Extract LoginPerformer to chromeos/auth

BUG=387613
R=nkostylev@chromium.org

Review URL: https://codereview.chromium.org/614973002

Cr-Commit-Position: refs/heads/master@{#300489}

chrome/browser/chromeos/app_mode/kiosk_profile_loader.cc

@@ -10,6 +10,7 @@
 #include "base/strings/string_util.h"
 #include "base/sys_info.h"
 #include "chrome/browser/chromeos/app_mode/kiosk_app_manager.h"
+#include "chrome/browser/chromeos/login/auth/chrome_login_performer.h"
 #include "chrome/browser/chromeos/login/demo_mode/demo_app_launcher.h"
 #include "chrome/browser/chromeos/login/login_utils.h"
 #include "chrome/browser/chromeos/login/ui/login_display_host_impl.h"
@@ -134,7 +135,7 @@ void KioskProfileLoader::Start() {
 }
 
 void KioskProfileLoader::LoginAsKioskAccount() {
-  login_performer_.reset(new LoginPerformer(this));
+  login_performer_.reset(new ChromeLoginPerformer(this));
   login_performer_->LoginAsKioskAccount(user_id_, use_guest_mount_);
 }
 

chrome/browser/chromeos/app_mode/kiosk_profile_loader.h

@@ -11,8 +11,8 @@
 #include "base/callback.h"
 #include "base/memory/scoped_ptr.h"
 #include "chrome/browser/chromeos/app_mode/kiosk_app_launch_error.h"
-#include "chrome/browser/chromeos/login/auth/login_performer.h"
 #include "chrome/browser/chromeos/login/login_utils.h"
+#include "chromeos/login/auth/login_performer.h"
 
 class Profile;
 

