Chromium Code Reviews Chromium Code Reviews
Issue 2860443002:
Chromad: Create AuthPolicyCredentialsManager (Closed)
| Index: chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.cc |
| diff --git a/chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.cc b/chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..586f64605fa67ca541aca14d0c4fa0f8733df163 |
| --- /dev/null |
| +++ b/chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.cc |
| @@ -0,0 +1,286 @@ |
| +// Copyright 2017 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "chrome/browser/chromeos/authpolicy/auth_policy_credentials_manager.h" |
| + |
| +#include "base/location.h" |
| +#include "base/memory/singleton.h" |
| +#include "base/strings/utf_string_conversions.h" |
| +#include "chrome/browser/browser_process.h" |
| +#include "chrome/browser/chromeos/profiles/profile_helper.h" |
| +#include "chrome/browser/lifetime/application_lifetime.h" |
| +#include "chrome/browser/notifications/notification.h" |
| +#include "chrome/browser/notifications/notification_delegate.h" |
| +#include "chrome/browser/notifications/notification_ui_manager.h" |
| +#include "chrome/browser/profiles/profile.h" |
| +#include "chrome/grit/chromium_strings.h" |
| +#include "chrome/grit/generated_resources.h" |
| +#include "chrome/grit/theme_resources.h" |
| +#include "chromeos/dbus/auth_policy_client.h" |
| +#include "chromeos/dbus/dbus_thread_manager.h" |
| +#include "chromeos/network/network_handler.h" |
| +#include "chromeos/network/network_state.h" |
| +#include "chromeos/network/network_state_handler.h" |
| +#include "components/keyed_service/content/browser_context_dependency_manager.h" |
| +#include "content/public/browser/browser_thread.h" |
| +#include "ui/base/l10n/l10n_util.h" |
| +#include "ui/base/resource/resource_bundle.h" |
| + |
| +namespace { |
| + |
| +const base::TimeDelta kGetUserStatusCallsInterval = |
| + base::TimeDelta::FromHours(1); |
| +const char kProfileSigninNotificationId[] = "chrome://settings/signin/"; |
| + |
| +// A notification delegate for the sign-out button. |
| +class SigninNotificationDelegate : public NotificationDelegate { |
| + public: |
| + explicit SigninNotificationDelegate(const std::string& id); |
| + |
| + // NotificationDelegate: |
| + void Click() override; |
| + void ButtonClick(int button_index) override; |
| + std::string id() const override; |
| + |
| + protected: |
| + ~SigninNotificationDelegate() override; |
| + |
| + private: |
| + void FixSignIn(); |
|
ljusten (tachyonic)
2017/05/03 10:12:17
Comment? From the class definition, shouldn't it b
Roman Sorokin (ftl)
2017/05/19 12:13:47
Done.
ljusten (tachyonic)
2017/05/19 16:06:13
β
Roman Sorokin (ftl)
2017/05/22 12:35:27
wat?
ljusten (tachyonic)
2017/05/22 14:27:49
beta = better (at least if you pronounce it like a
|
| + |
| + // Unique id of the notification. |
| + const std::string id_; |
| + |
| + DISALLOW_COPY_AND_ASSIGN(SigninNotificationDelegate); |
| +}; |
| + |
| +SigninNotificationDelegate::SigninNotificationDelegate(const std::string& id) |
| + : id_(id) {} |
| + |
| +SigninNotificationDelegate::~SigninNotificationDelegate() {} |
| + |
| +void SigninNotificationDelegate::Click() { |
| + FixSignIn(); |
| +} |
| + |
| +void SigninNotificationDelegate::ButtonClick(int button_index) { |
| + FixSignIn(); |
| +} |
| + |
| +std::string SigninNotificationDelegate::id() const { |
| + return id_; |
| +} |
| + |
| +void SigninNotificationDelegate::FixSignIn() { |
| + chrome::AttemptUserExit(); |
| +} |
| +} // namespace |
| + |
| +AuthPolicyCredentialsManager::AuthPolicyCredentialsManager(Profile* profile) |
| + : profile_(profile), weak_factory_(this) { |
| + DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| + StartObserveNetwork(); |
| + const user_manager::User* user = |
| + chromeos::ProfileHelper::Get()->GetUserByProfile(profile); |
| + CHECK(user && user->IsActiveDirectoryUser()); |
| + account_id_ = user->GetAccountId(); |
| + GetUserStatus(); |
| +} |
| + |
| +AuthPolicyCredentialsManager::~AuthPolicyCredentialsManager() {} |
| + |
| +void AuthPolicyCredentialsManager::Shutdown() { |
| + StopObserveNetwork(); |
|
ljusten (tachyonic)
2017/05/03 10:12:17
Cancel scheduled_get_user_status_call_? Note that
Roman Sorokin (ftl)
2017/05/19 12:13:48
It does.
