Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(86)

Unified Diff: chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc

Issue 12538009: Public Sessions: fetch device robot api token during enterprise enrollment. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
diff --git a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
index bd97ade258850b2656b0e13673c57c7041f802e5..3d94f551850a3c356bb490b8b977a4c78f93f348 100644
--- a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
+++ b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
@@ -7,11 +7,13 @@
#include "base/bind.h"
#include "base/logging.h"
#include "base/message_loop.h"
+#include "chrome/browser/browser_process.h"
#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
#include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
#include "chrome/browser/policy/cloud/cloud_policy_constants.h"
#include "chrome/browser/policy/cloud/proto/device_management_backend.pb.h"
+#include "google_apis/gaia/gaia_urls.h"
namespace em = enterprise_management;
@@ -23,6 +25,8 @@ namespace {
const int kLockRetryIntervalMs = 500;
// Maximum time to retry InstallAttrs initialization before we give up.
const int kLockRetryTimeoutMs = 10 * 60 * 1000; // 10 minutes.
+// Number of times to retry fetching the device-level API refresh token.
+const int kRobotRefreshTokenFetchRetryCount = 2;
} // namespace
@@ -110,7 +114,7 @@ void EnrollmentHandlerChromeOS::OnRegistrationStateChanged(
DCHECK_EQ(client_.get(), client);
if (enrollment_step_ == STEP_REGISTRATION && client_->is_registered()) {
- enrollment_step_ = STEP_POLICY_FETCH,
+ enrollment_step_ = STEP_ROBOT_AUTH_FETCH,
device_mode_ = client_->device_mode();
if (device_mode_ == DEVICE_MODE_NOT_SET)
device_mode_ = DEVICE_MODE_ENTERPRISE;
@@ -120,17 +124,81 @@ void EnrollmentHandlerChromeOS::OnRegistrationStateChanged(
EnrollmentStatus::STATUS_REGISTRATION_BAD_MODE));
return;
}
- client_->FetchPolicy();
+ client_->FetchRobotAuthTokens(auth_token_);
} else {
LOG(FATAL) << "Registration state changed to " << client_->is_registered()
<< " in step " << enrollment_step_;
}
}
+void EnrollmentHandlerChromeOS::OnRobotAuthCodesFetched(
+ CloudPolicyClient* client) {
+ DCHECK_EQ(client_.get(), client);
+ CHECK_EQ(STEP_ROBOT_AUTH_FETCH, enrollment_step_);
+
+ enrollment_step_ = STEP_ROBOT_AUTH_REFRESH;
+
+ gaia::OAuthClientInfo client_info;
+ client_info.client_id = GaiaUrls::GetInstance()->oauth2_chrome_client_id();
+ client_info.client_secret =
+ GaiaUrls::GetInstance()->oauth2_chrome_client_secret();
+
+ // Use the system request context to avoid sending user cookies.
+ gaia_oauth_client_.reset(new gaia::GaiaOAuthClient(
+ gaia::kGaiaOAuth2Url,
+ // TODO: use DeviceManagementRequestContextGetter? It seems to just use
+ // the system_request_context internally, an manually return the IO thread
Mattias Nissler (ping if slow) 2013/03/19 06:33:08 grammar
David Roche 2013/04/02 01:59:25 Done.
+ // message loop, but the system_request_context already does this? What
+ // does DeviceManagementRequestContextGetter change?
Mattias Nissler (ping if slow) 2013/03/19 06:33:08 It uses a different user agent, and disables all c
David Roche 2013/04/02 01:59:25 It would make sense for testability if a test depe
Mattias Nissler (ping if slow) 2013/04/02 14:16:46 OK, tell you what: You make sure the test for this
David Roche 2013/04/04 01:39:53 Ah, yes, updating tests. That is on the agenda fo
+ g_browser_process->system_request_context()));
+ gaia_oauth_client_->GetTokensFromAuthCode(client_info,
+ client->robot_api_auth_code(),
+ kRobotRefreshTokenFetchRetryCount,
Mattias Nissler (ping if slow) 2013/03/19 06:33:08 why would we have to retry at all?
David Roche 2013/04/02 01:59:25 I retry b/c other bits of enrollment seem to retry
Mattias Nissler (ping if slow) 2013/04/02 14:16:46 That's an entirely separate issue that covers our
David Roche 2013/04/04 01:39:53 Done.
+ this);
+}
+
+// GaiaOAuthClient::Delegate callback for OAuth2 refresh token fetched.
+void EnrollmentHandlerChromeOS::OnGetTokensResponse(
+ const std::string& refresh_token,
+ const std::string& access_token,
+ int expires_in_seconds) {
+ CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_);
+
+ enrollment_step_ = STEP_POLICY_FETCH,
+
+ // TODO: persist token in DeviceOAuth2TokenService when CL 12647008 lands.
+
+ client_->FetchPolicy();
+}
+
+// GaiaOAuthClient::Delegate
+void EnrollmentHandlerChromeOS::OnRefreshTokenResponse(
+ const std::string& access_token,
+ int expires_in_seconds) {
+ // We never use the code that should trigger this callback.
+ NOTREACHED() << "Unexpected callback invoked";
Mattias Nissler (ping if slow) 2013/03/19 06:33:08 either need to notify the delegate, or do a LOG(FA
David Roche 2013/04/02 01:59:25 Done.
+}
+
+// GaiaOAuthClient::Delegate OAuth2 error when fetching refresh token request.
+void EnrollmentHandlerChromeOS::OnOAuthError() {
+ ReportResult(EnrollmentStatus::ForStatus(
+ EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED));
+}
+
+// GaiaOAuthClient::Delegate network error when fetching refresh token.
+void EnrollmentHandlerChromeOS::OnNetworkError(int response_code) {
+ LOG(ERROR) << "Network error while fetching API refresh token: "
+ << response_code;
+ ReportResult(EnrollmentStatus::ForStatus(
+ EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED));
+}
+
void EnrollmentHandlerChromeOS::OnClientError(CloudPolicyClient* client) {
DCHECK_EQ(client_.get(), client);
- if (enrollment_step_ < STEP_POLICY_FETCH)
+ if (enrollment_step_ == STEP_ROBOT_AUTH_FETCH)
+ ReportResult(EnrollmentStatus::ForRobotAuthError(client_->status()));
+ else if (enrollment_step_ < STEP_POLICY_FETCH)
ReportResult(EnrollmentStatus::ForRegistrationError(client_->status()));
else
ReportResult(EnrollmentStatus::ForFetchError(client_->status()));
@@ -140,6 +208,9 @@ void EnrollmentHandlerChromeOS::OnStoreLoaded(CloudPolicyStore* store) {
DCHECK_EQ(store_, store);
if (enrollment_step_ == STEP_LOADING_STORE) {
+ // If the |store_| wasn't initialized when StartEnrollment() was
+ // called, then AttemptRegistration() bails silently. This gets
+ // registration rolling again after the store finishes loading.
AttemptRegistration();
} else if (enrollment_step_ == STEP_STORE_POLICY) {
ReportResult(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS));

Powered by Google App Engine
This is Rietveld 408576698