chrome/browser/chromeos/login/auth/chrome_login_performer.cc

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/login/auth/chrome_login_performer.h"
+
+#include "base/bind.h"
+#include "base/thread_task_runner_handle.h"
+#include "chrome/browser/browser_process.h"
+#include "chrome/browser/chromeos/login/login_utils.h"
+#include "chrome/browser/chromeos/login/supervised/supervised_user_authentication.h"
+#include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h"
+#include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h"
+#include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
+#include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
+#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
+#include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/chromeos/settings/cros_settings.h"
+
+namespace chromeos {
+
+ChromeLoginPerformer::ChromeLoginPerformer(Delegate* delegate)
+    : LoginPerformer(base::ThreadTaskRunnerHandle::Get(), delegate),
+      weak_factory_(this) {
+}
+
+ChromeLoginPerformer::~ChromeLoginPerformer() {
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// ChromeLoginPerformer, public:
+
+bool ChromeLoginPerformer::RunTrustedCheck(const base::Closure& callback) {
+  CrosSettings* cros_settings = CrosSettings::Get();
+
+  CrosSettingsProvider::TrustedStatus status =
+      cros_settings->PrepareTrustedValues(
+          base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
+                     weak_factory_.GetWeakPtr(),
+                     callback));
+  // Must not proceed without signature verification.
+  if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
+    if (delegate_)
+      delegate_->PolicyLoadFailed();
+    else
+      NOTREACHED();
+    return true;  // Some callback was called.
+  } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) {
+    // Value of AllowNewUser setting is still not verified.
+    // Another attempt will be invoked after verification completion.
+    return false;
+  } else {
+    DCHECK(status == CrosSettingsProvider::TRUSTED);
+    // CrosSettingsProvider::TRUSTED
+    callback.Run();
+    return true;  // Some callback was called.
+  }
+}
+
+void ChromeLoginPerformer::DidRunTrustedCheck(const base::Closure& callback) {
+  CrosSettings* cros_settings = CrosSettings::Get();
+
+  CrosSettingsProvider::TrustedStatus status =
+      cros_settings->PrepareTrustedValues(
+          base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
+                     weak_factory_.GetWeakPtr(),
+                     callback));
+  // Must not proceed without signature verification.
+  if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
+    if (delegate_)
+      delegate_->PolicyLoadFailed();
+    else
+      NOTREACHED();
+  } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) {
+    // Value of AllowNewUser setting is still not verified.
+    // Another attempt will be invoked after verification completion.
+    return;
+  } else {
+    DCHECK(status == CrosSettingsProvider::TRUSTED);
+    callback.Run();
+  }
+}
+
+bool ChromeLoginPerformer::IsUserWhitelisted(const std::string& user_id,
+                                             bool* wildcard_match) {
+  return LoginUtils::IsWhitelisted(user_id, wildcard_match);
+}
+
+void ChromeLoginPerformer::RunOnlineWhitelistCheck(
+    const std::string& user_id,
+    bool wildcard_match,
+    const base::Closure& success_callback,
+    const base::Closure& failure_callback) {
+  // On enterprise devices, reconfirm login permission with the server.
+  policy::BrowserPolicyConnectorChromeOS* connector =
+      g_browser_process->platform_part()->browser_policy_connector_chromeos();
+  if (connector->IsEnterpriseManaged() && wildcard_match &&
+      !connector->IsNonEnterpriseUser(user_id)) {
+    wildcard_login_checker_.reset(new policy::WildcardLoginChecker());
+    wildcard_login_checker_->Start(
+        ProfileHelper::GetSigninProfile()->GetRequestContext(),
+        base::Bind(&ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted,
+                   weak_factory_.GetWeakPtr(),
+                   success_callback,
+                   failure_callback));
+  } else {
+    success_callback.Run();
+  }
+}
+
+scoped_refptr<Authenticator> ChromeLoginPerformer::CreateAuthenticator() {
+  return LoginUtils::Get()->CreateAuthenticator(this);
+}
+
+bool ChromeLoginPerformer::AreSupervisedUsersAllowed() {
+  return user_manager::UserManager::Get()->AreSupervisedUsersAllowed();
+}
+
+bool ChromeLoginPerformer::UseExtendedAuthenticatorForSupervisedUser(
+    const UserContext& user_context) {
+  SupervisedUserAuthentication* authentication =
+      ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
+  return authentication->GetPasswordSchema(user_context.GetUserID()) ==
+         SupervisedUserAuthentication::SCHEMA_SALT_HASHED;
+}
+
+UserContext ChromeLoginPerformer::TransformSupervisedKey(
+    const UserContext& context) {
+  SupervisedUserAuthentication* authentication =
+      ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
+  return authentication->TransformKey(context);
+}
+
+void ChromeLoginPerformer::SetupSupervisedUserFlow(const std::string& user_id) {
+  SupervisedUserLoginFlow* new_flow = new SupervisedUserLoginFlow(user_id);
+  new_flow->set_host(ChromeUserManager::Get()->GetUserFlow(user_id)->host());
+  ChromeUserManager::Get()->SetUserFlow(user_id, new_flow);
+}
+
+bool ChromeLoginPerformer::CheckPolicyForUser(const std::string& user_id) {
+  // Login is not allowed if policy could not be loaded for the account.
+  policy::BrowserPolicyConnectorChromeOS* connector =
+      g_browser_process->platform_part()->browser_policy_connector_chromeos();
+  policy::DeviceLocalAccountPolicyService* policy_service =
+      connector->GetDeviceLocalAccountPolicyService();
+  return policy_service && policy_service->IsPolicyAvailableForUser(user_id);
+}
+////////////////////////////////////////////////////////////////////////////////
+// ChromeLoginPerformer, private:
+
+content::BrowserContext* ChromeLoginPerformer::GetSigninContext() {
+  return ProfileHelper::GetSigninProfile();
+}
+
+net::URLRequestContextGetter* ChromeLoginPerformer::GetSigninRequestContext() {
+  return ProfileHelper::GetSigninProfile()->GetRequestContext();
+}
+
+void ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted(
+    const base::Closure& success_callback,
+    const base::Closure& failure_callback,
+    policy::WildcardLoginChecker::Result result) {
+  if (result == policy::WildcardLoginChecker::RESULT_ALLOWED) {
+    success_callback.Run();
+  } else {
+    failure_callback.Run();
+  }
+}
+
+}  // namespace chromeos

