Perform online reauth when password is changed for a locked profile.

chrome/browser/ui/webui/signin/inline_login_handler_impl.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/signin/inline_login_handler_impl.h"
 
 #include <string>
 
 #include "base/bind.h"
 #include "base/callback_helpers.h"
@@ skipping 18 matching lines @@
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/signin/signin_promo.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/profile_sync_service_factory.h"
 #include "chrome/browser/ui/browser_finder.h"
 #include "chrome/browser/ui/browser_window.h"
 #include "chrome/browser/ui/chrome_pages.h"
 #include "chrome/browser/ui/tab_modal_confirm_dialog.h"
 #include "chrome/browser/ui/tab_modal_confirm_dialog_delegate.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
+#include "chrome/browser/ui/user_manager.h"
 #include "chrome/browser/ui/webui/signin/inline_login_ui.h"
 #include "chrome/browser/ui/webui/signin/login_ui_service.h"
 #include "chrome/browser/ui/webui/signin/login_ui_service_factory.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/grit/chromium_strings.h"
 #include "chrome/grit/generated_resources.h"
 #include "components/signin/core/browser/about_signin_internals.h"
 #include "components/signin/core/browser/account_tracker_service.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_error_controller.h"
@@ skipping 439 matching lines @@
 // This method is not called with webview sign in enabled.
 void InlineLoginHandlerImpl::DidCommitProvisionalLoadForFrame(
     content::RenderFrameHost* render_frame_host,
     const GURL& url,
     ui::PageTransition transition_type) {
   if (!web_contents())
     return;
 
   // Returns early if this is not a gaia iframe navigation.
   const GURL kGaiaExtOrigin(
-      "chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/");
+      GaiaUrls::GetInstance()->signin_completed_continue_url().GetOrigin());
   content::RenderFrameHost* gaia_frame = InlineLoginUI::GetAuthFrame(
       web_contents(), kGaiaExtOrigin, "signin-frame");
   if (render_frame_host != gaia_frame)
     return;
 
   // Loading any untrusted (e.g., HTTP) URLs in the privileged sign-in process
   // will require confirmation before the sign in takes effect.
   if (!url.is_empty()) {
     GURL origin(url.GetOrigin());
     if (url.spec() != url::kAboutBlankURL &&
@@ skipping 124 matching lines @@
 
   base::string16 password_string16;
   dict->GetString("password", &password_string16);
   std::string password(base::UTF16ToASCII(password_string16));
 
   base::string16 gaia_id_string16;
   dict->GetString("gaiaId", &gaia_id_string16);
   DCHECK(!gaia_id_string16.empty());
   std::string gaia_id = base::UTF16ToASCII(gaia_id_string16);
 
-  // When doing a SAML sign in, this email check may result in a false
-  // positive.  This happens when the user types one email address in the
-  // gaia sign in page, but signs in to a different account in the SAML sign in
-  // page.
-  std::string default_email;
-  std::string validate_email;
-  if (net::GetValueForKeyInQuery(current_url, "email", &default_email) &&
-      net::GetValueForKeyInQuery(current_url, "validateEmail",
-                                 &validate_email) &&
-      validate_email == "1") {
-    if (!gaia::AreEmailsSame(email, default_email)) {
-      HandleLoginError(
-          l10n_util::GetStringFUTF8(IDS_SYNC_WRONG_EMAIL,
-                                    base::UTF8ToUTF16(default_email)));
-      return;
-    }
-  }
-
   base::string16 session_index_string16;
   dict->GetString("sessionIndex", &session_index_string16);
   std::string session_index = base::UTF16ToASCII(session_index_string16);
   DCHECK(!session_index.empty());
 
   bool choose_what_to_sync = false;
   dict->GetBoolean("chooseWhatToSync", &choose_what_to_sync);
 
