src/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.h"
   6
   7 #include <algorithm>
   8
   9 #include "base/bind.h"
  10 #include "base/bind_helpers.h"
  11 #include "base/compiler_specific.h"
  12 #include "base/message_loop/message_loop.h"
  13 #include "base/values.h"
  14 #include "chrome/browser/browser_process.h"
  15 #include "chrome/browser/browsing_data/browsing_data_helper.h"
  16 #include "chrome/browser/browsing_data/browsing_data_remover.h"
  17 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h"
  18 #include "chrome/browser/policy/cloud/message_util.h"
  19 #include "chrome/browser/profiles/profile.h"
  20 #include "chrome/browser/ui/webui/chromeos/login/oobe_ui.h"
  21 #include "content/public/browser/web_contents.h"
  22 #include "google_apis/gaia/gaia_auth_fetcher.h"
  23 #include "google_apis/gaia/gaia_auth_util.h"
  24 #include "google_apis/gaia/gaia_constants.h"
  25 #include "google_apis/gaia/gaia_urls.h"
  26 #include "google_apis/gaia/google_service_auth_error.h"
  27 #include "grit/chromium_strings.h"
  28 #include "grit/generated_resources.h"
  29 #include "ui/base/l10n/l10n_util.h"
  30
  31 namespace {
  32
  33 const char kJsScreenPath[] = "login.OAuthEnrollmentScreen";
  34
  35 // Start page of GAIA authentication extension.
  36 const char kGaiaExtStartPage[] =
  37     "chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/main.html";
  38
  39 // Enrollment step names.
  40 const char kEnrollmentStepSignin[] = "signin";
  41 const char kEnrollmentStepSuccess[] = "success";
  42
  43 // A helper class that takes care of asynchronously revoking a given token.
  44 class TokenRevoker : public GaiaAuthConsumer {
  45  public:
  46   TokenRevoker()
  47       : gaia_fetcher_(this,
  48                       GaiaConstants::kChromeOSSource,
  49                       g_browser_process->system_request_context()) {}
  50   virtual ~TokenRevoker() {}
  51
  52   void Start(const std::string& token) {
  53     gaia_fetcher_.StartRevokeOAuth2Token(token);
  54   }
  55
  56   // GaiaAuthConsumer:
  57   virtual void OnOAuth2RevokeTokenCompleted() OVERRIDE {
  58     base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
  59   }
  60
  61  private:
  62   GaiaAuthFetcher gaia_fetcher_;
  63
  64   DISALLOW_COPY_AND_ASSIGN(TokenRevoker);
  65 };
  66
  67 }  // namespace
  68
  69 namespace chromeos {
  70
  71 // EnrollmentScreenHandler, public ------------------------------
  72
  73 EnrollmentScreenHandler::EnrollmentScreenHandler()
  74     : BaseScreenHandler(kJsScreenPath),
  75       controller_(NULL),
  76       show_on_init_(false),
  77       is_auto_enrollment_(false),
  78       can_exit_enrollment_(true),
  79       browsing_data_remover_(NULL) {
  80 }
  81
  82 EnrollmentScreenHandler::~EnrollmentScreenHandler() {
  83   if (browsing_data_remover_)
  84     browsing_data_remover_->RemoveObserver(this);
  85 }
  86
  87 // EnrollmentScreenHandler, WebUIMessageHandler implementation --
  88
  89 void EnrollmentScreenHandler::RegisterMessages() {
  90   AddCallback("oauthEnrollClose",
  91               &EnrollmentScreenHandler::HandleClose);
  92   AddCallback("oauthEnrollCompleteLogin",
  93               &EnrollmentScreenHandler::HandleCompleteLogin);
  94   AddCallback("oauthEnrollRetry",
  95               &EnrollmentScreenHandler::HandleRetry);
  96 }
  97
  98 // EnrollmentScreenHandler
  99 //      EnrollmentScreenActor implementation -----------------------------------
 100
 101 void EnrollmentScreenHandler::SetParameters(Controller* controller,
 102                                             bool is_auto_enrollment,
 103                                             bool can_exit_enrollment,
 104                                             const std::string& user) {
 105   controller_ = controller;
 106   is_auto_enrollment_ = is_auto_enrollment;
 107   can_exit_enrollment_ = can_exit_enrollment;
 108   if (is_auto_enrollment_)
 109     user_ = user;
 110 }
 111
 112 void EnrollmentScreenHandler::PrepareToShow() {
 113 }
 114
 115 void EnrollmentScreenHandler::Show() {
 116   if (!page_is_ready())
