"
41 #include "chrome/browser/ui/webui/signin/login_ui_service_factory.h" 42 #include "chrome/browser/ui/webui/signin/login_ui_service_factory.h"
42 #include "chrome/common/url_constants.h" 43 #include "chrome/common/url_constants.h"
43 #include "chrome/grit/chromium_strings.h" 44 #include "chrome/grit/chromium_strings.h"
44 #include "chrome/grit/generated_resources.h" 45 #include "chrome/grit/generated_resources.h"
45 #include "components/signin/core/browser/about_signin_internals.h" 46 #include "components/signin/core/browser/about_signin_internals.h"
46 #include "components/signin/core/browser/account_tracker_service.h" 47 #include "components/signin/core/browser/account_tracker_service.h"
47 #include "components/signin/core/browser/profile_oauth2_token_service.h" 48 #include "components/signin/core/browser/profile_oauth2_token_service.h"
48 #include "components/signin/core/browser/signin_error_controller.h" 49 #include "components/signin/core/browser/signin_error_controller.h"
(...skipping 439 matching lines...) Expand 10 before | Expand all | Expand 10 after
488 // This method is not called with webview sign in enabled. 489 // This method is not called with webview sign in enabled.
489 void InlineLoginHandlerImpl::DidCommitProvisionalLoadForFrame( 490 void InlineLoginHandlerImpl::DidCommitProvisionalLoadForFrame(
490 content::RenderFrameHost* render_frame_host, 491 content::RenderFrameHost* render_frame_host,
491 const GURL& url, 492 const GURL& url,
492 ui::PageTransition transition_type) { 493 ui::PageTransition transition_type) {
493 if (!web_contents()) 494 if (!web_contents())
494 return; 495 return;
495 496
496 // Returns early if this is not a gaia iframe navigation. 497 // Returns early if this is not a gaia iframe navigation.
497 const GURL kGaiaExtOrigin( 498 const GURL kGaiaExtOrigin(
498 "chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/"); 499 GaiaUrls::GetInstance()->signin_completed_continue_url().GetOrigin());
499 content::RenderFrameHost* gaia_frame = InlineLoginUI::GetAuthFrame( 500 content::RenderFrameHost* gaia_frame = InlineLoginUI::GetAuthFrame(
500 web_contents(), kGaiaExtOrigin, "signin-frame"); 501 web_contents(), kGaiaExtOrigin, "signin-frame");
501 if (render_frame_host != gaia_frame) 502 if (render_frame_host != gaia_frame)
502 return; 503 return;
503 504
504 // Loading any untrusted (e.g., HTTP) URLs in the privileged sign-in process 505 // Loading any untrusted (e.g., HTTP) URLs in the privileged sign-in process
505 // will require confirmation before the sign in takes effect. 506 // will require confirmation before the sign in takes effect.
506 if (!url.is_empty()) { 507 if (!url.is_empty()) {
507 GURL origin(url.GetOrigin()); 508 GURL origin(url.GetOrigin());
508 if (url.spec() != url::kAboutBlankURL && 509 if (url.spec() != url::kAboutBlankURL &&
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after
633 634
634 base::string16 password_string16; 635 base::string16 password_string16;
635 dict->GetString("password", &password_string16); 636 dict->GetString("password", &password_string16);
636 std::string password(base::UTF16ToASCII(password_string16)); 637 std::string password(base::UTF16ToASCII(password_string16));
637 638
638 base::string16 gaia_id_string16; 639 base::string16 gaia_id_string16;
639 dict->GetString("gaiaId", &gaia_id_string16); 640 dict->GetString("gaiaId", &gaia_id_string16);
640 DCHECK(!gaia_id_string16.empty()); 641 DCHECK(!gaia_id_string16.empty());
641 std::string gaia_id = base::UTF16ToASCII(gaia_id_string16); 642 std::string gaia_id = base::UTF16ToASCII(gaia_id_string16);
642 643
643 // When doing a SAML sign in, this email check may result in a false
644 // positive. This happens when the user types one email address in the
645 // gaia sign in page, but signs in to a different account in the SAML sign in
646 // page.
