Chromium Code Reviews Chromium Code Reviews
Issue 12502017:
signin: pull basic SigninManager functionality into new SigninManagerBase class. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/browser/signin/signin_manager.cc |
| diff --git a/chrome/browser/signin/signin_manager.cc b/chrome/browser/signin/signin_manager.cc |
| index 18a41dfd68bc512be87a0316bceef751cc661da5..83a88cf0ea19ceb745e6004026a1561731789065 100644 |
| --- a/chrome/browser/signin/signin_manager.cc |
| +++ b/chrome/browser/signin/signin_manager.cc |
| @@ -47,7 +47,7 @@ |
| #include "net/url_request/url_request_context.h" |
| #include "third_party/icu/public/i18n/unicode/regex.h" |
| -#if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS) |
| +#if defined(ENABLE_CONFIGURATION_POLICY) |
| #include "chrome/browser/policy/cloud/user_policy_signin_service.h" |
| #include "chrome/browser/policy/cloud/user_policy_signin_service_factory.h" |
| #endif |
| @@ -61,8 +61,6 @@ namespace { |
| const char kGetInfoDisplayEmailKey[] = "displayEmail"; |
| const char kGetInfoEmailKey[] = "email"; |
| -const char kGoogleAccountsUrl[] = "https://accounts.google.com"; |
| - |
| const int kInvalidProcessId = -1; |
| const char kChromiumSyncService[] = "service=chromiumsync"; |
| @@ -94,56 +92,8 @@ bool SigninManager::IsWebBasedSigninFlowURL(const GURL& url) { |
| .find(kChromiumSyncService) != std::string::npos; |
| } |
| -// static |
| -bool SigninManager::AreSigninCookiesAllowed(Profile* profile) { |
| - CookieSettings* cookie_settings = |
| - CookieSettings::Factory::GetForProfile(profile); |
| - return AreSigninCookiesAllowed(cookie_settings); |
| -} |
| - |
| -// static |
| -bool SigninManager::AreSigninCookiesAllowed(CookieSettings* cookie_settings) { |
| - return cookie_settings && |
| - cookie_settings->IsSettingCookieAllowed(GURL(kGoogleAccountsUrl), |
| - GURL(kGoogleAccountsUrl)); |
| -} |
| - |
| -// static |
| -bool SigninManager::IsAllowedUsername(const std::string& username, |
| - const std::string& policy) { |
| - if (policy.empty()) |
| - return true; |
| - |
| - // Patterns like "*@foo.com" are not accepted by our regex engine (since they |
| - // are not valid regular expressions - they should instead be ".*@foo.com"). |
| - // For convenience, detect these patterns and insert a "." character at the |
| - // front. |
| - string16 pattern = UTF8ToUTF16(policy); |
| - if (pattern[0] == L'*') |
| - pattern.insert(pattern.begin(), L'.'); |
| - |
| - // See if the username matches the policy-provided pattern. |
| - UErrorCode status = U_ZERO_ERROR; |
| - const icu::UnicodeString icu_pattern(pattern.data(), pattern.length()); |
| - icu::RegexMatcher matcher(icu_pattern, UREGEX_CASE_INSENSITIVE, status); |
| - if (!U_SUCCESS(status)) { |
| - LOG(ERROR) << "Invalid login regex: " << pattern << ", status: " << status; |
| - // If an invalid pattern is provided, then prohibit *all* logins (better to |
| - // break signin than to quietly allow users to sign in). |
| - return false; |
| - } |
| - string16 username16 = UTF8ToUTF16(username); |
| - icu::UnicodeString icu_input(username16.data(), username16.length()); |
| - matcher.reset(icu_input); |
| - status = U_ZERO_ERROR; |
| - UBool match = matcher.matches(status); |
| - DCHECK(U_SUCCESS(status)); |
| - return !!match; // !! == convert from UBool to bool. |
| -} |
| - |
| SigninManager::SigninManager() |
| - : profile_(NULL), |
| - prohibit_signout_(false), |
| + : prohibit_signout_(false), |
| had_two_factor_error_(false), |
