Chrome OS: Add management notice

for the SAML password change dialog.

Bug: 930109
Change-Id: I4f2fb367d1b3d47b3e59f293dddc434169f02d67
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1634834Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: A Olsen <olsen@chromium.org>
Commit-Queue: Roman Sorokin [CET] <rsorokin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#664284}

chrome/app/chromeos_strings.grdp

@@ -937,6 +937,9 @@
   <message name="IDS_LOGIN_SAML_NOTICE" desc="Text message displayed above SAML portal to early indicate that the user is being redirected to another sign-in provider. This is the version of the string used in the GAIA flow.">
     This sign-in service is hosted by <ph name="SAML_DOMAIN">$1<ex>saml.com</ex></ph>
   </message>
+  <message name="IDS_LOGIN_SAML_PASSWORD_CHANGE_NOTICE" desc="Text message displayed in the system dialog title. The dialog shows a web-page where the user can change their SAML password while staying in the session">
+    This authentication service is hosted by <ph name="SAML_DOMAIN">$1<ex>saml.com</ex></ph>
+  </message>
   <message name="IDS_LOGIN_SAML_NOTICE_WITH_VIDEO" desc="Text message displayed above SAML portal to early indicate that the user is being redirected to another sign-in provider which has requested video media access.">
     This sign-in service, hosted by <ph name="SAML_DOMAIN">$1<ex>saml.com</ex></ph>, is accessing your camera.
   </message>

chrome/browser/chromeos/login/saml/saml_password_expiry_notification.cc

@@ -78,15 +78,6 @@ const base::NoDestructor<RichNotificationData> kRichNotificationData;
 const base::NoDestructor<base::string16> kLineSeparator(
     base::string16(1, '\n'));
 
-// Callback called when notification is clicked - opens password-change page.
-void OnNotificationClicked() {
-  PasswordChangeDialog::Show();
-}
-
-const base::NoDestructor<scoped_refptr<HandleNotificationClickDelegate>>
-    kClickDelegate(base::MakeRefCounted<HandleNotificationClickDelegate>(
-        base::BindRepeating(&OnNotificationClicked)));
-
 base::string16 GetTitleText(int less_than_n_days) {
   const bool hasExpired = (less_than_n_days <= 0);
   return hasExpired ? l10n_util::GetStringUTF16(IDS_PASSWORD_HAS_EXPIRED_TITLE)
@@ -293,9 +284,12 @@ void ShowSamlPasswordExpiryNotification(Profile* profile,
   const base::string16 title = GetTitleText(less_than_n_days);
   const base::string16 body = GetBodyText(less_than_n_days);
 
+  auto click_delegate = base::MakeRefCounted<HandleNotificationClickDelegate>(
+      base::BindRepeating(&PasswordChangeDialog::Show, profile));
+
   std::unique_ptr<Notification> notification = ash::CreateSystemNotification(
       kNotificationType, kNotificationId, title, body, *kDisplaySource,
-      *kOriginUrl, *kNotifierId, *kRichNotificationData, *kClickDelegate, kIcon,
+      *kOriginUrl, *kNotifierId, *kRichNotificationData, click_delegate, kIcon,
       kWarningLevel);
 
   NotificationDisplayServiceFactory::GetForProfile(profile)->Display(

chrome/browser/ui/webui/chromeos/insession_password_change_handler_chromeos.cc

@@ -6,49 +6,23 @@
 
 #include <string>
 
-#include "base/command_line.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/values.h"
 #include "chrome/browser/chromeos/login/auth/chrome_cryptohome_authenticator.h"
 #include "chrome/browser/chromeos/login/saml/saml_password_expiry_notification.h"
-#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
-#include "chromeos/constants/chromeos_switches.h"
 #include "chromeos/login/auth/saml_password_attributes.h"
 #include "components/prefs/pref_service.h"
 #include "components/user_manager/user_manager.h"
 
