arc: Implement silent OptIn mode for managed Arc.

chrome/browser/chromeos/arc/arc_auth_service.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/arc/arc_auth_service.h"
 
-#include <string>
 #include <utility>
 
 #include "ash/shelf/shelf_delegate.h"
 #include "ash/shell.h"
 #include "base/auto_reset.h"
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/strings/string16.h"
-#include "base/strings/stringprintf.h"
 #include "base/threading/thread_checker.h"
 #include "chrome/browser/chromeos/arc/arc_android_management_checker.h"
+#include "chrome/browser/chromeos/arc/arc_auth_context.h"
 #include "chrome/browser/chromeos/arc/arc_auth_notification.h"
 #include "chrome/browser/chromeos/arc/arc_optin_uma.h"
 #include "chrome/browser/chromeos/arc/arc_support_host.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/extensions/extension_util.h"
 #include "chrome/browser/policy/profile_policy_connector.h"
 #include "chrome/browser/policy/profile_policy_connector_factory.h"
 #include "chrome/browser/prefs/pref_service_syncable_util.h"
 #include "chrome/browser/profiles/profile.h"
-#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
-#include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/ui/app_list/arc/arc_app_launcher.h"
 #include "chrome/browser/ui/app_list/arc/arc_app_utils.h"
 #include "chrome/browser/ui/ash/multi_user/multi_user_util.h"
 #include "chrome/browser/ui/extensions/app_launch_params.h"
 #include "chrome/browser/ui/extensions/application_launch.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/grit/generated_resources.h"
 #include "chromeos/chromeos_switches.h"
 #include "chromeos/cryptohome/cryptohome_parameters.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/session_manager_client.h"
 #include "components/arc/arc_bridge_service.h"
 #include "components/policy/core/browser/browser_policy_connector.h"
 #include "components/pref_registry/pref_registry_syncable.h"
 #include "components/prefs/pref_service.h"
-#include "components/signin/core/browser/profile_oauth2_token_service.h"
-#include "components/signin/core/browser/signin_manager_base.h"
 #include "components/syncable_prefs/pref_service_syncable.h"
 #include "components/user_manager/user.h"
-#include "content/public/browser/storage_partition.h"
-#include "content/public/common/url_constants.h"
 #include "extensions/browser/app_window/app_window_registry.h"
 #include "extensions/browser/extension_prefs.h"
 #include "extensions/browser/extension_registry.h"
-#include "google_apis/gaia/gaia_constants.h"
 #include "ui/base/l10n/l10n_util.h"
 
 namespace arc {
 
 namespace {
 
 // Weak pointer.  This class is owned by ArcServiceManager.
 ArcAuthService* arc_auth_service = nullptr;
 
 base::LazyInstance<base::ThreadChecker> thread_checker =
@@ skipping 267 matching lines @@
 
   // TODO(khmel): Move this to IsAllowedForProfile.
   if (IsArcDisabledForEnterprise() && IsAccountManaged(profile)) {
     VLOG(2) << "Enterprise users are not supported in ARC.";
     return;
   }
 
   PrefServiceSyncableFromProfile(profile_)->AddSyncedPrefObserver(
       prefs::kArcEnabled, this);
 
-  // Reuse storage used in ARC OptIn platform app.
-  const std::string site_url = base::StringPrintf(
-      "%s://%s/persist?%s", content::kGuestScheme, ArcSupportHost::kHostAppId,
-      ArcSupportHost::kStorageId);
-  storage_partition_ = content::BrowserContext::GetStoragePartitionForSite(
-      profile_, GURL(site_url));
-  CHECK(storage_partition_);
-
-  // Get token service and account ID to fetch auth tokens.
-  token_service_ = ProfileOAuth2TokenServiceFactory::GetForProfile(profile_);
-  const SigninManagerBase* const signin_manager =
-      SigninManagerFactory::GetForProfile(profile_);
-  CHECK(token_service_ && signin_manager);
-  account_id_ = signin_manager->GetAuthenticatedAccountId();
+  context_.reset(new ArcAuthContext(this, profile_));
 
