Chromium Code Reviews Chromium Code Reviews
Issue 12538009:
Public Sessions: fetch device robot api token during enterprise enrollment. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/cloud/cloud_policy_client.h" | 5 #include "chrome/browser/policy/cloud/cloud_policy_client.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/guid.h" | 8 #include "base/guid.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| 11 #include "chrome/browser/policy/cloud/device_management_service.h" | 11 #include "chrome/browser/policy/cloud/device_management_service.h" |
| 12 | 12 |
| 13 namespace em = enterprise_management; | 13 namespace em = enterprise_management; |
| 14 | 14 |
| 15 namespace policy { | 15 namespace policy { |
| 16 | 16 |
| 17 namespace { | 17 namespace { |
| 18 | 18 |
| 19 const char kAnyApiOAuth2Scope[] = "https://www.googleapis.com/auth/any-api"; | |
|
Mattias Nissler (ping if slow)
2013/03/19 06:33:08
This should probably go into gaia_constants.h (or
David Roche
2013/04/02 01:59:25
Done.
| |
| 20 | |
| 19 // Translates the DeviceRegisterResponse::DeviceMode |mode| to the enum used | 21 // Translates the DeviceRegisterResponse::DeviceMode |mode| to the enum used |
| 20 // internally to represent different device modes. | 22 // internally to represent different device modes. |
| 21 DeviceMode TranslateProtobufDeviceMode( | 23 DeviceMode TranslateProtobufDeviceMode( |
| 22 em::DeviceRegisterResponse::DeviceMode mode) { | 24 em::DeviceRegisterResponse::DeviceMode mode) { |
| 23 switch (mode) { | 25 switch (mode) { |
| 24 case em::DeviceRegisterResponse::ENTERPRISE: | 26 case em::DeviceRegisterResponse::ENTERPRISE: |
| 25 return DEVICE_MODE_ENTERPRISE; | 27 return DEVICE_MODE_ENTERPRISE; |
| 26 case em::DeviceRegisterResponse::RETAIL: | 28 case em::DeviceRegisterResponse::RETAIL: |
| 27 return DEVICE_MODE_KIOSK; | 29 return DEVICE_MODE_KIOSK; |
| 28 } | 30 } |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 170 request->mutable_session_status_report_request())) { | 172 request->mutable_session_status_report_request())) { |
| 171 request->clear_session_status_report_request(); | 173 request->clear_session_status_report_request(); |
| 172 } | 174 } |
| 173 } | 175 } |
| 174 | 176 |
| 175 // Fire the job. | 177 // Fire the job. |
| 176 request_job_->Start(base::Bind(&CloudPolicyClient::OnPolicyFetchCompleted, | 178 request_job_->Start(base::Bind(&CloudPolicyClient::OnPolicyFetchCompleted, |
| 177 base::Unretained(this))); | 179 base::Unretained(this))); |
| 178 } | 180 } |
| 179 | 181 |
| 182 void CloudPolicyClient::FetchRobotAuthTokens(const std::string& auth_token) { | |
| 183 CHECK(is_registered()); | |
| 184 DCHECK(!auth_token.empty()); | |
| 185 | |
| 186 request_job_.reset(service_->CreateJob( | |
| 187 DeviceManagementRequestJob::TYPE_API_AUTH_CODE_FETCH)); | |
| 188 // The credentials of a domain user are needed in order to mint a new OAuth2 | |
| 189 // authorization token for the robot account. | |
| 190 request_job_->SetOAuthToken(auth_token); | |
| 191 request_job_->SetClientID(client_id_); | |
| 192 | |
| 193 em::DeviceServiceApiAccessRequest* request = | |
| 194 request_job_->GetRequest()->mutable_service_api_access_request(); | |
| 195 request->add_auth_scope(kAnyApiOAuth2Scope); | |
| 196 | |
| 197 request_job_->Start( | |
| 198 base::Bind(&CloudPolicyClient::OnFetchRobotAuthTokensCompleted, | |
| 199 base::Unretained(this))); | |
| 200 } | |
| 201 | |
| 180 void CloudPolicyClient::Unregister() { | 202 void CloudPolicyClient::Unregister() { |
| 181 DCHECK(service_); | 203 DCHECK(service_); |
| 182 request_job_.reset( | 204 request_job_.reset( |
| 183 service_->CreateJob(DeviceManagementRequestJob::TYPE_UNREGISTRATION)); | 205 service_->CreateJob(DeviceManagementRequestJob::TYPE_UNREGISTRATION)); |
| 184 request_job_->SetDMToken(dm_token_); | 206 request_job_->SetDMToken(dm_token_); |
| 185 request_job_->SetClientID(client_id_); | 207 request_job_->SetClientID(client_id_); |
