ComponentCloudPolicyService tracks the signin state.

chrome/browser/policy/cloud/component_cloud_policy_service.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/policy/cloud/component_cloud_policy_service.h"
 
 #include <string>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop_proxy.h"
 #include "base/sequenced_task_runner.h"
 #include "base/time/time.h"

[bartfab (slow), 2013/11/18 13:15:39]

Nit: No longer used.

[Joao da Silva, 2013/11/18 14:54:18]

Done.

 #include "chrome/browser/policy/cloud/cloud_policy_constants.h"
+#include "chrome/browser/policy/cloud/cloud_policy_refresh_scheduler.h"
 #include "chrome/browser/policy/cloud/component_cloud_policy_store.h"
 #include "chrome/browser/policy/cloud/component_cloud_policy_updater.h"
 #include "chrome/browser/policy/cloud/external_policy_data_fetcher.h"
 #include "chrome/browser/policy/cloud/resource_cache.h"
 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h"
 #include "chrome/browser/policy/schema_map.h"
 #include "components/policy/core/common/schema.h"
 #include "net/url_request/url_request_context_getter.h"
 
 namespace em = enterprise_management;
@@ skipping 96 matching lines @@
       service_task_runner_(service_task_runner),
       cache_(cache.Pass()),
       external_policy_data_fetcher_(external_policy_data_fetcher.Pass()),
       store_(this, cache_.get()) {}
 
 ComponentCloudPolicyService::Backend::~Backend() {}
 
 void ComponentCloudPolicyService::Backend::SetCredentials(
     const std::string& username,
     const std::string& dm_token) {
-  store_.SetCredentials(username, dm_token);
+  if (username.empty() || dm_token.empty()) {
+    // No sign-in credentials, so drop any cached policy.
+    store_.Clear();
+  } else {
+    store_.SetCredentials(username, dm_token);
+  }
 }
 
 void ComponentCloudPolicyService::Backend::Init(
     scoped_refptr<SchemaMap> schema_map) {
   DCHECK(!schema_map_);
 
   OnSchemasUpdated(schema_map, scoped_ptr<PolicyNamespaceList>());
 
   // Read the initial policy. Note that this does not trigger notifications
   // through OnComponentCloudPolicyStoreUpdated.
@@ skipping 13 matching lines @@
 }
 
 void ComponentCloudPolicyService::Backend::UpdateExternalPolicy(
     scoped_ptr<em::PolicyFetchResponse> response) {
   updater_->UpdateExternalPolicy(response.Pass());
 }
 
 void ComponentCloudPolicyService::Backend::
     OnComponentCloudPolicyStoreUpdated() {
   if (!schema_map_) {
-    // Ignore notifications triggered by the initial Purge.
+    // Ignore notifications triggered by the initial Purge or Clear.
     return;
   }
 
   scoped_ptr<PolicyBundle> bundle(new PolicyBundle);
   bundle->CopyFrom(store_.policy());
   schema_map_->FilterBundle(bundle.get());
   service_task_runner_->PostTask(
       FROM_HERE,
       base::Bind(&ComponentCloudPolicyService::OnPolicyUpdated,
                  service_,
@@ skipping 17 matching lines @@
 
   if (removed) {
     for (size_t i = 0; i < removed->size(); ++i)
       updater_->CancelUpdate((*removed)[i]);
   }
 }
 
 ComponentCloudPolicyService::ComponentCloudPolicyService(
     Delegate* delegate,
     SchemaRegistry* schema_registry,
-    CloudPolicyStore* store,
+    CloudPolicyCore* core,
     scoped_ptr<ResourceCache> cache,
-    CloudPolicyClient* client,
     scoped_refptr<net::URLRequestContextGetter> request_context,
     scoped_refptr<base::SequencedTaskRunner> backend_task_runner,
     scoped_refptr<base::SequencedTaskRunner> io_task_runner)
     : delegate_(delegate),
       schema_registry_(schema_registry),
-      store_(store),
-      client_(client),
+      core_(core),
       request_context_(request_context),
       backend_task_runner_(backend_task_runner),
       io_task_runner_(io_task_runner),
       current_schema_map_(new SchemaMap),
-      is_initialized_(false),
-      has_credentials_(false),
+      loaded_initial_policy_(false),
+      is_registered_for_cloud_policy_(false),
       weak_ptr_factory_(this) {
-  schema_registry_->AddObserver(this);
-  store_->AddObserver(this);
-  client_->AddObserver(this);
-
   external_policy_data_fetcher_backend_.reset(
       new ExternalPolicyDataFetcherBackend(io_task_runner_, request_context));
 
