| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/policy/user_policy_signin_service.h" |
| 6 |
| 7 #include "chrome/browser/browser_process.h" |
| 8 #include "chrome/browser/policy/browser_policy_connector.h" |
| 9 #include "chrome/browser/policy/cloud_policy_service.h" |
| 10 #include "chrome/browser/policy/user_cloud_policy_manager.h" |
| 11 #include "chrome/browser/prefs/pref_service.h" |
| 12 #include "chrome/browser/profiles/profile.h" |
| 13 #include "chrome/browser/signin/signin_manager.h" |
| 14 #include "chrome/browser/signin/signin_manager_factory.h" |
| 15 #include "chrome/browser/signin/token_service.h" |
| 16 #include "chrome/browser/signin/token_service_factory.h" |
| 17 #include "chrome/common/chrome_notification_types.h" |
| 18 #include "chrome/common/net/gaia/gaia_constants.h" |
| 19 #include "chrome/common/net/gaia/gaia_urls.h" |
| 20 #include "chrome/common/net/gaia/oauth2_access_token_fetcher.h" |
| 21 #include "chrome/common/pref_names.h" |
| 22 #include "content/public/browser/notification_details.h" |
| 23 #include "content/public/browser/notification_source.h" |
| 24 |
| 25 namespace { |
| 26 // TODO(atwilson): Move this once we add OAuth token support to TokenService. |
| 27 const char kServiceScopeChromeOSDeviceManagement[] = |
| 28 "https://www.googleapis.com/auth/chromeosdevicemanagement"; |
| 29 |
| 30 // How long to delay before starting device policy network requests. Set to a |
| 31 // few seconds to alleviate contention during initial startup. |
| 32 const int64 kPolicyServiceInitializationDelayMilliseconds = 2000; |
| 33 } // namespace |
| 34 |
| 35 namespace policy { |
| 36 |
| 37 UserPolicySigninService::UserPolicySigninService( |
| 38 Profile* profile, |
| 39 UserCloudPolicyManager* manager) |
| 40 : profile_(profile), |
| 41 manager_(manager) { |
| 42 |
| 43 // Initialize/shutdown the UserCloudPolicyManager when the user signs in or |
| 44 // out. |
| 45 registrar_.Add(this, |
| 46 chrome::NOTIFICATION_GOOGLE_SIGNED_OUT, |
| 47 content::Source<Profile>(profile)); |
| 48 registrar_.Add(this, |
| 49 chrome::NOTIFICATION_TOKEN_AVAILABLE, |
| 50 content::Source<TokenService>( |
| 51 TokenServiceFactory::GetForProfile(profile))); |
| 52 |
| 53 // The Profile is not yet fully initialized when this object is created, |
| 54 // so wait until the initialization has finished to initialize the |
| 55 // UserCloudPolicyManager as otherwise various crashes ensue from services |
| 56 // trying to access the partially-initialized Profile. |
| 57 // TODO(atwilson): Remove this once ProfileImpl::DoFinalInit() goes away and |
| 58 // the profile is fully initialized before ProfileKeyedServices are created. |
| 59 registrar_.Add(this, |
| 60 chrome::NOTIFICATION_PROFILE_ADDED, |
| 61 content::Source<Profile>(profile)); |
| 62 } |
| 63 |
| 64 UserPolicySigninService::~UserPolicySigninService() { |
| 65 } |
| 66 |
| 67 void UserPolicySigninService::Observe( |
| 68 int type, |
| 69 const content::NotificationSource& source, |
| 70 const content::NotificationDetails& details) { |
| 71 switch (type) { |
| 72 case chrome::NOTIFICATION_PROFILE_ADDED: |
| 73 // Profile is initialized so it's safe to initialize the |
| 74 // UserCloudPolicyManager now. |
| 75 ConfigureUserCloudPolicyManager(); |
| 76 break; |
| 77 case chrome::NOTIFICATION_GOOGLE_SIGNED_OUT: |
| 78 ConfigureUserCloudPolicyManager(); |
| 79 break; |
| 80 case chrome::NOTIFICATION_TOKEN_AVAILABLE: { |
| 81 const TokenService::TokenAvailableDetails& token_details = |
| 82 *(content::Details<const TokenService::TokenAvailableDetails>( |
| 83 details).ptr()); |
| 84 if (token_details.service() == |
| 85 GaiaConstants::kGaiaOAuth2LoginRefreshToken) { |
| 86 // TokenService now has a refresh token, so reconfigure the |
| 87 // UserCloudPolicyManager to initiate a DMToken fetch if needed. |
| 88 ConfigureUserCloudPolicyManager(); |
| 89 } |
| 90 break; |
| 91 } |
| 92 default: |
| 93 NOTREACHED(); |
| 94 } |
| 95 } |
| 96 |
| 97 |
| 98 void UserPolicySigninService::ConfigureUserCloudPolicyManager() { |
| 99 // Don't do anything unless cloud policy is enabled. |
| 100 if (!profile_->GetPrefs()->GetBoolean(prefs::kLoadCloudPolicyOnSignin)) |
| 101 return; |
| 102 |
| 103 // Either startup or shutdown the UserCloudPolicyManager depending on whether |
| 104 // the user is signed in or not. |
| 105 if (!manager_) |
| 106 return; // Can be null in unit tests. |
| 107 |
| 108 SigninManager* signin_manager = SigninManagerFactory::GetForProfile(profile_); |
| 109 if (signin_manager->GetAuthenticatedUsername().empty()) { |
| 110 manager_->Shutdown(); |
| 111 } else { |
| 112 if (!manager_->cloud_policy_service()) { |
| 113 // Make sure we've initialized the DeviceManagementService. It's OK to |
| 114 // call this multiple times so we do it every time we initialize the |
| 115 // UserCloudPolicyManager. |
| 116 g_browser_process->browser_policy_connector()-> |
| 117 ScheduleServiceInitialization( |
| 118 kPolicyServiceInitializationDelayMilliseconds); |
| 119 // Initialize the UserCloudPolicyManager if it isn't already initialized. |
| 120 policy::DeviceManagementService* service = g_browser_process-> |
| 121 browser_policy_connector()->device_management_service(); |
| 122 manager_->Initialize(g_browser_process->local_state(), |
| 123 service, |
| 124 policy::USER_AFFILIATION_NONE); |
| 125 DCHECK(manager_->cloud_policy_service()); |
| 126 } |
| 127 |
| 128 // Register the CloudPolicyService if needed. |
| 129 if (!manager_->IsClientRegistered()) |
| 130 RegisterCloudPolicyService(); |
| 131 } |
| 132 } |
| 133 |
| 134 void UserPolicySigninService::RegisterCloudPolicyService() { |
| 135 // TODO(atwilson): Move the code to mint the devicemanagement token into |
| 136 // TokenService. |
| 137 std::string token = TokenServiceFactory::GetForProfile(profile_)-> |
| 138 GetOAuth2LoginRefreshToken(); |
| 139 if (token.empty()) { |
| 140 DLOG(WARNING) << "No OAuth Refresh Token - delaying policy download"; |
| 141 return; |
| 142 } |
| 143 |
| 144 // Do nothing if already fetching an access token. |
| 145 if (oauth2_access_token_fetcher_.get()) |
| 146 return; |
| 147 |
| 148 // Start fetching an OAuth2 access token for the device management service and |
| 149 // hand it off to the CloudPolicyClient when done. |
| 150 oauth2_access_token_fetcher_.reset( |
| 151 new OAuth2AccessTokenFetcher(this, profile_->GetRequestContext())); |
| 152 std::vector<std::string> scopes(1, kServiceScopeChromeOSDeviceManagement); |
| 153 GaiaUrls* gaia_urls = GaiaUrls::GetInstance(); |
| 154 oauth2_access_token_fetcher_->Start( |
| 155 gaia_urls->oauth2_chrome_client_id(), |
| 156 gaia_urls->oauth2_chrome_client_secret(), |
| 157 token, |
| 158 scopes); |
| 159 } |
| 160 |
| 161 void UserPolicySigninService::OnGetTokenFailure( |
| 162 const GoogleServiceAuthError& error) { |
| 163 DLOG(WARNING) << "Could not fetch access token for " |
| 164 << kServiceScopeChromeOSDeviceManagement; |
| 165 oauth2_access_token_fetcher_.reset(); |
| 166 manager_->CancelWaitForPolicyFetch(); |
| 167 } |
| 168 |
| 169 void UserPolicySigninService::OnGetTokenSuccess( |
| 170 const std::string& access_token, |
| 171 const base::Time& expiration_time) { |
| 172 // Pass along the new access token to the CloudPolicyClient. |
| 173 manager_->RegisterClient(access_token); |
| 174 oauth2_access_token_fetcher_.reset(); |
| 175 } |
| 176 |
| 177 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10693022:
Add support for loading user cloud policy on desktop. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src