ljusten (tachyonic)
2017/05/19 16:06:13
Nm, it actually is cancelled.
Roman Sorokin (ftl)
2017/05/22 12:35:27
Acknowledged.
|
| +} |
| + |
| +void AuthPolicyCredentialsManager::DefaultNetworkChanged( |
| + const chromeos::NetworkState* network) { |
| + CallGetStatusIfConnected(network); |
| +} |
| + |
| +void AuthPolicyCredentialsManager::NetworkConnectionStateChanged( |
| + const chromeos::NetworkState* network) { |
| + CallGetStatusIfConnected(network); |
| +} |
| + |
| +void AuthPolicyCredentialsManager::OnShuttingDown() { |
| + StopObserveNetwork(); |
| +} |
| + |
| +void AuthPolicyCredentialsManager::GetUserStatus() { |
| + DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| + should_call_get_status_again_ = false; |
| + chromeos::DBusThreadManager::Get()->GetAuthPolicyClient()->GetUserStatus( |
| + account_id_.GetObjGuid(), |
| + base::BindOnce(&AuthPolicyCredentialsManager::OnGetUserStatusCallback, |
| + weak_factory_.GetWeakPtr())); |
| +} |
| + |
| +void AuthPolicyCredentialsManager::OnGetUserStatusCallback( |
| + authpolicy::ErrorType error, |
| + const authpolicy::ActiveDirectoryUserStatus& user_status) { |
| + last_error_ = error; |
| + if (error != authpolicy::ERROR_NONE) { |
| + DCHECK(error == authpolicy::ERROR_CONTACTING_KDC_FAILED); |
|
ljusten (tachyonic)
2017/05/03 10:12:16
Suggest remove. This is dangerous. Even though ERR
Roman Sorokin (ftl)
2017/05/19 12:13:48
Done.
|
| + DLOG(ERROR) << "GetUserStatus failed with " << error; |
| + return; |
| + } |
| + CHECK(user_status.account_info().account_id() == account_id_.GetObjGuid()); |
| + if (user_status.has_account_info()) |
| + UpdateDisplayAndGivenName(user_status.account_info()); |
| + |
| + if (should_call_get_status_again_) { |
| + GetUserStatus(); |
|
ljusten (tachyonic)
2017/05/03 10:12:16
Why do you update names if should_call_get_status_
Roman Sorokin (ftl)
2017/05/19 12:13:47
We don't want to spam notifications. Updating name
ljusten (tachyonic)
2017/05/19 16:06:13
But then the next call could fail and the user wou
Roman Sorokin (ftl)
2017/05/22 12:35:27
Yeah, it's a good idea
|
| + return; |
| + } |
| + |
| + ScheduleGetUserStatus(); |
| + |
| + if (user_status.has_password_status()) { |
|
ljusten (tachyonic)
2017/05/19 16:06:13
DCHECK instead. It should always be present.
