#include "chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.h"
+#include "base/bind.h"
#include "base/logging.h"
#include "base/metrics/histogram.h"
#include "base/strings/utf_string_conversions.h"
#include "base/values.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/browser_shutdown.h"
-#include "chrome/browser/chromeos/login/ui/login_display_host_impl.h"
#include "chrome/browser/chromeos/login/ui/user_adding_screen.h"
-#include "chrome/browser/chromeos/login/users/user_manager.h"
+#include "chrome/browser/chromeos/policy/consumer_management_service.h"
#include "chrome/browser/chromeos/profiles/profile_helper.h"
#include "chrome/browser/chromeos/settings/cros_settings.h"
#include "chrome/browser/io_thread.h"
#include "chrome/browser/ui/webui/chromeos/login/signin_screen_handler.h"
+#include "chrome/browser/ui/webui/signin/inline_login_ui.h"
#include "chromeos/chromeos_switches.h"
#include "chromeos/settings/cros_settings_names.h"
+#include "components/user_manager/user_manager.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/render_frame_host.h"
#include "google_apis/gaia/gaia_auth_util.h"
namespace {
const char kJsScreenPath[] = "login.GaiaSigninScreen";
+const char kAuthIframeParentName[] = "signin-frame";
+const char kAuthIframeParentOrigin[] =
+ "chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/";
-void UpdateAuthParams(base::DictionaryValue* params, bool has_users) {
+void UpdateAuthParams(base::DictionaryValue* params,
+ bool has_users,
+ bool is_enrolling_consumer_management) {
CrosSettings* cros_settings = CrosSettings::Get();
bool allow_new_user = true;
cros_settings->GetBoolean(kAccountsPrefAllowNewUser, &allow_new_user);
params->SetBoolean("createAccount", allow_new_user && allow_guest);
params->SetBoolean("guestSignin", allow_guest);
- // Allow locally managed user creation only if:
+ // Allow supervised user creation only if:
// 1. Enterprise managed device > is allowed by policy.
// 2. Consumer device > owner exists.
// 3. New users are allowed by owner.
// 4. Supervised users are allowed by owner.
- bool managed_users_allowed =
- UserManager::Get()->AreLocallyManagedUsersAllowed();
- bool managed_users_can_create = true;
+ bool supervised_users_allowed =
+ user_manager::UserManager::Get()->AreSupervisedUsersAllowed();
+ bool supervised_users_can_create = true;
int message_id = -1;
if (!has_users) {
- managed_users_can_create = false;
- message_id = IDS_CREATE_LOCALLY_MANAGED_USER_NO_MANAGER_TEXT;
+ supervised_users_can_create = false;
+ message_id = IDS_CREATE_SUPERVISED_USER_NO_MANAGER_TEXT;
}
- if (!allow_new_user || !managed_users_allowed) {
- managed_users_can_create = false;
- message_id = IDS_CREATE_LOCALLY_MANAGED_USER_CREATION_RESTRICTED_TEXT;
+ if (!allow_new_user || !supervised_users_allowed) {
+ supervised_users_can_create = false;
+ message_id = IDS_CREATE_SUPERVISED_USER_CREATION_RESTRICTED_TEXT;
}
- params->SetBoolean("managedUsersEnabled", managed_users_allowed);
- params->SetBoolean("managedUsersCanCreate", managed_users_can_create);
- if (!managed_users_can_create) {
- params->SetString("managedUsersRestrictionReason",
+ params->SetBoolean("supervisedUsersEnabled", supervised_users_allowed);
+ params->SetBoolean("supervisedUsersCanCreate", supervised_users_can_create);
+ if (!supervised_users_can_create) {
+ params->SetString("supervisedUsersRestrictionReason",
l10n_util::GetStringUTF16(message_id));
}
// Now check whether we're in multi-profiles user adding scenario and
// disable GAIA right panel features if that's the case.
- if (UserAddingScreen::Get()->IsRunning()) {
+ // For consumer management enrollment, we also hide all right panel components
+ // and show only an enrollment message.
