Chromium Code Reviews Chromium Code Reviews
Issue 2519823006:
Chromad: Add authentication flow (Closed)
| Index: chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc |
| diff --git a/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc b/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc |
| index 5660e1b87073814c93868d46b3544c8357e58c44..b222120536f7694bf385ef36fadc1f6a1fc09629 100644 |
| --- a/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc |
| +++ b/chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc |
| @@ -17,6 +17,7 @@ |
| #include "chrome/browser/browser_shutdown.h" |
| #include "chrome/browser/chromeos/input_method/input_method_util.h" |
| #include "chrome/browser/chromeos/language_preferences.h" |
| +#include "chrome/browser/chromeos/login/helper.h" |
| #include "chrome/browser/chromeos/login/screens/network_error.h" |
| #include "chrome/browser/chromeos/login/ui/user_adding_screen.h" |
| #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" |
| @@ -32,6 +33,8 @@ |
| #include "chrome/common/pref_names.h" |
| #include "chrome/grit/generated_resources.h" |
| #include "chromeos/chromeos_switches.h" |
| +#include "chromeos/dbus/auth_policy_client.h" |
| +#include "chromeos/dbus/dbus_thread_manager.h" |
| #include "chromeos/login/auth/user_context.h" |
| #include "chromeos/settings/cros_settings_names.h" |
| #include "chromeos/system/devicetype.h" |
| @@ -72,9 +75,21 @@ enum GaiaScreenMode { |
| // An interstitial page will be used before SAML redirection. |
| GAIA_SCREEN_MODE_SAML_INTERSTITIAL = 2, |
| + |
| + // Offline UI for Active Directory authentication. |
| + GAIA_SCREEN_MODE_AD = 3, |
| }; |
| +policy::DeviceMode GetDeviceMode() { |
| + policy::BrowserPolicyConnectorChromeOS* connector = |
| + g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| + return connector->GetDeviceMode(); |
| +} |
| + |
| GaiaScreenMode GetGaiaScreenMode(const std::string& email, bool use_offline) { |
| + if (GetDeviceMode() == policy::DEVICE_MODE_ENTERPRISE_AD) |
| + return GAIA_SCREEN_MODE_AD; |
| + |
| if (use_offline) |
| return GAIA_SCREEN_MODE_OFFLINE; |
| @@ -105,6 +120,12 @@ std::string GetEnterpriseDomain() { |
| return connector->GetEnterpriseDomain(); |
| } |
| +std::string GetRealm() { |
| + policy::BrowserPolicyConnectorChromeOS* connector = |
| + g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| + return connector->GetRealm(); |
| +} |
| + |
| std::string GetChromeType() { |
| switch (chromeos::GetDeviceType()) { |
| case chromeos::DeviceType::kChromebox: |
| @@ -248,6 +269,11 @@ void GaiaScreenHandler::LoadGaiaWithVersion( |
| params.SetString("hl", app_locale); |
| } |
| + std::string realm(GetRealm()); |
| + if (!realm.empty()) { |
| + params.SetString("realm", realm); |
| + } |
| + |
| std::string enterprise_domain(GetEnterpriseDomain()); |
| if (!enterprise_domain.empty()) |
| params.SetString("enterpriseDomain", enterprise_domain); |
| @@ -358,6 +384,10 @@ void GaiaScreenHandler::DeclareLocalizedValues( |
| IDS_LOGIN_SAML_INTERSTITIAL_CHANGE_ACCOUNT_LINK_TEXT); |
| builder->Add("samlInterstitialNextBtn", |
| IDS_LOGIN_SAML_INTERSTITIAL_NEXT_BUTTON_TEXT); |
| + |
| + builder->Add("adAuthWelcomeMessage", IDS_AD_DOMAIN_AUTH_WELCOME_MESSAGE); |
| + builder->Add("adLoginUser", IDS_AD_LOGIN_USER); |
| + builder->Add("adLoginPassword", IDS_AD_LOGIN_PASSWORD); |
| } |
| void GaiaScreenHandler::Initialize() { |
| @@ -384,6 +414,8 @@ void GaiaScreenHandler::RegisterMessages() { |
| &GaiaScreenHandler::set_offline_login_is_active); |
| AddCallback("authExtensionLoaded", |
| &GaiaScreenHandler::HandleAuthExtensionLoaded); |
| + AddCallback("completeAdAuthentication", |
| + &GaiaScreenHandler::HandleCompleteAdAuthentication); |
| } |
| void GaiaScreenHandler::OnPortalDetectionCompleted( |
| @@ -466,6 +498,54 @@ AccountId GaiaScreenHandler::GetAccountId( |
| return account_id; |
| } |
| +void GaiaScreenHandler::HandleAdAuth(const std::string& username, |
| + const Key& key, |
| + int code, |
| + const std::string& uid) { |
| + if (code == 0) { |
| + AccountId ac_id(GetAccountId(username, uid)); |
|
Alexander Alekseev
2016/11/24 07:12:40
Could you add account_type parameter to GetAccount
Roman Sorokin (ftl)
2016/11/24 15:22:26
And change all the usages of known_user::GetAccoun
Alexander Alekseev
2016/11/25 08:07:07
Yes, it seems to be a best solution.
Otherwise thi
xiyuan
2016/11/28 23:43:05
nit: ac_id -> account_id to make it easier to read
Roman Sorokin (ftl)
2016/12/02 12:35:12
Done.
Roman Sorokin (ftl)
2016/12/02 12:35:12
Done.
|
| + ac_id.SetAccountType(AccountId::kAd); |
| + UserContext user_context(ac_id); |
| + user_context.SetKey(key); |
| + user_context.SetAuthFlow(UserContext::AUTH_FLOW_AD); |
| + user_context.SetIsUsingOAuth(false); |
| + user_context.SetUserType(user_manager::UserType::USER_TYPE_AD); |
| + Delegate()->CompleteLogin(user_context); |
| + } else { |
| + // TODO(rsorokin): Proper error handling. |
| + LOG(ERROR) << "Failed to auth " << username << ", code " << code; |
| + LoadAuthExtension(true, false /* offline */); |
| + } |
| +} |
| + |
| +void GaiaScreenHandler::HandleCompleteAdAuthentication( |
| + const std::string& user_name, |
| + const std::string& password) { |
| + Delegate()->SetDisplayEmail(user_name); |
| + set_populated_email(user_name); |
| + |
| + login::GetPipeReadEnd( |
| + password, |
| + base::Bind(&GaiaScreenHandler::OnPasswordPipeReady, |
| + weak_factory_.GetWeakPtr(), user_name, Key(password))); |
| +} |
| + |
| +void GaiaScreenHandler::OnPasswordPipeReady(const std::string& user_name, |
| + const Key& key, |
| + base::ScopedFD password_fd) { |
| + DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| + if (!password_fd.is_valid()) { |
| + LOG(ERROR) << "Got invalid password_fd"; |
| + return; |
| + } |
| + chromeos::AuthPolicyClient* client = |
| + chromeos::DBusThreadManager::Get()->GetAuthPolicyClient(); |
| + client->AuthenticateUser( |
| + user_name, password_fd.get(), |
| + base::Bind(&GaiaScreenHandler::HandleAdAuth, weak_factory_.GetWeakPtr(), |
| + user_name, key)); |
| +} |
| + |
| void GaiaScreenHandler::HandleCompleteAuthentication( |
| const std::string& gaia_id, |
| const std::string& email, |