   // In case UI is disabled we assume that ARC is opted-in.
   if (!IsOptInVerificationDisabled()) {
     if (!disable_ui_for_testing || enable_check_android_management_for_testing)
       ArcAndroidManagementChecker::StartClient();
     pref_change_registrar_.Init(profile_->GetPrefs());
     pref_change_registrar_.Add(
         prefs::kArcEnabled,
         base::Bind(&ArcAuthService::OnOptInPreferenceChanged,
                    weak_ptr_factory_.GetWeakPtr()));
@@ skipping 29 matching lines @@
 
 void ArcAuthService::Shutdown() {
   ShutdownBridgeAndCloseUI();
   if (profile_) {
     syncable_prefs::PrefServiceSyncable* pref_service_syncable =
         PrefServiceSyncableFromProfile(profile_);
     pref_service_syncable->RemoveObserver(this);
     pref_service_syncable->RemoveSyncedPrefObserver(prefs::kArcEnabled, this);
   }
   pref_change_registrar_.RemoveAll();
+  context_.reset();
   profile_ = nullptr;
-  token_service_ = nullptr;
-  account_id_.clear();
   SetState(State::NOT_INITIALIZED);
 }
 
 void ArcAuthService::ShowUI(UIPage page, const base::string16& status) {
   if (disable_ui_for_testing || IsOptInVerificationDisabled())
     return;
 
   SetUIPage(page, status);
   const extensions::AppWindowRegistry* const app_window_registry =
       extensions::AppWindowRegistry::Get(profile_);
   DCHECK(app_window_registry);
   if (app_window_registry->GetCurrentAppWindowForApp(
           ArcSupportHost::kHostAppId)) {
     return;
   }
 
   const extensions::Extension* extension =
       extensions::ExtensionRegistry::Get(profile_)->GetInstalledExtension(
           ArcSupportHost::kHostAppId);
   CHECK(extension && extensions::util::IsAppLaunchable(
                          ArcSupportHost::kHostAppId, profile_));
 
   OpenApplication(CreateAppLaunchParamsUserContainer(
       profile_, extension, NEW_WINDOW, extensions::SOURCE_CHROME_INTERNAL));
 }
 
-void ArcAuthService::OnMergeSessionSuccess(const std::string& data) {
+void ArcAuthService::OnContextReady() {
   DCHECK(thread_checker.Get().CalledOnValidThread());
 
   DCHECK(!initial_opt_in_);
-  context_prepared_ = true;
   CheckAndroidManagement(false);
 }
 
-void ArcAuthService::OnMergeSessionFailure(
-    const GoogleServiceAuthError& error) {
-  DCHECK(thread_checker.Get().CalledOnValidThread());
-  VLOG(2) << "Failed to merge gaia session " << error.ToString() << ".";
-  OnPrepareContextFailed();
-}
-
-void ArcAuthService::OnUbertokenSuccess(const std::string& token) {
-  DCHECK(thread_checker.Get().CalledOnValidThread());
-  merger_fetcher_.reset(
-      new GaiaAuthFetcher(this, GaiaConstants::kChromeOSSource,
-                          storage_partition_->GetURLRequestContext()));
-  merger_fetcher_->StartMergeSession(token, std::string());
-}
-
-void ArcAuthService::OnUbertokenFailure(const GoogleServiceAuthError& error) {
-  DCHECK(thread_checker.Get().CalledOnValidThread());
-  VLOG(2) << "Failed to get ubertoken " << error.ToString() << ".";
-  OnPrepareContextFailed();
-}
-
 void ArcAuthService::OnSyncedPrefChanged(const std::string& path,
                                          bool from_sync) {
   DCHECK(thread_checker.Get().CalledOnValidThread());
 
   // Update UMA only for local changes
   if (!from_sync) {
     const bool arc_enabled =
         profile_->GetPrefs()->GetBoolean(prefs::kArcEnabled);
     UpdateOptInActionUMA(arc_enabled ? OptInActionType::OPTED_IN
                                      : OptInActionType::OPTED_OUT);
@@ skipping 40 matching lines @@
       StartArc();
     }
   }
 
