Implement auto-login for ARC kiosk.

chrome/browser/chromeos/login/existing_user_controller.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/existing_user_controller.h"
 
 #include <memory>
 #include <vector>
 
 #include "base/bind.h"
@@ skipping 191 matching lines @@
       kAccountsPrefSupervisedUsersEnabled,
       base::Bind(&ExistingUserController::DeviceSettingsChanged,
                  base::Unretained(this)));
   users_subscription_ = cros_settings_->AddSettingsObserver(
       kAccountsPrefUsers,
       base::Bind(&ExistingUserController::DeviceSettingsChanged,
                  base::Unretained(this)));
   local_account_auto_login_id_subscription_ =
       cros_settings_->AddSettingsObserver(
           kAccountsPrefDeviceLocalAccountAutoLoginId,
-          base::Bind(&ExistingUserController::ConfigurePublicSessionAutoLogin,
+          base::Bind(&ExistingUserController::ConfigureAutoLogin,
                      base::Unretained(this)));
   local_account_auto_login_delay_subscription_ =
       cros_settings_->AddSettingsObserver(
           kAccountsPrefDeviceLocalAccountAutoLoginDelay,
-          base::Bind(&ExistingUserController::ConfigurePublicSessionAutoLogin,
+          base::Bind(&ExistingUserController::ConfigureAutoLogin,
                      base::Unretained(this)));
 }
 
 void ExistingUserController::Init(const user_manager::UserList& users) {
   time_init_ = base::Time::Now();
   UpdateLoginDisplay(users);
-  ConfigurePublicSessionAutoLogin();
+  ConfigureAutoLogin();
 }
 
 void ExistingUserController::UpdateLoginDisplay(
     const user_manager::UserList& users) {
   bool show_users_on_signin;
   user_manager::UserList filtered_users;
 
   cros_settings_->GetBoolean(kAccountsPrefShowUserNamesOnSignIn,
                              &show_users_on_signin);
   for (auto* user : users) {
@@ skipping 80 matching lines @@
     content::BrowserThread::PostDelayedTask(
         content::BrowserThread::IO, FROM_HERE,
         base::Bind(&TransferContextAuthenticationsOnIOThread,
                    base::RetainedRef(signin_profile_context_getter),
                    base::RetainedRef(browser_process_context_getter)),
         base::TimeDelta::FromMilliseconds(kAuthCacheTransferDelayMs));
   }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
+// ExistingUserController, ArcKioskAppManager::ArcKioskAppManagerObserver
+// implementation:
+//
+
+void ExistingUserController::OnArcKioskAppsChanged() {
+  ConfigureAutoLogin();
+}
+////////////////////////////////////////////////////////////////////////////////
 // ExistingUserController, private:
 
 ExistingUserController::~ExistingUserController() {
   UserSessionManager::GetInstance()->DelegateDeleted(this);
 
   if (current_controller_ == this) {
     current_controller_ = nullptr;
   } else {
     NOTREACHED() << "More than one controller are alive.";
   }
   DCHECK(login_display_.get());
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // ExistingUserController, LoginDisplay::Delegate implementation:
 //
 
 void ExistingUserController::CancelPasswordChangedFlow() {
   login_performer_.reset(nullptr);
-  PerformLoginFinishedActions(true /* start public session timer */);
+  PerformLoginFinishedActions(true /* start auto login timer */);
 }
 
 void ExistingUserController::CompleteLogin(const UserContext& user_context) {
   if (!host_) {
     // Complete login event was generated already from UI. Ignore notification.
     return;
   }
 
   if (is_login_in_progress_)
     return;
@@ skipping 72 matching lines @@
 
 void ExistingUserController::MigrateUserData(const std::string& old_password) {
   // LoginPerformer instance has state of the user so it should exist.
   if (login_performer_.get()) {
     VLOG(1) << "Migrate the existing cryptohome to new password.";
     login_performer_->RecoverEncryptedData(old_password);
   }
 }
 
 void ExistingUserController::OnSigninScreenReady() {
-  signin_screen_ready_ = true;
-  StartPublicSessionAutoLoginTimer();
+  auto_launch_ready_ = true;
+  StartAutoLoginTimer();

[Nikita (slow), 2016/11/18 17:09:35]

Both OnGaiaScreenReady and OnSigninScreenReady() may be called.
Please put a guard in place in StartAutoLoginTimer(), smth like

if (auto_login_timer_ && auto_login_timer_->IsRunning())
  StopAutoLoginTimer();

[Sergey Poromov, 2016/11/18 18:56:11]

Done.

