1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.h"
6
7 #include <algorithm>
8
9 #include "base/bind.h"
10 #include "base/bind_helpers.h"
11 #include "base/compiler_specific.h"
12 #include "base/message_loop/message_loop.h"
13 #include "base/values.h"
14 #include "chrome/browser/browser_process.h"
15 #include "chrome/browser/browsing_data/browsing_data_helper.h"
16 #include "chrome/browser/browsing_data/browsing_data_remover.h"
17 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h"
18 #include "chrome/browser/profiles/profile.h"
19 #include "chrome/browser/ui/webui/chromeos/login/oobe_ui.h"
20 #include "components/policy/core/browser/cloud/message_util.h"
21 #include "content/public/browser/web_contents.h"
22 #include "google_apis/gaia/gaia_auth_fetcher.h"
23 #include "google_apis/gaia/gaia_auth_util.h"
24 #include "google_apis/gaia/gaia_constants.h"
25 #include "google_apis/gaia/gaia_urls.h"
26 #include "google_apis/gaia/google_service_auth_error.h"
27 #include "grit/chromium_strings.h"
28 #include "grit/generated_resources.h"
29 #include "ui/base/l10n/l10n_util.h"
30
31 namespace {
32
33 const char kJsScreenPath[] = "login.OAuthEnrollmentScreen";
34
35 // Start page of GAIA authentication extension.
36 const char kGaiaExtStartPage[] =
37 "chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/main.html";
38
39 // Enrollment step names.
40 const char kEnrollmentStepSignin[] = "signin";
41 const char kEnrollmentStepSuccess[] = "success";
42
43 // A helper class that takes care of asynchronously revoking a given token.
44 class TokenRevoker : public GaiaAuthConsumer {
45 public:
TokenRevoker()46 TokenRevoker()
47 : gaia_fetcher_(this,
48 GaiaConstants::kChromeOSSource,
49 g_browser_process->system_request_context()) {}
~TokenRevoker()50 virtual ~TokenRevoker() {}
51
Start(const std::string & token)52 void Start(const std::string& token) {
53 gaia_fetcher_.StartRevokeOAuth2Token(token);
54 }
55
56 // GaiaAuthConsumer:
OnOAuth2RevokeTokenCompleted()57 virtual void OnOAuth2RevokeTokenCompleted() OVERRIDE {
58 base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
59 }
60
61 private:
62 GaiaAuthFetcher gaia_fetcher_;
63
64 DISALLOW_COPY_AND_ASSIGN(TokenRevoker);
65 };
66
67 } // namespace
68
69 namespace chromeos {
70
71 // EnrollmentScreenHandler, public ------------------------------
72
EnrollmentScreenHandler()73 EnrollmentScreenHandler::EnrollmentScreenHandler()
74 : BaseScreenHandler(kJsScreenPath),
75 controller_(NULL),
76 show_on_init_(false),
77 is_auto_enrollment_(false),
78 can_exit_enrollment_(true),
79 browsing_data_remover_(NULL) {
80 set_async_assets_load_id(OobeUI::kScreenOobeEnrollment);
81 }
82
~EnrollmentScreenHandler()83 EnrollmentScreenHandler::~EnrollmentScreenHandler() {
84 if (browsing_data_remover_)
85 browsing_data_remover_->RemoveObserver(this);
86 }
87
88 // EnrollmentScreenHandler, WebUIMessageHandler implementation --
89
RegisterMessages()90 void EnrollmentScreenHandler::RegisterMessages() {
91 AddCallback("oauthEnrollClose",
92 &EnrollmentScreenHandler::HandleClose);
93 AddCallback("oauthEnrollCompleteLogin",
94 &EnrollmentScreenHandler::HandleCompleteLogin);
95 AddCallback("oauthEnrollRetry",
96 &EnrollmentScreenHandler::HandleRetry);
97 }
98
99 // EnrollmentScreenHandler
100 // EnrollmentScreenActor implementation -----------------------------------
101
SetParameters(Controller * controller,bool is_auto_enrollment,bool can_exit_enrollment,const std::string & user)102 void EnrollmentScreenHandler::SetParameters(Controller* controller,
103 bool is_auto_enrollment,
104 bool can_exit_enrollment,
105 const std::string& user) {
106 controller_ = controller;
107 is_auto_enrollment_ = is_auto_enrollment;
108 can_exit_enrollment_ = can_exit_enrollment;
109 if (is_auto_enrollment_)
110 user_ = user;
111 }
112
PrepareToShow()113 void EnrollmentScreenHandler::PrepareToShow() {
114 }
115
Show()116 void EnrollmentScreenHandler::Show() {
