user_policy_signin_service.cc revision e5d81f57cb97b3b6b7fccc9c5610d21eb81db09d
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/policy/cloud/user_policy_signin_service.h" 6 7#include "base/bind.h" 8#include "base/bind_helpers.h" 9#include "base/callback.h" 10#include "chrome/browser/browser_process.h" 11#include "chrome/browser/chrome_notification_types.h" 12#include "chrome/browser/profiles/profile.h" 13#include "chrome/browser/profiles/profile_manager.h" 14#include "chrome/browser/signin/profile_oauth2_token_service_factory.h" 15#include "components/policy/core/common/cloud/cloud_policy_client_registration_helper.h" 16#include "components/policy/core/common/cloud/user_cloud_policy_manager.h" 17#include "components/signin/core/browser/profile_oauth2_token_service.h" 18#include "components/signin/core/browser/signin_manager.h" 19#include "content/public/browser/notification_details.h" 20#include "content/public/browser/notification_source.h" 21#include "google_apis/gaia/gaia_constants.h" 22#include "net/url_request/url_request_context_getter.h" 23 24namespace policy { 25 26UserPolicySigninService::UserPolicySigninService( 27 Profile* profile, 28 PrefService* local_state, 29 DeviceManagementService* device_management_service, 30 UserCloudPolicyManager* policy_manager, 31 SigninManager* signin_manager, 32 scoped_refptr<net::URLRequestContextGetter> system_request_context, 33 ProfileOAuth2TokenService* token_service) 34 : UserPolicySigninServiceBase(profile, 35 local_state, 36 device_management_service, 37 policy_manager, 38 signin_manager, 39 system_request_context), 40 profile_(profile), 41 oauth2_token_service_(token_service) { 42 // ProfileOAuth2TokenService should not yet have loaded its tokens since this 43 // happens in the background after PKS initialization - so this service 44 // should always be created before the oauth token is available. 45 DCHECK(!oauth2_token_service_->RefreshTokenIsAvailable( 46 signin_manager->GetAuthenticatedAccountId())); 47 48 // Listen for an OAuth token to become available so we can register a client 49 // if for some reason the client is not already registered (for example, if 50 // the policy load failed during initial signin). 51 oauth2_token_service_->AddObserver(this); 52} 53 54UserPolicySigninService::~UserPolicySigninService() { 55} 56 57void UserPolicySigninService::PrepareForUserCloudPolicyManagerShutdown() { 58 // Stop any pending registration helper activity. We do this here instead of 59 // in the destructor because we want to shutdown the registration helper 60 // before UserCloudPolicyManager shuts down the CloudPolicyClient. 61 registration_helper_.reset(); 62 63 UserPolicySigninServiceBase::PrepareForUserCloudPolicyManagerShutdown(); 64} 65 66void UserPolicySigninService::Shutdown() { 67 UserPolicySigninServiceBase::Shutdown(); 68 oauth2_token_service_->RemoveObserver(this); 69} 70 71void UserPolicySigninService::RegisterForPolicy( 72 const std::string& username, 73 const std::string& oauth2_refresh_token, 74 const PolicyRegistrationCallback& callback) { 75 DCHECK(!oauth2_refresh_token.empty()); 76 77 // Create a new CloudPolicyClient for fetching the DMToken. 78 scoped_ptr<CloudPolicyClient> policy_client = CreateClientForRegistrationOnly( 79 username); 80 if (!policy_client) { 81 callback.Run(std::string(), std::string()); 82 return; 83 } 84 85 // Fire off the registration process. Callback keeps the CloudPolicyClient 86 // alive for the length of the registration process. Use the system 87 // request context because the user is not signed in to this profile yet 88 // (we are just doing a test registration to see if policy is supported for 89 // this user). 