+}
+
+void ExistingUserController::OnGaiaScreenReady() {
+  auto_launch_ready_ = true;
+  StartAutoLoginTimer();
 }
 
 void ExistingUserController::OnStartEnterpriseEnrollment() {
   if (KioskAppManager::Get()->IsConsumerKioskDeviceWithAutoLaunch()) {
     LOG(WARNING) << "Enterprise enrollment is not available after kiosk auto "
                     "launch is set.";
     return;
   }
 
   DeviceSettingsService::Get()->GetOwnershipStatusAsync(
@@ skipping 119 matching lines @@
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // ExistingUserController, LoginPerformer::Delegate implementation:
 //
 
 void ExistingUserController::OnAuthFailure(const AuthFailure& failure) {
   guest_mode_url_ = GURL::EmptyGURL();
   std::string error = failure.GetErrorString();
 
-  PerformLoginFinishedActions(false /* don't start public session timer */);
+  PerformLoginFinishedActions(false /* don't start auto login timer */);
 
   if (ChromeUserManager::Get()
           ->GetUserFlow(last_login_attempt_account_id_)
           ->HandleLoginFailure(failure)) {
     return;
   }
 
   if (failure.reason() == AuthFailure::OWNER_REQUIRED) {
     ShowError(IDS_LOGIN_ERROR_OWNER_REQUIRED, error);
     content::BrowserThread::PostDelayedTask(
         content::BrowserThread::UI, FROM_HERE,
         base::Bind(&SessionManagerClient::StopSession,
                    base::Unretained(DBusThreadManager::Get()->
                                     GetSessionManagerClient())),
         base::TimeDelta::FromMilliseconds(kSafeModeRestartUiDelayMs));
   } else if (failure.reason() == AuthFailure::TPM_ERROR) {
     ShowTPMError();
   } else if (last_login_attempt_account_id_ == user_manager::GuestAccountId()) {
     // Show no errors, just re-enable input.
     login_display_->ClearAndEnablePassword();
-    StartPublicSessionAutoLoginTimer();
+    StartAutoLoginTimer();
   } else {
     // Check networking after trying to login in case user is
     // cached locally or the local admin account.
     const bool is_known_user = user_manager::UserManager::Get()->IsKnownUser(
         last_login_attempt_account_id_);
     if (!network_state_helper_->IsConnected()) {
       if (is_known_user)
         ShowError(IDS_LOGIN_ERROR_AUTHENTICATING, error);
       else
         ShowError(IDS_LOGIN_ERROR_OFFLINE_FAILED_NETWORK_NOT_CONNECTED, error);
     } else {
       // TODO(nkostylev): Cleanup rest of ClientLogin related code.
       if (!is_known_user)
         ShowError(IDS_LOGIN_ERROR_AUTHENTICATING_NEW, error);
       else
         ShowError(IDS_LOGIN_ERROR_AUTHENTICATING, error);
     }
     if (auth_flow_offline_)
       UMA_HISTOGRAM_BOOLEAN("Login.OfflineFailure.IsKnownUser", is_known_user);
 
     login_display_->ClearAndEnablePassword();
-    StartPublicSessionAutoLoginTimer();
+    StartAutoLoginTimer();
   }
 
   // Reset user flow to default, so that special flow will not affect next
   // attempt.
   ChromeUserManager::Get()->ResetUserFlow(last_login_attempt_account_id_);
 
   if (auth_status_consumer_)
     auth_status_consumer_->OnAuthFailure(failure);
 
   // Clear the recorded displayed email so it won't affect any future attempts.
@@ skipping 14 matching lines @@
 
   // Login performer will be gone so cache this value to use
   // once profile is loaded.
   password_changed_ = login_performer_->password_changed();
   auth_mode_ = login_performer_->auth_mode();
 
   ChromeUserManager::Get()
       ->GetUserFlow(user_context.GetAccountId())
       ->HandleLoginSuccess(user_context);
 
-  StopPublicSessionAutoLoginTimer();
+  StopAutoLoginTimer();
 
   // Truth table of |has_auth_cookies|:
   //                          Regular        SAML
   //  /ServiceLogin              T            T
   //  /ChromeOsEmbeddedSetup     F            T
   //  Bootstrap experiment       F            N/A
   const bool has_auth_cookies =
       login_performer_->auth_mode() == LoginPerformer::AUTH_MODE_EXTENSION &&
       (user_context.GetAccessToken().empty() ||
        user_context.GetAuthFlow() == UserContext::AUTH_FLOW_GAIA_WITH_SAML) &&
@@ skipping 86 matching lines @@
           base::Bind(&ExistingUserController::OnTokenHandleChecked,
                      weak_factory_.GetWeakPtr()));
       return;
     }
   }
 