Roman Sorokin (ftl)
2017/05/22 12:35:27
Done.
|
| + switch (user_status.password_status()) { |
| + case authpolicy::ActiveDirectoryUserStatus::PASSWORD_VALID: |
| + // do nothing |
| + break; |
| + case authpolicy::ActiveDirectoryUserStatus::PASSWORD_EXPIRED: |
| + ShowNotification(IDS_ACTIVE_DIRECTORY_PASSWORD_EXPIRED); |
| + return; |
| + case authpolicy::ActiveDirectoryUserStatus::PASSWORD_CHANGED: |
| + ShowNotification(IDS_ACTIVE_DIRECTORY_PASSWORD_CHANGED); |
| + return; |
| + } |
| + } |
| + |
| + if (user_status.has_tgt_status()) { |
|
ljusten (tachyonic)
2017/05/19 16:06:13
DCHECK instead. It should always be present.
Roman Sorokin (ftl)
2017/05/22 12:35:27
Done.
|
| + switch (user_status.tgt_status()) { |
| + case authpolicy::ActiveDirectoryUserStatus::TGT_VALID: |
| + // do nothing |
| + break; |
| + case authpolicy::ActiveDirectoryUserStatus::TGT_EXPIRED: |
| + case authpolicy::ActiveDirectoryUserStatus::TGT_NOT_FOUND: |
| + ShowNotification(IDS_ACTIVE_DIRECTORY_REFRESH_AUTH_TOKEN); |
| + return; |
| + } |
| + } |
| + // Everything is ok. |
| + user_manager::UserManager::Get()->SaveForceOnlineSignin(account_id_, false); |
| +} |
| + |
| +void AuthPolicyCredentialsManager::ScheduleGetUserStatus() { |
| + scheduled_get_user_status_call_.Reset(base::Bind( |
| + &AuthPolicyCredentialsManager::GetUserStatus, base::Unretained(this))); |
| + base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( |
| + FROM_HERE, scheduled_get_user_status_call_.callback(), |
| + kGetUserStatusCallsInterval); |
| +} |
| + |
| +void AuthPolicyCredentialsManager::StartObserveNetwork() { |
| + if (chromeos::NetworkHandler::IsInitialized()) |
|
ljusten (tachyonic)
2017/05/03 10:12:16
Since this can fail, return bool? Or DCHECK?
Roman Sorokin (ftl)
2017/05/19 12:13:46
Done.
|
| + chromeos::NetworkHandler::Get()->network_state_handler()->AddObserver( |
| + this, FROM_HERE); |
| +} |
| + |
| +void AuthPolicyCredentialsManager::StopObserveNetwork() { |
| + if (chromeos::NetworkHandler::IsInitialized()) |
|
ljusten (tachyonic)
2017/05/03 10:12:16
Since this can fail, return bool? Or DCHECK?
Roman Sorokin (ftl)
2017/05/19 12:13:46
Done.
|
| + chromeos::NetworkHandler::Get()->network_state_handler()->RemoveObserver( |
| + this, FROM_HERE); |
| +} |
| + |
| +void AuthPolicyCredentialsManager::UpdateDisplayAndGivenName( |
| + const authpolicy::ActiveDirectoryAccountInfo& account_info) { |
| + if (display_name_ == account_info.display_name() && |
| + given_name_ == account_info.given_name()) { |
| + return; |
| + } |
| + display_name_ = account_info.display_name(); |
| + given_name_ = account_info.given_name(); |
| + user_manager::UserManager::Get()->UpdateUserAccountData( |
| + account_id_, |
| + user_manager::UserManager::UserAccountData( |
| + base::UTF8ToUTF16(display_name_), base::UTF8ToUTF16(given_name_), |
| + std::string() /* locale */)); |
| +} |
| + |
| +void AuthPolicyCredentialsManager::ShowNotification(int message_id) const { |
| + user_manager::UserManager::Get()->SaveForceOnlineSignin(account_id_, true); |
| + |
| + message_center::RichNotificationData data; |
| + data.buttons.push_back(message_center::ButtonInfo( |
| + l10n_util::GetStringUTF16(IDS_SYNC_RELOGIN_LINK_LABEL))); |
| + |
| + std::string notification_id = |
|
ljusten (tachyonic)
2017/05/03 10:12:17
const
Roman Sorokin (ftl)
2017/05/19 12:13:48
Done.
|
| + kProfileSigninNotificationId + profile_->GetProfileUserName(); |
| + // Set the delegate for the notification's sign-out button. |
| + SigninNotificationDelegate* delegate = |
| + new SigninNotificationDelegate(notification_id); |
| + |
| + message_center::NotifierId notifier_id( |
|
ljusten (tachyonic)
2017/05/03 10:12:16
const
Roman Sorokin (ftl)
2017/05/19 12:13:47
Nope
ljusten (tachyonic)
2017/05/19 16:06:13
Acknowledged.
