1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_POLICY_CLOUD_USER_POLICY_SIGNIN_SERVICE_BASE_H_ 6 #define CHROME_BROWSER_POLICY_CLOUD_USER_POLICY_SIGNIN_SERVICE_BASE_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "base/callback.h" 12 #include "base/compiler_specific.h" 13 #include "base/memory/ref_counted.h" 14 #include "base/memory/scoped_ptr.h" 15 #include "base/memory/weak_ptr.h" 16 #include "components/keyed_service/core/keyed_service.h" 17 #include "components/policy/core/common/cloud/cloud_policy_client.h" 18 #include "components/policy/core/common/cloud/cloud_policy_service.h" 19 #include "components/signin/core/browser/signin_manager.h" 20 #include "content/public/browser/notification_observer.h" 21 #include "content/public/browser/notification_registrar.h" 22 23 class PrefService; 24 class Profile; 25 26 namespace net { 27 class URLRequestContextGetter; 28 } 29 30 namespace policy { 31 32 class DeviceManagementService; 33 class UserCloudPolicyManager; 34 35 // The UserPolicySigninService is responsible for interacting with the policy 36 // infrastructure (mainly UserCloudPolicyManager) to load policy for the signed 37 // in user. This is the base class that contains shared behavior. 38 // 39 // At signin time, this class initializes the UCPM and loads policy before any 40 // other signed in services are initialized. After each restart, this class 41 // ensures that the CloudPolicyClient is registered (in case the policy server 42 // was offline during the initial policy fetch) and if not it initiates a fresh 43 // registration process. 44 // 45 // Finally, if the user signs out, this class is responsible for shutting down 46 // the policy infrastructure to ensure that any cached policy is cleared. 47 class UserPolicySigninServiceBase : public KeyedService, 48 public CloudPolicyClient::Observer, 49 public CloudPolicyService::Observer, 50 public content::NotificationObserver, 51 public SigninManagerBase::Observer { 52 public: 53 // The callback invoked once policy registration is complete. Passed 54 // |dm_token| and |client_id| parameters are empty if policy registration 55 // failed. 56 typedef base::Callback<void(const std::string& dm_token, 57 const std::string& client_id)> 58 PolicyRegistrationCallback; 59 60 // The callback invoked once policy fetch is complete. Passed boolean 61 // parameter is set to true if the policy fetch succeeded. 62 typedef base::Callback<void(bool)> PolicyFetchCallback; 63 64 // Creates a UserPolicySigninServiceBase associated with the passed |profile|. 65 UserPolicySigninServiceBase( 66 Profile* profile, 67 PrefService* local_state, 68 DeviceManagementService* device_management_service, 69 UserCloudPolicyManager* policy_manager, 70 SigninManager* signin_manager, 71 scoped_refptr<net::URLRequestContextGetter> system_request_context); 72 virtual ~UserPolicySigninServiceBase(); 73 74 // Initiates a policy fetch as part of user signin, using a |dm_token| and 75 // |client_id| fetched via RegisterForPolicy(). |callback| is invoked 76 // once the policy fetch is complete, passing true if the policy fetch 77 // succeeded. 78 void FetchPolicyForSignedInUser( 79 const std::string& username, 80 const std::string& dm_token, 81 const std::string& client_id, 82 scoped_refptr<net::URLRequestContextGetter> profile_request_context, 83 const PolicyFetchCallback& callback); 84 85 // SigninManagerBase::Observer implementation: 86 virtual void GoogleSignedOut(const std::string& account_id, 87 const std::string& username) OVERRIDE; 88 89 // content::NotificationObserver implementation: 90 virtual void Observe(int type, 91 const content::NotificationSource& source, 92 const content::NotificationDetails& details) OVERRIDE; 93 94 // CloudPolicyService::Observer implementation: 95 virtual void OnInitializationCompleted(CloudPolicyService* service) OVERRIDE; 96 97 // CloudPolicyClient::Observer implementation: 98 virtual void OnPolicyFetched(CloudPolicyClient* client) OVERRIDE; 99 