1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/policy/cloud/user_policy_signin_service.h"
8 #include "base/bind_helpers.h"
9 #include "base/callback.h"
10 #include "base/profiler/scoped_tracker.h"
11 #include "chrome/browser/browser_process.h"
12 #include "chrome/browser/chrome_notification_types.h"
13 #include "chrome/browser/profiles/profile.h"
14 #include "chrome/browser/profiles/profile_manager.h"
15 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
16 #include "components/policy/core/common/cloud/cloud_policy_client_registration_helper.h"
17 #include "components/policy/core/common/cloud/user_cloud_policy_manager.h"
18 #include "components/signin/core/browser/profile_oauth2_token_service.h"
19 #include "components/signin/core/browser/signin_manager.h"
20 #include "content/public/browser/notification_details.h"
21 #include "content/public/browser/notification_source.h"
22 #include "google_apis/gaia/gaia_constants.h"
23 #include "net/url_request/url_request_context_getter.h"
27 UserPolicySigninService::UserPolicySigninService(
29 PrefService* local_state,
30 DeviceManagementService* device_management_service,
31 UserCloudPolicyManager* policy_manager,
32 SigninManager* signin_manager,
33 scoped_refptr<net::URLRequestContextGetter> system_request_context,
34 ProfileOAuth2TokenService* token_service)
35 : UserPolicySigninServiceBase(profile,
37 device_management_service,
40 system_request_context),
42 oauth2_token_service_(token_service) {
43 // ProfileOAuth2TokenService should not yet have loaded its tokens since this
44 // happens in the background after PKS initialization - so this service
45 // should always be created before the oauth token is available.
46 DCHECK(!oauth2_token_service_->RefreshTokenIsAvailable(
47 signin_manager->GetAuthenticatedAccountId()));
49 // Listen for an OAuth token to become available so we can register a client
50 // if for some reason the client is not already registered (for example, if
51 // the policy load failed during initial signin).
52 oauth2_token_service_->AddObserver(this);
55 UserPolicySigninService::~UserPolicySigninService() {
58 void UserPolicySigninService::PrepareForUserCloudPolicyManagerShutdown() {
59 // Stop any pending registration helper activity. We do this here instead of
60 // in the destructor because we want to shutdown the registration helper
61 // before UserCloudPolicyManager shuts down the CloudPolicyClient.
62 registration_helper_.reset();
64 UserPolicySigninServiceBase::PrepareForUserCloudPolicyManagerShutdown();
67 void UserPolicySigninService::Shutdown() {
68 UserPolicySigninServiceBase::Shutdown();
69 oauth2_token_service_->RemoveObserver(this);
72 void UserPolicySigninService::RegisterForPolicy(
73 const std::string& username,
74 const std::string& oauth2_refresh_token,
75 const PolicyRegistrationCallback& callback) {
76 DCHECK(!oauth2_refresh_token.empty());
78 // Create a new CloudPolicyClient for fetching the DMToken.
79 scoped_ptr<CloudPolicyClient> policy_client = CreateClientForRegistrationOnly(
82 callback.Run(std::string(), std::string());
86 // Fire off the registration process. Callback keeps the CloudPolicyClient
87 // alive for the length of the registration process. Use the system
88 // request context because the user is not signed in to this profile yet
89 // (we are just doing a test registration to see if policy is supported for
91 registration_helper_.reset(new CloudPolicyClientRegistrationHelper(
93 enterprise_management::DeviceRegisterRequest::BROWSER));
94 registration_helper_->StartRegistrationWithLoginToken(
96 base::Bind(&UserPolicySigninService::CallPolicyRegistrationCallback,
97 base::Unretained(this),
98 base::Passed(&policy_client),
102 void UserPolicySigninService::CallPolicyRegistrationCallback(
103 scoped_ptr<CloudPolicyClient> client,
104 PolicyRegistrationCallback callback) {
105 registration_helper_.reset();
106 callback.Run(client->dm_token(), client->client_id());
109 void UserPolicySigninService::OnRefreshTokenAvailable(
110 const std::string& account_id) {
111 // TODO(vadimt): Remove ScopedTracker below once crbug.com/422460 is fixed.