-  signin_metrics::Source source = signin::GetSourceForPromoURL(current_url);
+  content::StoragePartition* partition =
+      content::BrowserContext::GetStoragePartitionForSite(
+          contents->GetBrowserContext(), signin::GetSigninPartitionURL());
+
+  // If this was called from the user manager to reauthenticate the profile,
+  // the current profile is the system profile.  In this case, use the email to
+  // find the right profile to reauthenticate.  Otherwise the profile can be
+  // taken from web_ui().
+  Profile* profile = Profile::FromWebUI(web_ui());
+  if (profile->GetOriginalProfile()->IsSystemProfile()) {
+    // Switch to the profile and finish the login.  Don't pass a handler pointer
+    // since it will be destroyed before the callback runs.
+    ProfileManager* manager = g_browser_process->profile_manager();
+    base::FilePath path = profiles::GetPathOfProfileWithEmail(manager, email);
+    if (!path.empty()) {
+      FinishCompleteLoginParams params(nullptr, partition, current_url, path,
+                                       confirm_untrusted_signin_, email,
+                                       gaia_id, password, session_index,
+                                       choose_what_to_sync);
+      ProfileManager::CreateCallback callback = base::Bind(
+          &InlineLoginHandlerImpl::FinishCompleteLogin, params);
+      profiles::SwitchToProfile(path, chrome::GetActiveDesktop(), true,
+          callback, ProfileMetrics::SWITCH_PROFILE_UNLOCK);
+    }
+  } else {
+    FinishCompleteLogin(
+        FinishCompleteLoginParams(this, partition, current_url,
+                                  base::FilePath(), confirm_untrusted_signin_,
+                                  email, gaia_id, password, session_index,
+                                  choose_what_to_sync),
+        profile,
+        Profile::CREATE_STATUS_CREATED);
+  }
+
+  web_ui()->CallJavascriptFunction("inline.login.closeDialog");
+}
+
+InlineLoginHandlerImpl::FinishCompleteLoginParams::FinishCompleteLoginParams(
+    InlineLoginHandlerImpl* handler,
+    content::StoragePartition* partition,
+    const GURL& url,
+    const base::FilePath& profile_path,
+    bool confirm_untrusted_signin,
+    const std::string& email,
+    const std::string& gaia_id,
+    const std::string& password,
+    const std::string& session_index,
+    bool choose_what_to_sync)
+    : handler(handler),
+      partition(partition),
+      url(url),
+      profile_path(profile_path),
+      confirm_untrusted_signin(confirm_untrusted_signin),
+      email(email),
+      gaia_id(gaia_id),
+      password(password),
+      session_index(session_index),
+      choose_what_to_sync(choose_what_to_sync) {}
+
+InlineLoginHandlerImpl::
+    FinishCompleteLoginParams::~FinishCompleteLoginParams() {}
+
+// static
+void InlineLoginHandlerImpl::FinishCompleteLogin(
+    const FinishCompleteLoginParams& params,
+    Profile* profile,
+    Profile::CreateStatus status) {
+  // When doing a SAML sign in, this email check may result in a false
+  // positive.  This happens when the user types one email address in the
+  // gaia sign in page, but signs in to a different account in the SAML sign in
+  // page.
+  std::string default_email;
+  std::string validate_email;
+  if (net::GetValueForKeyInQuery(params.url, "email", &default_email) &&
+      net::GetValueForKeyInQuery(params.url, "validateEmail",
+                                 &validate_email) &&
+      validate_email == "1") {
+    if (!gaia::AreEmailsSame(params.email, default_email)) {
+      if (params.handler) {
+        params.handler->HandleLoginError(
+            l10n_util::GetStringFUTF8(IDS_SYNC_WRONG_EMAIL,
+                                      base::UTF8ToUTF16(default_email)));
+      }
+      return;
+    }
+  }
+
+  signin_metrics::Source source = signin::GetSourceForPromoURL(params.url);
   LogHistogramValue(signin_metrics::HISTOGRAM_ACCEPTED);
   bool switch_to_advanced =
-      choose_what_to_sync && (source != signin_metrics::SOURCE_SETTINGS);
+      params.choose_what_to_sync && (source != signin_metrics::SOURCE_SETTINGS);
   LogHistogramValue(
       switch_to_advanced ? signin_metrics::HISTOGRAM_WITH_ADVANCED :
                            signin_metrics::HISTOGRAM_WITH_DEFAULTS);
 
