Load policy before signin completes.

chrome/browser/signin/signin_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/signin_manager.h"
 
 #include <string>
 #include <vector>
 
 #include "base/callback_helpers.h"
 #include "base/command_line.h"
 #include "base/memory/ref_counted.h"
 #include "base/string_split.h"
 #include "base/string_util.h"
 #include "base/time.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/content_settings/cookie_settings.h"
+#include "chrome/browser/policy/user_policy_signin_service.h"
+#include "chrome/browser/policy/user_policy_signin_service_factory.h"

[Joao da Silva, 2013/02/07 23:01:25]

#ifdef ENABLE_CONFIGURATION_POLICY

[Andrew T Wilson (Slow), 2013/02/08 10:48:07]

Done.

 #include "chrome/browser/prefs/pref_service.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/about_signin_internals.h"
 #include "chrome/browser/signin/about_signin_internals_factory.h"
 #include "chrome/browser/signin/signin_global_error.h"
 #include "chrome/browser/signin/signin_internals_util.h"
 #include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/signin/token_service_factory.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/ui/global_error/global_error_service.h"
@@ skipping 610 matching lines @@
 
 void SigninManager::OnGetUserInfoSuccess(const UserInfoMap& data) {
   NotifyDiagnosticsObservers(GET_USER_INFO_STATUS, "Successful");
 
   UserInfoMap::const_iterator email_iter = data.find(kGetInfoEmailKey);
   UserInfoMap::const_iterator display_email_iter =
       data.find(kGetInfoDisplayEmailKey);
   if (email_iter == data.end()) {
     OnGetUserInfoKeyNotFound(kGetInfoEmailKey);
     return;
-  } else if (display_email_iter == data.end()) {
+  }
+  if (display_email_iter == data.end()) {
     OnGetUserInfoKeyNotFound(kGetInfoDisplayEmailKey);
     return;
-  } else {
-    DCHECK(email_iter->first == kGetInfoEmailKey);
-    DCHECK(display_email_iter->first == kGetInfoDisplayEmailKey);
+  }
+  DCHECK(email_iter->first == kGetInfoEmailKey);
+  DCHECK(display_email_iter->first == kGetInfoDisplayEmailKey);
 
-    // When signing in with credentials, the possibly invalid name is the Gaia
-    // display name. If the name returned by GetUserInfo does not match what is
-    // expected, return an error.
-    if (type_ == SIGNIN_TYPE_WITH_CREDENTIALS &&
-        base::strcasecmp(display_email_iter->second.c_str(),
-                         possibly_invalid_username_.c_str()) != 0) {
-      OnGetUserInfoKeyNotFound(kGetInfoDisplayEmailKey);
-      return;
-    }
+  // When signing in with credentials, the possibly invalid name is the Gaia
+  // display name. If the name returned by GetUserInfo does not match what is
+  // expected, return an error.
+  if (type_ == SIGNIN_TYPE_WITH_CREDENTIALS &&
+      base::strcasecmp(display_email_iter->second.c_str(),
+                       possibly_invalid_username_.c_str()) != 0) {
+    OnGetUserInfoKeyNotFound(kGetInfoDisplayEmailKey);
+    return;
+  }
 
-    SetAuthenticatedUsername(email_iter->second);
-    possibly_invalid_username_.clear();
-    profile_->GetPrefs()->SetString(prefs::kGoogleServicesUsername,
-                                    authenticated_username_);
+  possibly_invalid_username_ = email_iter->second;
+
+#if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
+  // If we have an OAuth token, try loading policy for this user now, before
+  // any signed in services are initialized. If there's no oauth token (the
+  // user is using the old ClientLogin flow) then policy will get loaded once
+  // the TokenService finishes initializing (not ideal, but it's a reasonable
+  // fallback).
+  if (!temp_oauth_login_tokens_.refresh_token.empty()) {
+    policy::UserPolicySigninService* policy_service =
+        policy::UserPolicySigninServiceFactory::GetForProfile(profile_);
+    policy_service->RegisterPolicyClient(
+        possibly_invalid_username_,
+        temp_oauth_login_tokens_.refresh_token,
+        base::Bind(&SigninManager::OnRegisteredForPolicy,
+                   base::Unretained(this)));
+    return;
   }
+#endif
+
+  // Not waiting for policy load - just complete signin directly.
+  CompleteSigninAfterPolicyLoad();
+}
+
+#if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
+void SigninManager::OnRegisteredForPolicy(

[Joao da Silva, 2013/02/07 23:01:25]

Does this have to exist? policy_service->RegisterPolicyClient() could also start
the fetch, if the registration succeeded; otherwise it immediately calls back to
CompleteSigninAfterPolicyLoad().

[Andrew T Wilson (Slow), 2013/02/08 10:48:07]

Yeah, per our previous conversation we want to put the logic and UI for creating
a profile out here.

+    scoped_ptr<policy::CloudPolicyClient> client) {
+  // If there's no token for the user (no policy) just finish signing in.
+  if (!client.get()) {
+    DVLOG(1) << "Policy registration failed";
+    CompleteSigninAfterPolicyLoad();
+    return;
+  }
+
+  DVLOG(1) << "Policy registration succeeded: dm_token=" << client->dm_token();
+  // TODO(dconnelly): Prompt user for whether they want to create a new profile
+  // or not (http://crbug.com/171236). For now, just immediately load policy.
+  policy::UserPolicySigninService* policy_service =
+      policy::UserPolicySigninServiceFactory::GetForProfile(profile_);
+  policy_service->FetchPolicyForSignedInUser(
+      client.Pass(),
+      base::Bind(&SigninManager::OnPolicyFetchComplete,
+                 base::Unretained(this)));
+

[Joao da Silva, 2013/02/07 23:01:25]

remove extra newline

[Andrew T Wilson (Slow), 2013/02/08 10:48:07]

Done.

+}
+
+void SigninManager::OnPolicyFetchComplete(bool success) {
+  // For now, we allow signin to complete even if the policy fetch fails. If
+  // we ever want to change this behavior, we could call SignOut() here
+  // instead.
+  DLOG_IF(ERROR, !success) << "Error fetching policy for user";
+  DVLOG_IF(1, success) << "Policy fetch successful - completing signin";
+  CompleteSigninAfterPolicyLoad();
+}
+#endif
+
+void SigninManager::CompleteSigninAfterPolicyLoad() {
+  DCHECK(!possibly_invalid_username_.empty());
+  SetAuthenticatedUsername(possibly_invalid_username_);
+  possibly_invalid_username_.clear();
+  profile_->GetPrefs()->SetString(prefs::kGoogleServicesUsername,
+                                  authenticated_username_);
+
   GoogleServiceSigninSuccessDetails details(authenticated_username_,
                                             password_);
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_GOOGLE_SIGNIN_SUCCESSFUL,
       content::Source<Profile>(profile_),
       content::Details<const GoogleServiceSigninSuccessDetails>(&details));
 
   password_.clear();  // Don't need it anymore.
   DisableOneClickSignIn(profile_);  // Don't ever offer again.
 
@@ skipping 85 matching lines @@
                     NotifySigninValueChanged(field, value));
 }
 
 void SigninManager::NotifyDiagnosticsObservers(
     const TimedSigninStatusField& field,
     const std::string& value) {
   FOR_EACH_OBSERVER(SigninDiagnosticsObserver,
                     signin_diagnostics_observers_,
                     NotifySigninValueChanged(field, value));
 }