Messaging for successful attestation-based enrollment.

Because attestation-based enrollment is automatic, we want the
message in case of sucess to have the following elements:

  1. The domain that the device has been enrolled into.
  2. A note letting the user what to do in case that enrollment is
     unexpected. (E.g. someone just bought a device off eBay.)

BUG=644002
TEST=manual
NOPRESUBMIT=true
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation

Presubmits will be skipped due to http://crbug.com/639691

Review-Url: https://codereview.chromium.org/2323593002
Cr-Commit-Position: refs/heads/master@{#417438}

chrome/app/chromeos_strings.grdp

@@ -6022,6 +6022,12 @@ All users must sign out to continue.
   <message name="IDS_ENTERPRISE_ENROLLMENT_SUCCESS" desc="Success message to be shown once enterprise enrollment completes.">
     Your device has successfully been enrolled for enterprise management.
   </message>
+  <message name="IDS_ENTERPRISE_ENROLLMENT_ABE_SUCCESS" desc="Success message to be shown once attestation-based enterprise enrollment completes.">
+    Your device has successfully been enrolled for enterprise management by
+    <ph name="BEGIN_BOLD">&lt;strong&gt;</ph><ph name="DOMAIN">$1<ex>acmecorp.com</ex></ph><ph name="END_BOLD">&lt;/strong&gt;</ph>.
+    <ph name="LINE_BREAK_AND_EMPTY_LINE">&lt;br&gt;&lt;br&gt;</ph>
+    If this is unexpected, please contact support.
+  </message>
   <message name="IDS_ENTERPRISE_ENROLLMENT_ASSET_ID_LABEL" desc="Label for asset id text box on the device naming screen in the enterprise enrollment dialog.">
     Asset Identifier
   </message>

chrome/browser/chromeos/login/enrollment/enrollment_screen_actor.h

@@ -58,6 +58,10 @@ class EnrollmentScreenActor {
   virtual void ShowAttributePromptScreen(const std::string& asset_id,
                                          const std::string& location) = 0;
 
+  // Shows a success string for attestation-based enrollment.
+  virtual void ShowAttestationBasedEnrollmentSuccessScreen(
+      const std::string& enterprise_domain) = 0;
+
   // Shows the spinner screen for enrollment.
   virtual void ShowEnrollmentSpinnerScreen() = 0;
 

chrome/browser/chromeos/login/enrollment/mock_enrollment_screen.h

@@ -35,6 +35,8 @@ class MockEnrollmentScreenActor
   MOCK_METHOD0(ShowSigninScreen, void());
   MOCK_METHOD2(ShowAttributePromptScreen,
                void(const std::string& asset_id, const std::string& location));
+  MOCK_METHOD1(ShowAttestationBasedEnrollmentSuccessScreen,
+               void(const std::string& enterprise_domain));
   MOCK_METHOD0(ShowEnrollmentSpinnerScreen, void());
   MOCK_METHOD1(ShowAuthError, void(const GoogleServiceAuthError&));
   MOCK_METHOD1(ShowOtherError, void(EnterpriseEnrollmentHelper::OtherError));

chrome/browser/resources/chromeos/login/oobe_screen_oauth_enrollment.css

@@ -24,7 +24,8 @@
 }
 
 .oauth-enroll-state-error #oauth-enroll-step-error,
-.oauth-enroll-state-success #oauth-enroll-step-success {
+.oauth-enroll-state-success #oauth-enroll-step-success,
+.oauth-enroll-state-abe-success #oauth-enroll-step-abe-success {
   display: table;
   height: 480px;
   margin: 0 auto;

chrome/browser/resources/chromeos/login/oobe_screen_oauth_enrollment.html

@@ -19,6 +19,11 @@
           i18n-content="oauthEnrollSuccess">
       </notification-card>
     </div>
+    <div id="oauth-enroll-step-abe-success" role="alert">
+      <notification-card id="oauth-enroll-abe-success-card" type="success"
+          i18n-values="button-label:oauthEnrollDone">
+      </notification-card>
+    </div>
     <div id="oauth-enroll-step-attribute-prompt">
       <gaia-card id="oauth-enroll-attribute-prompt-card" class="fit">
         <div class="header flex vertical layout end-justified">

chrome/browser/resources/chromeos/login/oobe_screen_oauth_enrollment.js

@@ -15,6 +15,7 @@ login.createScreen('OAuthEnrollmentScreen', 'oauth-enrollment', function() {
   /** @const */ var STEP_ATTRIBUTE_PROMPT = 'attribute-prompt';
   /** @const */ var STEP_ERROR = 'error';
   /** @const */ var STEP_SUCCESS = 'success';
+  /** @const */ var STEP_ABE_SUCCESS = 'abe-success';
 
   /* TODO(dzhioev): define this step on C++ side.
   /** @const */ var STEP_ATTRIBUTE_PROMPT_ERROR = 'attribute-prompt-error';
@@ -27,6 +28,7 @@ login.createScreen('OAuthEnrollmentScreen', 'oauth-enrollment', function() {
       'showError',
       'doReload',
       'showAttributePromptStep',
+      'showAttestationBasedEnrollmentSuccess',
     ],
 
