Chromad: Allow offline login.

chrome/browser/chromeos/login/existing_user_controller.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/existing_user_controller.h"
 
 #include <memory>
 #include <vector>
 
 #include "base/bind.h"
@@ skipping 39 matching lines @@
 #include "chrome/browser/ui/aura/accessibility/automation_manager_aura.h"
 #include "chrome/browser/ui/webui/chromeos/login/l10n_util.h"
 #include "chrome/common/channel_info.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/grit/generated_resources.h"
 #include "chromeos/chromeos_switches.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/power_manager_client.h"
 #include "chromeos/dbus/session_manager_client.h"
+#include "chromeos/login/auth/authpolicy_login_helper.h"
 #include "chromeos/settings/cros_settings_names.h"
 #include "components/arc/arc_util.h"
 #include "components/google/core/browser/google_util.h"
 #include "components/policy/core/common/cloud/cloud_policy_core.h"
 #include "components/policy/core/common/cloud/cloud_policy_store.h"
 #include "components/policy/core/common/policy_map.h"
 #include "components/policy/core/common/policy_service.h"
 #include "components/policy/core/common/policy_types.h"
 #include "components/policy/policy_constants.h"
 #include "components/prefs/pref_service.h"
@@ skipping 305 matching lines @@
   }
   DCHECK(login_display_.get());
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // ExistingUserController, LoginDisplay::Delegate implementation:
 //
 
 void ExistingUserController::CancelPasswordChangedFlow() {
   login_performer_.reset(nullptr);
+  if (authpolicy_login_helper_)
+    authpolicy_login_helper_->CancelRequestsAndRestart();
   PerformLoginFinishedActions(true /* start auto login timer */);
 }
 
 void ExistingUserController::CompleteLogin(const UserContext& user_context) {
   if (!host_) {
     // Complete login event was generated already from UI. Ignore notification.
     return;
   }
 
   if (is_login_in_progress_)
@@ skipping 55 matching lines @@
   // Use the same LoginPerformer for subsequent login as it has state
   // such as Authenticator instance.
   if (!login_performer_.get() || num_login_attempts_ <= 1) {
     // Only one instance of LoginPerformer should exist at a time.
     login_performer_.reset(nullptr);
     login_performer_.reset(new ChromeLoginPerformer(this));
   }
   policy::BrowserPolicyConnectorChromeOS* connector =
       g_browser_process->platform_part()->browser_policy_connector_chromeos();
   if (connector->IsActiveDirectoryManaged() &&
-      user_context.GetAuthFlow() != UserContext::AUTH_FLOW_ACTIVE_DIRECTORY) {
+      user_context.GetUserType() != user_manager::USER_TYPE_ACTIVE_DIRECTORY) {
     PerformLoginFinishedActions(false /* don't start auto login timer */);
     ShowError(IDS_LOGIN_ERROR_GOOGLE_ACCOUNT_NOT_ALLOWED,
               "Google accounts are not allowed on this device");
     return;
   }
+  if (user_context.GetAccountId().GetAccountType() ==
+      AccountType::ACTIVE_DIRECTORY) {
+    DCHECK(user_context.GetKey()->GetKeyType() == Key::KEY_TYPE_PASSWORD_PLAIN);
+    if (!authpolicy_login_helper_)
+      authpolicy_login_helper_ = base::MakeUnique<AuthPolicyLoginHelper>();
+    authpolicy_login_helper_->AuthenticateUser(
+        user_context.GetAccountId().GetUserEmail(),
+        user_context.GetAccountId().GetObjGuid(),
+        user_context.GetKey()->GetSecret(),
+        base::Bind(&ExistingUserController::OnActiveDirectoryAuth,
+                   weak_factory_.GetWeakPtr()));
+  }
 
   if (gaia::ExtractDomainName(user_context.GetAccountId().GetUserEmail()) ==
       user_manager::kSupervisedUserDomain) {
     login_performer_->LoginAsSupervisedUser(user_context);
   } else {
     // If a regular user log in to a device which supports ARC, we should make
     // sure that the user's cryptohome is encrypted in ext4 dircrypto to run the
     // latest Android runtime.
     UserContext new_user_context = user_context;
     new_user_context.SetIsForcingDircrypto(ShouldForceDircrypto());
@@ skipping 235 matching lines @@
     StartAutoLoginTimer();
   }
 
