chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.h"
   6
   7 #include <algorithm>
   8
   9 #include "base/bind.h"
  10 #include "base/bind_helpers.h"
  11 #include "base/compiler_specific.h"
  12 #include "base/message_loop/message_loop.h"
  13 #include "base/values.h"
  14 #include "chrome/browser/browser_process.h"
  15 #include "chrome/browser/browsing_data/browsing_data_helper.h"
  16 #include "chrome/browser/browsing_data/browsing_data_remover.h"
  17 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h"
  18 #include "chrome/browser/profiles/profile.h"
  19 #include "chrome/browser/ui/webui/chromeos/login/authenticated_user_email_retriever.h"
  20 #include "chrome/browser/ui/webui/chromeos/login/oobe_ui.h"
  21 #include "components/policy/core/browser/cloud/message_util.h"
  22 #include "content/public/browser/web_contents.h"
  23 #include "google_apis/gaia/gaia_auth_fetcher.h"
  24 #include "google_apis/gaia/gaia_auth_util.h"
  25 #include "google_apis/gaia/gaia_constants.h"
  26 #include "google_apis/gaia/gaia_urls.h"
  27 #include "google_apis/gaia/google_service_auth_error.h"
  28 #include "grit/chromium_strings.h"
  29 #include "grit/generated_resources.h"
  30 #include "net/url_request/url_request_context_getter.h"
  31 #include "ui/base/l10n/l10n_util.h"
  32
  33 namespace {
  34
  35 const char kJsScreenPath[] = "login.OAuthEnrollmentScreen";
  36
  37 // Start page of GAIA authentication extension.
  38 const char kGaiaExtStartPage[] =
  39     "chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/main.html";
  40
  41 // Enrollment step names.
  42 const char kEnrollmentStepSignin[] = "signin";
  43 const char kEnrollmentStepSuccess[] = "success";
  44
  45 // A helper class that takes care of asynchronously revoking a given token.
  46 class TokenRevoker : public GaiaAuthConsumer {
  47  public:
  48   TokenRevoker()
  49       : gaia_fetcher_(this,
  50                       GaiaConstants::kChromeOSSource,
  51                       g_browser_process->system_request_context()) {}
  52   virtual ~TokenRevoker() {}
  53
  54   void Start(const std::string& token) {
  55     gaia_fetcher_.StartRevokeOAuth2Token(token);
  56   }
  57
  58   // GaiaAuthConsumer:
  59   virtual void OnOAuth2RevokeTokenCompleted() OVERRIDE {
  60     base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
  61   }
  62
  63  private:
  64   GaiaAuthFetcher gaia_fetcher_;
  65
  66   DISALLOW_COPY_AND_ASSIGN(TokenRevoker);
  67 };
  68
  69 }  // namespace
  70
  71 namespace chromeos {
  72
  73 // EnrollmentScreenHandler, public ------------------------------
  74
  75 EnrollmentScreenHandler::EnrollmentScreenHandler()
  76     : BaseScreenHandler(kJsScreenPath),
  77       controller_(NULL),
  78       show_on_init_(false),
  79       is_auto_enrollment_(false),
  80       can_exit_enrollment_(true),
  81       browsing_data_remover_(NULL) {
  82   set_async_assets_load_id(OobeUI::kScreenOobeEnrollment);
  83 }
  84
  85 EnrollmentScreenHandler::~EnrollmentScreenHandler() {
  86   if (browsing_data_remover_)
  87     browsing_data_remover_->RemoveObserver(this);
  88 }
  89
  90 // EnrollmentScreenHandler, WebUIMessageHandler implementation --
  91
  92 void EnrollmentScreenHandler::RegisterMessages() {