+ if (UserAddingScreen::Get()->IsRunning() ||
+ is_enrolling_consumer_management) {
params->SetBoolean("createAccount", false);
params->SetBoolean("guestSignin", false);
- params->SetBoolean("managedUsersEnabled", false);
+ params->SetBoolean("supervisedUsersEnabled", false);
}
}
has_users(false) {}
GaiaScreenHandler::GaiaScreenHandler(
- const scoped_refptr<NetworkStateInformer>& network_state_informer)
+ const scoped_refptr<NetworkStateInformer>& network_state_informer,
+ policy::ConsumerManagementService* consumer_management)
: BaseScreenHandler(kJsScreenPath),
frame_state_(FRAME_STATE_UNKNOWN),
frame_error_(net::OK),
network_state_informer_(network_state_informer),
+ consumer_management_(consumer_management),
dns_cleared_(false),
dns_clear_task_running_(false),
cookies_cleared_(false),
focus_stolen_(false),
gaia_silent_load_(false),
using_saml_api_(false),
+ is_enrolling_consumer_management_(false),
test_expects_complete_login_(false),
signin_screen_handler_(NULL),
weak_factory_(this) {
void GaiaScreenHandler::LoadGaia(const GaiaContext& context) {
base::DictionaryValue params;
+ const bool is_enrolling_consumer_management =
+ context.is_enrolling_consumer_management;
params.SetBoolean("forceReload", context.force_reload);
params.SetBoolean("isLocal", context.is_local);
params.SetBoolean("isShowUsers", context.show_users);
params.SetBoolean("useOffline", context.use_offline);
params.SetString("email", context.email);
+ params.SetBoolean("isEnrollingConsumerManagement",
+ is_enrolling_consumer_management);
- UpdateAuthParams(¶ms, context.has_users);
+ UpdateAuthParams(¶ms,
+ context.has_users,
+ is_enrolling_consumer_management);
if (!context.use_offline) {
const std::string app_locale = g_browser_process->GetApplicationLocale();
void GaiaScreenHandler::UpdateGaia(const GaiaContext& context) {
base::DictionaryValue params;
- UpdateAuthParams(¶ms, context.has_users);
+ UpdateAuthParams(¶ms, context.has_users,
+ context.is_enrolling_consumer_management);
CallJS("updateAuthExtension", params);
}
-void GaiaScreenHandler::ReloadGaia() {
- if (frame_state_ == FRAME_STATE_LOADING)
+void GaiaScreenHandler::ReloadGaia(bool force_reload) {
+ if (frame_state_ == FRAME_STATE_LOADING && !force_reload) {
+ VLOG(1) << "Skipping reloading of Gaia since gaia is loading.";
return;
+ }
NetworkStateInformer::State state = network_state_informer_->state();
if (state != NetworkStateInformer::ONLINE) {
- LOG(WARNING) << "Skipping reloading of Gaia since "
- << "network state="
- << NetworkStateInformer::StatusString(state);
+ VLOG(1) << "Skipping reloading of Gaia since network state="
+ << NetworkStateInformer::StatusString(state);
return;
}
- LOG(WARNING) << "Reloading Gaia.";
+ VLOG(1) << "Reloading Gaia.";
frame_state_ = FRAME_STATE_LOADING;
CallJS("doReload");
}
IDS_SIGNIN_SCREEN_PASSWORD_CHANGED);
builder->Add("createAccount", IDS_CREATE_ACCOUNT_HTML);
builder->Add("guestSignin", IDS_BROWSE_WITHOUT_SIGNING_IN_HTML);
- builder->Add("createLocallyManagedUser",
- IDS_CREATE_LOCALLY_MANAGED_USER_HTML);
- builder->Add("createManagedUserFeatureName",
- IDS_CREATE_LOCALLY_MANAGED_USER_FEATURE_NAME);
+ builder->Add("createSupervisedUser",
+ IDS_CREATE_SUPERVISED_USER_HTML);
+ builder->Add("createSupervisedUserFeatureName",
+ IDS_CREATE_SUPERVISED_USER_FEATURE_NAME);
+ builder->Add("consumerManagementEnrollmentSigninMessage",
+ IDS_LOGIN_CONSUMER_MANAGEMENT_ENROLLMENT);
// Strings used by the SAML fatal error dialog.
