Chromium Code Reviews Chromium Code Reviews
Issue 2478173003:
Lock profile before sign in when force sign in is enabled. (Closed)
| Index: chrome/browser/ui/webui/signin/inline_login_handler_impl.cc |
| diff --git a/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc b/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc |
| index c3788122f796079a335bc0af6cb8a0a53b1bb4fc..8c70586fd506dc96e6f7989b0ba71c095a7185cd 100644 |
| --- a/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc |
| +++ b/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc |
| @@ -234,12 +234,40 @@ void CloseModalSigninIfNeeded(InlineLoginHandlerImpl* handler) { |
| } |
| } |
| +void HideUserManager(const base::FilePath profile_path, |
|
anthonyvd
2016/11/04 21:31:02
This function does a lot more than just closing th
zmin
2016/11/04 22:11:53
How about UnlockProfileAndHideLoginUI?
I also rem
|
| + InlineLoginHandlerImpl* handler, |
| + Profile* profile, |
| + Profile::CreateStatus status) { |
| + ProfileManager* profile_manager = g_browser_process->profile_manager(); |
| + if (profile_manager) { |
| + ProfileAttributesEntry* entry; |
| + if (profile_manager->GetProfileAttributesStorage() |
| + .GetProfileAttributesWithPath(profile_path, &entry)) { |
| + entry->SetIsSigninRequired(false); |
| + } |
| + } |
| + if (handler) |
| + handler->web_ui()->CallJavascriptFunctionUnsafe("inline.login.closeDialog"); |
| + UserManager::Hide(); |
| +} |
| + |
| +bool IsCrossAccountError(Profile* profile, |
| + const std::string& email, |
| + const std::string& gaia_id) { |
| + InvestigatorDependencyProvider provider(profile); |
| + InvestigatedScenario scenario = |
| + SigninInvestigator(email, gaia_id, &provider).Investigate(); |
| + |
| + return scenario == InvestigatedScenario::DIFFERENT_ACCOUNT; |
| +} |
| + |
| } // namespace |
| InlineSigninHelper::InlineSigninHelper( |
| base::WeakPtr<InlineLoginHandlerImpl> handler, |
| net::URLRequestContextGetter* getter, |
| Profile* profile, |
| + Profile::CreateStatus create_status, |
| const GURL& current_url, |
| const std::string& email, |
| const std::string& gaia_id, |
| @@ -252,6 +280,7 @@ InlineSigninHelper::InlineSigninHelper( |
| : gaia_auth_fetcher_(this, GaiaConstants::kChromeSource, getter), |
| handler_(handler), |
| profile_(profile), |
| + create_status_(create_status), |
| current_url_(current_url), |
| email_(email), |
| gaia_id_(gaia_id), |
| @@ -275,6 +304,22 @@ InlineSigninHelper::InlineSigninHelper( |
| InlineSigninHelper::~InlineSigninHelper() {} |
| void InlineSigninHelper::OnClientOAuthSuccess(const ClientOAuthResult& result) { |
| + if (signin::IsForceSigninEnabled()) { |
| + // With force sign in enabled, the browser window won't be opened until now. |
| + profiles::OpenBrowserWindowForProfile( |
| + base::Bind(&InlineSigninHelper::OnClientOAuthSuccessAndBrowserOpened, |
| + base::Unretained(this), result), |
| + true, false, profile_, create_status_); |
| + } else { |
| + OnClientOAuthSuccessAndBrowserOpened(result, profile_, create_status_); |
| + } |
| +} |
| + |
| +void InlineSigninHelper::OnClientOAuthSuccessAndBrowserOpened( |
| + const ClientOAuthResult& result, |
| + Profile* profile, |
| + Profile::CreateStatus status) { |
| + HideUserManager(profile_->GetPath(), handler_.get(), profile, status); |
| content::WebContents* contents = NULL; |
| Browser* browser = NULL; |
| if (handler_) { |
| @@ -381,17 +426,17 @@ bool InlineSigninHelper::HandleCrossAccountError( |
| const std::string& refresh_token, |
| OneClickSigninSyncStarter::ConfirmationRequired confirmation_required, |
| OneClickSigninSyncStarter::StartSyncMode start_mode) { |
| + // With force sign in enabled, cross account sign in will be rejected in the |
| + // early stage so there is no need to show the warning page here. |
| + if (signin::IsForceSigninEnabled()) |
| + return false; |
| + |
| std::string last_email = |
| profile_->GetPrefs()->GetString(prefs::kGoogleServicesLastUsername); |
| - InvestigatorDependencyProvider provider(profile_); |
| - InvestigatedScenario scenario = |
| - SigninInvestigator(email_, gaia_id_, &provider).Investigate(); |
| - |
| // TODO(skym): Warn for high risk upgrade scenario, crbug.com/572754. |
| - if (scenario != InvestigatedScenario::DIFFERENT_ACCOUNT) { |
| + if (!IsCrossAccountError(profile_, email_, gaia_id_)) |
| return false; |
| - } |
| Browser* browser = chrome::FindLastActiveWithProfile(profile_); |
| content::WebContents* web_contents = |
| @@ -574,6 +619,18 @@ bool InlineLoginHandlerImpl::CanOffer(Profile* profile, |
| } |
| } |
| } |
| + |
| + // With force sign in enabled, cross account sign in is not allowed. |
| + if (signin::IsForceSigninEnabled() && |
| + IsCrossAccountError(profile, email, gaia_id)) { |
| + if (error_message) { |