 117     show_on_init_ = true;
 118   else
 119     DoShow();
 120 }
 121
 122 void EnrollmentScreenHandler::Hide() {
 123 }
 124
 125 void EnrollmentScreenHandler::FetchOAuthToken() {
 126   Profile* profile = Profile::FromWebUI(web_ui());
 127   oauth_fetcher_.reset(
 128       new policy::PolicyOAuth2TokenFetcher(
 129           profile->GetRequestContext(),
 130           g_browser_process->system_request_context(),
 131           base::Bind(&EnrollmentScreenHandler::OnTokenFetched,
 132                      base::Unretained(this))));
 133   oauth_fetcher_->Start();
 134 }
 135
 136 void EnrollmentScreenHandler::ResetAuth(const base::Closure& callback) {
 137   auth_reset_callbacks_.push_back(callback);
 138   if (browsing_data_remover_)
 139     return;
 140
 141   if (oauth_fetcher_) {
 142     if (!oauth_fetcher_->oauth2_access_token().empty())
 143       (new TokenRevoker())->Start(oauth_fetcher_->oauth2_access_token());
 144
 145     if (!oauth_fetcher_->oauth2_refresh_token().empty())
 146       (new TokenRevoker())->Start(oauth_fetcher_->oauth2_refresh_token());
 147   }
 148
 149   Profile* profile = Profile::FromBrowserContext(
 150       web_ui()->GetWebContents()->GetBrowserContext());
 151   browsing_data_remover_ =
 152       BrowsingDataRemover::CreateForUnboundedRange(profile);
 153   browsing_data_remover_->AddObserver(this);
 154   browsing_data_remover_->Remove(BrowsingDataRemover::REMOVE_SITE_DATA,
 155                                  BrowsingDataHelper::UNPROTECTED_WEB);
 156 }
 157
 158 void EnrollmentScreenHandler::ShowSigninScreen() {
 159   ShowStep(kEnrollmentStepSignin);
 160 }
 161
 162 void EnrollmentScreenHandler::ShowEnrollmentSpinnerScreen() {
 163   ShowWorking(IDS_ENTERPRISE_ENROLLMENT_WORKING);
 164 }
 165
 166 void EnrollmentScreenHandler::ShowLoginSpinnerScreen() {
 167   ShowWorking(IDS_ENTERPRISE_ENROLLMENT_RESUMING_LOGIN);
 168 }
 169
 170 void EnrollmentScreenHandler::ShowAuthError(
 171     const GoogleServiceAuthError& error) {
 172   switch (error.state()) {
 173     case GoogleServiceAuthError::NONE:
 174     case GoogleServiceAuthError::CAPTCHA_REQUIRED:
 175     case GoogleServiceAuthError::TWO_FACTOR:
 176     case GoogleServiceAuthError::HOSTED_NOT_ALLOWED:
 177     case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS:
 178     case GoogleServiceAuthError::REQUEST_CANCELED:
 179     case GoogleServiceAuthError::UNEXPECTED_SERVICE_RESPONSE:
 180     case GoogleServiceAuthError::SERVICE_ERROR:
 181       ShowError(IDS_ENTERPRISE_ENROLLMENT_AUTH_FATAL_ERROR, false);
 182       return;
 183     case GoogleServiceAuthError::USER_NOT_SIGNED_UP:
 184     case GoogleServiceAuthError::ACCOUNT_DELETED:
 185     case GoogleServiceAuthError::ACCOUNT_DISABLED:
 186       ShowError(IDS_ENTERPRISE_ENROLLMENT_AUTH_ACCOUNT_ERROR, true);
 187       return;
 188     case GoogleServiceAuthError::CONNECTION_FAILED:
 189     case GoogleServiceAuthError::SERVICE_UNAVAILABLE:
 190       ShowError(IDS_ENTERPRISE_ENROLLMENT_AUTH_NETWORK_ERROR, true);
 191       return;
 192     case GoogleServiceAuthError::NUM_STATES:
 193       break;
 194   }
 195   NOTREACHED();
 196 }
 197
 198 void EnrollmentScreenHandler::ShowUIError(UIError error) {
 199   switch (error) {
 200     case UI_ERROR_DOMAIN_MISMATCH:
 201       ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_WRONG_USER, true);
 202       return;
 203     case UI_ERROR_AUTO_ENROLLMENT_BAD_MODE:
 204       ShowError(IDS_ENTERPRISE_AUTO_ENROLLMENT_BAD_MODE, true);
 205       return;
 206     case UI_ERROR_FATAL:
 207       ShowError(IDS_ENTERPRISE_ENROLLMENT_FATAL_ENROLLMENT_ERROR, true);
 208       return;
 209   }
 210   NOTREACHED();
 211 }
 212
 213 void EnrollmentScreenHandler::ShowEnrollmentStatus(
 214     policy::EnrollmentStatus status) {
 215   switch (status.status()) {
 216     case policy::EnrollmentStatus::STATUS_SUCCESS:
 217       ShowStep(kEnrollmentStepSuccess);
 218       return;
 219     case policy::EnrollmentStatus::STATUS_REGISTRATION_FAILED:
 220       // Some special cases for generating a nicer message that's more helpful.