| 186 request_job_->GetRequest()->mutable_unregister_request(); | 208 request_job_->GetRequest()->mutable_unregister_request(); |
| 187 request_job_->Start(base::Bind(&CloudPolicyClient::OnUnregisterCompleted, | 209 request_job_->Start(base::Bind(&CloudPolicyClient::OnUnregisterCompleted, |
| 188 base::Unretained(this))); | 210 base::Unretained(this))); |
| 189 } | 211 } |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 242 device_mode_ = TranslateProtobufDeviceMode( | 264 device_mode_ = TranslateProtobufDeviceMode( |
| 243 response.register_response().enrollment_type()); | 265 response.register_response().enrollment_type()); |
| 244 } | 266 } |
| 245 | 267 |
| 246 NotifyRegistrationStateChanged(); | 268 NotifyRegistrationStateChanged(); |
| 247 } else { | 269 } else { |
| 248 NotifyClientError(); | 270 NotifyClientError(); |
| 249 } | 271 } |
| 250 } | 272 } |
| 251 | 273 |
| 274 void CloudPolicyClient::OnFetchRobotAuthTokensCompleted( | |
| 275 DeviceManagementStatus status, | |
| 276 const em::DeviceManagementResponse& response) { | |
| 277 if (status == DM_STATUS_SUCCESS && | |
| 278 (!response.has_service_api_access_response() || | |
| 279 response.service_api_access_response().auth_code().empty())) { | |
| 280 // TODO: retry on transient errors? | |
|
Mattias Nissler (ping if slow)
2013/03/19 06:33:08
Not needed for now - the user can retry manually.
David Roche
2013/04/02 01:59:25
Done.
| |
| 281 LOG(WARNING) << "Invalid service api access response."; | |
| 282 status = DM_STATUS_RESPONSE_DECODING_ERROR; | |
| 283 } | |
| 284 | |
| 285 status_ = status; | |
| 286 if (status == DM_STATUS_SUCCESS) { | |
| 287 robot_api_auth_code_ = response.service_api_access_response().auth_code(); | |
| 288 DVLOG(1) << "Device robot account auth code fetch complete - code = " | |
| 289 << robot_api_auth_code_; | |
| 290 | |
| 291 NotifyRobotAuthCodesFetched(); | |
| 292 } else { | |
| 293 NotifyClientError(); | |
| 294 } | |
| 295 } | |
| 296 | |
| 252 void CloudPolicyClient::OnPolicyFetchCompleted( | 297 void CloudPolicyClient::OnPolicyFetchCompleted( |
| 253 DeviceManagementStatus status, | 298 DeviceManagementStatus status, |
| 254 const em::DeviceManagementResponse& response) { | 299 const em::DeviceManagementResponse& response) { |
| 255 if (status == DM_STATUS_SUCCESS) { | 300 if (status == DM_STATUS_SUCCESS) { |
| 256 if (!response.has_policy_response() || | 301 if (!response.has_policy_response() || |
| 257 response.policy_response().response_size() == 0) { | 302 response.policy_response().response_size() == 0) { |
| 258 LOG(WARNING) << "Empty policy response."; | 303 LOG(WARNING) << "Empty policy response."; |
| 259 status = DM_STATUS_RESPONSE_DECODING_ERROR; | 304 status = DM_STATUS_RESPONSE_DECODING_ERROR; |
| 260 } | 305 } |
| 261 } | 306 } |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 312 } | 357 } |
| 313 | 358 |
| 314 void CloudPolicyClient::NotifyPolicyFetched() { | 359 void CloudPolicyClient::NotifyPolicyFetched() { |
| 315 FOR_EACH_OBSERVER(Observer, observers_, OnPolicyFetched(this)); | 360 FOR_EACH_OBSERVER(Observer, observers_, OnPolicyFetched(this)); |
| 316 } | 361 } |
| 317 | 362 |
| 318 void CloudPolicyClient::NotifyRegistrationStateChanged() { | 363 void CloudPolicyClient::NotifyRegistrationStateChanged() { |
| 319 FOR_EACH_OBSERVER(Observer, observers_, OnRegistrationStateChanged(this)); | 364 FOR_EACH_OBSERVER(Observer, observers_, OnRegistrationStateChanged(this)); |
| 320 } | 365 } |
| 321 | 366 |
| 367 void CloudPolicyClient::NotifyRobotAuthCodesFetched() { | |
| 368 FOR_EACH_OBSERVER(Observer, observers_, OnRobotAuthCodesFetched(this)); | |
| 369 } | |
| 370 | |
| 322 void CloudPolicyClient::NotifyClientError() { | 371 void CloudPolicyClient::NotifyClientError() { |
| 323 FOR_EACH_OBSERVER(Observer, observers_, OnClientError(this)); | 372 FOR_EACH_OBSERVER(Observer, observers_, OnClientError(this)); |
| 324 } | 373 } |
| 325 | 374 |
| 326 } // namespace policy | 375 } // namespace policy |
| OLD | NEW |