Roman Sorokin (ftl)
2017/05/22 12:35:27
Acknowledged.
|
| + message_center::NotifierId::SYSTEM_COMPONENT, |
| + kProfileSigninNotificationId); |
| + |
| + // Set |profile_id| for multi-user notification blocker. |
| + notifier_id.profile_id = profile_->GetProfileUserName(); |
| + |
| + Notification notification( |
| + message_center::NOTIFICATION_TYPE_SIMPLE, |
| + l10n_util::GetStringUTF16(IDS_SIGNIN_ERROR_BUBBLE_VIEW_TITLE), |
| + l10n_util::GetStringUTF16(message_id), |
| + ui::ResourceBundle::GetSharedInstance().GetImageNamed( |
| + IDR_NOTIFICATION_ALERT), |
| + notifier_id, |
| + base::string16(), // display_source |
| + GURL(notification_id), notification_id, data, delegate); |
| + notification.SetSystemPriority(); |
| + |
| + NotificationUIManager* notification_ui_manager = |
| + g_browser_process->notification_ui_manager(); |
| + // Update or add the notification. |
| + if (notification_ui_manager->FindById( |
| + notification_id, NotificationUIManager::GetProfileID(profile_))) |
| + notification_ui_manager->Update(notification, profile_); |
| + else |
| + notification_ui_manager->Add(notification, profile_); |
| +} |
| + |
| +void AuthPolicyCredentialsManager::CallGetStatusIfConnected( |
| + const chromeos::NetworkState* network) { |
| + if (last_error_ != authpolicy::ERROR_NONE) |
|
ljusten (tachyonic)
2017/05/19 16:06:13
Modify as discussed offline to handle the followin
Roman Sorokin (ftl)
2017/05/22 12:35:27
Done.
|
| + return; |
| + if (!network || !network->IsConnectedState()) |
| + return; |
| + if (weak_factory_.HasWeakPtrs()) { |
| + // Another call is in progress. |
| + should_call_get_status_again_ = true; |
| + return; |
| + } |
| + GetUserStatus(); |
| +} |
| + |
| +// static |
| +AuthPolicyCredentialsManagerFactory* |
| +AuthPolicyCredentialsManagerFactory::GetInstance() { |
| + return base::Singleton<AuthPolicyCredentialsManagerFactory>::get(); |
| +} |
| + |
| +// static |
| +void AuthPolicyCredentialsManagerFactory::BuildForProfileIfActiveDirectory( |
| + Profile* profile) { |
| + const user_manager::User* user = |
| + chromeos::ProfileHelper::Get()->GetUserByProfile(profile); |
| + if (!user || !user->IsActiveDirectoryUser()) |
| + return; |
| + GetInstance()->GetServiceForBrowserContext(profile, true /* create */); |
| +} |
| + |
| +AuthPolicyCredentialsManagerFactory::AuthPolicyCredentialsManagerFactory() |
| + : BrowserContextKeyedServiceFactory( |
| + "AuthPolicyCredentialsManager", |
| + BrowserContextDependencyManager::GetInstance()) {} |
| + |
| +AuthPolicyCredentialsManagerFactory::~AuthPolicyCredentialsManagerFactory() {} |
| + |
| +KeyedService* AuthPolicyCredentialsManagerFactory::BuildServiceInstanceFor( |
|
ljusten (tachyonic)
2017/05/03 10:12:16
Unused?
Roman Sorokin (ftl)
2017/05/19 12:13:46
This is the factory method.
|
| + content::BrowserContext* context) const { |
| + Profile* profile = Profile::FromBrowserContext(context); |
| + return new AuthPolicyCredentialsManager(profile); |
| +} |