   ShowPasswordChangedDialog();
 }
 
 void ExistingUserController::WhiteListCheckFailed(const std::string& email) {
-  PerformLoginFinishedActions(true /* start public session timer */);
+  PerformLoginFinishedActions(true /* start auto login timer */);
 
   login_display_->ShowWhitelistCheckFailedError();
 
   if (auth_status_consumer_) {
     auth_status_consumer_->OnAuthFailure(
         AuthFailure(AuthFailure::WHITELIST_CHECK_FAILED));
   }
 
   display_email_.clear();
 }
 
 void ExistingUserController::PolicyLoadFailed() {
   ShowError(IDS_LOGIN_ERROR_OWNER_KEY_LOST, "");
 
-  PerformLoginFinishedActions(false /* don't start public session timer */);
+  PerformLoginFinishedActions(false /* don't start auto login timer */);
   display_email_.clear();
 }
 
 void ExistingUserController::SetAuthFlowOffline(bool offline) {
   auth_flow_offline_ = offline;
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // ExistingUserController, private:
 
 void ExistingUserController::DeviceSettingsChanged() {
   // If login was already completed, we should avoid any signin screen
   // transitions, see http://crbug.com/461604 for example.
   if (host_ != nullptr && !login_display_->is_signin_completed()) {
     // Signed settings or user list changed. Notify views and update them.
     UpdateLoginDisplay(user_manager::UserManager::Get()->GetUsers());
-    ConfigurePublicSessionAutoLogin();
+    ConfigureAutoLogin();
   }
 }
 
 LoginPerformer::AuthorizationMode ExistingUserController::auth_mode() const {
   if (login_performer_)
     return login_performer_->auth_mode();
 
   return auth_mode_;
 }
 
 bool ExistingUserController::password_changed() const {
   if (login_performer_)
     return login_performer_->password_changed();
 
   return password_changed_;
 }
 
 void ExistingUserController::LoginAsGuest() {
   PerformPreLoginActions(UserContext(user_manager::USER_TYPE_GUEST,
                                      user_manager::GuestAccountId()));
 
   bool allow_guest;
   cros_settings_->GetBoolean(kAccountsPrefAllowGuest, &allow_guest);
   if (!allow_guest) {
     // Disallowed. The UI should normally not show the guest session button.
     LOG(ERROR) << "Guest login attempt when guest mode is disallowed.";
-    PerformLoginFinishedActions(true /* start public session timer */);
+    PerformLoginFinishedActions(true /* start auto login timer */);
     display_email_.clear();
     return;
   }
 
   // Only one instance of LoginPerformer should exist at a time.
   login_performer_.reset(nullptr);
   login_performer_.reset(new ChromeLoginPerformer(this));
   login_performer_->LoginOffTheRecord();
   SendAccessibilityAlert(
       l10n_util::GetStringUTF8(IDS_CHROMEOS_ACC_LOGIN_SIGNIN_OFFRECORD));
 }
 
 void ExistingUserController::LoginAsPublicSession(
     const UserContext& user_context) {
   PerformPreLoginActions(user_context);
 
   // If there is no public account with the given user ID, logging in is not
   // possible.
   const user_manager::User* user =
       user_manager::UserManager::Get()->FindUser(user_context.GetAccountId());
   if (!user || user->GetType() != user_manager::USER_TYPE_PUBLIC_ACCOUNT) {
-    PerformLoginFinishedActions(true /* start public session timer */);
+    PerformLoginFinishedActions(true /* start auto login timer */);
     return;
   }
 
   UserContext new_user_context = user_context;
   std::string locale = user_context.GetPublicSessionLocale();
   if (locale.empty()) {
     // When performing auto-login, no locale is chosen by the user. Check
     // whether a list of recommended locales was set by policy. If so, use its
     // first entry. Otherwise, |locale| will remain blank, indicating that the
     // public session should use the current UI locale.
@@ skipping 52 matching lines @@
   const bool auto_start = false;
   host_->StartAppLaunch(app_id, diagnostic_mode, auto_start);
 }
 
 void ExistingUserController::LoginAsArcKioskApp(const AccountId& account_id) {
   login_performer_.reset(nullptr);
   login_performer_.reset(new ChromeLoginPerformer(this));
   login_performer_->LoginAsArcKioskAccount(account_id);
 }
 