   UpdateEnabledStateUMA(true);
 }
 
 void ArcAuthService::ShutdownBridge() {
   playstore_launcher_.reset();
   auth_callback_.Reset();
-  ubertoken_fetcher_.reset();
-  merger_fetcher_.reset();
   android_management_checker_.reset();
   arc_bridge_service()->Shutdown();
   if (state_ != State::NOT_INITIALIZED)
     SetState(State::STOPPED);
   FOR_EACH_OBSERVER(Observer, observer_list_, OnShutdownBridge());
 }
 
 void ArcAuthService::ShutdownBridgeAndCloseUI() {
   ShutdownBridge();
   CloseUI();
@@ skipping 112 matching lines @@
   DCHECK(profile_);
   profile_->GetPrefs()->SetBoolean(prefs::kArcEnabled, true);
 }
 
 void ArcAuthService::DisableArc() {
   DCHECK(thread_checker.Get().CalledOnValidThread());
   DCHECK(profile_);
   profile_->GetPrefs()->SetBoolean(prefs::kArcEnabled, false);
 }
 
-void ArcAuthService::PrepareContext() {
-  DCHECK(thread_checker.Get().CalledOnValidThread());
-
-  ubertoken_fetcher_.reset(
-      new UbertokenFetcher(token_service_, this, GaiaConstants::kChromeOSSource,
-                           storage_partition_->GetURLRequestContext()));
-  ubertoken_fetcher_->StartFetchingToken(account_id_);
-}
-
 void ArcAuthService::StartUI() {
   DCHECK(thread_checker.Get().CalledOnValidThread());
 
   SetState(State::FETCHING_CODE);
 
   if (initial_opt_in_) {
     initial_opt_in_ = false;
-    ShowUI(UIPage::START, base::string16());
-  } else if (context_prepared_) {
-    CheckAndroidManagement(false);
+    if (IsArcManaged())
+      context_->PrepareContext();
+    else
+      ShowUI(UIPage::START, base::string16());
   } else {
-    PrepareContext();
+    context_->PrepareContext();
   }
 }
 
 void ArcAuthService::OnPrepareContextFailed() {
   DCHECK_EQ(state_, State::FETCHING_CODE);
 
   ShutdownBridgeAndShowUI(
       UIPage::ERROR,
       l10n_util::GetStringUTF16(IDS_ARC_SERVER_COMMUNICATION_ERROR));
   UpdateOptInCancelUMA(OptInCancelReason::NETWORK_ERROR);
 }
 
-void ArcAuthService::CheckAndroidManagement(bool backround_mode) {
+void ArcAuthService::CheckAndroidManagement(bool background_mode) {
   // Do not send requests for Chrome OS managed users.
   if (IsAccountManaged(profile_)) {
     StartArcIfSignedIn();
     return;
   }
 
   // Do not send requests for well-known consumer domains.
   if (policy::BrowserPolicyConnector::IsNonEnterpriseUser(
           profile_->GetProfileUserName())) {
     StartArcIfSignedIn();
     return;
   }
 
-  android_management_checker_.reset(new ArcAndroidManagementChecker(
-      this, token_service_, account_id_, backround_mode));
-  if (backround_mode)
+  android_management_checker_.reset(
+      new ArcAndroidManagementChecker(this, context_->token_service(),
+                                      context_->account_id(), background_mode));
+  if (background_mode)
     StartArcIfSignedIn();
 }
 
 void ArcAuthService::OnAndroidManagementChecked(
     policy::AndroidManagementClient::Result result) {
   switch (result) {
     case policy::AndroidManagementClient::Result::RESULT_UNMANAGED:
       StartArcIfSignedIn();
       break;
     case policy::AndroidManagementClient::Result::RESULT_MANAGED:
@@ skipping 38 matching lines @@
       return os << kStateFetchingCode;
     case ArcAuthService::State::ACTIVE:
       return os << kStateActive;
     default:
       NOTREACHED();
       return os;
   }
 }
 
 }  // namespace arc