   backend_.reset(
       new Backend(weak_ptr_factory_.GetWeakPtr(),
                   backend_task_runner_,
                   base::MessageLoopProxy::current(),
                   cache.Pass(),
                   external_policy_data_fetcher_backend_->CreateFrontend(
                       backend_task_runner_)));
 
-  if (store_->is_initialized())
-    OnStoreLoaded(store_);
+  schema_registry_->AddObserver(this);
+  core_->store()->AddObserver(this);
+
+  // Wait for the store and the schema registry to become ready before
+  // initializing the backend, so that it can get the initial list of
+  // components and the cached credentials (if any) to validate the cached
+  // policies.
+  if (core_->store()->is_initialized())
+    OnStoreLoaded(core_->store());
 }
 
 ComponentCloudPolicyService::~ComponentCloudPolicyService() {
   DCHECK(CalledOnValidThread());
+
   schema_registry_->RemoveObserver(this);
-  store_->RemoveObserver(this);
-  client_->RemoveObserver(this);
-
-  // Remove all the namespaces from |client_| but don't send this empty schema
-  // to the backend, to avoid dropping the caches.
-  if (is_initialized()) {
-    scoped_refptr<SchemaMap> empty(new SchemaMap);
-    SetCurrentSchema(empty, false);
-  }
+  core_->store()->RemoveObserver(this);
+  core_->RemoveObserver(this);
+  if (core_->client())
+    OnCoreDisconnecting(core_);
 
   io_task_runner_->DeleteSoon(FROM_HERE,
                               external_policy_data_fetcher_backend_.release());
   backend_task_runner_->DeleteSoon(FROM_HERE, backend_.release());
 }
 
 // static
 bool ComponentCloudPolicyService::SupportsDomain(PolicyDomain domain) {
   return ComponentCloudPolicyStore::SupportsDomain(domain);
 }
 
