Google Git
Sign in
chromium / chromium / src / fa8cdc81f5f5aa8708d2704c3bcb91bfdb3898b6 / . / chrome / browser / chromeos / login / users / affiliation.cc
blob: ea8e92a47e5d3856123d7f040684b0307820eb29 [file] [log] [blame]
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/chromeos/login/users/affiliation.h"
#include "base/bind.h"
#include "base/callback.h"
#include "base/command_line.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
#include "chrome/browser/chromeos/policy/device_local_account.h"
#include "chrome/browser/chromeos/settings/device_settings_service.h"
#include "components/account_id/account_id.h"
#include "components/policy/core/common/policy_switches.h"
#include "components/policy/proto/device_management_backend.pb.h"
#include "google_apis/gaia/gaia_auth_util.h"
namespace chromeos {
namespace {
std::string GetDeviceDMTokenIfAffiliated(
const AccountId& account_id,
const std::vector<std::string>& user_affiliation_ids) {
const AffiliationIDSet set_of_user_affiliation_ids(
user_affiliation_ids.begin(), user_affiliation_ids.end());
const policy::BrowserPolicyConnectorChromeOS* connector =
g_browser_process->platform_part()->browser_policy_connector_chromeos();
DCHECK(connector);
const bool is_affiliated = IsUserAffiliated(
set_of_user_affiliation_ids, connector->GetDeviceAffiliationIDs(),
account_id.GetUserEmail());
if (is_affiliated) {
const enterprise_management::PolicyData* policy_data =
DeviceSettingsService::Get()->policy_data();
CHECK(policy_data);
return policy_data->request_token();
}
return std::string();
}
} // namespace
bool HaveCommonElement(const std::set<std::string>& set1,
const std::set<std::string>& set2) {
std::set<std::string>::const_iterator it1 = set1.begin();
std::set<std::string>::const_iterator it2 = set2.begin();
while (it1 != set1.end() && it2 != set2.end()) {
if (*it1 == *it2)
return true;
if (*it1 < *it2) {
++it1;
} else {
++it2;
}
}
return false;
}
bool IsUserAffiliated(const AffiliationIDSet& user_affiliation_ids,
const AffiliationIDSet& device_affiliation_ids,
const std::string& email) {
// An empty username means incognito user in case of Chrome OS and no
// logged-in user in case of Chrome (SigninService). Many tests use nonsense
// email addresses (e.g. 'test') so treat those as non-enterprise users.
if (email.empty() || email.find('@') == std::string::npos) {
return false;
}
if (policy::IsDeviceLocalAccountUser(email, NULL)) {
return true;
}
// Not all test servers correctly support affiliation ids so far, so
// this is a work-around.
// TODO(antrim): remove this once all test servers support affiliation ids.
base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
if (command_line->HasSwitch(policy::switches::kUserAlwaysAffiliated)) {
return true;
}
if (!device_affiliation_ids.empty() && !user_affiliation_ids.empty()) {
return HaveCommonElement(user_affiliation_ids, device_affiliation_ids);
}
return false;
}
base::RepeatingCallback<std::string(const std::vector<std::string>&)>
GetDeviceDMTokenForUserPolicyGetter(const AccountId& account_id) {
return base::BindRepeating(&GetDeviceDMTokenIfAffiliated, account_id);
}
} // namespace chromeos