Chromad: Allow offline login.

chrome/browser/chromeos/login/existing_user_controller.cc

Index: chrome/browser/chromeos/login/existing_user_controller.cc
diff --git a/chrome/browser/chromeos/login/existing_user_controller.cc b/chrome/browser/chromeos/login/existing_user_controller.cc
index 4847d9a76509e89444c00580d41bceafd12776c0..8bee35e76d50316d3d1878cfb9c3b193d33cf2e3 100644
--- a/chrome/browser/chromeos/login/existing_user_controller.cc
+++ b/chrome/browser/chromeos/login/existing_user_controller.cc
@@ -57,6 +57,7 @@
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/power_manager_client.h"
 #include "chromeos/dbus/session_manager_client.h"
+#include "chromeos/login/auth/authpolicy_login_helper.h"
 #include "chromeos/settings/cros_settings_names.h"
 #include "components/arc/arc_util.h"
 #include "components/google/core/browser/google_util.h"
@@ -382,6 +383,8 @@ ExistingUserController::~ExistingUserController() {
 
 void ExistingUserController::CancelPasswordChangedFlow() {
   login_performer_.reset(nullptr);
+  if (authpolicy_login_helper_)
+    authpolicy_login_helper_->CancelRequestsAndRestart();
   PerformLoginFinishedActions(true /* start auto login timer */);
 }
 
@@ -457,12 +460,24 @@ void ExistingUserController::PerformLogin(
   policy::BrowserPolicyConnectorChromeOS* connector =
       g_browser_process->platform_part()->browser_policy_connector_chromeos();
   if (connector->IsActiveDirectoryManaged() &&
-      user_context.GetAuthFlow() != UserContext::AUTH_FLOW_ACTIVE_DIRECTORY) {
+      user_context.GetUserType() != user_manager::USER_TYPE_ACTIVE_DIRECTORY) {
     PerformLoginFinishedActions(false /* don't start auto login timer */);
     ShowError(IDS_LOGIN_ERROR_GOOGLE_ACCOUNT_NOT_ALLOWED,
               "Google accounts are not allowed on this device");
     return;
   }
+  if (user_context.GetAccountId().GetAccountType() ==
+      AccountType::ACTIVE_DIRECTORY) {
+    DCHECK(user_context.GetKey()->GetKeyType() == Key::KEY_TYPE_PASSWORD_PLAIN);
+    if (!authpolicy_login_helper_)
+      authpolicy_login_helper_ = base::MakeUnique<AuthPolicyLoginHelper>();
+    authpolicy_login_helper_->AuthenticateUser(
+        user_context.GetAccountId().GetUserEmail(),
+        user_context.GetAccountId().GetObjGuid(),
+        user_context.GetKey()->GetSecret(),
+        base::Bind(&ExistingUserController::OnActiveDirectoryAuth,
+                   weak_factory_.GetWeakPtr()));
+  }
 
   if (gaia::ExtractDomainName(user_context.GetAccountId().GetUserEmail()) ==
       user_manager::kSupervisedUserDomain) {
@@ -718,6 +733,8 @@ void ExistingUserController::OnAuthFailure(const AuthFailure& failure) {
   if (auth_status_consumer_)
     auth_status_consumer_->OnAuthFailure(failure);
 
+  if (authpolicy_login_helper_)
+    authpolicy_login_helper_->CancelRequestsAndRestart();
   ClearRecordedNames();
 
   // TODO(ginkage): Fix this case once crbug.com/469990 is ready.
@@ -886,6 +903,8 @@ void ExistingUserController::WhiteListCheckFailed(const std::string& email) {
         AuthFailure(AuthFailure::WHITELIST_CHECK_FAILED));
   }
 
+  if (authpolicy_login_helper_)
+    authpolicy_login_helper_->CancelRequestsAndRestart();
   ClearRecordedNames();
 }
 
@@ -893,6 +912,8 @@ void ExistingUserController::PolicyLoadFailed() {
   ShowError(IDS_LOGIN_ERROR_OWNER_KEY_LOST, "");
 
   PerformLoginFinishedActions(false /* don't start auto login timer */);
+  if (authpolicy_login_helper_)
+    authpolicy_login_helper_->CancelRequestsAndRestart();
   ClearRecordedNames();
 }
 
@@ -1441,4 +1462,13 @@ void ExistingUserController::ClearRecordedNames() {
   given_name_.clear();
 }
 
+void ExistingUserController::OnActiveDirectoryAuth(
+    authpolicy::ErrorType error,
+    const authpolicy::ActiveDirectoryAccountData& account_data) {
+  if (error != authpolicy::ERROR_NONE)

[xiyuan, 2017/04/20 17:03:24]

We would do nothing on auth error?

[Roman Sorokin (ftl), 2017/04/21 09:07:34]

KeyedService in the follow-up CL would handle that.

[xiyuan, 2017/04/21 14:48:14]

Please put the relevant part in CL description. It is not easy to dig into
history and check out the CL description.

[Roman Sorokin (ftl), 2017/04/24 16:21:28]

Done.

+    return;
+  SetDisplayAndGivenName(account_data.display_name(),

[xiyuan, 2017/04/20 17:03:24]

How would we handle the race between OnAuthSuccess and this callback?

[Roman Sorokin (ftl), 2017/04/21 09:07:34]

We're actually OK if this won't be called. I added section in the description
about follow-up CL. Maybe we should just ignore callback?

[xiyuan, 2017/04/21 14:48:14]

ExistingUserController is owned by LoginDisplayHostImpl. When cryptohome auth
succeeds, LoginDisplayHostImpl will be gone and so is ExistingUserController.
This callback could never be called.

I an inclined to just remove everything here and just put a comment here about
the follow up CL since the code here is not actually useful ATM. 

[Roman Sorokin (ftl), 2017/04/24 16:21:28]

Done.

+                         account_data.given_name());
+}
+
 }  // namespace chromeos