Chromium Code Reviews Chromium Code Reviews
Issue 2655873002:
Get enrollment token from DMServer when an Active Directory user uses ARC (Closed)
| Index: chrome/browser/chromeos/arc/arc_auth_service.cc |
| diff --git a/chrome/browser/chromeos/arc/arc_auth_service.cc b/chrome/browser/chromeos/arc/arc_auth_service.cc |
| index 195c2ec539f8acfed17bb503d7c755283d6afb8b..58aa69e7713856b8633769edf02e5416ec9d12ac 100644 |
| --- a/chrome/browser/chromeos/arc/arc_auth_service.cc |
| +++ b/chrome/browser/chromeos/arc/arc_auth_service.cc |
| @@ -11,16 +11,19 @@ |
| #include "base/memory/ptr_util.h" |
| #include "chrome/browser/chromeos/arc/arc_optin_uma.h" |
| #include "chrome/browser/chromeos/arc/arc_session_manager.h" |
| -#include "chrome/browser/chromeos/arc/auth/arc_auth_code_fetcher.h" |
| +#include "chrome/browser/chromeos/arc/auth/arc_active_directory_enrollment_token_fetcher.h" |
| +#include "chrome/browser/chromeos/arc/auth/arc_auth_info_fetcher.h" |
| #include "chrome/browser/chromeos/arc/auth/arc_background_auth_code_fetcher.h" |
| #include "chrome/browser/chromeos/arc/auth/arc_manual_auth_code_fetcher.h" |
| #include "chrome/browser/chromeos/arc/auth/arc_robot_auth_code_fetcher.h" |
| #include "chrome/browser/chromeos/arc/policy/arc_policy_util.h" |
| +#include "chrome/browser/chromeos/profiles/profile_helper.h" |
| #include "chrome/browser/lifetime/application_lifetime.h" |
| #include "chromeos/chromeos_switches.h" |
| #include "components/arc/arc_bridge_service.h" |
| #include "components/arc/arc_features.h" |
| #include "components/arc/arc_util.h" |
| +#include "components/user_manager/user_manager.h" |
| #include "content/public/browser/browser_thread.h" |
| namespace arc { |
| @@ -86,25 +89,29 @@ class ArcAuthService::AccountInfoNotifier { |
| account_info_callback_(account_info_callback) {} |
| void Notify(bool is_enforced, |
| - const std::string& auth_code, |
| + const std::string& auth_info, |
| mojom::ChromeAccountType account_type, |
| bool is_managed) { |
| switch (callback_type_) { |
| case CallbackType::AUTH_CODE: |
| DCHECK(!auth_callback_.is_null()); |
| - auth_callback_.Run(auth_code, is_enforced); |
| + auth_callback_.Run(auth_info, is_enforced); |
| break; |
| case CallbackType::AUTH_CODE_AND_ACCOUNT: |
| DCHECK(!auth_account_callback_.is_null()); |
| - auth_account_callback_.Run(auth_code, is_enforced, account_type); |
| + auth_account_callback_.Run(auth_info, is_enforced, account_type); |
| break; |
| case CallbackType::ACCOUNT_INFO: |
| DCHECK(!account_info_callback_.is_null()); |
| mojom::AccountInfoPtr account_info = mojom::AccountInfo::New(); |
| - if (!is_enforced) { |
| - account_info->auth_code = base::nullopt; |
| + if (account_type == |
| + mojom::ChromeAccountType::ACTIVE_DIRECTORY_ACCOUNT) { |
| + account_info->enrollment_token = auth_info; |
|
Luis Héctor Chávez
2017/02/03 16:16:50
be aware that not setting account_info->auth_code
Marton Hunyady
2017/02/03 18:11:11
Until we make it possible in DMServer to get enrol
|
| } else { |
| - account_info->auth_code = auth_code; |
| + if (!is_enforced) |
| + account_info->auth_code = base::nullopt; |
| + else |
| + account_info->auth_code = auth_info; |
| } |
| account_info->account_type = account_type; |
| account_info->is_managed = is_managed; |
| @@ -223,14 +230,27 @@ void ArcAuthService::RequestAccountInfoInternal( |
| // Hereafter asynchronous operation. Remember the notifier. |
| notifier_ = std::move(notifier); |
| + Profile* profile = ArcSessionManager::Get()->profile(); |
| + const user_manager::User* user = nullptr; |
| + if (profile) |
| + user = chromeos::ProfileHelper::Get()->GetUserByProfile(profile); |
| + if (user && user->IsActiveDirectoryUser()) { |
| + // For Active Directory enrolled devices, we get an enrollment token for a |
| + // managed Google Play account from DMServer. |
| + fetcher_ = base::MakeUnique<ArcActiveDirectoryEnrollmentTokenFetcher>(); |
| + fetcher_->Fetch(base::Bind(&ArcAuthService::OnEnrollmentTokenFetched, |
| + weak_ptr_factory_.GetWeakPtr())); |
| + return; |
| + } |
| + // For non-AD enrolled devices an auth code is fetched. |
| if (IsArcKioskMode()) { |
| // In Kiosk mode, use Robot auth code fetching. |
| fetcher_ = base::MakeUnique<ArcRobotAuthCodeFetcher>(); |
| } else if (base::FeatureList::IsEnabled(arc::kArcUseAuthEndpointFeature)) { |
| // Optionally retrieve auth code in silent mode. |
| + DCHECK(profile); |
| fetcher_ = base::MakeUnique<ArcBackgroundAuthCodeFetcher>( |
| - ArcSessionManager::Get()->profile(), |
| - ArcSessionManager::Get()->auth_context()); |
| + profile, ArcSessionManager::Get()->auth_context()); |
| } else { |
| // Report that silent auth code is not activated. All other states are |
| // reported in ArcBackgroundAuthCodeFetcher. |
| @@ -263,4 +283,20 @@ void ArcAuthService::OnAuthCodeFetched(const std::string& auth_code) { |
| notifier_.reset(); |
| } |
| +void ArcAuthService::OnEnrollmentTokenFetched( |
|
Luis Héctor Chávez
2017/02/03 16:16:50
nit: can this be before OnAuthCodeFetched so it be
Marton Hunyady
2017/02/03 18:11:11
Done.
|
| + const std::string& enrollment_token) { |
| + DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| + fetcher_.reset(); |
| + |
| + if (enrollment_token.empty()) { |
| + ArcSessionManager::Get()->OnProvisioningFinished( |
| + ProvisioningResult::CHROME_SERVER_COMMUNICATION_ERROR); |
| + return; |
| + } |
| + |
| + notifier_->Notify(true, enrollment_token, |
|
Luis Héctor Chávez
2017/02/03 16:16:50
nit: use named constants (e.g. constexpr bool kIsE
Marton Hunyady
2017/02/03 18:11:11
Done.
|
| + mojom::ChromeAccountType::ACTIVE_DIRECTORY_ACCOUNT, true); |
| + notifier_.reset(); |
| +} |
| + |
| } // namespace arc |
