Get enrollment token from DMServer when an Active Directory user uses ARC

chrome/browser/chromeos/arc/arc_auth_service.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/arc/arc_auth_service.h"
 
 #include <utility>
 
 #include "base/command_line.h"
-#include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "chrome/browser/chromeos/arc/arc_optin_uma.h"
 #include "chrome/browser/chromeos/arc/arc_session_manager.h"
-#include "chrome/browser/chromeos/arc/auth/arc_auth_code_fetcher.h"
+#include "chrome/browser/chromeos/arc/auth/arc_active_directory_enrollment_token_fetcher.h"
+#include "chrome/browser/chromeos/arc/auth/arc_auth_info_fetcher.h"
 #include "chrome/browser/chromeos/arc/auth/arc_background_auth_code_fetcher.h"
 #include "chrome/browser/chromeos/arc/auth/arc_manual_auth_code_fetcher.h"
 #include "chrome/browser/chromeos/arc/auth/arc_robot_auth_code_fetcher.h"
 #include "chrome/browser/chromeos/arc/policy/arc_policy_util.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/lifetime/application_lifetime.h"
 #include "chromeos/chromeos_switches.h"
 #include "components/arc/arc_bridge_service.h"
 #include "components/arc/arc_features.h"
 #include "components/arc/arc_util.h"
+#include "components/user_manager/user_manager.h"
 #include "content/public/browser/browser_thread.h"
 
 namespace arc {
 namespace {
 
 ArcAuthService* g_arc_auth_service = nullptr;
 
 // Convers mojom::ArcSignInFailureReason into ProvisiningResult.
 ProvisioningResult ConvertArcSignInFailureReasonToProvisioningResult(
     mojom::ArcSignInFailureReason reason) {
@@ skipping 45 matching lines @@
   explicit AccountInfoNotifier(
       const GetAuthCodeAndAccountTypeDeprecatedCallback& auth_account_callback)
       : callback_type_(CallbackType::AUTH_CODE_AND_ACCOUNT),
         auth_account_callback_(auth_account_callback) {}
 
   explicit AccountInfoNotifier(const AccountInfoCallback& account_info_callback)
       : callback_type_(CallbackType::ACCOUNT_INFO),
         account_info_callback_(account_info_callback) {}
 
   void Notify(bool is_enforced,
-              const std::string& auth_code,
+              const std::string& auth_info,
               mojom::ChromeAccountType account_type,
               bool is_managed) {
     switch (callback_type_) {
       case CallbackType::AUTH_CODE:
         DCHECK(!auth_callback_.is_null());
-        auth_callback_.Run(auth_code, is_enforced);
+        auth_callback_.Run(auth_info, is_enforced);
         break;
       case CallbackType::AUTH_CODE_AND_ACCOUNT:
         DCHECK(!auth_account_callback_.is_null());
-        auth_account_callback_.Run(auth_code, is_enforced, account_type);
+        auth_account_callback_.Run(auth_info, is_enforced, account_type);
         break;
       case CallbackType::ACCOUNT_INFO:
         DCHECK(!account_info_callback_.is_null());
         mojom::AccountInfoPtr account_info = mojom::AccountInfo::New();
-        if (!is_enforced) {
-          account_info->auth_code = base::nullopt;
+        if (account_type ==
+            mojom::ChromeAccountType::ACTIVE_DIRECTORY_ACCOUNT) {
+          account_info->enrollment_token = auth_info;
         } else {
-          account_info->auth_code = auth_code;
+          if (!is_enforced)
+            account_info->auth_code = base::nullopt;
+          else
+            account_info->auth_code = auth_info;
         }
         account_info->account_type = account_type;
         account_info->is_managed = is_managed;
         account_info_callback_.Run(std::move(account_info));
         break;
     }
   }
 
  private:
   enum class CallbackType { AUTH_CODE, AUTH_CODE_AND_ACCOUNT, ACCOUNT_INFO };
@@ skipping 98 matching lines @@
   if (IsArcOptInVerificationDisabled()) {
     notifier->Notify(
         false /* = is_enforced */, std::string(), GetAccountType(),
         policy_util::IsAccountManaged(ArcSessionManager::Get()->profile()));
     return;
   }
 
   // Hereafter asynchronous operation. Remember the notifier.
   notifier_ = std::move(notifier);
 
+  Profile* profile = ArcSessionManager::Get()->profile();
+  const user_manager::User* user = nullptr;
+  if (profile)
+    user = chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
+  if (user && user->IsActiveDirectoryUser()) {
+    // For Active Directory enrolled devices, we get an enrollment token for a
+    // managed Google Play account from DMServer.
+    fetcher_ = base::MakeUnique<ArcActiveDirectoryEnrollmentTokenFetcher>();
+    fetcher_->Fetch(base::Bind(&ArcAuthService::OnEnrollmentTokenFetched,
+                               weak_ptr_factory_.GetWeakPtr()));
+    return;
+  }
+  // For non-AD enrolled devices an auth code is fetched.
   if (IsArcKioskMode()) {
     // In Kiosk mode, use Robot auth code fetching.
     fetcher_ = base::MakeUnique<ArcRobotAuthCodeFetcher>();
   } else if (base::FeatureList::IsEnabled(arc::kArcUseAuthEndpointFeature)) {
     // Optionally retrieve auth code in silent mode.
+    DCHECK(profile);
     fetcher_ = base::MakeUnique<ArcBackgroundAuthCodeFetcher>(
-        ArcSessionManager::Get()->profile(),
-        ArcSessionManager::Get()->auth_context());
+        profile, ArcSessionManager::Get()->auth_context());
   } else {
     // Report that silent auth code is not activated. All other states are
     // reported in ArcBackgroundAuthCodeFetcher.
     UpdateSilentAuthCodeUMA(OptInSilentAuthCode::DISABLED);
     // Otherwise, show LSO page and let user click "Sign in" button.
     // Here, support_host should be available always. The case support_host is
     // not created is when 1) IsArcOptInVerificationDisabled() is true or 2)
     // IsArcKioskMode() is true. Both cases are handled above.
     fetcher_ = base::MakeUnique<ArcManualAuthCodeFetcher>(
         ArcSessionManager::Get()->auth_context(),
         ArcSessionManager::Get()->support_host());
   }
   fetcher_->Fetch(base::Bind(&ArcAuthService::OnAuthCodeFetched,
                              weak_ptr_factory_.GetWeakPtr()));
 }
 
+void ArcAuthService::OnEnrollmentTokenFetched(
+    const std::string& enrollment_token) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  fetcher_.reset();
+
+  if (enrollment_token.empty()) {
+    ArcSessionManager::Get()->OnProvisioningFinished(
+        ProvisioningResult::CHROME_SERVER_COMMUNICATION_ERROR);
+    return;
+  }
+
+  notifier_->Notify(true /*is_enforced*/, enrollment_token,
+                    mojom::ChromeAccountType::ACTIVE_DIRECTORY_ACCOUNT, true);
+  notifier_.reset();
+}
+
 void ArcAuthService::OnAuthCodeFetched(const std::string& auth_code) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   fetcher_.reset();
 
   if (auth_code.empty()) {
     ArcSessionManager::Get()->OnProvisioningFinished(
         ProvisioningResult::CHROME_SERVER_COMMUNICATION_ERROR);
     return;
   }
 
   notifier_->Notify(
       !IsArcOptInVerificationDisabled(), auth_code, GetAccountType(),
       policy_util::IsAccountManaged(ArcSessionManager::Get()->profile()));
   notifier_.reset();
 }
 
 }  // namespace arc