647 std::string default_email;
648 std::string validate_email;
649 if (net::GetValueForKeyInQuery(current_url, "email", &default_email) &&
650 net::GetValueForKeyInQuery(current_url, "validateEmail",
651 &validate_email) &&
652 validate_email == "1") {
653 if (!gaia::AreEmailsSame(email, default_email)) {
654 HandleLoginError(
655 l10n_util::GetStringFUTF8(IDS_SYNC_WRONG_EMAIL,
656 base::UTF8ToUTF16(default_email)));
657 return;
658 }
659 }
660
661 base::string16 session_index_string16; 644 base::string16 session_index_string16;
662 dict->GetString("sessionIndex", &session_index_string16); 645 dict->GetString("sessionIndex", &session_index_string16);
663 std::string session_index = base::UTF16ToASCII(session_index_string16); 646 std::string session_index = base::UTF16ToASCII(session_index_string16);
664 DCHECK(!session_index.empty()); 647 DCHECK(!session_index.empty());
665 648
666 bool choose_what_to_sync = false; 649 bool choose_what_to_sync = false;
667 dict->GetBoolean("chooseWhatToSync", &choose_what_to_sync); 650 dict->GetBoolean("chooseWhatToSync", &choose_what_to_sync);
668 651
669 signin_metrics::Source source = signin::GetSourceForPromoURL(current_url); 652 content::StoragePartition* partition =
653 content::BrowserContext::GetStoragePartitionForSite(
654 contents->GetBrowserContext(), signin::GetSigninPartitionURL());
655
656 // If this was called from the user manager to reauthenticate the profile,
657 // the current profile is the system profile. In this case, use the email to
658 // find the right profile to reauthenticate. Otherwise the profile can be
659 // taken from web_ui().
660 Profile* profile = Profile::FromWebUI(web_ui());
661 if (profile->GetOriginalProfile()->IsSystemProfile()) {
662 // Switch to the profile and finish the login. Don't pass a handler pointer
663 // since it will be destroyed before the callback runs.
664 ProfileManager* manager = g_browser_process->profile_manager();
665 base::FilePath path = profiles::GetPathOfProfileWithEmail(manager, email);
666 if (!path.empty()) {
667 FinishCompleteLoginParams params(NULL, partition, current_url, path,
Alexei Svitkine (slow) 2015/07/24 16:36:42 Nit: nullptr
Roger Tawa OOO till Jul 10th 2015/07/24 17:01:29 Done.
668 confirm_untrusted_signin_, email,
669 gaia_id, password, session_index,
670 choose_what_to_sync);
671 ProfileManager::CreateCallback callback = base::Bind(
672 &InlineLoginHandlerImpl::FinishCompleteLogin, params);
673 profiles::SwitchToProfile(path, chrome::GetActiveDesktop(), true,
674 callback, ProfileMetrics::SWITCH_PROFILE_UNLOCK);
675 }
676 } else {
677 FinishCompleteLogin(
678 FinishCompleteLoginParams(this, partition, current_url,
679 base::FilePath(), confirm_untrusted_signin_,
680 email, gaia_id, password, session_index,
681 choose_what_to_sync),
682 profile,
683 Profile::CREATE_STATUS_CREATED);
684 }
685
686 web_ui()->CallJavascriptFunction("inline.login.closeDialog");
687 }
688
689 InlineLoginHandlerImpl::FinishCompleteLoginParams::FinishCompleteLoginParams(
690 InlineLoginHandlerImpl* handler,
691 content::StoragePartition* partition,
692 const GURL& url,
693 const base::FilePath& profile_path,
694 bool confirm_untrusted_signin,
695 const std::string& email,
696 const std::string& gaia_id,
697 const std::string& password,
698 const std::string& session_index,
699 bool choose_what_to_sync)
700 : handler(handler),
701 partition(partition),
702 url(url),
703 profile_path(profile_path),
704 confirm_untrusted_signin(confirm_untrusted_signin),
705 email(email),
706 gaia_id(gaia_id),
707 password(password),
708 session_index(session_index),
709 choose_what_to_sync(choose_what_to_sync) {}
710
711 InlineLoginHandlerImpl::
712 FinishCompleteLoginParams::~FinishCompleteLoginParams() {}
713
714 // static
715 void InlineLoginHandlerImpl::FinishCompleteLogin(
716 const FinishCompleteLoginParams& params,
717 Profile* profile,
718 Profile::CreateStatus status) {
719 // When doing a SAML sign in, this email check may result in a false
720 // positive. This happens when the user types one email address in the
721 // gaia sign in page, but signs in to a different account in the SAML sign in
722 // page.
