1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.h"
6
7 #include <algorithm>
8
9 #include "base/bind.h"
10 #include "base/bind_helpers.h"
11 #include "base/compiler_specific.h"
12 #include "base/macros.h"
13 #include "base/message_loop/message_loop.h"
14 #include "base/values.h"
15 #include "chrome/browser/browser_process.h"
16 #include "chrome/browser/browsing_data/browsing_data_helper.h"
17 #include "chrome/browser/browsing_data/browsing_data_remover.h"
18 #include "chrome/browser/chromeos/policy/policy_oauth2_token_fetcher.h"
19 #include "chrome/browser/profiles/profile.h"
20 #include "chrome/browser/ui/webui/chromeos/login/authenticated_user_email_retriever.h"
21 #include "chrome/browser/ui/webui/chromeos/login/oobe_ui.h"
22 #include "components/policy/core/browser/cloud/message_util.h"
23 #include "content/public/browser/web_contents.h"
24 #include "google_apis/gaia/gaia_auth_fetcher.h"
25 #include "google_apis/gaia/gaia_auth_util.h"
26 #include "google_apis/gaia/gaia_constants.h"
27 #include "google_apis/gaia/gaia_urls.h"
28 #include "google_apis/gaia/google_service_auth_error.h"
29 #include "grit/chromium_strings.h"
30 #include "grit/generated_resources.h"
31 #include "net/url_request/url_request_context_getter.h"
32 #include "ui/base/l10n/l10n_util.h"
33
34 namespace chromeos {
35 namespace {
36
37 const char kJsScreenPath[] = "login.OAuthEnrollmentScreen";
38
39 // Start page of GAIA authentication extension.
40 const char kGaiaExtStartPage[] =
41 "chrome-extension://mfffpogegjflfpflabcdkioaeobkgjik/main.html";
42
43 // Enrollment step names.
44 const char kEnrollmentStepSignin[] = "signin";
45 const char kEnrollmentStepSuccess[] = "success";
46
47 // Enrollment mode strings.
48 const char* const kModeStrings[EnrollmentScreenActor::ENROLLMENT_MODE_COUNT] =
49 { "manual", "forced", "auto", "recovery" };
50
EnrollmentModeToString(EnrollmentScreenActor::EnrollmentMode mode)51 std::string EnrollmentModeToString(EnrollmentScreenActor::EnrollmentMode mode) {
52 CHECK(0 <= mode && mode < EnrollmentScreenActor::ENROLLMENT_MODE_COUNT);
53 return kModeStrings[mode];
54 }
55
56 // A helper class that takes care of asynchronously revoking a given token.
57 class TokenRevoker : public GaiaAuthConsumer {
58 public:
TokenRevoker()59 TokenRevoker()
60 : gaia_fetcher_(this,
61 GaiaConstants::kChromeOSSource,
62 g_browser_process->system_request_context()) {}
~TokenRevoker()63 virtual ~TokenRevoker() {}
64
Start(const std::string & token)65 void Start(const std::string& token) {
66 gaia_fetcher_.StartRevokeOAuth2Token(token);
67 }
68
69 // GaiaAuthConsumer:
OnOAuth2RevokeTokenCompleted()70 virtual void OnOAuth2RevokeTokenCompleted() OVERRIDE {
71 base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
72 }
73
74 private:
75 GaiaAuthFetcher gaia_fetcher_;
76
77 DISALLOW_COPY_AND_ASSIGN(TokenRevoker);
78 };
79
80 } // namespace
81
82 // EnrollmentScreenHandler, public ------------------------------
83
EnrollmentScreenHandler()84 EnrollmentScreenHandler::EnrollmentScreenHandler()
85 : BaseScreenHandler(kJsScreenPath),
86 controller_(NULL),
87 show_on_init_(false),
88 enrollment_mode_(ENROLLMENT_MODE_MANUAL),
89 browsing_data_remover_(NULL) {
90 set_async_assets_load_id(OobeUI::kScreenOobeEnrollment);
