Chromium Code Reviews Chromium Code Reviews
Issue 2655873002:
Get enrollment token from DMServer when an Active Directory user uses ARC (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/arc/arc_auth_service.h" | 5 #include "chrome/browser/chromeos/arc/arc_auth_service.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/memory/ptr_util.h" | 11 #include "base/memory/ptr_util.h" |
| 12 #include "chrome/browser/chromeos/arc/arc_optin_uma.h" | 12 #include "chrome/browser/chromeos/arc/arc_optin_uma.h" |
| 13 #include "chrome/browser/chromeos/arc/arc_session_manager.h" | 13 #include "chrome/browser/chromeos/arc/arc_session_manager.h" |
| 14 #include "chrome/browser/chromeos/arc/auth/arc_auth_code_fetcher.h" | 14 #include "chrome/browser/chromeos/arc/auth/arc_active_directory_enrollment_token _fetcher.h" |
| 15 #include "chrome/browser/chromeos/arc/auth/arc_auth_info_fetcher.h" | |
| 15 #include "chrome/browser/chromeos/arc/auth/arc_background_auth_code_fetcher.h" | 16 #include "chrome/browser/chromeos/arc/auth/arc_background_auth_code_fetcher.h" |
| 16 #include "chrome/browser/chromeos/arc/auth/arc_manual_auth_code_fetcher.h" | 17 #include "chrome/browser/chromeos/arc/auth/arc_manual_auth_code_fetcher.h" |
| 17 #include "chrome/browser/chromeos/arc/auth/arc_robot_auth_code_fetcher.h" | 18 #include "chrome/browser/chromeos/arc/auth/arc_robot_auth_code_fetcher.h" |
| 18 #include "chrome/browser/chromeos/arc/policy/arc_policy_util.h" | 19 #include "chrome/browser/chromeos/arc/policy/arc_policy_util.h" |
| 20 #include "chrome/browser/chromeos/profiles/profile_helper.h" | |
| 19 #include "chrome/browser/lifetime/application_lifetime.h" | 21 #include "chrome/browser/lifetime/application_lifetime.h" |
| 20 #include "chromeos/chromeos_switches.h" | 22 #include "chromeos/chromeos_switches.h" |
| 21 #include "components/arc/arc_bridge_service.h" | 23 #include "components/arc/arc_bridge_service.h" |
| 22 #include "components/arc/arc_features.h" | 24 #include "components/arc/arc_features.h" |
| 25 #include "components/user_manager/user_manager.h" | |
| 23 #include "content/public/browser/browser_thread.h" | 26 #include "content/public/browser/browser_thread.h" |
| 24 | 27 |
| 25 namespace arc { | 28 namespace arc { |
| 26 namespace { | 29 namespace { |
| 27 | 30 |
| 28 ArcAuthService* g_arc_auth_service = nullptr; | 31 ArcAuthService* g_arc_auth_service = nullptr; |
| 29 | 32 |
| 30 // Convers mojom::ArcSignInFailureReason into ProvisiningResult. | 33 // Convers mojom::ArcSignInFailureReason into ProvisiningResult. |
| 31 ProvisioningResult ConvertArcSignInFailureReasonToProvisioningResult( | 34 ProvisioningResult ConvertArcSignInFailureReasonToProvisioningResult( |
| 32 mojom::ArcSignInFailureReason reason) { | 35 mojom::ArcSignInFailureReason reason) { |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 79 explicit AccountInfoNotifier( | 82 explicit AccountInfoNotifier( |
| 80 const GetAuthCodeAndAccountTypeDeprecatedCallback& auth_account_callback) | 83 const GetAuthCodeAndAccountTypeDeprecatedCallback& auth_account_callback) |
| 81 : callback_type_(CallbackType::AUTH_CODE_AND_ACCOUNT), | 84 : callback_type_(CallbackType::AUTH_CODE_AND_ACCOUNT), |
| 82 auth_account_callback_(auth_account_callback) {} | 85 auth_account_callback_(auth_account_callback) {} |
| 83 | 86 |
| 84 explicit AccountInfoNotifier(const AccountInfoCallback& account_info_callback) | 87 explicit AccountInfoNotifier(const AccountInfoCallback& account_info_callback) |
| 85 : callback_type_(CallbackType::ACCOUNT_INFO), | 88 : callback_type_(CallbackType::ACCOUNT_INFO), |
| 86 account_info_callback_(account_info_callback) {} | 89 account_info_callback_(account_info_callback) {} |
| 87 | 90 |
| 88 void Notify(bool is_enforced, | 91 void Notify(bool is_enforced, |
| 89 const std::string& auth_code, | 92 const std::string& auth_info, |
| 90 mojom::ChromeAccountType account_type, | 93 mojom::ChromeAccountType account_type, |
| 91 bool is_managed) { | 94 bool is_managed) { |
| 92 switch (callback_type_) { | 95 switch (callback_type_) { |
