search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Disable view source for Developer Tools.
[chromium-blink-merge.git] / chrome / browser / policy / cloud / user_policy_signin_service.cc
blob4e36757e1a53cecb33e0b9531a3b38df880eb0cc
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/policy/cloud/user_policy_signin_service.h"
6
7 #include "base/bind.h"
8 #include "base/bind_helpers.h"
9 #include "base/callback.h"
10 #include "chrome/browser/browser_process.h"
11 #include "chrome/browser/chrome_notification_types.h"
12 #include "chrome/browser/profiles/profile.h"
13 #include "chrome/browser/profiles/profile_manager.h"
14 #include "chrome/browser/signin/profile_oauth2_token_service.h"
15 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
16 #include "chrome/browser/signin/signin_manager.h"
17 #include "components/policy/core/common/cloud/cloud_policy_client_registration_helper.h"
18 #include "components/policy/core/common/cloud/user_cloud_policy_manager.h"
19 #include "content/public/browser/notification_details.h"
20 #include "content/public/browser/notification_source.h"
21 #include "google_apis/gaia/gaia_constants.h"
22 #include "net/url_request/url_request_context_getter.h"
23
24 namespace policy {
25
26 UserPolicySigninService::UserPolicySigninService(
27 Profile* profile,
28 PrefService* local_state,
29 DeviceManagementService* device_management_service,
30 UserCloudPolicyManager* policy_manager,
31 SigninManager* signin_manager,
32 scoped_refptr<net::URLRequestContextGetter> system_request_context,
33 ProfileOAuth2TokenService* token_service)
34 : UserPolicySigninServiceBase(profile,
35 local_state,
36 device_management_service,
37 policy_manager,
38 signin_manager,
39 system_request_context),
40 profile_(profile),
41 oauth2_token_service_(token_service) {
42 // ProfileOAuth2TokenService should not yet have loaded its tokens since this
43 // happens in the background after PKS initialization - so this service
44 // should always be created before the oauth token is available.
45 DCHECK(!oauth2_token_service_->RefreshTokenIsAvailable(
46 oauth2_token_service_->GetPrimaryAccountId()));
47
48 // Listen for an OAuth token to become available so we can register a client
49 // if for some reason the client is not already registered (for example, if
50 // the policy load failed during initial signin).
51 oauth2_token_service_->AddObserver(this);
52 }
53
54 UserPolicySigninService::~UserPolicySigninService() {
55 }
56
57 void UserPolicySigninService::PrepareForUserCloudPolicyManagerShutdown() {
58 // Stop any pending registration helper activity. We do this here instead of
59 // in the destructor because we want to shutdown the registration helper
60 // before UserCloudPolicyManager shuts down the CloudPolicyClient.
61 registration_helper_.reset();
62
63 UserPolicySigninServiceBase::PrepareForUserCloudPolicyManagerShutdown();
64 }
65
66 void UserPolicySigninService::Shutdown() {
67 UserPolicySigninServiceBase::Shutdown();
68 oauth2_token_service_->RemoveObserver(this);
69 }
70
71 void UserPolicySigninService::RegisterForPolicy(
72 const std::string& username,
73 const std::string& oauth2_refresh_token,
74 const PolicyRegistrationCallback& callback) {
75 DCHECK(!oauth2_refresh_token.empty());
76
77 // Create a new CloudPolicyClient for fetching the DMToken.
78 scoped_ptr<CloudPolicyClient> policy_client = CreateClientForRegistrationOnly(
79 username);
80 if (!policy_client) {
81 callback.Run(std::string(), std::string());
82 return;
83 }
84
85 // Fire off the registration process. Callback keeps the CloudPolicyClient
86 // alive for the length of the registration process. Use the system
87 // request context because the user is not signed in to this profile yet
88 // (we are just doing a test registration to see if policy is supported for
89 // this user).
