Reland: No longer start up profile if there was an error fetching policy.

chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
 
 #include <set>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
+#include "base/command_line.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/metrics/sparse_histogram.h"
 #include "base/sequenced_task_runner.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/login/helper.h"
 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
 #include "chrome/browser/chromeos/login/users/affiliation.h"
 #include "chrome/browser/chromeos/login/users/chrome_user_manager_impl.h"
 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h"
 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h"
 #include "chrome/browser/chromeos/policy/wildcard_login_checker.h"
 #include "chrome/browser/lifetime/application_lifetime.h"
 #include "chrome/common/chrome_content_client.h"
+#include "chromeos/chromeos_switches.h"
 #include "components/policy/core/common/cloud/cloud_external_data_manager.h"
 #include "components/policy/core/common/cloud/cloud_policy_refresh_scheduler.h"
 #include "components/policy/core/common/cloud/device_management_service.h"
 #include "components/policy/core/common/cloud/system_policy_request_context.h"
 #include "components/policy/core/common/policy_map.h"
 #include "components/policy/core/common/policy_pref_names.h"
 #include "components/policy/core/common/policy_types.h"
+#include "components/user_manager/user.h"
 #include "components/user_manager/user_manager.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "policy/policy_constants.h"
 #include "url/gurl.h"
 
 namespace em = enterprise_management;
 
 namespace policy {
 
 namespace {
@@ skipping 48 matching lines @@
                          store.get(),
                          task_runner,
                          file_task_runner,
                          io_task_runner),
       store_(std::move(store)),
       external_data_manager_(std::move(external_data_manager)),
       component_policy_cache_path_(component_policy_cache_path),
       wait_for_policy_fetch_(wait_for_policy_fetch),
       policy_fetch_timeout_(false, false) {
   time_init_started_ = base::Time::Now();
-  if (wait_for_policy_fetch_ && !initial_policy_fetch_timeout.is_max()) {
+
+  // Caller should pass a non-zero policy_fetch_timeout iff
+  // |wait_for_policy_fetch| is true.
+  DCHECK_NE(wait_for_policy_fetch_, initial_policy_fetch_timeout.is_zero());
+  allow_failed_policy_fetches_ =
+      base::CommandLine::ForCurrentProcess()->HasSwitch(
+          chromeos::switches::kAllowFailedPolicyFetchForTest) ||
+      !initial_policy_fetch_timeout.is_max();
+  if (wait_for_policy_fetch_ && allow_failed_policy_fetches_) {
     policy_fetch_timeout_.Start(
         FROM_HERE,
         initial_policy_fetch_timeout,
         base::Bind(&UserCloudPolicyManagerChromeOS::OnBlockingFetchTimeout,
                    base::Unretained(this)));
   }
 }
 
 UserCloudPolicyManagerChromeOS::~UserCloudPolicyManagerChromeOS() {}
 
@@ skipping 140 matching lines @@
 
     // If we're blocked on the policy fetch, now is a good time to issue it.
     if (client()->is_registered()) {
       service()->RefreshPolicy(
           base::Bind(
               &UserCloudPolicyManagerChromeOS::OnInitialPolicyFetchComplete,
               base::Unretained(this)));
     } else {
       // If the client has switched to not registered, we bail out as this
       // indicates the cloud policy setup flow has been aborted.
-      CancelWaitForPolicyFetch();
+      CancelWaitForPolicyFetch(true);
     }
   }
 }
 
 void UserCloudPolicyManagerChromeOS::OnClientError(
     CloudPolicyClient* cloud_policy_client) {
   DCHECK_EQ(client(), cloud_policy_client);
   if (wait_for_policy_fetch_) {
     UMA_HISTOGRAM_SPARSE_SLOWLY(kUMAInitialFetchClientError,
                                 cloud_policy_client->status());
   }
-  CancelWaitForPolicyFetch();
+  switch (client()->status()) {
+    case DM_STATUS_SUCCESS:
+    case DM_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED:
+      // If management is not supported for this user, then a registration
+      // error is to be expected.
+      CancelWaitForPolicyFetch(true);
+      break;
+    default:
+      // Unexpected error fetching policy.
+      CancelWaitForPolicyFetch(false);
+      break;
+  }
 }
 
 void UserCloudPolicyManagerChromeOS::OnComponentCloudPolicyUpdated() {
   CloudPolicyManager::OnComponentCloudPolicyUpdated();
   StartRefreshSchedulerIfReady();
 }
 
 void UserCloudPolicyManagerChromeOS::OnStoreLoaded(
     CloudPolicyStore* cloud_policy_store) {
   CloudPolicyManager::OnStoreLoaded(cloud_policy_store);
@@ skipping 61 matching lines @@
   }
 
   if (error.state() == GoogleServiceAuthError::NONE) {
     // Start client registration. Either OnRegistrationStateChanged() or
     // OnClientError() will be called back.
     client()->Register(em::DeviceRegisterRequest::USER,
                        em::DeviceRegisterRequest::FLAVOR_USER_REGISTRATION,
                        policy_token, std::string(), std::string(),
                        std::string());
   } else {
-    // Failed to get a token, stop waiting and use an empty policy.
-    CancelWaitForPolicyFetch();
-
     UMA_HISTOGRAM_ENUMERATION(kUMAInitialFetchOAuth2Error,
                               error.state(),
                               GoogleServiceAuthError::NUM_STATES);
     if (error.state() == GoogleServiceAuthError::CONNECTION_FAILED) {
       // Network errors are negative in the code, but the histogram data type
       // expects the corresponding positive value.
       UMA_HISTOGRAM_SPARSE_SLOWLY(kUMAInitialFetchOAuth2NetworkError,
                                   -error.network_error());
     }
+    // Failed to get a token, stop waiting if policy is not required for this
+    // user.
+    CancelWaitForPolicyFetch(false);
   }
 
   token_fetcher_.reset();
 }
 
 void UserCloudPolicyManagerChromeOS::OnInitialPolicyFetchComplete(
     bool success) {
   const base::Time now = base::Time::Now();
   UMA_HISTOGRAM_MEDIUM_TIMES(kUMAInitialFetchDelayPolicyFetch,
                              now - time_client_registered_);
   UMA_HISTOGRAM_MEDIUM_TIMES(kUMAInitialFetchDelayTotal,
                              now - time_init_started_);
-  CancelWaitForPolicyFetch();
+  CancelWaitForPolicyFetch(success);
 }
 
 void UserCloudPolicyManagerChromeOS::OnBlockingFetchTimeout() {
   if (!wait_for_policy_fetch_)
     return;
-  LOG(WARNING) << "Timed out while waiting for the initial policy fetch. "
-               << "The first session will start without policy.";
-  CancelWaitForPolicyFetch();
+  LOG(WARNING) << "Timed out while waiting for the policy fetch. "
+               << "The session will start with the cached policy.";
+  CancelWaitForPolicyFetch(false);
 }
 
-void UserCloudPolicyManagerChromeOS::CancelWaitForPolicyFetch() {
+void UserCloudPolicyManagerChromeOS::CancelWaitForPolicyFetch(bool success) {
   if (!wait_for_policy_fetch_)
     return;
 
+  policy_fetch_timeout_.Stop();
+
+  // If there was an error, and we don't want to allow profile initialization
+  // to go forward after a failed policy fetch, then just return (profile
+  // initialization will not complete).
+  // TODO(atwilson): Add code to retry policy fetching.
+  if (!success && !allow_failed_policy_fetches_) {
+    LOG(ERROR) << "Policy fetch failed for "
+               << user_manager::UserManager::Get()->GetActiveUser()->email()
+               << " - aborting profile initialization";
+    // Need to exit the current user, because we've already started this user's
+    // session.
+    chrome::AttemptUserExit();
+    return;
+  }
+
   wait_for_policy_fetch_ = false;
-  policy_fetch_timeout_.Stop();
   CheckAndPublishPolicy();
   // Now that |wait_for_policy_fetch_| is guaranteed to be false, the scheduler
   // can be started.
   StartRefreshSchedulerIfReady();
 }
 
 void UserCloudPolicyManagerChromeOS::StartRefreshSchedulerIfReady() {
   if (core()->refresh_scheduler())
     return;  // Already started.
 
@@ skipping 10 matching lines @@
     // OnComponentCloudPolicyUpdated() once it's ready.
     return;
   }
 
   core()->StartRefreshScheduler();
   core()->TrackRefreshDelayPref(local_state_,
                                 policy_prefs::kUserPolicyRefreshRate);
 }
 
 }  // namespace policy