| 93 case CallbackType::AUTH_CODE: | 96 case CallbackType::AUTH_CODE: |
| 94 DCHECK(!auth_callback_.is_null()); | 97 DCHECK(!auth_callback_.is_null()); |
| 95 auth_callback_.Run(auth_code, is_enforced); | 98 auth_callback_.Run(auth_info, is_enforced); |
| 96 break; | 99 break; |
| 97 case CallbackType::AUTH_CODE_AND_ACCOUNT: | 100 case CallbackType::AUTH_CODE_AND_ACCOUNT: |
| 98 DCHECK(!auth_account_callback_.is_null()); | 101 DCHECK(!auth_account_callback_.is_null()); |
| 99 auth_account_callback_.Run(auth_code, is_enforced, account_type); | 102 auth_account_callback_.Run(auth_info, is_enforced, account_type); |
| 100 break; | 103 break; |
| 101 case CallbackType::ACCOUNT_INFO: | 104 case CallbackType::ACCOUNT_INFO: |
| 102 DCHECK(!account_info_callback_.is_null()); | 105 DCHECK(!account_info_callback_.is_null()); |
| 103 mojom::AccountInfoPtr account_info = mojom::AccountInfo::New(); | 106 mojom::AccountInfoPtr account_info = mojom::AccountInfo::New(); |
| 104 if (!is_enforced) { | 107 if (account_type == |
| 105 account_info->auth_code = base::nullopt; | 108 mojom::ChromeAccountType::ACTIVE_DIRECTORY_ACCOUNT) { |
| 109 account_info->enrollment_token = auth_info; | |
| 106 } else { | 110 } else { |
| 107 account_info->auth_code = auth_code; | 111 if (!is_enforced) { |
|
Luis Héctor Chávez
2017/01/31 18:01:09
nit: elide braces (or use a ternary).
Marton Hunyady
2017/02/01 12:21:50
Done.
| |
| 112 account_info->auth_code = base::nullopt; | |
| 113 } else { | |
| 114 account_info->auth_code = auth_info; | |
| 115 } | |
| 108 } | 116 } |
| 109 account_info->account_type = account_type; | 117 account_info->account_type = account_type; |
| 110 account_info->is_managed = is_managed; | 118 account_info->is_managed = is_managed; |
| 111 account_info_callback_.Run(std::move(account_info)); | 119 account_info_callback_.Run(std::move(account_info)); |
| 112 break; | 120 break; |
| 113 } | 121 } |
| 114 } | 122 } |
| 115 | 123 |
| 116 private: | 124 private: |
| 117 enum class CallbackType { AUTH_CODE, AUTH_CODE_AND_ACCOUNT, ACCOUNT_INFO }; | 125 enum class CallbackType { AUTH_CODE, AUTH_CODE_AND_ACCOUNT, ACCOUNT_INFO }; |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 216 if (ArcSessionManager::IsOptInVerificationDisabled()) { | 224 if (ArcSessionManager::IsOptInVerificationDisabled()) { |
| 217 notifier->Notify( | 225 notifier->Notify( |
| 218 false /* = is_enforced */, std::string(), GetAccountType(), | 226 false /* = is_enforced */, std::string(), GetAccountType(), |
| 219 policy_util::IsAccountManaged(ArcSessionManager::Get()->profile())); | 227 policy_util::IsAccountManaged(ArcSessionManager::Get()->profile())); |
| 220 return; | 228 return; |
| 221 } | 229 } |
| 222 | 230 |
| 223 // Hereafter asynchronous operation. Remember the notifier. | 231 // Hereafter asynchronous operation. Remember the notifier. |
| 224 notifier_ = std::move(notifier); | 232 notifier_ = std::move(notifier); |
| 225 | 233 |
| 226 if (ArcSessionManager::IsArcKioskMode()) { | 234 Profile* profile = ArcSessionManager::Get()->profile(); |
| 227 // In Kiosk mode, use Robot auth code fetching. | 235 const user_manager::User* user = nullptr; |
| 228 fetcher_ = base::MakeUnique<ArcRobotAuthCodeFetcher>(); | 236 if (profile) |
| 229 } else if (base::FeatureList::IsEnabled(arc::kArcUseAuthEndpointFeature)) { | 237 user = chromeos::ProfileHelper::Get()->GetUserByProfile(profile); |
| 230 // Optionally retrieve auth code in silent mode. | 238 if (user && user->IsActiveDirectoryUser()) { |
| 231 fetcher_ = base::MakeUnique<ArcBackgroundAuthCodeFetcher>( | 239 // For Active Directory enrolled devices, we get an enrollment token for a |
| 232 ArcSessionManager::Get()->profile(), | 240 // managed Google Play account from DMServer. |
| 233 ArcSessionManager::Get()->auth_context()); | 241 fetcher_ = base::MakeUnique<ArcActiveDirectoryEnrollmentTokenFetcher>(); |
| 242 fetcher_->Fetch(base::Bind(&ArcAuthService::OnEnrollmentTokenFetched, | |
| 243 weak_ptr_factory_.GetWeakPtr())); | |
|
Luis Héctor Chávez
2017/01/31 18:01:09
nit: return; to avoid the else block altogether.
