Fix management disclosure bug for child accounts and add login UI tests

On login/lock screen, enterprise management disclosure is shown for child accounts due to a confusion in the code between management and enterprise management. Bug: 1093934 Change-Id: I8cb12dc9342290937da2939a8cd14f7eefbf4895 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2254278Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org> Commit-Queue: Thomas Tellier <tellier@google.com> Cr-Commit-Position: refs/heads/master@{#781442}

Fix management disclosure bug for child accounts and add login UI tests
On login/lock screen, enterprise management disclosure is shown for child accounts due to a confusion in the code between management and enterprise management. Bug: 1093934 Change-Id: I8cb12dc9342290937da2939a8cd14f7eefbf4895 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2254278Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org> Commit-Queue: Thomas Tellier <tellier@google.com> Cr-Commit-Position: refs/heads/master@{#781442}
12ad2067 · Thomas Tellier · Commit Bot · 3a6f7631 · 12ad2067 · 12ad2067
Commit 12ad2067 authored Jun 23, 2020 by Thomas Tellier Committed by Commit Bot Jun 23, 2020
5 changed files
--- a/chrome/browser/chromeos/login/existing_user_controller.cc
+++ b/chrome/browser/chromeos/login/existing_user_controller.cc
@@ -1198,8 +1198,11 @@ void ExistingUserController::OnProfilePrepared(Profile* profile,
  chromeos::UserContext user_context =
      UserContext(*chromeos::ProfileHelper::Get()->GetUserByProfile(profile));
  auto* profile_connector = profile->GetProfilePolicyConnector();
-  user_manager::known_user::SetIsManaged(user_context.GetAccountId(),
-                                         profile_connector->IsManaged());
+  bool is_enterprise_managed =
+      profile_connector->IsManaged() &&
+      user_context.GetUserType() != user_manager::USER_TYPE_CHILD;
+  user_manager::known_user::SetIsEnterpriseManaged(user_context.GetAccountId(),
+                                                   is_enterprise_managed);

  // Inform |auth_status_consumer_| about successful login.
  // TODO(nkostylev): Pass UserContext back crbug.com/424550

--- a/chrome/browser/chromeos/login/login_ui_browsertest.cc
+++ b/chrome/browser/chromeos/login/login_ui_browsertest.cc
@@ -20,6 +20,7 @@
 #include "chrome/browser/chromeos/login/wizard_controller.h"
 #include "chrome/browser/chromeos/settings/scoped_testing_cros_settings.h"
 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h"
+#include "chrome/browser/supervised_user/logged_in_user_mixin.h"
 #include "chrome/browser/ui/webui/chromeos/login/signin_screen_handler.h"
 #include "chrome/browser/ui/webui/chromeos/login/welcome_screen_handler.h"
 #include "chrome/common/pref_names.h"
@@ -389,4 +390,40 @@ IN_PROC_BROWSER_TEST_F(UserManagementDisclosureTest,
      managed_user.account_id));
 }