   CanOfferFor can_offer_for = CAN_OFFER_FOR_ALL;
   switch (source) {
     case signin_metrics::SOURCE_AVATAR_BUBBLE_ADD_ACCOUNT:
       can_offer_for = CAN_OFFER_FOR_SECONDARY_ACCOUNT;
       break;
     case signin_metrics::SOURCE_REAUTH: {
       std::string primary_username =
-          SigninManagerFactory::GetForProfile(
-              Profile::FromWebUI(web_ui()))->GetAuthenticatedUsername();
+          SigninManagerFactory::GetForProfile(profile)
+          ->GetAuthenticatedUsername();
       if (!gaia::AreEmailsSame(default_email, primary_username))
         can_offer_for = CAN_OFFER_FOR_SECONDARY_ACCOUNT;
       break;
     }
     default:
       // No need to change |can_offer_for|.
       break;
   }
 
   std::string error_msg;
-  bool can_offer = CanOffer(Profile::FromWebUI(web_ui()), can_offer_for,
-      gaia_id, email, &error_msg);
+  bool can_offer = CanOffer(profile, can_offer_for, params.gaia_id,
+                            params.email, &error_msg);
   if (!can_offer) {
-    HandleLoginError(error_msg);
+    if (params.handler)
+      params.handler->HandleLoginError(error_msg);
     return;
   }
 
   AboutSigninInternals* about_signin_internals =
-      AboutSigninInternalsFactory::GetForProfile(Profile::FromWebUI(web_ui()));
+      AboutSigninInternalsFactory::GetForProfile(profile);
   about_signin_internals->OnAuthenticationResultReceived("Successful");
 
-  content::StoragePartition* partition =
-      content::BrowserContext::GetStoragePartitionForSite(
-          contents->GetBrowserContext(), signin::GetSigninPartitionURL());
-
   SigninClient* signin_client =
-      ChromeSigninClientFactory::GetForProfile(Profile::FromWebUI(web_ui()));
+      ChromeSigninClientFactory::GetForProfile(profile);
   std::string signin_scoped_device_id =
       signin_client->GetSigninScopedDeviceId();
+  base::WeakPtr<InlineLoginHandlerImpl> handler_weak_ptr;
+  if (params.handler)
+    handler_weak_ptr = params.handler->GetWeakPtr();
+
   // InlineSigninHelper will delete itself.
-  new InlineSigninHelper(GetWeakPtr(), partition->GetURLRequestContext(),
-                         Profile::FromWebUI(web_ui()), current_url,
-                         email, gaia_id, password, session_index,
-                         signin_scoped_device_id, choose_what_to_sync,
-                         confirm_untrusted_signin_);
+  new InlineSigninHelper(handler_weak_ptr,
+                         params.partition->GetURLRequestContext(), profile,
+                         params.url,
+                         params.email, params.gaia_id, params.password,
+                         params.session_index, signin_scoped_device_id,
+                         params.choose_what_to_sync,
+                         params.confirm_untrusted_signin);
 
-  web_ui()->CallJavascriptFunction("inline.login.closeDialog");
+  // If opened from user manager to reauthenticate, make sure the user manager
+  // is closed and that the profile is marked as unlocked.
+  if (!params.profile_path.empty()) {
+    UserManager::Hide();
+    ProfileManager* profile_manager = g_browser_process->profile_manager();
+    if (profile_manager) {
+      ProfileAttributesEntry* entry;
+      if (profile_manager->GetProfileInfoCache()
+            .GetProfileAttributesWithPath(params.profile_path, &entry)) {
+        entry->SetIsSigninRequired(false);
+      }
+    }
+  }
 }
 
 void InlineLoginHandlerImpl::HandleLoginError(const std::string& error_msg) {
   SyncStarterCallback(OneClickSigninSyncStarter::SYNC_SETUP_FAILURE);
 
   Browser* browser = GetDesktopBrowser();
   if (browser && !error_msg.empty()) {
     LoginUIServiceFactory::GetForProfile(Profile::FromWebUI(web_ui()))->
         DisplayLoginResult(browser, base::UTF8ToUTF16(error_msg));
   }
@@ skipping 50 matching lines @@
       }
     }
 
     if (show_account_management) {
       browser->window()->ShowAvatarBubbleFromAvatarButton(
             BrowserWindow::AVATAR_BUBBLE_MODE_ACCOUNT_MANAGEMENT,
             signin::ManageAccountsParams());
     }
   }
 }