Chromium Code Reviews Chromium Code Reviews
Issue 12538009:
Public Sessions: fetch device robot api token during enterprise enrollment. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| Index: chrome/browser/chromeos/policy/enrollment_handler_chromeos.h |
| diff --git a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h |
| index e44443d728057bc1ad2109a0260656fdfb8eca9d..570e994629519094cd74541b25eed8bb6602573d 100644 |
| --- a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h |
| +++ b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h |
| @@ -16,6 +16,7 @@ |
| #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" |
| #include "chrome/browser/policy/cloud/cloud_policy_client.h" |
| #include "chrome/browser/policy/cloud/cloud_policy_store.h" |
| +#include "google_apis/gaia/gaia_oauth_client.h" |
| namespace enterprise_management { |
| class PolicyFetchResponse; |
| @@ -29,10 +30,14 @@ namespace policy { |
| // 2. Download the initial policy blob from the service. |
| // 3. Verify the policy blob. Everything up to this point doesn't touch device |
| // state. |
| -// 4. Establish the device lock in installation-time attributes. |
| -// 5. Store the policy blob. |
| +// 4. Download the OAuth2 authorization code for device-level API access. |
| +// 5. Download the OAuth2 refresh token for device-level API access and store |
| +// it. |
| +// 6. Establish the device lock in installation-time attributes. |
| +// 7. Store the policy blob and API refresh token. |
| class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
| - public CloudPolicyStore::Observer { |
| + public CloudPolicyStore::Observer, |
| + public gaia::GaiaOAuthClient::Delegate { |
| public: |
| typedef DeviceCloudPolicyManagerChromeOS::AllowedDeviceModes |
| AllowedDeviceModes; |
| @@ -64,24 +69,36 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
| // CloudPolicyClient::Observer: |
| virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE; |
| virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE; |
| + virtual void OnRobotAuthCodesFetched(CloudPolicyClient* client) OVERRIDE; |
| virtual void OnClientError(CloudPolicyClient* client) OVERRIDE; |
| // CloudPolicyStore::Observer: |
| virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; |
| virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE; |
| + // GaiaOAuthClient::Delegate: |
| + virtual void OnGetTokensResponse(const std::string& refresh_token, |
| + const std::string& access_token, |
| + int expires_in_seconds) OVERRIDE; |
| + virtual void OnRefreshTokenResponse(const std::string& access_token, |
| + int expires_in_seconds) OVERRIDE; |
| + virtual void OnOAuthError() OVERRIDE; |
| + virtual void OnNetworkError(int response_code) OVERRIDE; |
| + |
| private: |
| // Indicates what step of the process is currently pending. These steps need |
| // to be listed in the order they are traversed in. |
| enum EnrollmentStep { |
| - STEP_PENDING, // Not started yet. |
| - STEP_LOADING_STORE, // Waiting for |store_| to initialize. |
| - STEP_REGISTRATION, // Currently registering the client. |
| - STEP_POLICY_FETCH, // Fetching policy. |
| - STEP_VALIDATION, // Policy validation. |
| - STEP_LOCK_DEVICE, // Writing installation-time attributes. |
| - STEP_STORE_POLICY, // Storing policy. |
| - STEP_FINISHED, // Enrollment process finished, no further action. |
| + STEP_PENDING, // Not started yet. |
| + STEP_LOADING_STORE, // Waiting for |store_| to initialize. |
| + STEP_REGISTRATION, // Currently registering the client. |
| + STEP_POLICY_FETCH, // Fetching policy. |
| + STEP_VALIDATION, // Policy validation. |
| + STEP_ROBOT_AUTH_FETCH, // Fetching device API auth code. |
| + STEP_ROBOT_AUTH_REFRESH, // Fetching device API refresh token. |
| + STEP_LOCK_DEVICE, // Writing installation-time attributes. |
| + STEP_STORE_POLICY, // Storing policy and API refresh token. |
| + STEP_FINISHED, // Enrollment process finished, no further action. |
| }; |
| // Starts registration if the store is initialized. |
| @@ -91,6 +108,11 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
| // attributes locking if successful. |
| void PolicyValidated(DeviceCloudPolicyValidator* validator); |
| + // Method called to initiate the STEP_LOCK_DEVICE step. Usually called after |
| + // the STEP_ROBOT_AUTH_REFRESH, but may be called directly after a failed |
| + // STEP_ROBOT_AUTH_FETCH, since robot tokens are currently optional. |
| + void WriteInstallAttributesAndLockDevice(); |
|
Mattias Nissler (ping if slow)
2013/04/24 13:43:13
The naming is a bit unfortunate here, WriteInstall
David Roche
2013/04/24 15:34:21
I renamed this and WriteInstallAttributes, so that
Mattias Nissler (ping if slow)
2013/04/24 17:58:52
Looks good.
|
| + |
| // Calls LockDevice() and proceeds to policy installation. If unsuccessful, |
| // reports the result. Actual installation or error report will be done in |
| // HandleLockDeviceResult(). |
| @@ -115,9 +137,11 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
| DeviceCloudPolicyStoreChromeOS* store_; |
| EnterpriseInstallAttributes* install_attributes_; |
| scoped_ptr<CloudPolicyClient> client_; |
| + scoped_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_; |
| std::string auth_token_; |
| std::string client_id_; |
| + std::string robot_refresh_token_; |
| bool is_auto_enrollment_; |
| AllowedDeviceModes allowed_device_modes_; |
| EnrollmentCallback completion_callback_; |
| @@ -125,8 +149,10 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer, |
| // The device mode as received in the registration request. |
| DeviceMode device_mode_; |
| - // The validated policy response to be installed in the store. |
| + // The validated policy response info to be installed in the store. |
| scoped_ptr<enterprise_management::PolicyFetchResponse> policy_; |
| + std::string username_; |
| + std::string device_id_; |
| // Current enrollment step. |
| EnrollmentStep enrollment_step_; |