builder->Add("fatalErrorMessageNoEmail", IDS_LOGIN_FATAL_ERROR_NO_EMAIL);
void GaiaScreenHandler::HandleCompleteLogin(const std::string& typed_email,
const std::string& password,
bool using_saml) {
- if (!Delegate())
+ if (!is_enrolling_consumer_management_) {
+ DoCompleteLogin(typed_email, password, using_saml);
return;
+ }
- if (using_saml && !using_saml_api_)
- RecordSAMLScrapingVerificationResultInHistogram(true);
-
- const std::string sanitized_email = gaia::SanitizeEmail(typed_email);
- Delegate()->SetDisplayEmail(sanitized_email);
- UserContext user_context(sanitized_email);
- user_context.SetKey(Key(password));
- user_context.SetAuthFlow(using_saml
- ? UserContext::AUTH_FLOW_GAIA_WITH_SAML
- : UserContext::AUTH_FLOW_GAIA_WITHOUT_SAML);
- Delegate()->CompleteLogin(user_context);
-
- if (test_expects_complete_login_) {
- VLOG(2) << "Complete test login for " << typed_email
- << ", requested=" << test_user_;
-
- test_expects_complete_login_ = false;
- test_user_.clear();
- test_pass_.clear();
+ // Consumer management enrollment is in progress.
+ const std::string owner_email =
+ user_manager::UserManager::Get()->GetOwnerEmail();
+ if (typed_email != owner_email) {
+ // Show Gaia sign-in screen again, since we only allow the owner to sign
+ // in.
+ populated_email_ = owner_email;
+ ShowGaia(is_enrolling_consumer_management_);
+ return;
}
+
+ CHECK(consumer_management_);
+ consumer_management_->SetOwner(owner_email,
+ base::Bind(&GaiaScreenHandler::OnSetOwnerDone,
+ weak_factory_.GetWeakPtr(),
+ typed_email,
+ password,
+ using_saml));
}
void GaiaScreenHandler::HandleUsingSAMLAPI() {
focus_stolen_ = false;
const char code[] =
"if (typeof gWindowOnLoad != 'undefined') gWindowOnLoad();";
- content::RenderFrameHost* frame =
- LoginDisplayHostImpl::GetGaiaAuthIframe(web_ui()->GetWebContents());
+ content::RenderFrameHost* frame = InlineLoginUI::GetAuthIframe(
+ web_ui()->GetWebContents(),
+ GURL(kAuthIframeParentOrigin),
+ kAuthIframeParentName);
frame->ExecuteJavaScript(base::ASCIIToUTF16(code));
}
if (gaia_silent_load_) {
const char code[] =
"var gWindowOnLoad = window.onload; "
"window.onload=function() {};";
- content::RenderFrameHost* frame =
- LoginDisplayHostImpl::GetGaiaAuthIframe(web_ui()->GetWebContents());
+ content::RenderFrameHost* frame = InlineLoginUI::GetAuthIframe(
+ web_ui()->GetWebContents(),
+ GURL(kAuthIframeParentOrigin),
+ kAuthIframeParentName);
frame->ExecuteJavaScript(base::ASCIIToUTF16(code));
// As we could miss and window.onload could already be called, restore
SubmitLoginFormForTest();
}
+void GaiaScreenHandler::OnSetOwnerDone(const std::string& typed_email,
+ const std::string& password,
+ bool using_saml,
+ bool success) {
+ if (!success) {
+ LOG(ERROR) << "Failed to write owner e-mail to boot lockbox.";
+ CHECK(consumer_management_);
+ consumer_management_->SetEnrollmentState(
+ policy::ConsumerManagementService::ENROLLMENT_BOOT_LOCKBOX_FAILED);
+ // We should continue loggin in the user, as there's not much we can do
+ // here.