| type_(SIGNIN_TYPE_NONE), |
| weak_pointer_factory_(this), |
| @@ -172,89 +122,16 @@ bool SigninManager::HasSigninProcess() const { |
| return signin_process_id_ != kInvalidProcessId; |
| } |
| -SigninManager::~SigninManager() { |
| - DCHECK(!signin_global_error_.get()) << |
| - "SigninManager::Initialize called but not SigninManager::Shutdown"; |
| -} |
| - |
| -void SigninManager::Initialize(Profile* profile) { |
| - // Should never call Initialize() twice. |
| - DCHECK(!IsInitialized()); |
| - profile_ = profile; |
| - signin_global_error_.reset(new SigninGlobalError(this, profile)); |
| - GlobalErrorServiceFactory::GetForProfile(profile_)->AddGlobalError( |
| - signin_global_error_.get()); |
| - PrefService* local_state = g_browser_process->local_state(); |
| - // local_state can be null during unit tests. |
| - if (local_state) { |
| - local_state_pref_registrar_.Init(local_state); |
| - local_state_pref_registrar_.Add( |
| - prefs::kGoogleServicesUsernamePattern, |
| - base::Bind(&SigninManager::OnGoogleServicesUsernamePatternChanged, |
| - weak_pointer_factory_.GetWeakPtr())); |
| - } |
| - signin_allowed_.Init(prefs::kSigninAllowed, profile_->GetPrefs(), |
| - base::Bind(&SigninManager::OnSigninAllowedPrefChanged, |
| - base::Unretained(this))); |
| - |
| - // If the user is clearing the token service from the command line, then |
| - // clear their login info also (not valid to be logged in without any |
| - // tokens). |
| - CommandLine* cmd_line = CommandLine::ForCurrentProcess(); |
| - if (cmd_line->HasSwitch(switches::kClearTokenService)) |
| - profile->GetPrefs()->ClearPref(prefs::kGoogleServicesUsername); |
| - |
| - std::string user = profile_->GetPrefs()->GetString( |
| - prefs::kGoogleServicesUsername); |
| - if (!user.empty()) |
| - SetAuthenticatedUsername(user); |
| - // TokenService can be null for unit tests. |
| - TokenService* token_service = TokenServiceFactory::GetForProfile(profile_); |
| - if (token_service) { |
| - token_service->Initialize(GaiaConstants::kChromeSource, profile_); |
| - // ChromeOS will kick off TokenService::LoadTokensFromDB from |
| - // OAuthLoginManager once the rest of the Profile is fully initialized. |
| - // Starting it from here would cause OAuthLoginManager mismatch the origin |
| - // of OAuth2 tokens. |
| -#if !defined(OS_CHROMEOS) |
| - if (!authenticated_username_.empty()) { |
| - token_service->LoadTokensFromDB(); |
| - } |
| -#endif |
| - } |
| - if ((!user.empty() && !IsAllowedUsername(user)) || !IsSigninAllowed()) { |
| - // User is signed in, but the username is invalid - the administrator must |
| - // have changed the policy since the last signin, so sign out the user. |
| - SignOut(); |
| - } |
| -} |
| - |
| -bool SigninManager::IsInitialized() const { |
| - return profile_ != NULL; |
| -} |
| - |
| -bool SigninManager::IsAllowedUsername(const std::string& username) const { |
| - PrefService* local_state = g_browser_process->local_state(); |
| - if (!local_state) |
| - return true; // In a unit test with no local state - all names are allowed. |
| - |
| - std::string pattern = local_state->GetString( |
| - prefs::kGoogleServicesUsernamePattern); |
| - return IsAllowedUsername(username, pattern); |
| -} |
| - |
| -bool SigninManager::IsSigninAllowed() const { |
| - return signin_allowed_.GetValue(); |
| -} |
| +SigninManager::~SigninManager() { } |
|
Roger Tawa OOO till Jul 10th
2013/03/27 17:36:33
should } be on next line?
tim (not reviewing)
2013/03/29 18:03:16
Done.
