| Index: chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
|
| diff --git a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
|
| index 41aee2b77220b4e6d2d3b9509fcb14aff94db94e..d7fbbe3cb897aec0507396a67d0e5f373bf75015 100644
|
| --- a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
|
| +++ b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
|
| @@ -7,10 +7,14 @@
|
| #include "base/bind.h"
|
| #include "base/logging.h"
|
| #include "base/message_loop.h"
|
| +#include "chrome/browser/browser_process.h"
|
| #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
|
| +#include "chrome/browser/chromeos/settings/device_oauth2_token_service.h"
|
| +#include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h"
|
| #include "chrome/browser/policy/cloud/cloud_policy_constants.h"
|
| #include "chrome/browser/policy/proto/chromeos/chrome_device_policy.pb.h"
|
| #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h"
|
| +#include "google_apis/gaia/gaia_urls.h"
|
|
|
| namespace em = enterprise_management;
|
|
|
| @@ -129,18 +133,37 @@ void EnrollmentHandlerChromeOS::OnRegistrationStateChanged(
|
| void EnrollmentHandlerChromeOS::OnClientError(CloudPolicyClient* client) {
|
| DCHECK_EQ(client_.get(), client);
|
|
|
| - if (enrollment_step_ < STEP_POLICY_FETCH)
|
| + if (enrollment_step_ == STEP_ROBOT_AUTH_FETCH) {
|
| + LOG(WARNING) << "API authentication code fetch failed: "
|
| + << client_->status();
|
| + // Robot auth tokens are currently optional. Skip fetching the refresh
|
| + // token and jump directly to the lock device step.
|
| + robot_refresh_token_.clear();
|
| + DoLockDeviceStep();
|
| + } else if (enrollment_step_ < STEP_POLICY_FETCH) {
|
| ReportResult(EnrollmentStatus::ForRegistrationError(client_->status()));
|
| - else
|
| + } else {
|
| ReportResult(EnrollmentStatus::ForFetchError(client_->status()));
|
| + }
|
| }
|
|
|
| void EnrollmentHandlerChromeOS::OnStoreLoaded(CloudPolicyStore* store) {
|
| DCHECK_EQ(store_, store);
|
|
|
| if (enrollment_step_ == STEP_LOADING_STORE) {
|
| + // If the |store_| wasn't initialized when StartEnrollment() was
|
| + // called, then AttemptRegistration() bails silently. This gets
|
| + // registration rolling again after the store finishes loading.
|
| AttemptRegistration();
|
| } else if (enrollment_step_ == STEP_STORE_POLICY) {
|
| + // Store the robot API auth refresh token.
|
| + // Currently optional, so always return success.
|
| + chromeos::DeviceOAuth2TokenService* token_service =
|
| + chromeos::DeviceOAuth2TokenServiceFactory::Get();
|
| + if (token_service && !robot_refresh_token_.empty()) {
|
| + token_service->SetAndSaveRefreshToken(robot_refresh_token_);
|
| +
|
| + }
|
| ReportResult(EnrollmentStatus::ForStatus(EnrollmentStatus::STATUS_SUCCESS));
|
| }
|
| }
|
| @@ -165,15 +188,78 @@ void EnrollmentHandlerChromeOS::PolicyValidated(
|
| CHECK_EQ(STEP_VALIDATION, enrollment_step_);
|
| if (validator->success()) {
|
| policy_ = validator->policy().Pass();
|
| - enrollment_step_ = STEP_LOCK_DEVICE;
|
| - WriteInstallAttributes(validator->policy_data()->username(), device_mode_,
|
| - validator->policy_data()->device_id());
|
| + username_ = validator->policy_data()->username();
|
| + device_id_ = validator->policy_data()->device_id();
|
| +
|
| + enrollment_step_ = STEP_ROBOT_AUTH_FETCH;
|
| + client_->FetchRobotAuthCodes(auth_token_);
|
| } else {
|
| ReportResult(EnrollmentStatus::ForValidationError(validator->status()));
|
| }
|
| }
|
|
|
| -void EnrollmentHandlerChromeOS::WriteInstallAttributes(
|
| +void EnrollmentHandlerChromeOS::OnRobotAuthCodesFetched(
|
| + CloudPolicyClient* client) {
|
| + DCHECK_EQ(client_.get(), client);
|
| + CHECK_EQ(STEP_ROBOT_AUTH_FETCH, enrollment_step_);
|
| +
|
| + enrollment_step_ = STEP_ROBOT_AUTH_REFRESH;
|
| +
|
| + gaia::OAuthClientInfo client_info;
|
| + client_info.client_id = GaiaUrls::GetInstance()->oauth2_chrome_client_id();
|
| + client_info.client_secret =
|
| + GaiaUrls::GetInstance()->oauth2_chrome_client_secret();
|
| +
|
| + // Use the system request context to avoid sending user cookies.