+class UserManagementDisclosureChildTest
+    : public MixinBasedInProcessBrowserTest {
+ public:
+  ~UserManagementDisclosureChildTest() override = default;
+
+ protected:
+  LoggedInUserMixin logged_in_user_mixin_{
+      &mixin_host_, LoggedInUserMixin::LogInType::kChild,
+      embedded_test_server(), this, false /*should_launch_browser*/};
+};
+
+// Check if the user management disclosure is hidden on the lock screen after
+// having logged a child account into a session and having locked the screen.
+IN_PROC_BROWSER_TEST_F(UserManagementDisclosureChildTest,
+                       PRE_EnterpriseIconVisibleChildUser) {
+  logged_in_user_mixin_.LogInUser(false /*issue_any_scope_token*/,
+                                  true /*wait_for_active_session*/,
+                                  true /*request_policy_update*/);
+  ScreenLockerTester screen_locker_tester;
+  screen_locker_tester.Lock();
+  EXPECT_FALSE(ash::LoginScreenTestApi::IsManagedIconShown(
+      logged_in_user_mixin_.GetAccountId()));
+  EXPECT_FALSE(ash::LoginScreenTestApi::IsManagedMessageInMenuShown(
+      logged_in_user_mixin_.GetAccountId()));
+}
+
+// Check if the user management disclosure is shown on the login screen for a
+// child account.
+IN_PROC_BROWSER_TEST_F(UserManagementDisclosureChildTest,
+                       EnterpriseIconVisibleChildUser) {
+  EXPECT_FALSE(ash::LoginScreenTestApi::IsManagedIconShown(
+      logged_in_user_mixin_.GetAccountId()));
+  EXPECT_FALSE(ash::LoginScreenTestApi::IsManagedMessageInMenuShown(
+      logged_in_user_mixin_.GetAccountId()));
+}
+
 }  // namespace chromeos
--- a/chrome/browser/chromeos/login/screens/user_selection_screen.cc
+++ b/chrome/browser/chromeos/login/screens/user_selection_screen.cc
@@ -961,7 +961,8 @@ UserSelectionScreen::UpdateAndReturnUserListForAsh() {
    user_info.can_remove = CanRemoveUser(user);
    user_info.fingerprint_state = GetInitialFingerprintState(user);
    user_info.show_pin_pad_for_password = false;
-    if (user_manager::known_user::GetIsManaged(user->GetAccountId()) &&
+    if (user_manager::known_user::GetIsEnterpriseManaged(
+            user->GetAccountId()) &&
        user->GetType() != user_manager::USER_TYPE_PUBLIC_ACCOUNT) {
      user_info.user_enterprise_domain =
          gaia::ExtractDomainName(user->display_email());

--- a/components/user_manager/known_user.cc
+++ b/components/user_manager/known_user.cc
@@ -77,8 +77,8 @@ const char kChallengeResponseKeys[] = "challenge_response_keys";
 const char kLastOnlineSignin[] = "last_online_singin";
 const char kOfflineSigninLimit[] = "offline_signin_limit";

-// Key of the boolean flag telling if user is managed.
-const char kIsManaged[] = "is_managed";
+// Key of the boolean flag telling if user is enterprise managed.
+const char kIsEnterpriseManaged[] = "is_enterprise_managed";

 // Key of the last input method user used which is suitable for login/lock
 // screen.
@@ -101,7 +101,7 @@ const char* kReservedKeys[] = {kCanonicalEmail,
                               kChallengeResponseKeys,
                               kLastOnlineSignin,
                               kOfflineSigninLimit,
-                               kIsManaged,
+                               kIsEnterpriseManaged,
                               kLastInputMethod};

 PrefService* GetLocalState() {
@@ -653,14 +653,15 @@ base::TimeDelta GetOfflineSigninLimit(const AccountId& account_id) {
  return *time_delta;
 }

-void SetIsManaged(const AccountId& account_id, bool is_managed) {
-  SetBooleanPref(account_id, kIsManaged, is_managed);
+void SetIsEnterpriseManaged(const AccountId& account_id,
+                            bool is_enterprise_managed) {
+  SetBooleanPref(account_id, kIsEnterpriseManaged, is_enterprise_managed);
 }

-bool GetIsManaged(const AccountId& account_id) {
-  bool is_managed;
-  if (GetBooleanPref(account_id, kIsManaged, &is_managed))
-    return is_managed;
+bool GetIsEnterpriseManaged(const AccountId& account_id) {
+  bool is_enterprise_managed;
+  if (GetBooleanPref(account_id, kIsEnterpriseManaged, &is_enterprise_managed))
+    return is_enterprise_managed;
  return false;
 }


--- a/components/user_manager/known_user.h
+++ b/components/user_manager/known_user.h
@@ -227,10 +227,10 @@ void USER_MANAGER_EXPORT SetOfflineSigninLimit(const AccountId& account_id,
 base::TimeDelta USER_MANAGER_EXPORT
 GetOfflineSigninLimit(const AccountId& account_id);

-void USER_MANAGER_EXPORT SetIsManaged(const AccountId& account_id,
-                                      bool is_managed);
+void USER_MANAGER_EXPORT SetIsEnterpriseManaged(const AccountId& account_id,
+                                                bool is_enterprise_managed);

-bool USER_MANAGER_EXPORT GetIsManaged(const AccountId& account_id);
+bool USER_MANAGER_EXPORT GetIsEnterpriseManaged(const AccountId& account_id);

 void USER_MANAGER_EXPORT
 SetUserLastInputMethod(const AccountId& account_id,