chrome/browser/chromeos/login/auth/chrome_login_performer.h

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_CHROME_LOGIN_PERFORMER_H_
+#define CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_CHROME_LOGIN_PERFORMER_H_
+
+#include <string>
+
+#include "base/basictypes.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/memory/weak_ptr.h"
+#include "chrome/browser/chromeos/policy/wildcard_login_checker.h"
+#include "chromeos/login/auth/auth_status_consumer.h"
+#include "chromeos/login/auth/authenticator.h"
+#include "chromeos/login/auth/extended_authenticator.h"
+#include "chromeos/login/auth/login_performer.h"
+#include "chromeos/login/auth/online_attempt_host.h"
+#include "chromeos/login/auth/user_context.h"
+#include "content/public/browser/notification_observer.h"
+#include "content/public/browser/notification_registrar.h"
+#include "google_apis/gaia/google_service_auth_error.h"
+
+namespace policy {
+class WildcardLoginChecker;
+}
+
+namespace chromeos {
+
+// This class implements chrome-specific elements of Login Performer.
+
+class ChromeLoginPerformer : public LoginPerformer {
+ public:
+  explicit ChromeLoginPerformer(Delegate* delegate);
+  virtual ~ChromeLoginPerformer();
+
+ protected:
+  virtual bool RunTrustedCheck(const base::Closure& callback) override;
+  void DidRunTrustedCheck(const base::Closure& callback);
+  virtual bool IsUserWhitelisted(const std::string& user_id,
+                                 bool* wildcard_match) override;
+
+  virtual void RunOnlineWhitelistCheck(
+      const std::string& user_id,
+      bool wildcard_match,
+      const base::Closure& success_callback,
+      const base::Closure& failure_callback) override;
+  virtual bool AreSupervisedUsersAllowed() override;
+
+  virtual bool UseExtendedAuthenticatorForSupervisedUser(
+      const UserContext& user_context) override;
+
+  virtual UserContext TransformSupervisedKey(
+      const UserContext& context) override;
+
+  virtual void SetupSupervisedUserFlow(const std::string& user_id) override;
+
+  virtual scoped_refptr<Authenticator> CreateAuthenticator() override;
+  virtual bool CheckPolicyForUser(const std::string& user_id) override;
+  virtual content::BrowserContext* GetSigninContext() override;
+  virtual net::URLRequestContextGetter* GetSigninRequestContext() override;
+
+ private:
+  void OnlineWildcardLoginCheckCompleted(
+      const base::Closure& success_callback,
+      const base::Closure& failure_callback,
+      policy::WildcardLoginChecker::Result result);
+
+  // Used to verify logins that matched wildcard on the login whitelist.
+  scoped_ptr<policy::WildcardLoginChecker> wildcard_login_checker_;
+  base::WeakPtrFactory<ChromeLoginPerformer> weak_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(ChromeLoginPerformer);
+};
+
+}  // namespace chromeos
+
+#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_CHROME_LOGIN_PERFORMER_H_

chrome/browser/chromeos/login/existing_user_controller.cc

@@ -29,6 +29,7 @@
 #include "chrome/browser/chromeos/customization_document.h"
 #include "chrome/browser/chromeos/first_run/first_run.h"
 #include "chrome/browser/chromeos/kiosk_mode/kiosk_mode_settings.h"
+#include "chrome/browser/chromeos/login/auth/chrome_login_performer.h"
 #include "chrome/browser/chromeos/login/helper.h"
 #include "chrome/browser/chromeos/login/login_utils.h"
 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
@@ -460,7 +461,7 @@ void ExistingUserController::PerformLogin(
   if (!login_performer_.get() || num_login_attempts_ <= 1) {
     // Only one instance of LoginPerformer should exist at a time.
     login_performer_.reset(NULL);
-    login_performer_.reset(new LoginPerformer(this));
+    login_performer_.reset(new ChromeLoginPerformer(this));
   }
 
   is_login_in_progress_ = true;
@@ -485,7 +486,7 @@ void ExistingUserController::LoginAsRetailModeUser() {
 
