Translate device-local account IDs to user IDs

chrome/browser/chromeos/policy/device_local_account.cc

+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/policy/device_local_account.h"
+
+#include <set>
+
+#include "base/logging.h"
+#include "base/strings/string_number_conversions.h"
+#include "base/values.h"
+#include "chrome/browser/chromeos/settings/cros_settings_names.h"
+#include "crypto/sha2.h"
+
+namespace policy {
+
+namespace {
+
+static const char kPublicAccountDomainPrefix[] = "public-accounts";

[Mattias Nissler (ping if slow), 2013/05/15 08:46:40]

no need for static

[bartfab (slow), 2013/05/17 11:14:28]

Done.

+
+static const char kKioskAppAccountDomainPrefix[] = "kiosk-apps";
+
+static const char kDeviceLocalAccountDomainSuffix[] = ".device-local.localhost";
+
+}  // namespace
+
+DeviceLocalAccount::DeviceLocalAccount(Type type,
+                                       const std::string& account_id,
+                                       const std::string& kiosk_app_id,
+                                       const std::string& kiosk_app_update_url)
+    : type(type),
+      account_id(account_id),
+      user_id(GenerateDeviceLocalAccountUserId(account_id, type)),
+      kiosk_app_id(kiosk_app_id),
+      kiosk_app_update_url(kiosk_app_update_url) {
+}
+
+std::string GenerateDeviceLocalAccountUserId(const std::string& account_id,
+                                             DeviceLocalAccount::Type type) {
+  std::string domain_prefix;
+  switch (type) {
+    case DeviceLocalAccount::TYPE_PUBLIC_SESSION:
+      domain_prefix = kPublicAccountDomainPrefix;
+      break;
+    case DeviceLocalAccount::TYPE_KIOSK_APP:
+      domain_prefix = kKioskAppAccountDomainPrefix;
+      break;
+    case DeviceLocalAccount::TYPE_COUNT:
+      NOTREACHED();
+      break;
+  }
+  char hash[crypto::kSHA256Length];
+  crypto::SHA256HashString(account_id, &hash, sizeof(hash));

[Mattias Nissler (ping if slow), 2013/05/15 08:46:40]

Is this fast enough?

[bartfab (slow), 2013/05/17 11:14:28]

Good point. Actually, hashing is completely unnecessary here. I just HexEncode()
the account_id now.

+  return base::HexEncode(&hash, sizeof(hash)) + "@" +

[Mattias Nissler (ping if slow), 2013/05/15 08:46:40]

I think Xiyuan mentioned something about requiring the app id for Kiosk Apps in
the user id. That would mean we need to generate different IDs for
TYPE_KIOSK_APP.

[bartfab (slow), 2013/05/17 11:14:28]

Thanks for reminding me of that. I talked to Xiyuan and updated the kiosk app
code accordingly.

+      domain_prefix + kDeviceLocalAccountDomainSuffix;
+}
+
+std::vector<DeviceLocalAccount> DecodeDeviceLocalAccountsList(
+    const base::ListValue* list) {
+  std::vector<DeviceLocalAccount> accounts;
+  if (!list)
+    return accounts;
+
+  std::set<std::string> account_ids;
+  for (size_t i = 0; i < list->GetSize(); ++i) {
+    const base::DictionaryValue* entry = NULL;
+    std::string account_id;
+    int type;
+    std::string kiosk_app_id;
+    if (!list->GetDictionary(i, &entry) ||
+        !entry->GetStringWithoutPathExpansion(
+            chromeos::kAccountsPrefDeviceLocalAccountsKeyId, &account_id) ||
+        account_id.empty() ||
+        !entry->GetIntegerWithoutPathExpansion(
+            chromeos::kAccountsPrefDeviceLocalAccountsKeyType, &type) ||
+        type < 0 || type >= DeviceLocalAccount::TYPE_COUNT ||
+        (type == DeviceLocalAccount::TYPE_KIOSK_APP &&
+         !entry->GetStringWithoutPathExpansion(
+             chromeos::kAccountsPrefDeviceLocalAccountsKeyKioskAppId,
+             &kiosk_app_id))) {

[Mattias Nissler (ping if slow), 2013/05/15 08:46:40]

This conditional is too long. Please break it up - maybe decode the
type-specific parts below?

[bartfab (slow), 2013/05/17 11:14:28]

Done.

+      LOG(ERROR) << "Corrupt entry in device-local account list at index " << i
+                 << ".";
+      continue;
+    }
+    std::string kiosk_app_update_url;
+    if (type == DeviceLocalAccount::TYPE_KIOSK_APP) {
+      entry->GetStringWithoutPathExpansion(
+          chromeos::kAccountsPrefDeviceLocalAccountsKeyKioskAppUpdateURL,
+          &kiosk_app_update_url);
+    }
+    if (!account_ids.insert(account_id).second) {

[Mattias Nissler (ping if slow), 2013/05/15 08:46:40]

account_ids is a set - how can this access second?

[bartfab (slow), 2013/05/17 11:14:28]

std::set::insert() returns an std::pair. The second element of this pair is a
boolean that tells you whether the insertion actually happened.

+      LOG(ERROR) << "Duplicate entry in device-local account list at index "
+                 << i << ": " << account_id << ".";
+      continue;
+    }
+    accounts.push_back(DeviceLocalAccount(
+        static_cast<DeviceLocalAccount::Type>(type),
+        account_id, kiosk_app_id, kiosk_app_update_url));
+  }
+  return accounts;
+}
+
+}  // namespace policy