91 }
92
~EnrollmentScreenHandler()93 EnrollmentScreenHandler::~EnrollmentScreenHandler() {
94 if (browsing_data_remover_)
95 browsing_data_remover_->RemoveObserver(this);
96 }
97
98 // EnrollmentScreenHandler, WebUIMessageHandler implementation --
99
RegisterMessages()100 void EnrollmentScreenHandler::RegisterMessages() {
101 AddCallback("oauthEnrollRetrieveAuthenticatedUserEmail",
102 &EnrollmentScreenHandler::HandleRetrieveAuthenticatedUserEmail);
103 AddCallback("oauthEnrollClose",
104 &EnrollmentScreenHandler::HandleClose);
105 AddCallback("oauthEnrollCompleteLogin",
106 &EnrollmentScreenHandler::HandleCompleteLogin);
107 AddCallback("oauthEnrollRetry",
108 &EnrollmentScreenHandler::HandleRetry);
109 }
110
111 // EnrollmentScreenHandler
112 // EnrollmentScreenActor implementation -----------------------------------
113
SetParameters(Controller * controller,EnrollmentMode enrollment_mode,const std::string & management_domain)114 void EnrollmentScreenHandler::SetParameters(
115 Controller* controller,
116 EnrollmentMode enrollment_mode,
117 const std::string& management_domain) {
118 controller_ = controller;
119 enrollment_mode_ = enrollment_mode;
120 management_domain_ = management_domain;
121 }
122
PrepareToShow()123 void EnrollmentScreenHandler::PrepareToShow() {
124 }
125
Show()126 void EnrollmentScreenHandler::Show() {
127 if (!page_is_ready())
128 show_on_init_ = true;
129 else
130 DoShow();
131 }
132
Hide()133 void EnrollmentScreenHandler::Hide() {
134 }
135
FetchOAuthToken()136 void EnrollmentScreenHandler::FetchOAuthToken() {
137 Profile* profile = Profile::FromWebUI(web_ui());
138 oauth_fetcher_.reset(
139 new policy::PolicyOAuth2TokenFetcher(
140 profile->GetRequestContext(),
141 g_browser_process->system_request_context(),
142 base::Bind(&EnrollmentScreenHandler::OnTokenFetched,
143 base::Unretained(this))));
144 oauth_fetcher_->Start();
145 }
146
ResetAuth(const base::Closure & callback)147 void EnrollmentScreenHandler::ResetAuth(const base::Closure& callback) {
148 auth_reset_callbacks_.push_back(callback);
149 if (browsing_data_remover_)
150 return;
151
152 if (oauth_fetcher_) {
153 if (!oauth_fetcher_->oauth2_access_token().empty())
154 (new TokenRevoker())->Start(oauth_fetcher_->oauth2_access_token());
155
156 if (!oauth_fetcher_->oauth2_refresh_token().empty())
157 (new TokenRevoker())->Start(oauth_fetcher_->oauth2_refresh_token());
158 }
159
160 Profile* profile = Profile::FromBrowserContext(
161 web_ui()->GetWebContents()->GetBrowserContext());
162 browsing_data_remover_ =
163 BrowsingDataRemover::CreateForUnboundedRange(profile);
164 browsing_data_remover_->AddObserver(this);
165 browsing_data_remover_->Remove(BrowsingDataRemover::REMOVE_SITE_DATA,
166 BrowsingDataHelper::UNPROTECTED_WEB);
167 }
168
ShowSigninScreen()169 void EnrollmentScreenHandler::ShowSigninScreen() {
170 ShowStep(kEnrollmentStepSignin);
171 }
172
ShowEnrollmentSpinnerScreen()173 void EnrollmentScreenHandler::ShowEnrollmentSpinnerScreen() {
174 ShowWorking(IDS_ENTERPRISE_ENROLLMENT_WORKING);
175 }
176
ShowLoginSpinnerScreen()177 void EnrollmentScreenHandler::ShowLoginSpinnerScreen() {
178 ShowWorking(IDS_ENTERPRISE_ENROLLMENT_RESUMING_LOGIN);
179 }
180