   // Only one instance of LoginPerformer should exist at a time.
   login_performer_.reset(NULL);
-  login_performer_.reset(new LoginPerformer(this));
+  login_performer_.reset(new ChromeLoginPerformer(this));
   is_login_in_progress_ = true;
   login_performer_->LoginRetailMode();
   SendAccessibilityAlert(
@@ -540,7 +541,7 @@ void ExistingUserController::LoginAsGuest() {
 
   // Only one instance of LoginPerformer should exist at a time.
   login_performer_.reset(NULL);
-  login_performer_.reset(new LoginPerformer(this));
+  login_performer_.reset(new ChromeLoginPerformer(this));
   is_login_in_progress_ = true;
   login_performer_->LoginOffTheRecord();
   SendAccessibilityAlert(
@@ -1254,7 +1255,7 @@ void ExistingUserController::LoginAsPublicSessionInternal(
     const UserContext& user_context) {
   // Only one instance of LoginPerformer should exist at a time.
   login_performer_.reset(NULL);
-  login_performer_.reset(new LoginPerformer(this));
+  login_performer_.reset(new ChromeLoginPerformer(this));
   is_login_in_progress_ = true;
   login_performer_->LoginAsPublicSession(user_context);
   SendAccessibilityAlert(

chrome/browser/chromeos/login/existing_user_controller.h

@@ -17,11 +17,11 @@
 #include "base/time/time.h"
 #include "base/timer/timer.h"
 #include "chrome/browser/chromeos/app_mode/kiosk_app_manager.h"
-#include "chrome/browser/chromeos/login/auth/login_performer.h"
 #include "chrome/browser/chromeos/login/login_utils.h"
 #include "chrome/browser/chromeos/login/ui/login_display.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/chromeos/settings/device_settings_service.h"
+#include "chromeos/login/auth/login_performer.h"
 #include "components/user_manager/user.h"
 #include "content/public/browser/notification_observer.h"
 #include "content/public/browser/notification_registrar.h"

chrome/browser/chromeos/login/lock/screen_locker.cc

@@ -25,7 +25,6 @@
 #include "base/strings/string_util.h"
 #include "base/timer/timer.h"
 #include "chrome/browser/chrome_notification_types.h"
-#include "chrome/browser/chromeos/login/auth/login_performer.h"
 #include "chrome/browser/chromeos/login/lock/webui_screen_locker.h"
 #include "chrome/browser/chromeos/login/login_utils.h"
 #include "chrome/browser/chromeos/login/session/user_session_manager.h"

chrome/browser/chromeos/login/screens/error_screen.cc

@@ -5,6 +5,7 @@
 #include "chrome/browser/chromeos/login/screens/error_screen.h"
 
 #include "base/command_line.h"
+#include "chrome/browser/chromeos/login/auth/chrome_login_performer.h"
 #include "chrome/browser/chromeos/login/chrome_restart_request.h"
 #include "chrome/browser/chromeos/login/screens/error_screen_actor.h"
 #include "chrome/browser/chromeos/login/startup_utils.h"
@@ -171,7 +172,7 @@ void ErrorScreen::StartGuestSessionAfterOwnershipCheck(
   if (guest_login_performer_)
     return;
 
