Public Sessions: fetch device robot api token during enterprise enrollment.

chrome/browser/policy/test/policy_testserver.py

 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """A bare-bones test server for testing cloud policy support.
 
 This implements a simple cloud policy test server that can be used to test
 chrome's device management service client. The policy information is read from
 the file named device_management in the server's data directory. It contains
 enforced and recommended policies for the device and user scope, and a list
@@ skipping 28 matching lines @@
   "google/chromeos/publicaccount/user@example.com" : {
     "mandatory" : {
       "HomepageLocation" : "http://www.chromium.org"
     },
      "recommended" : {
     }
   },
   "managed_users" : [
     "secret123456"
   ],
-  "current_key_index": 0
+  "current_key_index": 0,
+  "robot_api_auth_code": "fake_auth_code"
 }
 
 """
 
 import BaseHTTPServer
 import cgi
 import google.protobuf.text_format
 import hashlib
 import logging
 import os
@@ skipping 135 matching lines @@
     # Check server side requirements, as defined in
     # device_management_backend.proto.
     if (self.GetUniqueParam('devicetype') != '2' or
         self.GetUniqueParam('apptype') != 'Chrome' or
         (request_type != 'ping' and
          len(self.GetUniqueParam('deviceid')) >= 64) or
         len(self.GetUniqueParam('agent')) >= 64):
       return (400, 'Invalid request parameter')
     if request_type == 'register':
       return self.ProcessRegister(rmsg.register_request)
+    if request_type == 'api_authorization':
+      return self.ProcessApiAuthorization(rmsg.service_api_access_request)
     elif request_type == 'unregister':
       return self.ProcessUnregister(rmsg.unregister_request)
     elif request_type == 'policy' or request_type == 'ping':
       return self.ProcessPolicy(rmsg.policy_request, request_type)
     elif request_type == 'enterprise_check':
       return self.ProcessAutoEnrollment(rmsg.auto_enrollment_request)
     else:
       return (400, 'Invalid request parameter')
 
   def CreatePolicyForExternalPolicyData(self, policy_key):
@@ skipping 70 matching lines @@
     response = dm.DeviceManagementResponse()
     response.register_response.device_management_token = (
         token_info['device_token'])
     response.register_response.machine_name = token_info['machine_name']
     response.register_response.enrollment_type = token_info['enrollment_mode']
 
     self.DumpMessage('Response', response)
 
     return (200, response.SerializeToString())
 
+  def ProcessApiAuthorization(self, msg):
+    """Handles an API authorization request.
+
+    Args:
+      msg: The DeviceServiceApiAccessRequest message received from the client.
+
+    Returns:
+      A tuple of HTTP status code and response data to send to the client.
+    """
+    policy = self.server.GetPolicies()
+
+    # Return the auth code from the config file if it's defined,
+    # else return a descriptive default value.
+    response = dm.DeviceManagementResponse()
+    response.service_api_access_response.auth_code = policy.get(
+        'robot_api_auth_code', 'policy_test_server.py-auth_code')
+    self.DumpMessage('Response', response)
+
+    return (200, response.SerializeToString())
+
   def ProcessUnregister(self, msg):
     """Handles a register request.
 
     Checks for authorization, unregisters the device and constructs the
     response.
 
     Args:
       msg: The DeviceUnregisterRequest message received from the client.
 
     Returns:
@@ skipping 608 matching lines @@
     if (self.options.log_to_console):
       logger.addHandler(logging.StreamHandler())
     if (self.options.log_file):
       logger.addHandler(logging.FileHandler(self.options.log_file))
 
     testserver_base.TestServerRunner.run_server(self)
 
 
 if __name__ == '__main__':
   sys.exit(PolicyServerRunner().main())