90 registration_helper_.reset(new CloudPolicyClientRegistrationHelper(
91 policy_client.get(),
92 ShouldForceLoadPolicy(),
93 enterprise_management::DeviceRegisterRequest::BROWSER));
94 registration_helper_->StartRegistrationWithLoginToken(
95 oauth2_refresh_token,
96 base::Bind(&UserPolicySigninService::CallPolicyRegistrationCallback,
97 base::Unretained(this),
98 base::Passed(&policy_client),
99 callback));
100 }
101
102 void UserPolicySigninService::CallPolicyRegistrationCallback(
103 scoped_ptr<CloudPolicyClient> client,
104 PolicyRegistrationCallback callback) {
105 registration_helper_.reset();
106 callback.Run(client->dm_token(), client->client_id());
107 }
108
109 void UserPolicySigninService::OnRefreshTokenAvailable(
110 const std::string& account_id) {
111 // If using a TestingProfile with no UserCloudPolicyManager, skip
112 // initialization.
113 if (!policy_manager()) {
114 DVLOG(1) << "Skipping initialization for tests due to missing components.";
115 return;
116 }
117
118 // Ignore OAuth tokens for any account but the primary one.
119 if (account_id != oauth2_token_service_->GetPrimaryAccountId())
120 return;
121
122 // ProfileOAuth2TokenService now has a refresh token so initialize the
123 // UserCloudPolicyManager.
124 InitializeForSignedInUser(signin_manager()->GetAuthenticatedUsername(),
125 profile_->GetRequestContext());
126 }
127
128 void UserPolicySigninService::InitializeUserCloudPolicyManager(
129 const std::string& username,
130 scoped_ptr<CloudPolicyClient> client) {
131 UserPolicySigninServiceBase::InitializeUserCloudPolicyManager(username,
132 client.Pass());
133 ProhibitSignoutIfNeeded();
134 }
135
136 void UserPolicySigninService::ShutdownUserCloudPolicyManager() {
137 UserCloudPolicyManager* manager = policy_manager();
138 // Allow the user to signout again.
139 if (manager)
140 signin_manager()->ProhibitSignout(false);
141 UserPolicySigninServiceBase::ShutdownUserCloudPolicyManager();
142 }
143
144 void UserPolicySigninService::OnInitializationCompleted(
145 CloudPolicyService* service) {
146 UserCloudPolicyManager* manager = policy_manager();
147 DCHECK_EQ(service, manager->core()->service());
148 DCHECK(service->IsInitializationComplete());
149 // The service is now initialized - if the client is not yet registered, then
150 // it means that there is no cached policy and so we need to initiate a new
151 // client registration.
152 DVLOG_IF(1, manager->IsClientRegistered())
153 << "Client already registered - not fetching DMToken";
154 if (!manager->IsClientRegistered()) {
155 if (!oauth2_token_service_->RefreshTokenIsAvailable(
156 oauth2_token_service_->GetPrimaryAccountId())) {
157 // No token yet - this class listens for OnRefreshTokenAvailable()
158 // and will re-attempt registration once the token is available.
159 DLOG(WARNING) << "No OAuth Refresh Token - delaying policy download";
160 return;
161 }
162 RegisterCloudPolicyService();
163 }
164 // If client is registered now, prohibit signout.
165 ProhibitSignoutIfNeeded();
166 }
167
168 void UserPolicySigninService::RegisterCloudPolicyService() {
169 DCHECK(!policy_manager()->IsClientRegistered());
170 DVLOG(1) << "Fetching new DM Token";
171 // Do nothing if already starting the registration process.
172 if (registration_helper_)
173 return;
174
175 // Start the process of registering the CloudPolicyClient. Once it completes,
176 // policy fetch will automatically happen.
177 registration_helper_.reset(new CloudPolicyClientRegistrationHelper(
178 policy_manager()->core()->client(),
179 ShouldForceLoadPolicy(),
180 enterprise_management::DeviceRegisterRequest::BROWSER));
181 registration_helper_->StartRegistration(
182 oauth2_token_service_,
183 oauth2_token_service_->GetPrimaryAccountId(),
184 base::Bind(&UserPolicySigninService::OnRegistrationComplete,
185 base::Unretained(this)));
186 }
187
188 void UserPolicySigninService::OnRegistrationComplete() {
189 ProhibitSignoutIfNeeded();
190 registration_helper_.reset();
191 }
192
193 void UserPolicySigninService::ProhibitSignoutIfNeeded() {
194 if (policy_manager()->IsClientRegistered()) {
195 DVLOG(1) << "User is registered for policy - prohibiting signout";
196 signin_manager()->ProhibitSignout(true);
197 }
198 }
199
200 } // namespace policy