+ }
+ DoCompleteLogin(typed_email, password, using_saml);
+}
+
+void GaiaScreenHandler::DoCompleteLogin(const std::string& typed_email,
+ const std::string& password,
+ bool using_saml) {
+ if (!Delegate())
+ return;
+
+ if (using_saml && !using_saml_api_)
+ RecordSAMLScrapingVerificationResultInHistogram(true);
+
+ const std::string sanitized_email = gaia::SanitizeEmail(typed_email);
+ Delegate()->SetDisplayEmail(sanitized_email);
+ UserContext user_context(sanitized_email);
+ user_context.SetKey(Key(password));
+ user_context.SetAuthFlow(using_saml
+ ? UserContext::AUTH_FLOW_GAIA_WITH_SAML
+ : UserContext::AUTH_FLOW_GAIA_WITHOUT_SAML);
+ Delegate()->CompleteLogin(user_context);
+
+ if (test_expects_complete_login_) {
+ VLOG(2) << "Complete test login for " << typed_email
+ << ", requested=" << test_user_;
+
+ test_expects_complete_login_ = false;
+ test_user_.clear();
+ test_pass_.clear();
+ }
+}
+
void GaiaScreenHandler::PopulateEmail(const std::string& user_id) {
populated_email_ = user_id;
}
void GaiaScreenHandler::StartClearingCookies(
const base::Closure& on_clear_callback) {
cookies_cleared_ = false;
- ProfileHelper* profile_helper =
- g_browser_process->platform_part()->profile_helper();
+ ProfileHelper* profile_helper = ProfileHelper::Get();
LOG_ASSERT(Profile::FromWebUI(web_ui()) ==
profile_helper->GetSigninProfile());
profile_helper->ClearSigninProfile(
void GaiaScreenHandler::ShowSigninScreenForCreds(const std::string& username,
const std::string& password) {
VLOG(2) << "ShowSigninScreenForCreds for user " << username
- << ", frame_state=" << FrameState();
+ << ", frame_state=" << frame_state();
test_user_ = username;
test_pass_ = password;
// Submit login form for test if gaia is ready. If gaia is loading, login
// will be attempted in HandleLoginWebuiReady after gaia is ready. Otherwise,
// reload gaia then follow the loading case.
- if (FrameState() == GaiaScreenHandler::FRAME_STATE_LOADED)
+ if (frame_state() == GaiaScreenHandler::FRAME_STATE_LOADED) {
SubmitLoginFormForTest();
- else if (FrameState() != GaiaScreenHandler::FRAME_STATE_LOADING) {
+ } else if (frame_state() != GaiaScreenHandler::FRAME_STATE_LOADING) {
DCHECK(signin_screen_handler_);
signin_screen_handler_->OnShowAddUser();
}
code += "document.getElementById('Passwd').value = '" + test_pass_ + "';";
code += "document.getElementById('signIn').click();";
- content::RenderFrameHost* frame =
- LoginDisplayHostImpl::GetGaiaAuthIframe(web_ui()->GetWebContents());
+ content::RenderFrameHost* frame = InlineLoginUI::GetAuthIframe(
+ web_ui()->GetWebContents(),
+ GURL(kAuthIframeParentOrigin),
+ kAuthIframeParentName);
frame->ExecuteJavaScript(base::ASCIIToUTF16(code));
// Test properties are cleared in HandleCompleteLogin because the form
UMA_HISTOGRAM_BOOLEAN("ChromeOS.SAML.APIUsed", api_used);
}
-void GaiaScreenHandler::ShowGaia() {
+void GaiaScreenHandler::ShowGaia(bool is_enrolling_consumer_management) {
+ is_enrolling_consumer_management_ = is_enrolling_consumer_management;
if (gaia_silent_load_ && populated_email_.empty()) {
dns_cleared_ = true;
cookies_cleared_ = true;
}
void GaiaScreenHandler::MaybePreloadAuthExtension() {
- LOG(WARNING) << "MaybePreloadAuthExtension() call.";
+ VLOG(1) << "MaybePreloadAuthExtension() call.";
// If cookies clearing was initiated or |dns_clear_task_running_| then auth
// extension showing has already been initiated and preloading is senseless.
password_changed_for_.count(populated_email_);
context.use_offline = offline;
context.email = populated_email_;
+ context.is_enrolling_consumer_management = is_enrolling_consumer_management_;
if (Delegate()) {
context.show_users = Delegate()->IsShowUsers();
context.has_users = !Delegate()->GetUsers().empty();