117 if (!page_is_ready())
118 show_on_init_ = true;
119 else
120 DoShow();
121 }
122
Hide()123 void EnrollmentScreenHandler::Hide() {
124 }
125
FetchOAuthToken()126 void EnrollmentScreenHandler::FetchOAuthToken() {
127 Profile* profile = Profile::FromWebUI(web_ui());
128 oauth_fetcher_.reset(
129 new policy::PolicyOAuth2TokenFetcher(
130 profile->GetRequestContext(),
131 g_browser_process->system_request_context(),
132 base::Bind(&EnrollmentScreenHandler::OnTokenFetched,
133 base::Unretained(this))));
134 oauth_fetcher_->Start();
135 }
136
ResetAuth(const base::Closure & callback)137 void EnrollmentScreenHandler::ResetAuth(const base::Closure& callback) {
138 auth_reset_callbacks_.push_back(callback);
139 if (browsing_data_remover_)
140 return;
141
142 if (oauth_fetcher_) {
143 if (!oauth_fetcher_->oauth2_access_token().empty())
144 (new TokenRevoker())->Start(oauth_fetcher_->oauth2_access_token());
145
146 if (!oauth_fetcher_->oauth2_refresh_token().empty())
147 (new TokenRevoker())->Start(oauth_fetcher_->oauth2_refresh_token());
148 }
149
150 Profile* profile = Profile::FromBrowserContext(
151 web_ui()->GetWebContents()->GetBrowserContext());
152 browsing_data_remover_ =
153 BrowsingDataRemover::CreateForUnboundedRange(profile);
154 browsing_data_remover_->AddObserver(this);
155 browsing_data_remover_->Remove(BrowsingDataRemover::REMOVE_SITE_DATA,
156 BrowsingDataHelper::UNPROTECTED_WEB);
157 }
158
ShowSigninScreen()159 void EnrollmentScreenHandler::ShowSigninScreen() {
160 ShowStep(kEnrollmentStepSignin);
161 }
162
ShowEnrollmentSpinnerScreen()163 void EnrollmentScreenHandler::ShowEnrollmentSpinnerScreen() {
164 ShowWorking(IDS_ENTERPRISE_ENROLLMENT_WORKING);
165 }
166
ShowLoginSpinnerScreen()167 void EnrollmentScreenHandler::ShowLoginSpinnerScreen() {
168 ShowWorking(IDS_ENTERPRISE_ENROLLMENT_RESUMING_LOGIN);
169 }
170
ShowAuthError(const GoogleServiceAuthError & error)171 void EnrollmentScreenHandler::ShowAuthError(
172 const GoogleServiceAuthError& error) {
173 switch (error.state()) {
174 case GoogleServiceAuthError::NONE:
175 case GoogleServiceAuthError::CAPTCHA_REQUIRED:
176 case GoogleServiceAuthError::TWO_FACTOR:
177 case GoogleServiceAuthError::HOSTED_NOT_ALLOWED:
178 case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS:
179 case GoogleServiceAuthError::REQUEST_CANCELED:
180 case GoogleServiceAuthError::UNEXPECTED_SERVICE_RESPONSE:
181 case GoogleServiceAuthError::SERVICE_ERROR:
182 ShowError(IDS_ENTERPRISE_ENROLLMENT_AUTH_FATAL_ERROR, false);
183 return;
184 case GoogleServiceAuthError::USER_NOT_SIGNED_UP:
185 case GoogleServiceAuthError::ACCOUNT_DELETED:
186 case GoogleServiceAuthError::ACCOUNT_DISABLED:
187 ShowError(IDS_ENTERPRISE_ENROLLMENT_AUTH_ACCOUNT_ERROR, true);
188 return;
189 case GoogleServiceAuthError::CONNECTION_FAILED:
190 case GoogleServiceAuthError::SERVICE_UNAVAILABLE:
191 ShowError(IDS_ENTERPRISE_ENROLLMENT_AUTH_NETWORK_ERROR, true);
192 return;
193 case GoogleServiceAuthError::NUM_STATES:
194 break;
195 }
196 NOTREACHED();
197 }
198
ShowUIError(UIError error)199 void EnrollmentScreenHandler::ShowUIError(UIError error) {
200 switch (error) {
201 case UI_ERROR_DOMAIN_MISMATCH:
202 ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_WRONG_USER, true);
203 return;
204 case UI_ERROR_AUTO_ENROLLMENT_BAD_MODE:
205 ShowError(IDS_ENTERPRISE_AUTO_ENROLLMENT_BAD_MODE, true);
206 return;
207 case UI_ERROR_FATAL:
208 ShowError(IDS_ENTERPRISE_ENROLLMENT_FATAL_ENROLLMENT_ERROR, true);
209 return;
210 }
211 NOTREACHED();
212 }
213
ShowEnrollmentStatus(policy::EnrollmentStatus status)214 void EnrollmentScreenHandler::ShowEnrollmentStatus(
215 policy::EnrollmentStatus status) {
216 switch (status.status()) {
217 case policy::EnrollmentStatus::STATUS_SUCCESS:
218 ShowStep(kEnrollmentStepSuccess);
219 return;
220 case policy::EnrollmentStatus::STATUS_REGISTRATION_FAILED:
221 // Some special cases for generating a nicer message that's more helpful.
