Add local state flag to force online login for a user

chrome/browser/chromeos/login/user_manager_impl.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/user_manager_impl.h"
 
 #include <cstddef>
 #include <set>
 
 #include "base/bind.h"
@@ skipping 65 matching lines @@
 
 // A vector pref of the public accounts defined on this device.
 const char kPublicAccounts[] = "PublicAccounts";
 
 // A string pref that gets set when a public account is removed but a user is
 // currently logged into that account, requiring the account's data to be
 // removed after logout.
 const char kPublicAccountPendingDataRemoval[] =
     "PublicAccountPendingDataRemoval";
 
-// A dictionary that maps usernames to the displayed name.
+// A dictionary that maps user IDs to the displayed name.
 const char kUserDisplayName[] = "UserDisplayName";
 
-// A dictionary that maps usernames to the user's given name.
+// A dictionary that maps user IDs to the user's given name.
 const char kUserGivenName[] = "UserGivenName";
 
-// A dictionary that maps usernames to the displayed (non-canonical) emails.
+// A dictionary that maps user IDs to the displayed (non-canonical) emails.
 const char kUserDisplayEmail[] = "UserDisplayEmail";
 
-// A dictionary that maps usernames to OAuth token presence flag.
+// A dictionary that maps user IDs to OAuth token presence flag.
 const char kUserOAuthTokenStatus[] = "OAuthTokenStatus";
 
+// A dictionary that maps user IDs to a flag indicating whether online
+// authentication against GAIA should be enforced during the next sign-in.
+const char kUserForceOnlineSignin[] = "UserForceOnlineSignin";
+
 // A string pref containing the ID of the last user who logged in if it was
 // a regular user or an empty string if it was another type of user (guest,
 // kiosk, public account, etc.).
 const char kLastLoggedInRegularUser[] = "LastLoggedInRegularUser";
 
 // Upper bound for a histogram metric reporting the amount of time between
 // one regular user logging out and a different regular user logging in.
 const int kLogoutToLoginDelayMaxSec = 1800;
 
 // Callback that is called after user removal is complete.
@@ skipping 56 matching lines @@
 }
 
 }  // namespace
 
 // static
 void UserManager::RegisterPrefs(PrefRegistrySimple* registry) {
   registry->RegisterListPref(kRegularUsers);
   registry->RegisterListPref(kPublicAccounts);
   registry->RegisterStringPref(kPublicAccountPendingDataRemoval, "");
   registry->RegisterStringPref(kLastLoggedInRegularUser, "");
-  registry->RegisterDictionaryPref(kUserOAuthTokenStatus);
   registry->RegisterDictionaryPref(kUserDisplayName);
   registry->RegisterDictionaryPref(kUserGivenName);
   registry->RegisterDictionaryPref(kUserDisplayEmail);
+  registry->RegisterDictionaryPref(kUserOAuthTokenStatus);
+  registry->RegisterDictionaryPref(kUserForceOnlineSignin);
   SupervisedUserManager::RegisterPrefs(registry);
   SessionLengthLimiter::RegisterPrefs(registry);
 }
 
 UserManagerImpl::UserManagerImpl()
     : cros_settings_(CrosSettings::Get()),
       device_local_account_policy_service_(NULL),
       user_loading_stage_(STAGE_NOT_LOADED),
       active_user_(NULL),
       primary_user_(NULL),
@@ skipping 479 matching lines @@
     User::OAuthTokenStatus oauth_token_status) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
   DVLOG(1) << "Saving user OAuth token status in Local State";
   User* user = FindUserAndModify(user_id);
   if (user)
     user->set_oauth_token_status(oauth_token_status);
 
   GetUserFlow(user_id)->HandleOAuthTokenStatusChange(oauth_token_status);
 
-  // Do not update local store if data stored or cached outside the user's
+  // Do not update local state if data stored or cached outside the user's
   // cryptohome is to be treated as ephemeral.
   if (IsUserNonCryptohomeDataEphemeral(user_id))
     return;
 
   PrefService* local_state = g_browser_process->local_state();
 
   DictionaryPrefUpdate oauth_status_update(local_state, kUserOAuthTokenStatus);
   oauth_status_update->SetWithoutPathExpansion(user_id,
       new base::FundamentalValue(static_cast<int>(oauth_token_status)));
 }
 
