Do not display lock for hosted domains

chrome/browser/profiles/profile_downloader.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/profiles/profile_downloader.h"
 
 #include <string>
 #include <vector>
 
 #include "base/json/json_reader.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
 #include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/values.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_downloader_delegate.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_manager.h"
+#include "components/signin/core/common/profile_management_switches.h"
 #include "content/public/browser/browser_thread.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "net/base/load_flags.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_status.h"
 #include "skia/ext/image_operations.h"
 #include "url/gurl.h"
 
 using content::BrowserThread;
 
 namespace {
 
 // Template for optional authorization header when using an OAuth access token.
 const char kAuthorizationHeader[] =
     "Authorization: Bearer %s";
 
 // URL requesting user info.
 const char kUserEntryURL[] =
     "https://www.googleapis.com/oauth2/v1/userinfo?alt=json";
 
 // OAuth scope for the user info API.
 // For more info, see https://developers.google.com/accounts/docs/OAuth2LoginV1.
-const char kAPIScope[] = "https://www.googleapis.com/auth/userinfo.profile";
+const char kAPIEmailScope[] = "https://www.googleapis.com/auth/userinfo.email";
+const char kAPIProfileScope[] =
+    "https://www.googleapis.com/auth/userinfo.profile";
 
 // Path in JSON dictionary to user's photo thumbnail URL.
 const char kPhotoThumbnailURLPath[] = "picture";
 
+// Path in JSON dictionary to user's hosted domain.
+const char kHostedDomainPath[] = "hd";
+
 // From the user info API, this field corresponds to the full name of the user.
 const char kFullNamePath[] = "name";
 
 const char kGivenNamePath[] = "given_name";
 
 // Path in JSON dictionary to user's preferred locale.
 const char kLocalePath[] = "locale";
 
 // Path format for specifying thumbnail's size.
 const char kThumbnailSizeFormat[] = "s%d-c";
@@ skipping 69 matching lines @@
 }  // namespace
 
 // Parses the entry response and gets the name and profile image URL.
 // |data| should be the JSON formatted data return by the response.
 // Returns false to indicate a parsing error.
 bool ProfileDownloader::ParseProfileJSON(const std::string& data,
                                          base::string16* full_name,
                                          base::string16* given_name,
                                          std::string* url,
                                          int image_size,
-                                         std::string* profile_locale) {
+                                         std::string* profile_locale,
+                                         base::string16* hosted_domain) {
   DCHECK(full_name);
   DCHECK(given_name);
   DCHECK(url);
   DCHECK(profile_locale);
+  DCHECK(hosted_domain);
 
   *full_name = base::string16();
   *given_name = base::string16();
   *url = std::string();
   *profile_locale = std::string();
+  *hosted_domain = base::string16();
 
   int error_code = -1;
   std::string error_message;
   scoped_ptr<base::Value> root_value(base::JSONReader::ReadAndReturnError(
       data, base::JSON_PARSE_RFC, &error_code, &error_message));
   if (!root_value) {
     LOG(ERROR) << "Error while parsing user entry response: "
                << error_message;
     return false;
   }
   if (!root_value->IsType(base::Value::TYPE_DICTIONARY)) {
     LOG(ERROR) << "JSON root is not a dictionary: "
                << root_value->GetType();
     return false;
   }
   base::DictionaryValue* root_dictionary =
       static_cast<base::DictionaryValue*>(root_value.get());
 
   root_dictionary->GetString(kFullNamePath, full_name);
   root_dictionary->GetString(kGivenNamePath, given_name);
   root_dictionary->GetString(kLocalePath, profile_locale);
+  root_dictionary->GetString(kHostedDomainPath, hosted_domain);
 
   std::string url_string;
   if (root_dictionary->GetString(kPhotoThumbnailURLPath, &url_string)) {
     GURL new_url;
     if (!GetImageURLWithSize(GURL(url_string), image_size, &new_url)) {
       LOG(ERROR) << "GetImageURLWithSize failed for url: " << url_string;
       return false;
     }
     *url = new_url.spec();
   }
@@ skipping 58 matching lines @@
   account_id_ =
       account_id.empty() ?
           signin_manager->GetAuthenticatedAccountId() : account_id;
   if (service->RefreshTokenIsAvailable(account_id_)) {
     StartFetchingOAuth2AccessToken();
   } else {
     service->AddObserver(this);
   }
 }
 
+base::string16 ProfileDownloader::GetProfileHostedDomain() const {
+  return profile_hosted_domain_;
+}
+
 base::string16 ProfileDownloader::GetProfileFullName() const {
   return profile_full_name_;
 }
 
 base::string16 ProfileDownloader::GetProfileGivenName() const {
   return profile_given_name_;
 }
 
 std::string ProfileDownloader::GetProfileLocale() const {
   return profile_locale_;
@@ skipping 23 matching lines @@
   if (!auth_token_.empty()) {
     user_entry_fetcher_->SetExtraRequestHeaders(
         base::StringPrintf(kAuthorizationHeader, auth_token_.c_str()));
   }
   user_entry_fetcher_->Start();
 }
 
 void ProfileDownloader::StartFetchingOAuth2AccessToken() {
   Profile* profile = delegate_->GetBrowserProfile();
   OAuth2TokenService::ScopeSet scopes;
-  scopes.insert(kAPIScope);
+  scopes.insert(kAPIProfileScope);
+  // Increase scope to get hd attribute to determine if lock should be enabled.
+  if (switches::IsNewProfileManagement())
+    scopes.insert(kAPIEmailScope);
   ProfileOAuth2TokenService* token_service =
       ProfileOAuth2TokenServiceFactory::GetForProfile(profile);
   oauth2_access_token_request_ = token_service->StartRequest(
       account_id_, scopes, this);
 }
 
 ProfileDownloader::~ProfileDownloader() {
   // Ensures PO2TS observation is cleared when ProfileDownloader is destructed
   // before refresh token is available.
   ProfileOAuth2TokenService* service =
@@ skipping 21 matching lines @@
     return;
   }
 
   if (source == user_entry_fetcher_.get()) {
     std::string image_url;
     if (!ParseProfileJSON(data,
                           &profile_full_name_,
                           &profile_given_name_,
                           &image_url,
                           delegate_->GetDesiredImageSideLength(),
-                          &profile_locale_)) {
+                          &profile_locale_,
+                          &profile_hosted_domain_)) {
       delegate_->OnProfileDownloadFailure(
           this, ProfileDownloaderDelegate::SERVICE_ERROR);
       return;
     }
     if (!delegate_->NeedsProfilePicture()) {
       VLOG(1) << "Skipping profile picture download";
       delegate_->OnProfileDownloadSuccess(this);
       return;
     }
     if (IsDefaultProfileImageURL(image_url)) {
@@ skipping 77 matching lines @@
 void ProfileDownloader::OnGetTokenFailure(
     const OAuth2TokenService::Request* request,
     const GoogleServiceAuthError& error) {
   DCHECK_EQ(request, oauth2_access_token_request_.get());
   oauth2_access_token_request_.reset();
   LOG(WARNING) << "ProfileDownloader: token request using refresh token failed:"
                << error.ToString();
   delegate_->OnProfileDownloadFailure(
       this, ProfileDownloaderDelegate::TOKEN_ERROR);
 }