|
| + gaia_oauth_client_.reset(new gaia::GaiaOAuthClient(
|
| + GaiaUrls::GetInstance()->oauth2_token_url(),
|
| + g_browser_process->system_request_context()));
|
| + gaia_oauth_client_->GetTokensFromAuthCode(client_info,
|
| + client->robot_api_auth_code(),
|
| + 0 /* max_retries */,
|
| + this);
|
| +}
|
| +
|
| +// GaiaOAuthClient::Delegate callback for OAuth2 refresh token fetched.
|
| +void EnrollmentHandlerChromeOS::OnGetTokensResponse(
|
| + const std::string& refresh_token,
|
| + const std::string& access_token,
|
| + int expires_in_seconds) {
|
| + CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_);
|
| +
|
| + robot_refresh_token_ = refresh_token;
|
| +
|
| + DoLockDeviceStep();
|
| +}
|
| +
|
| +void EnrollmentHandlerChromeOS::DoLockDeviceStep() {
|
| + enrollment_step_ = STEP_LOCK_DEVICE,
|
| + StartLockDevice(username_, device_mode_, device_id_);
|
| +}
|
| +
|
| +// GaiaOAuthClient::Delegate
|
| +void EnrollmentHandlerChromeOS::OnRefreshTokenResponse(
|
| + const std::string& access_token,
|
| + int expires_in_seconds) {
|
| + // We never use the code that should trigger this callback.
|
| + LOG(FATAL) << "Unexpected callback invoked";
|
| +}
|
| +
|
| +// GaiaOAuthClient::Delegate OAuth2 error when fetching refresh token request.
|
| +void EnrollmentHandlerChromeOS::OnOAuthError() {
|
| + CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_);
|
| + DoLockDeviceStep();
|
| +}
|
| +
|
| +// GaiaOAuthClient::Delegate network error when fetching refresh token.
|
| +void EnrollmentHandlerChromeOS::OnNetworkError(int response_code) {
|
| + LOG(ERROR) << "Network error while fetching API refresh token: "
|
| + << response_code;
|
| + CHECK_EQ(STEP_ROBOT_AUTH_REFRESH, enrollment_step_);
|
| + DoLockDeviceStep();
|
| +}
|
| +
|
| +void EnrollmentHandlerChromeOS::StartLockDevice(
|
| const std::string& user,
|
| DeviceMode device_mode,
|
| const std::string& device_id) {
|
| @@ -195,6 +281,7 @@ void EnrollmentHandlerChromeOS::HandleLockDeviceResult(
|
| DeviceMode device_mode,
|
| const std::string& device_id,
|
| EnterpriseInstallAttributes::LockResult lock_result) {
|
| + CHECK_EQ(STEP_LOCK_DEVICE, enrollment_step_);
|
| switch (lock_result) {
|
| case EnterpriseInstallAttributes::LOCK_SUCCESS:
|
| enrollment_step_ = STEP_STORE_POLICY;
|
| @@ -209,7 +296,7 @@ void EnrollmentHandlerChromeOS::HandleLockDeviceResult(
|
| << kLockRetryIntervalMs << "ms.";
|
| MessageLoop::current()->PostDelayedTask(
|
| FROM_HERE,
|
| - base::Bind(&EnrollmentHandlerChromeOS::WriteInstallAttributes,
|
| + base::Bind(&EnrollmentHandlerChromeOS::StartLockDevice,
|
| weak_factory_.GetWeakPtr(),
|
| user, device_mode, device_id),
|
| base::TimeDelta::FromMilliseconds(kLockRetryIntervalMs));
|
|
|
Chromium Code Reviews
Issue 12538009:
Public Sessions: fetch device robot api token during enterprise enrollment. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master