|
| -// static |
| -bool SigninManager::IsSigninAllowedOnIOThread(ProfileIOData* io_data) { |
| - DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| - return io_data->signin_allowed()->GetValue(); |
| +void SigninManager::InitTokenService() { |
| + SigninManagerBase::InitTokenService(); |
| + TokenService* token_service = TokenServiceFactory::GetForProfile(profile_); |
| + if (token_service && !GetAuthenticatedUsername().empty()) |
| + token_service->LoadTokensFromDB(); |
| } |
| void SigninManager::CleanupNotificationRegistration() { |
| -#if !defined(OS_CHROMEOS) |
| content::Source<TokenService> token_service( |
| TokenServiceFactory::GetForProfile(profile_)); |
| if (registrar_.IsRegistered(this, |
| @@ -264,31 +141,6 @@ void SigninManager::CleanupNotificationRegistration() { |
| chrome::NOTIFICATION_TOKEN_AVAILABLE, |
| token_service); |
| } |
| -#endif |
| -} |
| - |
| -const std::string& SigninManager::GetAuthenticatedUsername() const { |
| - return authenticated_username_; |
| -} |
| - |
| -void SigninManager::SetAuthenticatedUsername(const std::string& username) { |
| - if (!authenticated_username_.empty()) { |
| - DLOG_IF(ERROR, username != authenticated_username_) << |
| - "Tried to change the authenticated username to something different: " << |
| - "Current: " << authenticated_username_ << ", New: " << username; |
| - return; |
| - } |
| - authenticated_username_ = username; |
| - // TODO(tim): We could go further in ensuring kGoogleServicesUsername and |
| - // authenticated_username_ are consistent once established (e.g. remove |
| - // authenticated_username_ altogether). Bug 107160. |
| - |
| - NotifyDiagnosticsObservers(USERNAME, username); |
| - |
| - // Go ahead and update the last signed in username here as well. Once a |
| - // user is signed in the two preferences should match. Doing it here as |
| - // opposed to on signin allows us to catch the upgrade scenario. |
| - profile_->GetPrefs()->SetString(prefs::kGoogleServicesLastUsername, username); |
| } |
| std::string SigninManager::SigninTypeToString( |
| @@ -308,7 +160,6 @@ std::string SigninManager::SigninTypeToString( |
| return ""; |
| } |
| - |
| bool SigninManager::PrepareForSignin(SigninType type, |
| const std::string& username, |
| const std::string& password) { |
| @@ -346,8 +197,8 @@ void SigninManager::StartSignIn(const std::string& username, |
| const std::string& password, |
| const std::string& login_token, |
| const std::string& login_captcha) { |
| - DCHECK(authenticated_username_.empty() || |
| - gaia::AreEmailsSame(username, authenticated_username_)); |
| + DCHECK(GetAuthenticatedUsername().empty() || |
| + gaia::AreEmailsSame(username, GetAuthenticatedUsername())); |
| if (!PrepareForSignin(SIGNIN_TYPE_CLIENT_LOGIN, username, password)) |
| return; |
| @@ -360,17 +211,13 @@ void SigninManager::StartSignIn(const std::string& username, |
| GaiaAuthFetcher::HostedAccountsNotAllowed); |
| // Register for token availability. The signin manager will pre-login the |
| - // user when the GAIA service token is ready for use. Only do this if we |
| - // are not running in ChomiumOS, since it handles pre-login itself, and if |
| - // cookies are not disabled for Google accounts. |
| -#if !defined(OS_CHROMEOS) |
| + // user when the GAIA service token is ready for use. |
| if (AreSigninCookiesAllowed(profile_)) { |
| TokenService* token_service = TokenServiceFactory::GetForProfile(profile_); |
| registrar_.Add(this, |
| chrome::NOTIFICATION_TOKEN_AVAILABLE, |
| content::Source<TokenService>(token_service)); |
| } |
| -#endif |
| } |
| void SigninManager::ProvideSecondFactorAccessCode( |
| @@ -393,8 +240,8 @@ void SigninManager::ProvideSecondFactorAccessCode( |
| void SigninManager::StartSignInWithCredentials(const std::string& session_index, |
| const std::string& username, |
| const std::string& password) { |
| - DCHECK(authenticated_username_.empty() || |
| - gaia::AreEmailsSame(username, authenticated_username_)); |
| + DCHECK(GetAuthenticatedUsername().empty() || |
| + gaia::AreEmailsSame(username, GetAuthenticatedUsername())); |