723 std::string default_email;
724 std::string validate_email;
725 if (net::GetValueForKeyInQuery(params.url, "email", &default_email) &&
726 net::GetValueForKeyInQuery(params.url, "validateEmail",
727 &validate_email) &&
728 validate_email == "1") {
729 if (!gaia::AreEmailsSame(params.email, default_email)) {
730 if (params.handler) {
731 params.handler->HandleLoginError(
732 l10n_util::GetStringFUTF8(IDS_SYNC_WRONG_EMAIL,
733 base::UTF8ToUTF16(default_email)));
734 }
735 return;
736 }
737 }
738
739 signin_metrics::Source source = signin::GetSourceForPromoURL(params.url);
670 LogHistogramValue(signin_metrics::HISTOGRAM_ACCEPTED); 740 LogHistogramValue(signin_metrics::HISTOGRAM_ACCEPTED);
671 bool switch_to_advanced = 741 bool switch_to_advanced =
672 choose_what_to_sync && (source != signin_metrics::SOURCE_SETTINGS); 742 params.choose_what_to_sync && (source != signin_metrics::SOURCE_SETTINGS);
673 LogHistogramValue( 743 LogHistogramValue(
674 switch_to_advanced ? signin_metrics::HISTOGRAM_WITH_ADVANCED : 744 switch_to_advanced ? signin_metrics::HISTOGRAM_WITH_ADVANCED :
675 signin_metrics::HISTOGRAM_WITH_DEFAULTS); 745 signin_metrics::HISTOGRAM_WITH_DEFAULTS);
676 746
677 CanOfferFor can_offer_for = CAN_OFFER_FOR_ALL; 747 CanOfferFor can_offer_for = CAN_OFFER_FOR_ALL;
678 switch (source) { 748 switch (source) {
679 case signin_metrics::SOURCE_AVATAR_BUBBLE_ADD_ACCOUNT: 749 case signin_metrics::SOURCE_AVATAR_BUBBLE_ADD_ACCOUNT:
680 can_offer_for = CAN_OFFER_FOR_SECONDARY_ACCOUNT; 750 can_offer_for = CAN_OFFER_FOR_SECONDARY_ACCOUNT;
681 break; 751 break;
682 case signin_metrics::SOURCE_REAUTH: { 752 case signin_metrics::SOURCE_REAUTH: {
683 std::string primary_username = 753 std::string primary_username =
684 SigninManagerFactory::GetForProfile( 754 SigninManagerFactory::GetForProfile(profile)
685 Profile::FromWebUI(web_ui()))->GetAuthenticatedUsername(); 755 ->GetAuthenticatedUsername();
686 if (!gaia::AreEmailsSame(default_email, primary_username)) 756 if (!gaia::AreEmailsSame(default_email, primary_username))
687 can_offer_for = CAN_OFFER_FOR_SECONDARY_ACCOUNT; 757 can_offer_for = CAN_OFFER_FOR_SECONDARY_ACCOUNT;
688 break; 758 break;
689 } 759 }
690 default: 760 default:
691 // No need to change |can_offer_for|. 761 // No need to change |can_offer_for|.
692 break; 762 break;
693 } 763 }
694 764
695 std::string error_msg; 765 std::string error_msg;
696 bool can_offer = CanOffer(Profile::FromWebUI(web_ui()), can_offer_for, 766 bool can_offer = CanOffer(profile, can_offer_for, params.gaia_id,
697 gaia_id, email, &error_msg); 767 params.email, &error_msg);
Alexei Svitkine (slow) 2015/07/24 16:36:42 Nit: Align.
Roger Tawa OOO till Jul 10th 2015/07/24 17:01:29 Done.