+void ComponentCloudPolicyService::OnSchemaRegistryReady() {
+  DCHECK(CalledOnValidThread());
+  InitializeIfReady();
+}
+
+void ComponentCloudPolicyService::OnSchemaRegistryUpdated(
+    bool has_new_schemas) {
+  DCHECK(CalledOnValidThread());
+
+  // Ignore schema updates until the backend is initialized.
+  // OnBackendInitialized() will send the current schema to the backend again,
+  // in case it was updated before the backend initialized.
+  if (!loaded_initial_policy_)
+    return;
+
+  SetCurrentSchema();
+}
+
+void ComponentCloudPolicyService::OnCoreConnected(CloudPolicyCore* core) {
+  DCHECK(CalledOnValidThread());
+  DCHECK_EQ(core_, core);
+
+  core_->client()->AddObserver(this);
+
+  // Immediately load any PolicyFetchResponses that the client may already
+  // have.
+  OnPolicyFetched(core_->client());
+
+  // Register the current namespaces at the client.
+  current_schema_map_ = new SchemaMap();
+  SetCurrentSchema();
+}
+
+void ComponentCloudPolicyService::OnCoreDisconnecting(CloudPolicyCore* core) {
+  DCHECK(CalledOnValidThread());
+  DCHECK_EQ(core_, core);
+
+  core_->client()->RemoveObserver(this);
+
+  // Remove all the namespaces from the client.
+  scoped_refptr<SchemaMap> empty = new SchemaMap();
+  PolicyNamespaceList removed;
+  PolicyNamespaceList added;
+  empty->GetChanges(current_schema_map_, &removed, &added);
+  for (size_t i = 0; i < removed.size(); ++i) {
+    PolicyNamespaceKey key;
+    if (ToPolicyNamespaceKey(removed[i], &key))
+      core_->client()->RemoveNamespaceToFetch(key);
+  }
+}
+
+void ComponentCloudPolicyService::OnRefreshSchedulerStarted(
+    CloudPolicyCore* core) {
+  // Ignored.
+}
+
+void ComponentCloudPolicyService::OnStoreLoaded(CloudPolicyStore* store) {
+  DCHECK(CalledOnValidThread());
+  DCHECK_EQ(core_->store(), store);
+
+  const bool was_registered_before = is_registered_for_cloud_policy_;
+
+  // Send the current credentials to the backend; do this whenever the store
+  // updates, to handle the case of the user registering for policy after the
+  // session starts, or the user signing out.
+  const em::PolicyData* policy = core_->store()->policy();
+  std::string username;
+  std::string request_token;
+  if (policy && policy->has_username() && policy->has_request_token()) {
+    is_registered_for_cloud_policy_ = true;
+    username = policy->username();
+    request_token = policy->request_token();
+  } else {
+    is_registered_for_cloud_policy_ = false;
+  }
+
+  // Empty credentials will wipe the cache.
+  backend_task_runner_->PostTask(FROM_HERE,
+                                 base::Bind(&Backend::SetCredentials,
+                                            base::Unretained(backend_.get()),
+                                            username,
+                                            request_token));
+
+  if (!loaded_initial_policy_) {
+    // This is the initial load; check if we're ready to initialize the
+    // backend, regardless of the signin state.
+    InitializeIfReady();
+  } else if (!was_registered_before && is_registered_for_cloud_policy_) {
+    // We are already initialized, but just sent credentials to the backend for
+    // the first time; this means that the user was not registered for cloud
+    // policy on startup but registered during the session.
+    //
+    // When that happens, OnPolicyFetched() is sent to observers before the
+    // CloudPolicyStore gets a chance to verify the user policy. In that case,
+    // if OnPolicyFetched() sent the PolicyFetchResponses to the backend then

[bartfab (slow), 2013/11/18 13:15:39]

I see what you are trying to say but the sentence does not parse well. Could you
split the long sentence into two and replace ambiguous phrases like then (do you
mean "if ... then" or "there and then" - two very different meanings of the
word)?

[Joao da Silva, 2013/11/18 14:54:18]

Done.

+    // they would fail validation, because the credentials weren't there yet.
+    // Reload any PolicyFetchResponses that the client may have now.
+    if (core_->client())
+      OnPolicyFetched(core_->client());
+  }
+}
+
+void ComponentCloudPolicyService::OnStoreError(CloudPolicyStore* store) {
+  DCHECK(CalledOnValidThread());
+  OnStoreLoaded(store);
+}
+
 void ComponentCloudPolicyService::OnPolicyFetched(CloudPolicyClient* client) {
   DCHECK(CalledOnValidThread());
-  DCHECK_EQ(client_, client);
+  DCHECK_EQ(core_->client(), client);
 
-  if (!is_initialized() || !has_credentials_)
+  if (!is_registered_for_cloud_policy_) {
+    // Trying to load any policies now will fail validation. An OnStoreLoaded()
+    // notification should follow soon, after the main user policy has been
+    // validated and stored.
     return;
+  }
 
   // Pass each PolicyFetchResponse whose policy type is registered to the
   // Backend.
-  const CloudPolicyClient::ResponseMap& responses = client_->responses();
+  const CloudPolicyClient::ResponseMap& responses =
+      core_->client()->responses();
   for (CloudPolicyClient::ResponseMap::const_iterator it = responses.begin();
        it != responses.end(); ++it) {
     PolicyNamespace ns;
     if (ToPolicyNamespace(it->first, &ns) &&
         current_schema_map_->GetSchema(ns)) {
       scoped_ptr<em::PolicyFetchResponse> response(
           new em::PolicyFetchResponse(*it->second));
       backend_task_runner_->PostTask(
           FROM_HERE,
           base::Bind(&Backend::UpdateExternalPolicy,
                      base::Unretained(backend_.get()),
                      base::Passed(&response)));
     }
   }
 }
 