| + std::string last_email = |
| + profile->GetPrefs()->GetString(prefs::kGoogleServicesLastUsername); |
| + error_message->assign(l10n_util::GetStringFUTF8( |
| + IDS_SYNC_USED_PROFILE_ERROR, base::UTF8ToUTF16(last_email))); |
| + } |
| + return false; |
| + } |
| } |
| return true; |
| @@ -691,6 +748,9 @@ void InlineLoginHandlerImpl::CompleteLogin(const base::ListValue* args) { |
| if (IsSystemProfile(profile)) { |
| ProfileManager* manager = g_browser_process->profile_manager(); |
| base::FilePath path = profiles::GetPathOfProfileWithEmail(manager, email); |
| + if (path.empty()) { |
| + path = UserManager::GetSigninProfilePath(); |
| + } |
| if (!path.empty()) { |
| signin_metrics::Reason reason = |
| signin::GetSigninReasonForPromoURL(current_url); |
| @@ -708,14 +768,23 @@ void InlineLoginHandlerImpl::CompleteLogin(const base::ListValue* args) { |
| // Otherwise, switch to the profile and finish the login. Pass the |
| // profile path so it can be marked as unlocked. Don't pass a handler |
| // pointer since it will be destroyed before the callback runs. |
| - FinishCompleteLoginParams params(nullptr, partition, current_url, path, |
| + bool is_force_signin_enabled = signin::IsForceSigninEnabled(); |
| + InlineLoginHandlerImpl* handler = nullptr; |
| + if (is_force_signin_enabled) |
| + handler = this; |
| + FinishCompleteLoginParams params(handler, partition, current_url, path, |
| confirm_untrusted_signin_, email, |
| gaia_id, password, session_index, |
| auth_code, choose_what_to_sync); |
| ProfileManager::CreateCallback callback = |
| base::Bind(&InlineLoginHandlerImpl::FinishCompleteLogin, params); |
| - profiles::SwitchToProfile(path, true, callback, |
| - ProfileMetrics::SWITCH_PROFILE_UNLOCK); |
| + if (is_force_signin_enabled) { |
| + // Browser window will be opened after ClientOAuthSuccess. |
| + profiles::LoadProfileAsync(path, callback); |
| + } else { |
| + profiles::SwitchToProfile(path, true, callback, |
| + ProfileMetrics::SWITCH_PROFILE_UNLOCK); |
| + } |
| } |
| } |
| } else { |
| @@ -773,7 +842,7 @@ void InlineLoginHandlerImpl::FinishCompleteLogin( |
| if (net::GetValueForKeyInQuery(params.url, "email", &default_email) && |
| net::GetValueForKeyInQuery(params.url, "validateEmail", |
| &validate_email) && |
| - validate_email == "1") { |
| + validate_email == "1" && !default_email.empty()) { |
| if (!gaia::AreEmailsSame(params.email, default_email)) { |
| if (params.handler) { |
| params.handler->HandleLoginError( |
| @@ -841,32 +910,17 @@ void InlineLoginHandlerImpl::FinishCompleteLogin( |
| handler_weak_ptr = params.handler->GetWeakPtr(); |
| // InlineSigninHelper will delete itself. |
| - new InlineSigninHelper(handler_weak_ptr, |
| - params.partition->GetURLRequestContext(), profile, |
| - params.url, |
| - params.email, params.gaia_id, params.password, |
| - params.session_index, params.auth_code, |
| - signin_scoped_device_id, |
| - params.choose_what_to_sync, |
| - params.confirm_untrusted_signin); |
| + new InlineSigninHelper( |
| + handler_weak_ptr, params.partition->GetURLRequestContext(), profile, |
| + status, params.url, params.email, params.gaia_id, params.password, |
| + params.session_index, params.auth_code, signin_scoped_device_id, |
| + params.choose_what_to_sync, params.confirm_untrusted_signin); |
| // If opened from user manager to unlock a profile, make sure the user manager |
| // is closed and that the profile is marked as unlocked. |
| - if (!params.profile_path.empty()) { |
| - UserManager::Hide(); |
| - ProfileManager* profile_manager = g_browser_process->profile_manager(); |
| - if (profile_manager) { |
| - ProfileAttributesEntry* entry; |
| - if (profile_manager->GetProfileAttributesStorage() |
| - .GetProfileAttributesWithPath(params.profile_path, &entry)) { |
| - entry->SetIsSigninRequired(false); |
| - } |
| - } |
| + if (!params.profile_path.empty() && !signin::IsForceSigninEnabled()) { |
| + HideUserManager(params.profile_path, params.handler, profile, status); |
| } |
| - |
| - if (params.handler) |
| - params.handler->web_ui()->CallJavascriptFunctionUnsafe( |
| - "inline.login.closeDialog"); |
| } |
| void InlineLoginHandlerImpl::HandleLoginError(const std::string& error_msg, |
| @@ -875,8 +929,11 @@ void InlineLoginHandlerImpl::HandleLoginError(const std::string& error_msg, |
| Browser* browser = GetDesktopBrowser(); |
| Profile* profile = Profile::FromWebUI(web_ui()); |
| + if (IsSystemProfile(profile)) |
| + profile = g_browser_process->profile_manager()->GetProfileByPath( |
| + UserManager::GetSigninProfilePath()); |
| CloseModalSigninIfNeeded(this); |
| - if (browser && !error_msg.empty()) { |
| + if (!error_msg.empty()) { |
| LoginUIServiceFactory::GetForProfile(profile)->DisplayLoginResult( |
| browser, base::UTF8ToUTF16(error_msg), email); |
| } |