Marton Hunyady
2017/02/01 12:21:50
Done.
| |
| 234 } else { | 244 } else { |
| 235 // Report that silent auth code is not activated. All other states are | 245 // For non-AD enrolled devices an auth code is fetched. |
| 236 // reported in ArcBackgroundAuthCodeFetcher. | 246 if (ArcSessionManager::IsArcKioskMode()) { |
| 237 UpdateSilentAuthCodeUMA(OptInSilentAuthCode::DISABLED); | 247 // In Kiosk mode, use Robot auth code fetching. |
| 238 // Otherwise, show LSO page and let user click "Sign in" button. | 248 fetcher_ = base::MakeUnique<ArcRobotAuthCodeFetcher>(); |
| 239 // Here, support_host should be available always. The case support_host is | 249 } else if (base::FeatureList::IsEnabled(arc::kArcUseAuthEndpointFeature)) { |
| 240 // not created is when 1) IsOptInVerificationDisabled() is true or 2) | 250 // Optionally retrieve auth code in silent mode. |
| 241 // IsArcKioskMode() is true. Both cases are handled above. | 251 DCHECK(profile); |
| 242 fetcher_ = base::MakeUnique<ArcManualAuthCodeFetcher>( | 252 fetcher_ = base::MakeUnique<ArcBackgroundAuthCodeFetcher>( |
| 243 ArcSessionManager::Get()->auth_context(), | 253 profile, ArcSessionManager::Get()->auth_context()); |
| 244 ArcSessionManager::Get()->support_host()); | 254 } else { |
| 255 // Report that silent auth code is not activated. All other states are | |
| 256 // reported in ArcBackgroundAuthCodeFetcher. | |
| 257 UpdateSilentAuthCodeUMA(OptInSilentAuthCode::DISABLED); | |
| 258 // Otherwise, show LSO page and let user click "Sign in" button. | |
| 259 // Here, support_host should be available always. The case support_host is | |
| 260 // not created is when 1) IsOptInVerificationDisabled() is true or 2) | |
| 261 // IsArcKioskMode() is true. Both cases are handled above. | |
| 262 fetcher_ = base::MakeUnique<ArcManualAuthCodeFetcher>( | |
| 263 ArcSessionManager::Get()->auth_context(), | |
| 264 ArcSessionManager::Get()->support_host()); | |
| 265 } | |
| 266 fetcher_->Fetch(base::Bind(&ArcAuthService::OnAuthCodeFetched, | |
| 267 weak_ptr_factory_.GetWeakPtr())); | |
| 245 } | 268 } |
| 246 fetcher_->Fetch(base::Bind(&ArcAuthService::OnAuthCodeFetched, | |
| 247 weak_ptr_factory_.GetWeakPtr())); | |
| 248 } | 269 } |
| 249 | 270 |
| 250 void ArcAuthService::OnAuthCodeFetched(const std::string& auth_code) { | 271 void ArcAuthService::OnAuthCodeFetched(const std::string& auth_code) { |
| 251 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 272 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| 252 fetcher_.reset(); | 273 fetcher_.reset(); |
| 253 | 274 |
| 254 if (auth_code.empty()) { | 275 if (auth_code.empty()) { |
| 255 ArcSessionManager::Get()->OnProvisioningFinished( | 276 ArcSessionManager::Get()->OnProvisioningFinished( |
| 256 ProvisioningResult::CHROME_SERVER_COMMUNICATION_ERROR); | 277 ProvisioningResult::CHROME_SERVER_COMMUNICATION_ERROR); |
| 257 return; | 278 return; |
| 258 } | 279 } |
| 259 | 280 |
| 260 notifier_->Notify( | 281 notifier_->Notify( |
| 261 !ArcSessionManager::IsOptInVerificationDisabled(), auth_code, | 282 !ArcSessionManager::IsOptInVerificationDisabled(), auth_code, |
| 262 GetAccountType(), | 283 GetAccountType(), |
| 263 policy_util::IsAccountManaged(ArcSessionManager::Get()->profile())); | 284 policy_util::IsAccountManaged(ArcSessionManager::Get()->profile())); |
| 264 notifier_.reset(); | 285 notifier_.reset(); |
| 265 } | 286 } |
| 266 | 287 |
| 288 void ArcAuthService::OnEnrollmentTokenFetched( | |
| 289 const std::string& enrollment_token) { | |
| 290 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | |
| 291 fetcher_.reset(); | |
| 292 | |
| 293 if (enrollment_token.empty()) { | |
| 294 ArcSessionManager::Get()->OnProvisioningFinished( | |
| 295 ProvisioningResult::CHROME_SERVER_COMMUNICATION_ERROR); | |
| 296 return; | |
| 297 } | |
| 298 | |
| 299 notifier_->Notify(true, enrollment_token, | |
| 300 mojom::ChromeAccountType::ACTIVE_DIRECTORY_ACCOUNT, true); | |
| 301 notifier_.reset(); | |
| 302 } | |
| 303 | |
| 267 } // namespace arc | 304 } // namespace arc |
| OLD | NEW |
