Chrome OS: Add management notice

for the SAML password change dialog. Bug: 930109 Change-Id: I4f2fb367d1b3d47b3e59f293dddc434169f02d67 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1634834Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Reviewed-by: A Olsen <olsen@chromium.org> Commit-Queue: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#664284}

Chrome OS: Add management notice
for the SAML password change dialog. Bug: 930109 Change-Id: I4f2fb367d1b3d47b3e59f293dddc434169f02d67 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1634834Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Reviewed-by: A Olsen <olsen@chromium.org> Commit-Queue: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#664284}
2287eae4 · Roman Sorokin · Commit Bot · 1bda6b01 · 2287eae4 · 2287eae4
Commit 2287eae4 authored May 29, 2019 by Roman Sorokin Committed by Commit Bot May 29, 2019
6 changed files
--- a/chrome/app/chromeos_strings.grdp
+++ b/chrome/app/chromeos_strings.grdp
@@ -937,6 +937,9 @@
  <message name="IDS_LOGIN_SAML_NOTICE" desc="Text message displayed above SAML portal to early indicate that the user is being redirected to another sign-in provider. This is the version of the string used in the GAIA flow.">
    This sign-in service is hosted by <ph name="SAML_DOMAIN">$1<ex>saml.com</ex></ph>
  </message>
+  <message name="IDS_LOGIN_SAML_PASSWORD_CHANGE_NOTICE" desc="Text message displayed in the system dialog title. The dialog shows a web-page where the user can change their SAML password while staying in the session">
+    This authentication service is hosted by <ph name="SAML_DOMAIN">$1<ex>saml.com</ex></ph>
+  </message>
  <message name="IDS_LOGIN_SAML_NOTICE_WITH_VIDEO" desc="Text message displayed above SAML portal to early indicate that the user is being redirected to another sign-in provider which has requested video media access.">
    This sign-in service, hosted by <ph name="SAML_DOMAIN">$1<ex>saml.com</ex></ph>, is accessing your camera.
  </message>

--- a/chrome/browser/chromeos/login/saml/saml_password_expiry_notification.cc
+++ b/chrome/browser/chromeos/login/saml/saml_password_expiry_notification.cc
@@ -78,15 +78,6 @@ const base::NoDestructor<RichNotificationData> kRichNotificationData;
 const base::NoDestructor<base::string16> kLineSeparator(
    base::string16(1, '\n'));
-// Callback called when notification is clicked - opens password-change page.
-void OnNotificationClicked() {
-  PasswordChangeDialog::Show();
-}
-const base::NoDestructor<scoped_refptr<HandleNotificationClickDelegate>>
-    kClickDelegate(base::MakeRefCounted<HandleNotificationClickDelegate>(
-        base::BindRepeating(&OnNotificationClicked)));
 base::string16 GetTitleText(int less_than_n_days) {
  const bool hasExpired = (less_than_n_days <= 0);
  return hasExpired ? l10n_util::GetStringUTF16(IDS_PASSWORD_HAS_EXPIRED_TITLE)
@@ -293,9 +284,12 @@ void ShowSamlPasswordExpiryNotification(Profile* profile,
  const base::string16 title = GetTitleText(less_than_n_days);
  const base::string16 body = GetBodyText(less_than_n_days);
+  auto click_delegate = base::MakeRefCounted<HandleNotificationClickDelegate>(
+      base::BindRepeating(&PasswordChangeDialog::Show, profile));
  std::unique_ptr<Notification> notification = ash::CreateSystemNotification(
      kNotificationType, kNotificationId, title, body, *kDisplaySource,
-      *kOriginUrl, *kNotifierId, *kRichNotificationData, *kClickDelegate, kIcon,
+      *kOriginUrl, *kNotifierId, *kRichNotificationData, click_delegate, kIcon,
      kWarningLevel);
  NotificationDisplayServiceFactory::GetForProfile(profile)->Display(