-User::OAuthTokenStatus UserManagerImpl::LoadUserOAuthStatus(
-    const std::string& user_id) const {
+void UserManagerImpl::SaveForceOnlineSignin(const std::string& user_id,
+                                            bool force_online_signin) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
-  PrefService* local_state = g_browser_process->local_state();
-  const base::DictionaryValue* prefs_oauth_status =
-      local_state->GetDictionary(kUserOAuthTokenStatus);
-  int oauth_token_status = User::OAUTH_TOKEN_STATUS_UNKNOWN;
-  if (prefs_oauth_status &&
-      prefs_oauth_status->GetIntegerWithoutPathExpansion(
-          user_id, &oauth_token_status)) {
-    User::OAuthTokenStatus result =
-        static_cast<User::OAuthTokenStatus>(oauth_token_status);
-    if (result == User::OAUTH2_TOKEN_STATUS_INVALID)
-      GetUserFlow(user_id)->HandleOAuthTokenStatusChange(result);
-    return result;
-  }
-  return User::OAUTH_TOKEN_STATUS_UNKNOWN;
+  // Do not update local state if data stored or cached outside the user's
+  // cryptohome is to be treated as ephemeral.
+  if (IsUserNonCryptohomeDataEphemeral(user_id))
+    return;
+
+  DictionaryPrefUpdate force_online_update(g_browser_process->local_state(),
+                                           kUserForceOnlineSignin);
+  force_online_update->SetBooleanWithoutPathExpansion(user_id,
+                                                      force_online_signin);
 }
 
 void UserManagerImpl::SaveUserDisplayName(const std::string& user_id,
                                           const base::string16& display_name) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
   if (User* user = FindUserAndModify(user_id)) {
     user->set_display_name(display_name);
 
-    // Do not update local store if data stored or cached outside the user's
+    // Do not update local state if data stored or cached outside the user's
     // cryptohome is to be treated as ephemeral.
     if (!IsUserNonCryptohomeDataEphemeral(user_id)) {
       PrefService* local_state = g_browser_process->local_state();
 
       DictionaryPrefUpdate display_name_update(local_state, kUserDisplayName);
       display_name_update->SetWithoutPathExpansion(
           user_id,
           new base::StringValue(display_name));
 
       supervised_user_manager_->UpdateManagerName(user_id, display_name);
@@ skipping 10 matching lines @@
 void UserManagerImpl::SaveUserDisplayEmail(const std::string& user_id,
                                            const std::string& display_email) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
   User* user = FindUserAndModify(user_id);
   if (!user)
     return;  // Ignore if there is no such user.
 
   user->set_display_email(display_email);
 
-  // Do not update local store if data stored or cached outside the user's
+  // Do not update local state if data stored or cached outside the user's
   // cryptohome is to be treated as ephemeral.
   if (IsUserNonCryptohomeDataEphemeral(user_id))
     return;
 
   PrefService* local_state = g_browser_process->local_state();
 
   DictionaryPrefUpdate display_email_update(local_state, kUserDisplayEmail);
   display_email_update->SetWithoutPathExpansion(
       user_id,
       new base::StringValue(display_email));
@@ skipping 374 matching lines @@
                 &regular_users, &regular_users_set);
   for (std::vector<std::string>::const_iterator it = regular_users.begin();
        it != regular_users.end(); ++it) {
     User* user = NULL;
     const std::string domain = gaia::ExtractDomainName(*it);
     if (domain == UserManager::kLocallyManagedUserDomain)
       user = User::CreateLocallyManagedUser(*it);
     else
       user = User::CreateRegularUser(*it);
     user->set_oauth_token_status(LoadUserOAuthStatus(*it));
+    user->set_force_online_signin(LoadForceOnlineSignin(*it));
     users_.push_back(user);
 
     base::string16 display_name;
     if (prefs_display_names->GetStringWithoutPathExpansion(*it,
                                                            &display_name)) {
       user->set_display_name(display_name);
     }
 
     base::string16 given_name;
     if (prefs_given_names->GetStringWithoutPathExpansion(*it, &given_name)) {
@@ skipping 287 matching lines @@
 
   // Owner must be first user in session. DeviceSettingsService can't deal with
   // multiple user and will mix up ownership, crbug.com/230018.
   if (GetLoggedInUsers().size() == 1) {
     // Indicate to DeviceSettingsService that the owner key may have become
     // available.
     DeviceSettingsService::Get()->SetUsername(active_user_->email());
   }
 }
 