| if (!PrepareForSignin(SIGNIN_TYPE_WITH_CREDENTIALS, username, password)) |
| return; |
| @@ -458,7 +305,7 @@ void SigninManager::OnGaiaCookiesFetched( |
| void SigninManager::StartSignInWithOAuth(const std::string& username, |
| const std::string& password) { |
| - DCHECK(authenticated_username_.empty()); |
| + DCHECK(GetAuthenticatedUsername().empty()); |
| if (!PrepareForSignin(SIGNIN_TYPE_CLIENT_OAUTH, username, password)) |
| return; |
| @@ -470,17 +317,13 @@ void SigninManager::StartSignInWithOAuth(const std::string& username, |
| client_login_->StartClientOAuth(username, password, scopes, "", locale); |
| // Register for token availability. The signin manager will pre-login the |
| - // user when the GAIA service token is ready for use. Only do this if we |
| - // are not running in ChomiumOS, since it handles pre-login itself, and if |
| - // cookies are not disabled for Google accounts. |
| -#if !defined(OS_CHROMEOS) |
| + // user when the GAIA service token is ready for use. |
| if (AreSigninCookiesAllowed(profile_)) { |
| TokenService* token_service = TokenServiceFactory::GetForProfile(profile_); |
| registrar_.Add(this, |
| chrome::NOTIFICATION_TOKEN_AVAILABLE, |
| content::Source<TokenService>(token_service)); |
| } |
| -#endif |
| } |
| void SigninManager::ProvideOAuthChallengeResponse( |
| @@ -501,7 +344,7 @@ void SigninManager::ClearTransientSigninData() { |
| CleanupNotificationRegistration(); |
| client_login_.reset(); |
| -#if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS) |
| +#if defined(ENABLE_CONFIGURATION_POLICY) |
| policy_client_.reset(); |
| #endif |
| last_result_ = ClientLoginResult(); |
| @@ -526,40 +369,29 @@ void SigninManager::HandleAuthError(const GoogleServiceAuthError& error, |
| ClearTransientSigninData(); |
| } |
| +bool SigninManager::ShouldSignOut() { |
| + if (prohibit_signout_) |
| + return false; |
| + |
| + // Exit if we aren't signed in (or in the process of signing in). |
| + // This avoids a perf regression from clearing out the TokenDB if |
| + // SignOut() is invoked on startup to clean up any incomplete previous |
| + // signin attempts. |
| + if (GetAuthenticatedUsername().empty() && !client_login_.get()) |
| + return false; |
| + |
| + return true; |
| +} |
| + |
| void SigninManager::SignOut() { |
| DCHECK(IsInitialized()); |
| if (prohibit_signout_) { |
| DVLOG(1) << "Ignoring attempt to sign out while signout is prohibited"; |
| return; |
| } |
| - if (authenticated_username_.empty() && !client_login_.get()) { |
| - // Clean up our transient data and exit if we aren't signed in (or in the |
| - // process of signing in). This avoids a perf regression from clearing out |
| - // the TokenDB if SignOut() is invoked on startup to clean up any |
| - // incomplete previous signin attempts. |
| - ClearTransientSigninData(); |
| - return; |
| - } |
| - |
| - GoogleServiceSignoutDetails details(authenticated_username_); |
| ClearTransientSigninData(); |
| - authenticated_username_.clear(); |
| - profile_->GetPrefs()->ClearPref(prefs::kGoogleServicesUsername); |
| - |
| - // Erase (now) stale information from AboutSigninInternals. |
| - NotifyDiagnosticsObservers(USERNAME, ""); |
| - NotifyDiagnosticsObservers(LSID, ""); |
| - NotifyDiagnosticsObservers( |
| - signin_internals_util::SID, ""); |
| - |
| - TokenService* token_service = TokenServiceFactory::GetForProfile(profile_); |
| - content::NotificationService::current()->Notify( |
| - chrome::NOTIFICATION_GOOGLE_SIGNED_OUT, |
| - content::Source<Profile>(profile_), |
| - content::Details<const GoogleServiceSignoutDetails>(&details)); |
| - token_service->ResetCredentialsInMemory(); |
| - token_service->EraseTokensFromDB(); |
| + SigninManagerBase::SignOut(); |
| } |
| bool SigninManager::AuthInProgress() const { |
| @@ -671,7 +503,7 @@ void SigninManager::OnGetUserInfoSuccess(const UserInfoMap& data) { |
| possibly_invalid_username_ = email_iter->second; |
| -#if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS) |
| +#if defined(ENABLE_CONFIGURATION_POLICY) |
| // TODO(atwilson): Move this code out to OneClickSignin instead of having |