     /**
@@ -157,6 +159,8 @@ login.createScreen('OAuthEnrollmentScreen', 'oauth-enrollment', function() {
           'buttonclick', doneCallback);
       $('oauth-enroll-success-card').addEventListener(
           'buttonclick', doneCallback);
+      $('oauth-enroll-abe-success-card').addEventListener(
+          'buttonclick', doneCallback);
 
       this.navigation_.addEventListener('close', this.cancel.bind(this));
       this.navigation_.addEventListener('refresh', this.cancel.bind(this));
@@ -242,12 +246,22 @@ login.createScreen('OAuthEnrollmentScreen', 'oauth-enrollment', function() {
      * Shows attribute-prompt step with pre-filled asset ID and
      * location.
      */
-    showAttributePromptStep: function(annotated_asset_id, annotated_location) {
-      $('oauth-enroll-asset-id').value = annotated_asset_id;
-      $('oauth-enroll-location').value = annotated_location;
+    showAttributePromptStep: function(annotatedAssetId, annotatedLocation) {
+      $('oauth-enroll-asset-id').value = annotatedAssetId;
+      $('oauth-enroll-location').value = annotatedLocation;
       this.showStep(STEP_ATTRIBUTE_PROMPT);
     },
 
+    /**
+     * Shows a success card for attestation-based enrollment that shows
+     * which domain the device was enrolled into.
+     */
+    showAttestationBasedEnrollmentSuccess: function(enterpriseDomain) {
+      $('oauth-enroll-abe-success-card').innerHTML =
+          loadTimeData.getStringF('oauthEnrollAbeSuccess', enterpriseDomain);
+      this.showStep(STEP_ABE_SUCCESS);
+    },
+
     /**
      * Cancels the current authentication and drops the user back to the next
      * screen (either the next authentication or the login screen).
@@ -274,6 +288,8 @@ login.createScreen('OAuthEnrollmentScreen', 'oauth-enrollment', function() {
         $('oauth-enroll-error-card').submitButton.focus();
       } else if (step == STEP_SUCCESS) {
         $('oauth-enroll-success-card').submitButton.focus();
+      } else if (step == STEP_ABE_SUCCESS) {
+        $('oauth-enroll-abe-success-card').submitButton.focus();
       } else if (step == STEP_ATTRIBUTE_PROMPT) {
         $('oauth-enroll-asset-id').focus();
       } else if (step == STEP_ATTRIBUTE_PROMPT_ERROR) {

chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc

@@ -93,6 +93,14 @@ bool IsProxyError(NetworkStateInformer::State state,
          reason == NetworkError::ERROR_REASON_PROXY_CONNECTION_FAILED;
 }
 
+
+// Returns the enterprise domain after enrollment, or an empty string.
+std::string GetEnterpriseDomain() {
+  policy::BrowserPolicyConnectorChromeOS* connector =
+      g_browser_process->platform_part()->browser_policy_connector_chromeos();
+  return connector->GetEnterpriseDomain();
+}
+
 }  // namespace
 
 // EnrollmentScreenHandler, public ------------------------------
@@ -178,6 +186,11 @@ void EnrollmentScreenHandler::ShowEnrollmentSpinnerScreen() {
   ShowStep(kEnrollmentStepWorking);
 }
 
+void EnrollmentScreenHandler::ShowAttestationBasedEnrollmentSuccessScreen(
+    const std::string& enterprise_domain) {
+  CallJS("showAttestationBasedEnrollmentSuccess", enterprise_domain);
+}
+
 void EnrollmentScreenHandler::ShowAuthError(
     const GoogleServiceAuthError& error) {
   switch (error.state()) {
@@ -224,7 +237,10 @@ void EnrollmentScreenHandler::ShowEnrollmentStatus(
     policy::EnrollmentStatus status) {
   switch (status.status()) {
     case policy::EnrollmentStatus::STATUS_SUCCESS:
-      ShowStep(kEnrollmentStepSuccess);
+      if (config_.is_mode_attestation())
+        ShowAttestationBasedEnrollmentSuccessScreen(GetEnterpriseDomain());
+      else
+        ShowStep(kEnrollmentStepSuccess);
       return;
     case policy::EnrollmentStatus::STATUS_NO_STATE_KEYS:
       ShowError(IDS_ENTERPRISE_ENROLLMENT_STATUS_NO_STATE_KEYS, false);
@@ -349,6 +365,7 @@ void EnrollmentScreenHandler::DeclareLocalizedValues(
   builder->Add("oauthEnrollNextBtn", IDS_OFFLINE_LOGIN_NEXT_BUTTON_TEXT);
   builder->Add("oauthEnrollSkip", IDS_ENTERPRISE_ENROLLMENT_SKIP);
   builder->Add("oauthEnrollSuccess", IDS_ENTERPRISE_ENROLLMENT_SUCCESS);
+  builder->Add("oauthEnrollAbeSuccess", IDS_ENTERPRISE_ENROLLMENT_ABE_SUCCESS);
   builder->Add("oauthEnrollDeviceInformation",
                IDS_ENTERPRISE_ENROLLMENT_DEVICE_INFORMATION);
   builder->Add("oauthEnrollExplaneAttributeLink",

chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.h

@@ -46,6 +46,8 @@ class EnrollmentScreenHandler
   void ShowSigninScreen() override;
   void ShowAttributePromptScreen(const std::string& asset_id,
                                  const std::string& location) override;
+  void ShowAttestationBasedEnrollmentSuccessScreen(
+      const std::string& enterprise_domain) override;
   void ShowEnrollmentSpinnerScreen() override;
   void ShowAuthError(const GoogleServiceAuthError& error) override;
   void ShowEnrollmentStatus(policy::EnrollmentStatus status) override;