--- a/chrome/browser/ui/webui/chromeos/insession_password_change_handler_chromeos.cc
+++ b/chrome/browser/ui/webui/chromeos/insession_password_change_handler_chromeos.cc
@@ -6,49 +6,23 @@
 #include <string>
-#include "base/command_line.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/values.h"
 #include "chrome/browser/chromeos/login/auth/chrome_cryptohome_authenticator.h"
 #include "chrome/browser/chromeos/login/saml/saml_password_expiry_notification.h"
-#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
-#include "chromeos/constants/chromeos_switches.h"
 #include "chromeos/login/auth/saml_password_attributes.h"
 #include "components/prefs/pref_service.h"
 #include "components/user_manager/user_manager.h"
 namespace chromeos {
-namespace {
+InSessionPasswordChangeHandler::InSessionPasswordChangeHandler(
+    const std::string& password_change_url)
-std::string GetPasswordChangeUrl(Profile* profile) {
+    : password_change_url_(password_change_url) {}
-  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kSamlPasswordChangeUrl)) {
-    return base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
-        switches::kSamlPasswordChangeUrl);
-  }
-  const policy::UserCloudPolicyManagerChromeOS* user_cloud_policy_manager =
-      profile->GetUserCloudPolicyManagerChromeOS();
-  if (user_cloud_policy_manager) {
-    const enterprise_management::PolicyData* policy =
-        user_cloud_policy_manager->core()->store()->policy();
-    if (policy->has_change_password_uri()) {
-      return policy->change_password_uri();
-    }
-  }
-  return SamlPasswordAttributes::LoadFromPrefs(profile->GetPrefs())
-      .password_change_url();
-}
-}  // namespace
-InSessionPasswordChangeHandler::InSessionPasswordChangeHandler() = default;
 InSessionPasswordChangeHandler::~InSessionPasswordChangeHandler() = default;
 void InSessionPasswordChangeHandler::HandleInitialize(
@@ -59,12 +33,11 @@ void InSessionPasswordChangeHandler::HandleInitialize(
  AllowJavascript();
  base::Value params(base::Value::Type::DICTIONARY);
-  const std::string password_change_url = GetPasswordChangeUrl(profile);
+  if (password_change_url_.empty()) {
-  if (password_change_url.empty()) {
    LOG(ERROR) << "Password change url is empty";
    return;
  }
-  params.SetKey("passwordChangeUrl", base::Value(password_change_url));
+  params.SetKey("passwordChangeUrl", base::Value(password_change_url_));
  const user_manager::User* user =
      ProfileHelper::Get()->GetUserByProfile(profile);
  if (user)

--- a/chrome/browser/ui/webui/chromeos/insession_password_change_handler_chromeos.h
+++ b/chrome/browser/ui/webui/chromeos/insession_password_change_handler_chromeos.h
@@ -16,7 +16,8 @@ namespace chromeos {
 class InSessionPasswordChangeHandler : public content::WebUIMessageHandler,
                                       AuthStatusConsumer {
 public:
-  InSessionPasswordChangeHandler();
+  explicit InSessionPasswordChangeHandler(
+      const std::string& password_change_url);
  ~InSessionPasswordChangeHandler() override;
  // content::WebUIMessageHandler:
@@ -30,6 +31,7 @@ class InSessionPasswordChangeHandler : public content::WebUIMessageHandler,
  void OnAuthSuccess(const UserContext& user_context) override;
 private:
+  const std::string password_change_url_;
  scoped_refptr<CryptohomeAuthenticator> authenticator_;
  base::WeakPtrFactory<InSessionPasswordChangeHandler> weak_factory_{this};
  DISALLOW_COPY_AND_ASSIGN(InSessionPasswordChangeHandler);

