chrome/browser/policy/cloud/user_policy_signin_service.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/policy/cloud/user_policy_signin_service.h"
   6
   7 #include "base/bind.h"
   8 #include "base/bind_helpers.h"
   9 #include "base/callback.h"
  10 #include "base/profiler/scoped_tracker.h"
  11 #include "chrome/browser/browser_process.h"
  12 #include "chrome/browser/chrome_notification_types.h"
  13 #include "chrome/browser/profiles/profile.h"
  14 #include "chrome/browser/profiles/profile_manager.h"
  15 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
  16 #include "components/policy/core/common/cloud/cloud_policy_client_registration_helper.h"
  17 #include "components/policy/core/common/cloud/user_cloud_policy_manager.h"
  18 #include "components/signin/core/browser/profile_oauth2_token_service.h"
  19 #include "components/signin/core/browser/signin_manager.h"
  20 #include "content/public/browser/notification_details.h"
  21 #include "content/public/browser/notification_source.h"
  22 #include "google_apis/gaia/gaia_constants.h"
  23 #include "net/url_request/url_request_context_getter.h"
  24
  25 namespace policy {
  26
  27 UserPolicySigninService::UserPolicySigninService(
  28     Profile* profile,
  29     PrefService* local_state,
  30     DeviceManagementService* device_management_service,
  31     UserCloudPolicyManager* policy_manager,
  32     SigninManager* signin_manager,
  33     scoped_refptr<net::URLRequestContextGetter> system_request_context,
  34     ProfileOAuth2TokenService* token_service)
  35     : UserPolicySigninServiceBase(profile,
  36                                   local_state,
  37                                   device_management_service,
  38                                   policy_manager,
  39                                   signin_manager,
  40                                   system_request_context),
  41       profile_(profile),
  42       oauth2_token_service_(token_service) {
  43   // ProfileOAuth2TokenService should not yet have loaded its tokens since this
  44   // happens in the background after PKS initialization - so this service
  45   // should always be created before the oauth token is available.
  46   DCHECK(!oauth2_token_service_->RefreshTokenIsAvailable(
  47              signin_manager->GetAuthenticatedAccountId()));
  48
  49   // Listen for an OAuth token to become available so we can register a client
  50   // if for some reason the client is not already registered (for example, if
  51   // the policy load failed during initial signin).
  52   oauth2_token_service_->AddObserver(this);
  53 }
  54
  55 UserPolicySigninService::~UserPolicySigninService() {
  56 }
  57
  58 void UserPolicySigninService::PrepareForUserCloudPolicyManagerShutdown() {
  59   // Stop any pending registration helper activity. We do this here instead of
  60   // in the destructor because we want to shutdown the registration helper
  61   // before UserCloudPolicyManager shuts down the CloudPolicyClient.
  62   registration_helper_.reset();
  63
  64   UserPolicySigninServiceBase::PrepareForUserCloudPolicyManagerShutdown();
  65 }
  66
  67 void UserPolicySigninService::Shutdown() {
  68   UserPolicySigninServiceBase::Shutdown();
  69   oauth2_token_service_->RemoveObserver(this);
  70 }
  71
  72 void UserPolicySigninService::RegisterForPolicy(
  73     const std::string& username,
  74     const std::string& oauth2_refresh_token,
  75     const PolicyRegistrationCallback& callback) {
  76   DCHECK(!oauth2_refresh_token.empty());
  77
  78   // Create a new CloudPolicyClient for fetching the DMToken.
  79   scoped_ptr<CloudPolicyClient> policy_client = CreateClientForRegistrationOnly(
  80       username);
  81   if (!policy_client) {
  82     callback.Run(std::string(), std::string());
  83     return;
  84   }
  85
  86   // Fire off the registration process. Callback keeps the CloudPolicyClient
  87   // alive for the length of the registration process. Use the system
  88   // request context because the user is not signed in to this profile yet
  89   // (we are just doing a test registration to see if policy is supported for
  90   // this user).
  91   registration_helper_.reset(new CloudPolicyClientRegistrationHelper(
  92       policy_client.get(),
  93       enterprise_management::DeviceRegisterRequest::BROWSER));
  94   registration_helper_->StartRegistrationWithLoginToken(
  95       oauth2_refresh_token,
  96       base::Bind(&UserPolicySigninService::CallPolicyRegistrationCallback,
  97                  base::Unretained(this),
  98                  base::Passed(&policy_client),
  99                  callback));
 100 }
 101
 102 void UserPolicySigninService::CallPolicyRegistrationCallback(
 103     scoped_ptr<CloudPolicyClient> client,
 104     PolicyRegistrationCallback callback) {
 105   registration_helper_.reset();
 106   callback.Run(client->dm_token(), client->client_id());
 107 }
 108
 109 void UserPolicySigninService::OnRefreshTokenAvailable(
 110     const std::string& account_id) {
 111   // TODO(robliao): Remove ScopedTracker below once https://crbug.com/422460 is
 112   // fixed.