 namespace chromeos {
 
-namespace {
-
-std::string GetPasswordChangeUrl(Profile* profile) {
-  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kSamlPasswordChangeUrl)) {
-    return base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
-        switches::kSamlPasswordChangeUrl);
-  }
-
-  const policy::UserCloudPolicyManagerChromeOS* user_cloud_policy_manager =
-      profile->GetUserCloudPolicyManagerChromeOS();
-  if (user_cloud_policy_manager) {
-    const enterprise_management::PolicyData* policy =
-        user_cloud_policy_manager->core()->store()->policy();
-    if (policy->has_change_password_uri()) {
-      return policy->change_password_uri();
-    }
-  }
-
-  return SamlPasswordAttributes::LoadFromPrefs(profile->GetPrefs())
-      .password_change_url();
-}
-
-}  // namespace
-
-InSessionPasswordChangeHandler::InSessionPasswordChangeHandler() = default;
+InSessionPasswordChangeHandler::InSessionPasswordChangeHandler(
+    const std::string& password_change_url)
+    : password_change_url_(password_change_url) {}
 InSessionPasswordChangeHandler::~InSessionPasswordChangeHandler() = default;
 
 void InSessionPasswordChangeHandler::HandleInitialize(
@@ -59,12 +33,11 @@ void InSessionPasswordChangeHandler::HandleInitialize(
 
   AllowJavascript();
   base::Value params(base::Value::Type::DICTIONARY);
-  const std::string password_change_url = GetPasswordChangeUrl(profile);
-  if (password_change_url.empty()) {
+  if (password_change_url_.empty()) {
     LOG(ERROR) << "Password change url is empty";
     return;
   }
-  params.SetKey("passwordChangeUrl", base::Value(password_change_url));
+  params.SetKey("passwordChangeUrl", base::Value(password_change_url_));
   const user_manager::User* user =
       ProfileHelper::Get()->GetUserByProfile(profile);
   if (user)

chrome/browser/ui/webui/chromeos/insession_password_change_handler_chromeos.h

@@ -16,7 +16,8 @@ namespace chromeos {
 class InSessionPasswordChangeHandler : public content::WebUIMessageHandler,
                                        AuthStatusConsumer {
  public:
-  InSessionPasswordChangeHandler();
+  explicit InSessionPasswordChangeHandler(
+      const std::string& password_change_url);
   ~InSessionPasswordChangeHandler() override;
 
   // content::WebUIMessageHandler:
@@ -30,6 +31,7 @@ class InSessionPasswordChangeHandler : public content::WebUIMessageHandler,
   void OnAuthSuccess(const UserContext& user_context) override;
 
  private:
+  const std::string password_change_url_;
   scoped_refptr<CryptohomeAuthenticator> authenticator_;
   base::WeakPtrFactory<InSessionPasswordChangeHandler> weak_factory_{this};
   DISALLOW_COPY_AND_ASSIGN(InSessionPasswordChangeHandler);

chrome/browser/ui/webui/chromeos/insession_password_change_ui.cc

@@ -7,15 +7,22 @@
 #include <memory>
 
 #include "base/bind.h"
+#include "base/command_line.h"
+#include "base/strings/utf_string_conversions.h"
+#include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/webui/chromeos/insession_password_change_handler_chromeos.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/common/webui_url_constants.h"
 #include "chrome/grit/browser_resources.h"
 #include "chrome/grit/generated_resources.h"
+#include "chromeos/constants/chromeos_switches.h"
+#include "chromeos/login/auth/saml_password_attributes.h"
 #include "components/prefs/pref_service.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/web_ui_data_source.h"
+#include "net/base/url_util.h"
+#include "ui/base/l10n/l10n_util.h"
 #include "ui/display/display.h"
 #include "ui/display/screen.h"
 #include "ui/strings/grit/ui_strings.h"
@@ -26,6 +33,35 @@ namespace {
 
 PasswordChangeDialog* g_dialog = nullptr;
 
