chrome/browser/chromeos/login/enrollment/enterprise_enrollment_helper.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_ENROLLMENT_ENTERPRISE_ENROLLMENT_HELPER_H_
   6 #define CHROME_BROWSER_CHROMEOS_LOGIN_ENROLLMENT_ENTERPRISE_ENROLLMENT_HELPER_H_
   7
   8 #include <string>
   9
  10 #include "base/callback_forward.h"
  11 #include "base/macros.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
  14
  15 class GoogleServiceAuthError;
  16 class Profile;
  17
  18 namespace policy {
  19 struct EnrollmentConfig;
  20 class EnrollmentStatus;
  21 }
  22
  23 namespace chromeos {
  24
  25 // This class is capable to enroll the device into enterprise domain, using
  26 // either a profile containing authentication data or OAuth token.
  27 // It can also clear an authentication data from the profile and revoke tokens
  28 // that are not longer needed.
  29 class EnterpriseEnrollmentHelper {
  30  public:
  31   typedef policy::DeviceCloudPolicyInitializer::EnrollmentCallback
  32       EnrollmentCallback;
  33
  34   // Enumeration of the possible errors that can occur during enrollment which
  35   // are not covered by GoogleServiceAuthError or EnrollmentStatus.
  36   enum OtherError {
  37     // Existing enrollment domain doesn't match authentication user.
  38     OTHER_ERROR_DOMAIN_MISMATCH,
  39     // Unexpected error condition, indicates a bug in the code.
  40     OTHER_ERROR_FATAL
  41   };
  42
  43   class EnrollmentStatusConsumer {
  44    public:
  45     // Called when an error happens on attempt to receive authentication tokens.
  46     virtual void OnAuthError(const GoogleServiceAuthError& error) = 0;
  47
  48     // Called when an error happens during enrollment.
  49     virtual void OnEnrollmentError(policy::EnrollmentStatus status) = 0;
  50
  51     // Called when some other error happens.
  52     virtual void OnOtherError(OtherError error) = 0;
  53
  54     // Called when enrollment finishes successfully. |additional_token| keeps
  55     // the additional access token, if it was requested by setting the
  56     // |fetch_additional_token| param of EnrollUsingProfile() to true.
  57     // Otherwise, |additional_token| is empty.
  58     virtual void OnDeviceEnrolled(const std::string& additional_token) = 0;
  59
  60     // Called when device attribute update permission granted,
  61     // |granted| indicates whether permission granted or not.
  62     virtual void OnDeviceAttributeUpdatePermission(bool granted) = 0;
  63
  64     // Called when device attribute upload finishes. |success| indicates
  65     // whether it is successful or not.
  66     virtual void OnDeviceAttributeUploadCompleted(bool success) = 0;
  67   };
  68
  69   // Factory method. Caller takes ownership of the returned object.
  70   static scoped_ptr<EnterpriseEnrollmentHelper> Create(
  71       EnrollmentStatusConsumer* status_consumer,
  72       const policy::EnrollmentConfig& enrollment_config,
  73       const std::string& enrolling_user_domain);
  74
  75   virtual ~EnterpriseEnrollmentHelper();
  76
  77   // Starts enterprise enrollment using |auth_code|. First tries to exchange the
  78   // auth code to authentication token, then tries to enroll the device with the
  79   // received token.
  80   // If |fetch_additional_token| is true, the helper fetches an additional token
  81   // and passes it to the |status_consumer| on successfull enrollment.
  82   // EnrollUsingAuthCode can be called only once during this object's lifetime,
  83   // and only if neither of EnrollUsing* methods was called before.
  84   virtual void EnrollUsingAuthCode(const std::string& auth_code,
  85                                    bool fetch_additional_token) = 0;
  86
  87   // Starts enterprise enrollment using |token|.
  88   // EnrollUsingToken can be called only once during this object's lifetime, and
  89   // only if neither of EnrollUsing* was called before.
  90   virtual void EnrollUsingToken(const std::string& token) = 0;
  91
  92   // Starts device attribute update process. First tries to get
  93   // permission to update device attributes for current user
  94   // using stored during enrollment oauth token.
  95   virtual void GetDeviceAttributeUpdatePermission() = 0;
  96
  97   // Uploads device attributes on DM server. |asset_id| - Asset Identifier
  98   // and |location| - Assigned Location, these attributes were typed by
  99   // current user on the device attribute prompt screen after successful
 100   // enrollment.
 101   virtual void UpdateDeviceAttributes(const std::string& asset_id,
 102                                       const std::string& location) = 0;
 103
 104   // Clears authentication data from the profile (if EnrollUsingProfile was
 105   // used) and revokes fetched tokens.
 106   // Does not revoke the additional token if enrollment finished successfully.
 107   // Calls |callback| on completion.
 108   virtual void ClearAuth(const base::Closure& callback) = 0;
 109
 110  protected:
 111   // |status_consumer| must outlive |this|. Moreover, the user of this class
 112   // is responsible for clearing auth data in some cases (see comment for
 113   // EnrollUsingProfile()).
 114   explicit EnterpriseEnrollmentHelper(
 115       EnrollmentStatusConsumer* status_consumer);
 116
 117   EnrollmentStatusConsumer* status_consumer() { return status_consumer_; }
 118
 119  private:
 120   EnrollmentStatusConsumer* status_consumer_;
 121
 122   DISALLOW_COPY_AND_ASSIGN(EnterpriseEnrollmentHelper);
 123 };
 124
 125 }  // namespace chromeos
 126
 127 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_ENROLLMENT_ENTERPRISE_ENROLLMENT_HELPER_H_