   // Reset user flow to default, so that special flow will not affect next
   // attempt.
   ChromeUserManager::Get()->ResetUserFlow(last_login_attempt_account_id_);
 
   if (auth_status_consumer_)
     auth_status_consumer_->OnAuthFailure(failure);
 
+  if (authpolicy_login_helper_)
+    authpolicy_login_helper_->CancelRequestsAndRestart();
   ClearRecordedNames();
 
   // TODO(ginkage): Fix this case once crbug.com/469990 is ready.
   /*
     if (failure.reason() == AuthFailure::COULD_NOT_MOUNT_CRYPTOHOME) {
       RecordReauthReason(last_login_attempt_account_id_,
                          ReauthReason::MISSING_CRYPTOHOME);
     }
   */
 }
@@ skipping 148 matching lines @@
 void ExistingUserController::WhiteListCheckFailed(const std::string& email) {
   PerformLoginFinishedActions(true /* start auto login timer */);
 
   login_display_->ShowWhitelistCheckFailedError();
 
   if (auth_status_consumer_) {
     auth_status_consumer_->OnAuthFailure(
         AuthFailure(AuthFailure::WHITELIST_CHECK_FAILED));
   }
 
+  if (authpolicy_login_helper_)
+    authpolicy_login_helper_->CancelRequestsAndRestart();
   ClearRecordedNames();
 }
 
 void ExistingUserController::PolicyLoadFailed() {
   ShowError(IDS_LOGIN_ERROR_OWNER_KEY_LOST, "");
 
   PerformLoginFinishedActions(false /* don't start auto login timer */);
+  if (authpolicy_login_helper_)
+    authpolicy_login_helper_->CancelRequestsAndRestart();
   ClearRecordedNames();
 }
 
 void ExistingUserController::SetAuthFlowOffline(bool offline) {
   auth_flow_offline_ = offline;
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // ExistingUserController, private:
 
@@ skipping 528 matching lines @@
   VLOG(1) << "Show unrecoverable cryptohome error dialog.";
   login_display_->ShowUnrecoverableCrypthomeErrorDialog();
 }
 
 void ExistingUserController::ClearRecordedNames() {
   display_email_.clear();
   display_name_.clear();
   given_name_.clear();
 }
 
+void ExistingUserController::OnActiveDirectoryAuth(
+    authpolicy::ErrorType error,
+    const authpolicy::ActiveDirectoryAccountData& account_data) {
+  if (error != authpolicy::ERROR_NONE)

[xiyuan, 2017/04/20 17:03:24]

We would do nothing on auth error?

[Roman Sorokin (ftl), 2017/04/21 09:07:34]

KeyedService in the follow-up CL would handle that.

[xiyuan, 2017/04/21 14:48:14]

Please put the relevant part in CL description. It is not easy to dig into
history and check out the CL description.

[Roman Sorokin (ftl), 2017/04/24 16:21:28]

Done.

+    return;
+  SetDisplayAndGivenName(account_data.display_name(),

[xiyuan, 2017/04/20 17:03:24]

How would we handle the race between OnAuthSuccess and this callback?

[Roman Sorokin (ftl), 2017/04/21 09:07:34]

We're actually OK if this won't be called. I added section in the description
about follow-up CL. Maybe we should just ignore callback?

[xiyuan, 2017/04/21 14:48:14]

ExistingUserController is owned by LoginDisplayHostImpl. When cryptohome auth
succeeds, LoginDisplayHostImpl will be gone and so is ExistingUserController.
This callback could never be called.

I an inclined to just remove everything here and just put a comment here about
the follow up CL since the code here is not actually useful ATM. 

[Roman Sorokin (ftl), 2017/04/24 16:21:28]

Done.

+                         account_data.given_name());
+}
+
 }  // namespace chromeos