222 switch (status.client_status()) {
223 case policy::DM_STATUS_SERVICE_MISSING_LICENSES:
224 ShowError(IDS_ENTERPRISE_ENROLLMENT_MISSING_LICENSES_ERROR, true);
225 break;
226 case policy::DM_STATUS_SERVICE_DEPROVISIONED:
227 ShowError(IDS_ENTERPRISE_ENROLLMENT_DEPROVISIONED_ERROR, true);
228 break;
229 case policy::DM_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED:
230 ShowError(IDS_ENTERPRISE_ENROLLMENT_ACCOUNT_ERROR, true);
231 break;
232 default:
233 ShowErrorMessage(
234 l10n_util::GetStringFUTF8(
235 IDS_ENTERPRISE_ENROLLMENT_STATUS_REGISTRATION_FAILED,
236 policy::FormatDeviceManagementStatus(status.client_status())),
237 true);
238 }
239 return;
240 case policy::EnrollmentStatus::STATUS_ROBOT_AUTH_FETCH_FAILED:
241 ShowError(IDS_ENTERPRISE_ENROLLMENT_ROBOT_AUTH_FETCH_FAILED, true);
242 return;
243 case policy::EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED:
244 ShowError(IDS_ENTERPRISE_ENROLLMENT_ROBOT_REFRESH_FETCH_FAILED, true);
245 return;
246 case policy::EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED:
247 ShowError(IDS_ENTERPRISE_ENROLLMENT_ROBOT_REFRESH_STORE_FAILED, true);
248 return;
249 case policy::EnrollmentStatus::STATUS_REGISTRATION_BAD_MODE:
250 ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_REGISTRATION_BAD_MODE, false);
251 return;
252 case policy::EnrollmentStatus::STATUS_POLICY_FETCH_FAILED:
253 ShowErrorMessage(
254 l10n_util::GetStringFUTF8(
255 IDS_ENTERPRISE_ENROLLMENT_STATUS_POLICY_FETCH_FAILED,
256 policy::FormatDeviceManagementStatus(status.client_status())),
257 true);
258 return;
259 case policy::EnrollmentStatus::STATUS_VALIDATION_FAILED:
260 ShowErrorMessage(
261 l10n_util::GetStringFUTF8(
262 IDS_ENTERPRISE_ENROLLMENT_STATUS_VALIDATION_FAILED,
263 policy::FormatValidationStatus(status.validation_status())),
264 true);
265 return;
266 case policy::EnrollmentStatus::STATUS_LOCK_ERROR:
267 ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_ERROR, false);
268 return;
269 case policy::EnrollmentStatus::STATUS_LOCK_TIMEOUT:
270 ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_TIMEOUT, false);
271 return;
272 case policy::EnrollmentStatus::STATUS_LOCK_WRONG_USER:
273 ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_WRONG_USER, true);
274 return;
275 case policy::EnrollmentStatus::STATUS_STORE_ERROR:
276 ShowErrorMessage(
277 l10n_util::GetStringFUTF8(
278 IDS_ENTERPRISE_ENROLLMENT_STATUS_STORE_ERROR,
279 policy::FormatStoreStatus(status.store_status(),
280 status.validation_status())),
281 true);
282 return;
283 }
284 NOTREACHED();
285 }
286
287 // EnrollmentScreenHandler BaseScreenHandler implementation -----
288
Initialize()289 void EnrollmentScreenHandler::Initialize() {
290 if (show_on_init_) {
291 Show();
292 show_on_init_ = false;
293 }
294 }
295
DeclareLocalizedValues(LocalizedValuesBuilder * builder)296 void EnrollmentScreenHandler::DeclareLocalizedValues(
297 LocalizedValuesBuilder* builder) {
298 builder->Add("oauthEnrollScreenTitle",
299 IDS_ENTERPRISE_ENROLLMENT_SCREEN_TITLE);
300 builder->Add("oauthEnrollRetry", IDS_ENTERPRISE_ENROLLMENT_RETRY);
301 builder->Add("oauthEnrollCancel", IDS_ENTERPRISE_ENROLLMENT_CANCEL);
302 builder->Add("oauthEnrollDone", IDS_ENTERPRISE_ENROLLMENT_DONE);
303 builder->Add("oauthEnrollSuccess", IDS_ENTERPRISE_ENROLLMENT_SUCCESS);
304 builder->Add("oauthEnrollExplain", IDS_ENTERPRISE_ENROLLMENT_EXPLAIN);