 221       switch (status.client_status()) {
 222         case policy::DM_STATUS_SERVICE_MISSING_LICENSES:
 223           ShowError(IDS_ENTERPRISE_ENROLLMENT_MISSING_LICENSES_ERROR, true);
 224           break;
 225         case policy::DM_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED:
 226           ShowError(IDS_ENTERPRISE_ENROLLMENT_ACCOUNT_ERROR, true);
 227           break;
 228         default:
 229           ShowErrorMessage(
 230               l10n_util::GetStringFUTF8(
 231                   IDS_ENTERPRISE_ENROLLMENT_STATUS_REGISTRATION_FAILED,
 232                   policy::FormatDeviceManagementStatus(status.client_status())),
 233               true);
 234       }
 235       return;
 236     case policy::EnrollmentStatus::STATUS_ROBOT_AUTH_FETCH_FAILED:
 237       ShowError(IDS_ENTERPRISE_ENROLLMENT_ROBOT_AUTH_FETCH_FAILED, true);
 238       return;
 239     case policy::EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED:
 240       ShowError(IDS_ENTERPRISE_ENROLLMENT_ROBOT_REFRESH_FETCH_FAILED, true);
 241       return;
 242     case policy::EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED:
 243       ShowError(IDS_ENTERPRISE_ENROLLMENT_ROBOT_REFRESH_STORE_FAILED, true);
 244       return;
 245     case policy::EnrollmentStatus::STATUS_REGISTRATION_BAD_MODE:
 246       ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_REGISTRATION_BAD_MODE, false);
 247       return;
 248     case policy::EnrollmentStatus::STATUS_POLICY_FETCH_FAILED:
 249       ShowErrorMessage(
 250           l10n_util::GetStringFUTF8(
 251               IDS_ENTERPRISE_ENROLLMENT_STATUS_POLICY_FETCH_FAILED,
 252               policy::FormatDeviceManagementStatus(status.client_status())),
 253           true);
 254       return;
 255     case policy::EnrollmentStatus::STATUS_VALIDATION_FAILED:
 256       ShowErrorMessage(
 257           l10n_util::GetStringFUTF8(
 258               IDS_ENTERPRISE_ENROLLMENT_STATUS_VALIDATION_FAILED,
 259               policy::FormatValidationStatus(status.validation_status())),
 260           true);
 261       return;
 262     case policy::EnrollmentStatus::STATUS_LOCK_ERROR:
 263       ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_ERROR, false);
 264       return;
 265     case policy::EnrollmentStatus::STATUS_LOCK_TIMEOUT:
 266       ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_TIMEOUT, false);
 267       return;
 268     case policy::EnrollmentStatus::STATUS_LOCK_WRONG_USER:
 269       ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_WRONG_USER, true);
 270       return;
 271     case policy::EnrollmentStatus::STATUS_STORE_ERROR:
 272       ShowErrorMessage(
 273           l10n_util::GetStringFUTF8(
 274               IDS_ENTERPRISE_ENROLLMENT_STATUS_STORE_ERROR,
 275               policy::FormatStoreStatus(status.store_status(),
 276                                         status.validation_status())),
 277           true);
 278       return;
 279   }
 280   NOTREACHED();
 281 }
 282
 283 // EnrollmentScreenHandler BaseScreenHandler implementation -----
 284
 285 void EnrollmentScreenHandler::Initialize() {
 286   if (show_on_init_) {
 287     Show();
 288     show_on_init_ = false;
 289   }
 290 }
 291
 292 void EnrollmentScreenHandler::DeclareLocalizedValues(
 293     LocalizedValuesBuilder* builder) {
 294   builder->Add("oauthEnrollScreenTitle",
 295                IDS_ENTERPRISE_ENROLLMENT_SCREEN_TITLE);
 296   builder->Add("oauthEnrollRetry", IDS_ENTERPRISE_ENROLLMENT_RETRY);
 297   builder->Add("oauthEnrollCancel", IDS_ENTERPRISE_ENROLLMENT_CANCEL);