90 registration_helper_.reset(new CloudPolicyClientRegistrationHelper( 91 policy_client.get(), 92 enterprise_management::DeviceRegisterRequest::BROWSER)); 93 registration_helper_->StartRegistrationWithLoginToken( 94 oauth2_refresh_token, 95 base::Bind(&UserPolicySigninService::CallPolicyRegistrationCallback, 96 base::Unretained(this), 97 base::Passed(&policy_client), 98 callback)); 99} 100 101void UserPolicySigninService::CallPolicyRegistrationCallback( 102 scoped_ptr<CloudPolicyClient> client, 103 PolicyRegistrationCallback callback) { 104 registration_helper_.reset(); 105 callback.Run(client->dm_token(), client->client_id()); 106} 107 108void UserPolicySigninService::OnRefreshTokenAvailable( 109 const std::string& account_id) { 110 // If using a TestingProfile with no UserCloudPolicyManager, skip 111 // initialization. 112 if (!policy_manager()) { 113 DVLOG(1) << "Skipping initialization for tests due to missing components."; 114 return; 115 } 116 117 // Ignore OAuth tokens for any account but the primary one. 118 if (account_id != signin_manager()->GetAuthenticatedAccountId()) 119 return; 120 121 // ProfileOAuth2TokenService now has a refresh token so initialize the 122 // UserCloudPolicyManager. 123 InitializeForSignedInUser(signin_manager()->GetAuthenticatedUsername(), 124 profile_->GetRequestContext()); 125} 126 127void UserPolicySigninService::InitializeUserCloudPolicyManager( 128 const std::string& username, 129 scoped_ptr<CloudPolicyClient> client) { 130 UserPolicySigninServiceBase::InitializeUserCloudPolicyManager(username, 131 client.Pass()); 132 ProhibitSignoutIfNeeded(); 133} 134 135void UserPolicySigninService::ShutdownUserCloudPolicyManager() { 136 UserCloudPolicyManager* manager = policy_manager(); 137 // Allow the user to signout again. 138 if (manager) 139 signin_manager()->ProhibitSignout(false); 140 UserPolicySigninServiceBase::ShutdownUserCloudPolicyManager(); 141} 142 143void UserPolicySigninService::OnInitializationCompleted( 144 CloudPolicyService* service) { 145 UserCloudPolicyManager* manager = policy_manager(); 146 DCHECK_EQ(service, manager->core()->service()); 147 DCHECK(service->IsInitializationComplete()); 148 // The service is now initialized - if the client is not yet registered, then 149 // it means that there is no cached policy and so we need to initiate a new 150 // client registration. 151 DVLOG_IF(1, manager->IsClientRegistered()) 152 << "Client already registered - not fetching DMToken"; 153 if (!manager->IsClientRegistered()) { 154 if (!oauth2_token_service_->RefreshTokenIsAvailable( 155 signin_manager()->GetAuthenticatedAccountId())) { 156 // No token yet - this class listens for OnRefreshTokenAvailable() 157 // and will re-attempt registration once the token is available. 158 DLOG(WARNING) << "No OAuth Refresh Token - delaying policy download"; 159 return; 160 } 161 RegisterCloudPolicyService(); 162 } 163 // If client is registered now, prohibit signout. 164 ProhibitSignoutIfNeeded(); 165} 166 167void UserPolicySigninService::RegisterCloudPolicyService() { 168 DCHECK(!policy_manager()->IsClientRegistered()); 169 DVLOG(1) << "Fetching new DM Token"; 170 // Do nothing if already starting the registration process. 171 if (registration_helper_) 172 return; 173 174 // Start the process of registering the CloudPolicyClient. Once it completes, 175 // policy fetch will automatically happen. 176 registration_helper_.reset(new CloudPolicyClientRegistrationHelper( 177 policy_manager()->core()->client(), 178 enterprise_management::DeviceRegisterRequest::BROWSER)); 179 registration_helper_->StartRegistration( 180 oauth2_token_service_, 181 signin_manager()->GetAuthenticatedAccountId(), 182 base::Bind(&UserPolicySigninService::OnRegistrationComplete, 183 base::Unretained(this))); 184} 185 186void UserPolicySigninService::OnRegistrationComplete() { 187 ProhibitSignoutIfNeeded(); 188 registration_helper_.reset(); 189} 190 191void UserPolicySigninService::ProhibitSignoutIfNeeded() { 192 if (policy_manager()->IsClientRegistered()) { 193 DVLOG(1) << "User is registered for policy - prohibiting signout"; 194 signin_manager()->ProhibitSignout(true); 195 } 196} 197 198} // namespace policy 199