112 tracked_objects::ScopedTracker tracking_profile(
113 FROM_HERE_WITH_EXPLICIT_FUNCTION(
114 "422460 UserPolicySigninService::OnRefreshTokenAvailable"));
116 // If using a TestingProfile with no UserCloudPolicyManager, skip
118 if (!policy_manager()) {
119 DVLOG(1) << "Skipping initialization for tests due to missing components.";
123 // Ignore OAuth tokens for any account but the primary one.
124 if (account_id != signin_manager()->GetAuthenticatedAccountId())
127 // ProfileOAuth2TokenService now has a refresh token so initialize the
128 // UserCloudPolicyManager.
129 InitializeForSignedInUser(signin_manager()->GetAuthenticatedUsername(),
130 profile_->GetRequestContext());
133 void UserPolicySigninService::InitializeUserCloudPolicyManager(
134 const std::string& username,
135 scoped_ptr<CloudPolicyClient> client) {
136 UserPolicySigninServiceBase::InitializeUserCloudPolicyManager(username,
138 ProhibitSignoutIfNeeded();
141 void UserPolicySigninService::ShutdownUserCloudPolicyManager() {
142 UserCloudPolicyManager* manager = policy_manager();
143 // Allow the user to signout again.
145 signin_manager()->ProhibitSignout(false);
146 UserPolicySigninServiceBase::ShutdownUserCloudPolicyManager();
149 void UserPolicySigninService::OnInitializationCompleted(
150 CloudPolicyService* service) {
151 UserCloudPolicyManager* manager = policy_manager();
152 DCHECK_EQ(service, manager->core()->service());
153 DCHECK(service->IsInitializationComplete());
154 // The service is now initialized - if the client is not yet registered, then
155 // it means that there is no cached policy and so we need to initiate a new
156 // client registration.
157 DVLOG_IF(1, manager->IsClientRegistered())
158 << "Client already registered - not fetching DMToken";
159 if (!manager->IsClientRegistered()) {
160 if (!oauth2_token_service_->RefreshTokenIsAvailable(
161 signin_manager()->GetAuthenticatedAccountId())) {
162 // No token yet - this class listens for OnRefreshTokenAvailable()
163 // and will re-attempt registration once the token is available.
164 DLOG(WARNING) << "No OAuth Refresh Token - delaying policy download";
167 RegisterCloudPolicyService();
169 // If client is registered now, prohibit signout.
170 ProhibitSignoutIfNeeded();
173 void UserPolicySigninService::RegisterCloudPolicyService() {
174 DCHECK(!policy_manager()->IsClientRegistered());
175 DVLOG(1) << "Fetching new DM Token";
176 // Do nothing if already starting the registration process.
177 if (registration_helper_)
180 // Start the process of registering the CloudPolicyClient. Once it completes,
181 // policy fetch will automatically happen.
182 registration_helper_.reset(new CloudPolicyClientRegistrationHelper(
183 policy_manager()->core()->client(),
184 enterprise_management::DeviceRegisterRequest::BROWSER));
185 registration_helper_->StartRegistration(
186 oauth2_token_service_,
187 signin_manager()->GetAuthenticatedAccountId(),
188 base::Bind(&UserPolicySigninService::OnRegistrationComplete,
189 base::Unretained(this)));
192 void UserPolicySigninService::OnRegistrationComplete() {
193 ProhibitSignoutIfNeeded();
194 registration_helper_.reset();
197 void UserPolicySigninService::ProhibitSignoutIfNeeded() {
198 if (policy_manager()->IsClientRegistered()) {
199 DVLOG(1) << "User is registered for policy - prohibiting signout";
200 signin_manager()->ProhibitSignout(true);
204 } // namespace policy