 298   builder->Add("oauthEnrollDone", IDS_ENTERPRISE_ENROLLMENT_DONE);
 299   builder->Add("oauthEnrollSuccess", IDS_ENTERPRISE_ENROLLMENT_SUCCESS);
 300   builder->Add("oauthEnrollExplain", IDS_ENTERPRISE_ENROLLMENT_EXPLAIN);
 301   builder->Add("oauthEnrollExplainLink",
 302                IDS_ENTERPRISE_ENROLLMENT_EXPLAIN_LINK);
 303   builder->Add("oauthEnrollExplainButton",
 304                IDS_ENTERPRISE_ENROLLMENT_EXPLAIN_BUTTON);
 305   builder->Add("oauthEnrollCancelAutoEnrollmentReally",
 306                IDS_ENTERPRISE_ENROLLMENT_CANCEL_AUTO_REALLY);
 307   builder->Add("oauthEnrollCancelAutoEnrollmentConfirm",
 308                IDS_ENTERPRISE_ENROLLMENT_CANCEL_AUTO_CONFIRM);
 309   builder->Add("oauthEnrollCancelAutoEnrollmentGoBack",
 310                IDS_ENTERPRISE_ENROLLMENT_CANCEL_AUTO_GO_BACK);
 311 }
 312
 313 void EnrollmentScreenHandler::OnBrowsingDataRemoverDone() {
 314   browsing_data_remover_->RemoveObserver(this);
 315   browsing_data_remover_ = NULL;
 316
 317   std::vector<base::Closure> callbacks_to_run;
 318   callbacks_to_run.swap(auth_reset_callbacks_);
 319   for (std::vector<base::Closure>::iterator callback(callbacks_to_run.begin());
 320        callback != callbacks_to_run.end(); ++callback) {
 321     callback->Run();
 322   }
 323 }
 324
 325 // EnrollmentScreenHandler, private -----------------------------
 326
 327 void EnrollmentScreenHandler::HandleClose(const std::string& reason) {
 328   if (!controller_) {
 329     NOTREACHED();
 330     return;
 331   }
 332
 333   if (reason == "cancel" || reason == "autocancel")
 334     controller_->OnCancel();
 335   else if (reason == "done")
 336     controller_->OnConfirmationClosed();
 337   else
 338     NOTREACHED();
 339 }
 340
 341 void EnrollmentScreenHandler::HandleCompleteLogin(const std::string& user) {
 342   if (!controller_) {
 343     NOTREACHED();
 344     return;
 345   }
 346   controller_->OnLoginDone(gaia::SanitizeEmail(user));
 347 }
 348
 349 void EnrollmentScreenHandler::HandleRetry() {
 350   if (!controller_) {
 351     NOTREACHED();
 352     return;
 353   }
 354   controller_->OnRetry();
 355 }
 356
 357 void EnrollmentScreenHandler::ShowStep(const char* step) {
 358   CallJS("showStep", std::string(step));
 359 }
 360
 361 void EnrollmentScreenHandler::ShowError(int message_id, bool retry) {
 362   ShowErrorMessage(l10n_util::GetStringUTF8(message_id), retry);
 363 }
 364
 365 void EnrollmentScreenHandler::ShowErrorMessage(const std::string& message,
 366                                                bool retry) {
 367   CallJS("showError", message, retry);
 368 }
 369
 370 void EnrollmentScreenHandler::ShowWorking(int message_id) {
 371   CallJS("showWorking", l10n_util::GetStringUTF16(message_id));
 372 }
 373
 374 void EnrollmentScreenHandler::OnTokenFetched(
 375     const std::string& token,
 376     const GoogleServiceAuthError& error) {
 377   if (!controller_)
 378     return;
 379
 380   if (error.state() != GoogleServiceAuthError::NONE)
 381     controller_->OnAuthError(error);
 382   else
 383     controller_->OnOAuthTokenAvailable(token);
 384 }
 385
 386 void EnrollmentScreenHandler::DoShow() {
 387   DictionaryValue screen_data;
 388   screen_data.SetString("signin_url", kGaiaExtStartPage);
 389   screen_data.SetString("gaiaUrl", GaiaUrls::GetInstance()->gaia_url().spec());
 390   screen_data.SetBoolean("is_auto_enrollment", is_auto_enrollment_);
 391   screen_data.SetBoolean("prevent_cancellation", !can_exit_enrollment_);
 392
 393   ShowScreen(OobeUI::kScreenOobeEnrollment, &screen_data);
 394 }
 395
 396 }  // namespace chromeos