+User::OAuthTokenStatus UserManagerImpl::LoadUserOAuthStatus(
+    const std::string& user_id) const {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+
+  PrefService* local_state = g_browser_process->local_state();
+  const base::DictionaryValue* prefs_oauth_status =
+      local_state->GetDictionary(kUserOAuthTokenStatus);
+  int oauth_token_status = User::OAUTH_TOKEN_STATUS_UNKNOWN;
+  if (prefs_oauth_status &&
+      prefs_oauth_status->GetIntegerWithoutPathExpansion(
+          user_id, &oauth_token_status)) {
+    User::OAuthTokenStatus result =
+        static_cast<User::OAuthTokenStatus>(oauth_token_status);
+    if (result == User::OAUTH2_TOKEN_STATUS_INVALID)
+      GetUserFlow(user_id)->HandleOAuthTokenStatusChange(result);
+    return result;
+  }
+  return User::OAUTH_TOKEN_STATUS_UNKNOWN;
+}
+
+bool UserManagerImpl::LoadForceOnlineSignin(const std::string& user_id) const {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+
+  PrefService* local_state = g_browser_process->local_state();
+  const base::DictionaryValue* prefs_force_online =
+      local_state->GetDictionary(kUserForceOnlineSignin);
+  bool force_online_signin = false;
+  if (prefs_force_online) {
+    prefs_force_online->GetBooleanWithoutPathExpansion(user_id,
+                                                       &force_online_signin);
+  }
+  return force_online_signin;
+}
+
 void UserManagerImpl::UpdateOwnership() {
   bool is_owner = DeviceSettingsService::Get()->HasPrivateOwnerKey();
   VLOG(1) << "Current user " << (is_owner ? "is owner" : "is not owner");
 
   SetCurrentUserIsOwner(is_owner);
 }
 
 void UserManagerImpl::RemoveNonCryptohomeData(const std::string& user_id) {
   WallpaperManager::Get()->RemoveUserWallpaperInfo(user_id);
   GetUserImageManager(user_id)->DeleteUserImage();
 
   PrefService* prefs = g_browser_process->local_state();
-  DictionaryPrefUpdate prefs_oauth_update(prefs, kUserOAuthTokenStatus);
-  int oauth_status;
-  prefs_oauth_update->GetIntegerWithoutPathExpansion(user_id, &oauth_status);
-  prefs_oauth_update->RemoveWithoutPathExpansion(user_id, NULL);
-
   DictionaryPrefUpdate prefs_display_name_update(prefs, kUserDisplayName);
   prefs_display_name_update->RemoveWithoutPathExpansion(user_id, NULL);
 
   DictionaryPrefUpdate prefs_given_name_update(prefs, kUserGivenName);
   prefs_given_name_update->RemoveWithoutPathExpansion(user_id, NULL);
 
   DictionaryPrefUpdate prefs_display_email_update(prefs, kUserDisplayEmail);
   prefs_display_email_update->RemoveWithoutPathExpansion(user_id, NULL);
 
+  DictionaryPrefUpdate prefs_oauth_update(prefs, kUserOAuthTokenStatus);
+  prefs_oauth_update->RemoveWithoutPathExpansion(user_id, NULL);
+
+  DictionaryPrefUpdate prefs_force_online_update(prefs, kUserForceOnlineSignin);
+  prefs_force_online_update->RemoveWithoutPathExpansion(user_id, NULL);
+
   supervised_user_manager_->RemoveNonCryptohomeData(user_id);
 
   multi_profile_user_controller_->RemoveCachedValues(user_id);
 }
 
 User* UserManagerImpl::RemoveRegularOrLocallyManagedUserFromList(
     const std::string& user_id) {
   ListPrefUpdate prefs_users_update(g_browser_process->local_state(),
                                     kRegularUsers);
   prefs_users_update->Clear();
@@ skipping 435 matching lines @@
   if (User* user = FindUserAndModify(user_id))
     user->SetAccountLocale(resolved_locale);
 }
 
 void UserManagerImpl::UpdateNumberOfUsers() {
   base::debug::SetCrashKeyValue(crash_keys::kNumberOfUsers,
       base::StringPrintf("%" PRIuS, GetLoggedInUsers().size()));
 }
 
 }  // namespace chromeos