Add CheckAndroidManagement to ARC sign-in flow.

chrome/browser/chromeos/arc/arc_auth_service.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/arc/arc_auth_service.h"
 
 #include <utility>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/command_line.h"
 #include "base/lazy_instance.h"
 #include "base/strings/stringprintf.h"
 #include "base/threading/thread_checker.h"
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/arc/arc_auth_notification.h"
 #include "chrome/browser/chromeos/arc/arc_optin_uma.h"
+#include "chrome/browser/chromeos/policy/android_management_client.h"
+#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/extensions/extension_util.h"
 #include "chrome/browser/policy/profile_policy_connector.h"
 #include "chrome/browser/policy/profile_policy_connector_factory.h"
 #include "chrome/browser/prefs/pref_service_syncable_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/ui/extensions/app_launch_params.h"
 #include "chrome/browser/ui/extensions/application_launch.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/grit/generated_resources.h"
 #include "chromeos/chromeos_switches.h"
 #include "components/arc/arc_bridge_service.h"
+#include "components/policy/core/browser/browser_policy_connector.h"
+#include "components/policy/core/common/cloud/device_management_service.h"
 #include "components/pref_registry/pref_registry_syncable.h"
 #include "components/prefs/pref_service.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_manager_base.h"
 #include "components/syncable_prefs/pref_service_syncable.h"
 #include "components/user_manager/user.h"
 #include "content/public/browser/storage_partition.h"
 #include "content/public/common/url_constants.h"
 #include "extensions/browser/app_window/app_window_registry.h"
 #include "extensions/browser/extension_prefs.h"
@@ skipping 183 matching lines @@
       prefs::kArcEnabled, this);
 
   // Reuse storage used in ARC OptIn platform app.
   const std::string site_url =
       base::StringPrintf("%s://%s/persist?%s", content::kGuestScheme,
                          kArcSupportExtensionId, kArcSupportStorageId);
   storage_partition_ = content::BrowserContext::GetStoragePartitionForSite(
       profile_, GURL(site_url));
   CHECK(storage_partition_);
 
+  StartAndroidManagementClient();
+
   // In case UI is disabled we assume that ARC is opted-in.
   if (!IsOptInVerificationDisabled()) {
     pref_change_registrar_.Init(profile_->GetPrefs());
     pref_change_registrar_.Add(
         prefs::kArcEnabled,
         base::Bind(&ArcAuthService::OnOptInPreferenceChanged,
                    base::Unretained(this)));
     if (profile_->GetPrefs()->GetBoolean(prefs::kArcEnabled)) {
       OnOptInPreferenceChanged();
     } else {
@@ skipping 54 matching lines @@
         extensions::util::IsAppLaunchable(kArcSupportExtensionId, profile_));
 
   OpenApplication(CreateAppLaunchParamsUserContainer(
       profile_, extension, NEW_WINDOW, extensions::SOURCE_CHROME_INTERNAL));
 }
 
 void ArcAuthService::OnMergeSessionSuccess(const std::string& data) {
   DCHECK(thread_checker.Get().CalledOnValidThread());
 
   DCHECK(!initial_opt_in_);
-  context_prepared_ = true;
   ShowUI(UIPage::LSO_PROGRESS, base::string16());
+  CheckAndroidManagement();
 }
 
 void ArcAuthService::OnMergeSessionFailure(
     const GoogleServiceAuthError& error) {
   DCHECK(thread_checker.Get().CalledOnValidThread());
   VLOG(2) << "Failed to merge gaia session " << error.ToString() << ".";
   OnPrepareContextFailed();
 }
 
 void ArcAuthService::OnUbertokenSuccess(const std::string& token) {
   DCHECK(thread_checker.Get().CalledOnValidThread());
   merger_fetcher_.reset(
       new GaiaAuthFetcher(this, GaiaConstants::kChromeOSSource,
                           storage_partition_->GetURLRequestContext()));
+  auth_token_ = token;
   merger_fetcher_->StartMergeSession(token, std::string());
 }
 
 void ArcAuthService::OnUbertokenFailure(const GoogleServiceAuthError& error) {
   DCHECK(thread_checker.Get().CalledOnValidThread());
   VLOG(2) << "Failed to get ubertoken " << error.ToString() << ".";
   OnPrepareContextFailed();
 }
 
 void ArcAuthService::OnSyncedPrefChanged(const std::string& path,
@@ skipping 15 matching lines @@
   if (profile_->GetPrefs()->GetBoolean(prefs::kArcEnabled)) {
     if (state_ != State::ACTIVE) {
       CloseUI();
       auth_code_.clear();
 
       if (!profile_->GetPrefs()->GetBoolean(prefs::kArcSignedIn)) {
         // Need pre-fetch auth code and show OptIn UI if needed.
         initial_opt_in_ = true;
         StartUI();
       } else {
-        // Ready to start Arc.
-        StartArc();
+        // Ready to start Arc, but check android management first.
+        CheckAndroidManagement();
       }
 
