chrome/browser/chromeos/policy/user_cloud_policy_token_forwarder.cc - Issue 148843002: Make an online wildcard login check for enterprise devices.

Side by Side Diff: chrome/browser/chromeos/policy/user_cloud_policy_token_forwarder.cc

Issue 148843002: Make an online wildcard login check for enterprise devices. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Filter out well-known consumer domains. Created 6 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.cc ('K') | « chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.cc ('k') | chrome/browser/chromeos/policy/wildcard_login_checker.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/chromeos/policy/user_cloud_policy_token_forwarder.h"	5 #include "chrome/browser/chromeos/policy/user_cloud_policy_token_forwarder.h"

6	6

7 #include "chrome/browser/chrome_notification_types.h"	7 #include "chrome/browser/chrome_notification_types.h"

8 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"	8 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"

9 #include "chrome/browser/signin/profile_oauth2_token_service.h"	9 #include "chrome/browser/signin/profile_oauth2_token_service.h"

10 #include "components/policy/core/common/cloud/cloud_policy_core.h"	10 #include "components/policy/core/common/cloud/cloud_policy_core.h"

11 #include "content/public/browser/notification_source.h"	11 #include "content/public/browser/notification_source.h"

12 #include "google_apis/gaia/gaia_constants.h"	12 #include "google_apis/gaia/gaia_constants.h"

	13 #include "google_apis/gaia/gaia_urls.h"

13	14

14 namespace policy {	15 namespace policy {

15	16

16 UserCloudPolicyTokenForwarder::UserCloudPolicyTokenForwarder(	17 UserCloudPolicyTokenForwarder::UserCloudPolicyTokenForwarder(

17 UserCloudPolicyManagerChromeOS* manager,	18 UserCloudPolicyManagerChromeOS* manager,

18 ProfileOAuth2TokenService* token_service)	19 ProfileOAuth2TokenService* token_service)

19 : OAuth2TokenService::Consumer("policy_token_forwarder"),	20 : OAuth2TokenService::Consumer("policy_token_forwarder"),

20 manager_(manager),	21 manager_(manager),

21 token_service_(token_service) {	22 token_service_(token_service) {

22 // Start by waiting for the CloudPolicyService to be initialized, so that	23 // Start by waiting for the CloudPolicyService to be initialized, so that

(...skipping 43 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
66 // enforces a cached policy.	67 // enforces a cached policy.

67 Shutdown();	68 Shutdown();

68 }	69 }

69	70

70 void UserCloudPolicyTokenForwarder::OnInitializationCompleted(	71 void UserCloudPolicyTokenForwarder::OnInitializationCompleted(

71 CloudPolicyService* service) {	72 CloudPolicyService* service) {

72 Initialize();	73 Initialize();

73 }	74 }

74	75

75 void UserCloudPolicyTokenForwarder::Initialize() {	76 void UserCloudPolicyTokenForwarder::Initialize() {

76 if (manager_->IsClientRegistered()) {	77 // TODO(mnissler): Once a better way to reconfirm whether a user is on the

77 // We already have a DMToken, so no need to ask for an access token.	78 // login whitelist is available, there is no reason to fetch the OAuth2 token

78 // All done here.	79 // here if the client is already registered, so check and bail out here.

79 Shutdown();

80 return;

81 }

82	80
	Joao da Silva 2014/01/28 14:45:46 We never revoke this token; I don't know if the Pr We never revoke this token; I don't know if the ProfileOAuth2TokenService takes care of that for us. If it doesn't then this may hit a token limit. Mattias Nissler (ping if slow) 2014/01/28 15:44:22 I don't think that's a problem here, ProfileOAuth2 Show quoted text On 2014/01/28 14:45:46, Joao da Silva wrote: > We never revoke this token; I don't know if the ProfileOAuth2TokenService takes > care of that for us. If it doesn't then this may hit a token limit. I don't think that's a problem here, ProfileOAuth2TokenService caches existing tokens instead of recreating them all the time. Also, we're talking about an access token here, which has limited validity time (60 min IIRC).
83 if (token_service_->RefreshTokenIsAvailable(	81 if (token_service_->RefreshTokenIsAvailable(

84 token_service_->GetPrimaryAccountId()))	82 token_service_->GetPrimaryAccountId()))

85 RequestAccessToken();	83 RequestAccessToken();

86 else	84 else

87 token_service_->AddObserver(this);	85 token_service_->AddObserver(this);

88 }	86 }

89	87

90 void UserCloudPolicyTokenForwarder::RequestAccessToken() {	88 void UserCloudPolicyTokenForwarder::RequestAccessToken() {

91 OAuth2TokenService::ScopeSet scopes;	89 OAuth2TokenService::ScopeSet scopes;

92 scopes.insert(GaiaConstants::kDeviceManagementServiceOAuth);	90 scopes.insert(GaiaConstants::kDeviceManagementServiceOAuth);

	91 scopes.insert(GaiaUrls::GetInstance()->oauth_wrap_bridge_user_info_scope());

93 request_ = token_service_->StartRequest(	92 request_ = token_service_->StartRequest(

94 token_service_->GetPrimaryAccountId(), scopes, this);	93 token_service_->GetPrimaryAccountId(), scopes, this);

95 }	94 }

96	95

97 } // namespace policy	96 } // namespace policy

OLD	NEW