chrome/browser/chromeos/login/enrollment/enterprise_enrollment_helper.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_ENROLLMENT_ENTERPRISE_ENROLLMENT_HELPER_H_
   6 #define CHROME_BROWSER_CHROMEOS_LOGIN_ENROLLMENT_ENTERPRISE_ENROLLMENT_HELPER_H_
   7
   8 #include <string>
   9
  10 #include "base/callback_forward.h"
  11 #include "base/macros.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
  14
  15 class GoogleServiceAuthError;
  16 class Profile;
  17
  18 namespace policy {
  19 struct EnrollmentConfig;
  20 class EnrollmentStatus;
  21 }
  22
  23 namespace chromeos {
  24
  25 // This class is capable to enroll the device into enterprise domain, using
  26 // either a profile containing authentication data or OAuth token.
  27 // It can also clear an authentication data from the profile and revoke tokens
  28 // that are not longer needed.
  29 class EnterpriseEnrollmentHelper {
  30  public:
  31   typedef policy::DeviceCloudPolicyInitializer::EnrollmentCallback
  32       EnrollmentCallback;
  33
  34   // Enumeration of the possible errors that can occur during enrollment which
  35   // are not covered by GoogleServiceAuthError or EnrollmentStatus.
  36   enum OtherError {
  37     // Existing enrollment domain doesn't match authentication user.
  38     OTHER_ERROR_DOMAIN_MISMATCH,
  39     // Unexpected error condition, indicates a bug in the code.
  40     OTHER_ERROR_FATAL
  41   };
  42
  43   class EnrollmentStatusConsumer {
  44    public:
  45     // Called when an error happens on attempt to receive authentication tokens.
  46     virtual void OnAuthError(const GoogleServiceAuthError& error) = 0;
  47
  48     // Called when an error happens during enrollment.
  49     virtual void OnEnrollmentError(policy::EnrollmentStatus status) = 0;
  50
  51     // Called when some other error happens.
  52     virtual void OnOtherError(OtherError error) = 0;
  53
  54     // Called when enrollment finishes successfully. |additional_token| keeps
  55     // the additional access token, if it was requested by setting the
  56     // |fetch_additional_token| param of EnrollUsingProfile() to true.
  57     // Otherwise, |additional_token| is empty.
  58     virtual void OnDeviceEnrolled(const std::string& additional_token) = 0;
  59   };
  60
  61   // Factory method. Caller takes ownership of the returned object.
  62   static scoped_ptr<EnterpriseEnrollmentHelper> Create(
  63       EnrollmentStatusConsumer* status_consumer,
  64       const policy::EnrollmentConfig& enrollment_config,
  65       const std::string& enrolling_user_domain);
  66
  67   virtual ~EnterpriseEnrollmentHelper();
  68
  69   // Starts enterprise enrollment using |token|.
  70   // EnrollUsingToken can be called only once during this object's lifetime, and
  71   // only if EnrollUsingProfile was not called before.
  72   virtual void EnrollUsingToken(const std::string& token) = 0;
  73
  74   // Starts enterprise enrollment using |profile|. First tries to fetch an
  75   // authentication token using the |profile|, then tries to enroll the device
  76   // with the received token.
  77   // If |fetch_additional_token| is true, the helper fetches an additional token
  78   // and passes it to the |status_consumer| on successfull enrollment.
  79   // If enrollment fails, you should clear authentication data in |profile| by
  80   // calling ClearAuth before destroying |this|.
  81   // EnrollUsingProfile can be called only once during this object's lifetime,
  82   // and only if EnrollUsingToken was not called before.
  83   virtual void EnrollUsingProfile(Profile* profile,
  84                                   bool fetch_additional_token) = 0;
  85
  86   // Clears authentication data from the profile (if EnrollUsingProfile was
  87   // used) and revokes fetched tokens.
  88   // Does not revoke the additional token if enrollment finished successfully.
  89   // Calls |callback| on completion.
  90   virtual void ClearAuth(const base::Closure& callback) = 0;
  91
  92  protected:
  93   // |status_consumer| must outlive |this|. Moreover, the user of this class
  94   // is responsible for clearing auth data in some cases (see comment for
  95   // EnrollUsingProfile()).
  96   explicit EnterpriseEnrollmentHelper(
  97       EnrollmentStatusConsumer* status_consumer);
  98
  99   EnrollmentStatusConsumer* status_consumer() { return status_consumer_; }
 100
 101  private:
 102   EnrollmentStatusConsumer* status_consumer_;
 103
 104   DISALLOW_COPY_AND_ASSIGN(EnterpriseEnrollmentHelper);
 105 };
 106
 107 }  // namespace chromeos
 108
 109 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_ENROLLMENT_ENTERPRISE_ENROLLMENT_HELPER_H_