-  guest_login_performer_.reset(new LoginPerformer(this));
+  guest_login_performer_.reset(new ChromeLoginPerformer(this));
   guest_login_performer_->LoginOffTheRecord();
 }
 

chrome/browser/chromeos/login/screens/error_screen.h

@@ -9,11 +9,11 @@
 #include "base/compiler_specific.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
-#include "chrome/browser/chromeos/login/auth/login_performer.h"
 #include "chrome/browser/chromeos/login/screens/base_screen.h"
 #include "chrome/browser/chromeos/login/screens/error_screen_actor_delegate.h"
 #include "chrome/browser/chromeos/login/ui/oobe_display.h"
 #include "chrome/browser/chromeos/settings/device_settings_service.h"
+#include "chromeos/login/auth/login_performer.h"
 
 namespace chromeos {
 

chrome/browser/chromeos/login/session/user_session_manager.cc

@@ -780,14 +780,14 @@ void UserSessionManager::UserProfileInitialized(Profile* profile,
     // transferred unconditionally. If the user authenticated via an auth
     // extension, authentication cookies and channel IDs will be transferred as
     // well when the user's cookie jar is empty. If the cookie jar is not empty,
-    // the authentication states in the login profile and the user's profile
+    // the authentication states in the browser context and the user's profile
     // must be merged using /MergeSession instead. Authentication cookies set by
     // a SAML IdP will also be transferred when the user's cookie jar is not
     // empty if |transfer_saml_auth_cookies_on_subsequent_login| is true.
     const bool transfer_auth_cookies_and_channel_ids_on_first_login =
         has_auth_cookies_;
     ProfileAuthData::Transfer(
-        authenticator_->authentication_profile(),
+        authenticator_->authentication_context(),
         profile,
         transfer_auth_cookies_and_channel_ids_on_first_login,
         transfer_saml_auth_cookies_on_subsequent_login,
@@ -901,9 +901,10 @@ void UserSessionManager::InitSessionRestoreStrategy() {
   }
 }
 
-void UserSessionManager::RestoreAuthSessionImpl(Profile* profile,
-                                            bool restore_from_auth_cookies) {
-  CHECK((authenticator_.get() && authenticator_->authentication_profile()) ||
+void UserSessionManager::RestoreAuthSessionImpl(
+    Profile* profile,
+    bool restore_from_auth_cookies) {
+  CHECK((authenticator_.get() && authenticator_->authentication_context()) ||
         !restore_from_auth_cookies);
 
   if (chrome::IsRunningInForcedAppMode() ||
@@ -921,8 +922,8 @@ void UserSessionManager::RestoreAuthSessionImpl(Profile* profile,
       OAuth2LoginManagerFactory::GetInstance()->GetForProfile(profile);
   login_manager->AddObserver(this);
   login_manager->RestoreSession(
-      authenticator_.get() && authenticator_->authentication_profile()
-          ? authenticator_->authentication_profile()->GetRequestContext()
+      authenticator_.get() && authenticator_->authentication_context()
+          ? authenticator_->authentication_context()->GetRequestContext()
           : NULL,
       session_restore_strategy_,
       oauth2_refresh_token_,

chrome/chrome_browser_chromeos.gypi

@@ -429,8 +429,8 @@
         'browser/chromeos/login/auth/auth_prewarmer.h',
         'browser/chromeos/login/auth/chrome_cryptohome_authenticator.cc',
         'browser/chromeos/login/auth/chrome_cryptohome_authenticator.h',
-        'browser/chromeos/login/auth/login_performer.cc',
-        'browser/chromeos/login/auth/login_performer.h',
+        'browser/chromeos/login/auth/chrome_login_performer.cc',
+        'browser/chromeos/login/auth/chrome_login_performer.h',
         'browser/chromeos/login/chrome_restart_request.cc',
         'browser/chromeos/login/chrome_restart_request.h',
         'browser/chromeos/login/default_pinned_apps_field_trial.cc',

chromeos/chromeos.gyp

@@ -254,6 +254,8 @@
       'login/auth/extended_authenticator_impl.h',
       'login/auth/key.cc',
       'login/auth/key.h',
+      'login/auth/login_performer.cc',
+      'login/auth/login_performer.h',
       'login/auth/online_attempt.cc',
       'login/auth/online_attempt.h',
       'login/auth/online_attempt_host.cc',

chromeos/login/auth/authenticator.cc

@@ -9,7 +9,7 @@ namespace chromeos {
 class AuthStatusConsumer;
 
