Load policy before signin completes.

chrome/browser/signin/signin_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/signin_manager.h"
 
 #include <string>
 #include <vector>
 
 #include "base/callback_helpers.h"
@@ skipping 22 matching lines @@
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_service.h"
 #include "google_apis/gaia/gaia_auth_fetcher.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "net/cookies/cookie_monster.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "third_party/icu/public/i18n/unicode/regex.h"
 
+#if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
+#include "chrome/browser/policy/user_policy_signin_service.h"
+#include "chrome/browser/policy/user_policy_signin_service_factory.h"
+#endif
+
 using namespace signin_internals_util;
 
 using content::BrowserThread;
 
 namespace {
 
 const char kGetInfoDisplayEmailKey[] = "displayEmail";
 const char kGetInfoEmailKey[] = "email";
 
 const char kGoogleAccountsUrl[] = "https://accounts.google.com";
@@ skipping 586 matching lines @@
 
 void SigninManager::OnGetUserInfoSuccess(const UserInfoMap& data) {
   NotifyDiagnosticsObservers(GET_USER_INFO_STATUS, "Successful");
 
   UserInfoMap::const_iterator email_iter = data.find(kGetInfoEmailKey);
   UserInfoMap::const_iterator display_email_iter =
       data.find(kGetInfoDisplayEmailKey);
   if (email_iter == data.end()) {
     OnGetUserInfoKeyNotFound(kGetInfoEmailKey);
     return;
-  } else if (display_email_iter == data.end()) {
+  }
+  if (display_email_iter == data.end()) {
     OnGetUserInfoKeyNotFound(kGetInfoDisplayEmailKey);
     return;
-  } else {
-    DCHECK(email_iter->first == kGetInfoEmailKey);
-    DCHECK(display_email_iter->first == kGetInfoDisplayEmailKey);
+  }
+  DCHECK(email_iter->first == kGetInfoEmailKey);
+  DCHECK(display_email_iter->first == kGetInfoDisplayEmailKey);
 
-    // When signing in with credentials, the possibly invalid name is the Gaia
-    // display name. If the name returned by GetUserInfo does not match what is
-    // expected, return an error.
-    if (type_ == SIGNIN_TYPE_WITH_CREDENTIALS &&
-        base::strcasecmp(display_email_iter->second.c_str(),
-                         possibly_invalid_username_.c_str()) != 0) {
-      OnGetUserInfoKeyNotFound(kGetInfoDisplayEmailKey);
-      return;
-    }
+  // When signing in with credentials, the possibly invalid name is the Gaia
+  // display name. If the name returned by GetUserInfo does not match what is
+  // expected, return an error.
+  if (type_ == SIGNIN_TYPE_WITH_CREDENTIALS &&
+      base::strcasecmp(display_email_iter->second.c_str(),
+                       possibly_invalid_username_.c_str()) != 0) {
+    OnGetUserInfoKeyNotFound(kGetInfoDisplayEmailKey);
+    return;
+  }
 
-    SetAuthenticatedUsername(email_iter->second);
-    possibly_invalid_username_.clear();
-    profile_->GetPrefs()->SetString(prefs::kGoogleServicesUsername,
-                                    authenticated_username_);
+  possibly_invalid_username_ = email_iter->second;
+
+#if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
+  // If we have an OAuth token, try loading policy for this user now, before
+  // any signed in services are initialized. If there's no oauth token (the
+  // user is using the old ClientLogin flow) then policy will get loaded once
+  // the TokenService finishes initializing (not ideal, but it's a reasonable
+  // fallback).
+  if (!temp_oauth_login_tokens_.refresh_token.empty()) {
+    policy::UserPolicySigninService* policy_service =
+        policy::UserPolicySigninServiceFactory::GetForProfile(profile_);
+    policy_service->RegisterPolicyClient(
+        possibly_invalid_username_,
+        temp_oauth_login_tokens_.refresh_token,
+        base::Bind(&SigninManager::OnRegisteredForPolicy,
+                   base::Unretained(this)));
+    return;
   }
+#endif
+
+  // Not waiting for policy load - just complete signin directly.
+  CompleteSigninAfterPolicyLoad();
+}
+
+#if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
+void SigninManager::OnRegisteredForPolicy(
+    scoped_ptr<policy::CloudPolicyClient> client) {
+  // If there's no token for the user (no policy) just finish signing in.
+  if (!client.get()) {
+    DVLOG(1) << "Policy registration failed";
+    CompleteSigninAfterPolicyLoad();
+    return;
+  }
+
+  DVLOG(1) << "Policy registration succeeded: dm_token=" << client->dm_token();
+  // TODO(dconnelly): Prompt user for whether they want to create a new profile
+  // or not (http://crbug.com/171236). For now, just immediately load policy.
+  policy::UserPolicySigninService* policy_service =
+      policy::UserPolicySigninServiceFactory::GetForProfile(profile_);
+  policy_service->FetchPolicyForSignedInUser(
+      client.Pass(),
+      base::Bind(&SigninManager::OnPolicyFetchComplete,
+                 base::Unretained(this)));
+}
+
+void SigninManager::OnPolicyFetchComplete(bool success) {
+  // For now, we allow signin to complete even if the policy fetch fails. If
+  // we ever want to change this behavior, we could call SignOut() here
+  // instead.
+  DLOG_IF(ERROR, !success) << "Error fetching policy for user";
+  DVLOG_IF(1, success) << "Policy fetch successful - completing signin";
+  CompleteSigninAfterPolicyLoad();
+}
+#endif
+
+void SigninManager::CompleteSigninAfterPolicyLoad() {
+  DCHECK(!possibly_invalid_username_.empty());
+  SetAuthenticatedUsername(possibly_invalid_username_);
+  possibly_invalid_username_.clear();
+  profile_->GetPrefs()->SetString(prefs::kGoogleServicesUsername,
+                                  authenticated_username_);
+
   GoogleServiceSigninSuccessDetails details(authenticated_username_,
                                             password_);
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_GOOGLE_SIGNIN_SUCCESSFUL,
       content::Source<Profile>(profile_),
       content::Details<const GoogleServiceSigninSuccessDetails>(&details));
 
   password_.clear();  // Don't need it anymore.
   DisableOneClickSignIn(profile_);  // Don't ever offer again.
 
@@ skipping 97 matching lines @@
                     NotifySigninValueChanged(field, value));
 }
 
 void SigninManager::NotifyDiagnosticsObservers(
     const TimedSigninStatusField& field,
     const std::string& value) {
   FOR_EACH_OBSERVER(SigninDiagnosticsObserver,
                     signin_diagnostics_observers_,
                     NotifySigninValueChanged(field, value));
 }