 void ComponentCloudPolicyService::OnRegistrationStateChanged(
     CloudPolicyClient* client) {
   DCHECK(CalledOnValidThread());
-  // Ignored.
+  // Ignored; the registration state is tracked by looking at the
+  // CloudPolicyStore instead.
 }
 
 void ComponentCloudPolicyService::OnClientError(CloudPolicyClient* client) {
   DCHECK(CalledOnValidThread());
   // Ignored.
 }
 
-void ComponentCloudPolicyService::OnStoreLoaded(CloudPolicyStore* store) {
-  DCHECK(CalledOnValidThread());
-  DCHECK_EQ(store_, store);
-
-  if (!store_->is_initialized())
-    return;
-
-  const em::PolicyData* policy = store_->policy();
-  if (!has_credentials_ && policy && policy->has_username() &&
-      policy->has_request_token()) {
-    // Send the current credentials to the backend, if they haven't been sent
-    // before. Usually this happens at startup if the user already had a cached
-    // cloud policy; otherwise it happens right after the initial registration
-    // for cloud policy.
-    backend_task_runner_->PostTask(FROM_HERE,
-                                   base::Bind(&Backend::SetCredentials,
-                                              base::Unretained(backend_.get()),
-                                              policy->username(),
-                                              policy->request_token()));
-    has_credentials_ = true;
-    if (is_initialized()) {
-      // This was the first policy fetch for this client. Process any
-      // PolicyFetchResponses that the client may have now; processing them
-      // before the credentials were sent to the backend would fail validation.
-      OnPolicyFetched(client_);
-    }
-  }
-
-  if (!is_initialized())
-    InitializeIfReady();
-}
-
-void ComponentCloudPolicyService::OnStoreError(CloudPolicyStore* store) {
-  DCHECK(CalledOnValidThread());
-  OnStoreLoaded(store);
-}
-
-void ComponentCloudPolicyService::OnSchemaRegistryReady() {
-  DCHECK(CalledOnValidThread());
-  InitializeIfReady();
-}
-
-void ComponentCloudPolicyService::OnSchemaRegistryUpdated(
-    bool has_new_schemas) {
-  DCHECK(CalledOnValidThread());
-
-  if (!is_initialized())
-    return;
-
-  // When an extension is reloaded or updated, it triggers an unregister quickly
-  // followed by a register in the SchemaRegistry. If the intermediate version
-  // of the SchemaMap is passed to the backend then it will drop the cached
-  // policy for that extension and will trigger a new policy fetch soon after.
-  // Delaying the schema update here coalesces both updates into one, and the
-  // new schema will equal the older version in case of extension updates.
-  //
-  // TODO(joaodasilva): Increase this delay to 10 seconds. For now it's
-  // immediate so that tests don't get delayed.
-  schema_update_timer_.Start(
-      FROM_HERE,
-      base::TimeDelta::FromSeconds(0),
-      base::Bind(&ComponentCloudPolicyService::SetCurrentSchema,
-                 base::Unretained(this),
-                 schema_registry_->schema_map(),
-                 true));
-}
-
 void ComponentCloudPolicyService::InitializeIfReady() {
   DCHECK(CalledOnValidThread());
-  if (!schema_registry_->IsReady() || !store_->is_initialized())
+  if (!schema_registry_->IsReady() || !core_->store()->is_initialized())
     return;
+  // The initial list of components is ready. Initialize the backend now, which
+  // will call back to OnBackendInitialized.
   backend_task_runner_->PostTask(FROM_HERE,
                                  base::Bind(&Backend::Init,
                                             base::Unretained(backend_.get()),
                                             schema_registry_->schema_map()));
 }
 
 void ComponentCloudPolicyService::OnBackendInitialized(
     scoped_ptr<PolicyBundle> initial_policy) {
   DCHECK(CalledOnValidThread());
 
