| Index: chrome/browser/chromeos/policy/enrollment_handler_chromeos.h
|
| diff --git a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h
|
| index e44443d728057bc1ad2109a0260656fdfb8eca9d..46ebb45e59b6654af64b967f55f6ff4566cc0cf9 100644
|
| --- a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h
|
| +++ b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h
|
| @@ -16,6 +16,7 @@
|
| #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
|
| #include "chrome/browser/policy/cloud/cloud_policy_client.h"
|
| #include "chrome/browser/policy/cloud/cloud_policy_store.h"
|
| +#include "google_apis/gaia/gaia_oauth_client.h"
|
|
|
| namespace enterprise_management {
|
| class PolicyFetchResponse;
|
| @@ -29,10 +30,14 @@ namespace policy {
|
| // 2. Download the initial policy blob from the service.
|
| // 3. Verify the policy blob. Everything up to this point doesn't touch device
|
| // state.
|
| -// 4. Establish the device lock in installation-time attributes.
|
| -// 5. Store the policy blob.
|
| +// 4. Download the OAuth2 authorization code for device-level API access.
|
| +// 5. Download the OAuth2 refresh token for device-level API access and store
|
| +// it.
|
| +// 6. Establish the device lock in installation-time attributes.
|
| +// 7. Store the policy blob and API refresh token.
|
| class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer,
|
| - public CloudPolicyStore::Observer {
|
| + public CloudPolicyStore::Observer,
|
| + public gaia::GaiaOAuthClient::Delegate {
|
| public:
|
| typedef DeviceCloudPolicyManagerChromeOS::AllowedDeviceModes
|
| AllowedDeviceModes;
|
| @@ -64,24 +69,36 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer,
|
| // CloudPolicyClient::Observer:
|
| virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE;
|
| virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE;
|
| + virtual void OnRobotAuthCodesFetched(CloudPolicyClient* client) OVERRIDE;
|
| virtual void OnClientError(CloudPolicyClient* client) OVERRIDE;
|
|
|
| // CloudPolicyStore::Observer:
|
| virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE;
|
| virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE;
|
|
|
| + // GaiaOAuthClient::Delegate:
|
| + virtual void OnGetTokensResponse(const std::string& refresh_token,
|
| + const std::string& access_token,
|
| + int expires_in_seconds) OVERRIDE;
|
| + virtual void OnRefreshTokenResponse(const std::string& access_token,
|
| + int expires_in_seconds) OVERRIDE;
|
| + virtual void OnOAuthError() OVERRIDE;
|
| + virtual void OnNetworkError(int response_code) OVERRIDE;
|
| +
|
| private:
|
| // Indicates what step of the process is currently pending. These steps need
|
| // to be listed in the order they are traversed in.
|
| enum EnrollmentStep {
|
| - STEP_PENDING, // Not started yet.
|
| - STEP_LOADING_STORE, // Waiting for |store_| to initialize.
|
| - STEP_REGISTRATION, // Currently registering the client.
|
| - STEP_POLICY_FETCH, // Fetching policy.
|
| - STEP_VALIDATION, // Policy validation.
|
| - STEP_LOCK_DEVICE, // Writing installation-time attributes.
|
| - STEP_STORE_POLICY, // Storing policy.
|
| - STEP_FINISHED, // Enrollment process finished, no further action.
|
| + STEP_PENDING, // Not started yet.
|
| + STEP_LOADING_STORE, // Waiting for |store_| to initialize.
|
| + STEP_REGISTRATION, // Currently registering the client.
|
| + STEP_POLICY_FETCH, // Fetching policy.
|
| + STEP_VALIDATION, // Policy validation.
|
| + STEP_ROBOT_AUTH_FETCH, // Fetching device API auth code.
|
| + STEP_ROBOT_AUTH_REFRESH, // Fetching device API refresh token.
|
| + STEP_LOCK_DEVICE, // Writing installation-time attributes.
|
| + STEP_STORE_POLICY, // Storing policy and API refresh token.
|
| + STEP_FINISHED, // Enrollment process finished, no further action.
|
| };
|
|
|
| // Starts registration if the store is initialized.
|
| @@ -91,14 +108,19 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer,
|
| // attributes locking if successful.
|
| void PolicyValidated(DeviceCloudPolicyValidator* validator);
|
|
|
| + // Method called to initiate the STEP_LOCK_DEVICE step. Usually called after
|
| + // the STEP_ROBOT_AUTH_REFRESH, but may be called directly after a failed
|
| + // STEP_ROBOT_AUTH_FETCH, since robot tokens are currently optional.
|
| + void DoLockDeviceStep();
|
| +
|
| // Calls LockDevice() and proceeds to policy installation. If unsuccessful,
|
| // reports the result. Actual installation or error report will be done in
|
| // HandleLockDeviceResult().
|
| - void WriteInstallAttributes(const std::string& user,
|
| - DeviceMode device_mode,
|
| - const std::string& device_id);
|
| + void StartLockDevice(const std::string& user,
|
| + DeviceMode device_mode,
|
| + const std::string& device_id);
|
|
|
| - // Helper for WriteInstallAttributes(). It performs the actual action based on
|
| + // Helper for StartLockDevice(). It performs the actual action based on
|
| // the result of LockDevice.
|
| void HandleLockDeviceResult(
|
| const std::string& user,
|
| @@ -115,9 +137,11 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer,
|
| DeviceCloudPolicyStoreChromeOS* store_;
|
| EnterpriseInstallAttributes* install_attributes_;
|
| scoped_ptr<CloudPolicyClient> client_;
|
| + scoped_ptr<gaia::GaiaOAuthClient> gaia_oauth_client_;
|
|
|
| std::string auth_token_;
|
| std::string client_id_;
|
| + std::string robot_refresh_token_;
|
| bool is_auto_enrollment_;
|
| AllowedDeviceModes allowed_device_modes_;
|
| EnrollmentCallback completion_callback_;
|
| @@ -125,8 +149,10 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer,
|
| // The device mode as received in the registration request.
|
| DeviceMode device_mode_;
|
|
|
| - // The validated policy response to be installed in the store.
|
| + // The validated policy response info to be installed in the store.
|
| scoped_ptr<enterprise_management::PolicyFetchResponse> policy_;
|
| + std::string username_;
|
| + std::string device_id_;
|
|
|
| // Current enrollment step.
|
| EnrollmentStep enrollment_step_;
|
|
|
Chromium Code Reviews
Issue 12538009:
Public Sessions: fetch device robot api token during enterprise enrollment. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master