--- a/chrome/browser/ui/webui/chromeos/insession_password_change_ui.cc
+++ b/chrome/browser/ui/webui/chromeos/insession_password_change_ui.cc
@@ -7,15 +7,22 @@
 #include <memory>
 #include "base/bind.h"
+#include "base/command_line.h"
+#include "base/strings/utf_string_conversions.h"
+#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/webui/chromeos/insession_password_change_handler_chromeos.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/common/webui_url_constants.h"
 #include "chrome/grit/browser_resources.h"
 #include "chrome/grit/generated_resources.h"
+#include "chromeos/constants/chromeos_switches.h"
+#include "chromeos/login/auth/saml_password_attributes.h"
 #include "components/prefs/pref_service.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/web_ui_data_source.h"
+#include "net/base/url_util.h"
+#include "ui/base/l10n/l10n_util.h"
 #include "ui/display/display.h"
 #include "ui/display/screen.h"
 #include "ui/strings/grit/ui_strings.h"
@@ -26,6 +33,35 @@ namespace {
 PasswordChangeDialog* g_dialog = nullptr;
+std::string GetPasswordChangeUrl(Profile* profile) {
+  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kSamlPasswordChangeUrl)) {
+    return base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
+        switches::kSamlPasswordChangeUrl);
+  }
+  const policy::UserCloudPolicyManagerChromeOS* user_cloud_policy_manager =
+      profile->GetUserCloudPolicyManagerChromeOS();
+  if (user_cloud_policy_manager) {
+    const enterprise_management::PolicyData* policy =
+        user_cloud_policy_manager->core()->store()->policy();
+    if (policy->has_change_password_uri()) {
+      return policy->change_password_uri();
+    }
+  }
+  return SamlPasswordAttributes::LoadFromPrefs(profile->GetPrefs())
+      .password_change_url();
+}
+base::string16 GetManagementNotice(Profile* profile) {
+  base::string16 host = base::UTF8ToUTF16(
+      net::GetHostAndOptionalPort(GURL(GetPasswordChangeUrl(profile))));
+  DCHECK(!host.empty());
+  return l10n_util::GetStringFUTF16(IDS_LOGIN_SAML_PASSWORD_CHANGE_NOTICE,
+                                    host);
+}
 constexpr int kMaxDialogWidth = 768;
 constexpr int kMaxDialogHeight = 640;
@@ -48,9 +84,9 @@ gfx::Size GetPasswordChangeDialogSize() {
 }  // namespace
-PasswordChangeDialog::PasswordChangeDialog()
+PasswordChangeDialog::PasswordChangeDialog(const base::string16& title)
-    : SystemWebDialogDelegate(GURL(chrome::kChromeUIPasswordChangeUrl),
+    : SystemWebDialogDelegate(GURL(chrome::kChromeUIPasswordChangeUrl), title) {
-                              base::string16()) {}
+}
 PasswordChangeDialog::~PasswordChangeDialog() {
  DCHECK_EQ(this, g_dialog);
@@ -61,13 +97,13 @@ void PasswordChangeDialog::GetDialogSize(gfx::Size* size) const {
  *size = GetPasswordChangeDialogSize();
 }
-void PasswordChangeDialog::Show() {
+void PasswordChangeDialog::Show(Profile* profile) {
  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
  if (g_dialog) {
    g_dialog->Focus();
    return;
  }
-  g_dialog = new PasswordChangeDialog();
+  g_dialog = new PasswordChangeDialog(GetManagementNotice(profile));
  g_dialog->ShowSystemDialog();
 }
@@ -79,7 +115,8 @@ InSessionPasswordChangeUI::InSessionPasswordChangeUI(content::WebUI* web_ui)
  content::WebUIDataSource* source =
      content::WebUIDataSource::Create(chrome::kChromeUIPasswordChangeHost);
-  web_ui->AddMessageHandler(std::make_unique<InSessionPasswordChangeHandler>());
+  web_ui->AddMessageHandler(std::make_unique<InSessionPasswordChangeHandler>(
+      GetPasswordChangeUrl(profile)));
  source->SetJsonPath("strings.js");

--- a/chrome/browser/ui/webui/chromeos/insession_password_change_ui.h
+++ b/chrome/browser/ui/webui/chromeos/insession_password_change_ui.h
@@ -6,17 +6,20 @@
 #define CHROME_BROWSER_UI_WEBUI_CHROMEOS_INSESSION_PASSWORD_CHANGE_UI_H_
 #include "base/macros.h"
+#include "base/strings/string16.h"
 #include "chrome/browser/ui/webui/chromeos/system_web_dialog_delegate.h"
 #include "ui/web_dialogs/web_dialog_ui.h"
+class Profile;
 namespace chromeos {
 class PasswordChangeDialog : public SystemWebDialogDelegate {
 public:
-  static void Show();
+  static void Show(Profile* profile);
 protected:
-  PasswordChangeDialog();
+  explicit PasswordChangeDialog(const base::string16& title);
  ~PasswordChangeDialog() override;
  // ui::WebDialogDelegate: