| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/policy/user_policy_signin_service.h" | |
| 6 | |
| 7 #include "chrome/browser/browser_process.h" | |
| 8 #include "chrome/browser/policy/browser_policy_connector.h" | |
| 9 #include "chrome/browser/policy/cloud_policy_service.h" | |
| 10 #include "chrome/browser/policy/user_cloud_policy_manager.h" | |
| 11 #include "chrome/browser/prefs/pref_service.h" | |
| 12 #include "chrome/browser/profiles/profile.h" | |
| 13 #include "chrome/browser/signin/signin_manager.h" | |
| 14 #include "chrome/browser/signin/signin_manager_factory.h" | |
| 15 #include "chrome/browser/signin/token_service.h" | |
| 16 #include "chrome/browser/signin/token_service_factory.h" | |
| 17 #include "chrome/common/chrome_notification_types.h" | |
| 18 #include "chrome/common/net/gaia/gaia_constants.h" | |
| 19 #include "chrome/common/net/gaia/gaia_urls.h" | |
| 20 #include "chrome/common/net/gaia/oauth2_access_token_fetcher.h" | |
| 21 #include "chrome/common/pref_names.h" | |
| 22 #include "content/public/browser/notification_details.h" | |
| 23 #include "content/public/browser/notification_source.h" | |
| 24 | |
| 25 namespace { | |
| 26 // TODO(atwilson): Move this once we add OAuth token support to TokenService. | |
| 27 const char kServiceScopeChromeOSDeviceManagement[] = | |
| 28 "https://www.googleapis.com/auth/chromeosdevicemanagement"; | |
| 29 | |
| 30 // How long to delay before starting device policy network requests. Set to a | |
| 31 // few seconds to alleviate contention during initial startup. | |
| 32 const int64 kPolicyServiceInitializationDelayMilliseconds = 2000; | |
| 33 } // namespace | |
| 34 | |
| 35 namespace policy { | |
| 36 | |
| 37 UserPolicySigninService::UserPolicySigninService( | |
| 38 Profile* profile, | |
| 39 UserCloudPolicyManager* manager) | |
| 40 : profile_(profile), | |
| 41 manager_(manager) { | |
| 42 | |
| 43 // Initialize/shutdown the UserCloudPolicyManager when the user signs in or | |
| 44 // out. | |
| 45 registrar_.Add(this, | |
| 46 chrome::NOTIFICATION_GOOGLE_SIGNED_OUT, | |
| 47 content::Source<Profile>(profile)); | |
| 48 registrar_.Add(this, | |
| 49 chrome::NOTIFICATION_TOKEN_AVAILABLE, | |
| 50 content::Source<TokenService>( | |
| 51 TokenServiceFactory::GetForProfile(profile))); | |
| 52 | |
| 53 // The Profile is not yet fully initialized when this object is created, | |
| 54 // so wait until the initialization has finished to initialize the | |
| 55 // UserCloudPolicyManager as otherwise various crashes ensue from services | |
| 56 // trying to access the partially-initialized Profile. | |
| 57 // TODO(atwilson): Remove this once ProfileImpl::DoFinalInit() goes away and | |
| 58 // the profile is fully initialized before ProfileKeyedServices are created. | |
| 59 registrar_.Add(this, | |
| 60 chrome::NOTIFICATION_PROFILE_ADDED, | |
| 61 content::Source<Profile>(profile)); | |
| 62 } | |
| 63 | |
| 64 UserPolicySigninService::~UserPolicySigninService() { | |
| 65 } | |
| 66 | |
| 67 void UserPolicySigninService::Observe( | |
| 68 int type, | |
| 69 const content::NotificationSource& source, | |
| 70 const content::NotificationDetails& details) { | |
| 71 switch (type) { | |
| 72 case chrome::NOTIFICATION_PROFILE_ADDED: | |
| 73 // Profile is initialized so it's safe to initialize the | |
| 74 // UserCloudPolicyManager now. | |
| 75 ConfigureUserCloudPolicyManager(); | |
| 76 break; | |
| 77 case chrome::NOTIFICATION_GOOGLE_SIGNED_OUT: | |
| 78 ConfigureUserCloudPolicyManager(); | |
| 79 break; | |
| 80 case chrome::NOTIFICATION_TOKEN_AVAILABLE: { | |
| 81 const TokenService::TokenAvailableDetails& token_details = | |
| 82 *(content::Details<const TokenService::TokenAvailableDetails>( | |
| 83 details).ptr()); | |
| 84 if (token_details.service() == | |
| 85 GaiaConstants::kGaiaOAuth2LoginRefreshToken) { | |
| 86 // TokenService now has a refresh token, so reconfigure the | |
| 87 // UserCloudPolicyManager to initiate a DMToken fetch if needed. | |