-void ExistingUserController::ConfigurePublicSessionAutoLogin() {
+void ExistingUserController::ConfigureAutoLogin() {
   std::string auto_login_account_id;
   cros_settings_->GetString(kAccountsPrefDeviceLocalAccountAutoLoginId,
                             &auto_login_account_id);
   const std::vector<policy::DeviceLocalAccount> device_local_accounts =
       policy::GetDeviceLocalAccounts(cros_settings_);
 
   public_session_auto_login_account_id_ = EmptyAccountId();
   for (std::vector<policy::DeviceLocalAccount>::const_iterator
            it = device_local_accounts.begin();
        it != device_local_accounts.end(); ++it) {
     if (it->account_id == auto_login_account_id) {
       public_session_auto_login_account_id_ =
           AccountId::FromUserEmail(it->user_id);
       break;
     }
   }
 
-  const user_manager::User* user = user_manager::UserManager::Get()->FindUser(
-      public_session_auto_login_account_id_);
-  if (!user || user->GetType() != user_manager::USER_TYPE_PUBLIC_ACCOUNT)
+  const user_manager::User* public_session_user =
+      user_manager::UserManager::Get()->FindUser(
+          public_session_auto_login_account_id_);
+  if (!public_session_user ||
+      public_session_user->GetType() !=
+          user_manager::USER_TYPE_PUBLIC_ACCOUNT) {
     public_session_auto_login_account_id_ = EmptyAccountId();
-
-  if (!cros_settings_->GetInteger(
-          kAccountsPrefDeviceLocalAccountAutoLoginDelay,
-          &public_session_auto_login_delay_)) {
-    public_session_auto_login_delay_ = 0;
   }
 
-  if (public_session_auto_login_account_id_.is_valid())
-    StartPublicSessionAutoLoginTimer();
-  else
-    StopPublicSessionAutoLoginTimer();
+  arc_kiosk_auto_login_account_id_ =
+      ArcKioskAppManager::Get()->GetAutoLaunchAccountId();
+  const user_manager::User* arc_kiosk_user =
+      user_manager::UserManager::Get()->FindUser(
+          arc_kiosk_auto_login_account_id_);
+  if (!arc_kiosk_user ||
+      arc_kiosk_user->GetType() != user_manager::USER_TYPE_ARC_KIOSK_APP) {
+    arc_kiosk_auto_login_account_id_ = EmptyAccountId();
+  }
+
+  if (!cros_settings_->GetInteger(kAccountsPrefDeviceLocalAccountAutoLoginDelay,
+                                  &auto_login_delay_)) {
+    auto_login_delay_ = 0;
+  }
+
+  if (public_session_auto_login_account_id_.is_valid() ||
+      arc_kiosk_auto_login_account_id_.is_valid()) {
+    StartAutoLoginTimer();
+  } else {
+    StopAutoLoginTimer();
+  }
 }
 
-void ExistingUserController::ResetPublicSessionAutoLoginTimer() {
+void ExistingUserController::ResetAutoLoginTimer() {
   // Only restart the auto-login timer if it's already running.
   if (auto_login_timer_ && auto_login_timer_->IsRunning()) {
-    StopPublicSessionAutoLoginTimer();
-    StartPublicSessionAutoLoginTimer();
+    StopAutoLoginTimer();
+    StartAutoLoginTimer();
   }
 }
 
 void ExistingUserController::OnPublicSessionAutoLoginTimerFire() {
-  CHECK(signin_screen_ready_ &&
-        public_session_auto_login_account_id_.is_valid());
+  CHECK(auto_launch_ready_ && public_session_auto_login_account_id_.is_valid());
   Login(UserContext(user_manager::USER_TYPE_PUBLIC_ACCOUNT,
                     public_session_auto_login_account_id_),
         SigninSpecifics());
 }
 
-void ExistingUserController::StopPublicSessionAutoLoginTimer() {
+void ExistingUserController::OnArcKioskAutoLoginTimerFire() {
+  CHECK(auto_launch_ready_ && (arc_kiosk_auto_login_account_id_.is_valid()));
+  Login(UserContext(user_manager::USER_TYPE_ARC_KIOSK_APP,
+                    arc_kiosk_auto_login_account_id_),
+        SigninSpecifics());
+}
+
+void ExistingUserController::StopAutoLoginTimer() {
   if (auto_login_timer_)
     auto_login_timer_->Stop();
 }
 
