#include "chrome/browser/chrome_notification_types.h"
#include "chrome/browser/chromeos/boot_times_loader.h"
#include "chrome/browser/chromeos/login/login_utils.h"
-#include "chrome/browser/chromeos/login/managed/locally_managed_user_login_flow.h"
+#include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h"
+#include "chrome/browser/chromeos/login/managed/supervised_user_login_flow.h"
+#include "chrome/browser/chromeos/login/supervised_user_manager.h"
#include "chrome/browser/chromeos/login/user_manager.h"
+#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
#include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
+#include "chrome/browser/chromeos/policy/wildcard_login_checker.h"
#include "chrome/browser/chromeos/profiles/profile_helper.h"
#include "chrome/browser/chromeos/settings/cros_settings.h"
-#include "chrome/browser/policy/browser_policy_connector.h"
#include "chrome/common/pref_names.h"
#include "chromeos/dbus/dbus_thread_manager.h"
#include "chromeos/dbus/session_manager_client.h"
#include "ui/base/l10n/l10n_util.h"
#include "ui/base/resource/resource_bundle.h"
+using base::UserMetricsAction;
using content::BrowserThread;
-using content::UserMetricsAction;
namespace chromeos {
return;
}
- bool is_whitelisted = LoginUtils::IsWhitelisted(
- gaia::CanonicalizeEmail(user_context.username));
+ bool wildcard_match = false;
+ std::string email = gaia::CanonicalizeEmail(user_context.username);
+ bool is_whitelisted = LoginUtils::IsWhitelisted(email, &wildcard_match);
if (is_whitelisted) {
switch (auth_mode_) {
- case AUTH_MODE_EXTENSION:
- StartLoginCompletion();
+ case AUTH_MODE_EXTENSION: {
+ // On enterprise devices, reconfirm login permission with the server.
+ policy::BrowserPolicyConnectorChromeOS* connector =
+ g_browser_process->platform_part()
+ ->browser_policy_connector_chromeos();
+ if (connector->IsEnterpriseManaged() && wildcard_match &&
+ !connector->IsNonEnterpriseUser(email)) {
+ wildcard_login_checker_.reset(new policy::WildcardLoginChecker());
+ wildcard_login_checker_->Start(
+ ProfileHelper::GetSigninProfile()->GetRequestContext(),
+ base::Bind(&LoginPerformer::OnlineWildcardLoginCheckCompleted,
+ weak_factory_.GetWeakPtr()));
+ } else {
+ StartLoginCompletion();
+ }
break;
+ }
case AUTH_MODE_INTERNAL:
StartAuthentication();
break;
return;
}
- UserFlow* new_flow = new LocallyManagedUserLoginFlow(user_context.username);
+ SupervisedUserLoginFlow* new_flow =
+ new SupervisedUserLoginFlow(user_context.username);
new_flow->set_host(
UserManager::Get()->GetUserFlow(user_context.username)->host());
UserManager::Get()->SetUserFlow(user_context.username, new_flow);
+ SupervisedUserAuthentication* authentication = UserManager::Get()->
+ GetSupervisedUserManager()->GetAuthentication();
+
+ if (authentication->PasswordNeedsMigration(user_context.username)) {
+ authentication->SchedulePasswordMigration(user_context.username,
+ user_context.password,
+ new_flow);
+ }
+
+ UserContext user_context_copy(
+ user_context.username,
+ user_context.password,
+ user_context.auth_code,
+ user_context.username_hash,
+ user_context.using_oauth,
+ user_context.auth_flow);
+
+ user_context_copy.password = authentication->TransformPassword(
+ user_context_copy.username,
+ user_context_copy.password);
+
authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
BrowserThread::PostTask(
BrowserThread::UI, FROM_HERE,
base::Bind(&Authenticator::LoginAsLocallyManagedUser,
authenticator_.get(),
- user_context));
+ user_context_copy));
}
void LoginPerformer::LoginRetailMode() {
void LoginPerformer::LoginAsPublicAccount(const std::string& username) {
// Login is not allowed if policy could not be loaded for the account.
+ policy::BrowserPolicyConnectorChromeOS* connector =
+ g_browser_process->platform_part()->browser_policy_connector_chromeos();
policy::DeviceLocalAccountPolicyService* policy_service =
- g_browser_process->browser_policy_connector()->
- GetDeviceLocalAccountPolicyService();
+ connector->GetDeviceLocalAccountPolicyService();
if (!policy_service || !policy_service->IsPolicyAvailableForUser(username)) {
DCHECK(delegate_);
if (delegate_)
username));
}
-void LoginPerformer::LoginAsKioskAccount(const std::string& app_user_id) {
+void LoginPerformer::LoginAsKioskAccount(
+ const std::string& app_user_id, bool force_ephemeral) {
authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
BrowserThread::PostTask(
BrowserThread::UI, FROM_HERE,
base::Bind(&Authenticator::LoginAsKioskAccount, authenticator_.get(),
- app_user_id));
+ app_user_id, force_ephemeral));
}
void LoginPerformer::RecoverEncryptedData(const std::string& old_password) {
user_context_.auth_code.clear();
}
+void LoginPerformer::OnlineWildcardLoginCheckCompleted(bool result) {
+ if (result) {
+ StartLoginCompletion();
+ } else {
+ if (delegate_)
+ delegate_->WhiteListCheckFailed(user_context_.username);
+ }
+}
+
} // namespace chromeos