  93   AddCallback("oauthEnrollRetrieveAuthenticatedUserEmail",
  94               &EnrollmentScreenHandler::HandleRetrieveAuthenticatedUserEmail);
  95   AddCallback("oauthEnrollClose",
  96               &EnrollmentScreenHandler::HandleClose);
  97   AddCallback("oauthEnrollCompleteLogin",
  98               &EnrollmentScreenHandler::HandleCompleteLogin);
  99   AddCallback("oauthEnrollRetry",
 100               &EnrollmentScreenHandler::HandleRetry);
 101 }
 102
 103 // EnrollmentScreenHandler
 104 //      EnrollmentScreenActor implementation -----------------------------------
 105
 106 void EnrollmentScreenHandler::SetParameters(Controller* controller,
 107                                             bool is_auto_enrollment,
 108                                             bool can_exit_enrollment,
 109                                             const std::string& user) {
 110   controller_ = controller;
 111   is_auto_enrollment_ = is_auto_enrollment;
 112   can_exit_enrollment_ = can_exit_enrollment;
 113   if (is_auto_enrollment_)
 114     user_ = user;
 115 }
 116
 117 void EnrollmentScreenHandler::PrepareToShow() {
 118 }
 119
 120 void EnrollmentScreenHandler::Show() {
 121   if (!page_is_ready())
 122     show_on_init_ = true;
 123   else
 124     DoShow();
 125 }
 126
 127 void EnrollmentScreenHandler::Hide() {
 128 }
 129
 130 void EnrollmentScreenHandler::FetchOAuthToken() {
 131   Profile* profile = Profile::FromWebUI(web_ui());
 132   oauth_fetcher_.reset(
 133       new policy::PolicyOAuth2TokenFetcher(
 134           profile->GetRequestContext(),
 135           g_browser_process->system_request_context(),
 136           base::Bind(&EnrollmentScreenHandler::OnTokenFetched,
 137                      base::Unretained(this))));
 138   oauth_fetcher_->Start();
 139 }
 140
 141 void EnrollmentScreenHandler::ResetAuth(const base::Closure& callback) {
 142   auth_reset_callbacks_.push_back(callback);
 143   if (browsing_data_remover_)
 144     return;
 145
 146   if (oauth_fetcher_) {
 147     if (!oauth_fetcher_->oauth2_access_token().empty())
 148       (new TokenRevoker())->Start(oauth_fetcher_->oauth2_access_token());
 149
 150     if (!oauth_fetcher_->oauth2_refresh_token().empty())
 151       (new TokenRevoker())->Start(oauth_fetcher_->oauth2_refresh_token());
 152   }
 153
 154   Profile* profile = Profile::FromBrowserContext(
 155       web_ui()->GetWebContents()->GetBrowserContext());
 156   browsing_data_remover_ =
 157       BrowsingDataRemover::CreateForUnboundedRange(profile);
 158   browsing_data_remover_->AddObserver(this);
 159   browsing_data_remover_->Remove(BrowsingDataRemover::REMOVE_SITE_DATA,
 160                                  BrowsingDataHelper::UNPROTECTED_WEB);
 161 }
 162
 163 void EnrollmentScreenHandler::ShowSigninScreen() {
 164   ShowStep(kEnrollmentStepSignin);
 165 }
 166
 167 void EnrollmentScreenHandler::ShowEnrollmentSpinnerScreen() {
 168   ShowWorking(IDS_ENTERPRISE_ENROLLMENT_WORKING);
 169 }
 170
 171 void EnrollmentScreenHandler::ShowLoginSpinnerScreen() {
 172   ShowWorking(IDS_ENTERPRISE_ENROLLMENT_RESUMING_LOGIN);
 173 }
 174
 175 void EnrollmentScreenHandler::ShowAuthError(
 176     const GoogleServiceAuthError& error) {
 177   switch (error.state()) {
 178     case GoogleServiceAuthError::NONE:
 179     case GoogleServiceAuthError::CAPTCHA_REQUIRED:
 180     case GoogleServiceAuthError::TWO_FACTOR:
 181     case GoogleServiceAuthError::HOSTED_NOT_ALLOWED:
 182     case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS:
 183     case GoogleServiceAuthError::REQUEST_CANCELED:
 184     case GoogleServiceAuthError::UNEXPECTED_SERVICE_RESPONSE:
 185     case GoogleServiceAuthError::SERVICE_ERROR:
 186       ShowError(IDS_ENTERPRISE_ENROLLMENT_AUTH_FATAL_ERROR, false);
 187       return;
 188     case GoogleServiceAuthError::USER_NOT_SIGNED_UP:
 189     case GoogleServiceAuthError::ACCOUNT_DELETED:
 190     case GoogleServiceAuthError::ACCOUNT_DISABLED:
 191       ShowError(IDS_ENTERPRISE_ENROLLMENT_AUTH_ACCOUNT_ERROR, true);
 192       return;
 193     case GoogleServiceAuthError::CONNECTION_FAILED:
 194     case GoogleServiceAuthError::SERVICE_UNAVAILABLE:
 195       ShowError(IDS_ENTERPRISE_ENROLLMENT_AUTH_NETWORK_ERROR, true);
 196       return;
 197     case GoogleServiceAuthError::NUM_STATES:
 198       break;
 199   }
 200   NOTREACHED();
 201 }
 202
 203 void EnrollmentScreenHandler::ShowUIError(UIError error) {
 204   switch (error) {
 205     case UI_ERROR_DOMAIN_MISMATCH:
 206       ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_WRONG_USER, true);
 207       return;
 208     case UI_ERROR_AUTO_ENROLLMENT_BAD_MODE:
 209       ShowError(IDS_ENTERPRISE_AUTO_ENROLLMENT_BAD_MODE, true);
 210       return;
 211     case UI_ERROR_FATAL:
 212       ShowError(IDS_ENTERPRISE_ENROLLMENT_FATAL_ENROLLMENT_ERROR, true);
 213       return;
 214   }
 215   NOTREACHED();
 216 }
 217
 218 void EnrollmentScreenHandler::ShowEnrollmentStatus(
 219     policy::EnrollmentStatus status) {
 220   switch (status.status()) {
 221     case policy::EnrollmentStatus::STATUS_SUCCESS:
 222       ShowStep(kEnrollmentStepSuccess);
 223       return;
 224     case policy::EnrollmentStatus::STATUS_REGISTRATION_FAILED:
 225       // Some special cases for generating a nicer message that's more helpful.
 226       switch (status.client_status()) {
 227         case policy::DM_STATUS_SERVICE_MISSING_LICENSES:
 228           ShowError(IDS_ENTERPRISE_ENROLLMENT_MISSING_LICENSES_ERROR, true);
 229           break;
 230         case policy::DM_STATUS_SERVICE_DEPROVISIONED:
 231           ShowError(IDS_ENTERPRISE_ENROLLMENT_DEPROVISIONED_ERROR, true);
 232           break;
 233         case policy::DM_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED:
 234           ShowError(IDS_ENTERPRISE_ENROLLMENT_ACCOUNT_ERROR, true);
 235           break;
 236         default:
 237           ShowErrorMessage(
 238               l10n_util::GetStringFUTF8(
 239                   IDS_ENTERPRISE_ENROLLMENT_STATUS_REGISTRATION_FAILED,
 240                   policy::FormatDeviceManagementStatus(status.client_status())),
 241               true);
 242       }
 243       return;
 244     case policy::EnrollmentStatus::STATUS_ROBOT_AUTH_FETCH_FAILED:
 245       ShowError(IDS_ENTERPRISE_ENROLLMENT_ROBOT_AUTH_FETCH_FAILED, true);
 246       return;
 247     case policy::EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED:
 248       ShowError(IDS_ENTERPRISE_ENROLLMENT_ROBOT_REFRESH_FETCH_FAILED, true);
 249       return;
 250     case policy::EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED:
 251       ShowError(IDS_ENTERPRISE_ENROLLMENT_ROBOT_REFRESH_STORE_FAILED, true);
 252       return;
 253     case policy::EnrollmentStatus::STATUS_REGISTRATION_BAD_MODE:
 254       ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_REGISTRATION_BAD_MODE, false);
 255       return;
 256     case policy::EnrollmentStatus::STATUS_POLICY_FETCH_FAILED:
 257       ShowErrorMessage(
 258           l10n_util::GetStringFUTF8(
 259               IDS_ENTERPRISE_ENROLLMENT_STATUS_POLICY_FETCH_FAILED,
 260               policy::FormatDeviceManagementStatus(status.client_status())),
 261           true);
 262       return;
 263     case policy::EnrollmentStatus::STATUS_VALIDATION_FAILED:
 264       ShowErrorMessage(
 265           l10n_util::GetStringFUTF8(
 266               IDS_ENTERPRISE_ENROLLMENT_STATUS_VALIDATION_FAILED,
 267               policy::FormatValidationStatus(status.validation_status())),
 268           true);
 269       return;
 270     case policy::EnrollmentStatus::STATUS_LOCK_ERROR:
 271       ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_ERROR, false);
 272       return;
 273     case policy::EnrollmentStatus::STATUS_LOCK_TIMEOUT:
 274       ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_TIMEOUT, false);
 275       return;
 276     case policy::EnrollmentStatus::STATUS_LOCK_WRONG_USER:
 277       ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_WRONG_USER, true);
 278       return;
 279     case policy::EnrollmentStatus::STATUS_STORE_ERROR:
 280       ShowErrorMessage(
 281           l10n_util::GetStringFUTF8(
 282               IDS_ENTERPRISE_ENROLLMENT_STATUS_STORE_ERROR,
 283               policy::FormatStoreStatus(status.store_status(),
 284                                         status.validation_status())),
 285           true);
 286       return;
 287   }
 288   NOTREACHED();
 289 }
 290
 291 // EnrollmentScreenHandler BaseScreenHandler implementation -----
 292
 293 void EnrollmentScreenHandler::Initialize() {
 294   if (show_on_init_) {
 295     Show();
 296     show_on_init_ = false;
 297   }
 298 }
 299
 300 void EnrollmentScreenHandler::DeclareLocalizedValues(
 301     LocalizedValuesBuilder* builder) {
 302   builder->Add("oauthEnrollScreenTitle",
 303                IDS_ENTERPRISE_ENROLLMENT_SCREEN_TITLE);
 304   builder->Add("oauthEnrollRetry", IDS_ENTERPRISE_ENROLLMENT_RETRY);
 305   builder->Add("oauthEnrollCancel", IDS_ENTERPRISE_ENROLLMENT_CANCEL);
 306   builder->Add("oauthEnrollDone", IDS_ENTERPRISE_ENROLLMENT_DONE);
 307   builder->Add("oauthEnrollSuccess", IDS_ENTERPRISE_ENROLLMENT_SUCCESS);
 308   builder->Add("oauthEnrollExplain", IDS_ENTERPRISE_ENROLLMENT_EXPLAIN);
 309   builder->Add("oauthEnrollExplainLink",
 310                IDS_ENTERPRISE_ENROLLMENT_EXPLAIN_LINK);
 311   builder->Add("oauthEnrollExplainButton",
 312                IDS_ENTERPRISE_ENROLLMENT_EXPLAIN_BUTTON);
 313   builder->Add("oauthEnrollCancelAutoEnrollmentReally",
 314                IDS_ENTERPRISE_ENROLLMENT_CANCEL_AUTO_REALLY);
 315   builder->Add("oauthEnrollCancelAutoEnrollmentConfirm",
 316                IDS_ENTERPRISE_ENROLLMENT_CANCEL_AUTO_CONFIRM);
 317   builder->Add("oauthEnrollCancelAutoEnrollmentGoBack",
 318                IDS_ENTERPRISE_ENROLLMENT_CANCEL_AUTO_GO_BACK);
 319 }
 320
 321 void EnrollmentScreenHandler::OnBrowsingDataRemoverDone() {
 322   browsing_data_remover_->RemoveObserver(this);
 323   browsing_data_remover_ = NULL;
 324
 325   std::vector<base::Closure> callbacks_to_run;
 326   callbacks_to_run.swap(auth_reset_callbacks_);
 327   for (std::vector<base::Closure>::iterator callback(callbacks_to_run.begin());
 328        callback != callbacks_to_run.end(); ++callback) {
 329     callback->Run();
 330   }
 331 }
 332
 333 // EnrollmentScreenHandler, private -----------------------------
 334
 335 void EnrollmentScreenHandler::HandleRetrieveAuthenticatedUserEmail(
 336     double attempt_token) {
 337   email_retriever_.reset(new AuthenticatedUserEmailRetriever(
 338       base::Bind(&EnrollmentScreenHandler::CallJS<double, std::string>,
 339                  base::Unretained(this),
 340                  "setAuthenticatedUserEmail",
 341                  attempt_token),
 342       Profile::FromWebUI(web_ui())->GetRequestContext()));
 343 }
 344
 345 void EnrollmentScreenHandler::HandleClose(const std::string& reason) {
 346   if (!controller_) {
 347     NOTREACHED();
 348     return;
 349   }
 350
 351   if (reason == "cancel" || reason == "autocancel")
 352     controller_->OnCancel();
 353   else if (reason == "done")
 354     controller_->OnConfirmationClosed();
 355   else
 356     NOTREACHED();
 357 }
 358
 359 void EnrollmentScreenHandler::HandleCompleteLogin(const std::string& user) {
 360   if (!controller_) {
 361     NOTREACHED();
 362     return;
 363   }
 364   controller_->OnLoginDone(gaia::SanitizeEmail(user));
 365 }
 366
 367 void EnrollmentScreenHandler::HandleRetry() {
 368   if (!controller_) {
 369     NOTREACHED();
 370     return;
 371   }
 372   controller_->OnRetry();
 373 }
 374
 375 void EnrollmentScreenHandler::ShowStep(const char* step) {
 376   CallJS("showStep", std::string(step));
 377 }
 378
 379 void EnrollmentScreenHandler::ShowError(int message_id, bool retry) {
 380   ShowErrorMessage(l10n_util::GetStringUTF8(message_id), retry);
 381 }
 382
 383 void EnrollmentScreenHandler::ShowErrorMessage(const std::string& message,
 384                                                bool retry) {
 385   CallJS("showError", message, retry);
 386 }
 387
 388 void EnrollmentScreenHandler::ShowWorking(int message_id) {
 389   CallJS("showWorking", l10n_util::GetStringUTF16(message_id));
 390 }
 391
 392 void EnrollmentScreenHandler::OnTokenFetched(
 393     const std::string& token,
 394     const GoogleServiceAuthError& error) {
 395   if (!controller_)
 396     return;
 397
 398   if (error.state() != GoogleServiceAuthError::NONE)
 399     controller_->OnAuthError(error);
 400   else
 401     controller_->OnOAuthTokenAvailable(token);
 402 }
 403
 404 void EnrollmentScreenHandler::DoShow() {
 405   base::DictionaryValue screen_data;
 406   screen_data.SetString("signin_url", kGaiaExtStartPage);
 407   screen_data.SetString("gaiaUrl", GaiaUrls::GetInstance()->gaia_url().spec());
 408   screen_data.SetBoolean("is_auto_enrollment", is_auto_enrollment_);
 409   screen_data.SetBoolean("prevent_cancellation", !can_exit_enrollment_);
 410
 411   ShowScreen(OobeUI::kScreenOobeEnrollment, &screen_data);
 412 }
 413
 414 }  // namespace chromeos