305 builder->Add("oauthEnrollExplainLink",
306 IDS_ENTERPRISE_ENROLLMENT_EXPLAIN_LINK);
307 builder->Add("oauthEnrollExplainButton",
308 IDS_ENTERPRISE_ENROLLMENT_EXPLAIN_BUTTON);
309 builder->Add("oauthEnrollCancelAutoEnrollmentReally",
310 IDS_ENTERPRISE_ENROLLMENT_CANCEL_AUTO_REALLY);
311 builder->Add("oauthEnrollCancelAutoEnrollmentConfirm",
312 IDS_ENTERPRISE_ENROLLMENT_CANCEL_AUTO_CONFIRM);
313 builder->Add("oauthEnrollCancelAutoEnrollmentGoBack",
314 IDS_ENTERPRISE_ENROLLMENT_CANCEL_AUTO_GO_BACK);
315 }
316
OnBrowsingDataRemoverDone()317 void EnrollmentScreenHandler::OnBrowsingDataRemoverDone() {
318 browsing_data_remover_->RemoveObserver(this);
319 browsing_data_remover_ = NULL;
320
321 std::vector<base::Closure> callbacks_to_run;
322 callbacks_to_run.swap(auth_reset_callbacks_);
323 for (std::vector<base::Closure>::iterator callback(callbacks_to_run.begin());
324 callback != callbacks_to_run.end(); ++callback) {
325 callback->Run();
326 }
327 }
328
329 // EnrollmentScreenHandler, private -----------------------------
330
HandleClose(const std::string & reason)331 void EnrollmentScreenHandler::HandleClose(const std::string& reason) {
332 if (!controller_) {
333 NOTREACHED();
334 return;
335 }
336
337 if (reason == "cancel" || reason == "autocancel")
338 controller_->OnCancel();
339 else if (reason == "done")
340 controller_->OnConfirmationClosed();
341 else
342 NOTREACHED();
343 }
344
HandleCompleteLogin(const std::string & user)345 void EnrollmentScreenHandler::HandleCompleteLogin(const std::string& user) {
346 if (!controller_) {
347 NOTREACHED();
348 return;
349 }
350 controller_->OnLoginDone(gaia::SanitizeEmail(user));
351 }
352
HandleRetry()353 void EnrollmentScreenHandler::HandleRetry() {
354 if (!controller_) {
355 NOTREACHED();
356 return;
357 }
358 controller_->OnRetry();
359 }
360
ShowStep(const char * step)361 void EnrollmentScreenHandler::ShowStep(const char* step) {
362 CallJS("showStep", std::string(step));
363 }
364
ShowError(int message_id,bool retry)365 void EnrollmentScreenHandler::ShowError(int message_id, bool retry) {
366 ShowErrorMessage(l10n_util::GetStringUTF8(message_id), retry);
367 }
368
ShowErrorMessage(const std::string & message,bool retry)369 void EnrollmentScreenHandler::ShowErrorMessage(const std::string& message,
370 bool retry) {
371 CallJS("showError", message, retry);
372 }
373
ShowWorking(int message_id)374 void EnrollmentScreenHandler::ShowWorking(int message_id) {
375 CallJS("showWorking", l10n_util::GetStringUTF16(message_id));
376 }
377
OnTokenFetched(const std::string & token,const GoogleServiceAuthError & error)378 void EnrollmentScreenHandler::OnTokenFetched(
379 const std::string& token,
380 const GoogleServiceAuthError& error) {
381 if (!controller_)
382 return;
383
384 if (error.state() != GoogleServiceAuthError::NONE)
385 controller_->OnAuthError(error);
386 else
387 controller_->OnOAuthTokenAvailable(token);
388 }
389
DoShow()390 void EnrollmentScreenHandler::DoShow() {
391 DictionaryValue screen_data;
392 screen_data.SetString("signin_url", kGaiaExtStartPage);
393 screen_data.SetString("gaiaUrl", GaiaUrls::GetInstance()->gaia_url().spec());
394 screen_data.SetBoolean("is_auto_enrollment", is_auto_enrollment_);
395 screen_data.SetBoolean("prevent_cancellation", !can_exit_enrollment_);
396
397 ShowScreen(OobeUI::kScreenOobeEnrollment, &screen_data);
398 }
399
400 } // namespace chromeos
401