| // it embedded in SigninManager - we don't want UI logic in SigninManager. |
| // If this is a new signin (authenticated_username_ is not set) and we have |
| @@ -679,7 +511,7 @@ void SigninManager::OnGetUserInfoSuccess(const UserInfoMap& data) { |
| // services are initialized. If there's no oauth token (the user is using the |
| // old ClientLogin flow) then policy will get loaded once the TokenService |
| // finishes initializing (not ideal, but it's a reasonable fallback). |
| - if (authenticated_username_.empty() && |
| + if (GetAuthenticatedUsername().empty() && |
| !temp_oauth_login_tokens_.refresh_token.empty()) { |
| policy::UserPolicySigninService* policy_service = |
| policy::UserPolicySigninServiceFactory::GetForProfile(profile_); |
| @@ -696,7 +528,7 @@ void SigninManager::OnGetUserInfoSuccess(const UserInfoMap& data) { |
| CompleteSigninAfterPolicyLoad(); |
| } |
| -#if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS) |
| +#if defined(ENABLE_CONFIGURATION_POLICY) |
| void SigninManager::OnRegisteredForPolicy( |
| scoped_ptr<policy::CloudPolicyClient> client) { |
| // If there's no token for the user (no policy) just finish signing in. |
| @@ -797,9 +629,9 @@ void SigninManager::CompleteSigninAfterPolicyLoad() { |
| SetAuthenticatedUsername(possibly_invalid_username_); |
| possibly_invalid_username_.clear(); |
| profile_->GetPrefs()->SetString(prefs::kGoogleServicesUsername, |
| - authenticated_username_); |
| + GetAuthenticatedUsername()); |
| - GoogleServiceSigninSuccessDetails details(authenticated_username_, |
| + GoogleServiceSigninSuccessDetails details(GetAuthenticatedUsername(), |
| password_); |
| content::NotificationService::current()->Notify( |
| chrome::NOTIFICATION_GOOGLE_SIGNIN_SUCCESSFUL, |
| @@ -850,7 +682,6 @@ void SigninManager::Observe(int type, |
| const content::NotificationSource& source, |
| const content::NotificationDetails& details) { |
| switch (type) { |
| -#if !defined(OS_CHROMEOS) |
| case chrome::NOTIFICATION_TOKEN_AVAILABLE: { |
| TokenService::TokenAvailableDetails* tok_details = |
| content::Details<TokenService::TokenAvailableDetails>( |
| @@ -882,20 +713,11 @@ void SigninManager::Observe(int type, |
| } |
| break; |
| } |
| -#endif |
| default: |
| NOTREACHED(); |
| } |
| } |
| -void SigninManager::Shutdown() { |
| - if (signin_global_error_.get()) { |
| - GlobalErrorServiceFactory::GetForProfile(profile_)->RemoveGlobalError( |
| - signin_global_error_.get()); |
| - signin_global_error_.reset(); |
| - } |
| -} |
| - |
| void SigninManager::ProhibitSignout() { |
| prohibit_signout_ = true; |
| } |
| @@ -903,43 +725,3 @@ void SigninManager::ProhibitSignout() { |
| bool SigninManager::IsSignoutProhibited() const { |
| return prohibit_signout_; |
| } |
| - |
| -void SigninManager::OnGoogleServicesUsernamePatternChanged() { |
| - if (!authenticated_username_.empty() && |
| - !IsAllowedUsername(authenticated_username_)) { |
| - // Signed in user is invalid according to the current policy so sign |
| - // the user out. |
| - SignOut(); |
| - } |
| -} |
| - |
| -void SigninManager::OnSigninAllowedPrefChanged() { |
| - if (!IsSigninAllowed()) |
| - SignOut(); |
| -} |
| - |
| -void SigninManager::AddSigninDiagnosticsObserver( |
| - SigninDiagnosticsObserver* observer) { |
| - signin_diagnostics_observers_.AddObserver(observer); |
| -} |
| - |
| -void SigninManager::RemoveSigninDiagnosticsObserver( |
| - SigninDiagnosticsObserver* observer) { |
| - signin_diagnostics_observers_.RemoveObserver(observer); |
| -} |
| - |
| -void SigninManager::NotifyDiagnosticsObservers( |
| - const UntimedSigninStatusField& field, |
| - const std::string& value) { |
| - FOR_EACH_OBSERVER(SigninDiagnosticsObserver, |
| - signin_diagnostics_observers_, |
| - NotifySigninValueChanged(field, value)); |
| -} |
| - |
| -void SigninManager::NotifyDiagnosticsObservers( |
| - const TimedSigninStatusField& field, |
| - const std::string& value) { |
| - FOR_EACH_OBSERVER(SigninDiagnosticsObserver, |
| - signin_diagnostics_observers_, |
| - NotifySigninValueChanged(field, value)); |
| -} |