+std::string GetPasswordChangeUrl(Profile* profile) {
+  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kSamlPasswordChangeUrl)) {
+    return base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
+        switches::kSamlPasswordChangeUrl);
+  }
+
+  const policy::UserCloudPolicyManagerChromeOS* user_cloud_policy_manager =
+      profile->GetUserCloudPolicyManagerChromeOS();
+  if (user_cloud_policy_manager) {
+    const enterprise_management::PolicyData* policy =
+        user_cloud_policy_manager->core()->store()->policy();
+    if (policy->has_change_password_uri()) {
+      return policy->change_password_uri();
+    }
+  }
+
+  return SamlPasswordAttributes::LoadFromPrefs(profile->GetPrefs())
+      .password_change_url();
+}
+
+base::string16 GetManagementNotice(Profile* profile) {
+  base::string16 host = base::UTF8ToUTF16(
+      net::GetHostAndOptionalPort(GURL(GetPasswordChangeUrl(profile))));
+  DCHECK(!host.empty());
+  return l10n_util::GetStringFUTF16(IDS_LOGIN_SAML_PASSWORD_CHANGE_NOTICE,
+                                    host);
+}
+
 constexpr int kMaxDialogWidth = 768;
 constexpr int kMaxDialogHeight = 640;
 
@@ -48,9 +84,9 @@ gfx::Size GetPasswordChangeDialogSize() {
 
 }  // namespace
 
-PasswordChangeDialog::PasswordChangeDialog()
-    : SystemWebDialogDelegate(GURL(chrome::kChromeUIPasswordChangeUrl),
-                              base::string16()) {}
+PasswordChangeDialog::PasswordChangeDialog(const base::string16& title)
+    : SystemWebDialogDelegate(GURL(chrome::kChromeUIPasswordChangeUrl), title) {
+}
 
 PasswordChangeDialog::~PasswordChangeDialog() {
   DCHECK_EQ(this, g_dialog);
@@ -61,13 +97,13 @@ void PasswordChangeDialog::GetDialogSize(gfx::Size* size) const {
   *size = GetPasswordChangeDialogSize();
 }
 
-void PasswordChangeDialog::Show() {
+void PasswordChangeDialog::Show(Profile* profile) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   if (g_dialog) {
     g_dialog->Focus();
     return;
   }
-  g_dialog = new PasswordChangeDialog();
+  g_dialog = new PasswordChangeDialog(GetManagementNotice(profile));
   g_dialog->ShowSystemDialog();
 }
 
@@ -79,7 +115,8 @@ InSessionPasswordChangeUI::InSessionPasswordChangeUI(content::WebUI* web_ui)
   content::WebUIDataSource* source =
       content::WebUIDataSource::Create(chrome::kChromeUIPasswordChangeHost);
 
-  web_ui->AddMessageHandler(std::make_unique<InSessionPasswordChangeHandler>());
+  web_ui->AddMessageHandler(std::make_unique<InSessionPasswordChangeHandler>(
+      GetPasswordChangeUrl(profile)));
 
   source->SetJsonPath("strings.js");
 

chrome/browser/ui/webui/chromeos/insession_password_change_ui.h

@@ -6,17 +6,20 @@
 #define CHROME_BROWSER_UI_WEBUI_CHROMEOS_INSESSION_PASSWORD_CHANGE_UI_H_
 
 #include "base/macros.h"
+#include "base/strings/string16.h"
 #include "chrome/browser/ui/webui/chromeos/system_web_dialog_delegate.h"
 #include "ui/web_dialogs/web_dialog_ui.h"
 
+class Profile;
+
 namespace chromeos {
 
 class PasswordChangeDialog : public SystemWebDialogDelegate {
  public:
-  static void Show();
+  static void Show(Profile* profile);
 
  protected:
-  PasswordChangeDialog();
+  explicit PasswordChangeDialog(const base::string16& title);
   ~PasswordChangeDialog() override;
 
   // ui::WebDialogDelegate: