search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ozone: evdev: Sync caps lock LED state to evdev
[chromium-blink-merge.git] / chrome / browser / chromeos / login / enrollment / enterprise_enrollment_helper_impl.cc
blobf15170f1275a4a5e4add0ff729c54782ac6a00b9
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/login/enrollment/enterprise_enrollment_helper_impl.h"
6
7 #include "base/bind.h"
8 #include "base/location.h"
9 #include "base/logging.h"
10 #include "base/message_loop/message_loop.h"
11 #include "chrome/browser/browser_process.h"
12 #include "chrome/browser/browser_process_platform_part.h"
13 #include "chrome/browser/browsing_data/browsing_data_helper.h"
14 #include "chrome/browser/chromeos/login/enrollment/enrollment_uma.h"
15 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
16 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
17 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h"
18 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h"
19 #include "chrome/browser/profiles/profile.h"
20 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
21 #include "google_apis/gaia/gaia_auth_consumer.h"
22 #include "google_apis/gaia/gaia_auth_fetcher.h"
23 #include "google_apis/gaia/gaia_constants.h"
24
25 namespace {
26
27 // A helper class that takes care of asynchronously revoking a given token.
28 class TokenRevoker : public GaiaAuthConsumer {
29 public:
30 TokenRevoker();
31 ~TokenRevoker() override;
32
33 void Start(const std::string& token);
34
35 // GaiaAuthConsumer:
36 void OnOAuth2RevokeTokenCompleted() override;
37
38 private:
39 GaiaAuthFetcher gaia_fetcher_;
40
41 DISALLOW_COPY_AND_ASSIGN(TokenRevoker);
42 };
43
44 TokenRevoker::TokenRevoker()
45 : gaia_fetcher_(this,
46 GaiaConstants::kChromeOSSource,
47 g_browser_process->system_request_context()) {
48 }
49
50 TokenRevoker::~TokenRevoker() {
51 }
52
53 void TokenRevoker::Start(const std::string& token) {
54 gaia_fetcher_.StartRevokeOAuth2Token(token);
55 }
56
57 void TokenRevoker::OnOAuth2RevokeTokenCompleted() {
58 base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
59 }
60
61 } // namespace
62
63 namespace chromeos {
64
65 EnterpriseEnrollmentHelperImpl::EnterpriseEnrollmentHelperImpl(
66 EnrollmentStatusConsumer* status_consumer,
67 const policy::EnrollmentConfig& enrollment_config,
68 const std::string& enrolling_user_domain)
69 : EnterpriseEnrollmentHelper(status_consumer),
70 enrollment_config_(enrollment_config),
71 enrolling_user_domain_(enrolling_user_domain),
72 profile_(NULL),
73 fetch_additional_token_(false),
74 started_(false),
75 oauth_fetchers_finished_(0),
76 last_auth_error_(GoogleServiceAuthError::AuthErrorNone()),
77 finished_(false),
78 success_(false),
79 auth_data_cleared_(false),
80 browsing_data_remover_(NULL),
81 weak_ptr_factory_(this) {
82 }
83
84 EnterpriseEnrollmentHelperImpl::~EnterpriseEnrollmentHelperImpl() {
85 DCHECK(g_browser_process->IsShuttingDown() || !started_ ||
86 (finished_ && (success_ || !profile_ || auth_data_cleared_)));
87 if (browsing_data_remover_)
88 browsing_data_remover_->RemoveObserver(this);
89 }
90
91 void EnterpriseEnrollmentHelperImpl::EnrollUsingProfile(
92 Profile* profile,
93 bool fetch_additional_token) {
94 DCHECK(!started_);
95 started_ = true;
96 profile_ = profile;
97 fetch_additional_token_ = fetch_additional_token;
98 oauth_fetchers_.resize(fetch_additional_token_ ? 2 : 1);
99 for (size_t i = 0; i < oauth_fetchers_.size(); ++i) {
100 oauth_fetchers_[i] = new policy::PolicyOAuth2TokenFetcher(
101 profile_->GetRequestContext(),
102 g_browser_process->system_request_context(),
103 base::Bind(&EnterpriseEnrollmentHelperImpl::OnTokenFetched,
104 weak_ptr_factory_.GetWeakPtr(),
105 i));
106 oauth_fetchers_[i]->Start();
107 }
108 }
109
110 void EnterpriseEnrollmentHelperImpl::EnrollUsingToken(
111 const std::string& token) {
112 DCHECK(!started_);
113 started_ = true;
114 DoEnrollUsingToken(token);
115 }
116
117 void EnterpriseEnrollmentHelperImpl::ClearAuth(const base::Closure& callback) {
118 if (!profile_) {
119 callback.Run();
120 return;
121 }
122 auth_clear_callbacks_.push_back(callback);
123 if (browsing_data_remover_)
124 return;
125
126 for (size_t i = 0; i < oauth_fetchers_.size(); ++i) {
127 // Do not revoke the additional token if enrollment has finished
128 // successfully.
129 if (i == 1 && success_)
130 continue;
131
132 if (!oauth_fetchers_[i]->oauth2_access_token().empty())
133 (new TokenRevoker())->Start(oauth_fetchers_[i]->oauth2_access_token());
134
135 if (!oauth_fetchers_[i]->oauth2_refresh_token().empty())
136 (new TokenRevoker())->Start(oauth_fetchers_[i]->oauth2_refresh_token());
137 }
138 oauth_fetchers_.clear();
139
140 browsing_data_remover_ =
141 BrowsingDataRemover::CreateForUnboundedRange(profile_);
142 browsing_data_remover_->AddObserver(this);
143 browsing_data_remover_->Remove(BrowsingDataRemover::REMOVE_SITE_DATA,
144 BrowsingDataHelper::UNPROTECTED_WEB);
145 }
146
147 void EnterpriseEnrollmentHelperImpl::DoEnrollUsingToken(
148 const std::string& token) {
149 policy::BrowserPolicyConnectorChromeOS* connector =
150 g_browser_process->platform_part()->browser_policy_connector_chromeos();
151 if (connector->IsEnterpriseManaged() &&
152 connector->GetEnterpriseDomain() != enrolling_user_domain_) {
153 LOG(ERROR) << "Trying to re-enroll to a different domain than "
154 << connector->GetEnterpriseDomain();
155 UMA(policy::kMetricEnrollmentPrecheckDomainMismatch);
156 finished_ = true;
157 status_consumer()->OnOtherError(OTHER_ERROR_DOMAIN_MISMATCH);
158 return;
159 }
160
161 policy::DeviceCloudPolicyInitializer::AllowedDeviceModes device_modes;
162 device_modes[policy::DEVICE_MODE_ENTERPRISE] = true;
163 connector->ScheduleServiceInitialization(0);
164
165 policy::DeviceCloudPolicyInitializer* dcp_initializer =
166 connector->GetDeviceCloudPolicyInitializer();
167 CHECK(dcp_initializer);
168 dcp_initializer->StartEnrollment(
169 policy::MANAGEMENT_MODE_ENTERPRISE_MANAGED,
170 connector->device_management_service(),
171 nullptr /* owner_settings_service */, enrollment_config_, token,
172 device_modes,
173 base::Bind(&EnterpriseEnrollmentHelperImpl::OnEnrollmentFinished,
174 weak_ptr_factory_.GetWeakPtr()));
175 }
176
177 void EnterpriseEnrollmentHelperImpl::OnTokenFetched(
178 size_t fetcher_index,
179 const std::string& token,
180 const GoogleServiceAuthError& error) {
181 CHECK_LT(fetcher_index, oauth_fetchers_.size());
182
183 if (error.state() != GoogleServiceAuthError::NONE)
184 last_auth_error_ = error;
185
186 ++oauth_fetchers_finished_;
187 if (oauth_fetchers_finished_ != oauth_fetchers_.size())
188 return;
189
190 if (last_auth_error_.state() != GoogleServiceAuthError::NONE) {
191 ReportAuthStatus(last_auth_error_);
192 finished_ = true;
193 status_consumer()->OnAuthError(last_auth_error_);
194 return;
195 }
196
197 if (oauth_fetchers_.size() == 2)
198 additional_token_ = oauth_fetchers_[1]->oauth2_access_token();
199 DoEnrollUsingToken(oauth_fetchers_[0]->oauth2_access_token());
200 }
201
202 void EnterpriseEnrollmentHelperImpl::OnEnrollmentFinished(
203 policy::EnrollmentStatus status) {
204 ReportEnrollmentStatus(status);
205 finished_ = true;
206 if (status.status() == policy::EnrollmentStatus::STATUS_SUCCESS) {
207 success_ = true;
208 DCHECK(!fetch_additional_token_ || !additional_token_.empty());
209 status_consumer()->OnDeviceEnrolled(additional_token_);
210 } else {
211 status_consumer()->OnEnrollmentError(status);
212 }
213 }
214
215 void EnterpriseEnrollmentHelperImpl::ReportAuthStatus(
216 const GoogleServiceAuthError& error) {
217 switch (error.state()) {
218 case GoogleServiceAuthError::NONE:
219 case GoogleServiceAuthError::CAPTCHA_REQUIRED:
220 case GoogleServiceAuthError::TWO_FACTOR:
221 case GoogleServiceAuthError::HOSTED_NOT_ALLOWED:
222 case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS:
223 case GoogleServiceAuthError::REQUEST_CANCELED:
224 case GoogleServiceAuthError::UNEXPECTED_SERVICE_RESPONSE:
225 case GoogleServiceAuthError::SERVICE_ERROR:
226 case GoogleServiceAuthError::WEB_LOGIN_REQUIRED:
227 UMA(policy::kMetricEnrollmentLoginFailed);
228 LOG(ERROR) << "Auth error " << error.state();
229 break;
230 case GoogleServiceAuthError::USER_NOT_SIGNED_UP:
231 UMA(policy::kMetricEnrollmentAccountNotSignedUp);
232 LOG(ERROR) << "Account not signed up " << error.state();
233 break;
234 case GoogleServiceAuthError::ACCOUNT_DELETED:
235 UMA(policy::kMetricEnrollmentAccountDeleted);
236 LOG(ERROR) << "Account deleted " << error.state();
237 break;
238 case GoogleServiceAuthError::ACCOUNT_DISABLED:
239 UMA(policy::kMetricEnrollmentAccountDisabled);
240 LOG(ERROR) << "Account disabled " << error.state();
241 break;
242 case GoogleServiceAuthError::CONNECTION_FAILED:
243 case GoogleServiceAuthError::SERVICE_UNAVAILABLE:
244 UMA(policy::kMetricEnrollmentNetworkFailed);
245 LOG(WARNING) << "Network error " << error.state();
246 break;
247 case GoogleServiceAuthError::NUM_STATES:
248 NOTREACHED();
249 break;
250 }
251 }
252
253 void EnterpriseEnrollmentHelperImpl::ReportEnrollmentStatus(
254 policy::EnrollmentStatus status) {
255 switch (status.status()) {
256 case policy::EnrollmentStatus::STATUS_SUCCESS:
257 UMA(policy::kMetricEnrollmentOK);
258 return;
259 case policy::EnrollmentStatus::STATUS_REGISTRATION_FAILED:
260 case policy::EnrollmentStatus::STATUS_POLICY_FETCH_FAILED:
261 switch (status.client_status()) {
262 case policy::DM_STATUS_SUCCESS:
263 NOTREACHED();
264 break;
265 case policy::DM_STATUS_REQUEST_INVALID:
266 UMA(policy::kMetricEnrollmentRegisterPolicyPayloadInvalid);
267 break;
268 case policy::DM_STATUS_SERVICE_DEVICE_NOT_FOUND:
269 UMA(policy::kMetricEnrollmentRegisterPolicyDeviceNotFound);
270 break;
271 case policy::DM_STATUS_SERVICE_MANAGEMENT_TOKEN_INVALID:
272 UMA(policy::kMetricEnrollmentRegisterPolicyDMTokenInvalid);
273 break;
274 case policy::DM_STATUS_SERVICE_ACTIVATION_PENDING:
275 UMA(policy::kMetricEnrollmentRegisterPolicyActivationPending);
276 break;
277 case policy::DM_STATUS_SERVICE_DEVICE_ID_CONFLICT:
278 UMA(policy::kMetricEnrollmentRegisterPolicyDeviceIdConflict);
279 break;
280 case policy::DM_STATUS_SERVICE_POLICY_NOT_FOUND:
281 UMA(policy::kMetricEnrollmentRegisterPolicyNotFound);
282 break;
283 case policy::DM_STATUS_REQUEST_FAILED:
284 UMA(policy::kMetricEnrollmentRegisterPolicyRequestFailed);
285 break;
286 case policy::DM_STATUS_TEMPORARY_UNAVAILABLE:
287 UMA(policy::kMetricEnrollmentRegisterPolicyTempUnavailable);
288 break;
289 case policy::DM_STATUS_HTTP_STATUS_ERROR:
290 UMA(policy::kMetricEnrollmentRegisterPolicyHttpError);
291 break;
292 case policy::DM_STATUS_RESPONSE_DECODING_ERROR:
293 UMA(policy::kMetricEnrollmentRegisterPolicyResponseInvalid);
294 break;
295 case policy::DM_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED:
296 UMA(policy::kMetricEnrollmentNotSupported);
297 break;
298 case policy::DM_STATUS_SERVICE_INVALID_SERIAL_NUMBER:
299 UMA(policy::kMetricEnrollmentRegisterPolicyInvalidSerial);
300 break;
301 case policy::DM_STATUS_SERVICE_MISSING_LICENSES:
302 UMA(policy::kMetricEnrollmentRegisterPolicyMissingLicenses);
303 break;
304 case policy::DM_STATUS_SERVICE_DEPROVISIONED:
305 UMA(policy::kMetricEnrollmentRegisterPolicyDeprovisioned);
306 break;
307 case policy::DM_STATUS_SERVICE_DOMAIN_MISMATCH:
308 UMA(policy::kMetricEnrollmentRegisterPolicyDomainMismatch);
309 break;
310 }
311 break;
312 case policy::EnrollmentStatus::STATUS_REGISTRATION_BAD_MODE:
313 UMA(policy::kMetricEnrollmentInvalidEnrollmentMode);
314 break;
315 case policy::EnrollmentStatus::STATUS_NO_STATE_KEYS:
316 UMA(policy::kMetricEnrollmentNoStateKeys);
317 break;
318 case policy::EnrollmentStatus::STATUS_VALIDATION_FAILED:
319 UMA(policy::kMetricEnrollmentPolicyValidationFailed);
320 break;
321 case policy::EnrollmentStatus::STATUS_STORE_ERROR:
322 UMA(policy::kMetricEnrollmentCloudPolicyStoreError);
323 break;
324 case policy::EnrollmentStatus::STATUS_LOCK_ERROR:
325 switch (status.lock_status()) {
326 case policy::EnterpriseInstallAttributes::LOCK_SUCCESS:
327 case policy::EnterpriseInstallAttributes::LOCK_NOT_READY:
328 NOTREACHED();
329 break;
330 case policy::EnterpriseInstallAttributes::LOCK_TIMEOUT:
331 UMA(policy::kMetricEnrollmentLockboxTimeoutError);
332 break;
333 case policy::EnterpriseInstallAttributes::LOCK_BACKEND_INVALID:
334 UMA(policy::kMetricEnrollmentLockBackendInvalid);
335 break;
336 case policy::EnterpriseInstallAttributes::LOCK_ALREADY_LOCKED:
337 UMA(policy::kMetricEnrollmentLockAlreadyLocked);
338 break;
339 case policy::EnterpriseInstallAttributes::LOCK_SET_ERROR:
340 UMA(policy::kMetricEnrollmentLockSetError);
341 break;
342 case policy::EnterpriseInstallAttributes::LOCK_FINALIZE_ERROR:
343 UMA(policy::kMetricEnrollmentLockFinalizeError);
344 break;
345 case policy::EnterpriseInstallAttributes::LOCK_READBACK_ERROR:
346 UMA(policy::kMetricEnrollmentLockReadbackError);
347 break;
348 case policy::EnterpriseInstallAttributes::LOCK_WRONG_DOMAIN:
349 UMA(policy::kMetricEnrollmentLockDomainMismatch);
350 break;
351 }
352 break;
353 case policy::EnrollmentStatus::STATUS_ROBOT_AUTH_FETCH_FAILED:
354 UMA(policy::kMetricEnrollmentRobotAuthCodeFetchFailed);
355 break;
356 case policy::EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED:
357 UMA(policy::kMetricEnrollmentRobotRefreshTokenFetchFailed);
358 break;
359 case policy::EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED:
360 UMA(policy::kMetricEnrollmentRobotRefreshTokenStoreFailed);
361 break;
362 case policy::EnrollmentStatus::STATUS_STORE_TOKEN_AND_ID_FAILED:
363 // This error should not happen for enterprise enrollment, it only affects
364 // consumer enrollment.
365 UMA(policy::kMetricEnrollmentStoreTokenAndIdFailed);
366 NOTREACHED();
367 break;
368 }
369 }
370
371 void EnterpriseEnrollmentHelperImpl::UMA(policy::MetricEnrollment sample) {
372 EnrollmentUMA(sample, enrollment_config_.mode);
373 }
374
375 void EnterpriseEnrollmentHelperImpl::OnBrowsingDataRemoverDone() {
376 browsing_data_remover_->RemoveObserver(this);
377 browsing_data_remover_ = NULL;
378 auth_data_cleared_ = true;
379
380 std::vector<base::Closure> callbacks_to_run;
381 callbacks_to_run.swap(auth_clear_callbacks_);
382 for (std::vector<base::Closure>::iterator callback(callbacks_to_run.begin());
383 callback != callbacks_to_run.end();
384 ++callback) {
385 callback->Run();
386 }
387 }
388
389 } // namespace chromeos