| 88 ConfigureUserCloudPolicyManager(); | |
| 89 } | |
| 90 break; | |
| 91 } | |
| 92 default: | |
| 93 NOTREACHED(); | |
| 94 } | |
| 95 } | |
| 96 | |
| 97 | |
| 98 void UserPolicySigninService::ConfigureUserCloudPolicyManager() { | |
| 99 // Don't do anything unless cloud policy is enabled. | |
| 100 if (!profile_->GetPrefs()->GetBoolean(prefs::kLoadCloudPolicyOnSignin)) | |
| 101 return; | |
| 102 | |
| 103 // Either startup or shutdown the UserCloudPolicyManager depending on whether | |
| 104 // the user is signed in or not. | |
| 105 if (!manager_) | |
| 106 return; // Can be null in unit tests. | |
| 107 | |
| 108 SigninManager* signin_manager = SigninManagerFactory::GetForProfile(profile_); | |
| 109 if (signin_manager->GetAuthenticatedUsername().empty()) { | |
| 110 manager_->Shutdown(); | |
| 111 } else { | |
| 112 if (!manager_->cloud_policy_service()) { | |
| 113 // Make sure we've initialized the DeviceManagementService. It's OK to | |
| 114 // call this multiple times so we do it every time we initialize the | |
| 115 // UserCloudPolicyManager. | |
| 116 g_browser_process->browser_policy_connector()-> | |
| 117 ScheduleServiceInitialization( | |
| 118 kPolicyServiceInitializationDelayMilliseconds); | |
| 119 // Initialize the UserCloudPolicyManager if it isn't already initialized. | |
| 120 policy::DeviceManagementService* service = g_browser_process-> | |
| 121 browser_policy_connector()->device_management_service(); | |
| 122 manager_->Initialize(g_browser_process->local_state(), | |
| 123 service, | |
| 124 policy::USER_AFFILIATION_NONE); | |
| 125 DCHECK(manager_->cloud_policy_service()); | |
| 126 } | |
| 127 | |
| 128 // Register the CloudPolicyService if needed. | |
| 129 if (!manager_->IsClientRegistered()) | |
| 130 RegisterCloudPolicyService(); | |
| 131 } | |
| 132 } | |
| 133 | |
| 134 void UserPolicySigninService::RegisterCloudPolicyService() { | |
| 135 // TODO(atwilson): Move the code to mint the devicemanagement token into | |
| 136 // TokenService. | |
| 137 std::string token = TokenServiceFactory::GetForProfile(profile_)-> | |
| 138 GetOAuth2LoginRefreshToken(); | |
| 139 if (token.empty()) { | |
| 140 DLOG(WARNING) << "No OAuth Refresh Token - delaying policy download"; | |
| 141 return; | |
| 142 } | |
| 143 | |
| 144 // Do nothing if already fetching an access token. | |
| 145 if (oauth2_access_token_fetcher_.get()) | |
| 146 return; | |
| 147 | |
| 148 // Start fetching an OAuth2 access token for the device management service and | |
| 149 // hand it off to the CloudPolicyClient when done. | |
| 150 oauth2_access_token_fetcher_.reset( | |
| 151 new OAuth2AccessTokenFetcher(this, profile_->GetRequestContext())); | |
| 152 std::vector<std::string> scopes(1, kServiceScopeChromeOSDeviceManagement); | |
| 153 GaiaUrls* gaia_urls = GaiaUrls::GetInstance(); | |
| 154 oauth2_access_token_fetcher_->Start( | |
| 155 gaia_urls->oauth2_chrome_client_id(), | |
| 156 gaia_urls->oauth2_chrome_client_secret(), | |
| 157 token, | |
| 158 scopes); | |
| 159 } | |
| 160 | |
| 161 void UserPolicySigninService::OnGetTokenFailure( | |
| 162 const GoogleServiceAuthError& error) { | |
| 163 DLOG(WARNING) << "Could not fetch access token for " | |
| 164 << kServiceScopeChromeOSDeviceManagement; | |
| 165 oauth2_access_token_fetcher_.reset(); | |
| 166 manager_->CancelWaitForPolicyFetch(); | |
| 167 } | |
| 168 | |
| 169 void UserPolicySigninService::OnGetTokenSuccess( | |
| 170 const std::string& access_token, | |
| 171 const base::Time& expiration_time) { | |
| 172 // Pass along the new access token to the CloudPolicyClient. | |
| 173 manager_->RegisterClient(access_token); | |
| 174 oauth2_access_token_fetcher_.reset(); | |
| 175 } | |
| 176 | |
| 177 } // namespace policy | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10823208:
Reverting this as it causes browser tests on the Linux ChromiumOS builder to fail. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/