ShowAuthError(const GoogleServiceAuthError & error)181 void EnrollmentScreenHandler::ShowAuthError(
182 const GoogleServiceAuthError& error) {
183 switch (error.state()) {
184 case GoogleServiceAuthError::NONE:
185 case GoogleServiceAuthError::CAPTCHA_REQUIRED:
186 case GoogleServiceAuthError::TWO_FACTOR:
187 case GoogleServiceAuthError::HOSTED_NOT_ALLOWED:
188 case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS:
189 case GoogleServiceAuthError::REQUEST_CANCELED:
190 case GoogleServiceAuthError::UNEXPECTED_SERVICE_RESPONSE:
191 case GoogleServiceAuthError::SERVICE_ERROR:
192 ShowError(IDS_ENTERPRISE_ENROLLMENT_AUTH_FATAL_ERROR, false);
193 return;
194 case GoogleServiceAuthError::USER_NOT_SIGNED_UP:
195 case GoogleServiceAuthError::ACCOUNT_DELETED:
196 case GoogleServiceAuthError::ACCOUNT_DISABLED:
197 ShowError(IDS_ENTERPRISE_ENROLLMENT_AUTH_ACCOUNT_ERROR, true);
198 return;
199 case GoogleServiceAuthError::CONNECTION_FAILED:
200 case GoogleServiceAuthError::SERVICE_UNAVAILABLE:
201 ShowError(IDS_ENTERPRISE_ENROLLMENT_AUTH_NETWORK_ERROR, true);
202 return;
203 case GoogleServiceAuthError::NUM_STATES:
204 break;
205 }
206 NOTREACHED();
207 }
208
ShowUIError(UIError error)209 void EnrollmentScreenHandler::ShowUIError(UIError error) {
210 switch (error) {
211 case UI_ERROR_DOMAIN_MISMATCH:
212 ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_WRONG_USER, true);
213 return;
214 case UI_ERROR_AUTO_ENROLLMENT_BAD_MODE:
215 ShowError(IDS_ENTERPRISE_AUTO_ENROLLMENT_BAD_MODE, true);
216 return;
217 case UI_ERROR_FATAL:
218 ShowError(IDS_ENTERPRISE_ENROLLMENT_FATAL_ENROLLMENT_ERROR, true);
219 return;
220 }
221 NOTREACHED();
222 }
223
ShowEnrollmentStatus(policy::EnrollmentStatus status)224 void EnrollmentScreenHandler::ShowEnrollmentStatus(
225 policy::EnrollmentStatus status) {
226 switch (status.status()) {
227 case policy::EnrollmentStatus::STATUS_SUCCESS:
228 ShowStep(kEnrollmentStepSuccess);
229 return;
230 case policy::EnrollmentStatus::STATUS_NO_STATE_KEYS:
231 ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_NO_STATE_KEYS, false);
232 return;
233 case policy::EnrollmentStatus::STATUS_REGISTRATION_FAILED:
234 // Some special cases for generating a nicer message that's more helpful.
235 switch (status.client_status()) {
236 case policy::DM_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED:
237 ShowError(IDS_ENTERPRISE_ENROLLMENT_ACCOUNT_ERROR, true);
238 break;
239 case policy::DM_STATUS_SERVICE_MISSING_LICENSES:
240 ShowError(IDS_ENTERPRISE_ENROLLMENT_MISSING_LICENSES_ERROR, true);
241 break;
242 case policy::DM_STATUS_SERVICE_DEPROVISIONED:
243 ShowError(IDS_ENTERPRISE_ENROLLMENT_DEPROVISIONED_ERROR, true);
244 break;
245 case policy::DM_STATUS_SERVICE_DOMAIN_MISMATCH:
246 ShowError(IDS_ENTERPRISE_ENROLLMENT_DOMAIN_MISMATCH_ERROR, true);
247 break;
248 default:
249 ShowErrorMessage(
250 l10n_util::GetStringFUTF8(
251 IDS_ENTERPRISE_ENROLLMENT_STATUS_REGISTRATION_FAILED,
252 policy::FormatDeviceManagementStatus(status.client_status())),
253 true);
254 }
255 return;
256 case policy::EnrollmentStatus::STATUS_ROBOT_AUTH_FETCH_FAILED:
257 ShowError(IDS_ENTERPRISE_ENROLLMENT_ROBOT_AUTH_FETCH_FAILED, true);
258 return;
259 case policy::EnrollmentStatus::STATUS_ROBOT_REFRESH_FETCH_FAILED:
260 ShowError(IDS_ENTERPRISE_ENROLLMENT_ROBOT_REFRESH_FETCH_FAILED, true);
261 return;
262 case policy::EnrollmentStatus::STATUS_ROBOT_REFRESH_STORE_FAILED:
263 ShowError(IDS_ENTERPRISE_ENROLLMENT_ROBOT_REFRESH_STORE_FAILED, true);
264 return;
265 case policy::EnrollmentStatus::STATUS_REGISTRATION_BAD_MODE:
266 ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_REGISTRATION_BAD_MODE, false);
267 return;
268 case policy::EnrollmentStatus::STATUS_POLICY_FETCH_FAILED:
269 ShowErrorMessage(
270 l10n_util::GetStringFUTF8(
271 IDS_ENTERPRISE_ENROLLMENT_STATUS_POLICY_FETCH_FAILED,
272 policy::FormatDeviceManagementStatus(status.client_status())),
273 true);
274 return;
275 case policy::EnrollmentStatus::STATUS_VALIDATION_FAILED:
276 ShowErrorMessage(
277 l10n_util::GetStringFUTF8(
278 IDS_ENTERPRISE_ENROLLMENT_STATUS_VALIDATION_FAILED,
279 policy::FormatValidationStatus(status.validation_status())),
280 true);
281 return;
282 case policy::EnrollmentStatus::STATUS_LOCK_ERROR:
283 ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_ERROR, false);
284 return;
285 case policy::EnrollmentStatus::STATUS_LOCK_TIMEOUT:
286 ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_TIMEOUT, false);
287 return;
288 case policy::EnrollmentStatus::STATUS_LOCK_WRONG_USER:
289 ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_LOCK_WRONG_USER, true);
290 return;
291 case policy::EnrollmentStatus::STATUS_STORE_ERROR:
292 ShowErrorMessage(
293 l10n_util::GetStringFUTF8(
294 IDS_ENTERPRISE_ENROLLMENT_STATUS_STORE_ERROR,
295 policy::FormatStoreStatus(status.store_status(),
296 status.validation_status())),
297 true);
298 return;
299 }
300 NOTREACHED();
301 }
302
303 // EnrollmentScreenHandler BaseScreenHandler implementation -----
304
Initialize()305 void EnrollmentScreenHandler::Initialize() {
306 if (show_on_init_) {
307 Show();
308 show_on_init_ = false;
309 }
310 }
311
DeclareLocalizedValues(LocalizedValuesBuilder * builder)312 void EnrollmentScreenHandler::DeclareLocalizedValues(
313 LocalizedValuesBuilder* builder) {
314 builder->Add("oauthEnrollScreenTitle",
315 IDS_ENTERPRISE_ENROLLMENT_SCREEN_TITLE);
316 builder->Add("oauthEnrollDescription", IDS_ENTERPRISE_ENROLLMENT_DESCRIPTION);
317 builder->Add("oauthEnrollReEnrollmentText",
318 IDS_ENTERPRISE_ENROLLMENT_RE_ENROLLMENT_TEXT);
319 builder->Add("oauthEnrollRetry", IDS_ENTERPRISE_ENROLLMENT_RETRY);
320 builder->Add("oauthEnrollCancel", IDS_ENTERPRISE_ENROLLMENT_CANCEL);
321 builder->Add("oauthEnrollDone", IDS_ENTERPRISE_ENROLLMENT_DONE);
322 builder->Add("oauthEnrollSuccess", IDS_ENTERPRISE_ENROLLMENT_SUCCESS);
323 builder->Add("oauthEnrollExplain", IDS_ENTERPRISE_ENROLLMENT_EXPLAIN);
324 builder->Add("oauthEnrollExplainLink",
325 IDS_ENTERPRISE_ENROLLMENT_EXPLAIN_LINK);
326 builder->Add("oauthEnrollExplainButton",
327 IDS_ENTERPRISE_ENROLLMENT_EXPLAIN_BUTTON);
328 builder->Add("oauthEnrollCancelAutoEnrollmentReally",
329 IDS_ENTERPRISE_ENROLLMENT_CANCEL_AUTO_REALLY);
330 builder->Add("oauthEnrollCancelAutoEnrollmentConfirm",
331 IDS_ENTERPRISE_ENROLLMENT_CANCEL_AUTO_CONFIRM);
332 builder->Add("oauthEnrollCancelAutoEnrollmentGoBack",
333 IDS_ENTERPRISE_ENROLLMENT_CANCEL_AUTO_GO_BACK);
334 }
335
OnBrowsingDataRemoverDone()336 void EnrollmentScreenHandler::OnBrowsingDataRemoverDone() {