       UpdateEnabledStateUMA(true);
     }
   } else {
     if (state_ != State::STOPPED)
       UpdateEnabledStateUMA(false);
     ShutdownBridgeAndCloseUI();
   }
 }
@@ skipping 77 matching lines @@
   if (ui_page_ == UIPage::ERROR)
     UpdateOptInActionUMA(OptInActionType::RETRY);
 
   initial_opt_in_ = false;
   StartUI();
 }
 
 void ArcAuthService::CancelAuthCode() {
   DCHECK(thread_checker.Get().CalledOnValidThread());
 
-  if (state_ != State::FETCHING_CODE)
-    return;
-
   // Update UMA with user cancel only if error is not currently shown.
   if (ui_page_ != UIPage::ERROR && ui_page_ != UIPage::NO_PAGE)
     UpdateOptInCancelUMA(OptInCancelReason::USER_CANCEL);
 
   DisableArc();
 }
 
 void ArcAuthService::EnableArc() {
   DCHECK(thread_checker.Get().CalledOnValidThread());
   profile_->GetPrefs()->SetBoolean(prefs::kArcEnabled, true);
@@ skipping 37 matching lines @@
 
 void ArcAuthService::OnPrepareContextFailed() {
   DCHECK_EQ(state_, State::FETCHING_CODE);
 
   ShutdownBridgeAndShowUI(
       UIPage::ERROR,
       l10n_util::GetStringUTF16(IDS_ARC_SERVER_COMMUNICATION_ERROR));
   UpdateOptInCancelUMA(OptInCancelReason::NETWORK_ERROR);
 }
 
+void ArcAuthService::StartAndroidManagementClient() {
+  policy::BrowserPolicyConnectorChromeOS* connector =

[bartfab (slow), 2016/04/18 15:06:14]

Nit: const pointer.

[Polina Bondarenko, 2016/04/20 13:37:45]

Done.

+      g_browser_process->platform_part()->browser_policy_connector_chromeos();

[bartfab (slow), 2016/04/18 15:06:15]

Nit: #include "chrome/browser/browser_process_platform_part.h"

[Polina Bondarenko, 2016/04/20 13:37:45]

Done.

+  policy::DeviceManagementService* service =

[bartfab (slow), 2016/04/18 15:06:14]

Nit: const pointer.

[Polina Bondarenko, 2016/04/20 13:37:45]

Done.

+      connector->device_management_service();
+  service->ScheduleInitialization(0);
+  android_management_client_.reset(new policy::AndroidManagementClient(
+      service, g_browser_process->system_request_context()));
+}
+
+void ArcAuthService::CheckAndroidManagement() {
+  // No need to check Android management for Chrome OS managed users.

[bartfab (slow), 2016/04/18 15:06:15]

Nit: Not just no need - you are only supposed to ping the server for unmanaged
CrOS users.

[Polina Bondarenko, 2016/04/20 13:37:45]

Done.

+  if (policy::ProfilePolicyConnectorFactory::GetForBrowserContext(profile_)

[bartfab (slow), 2016/04/18 15:06:15]

Nit: #include "chrome/browser/policy/profile_policy_connector_factory.h"

[Polina Bondarenko, 2016/04/20 13:37:45]

Done.

+          ->IsManaged()) {

[bartfab (slow), 2016/04/18 15:06:15]

Nit: Indent.

[Polina Bondarenko, 2016/04/20 13:37:45]

Done.

+    OnAndroidManagementChecked(true);
+    return;
+  }
+
+  // No need to check Android management for well-known consumer domains.
+  if (policy::BrowserPolicyConnector::IsNonEnterpriseUser(
+          profile_->GetProfileUserName())) {

[bartfab (slow), 2016/04/18 15:06:14]

Nit: Indent.

[Polina Bondarenko, 2016/04/20 13:37:44]

Done.

+    OnAndroidManagementChecked(true);
+    return;
+  }
+
+  android_management_client_->CheckAndroidManagement(
+      auth_token_, base::Bind(&ArcAuthService::OnAndroidManagementChecked,
+                              base::Unretained(this)));
+}
+
+void ArcAuthService::OnAndroidManagementChecked(bool success) {
+  if (success) {
+    context_prepared_ = true;
+    if (!profile_->GetPrefs()->GetBoolean(prefs::kArcSignedIn))
+      ShowUI(UIPage::LSO, base::string16());

[bartfab (slow), 2016/04/18 15:06:15]

Nit: #include "base/strings/string16.h"

[Polina Bondarenko, 2016/04/20 13:37:45]

Done.

+    else
+      StartArc();
+  } else {
+    ShutdownBridgeAndShowUI(
+        UIPage::ERROR,
+        l10n_util::GetStringUTF16(IDS_ARC_ANDROID_MANAGEMENT_ENABLED_ERROR));
+    UpdateOptInCancelUMA(OptInCancelReason::ANDROID_MANAGEMENT_ENABLED);
+  }
+}
+
 std::ostream& operator<<(std::ostream& os, const ArcAuthService::State& state) {
   switch (state) {
     case ArcAuthService::State::STOPPED:
       return os << kStateStopped;
     case ArcAuthService::State::FETCHING_CODE:
       return os << kStateFetchingCode;
     case ArcAuthService::State::ACTIVE:
       return os << kStateActive;
     default:
       NOTREACHED();
       return os;
   }
 }
 
 }  // namespace arc