-  is_initialized_ = true;
+  loaded_initial_policy_ = true;
 
-  // Send the current schema to the backend, in case it has changed while the
-  // backend was initializing.
-  SetCurrentSchema(schema_registry_->schema_map(), true);
+  // We're now ready to serve the initial policy; notify the policy observers.
+  OnPolicyUpdated(initial_policy.Pass());
 
-  // Process any PolicyFetchResponses that the client may already have, or that
-  // may have been received while the backend was initializing.
-  OnPolicyFetched(client_);
+  // Start observing the core and tracking the state of the client.
+  core_->AddObserver(this);
 
-  // Finally tell the Delegate that the initial policy is available.
-  OnPolicyUpdated(initial_policy.Pass());
+  if (core_->client()) {
+    OnCoreConnected(core_);
+  } else {
+    // Send the current schema to the backend, in case it has changed while the
+    // backend was initializing. OnCoreConnected() also does this if a client is
+    // already connected.
+    SetCurrentSchema();
+  }
 }
 
-void ComponentCloudPolicyService::SetCurrentSchema(
-    const scoped_refptr<SchemaMap>& new_schema_map,
-    bool send_to_backend) {
+void ComponentCloudPolicyService::SetCurrentSchema() {
   DCHECK(CalledOnValidThread());
-  DCHECK(is_initialized());
 
   scoped_ptr<PolicyNamespaceList> removed(new PolicyNamespaceList);
   PolicyNamespaceList added;
+  const scoped_refptr<SchemaMap>& new_schema_map =
+      schema_registry_->schema_map();
   new_schema_map->GetChanges(current_schema_map_, removed.get(), &added);
 
   current_schema_map_ = new_schema_map;
 
-  for (size_t i = 0; i < removed->size(); ++i) {
-    PolicyNamespaceKey key;
-    if (ToPolicyNamespaceKey((*removed)[i], &key))
-      client_->RemoveNamespaceToFetch(key);
+  if (core_->client()) {
+    for (size_t i = 0; i < removed->size(); ++i) {
+      PolicyNamespaceKey key;
+      if (ToPolicyNamespaceKey((*removed)[i], &key))
+        core_->client()->RemoveNamespaceToFetch(key);
+    }
+
+    bool added_namespaces_to_client = false;
+    for (size_t i = 0; i < added.size(); ++i) {
+      PolicyNamespaceKey key;
+      if (ToPolicyNamespaceKey(added[i], &key)) {
+        core_->client()->AddNamespaceToFetch(key);
+        added_namespaces_to_client = true;
+      }
+    }
+
+    if (added_namespaces_to_client)
+      core_->RefreshSoon();
   }
 
-  bool added_namespaces_to_client = false;
-  for (size_t i = 0; i < added.size(); ++i) {
-    PolicyNamespaceKey key;
-    if (ToPolicyNamespaceKey(added[i], &key)) {
-      client_->AddNamespaceToFetch(key);
-      added_namespaces_to_client = true;
-    }
-  }
-
-  if (added_namespaces_to_client)
-    delegate_->OnComponentCloudPolicyRefreshNeeded();
-
-  if (send_to_backend) {
-    backend_task_runner_->PostTask(FROM_HERE,
-                                   base::Bind(&Backend::OnSchemasUpdated,
-                                              base::Unretained(backend_.get()),
-                                              current_schema_map_,
-                                              base::Passed(&removed)));
-  }
+  backend_task_runner_->PostTask(FROM_HERE,
+                                 base::Bind(&Backend::OnSchemasUpdated,
+                                            base::Unretained(backend_.get()),
+                                            current_schema_map_,
+                                            base::Passed(&removed)));
 }
 
 void ComponentCloudPolicyService::OnPolicyUpdated(
     scoped_ptr<PolicyBundle> policy) {
   DCHECK(CalledOnValidThread());
   policy_.Swap(policy.get());
   delegate_->OnComponentCloudPolicyUpdated();
 }
 
 }  // namespace policy