virtual void OnRegistrationStateChanged(CloudPolicyClient* client) OVERRIDE; 100 virtual void OnClientError(CloudPolicyClient* client) OVERRIDE; 101 102 // KeyedService implementation: 103 virtual void Shutdown() OVERRIDE; 104 105 void SetSystemRequestContext( 106 scoped_refptr<net::URLRequestContextGetter> request_context); 107 108 protected: 109 net::URLRequestContextGetter* system_request_context() { 110 return system_request_context_.get(); 111 } 112 113 // Returns a CloudPolicyClient to perform a registration with the DM server, 114 // or NULL if |username| shouldn't register for policy management. 115 scoped_ptr<CloudPolicyClient> CreateClientForRegistrationOnly( 116 const std::string& username); 117 118 // Returns false if cloud policy is disabled or if the passed |email_address| 119 // is definitely not from a hosted domain (according to the blacklist in 120 // BrowserPolicyConnector::IsNonEnterpriseUser()). 121 bool ShouldLoadPolicyForUser(const std::string& email_address); 122 123 // Invoked to initialize the UserPolicySigninService once its owning Profile 124 // becomes ready. If the Profile has a signed-in account associated with it 125 // at startup then this initializes the cloud policy manager by calling 126 // InitializeForSignedInUser(); otherwise it clears any stored policies. 127 void InitializeOnProfileReady(Profile* profile); 128 129 // Invoked to initialize the cloud policy service for |username|, which is the 130 // account associated with the Profile that owns this service. This is invoked 131 // from InitializeOnProfileReady() if the Profile already has a signed-in 132 // account at startup, or (on the desktop platforms) as soon as the user 133 // signs-in and an OAuth2 login refresh token becomes available. 134 void InitializeForSignedInUser( 135 const std::string& username, 136 scoped_refptr<net::URLRequestContextGetter> profile_request_context); 137 138 // Initializes the cloud policy manager with the passed |client|. This is 139 // called from InitializeForSignedInUser() when the Profile already has a 140 // signed in account at startup, and from FetchPolicyForSignedInUser() during 141 // the initial policy fetch after signing in. 142 virtual void InitializeUserCloudPolicyManager( 143 const std::string& username, 144 scoped_ptr<CloudPolicyClient> client); 145 146 // Prepares for the UserCloudPolicyManager to be shutdown due to 147 // user signout or profile destruction. 148 virtual void PrepareForUserCloudPolicyManagerShutdown(); 149 150 // Shuts down the UserCloudPolicyManager (for example, after the user signs 151 // out) and deletes any cached policy. 152 virtual void ShutdownUserCloudPolicyManager(); 153 154 // Convenience helpers to get the associated UserCloudPolicyManager and 155 // SigninManager. 156 UserCloudPolicyManager* policy_manager() { return policy_manager_; } 157 SigninManager* signin_manager() { return signin_manager_; } 158 159 content::NotificationRegistrar* registrar() { return ®istrar_; } 160 161 private: 162 // Helper functions to create a request context for use by CloudPolicyClients. 163 scoped_refptr<net::URLRequestContextGetter> CreateUserRequestContext( 164 scoped_refptr<net::URLRequestContextGetter> profile_request_context); 165 scoped_refptr<net::URLRequestContextGetter> CreateSystemRequestContext(); 166 167 // Weak pointer to the UserCloudPolicyManager and SigninManager this service 168 // is associated with. 169 UserCloudPolicyManager* policy_manager_; 170 SigninManager* signin_manager_; 171 172 content::NotificationRegistrar registrar_; 173 174 PrefService* local_state_; 175 DeviceManagementService* device_management_service_; 176 scoped_refptr<net::URLRequestContextGetter> system_request_context_; 177 178 base::WeakPtrFactory<UserPolicySigninServiceBase> weak_factory_; 179 180 DISALLOW_COPY_AND_ASSIGN(UserPolicySigninServiceBase); 181 }; 182 183 } // namespace policy 184 185 #endif // CHROME_BROWSER_POLICY_CLOUD_USER_POLICY_SIGNIN_SERVICE_BASE_H_ 186