-void ExistingUserController::StartPublicSessionAutoLoginTimer() {
-  if (!signin_screen_ready_ || is_login_in_progress_ ||
-      !public_session_auto_login_account_id_.is_valid()) {
+void ExistingUserController::StartAutoLoginTimer() {
+  if (!auto_launch_ready_ || is_login_in_progress_ ||
+      (!public_session_auto_login_account_id_.is_valid() &&
+       !arc_kiosk_auto_login_account_id_.is_valid())) {
     return;
   }
 
   // Start the auto-login timer.
   if (!auto_login_timer_)
     auto_login_timer_.reset(new base::OneShotTimer);
 
-  auto_login_timer_->Start(
-      FROM_HERE,
-      base::TimeDelta::FromMilliseconds(
-          public_session_auto_login_delay_),
-      base::Bind(
-          &ExistingUserController::OnPublicSessionAutoLoginTimerFire,
-          weak_factory_.GetWeakPtr()));
+  if (public_session_auto_login_account_id_.is_valid()) {
+    auto_login_timer_->Start(
+        FROM_HERE, base::TimeDelta::FromMilliseconds(auto_login_delay_),
+        base::Bind(&ExistingUserController::OnPublicSessionAutoLoginTimerFire,
+                   weak_factory_.GetWeakPtr()));
+  } else {
+    auto_login_timer_->Start(
+        FROM_HERE, base::TimeDelta::FromMilliseconds(auto_login_delay_),
+        base::Bind(&ExistingUserController::OnArcKioskAutoLoginTimerFire,
+                   weak_factory_.GetWeakPtr()));
+  }
 }
 
 gfx::NativeWindow ExistingUserController::GetNativeWindow() const {
   return host_->GetNativeWindow();
 }
 
 void ExistingUserController::ShowError(int error_id,
                                        const std::string& details) {
   VLOG(1) << details;
   HelpAppLauncher::HelpTopic help_topic_id;
@@ skipping 67 matching lines @@
   // Disable clicking on other windows and status tray.
   login_display_->SetUIEnabled(false);
 
   if (last_login_attempt_account_id_ != user_context.GetAccountId()) {
     last_login_attempt_account_id_ = user_context.GetAccountId();
     num_login_attempts_ = 0;
   }
   num_login_attempts_++;
 
   // Stop the auto-login timer when attempting login.
-  StopPublicSessionAutoLoginTimer();
+  StopAutoLoginTimer();
 }
 
 void ExistingUserController::PerformLoginFinishedActions(
-    bool start_public_session_timer) {
+    bool start_auto_login_timer) {
   is_login_in_progress_ = false;
 
   // Reenable clicking on other windows and status area.
   login_display_->SetUIEnabled(true);
 
-  if (start_public_session_timer)
-    StartPublicSessionAutoLoginTimer();
+  if (start_auto_login_timer)
+    StartAutoLoginTimer();
 }
 
 void ExistingUserController::ContinueLoginIfDeviceNotDisabled(
     const base::Closure& continuation) {
   // Disable clicking on other windows and status tray.
   login_display_->SetUIEnabled(false);
 
   // Stop the auto-login timer.
-  StopPublicSessionAutoLoginTimer();
+  StopAutoLoginTimer();
 
   // Wait for the |cros_settings_| to become either trusted or permanently
   // untrusted.
   const CrosSettingsProvider::TrustedStatus status =
       cros_settings_->PrepareTrustedValues(base::Bind(
           &ExistingUserController::ContinueLoginIfDeviceNotDisabled,
           weak_factory_.GetWeakPtr(),
           continuation));
   if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED)
     return;
@@ skipping 111 matching lines @@
   }
 
   // Regular user or supervised user login.
 
   if (!user_context.HasCredentials()) {
     // If credentials are missing, refuse to log in.
 
     // Reenable clicking on other windows and status area.
     login_display_->SetUIEnabled(true);
     // Restart the auto-login timer.
-    StartPublicSessionAutoLoginTimer();
+    StartAutoLoginTimer();
   }
 
   PerformPreLoginActions(user_context);
   PerformLogin(user_context, LoginPerformer::AUTH_MODE_INTERNAL);
 }
 
 void ExistingUserController::OnBootstrapUserContextInitialized(
     bool success,
     const UserContext& user_context) {
   if (!success) {
@@ skipping 37 matching lines @@
   }
 
   // Otherwise, show the unrecoverable cryptohome error UI and ask user's
   // permission to collect a feedback.
   RecordPasswordChangeFlow(LOGIN_PASSWORD_CHANGE_FLOW_CRYPTOHOME_FAILURE);
   VLOG(1) << "Show unrecoverable cryptohome error dialog.";
   login_display_->ShowUnrecoverableCrypthomeErrorDialog();
 }
 
 }  // namespace chromeos