337 browsing_data_remover_->RemoveObserver(this);
338 browsing_data_remover_ = NULL;
339
340 std::vector<base::Closure> callbacks_to_run;
341 callbacks_to_run.swap(auth_reset_callbacks_);
342 for (std::vector<base::Closure>::iterator callback(callbacks_to_run.begin());
343 callback != callbacks_to_run.end(); ++callback) {
344 callback->Run();
345 }
346 }
347
348 // EnrollmentScreenHandler, private -----------------------------
349
HandleRetrieveAuthenticatedUserEmail(double attempt_token)350 void EnrollmentScreenHandler::HandleRetrieveAuthenticatedUserEmail(
351 double attempt_token) {
352 email_retriever_.reset(new AuthenticatedUserEmailRetriever(
353 base::Bind(&EnrollmentScreenHandler::CallJS<double, std::string>,
354 base::Unretained(this),
355 "setAuthenticatedUserEmail",
356 attempt_token),
357 Profile::FromWebUI(web_ui())->GetRequestContext()));
358 }
359
HandleClose(const std::string & reason)360 void EnrollmentScreenHandler::HandleClose(const std::string& reason) {
361 if (!controller_) {
362 NOTREACHED();
363 return;
364 }
365
366 if (reason == "cancel" || reason == "autocancel")
367 controller_->OnCancel();
368 else if (reason == "done")
369 controller_->OnConfirmationClosed();
370 else
371 NOTREACHED();
372 }
373
HandleCompleteLogin(const std::string & user)374 void EnrollmentScreenHandler::HandleCompleteLogin(const std::string& user) {
375 if (!controller_) {
376 NOTREACHED();
377 return;
378 }
379 controller_->OnLoginDone(gaia::SanitizeEmail(user));
380 }
381
HandleRetry()382 void EnrollmentScreenHandler::HandleRetry() {
383 if (!controller_) {
384 NOTREACHED();
385 return;
386 }
387 controller_->OnRetry();
388 }
389
ShowStep(const char * step)390 void EnrollmentScreenHandler::ShowStep(const char* step) {
391 CallJS("showStep", std::string(step));
392 }
393
ShowError(int message_id,bool retry)394 void EnrollmentScreenHandler::ShowError(int message_id, bool retry) {
395 ShowErrorMessage(l10n_util::GetStringUTF8(message_id), retry);
396 }
397
ShowErrorMessage(const std::string & message,bool retry)398 void EnrollmentScreenHandler::ShowErrorMessage(const std::string& message,
399 bool retry) {
400 CallJS("showError", message, retry);
401 }
402
ShowWorking(int message_id)403 void EnrollmentScreenHandler::ShowWorking(int message_id) {
404 CallJS("showWorking", l10n_util::GetStringUTF16(message_id));
405 }
406
OnTokenFetched(const std::string & token,const GoogleServiceAuthError & error)407 void EnrollmentScreenHandler::OnTokenFetched(
408 const std::string& token,
409 const GoogleServiceAuthError& error) {
410 if (!controller_)
411 return;
412
413 if (error.state() != GoogleServiceAuthError::NONE)
414 controller_->OnAuthError(error);
415 else
416 controller_->OnOAuthTokenAvailable(token);
417 }
418
DoShow()419 void EnrollmentScreenHandler::DoShow() {
420 base::DictionaryValue screen_data;
421 screen_data.SetString("signin_url", kGaiaExtStartPage);
422 screen_data.SetString("gaiaUrl", GaiaUrls::GetInstance()->gaia_url().spec());
423 screen_data.SetString("enrollment_mode",
424 EnrollmentModeToString(enrollment_mode_));
425 screen_data.SetString("management_domain", management_domain_);
426
427 ShowScreen(OobeUI::kScreenOobeEnrollment, &screen_data);
428 }
429
430 } // namespace chromeos
431