698 if (!can_offer) { 768 if (!can_offer) {
699 HandleLoginError(error_msg); 769 if (params.handler)
770 params.handler->HandleLoginError(error_msg);
700 return; 771 return;
701 } 772 }
702 773
703 AboutSigninInternals* about_signin_internals = 774 AboutSigninInternals* about_signin_internals =
704 AboutSigninInternalsFactory::GetForProfile(Profile::FromWebUI(web_ui())); 775 AboutSigninInternalsFactory::GetForProfile(profile);
705 about_signin_internals->OnAuthenticationResultReceived("Successful"); 776 about_signin_internals->OnAuthenticationResultReceived("Successful");
706 777
707 content::StoragePartition* partition =
708 content::BrowserContext::GetStoragePartitionForSite(
709 contents->GetBrowserContext(), signin::GetSigninPartitionURL());
710
711 SigninClient* signin_client = 778 SigninClient* signin_client =
712 ChromeSigninClientFactory::GetForProfile(Profile::FromWebUI(web_ui())); 779 ChromeSigninClientFactory::GetForProfile(profile);
713 std::string signin_scoped_device_id = 780 std::string signin_scoped_device_id =
714 signin_client->GetSigninScopedDeviceId(); 781 signin_client->GetSigninScopedDeviceId();
782 base::WeakPtr<InlineLoginHandlerImpl> handler_weak_ptr;
783 if (params.handler)
784 handler_weak_ptr = params.handler->GetWeakPtr();
785
715 // InlineSigninHelper will delete itself. 786 // InlineSigninHelper will delete itself.
716 new InlineSigninHelper(GetWeakPtr(), partition->GetURLRequestContext(), 787 new InlineSigninHelper(handler_weak_ptr,
717 Profile::FromWebUI(web_ui()), current_url, 788 params.partition->GetURLRequestContext(), profile,
718 email, gaia_id, password, session_index, 789 params.url,
719 signin_scoped_device_id, choose_what_to_sync, 790 params.email, params.gaia_id, params.password,
720 confirm_untrusted_signin_); 791 params.session_index, signin_scoped_device_id,
792 params.choose_what_to_sync,
793 params.confirm_untrusted_signin);
721 794
722 web_ui()->CallJavascriptFunction("inline.login.closeDialog"); 795 // If opened from user manager to reauthenticate, make sure the user manager
796 // is closed and that the profile is marked as unlocked.
797 if (!params.profile_path.empty()) {
798 UserManager::Hide();
799 ProfileManager* profile_manager = g_browser_process->profile_manager();
800 if (profile_manager) {
801 ProfileAttributesEntry* entry;
802 if (profile_manager->GetProfileInfoCache()
803 .GetProfileAttributesWithPath(params.profile_path, &entry)) {
804 entry->SetIsSigninRequired(false);
805 }
806 }
807 }
723 } 808 }
724 809
725 void InlineLoginHandlerImpl::HandleLoginError(const std::string& error_msg) { 810 void InlineLoginHandlerImpl::HandleLoginError(const std::string& error_msg) {
726 SyncStarterCallback(OneClickSigninSyncStarter::SYNC_SETUP_FAILURE); 811 SyncStarterCallback(OneClickSigninSyncStarter::SYNC_SETUP_FAILURE);
727 812
728 Browser* browser = GetDesktopBrowser(); 813 Browser* browser = GetDesktopBrowser();
729 if (browser && !error_msg.empty()) { 814 if (browser && !error_msg.empty()) {
730 LoginUIServiceFactory::GetForProfile(Profile::FromWebUI(web_ui()))-> 815 LoginUIServiceFactory::GetForProfile(Profile::FromWebUI(web_ui()))->
731 DisplayLoginResult(browser, base::UTF8ToUTF16(error_msg)); 816 DisplayLoginResult(browser, base::UTF8ToUTF16(error_msg));
732 } 817 }
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
783 } 868 }
784 } 869 }
785 870
786 if (show_account_management) { 871 if (show_account_management) {
787 browser->window()->ShowAvatarBubbleFromAvatarButton( 872 browser->window()->ShowAvatarBubbleFromAvatarButton(
788 BrowserWindow::AVATAR_BUBBLE_MODE_ACCOUNT_MANAGEMENT, 873 BrowserWindow::AVATAR_BUBBLE_MODE_ACCOUNT_MANAGEMENT,
789 signin::ManageAccountsParams()); 874 signin::ManageAccountsParams());
790 } 875 }
791 } 876 }
792 } 877 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698