 113   tracked_objects::ScopedTracker tracking_profile(
 114       FROM_HERE_WITH_EXPLICIT_FUNCTION(
 115           "422460 UserPolicySigninService::OnRefreshTokenAvailable"));
 116
 117   // If using a TestingProfile with no UserCloudPolicyManager, skip
 118   // initialization.
 119   if (!policy_manager()) {
 120     DVLOG(1) << "Skipping initialization for tests due to missing components.";
 121     return;
 122   }
 123
 124   // Ignore OAuth tokens for any account but the primary one.
 125   if (account_id != signin_manager()->GetAuthenticatedAccountId())
 126     return;
 127
 128   // ProfileOAuth2TokenService now has a refresh token so initialize the
 129   // UserCloudPolicyManager.
 130   InitializeForSignedInUser(
 131       signin_manager()->GetAuthenticatedAccountInfo().email,
 132       profile_->GetRequestContext());
 133 }
 134
 135 void UserPolicySigninService::InitializeUserCloudPolicyManager(
 136     const std::string& username,
 137     scoped_ptr<CloudPolicyClient> client) {
 138   UserPolicySigninServiceBase::InitializeUserCloudPolicyManager(username,
 139                                                                 client.Pass());
 140   ProhibitSignoutIfNeeded();
 141 }
 142
 143 void UserPolicySigninService::ShutdownUserCloudPolicyManager() {
 144   UserCloudPolicyManager* manager = policy_manager();
 145   // Allow the user to signout again.
 146   if (manager)
 147     signin_manager()->ProhibitSignout(false);
 148   UserPolicySigninServiceBase::ShutdownUserCloudPolicyManager();
 149 }
 150
 151 void UserPolicySigninService::OnInitializationCompleted(
 152     CloudPolicyService* service) {
 153   UserCloudPolicyManager* manager = policy_manager();
 154   DCHECK_EQ(service, manager->core()->service());
 155   DCHECK(service->IsInitializationComplete());
 156   // The service is now initialized - if the client is not yet registered, then
 157   // it means that there is no cached policy and so we need to initiate a new
 158   // client registration.
 159   DVLOG_IF(1, manager->IsClientRegistered())
 160       << "Client already registered - not fetching DMToken";
 161   if (!manager->IsClientRegistered()) {
 162     if (!oauth2_token_service_->RefreshTokenIsAvailable(
 163              signin_manager()->GetAuthenticatedAccountId())) {
 164       // No token yet - this class listens for OnRefreshTokenAvailable()
 165       // and will re-attempt registration once the token is available.
 166       DLOG(WARNING) << "No OAuth Refresh Token - delaying policy download";
 167       return;
 168     }
 169     RegisterCloudPolicyService();
 170   }
 171   // If client is registered now, prohibit signout.
 172   ProhibitSignoutIfNeeded();
 173 }
 174
 175 void UserPolicySigninService::RegisterCloudPolicyService() {
 176   DCHECK(!policy_manager()->IsClientRegistered());
 177   DVLOG(1) << "Fetching new DM Token";
 178   // Do nothing if already starting the registration process.
 179   if (registration_helper_)
 180     return;
 181
 182   // Start the process of registering the CloudPolicyClient. Once it completes,
 183   // policy fetch will automatically happen.
 184   registration_helper_.reset(new CloudPolicyClientRegistrationHelper(
 185       policy_manager()->core()->client(),
 186       enterprise_management::DeviceRegisterRequest::BROWSER));
 187   registration_helper_->StartRegistration(
 188       oauth2_token_service_,
 189       signin_manager()->GetAuthenticatedAccountId(),
 190       base::Bind(&UserPolicySigninService::OnRegistrationComplete,
 191                  base::Unretained(this)));
 192 }
 193
 194 void UserPolicySigninService::OnRegistrationComplete() {
 195   ProhibitSignoutIfNeeded();
 196   registration_helper_.reset();
 197 }
 198
 199 void UserPolicySigninService::ProhibitSignoutIfNeeded() {
 200   if (policy_manager()->IsClientRegistered()) {
 201     DVLOG(1) << "User is registered for policy - prohibiting signout";
 202     signin_manager()->ProhibitSignout(true);
 203   }
 204 }
 205
 206 }  // namespace policy