 Authenticator::Authenticator(AuthStatusConsumer* consumer)
-    : consumer_(consumer), authentication_profile_(NULL) {
+    : consumer_(consumer), authentication_context_(NULL) {
 }
 
 Authenticator::~Authenticator() {

chromeos/login/auth/authenticator.h

@@ -13,7 +13,9 @@
 #include "chromeos/login/auth/auth_status_consumer.h"
 #include "google_apis/gaia/gaia_auth_consumer.h"
 
-class Profile;
+namespace content {
+class BrowserContext;
+}
 
 namespace chromeos {
 
@@ -31,13 +33,13 @@ class CHROMEOS_EXPORT Authenticator
 
   // Given externally authenticated username and password (part of
   // |user_context|), this method attempts to complete authentication process.
-  virtual void CompleteLogin(Profile* profile,
+  virtual void CompleteLogin(content::BrowserContext* browser_context,
                              const UserContext& user_context) = 0;
 
   // Given a user credentials in |user_context|,
   // this method attempts to authenticate to login.
   // Must be called on the UI thread.
-  virtual void AuthenticateToLogin(Profile* profile,
+  virtual void AuthenticateToLogin(content::BrowserContext* browser_context,
                                    const UserContext& user_context) = 0;
 
   // Given a user credentials in |user_context|, this method attempts to
@@ -86,9 +88,11 @@ class CHROMEOS_EXPORT Authenticator
   // and create a new cryptohome.
   virtual void ResyncEncryptedData() = 0;
 
-  // Profile (usually off the record ) that was used to perform the last
+  // BrowserContext (usually off the record) that was used to perform the last
   // authentication process.
-  Profile* authentication_profile() { return authentication_profile_; }
+  content::BrowserContext* authentication_context() {
+    return authentication_context_;
+  }
 
   // Sets consumer explicitly.
   void SetConsumer(AuthStatusConsumer* consumer);
@@ -97,7 +101,7 @@ class CHROMEOS_EXPORT Authenticator
   virtual ~Authenticator();
 
   AuthStatusConsumer* consumer_;
-  Profile* authentication_profile_;
+  content::BrowserContext* authentication_context_;
 
  private:
   friend class base::RefCountedThreadSafe<Authenticator>;

chromeos/login/auth/cryptohome_authenticator.cc

@@ -384,9 +384,9 @@ CryptohomeAuthenticator::CryptohomeAuthenticator(
 }
 
 void CryptohomeAuthenticator::AuthenticateToLogin(
-    Profile* profile,
+    content::BrowserContext* context,
     const UserContext& user_context) {
-  authentication_profile_ = profile;
+  authentication_context_ = context;
   current_state_.reset(new AuthAttemptState(user_context,
                                             user_manager::USER_TYPE_REGULAR,
                                             false,  // unlock
@@ -401,9 +401,9 @@ void CryptohomeAuthenticator::AuthenticateToLogin(
              false /* create_if_nonexistent */);
 }
 
-void CryptohomeAuthenticator::CompleteLogin(Profile* profile,
+void CryptohomeAuthenticator::CompleteLogin(content::BrowserContext* context,
                                             const UserContext& user_context) {
-  authentication_profile_ = profile;
+  authentication_context_ = context;
   current_state_.reset(new AuthAttemptState(user_context,
                                             user_manager::USER_TYPE_REGULAR,
                                             true,   // unlock

chromeos/login/auth/cryptohome_authenticator.h

@@ -21,7 +21,10 @@
 #include "google_apis/gaia/gaia_auth_consumer.h"
 
 class AuthFailure;
-class Profile;
+
+namespace content {
+class BrowserContext;
+}
 
 namespace chromeos {
 
@@ -93,7 +96,7 @@ class CHROMEOS_EXPORT CryptohomeAuthenticator
                           AuthStatusConsumer* consumer);
 
   // Authenticator overrides.
-  virtual void CompleteLogin(Profile* profile,
+  virtual void CompleteLogin(content::BrowserContext* context,
                              const UserContext& user_context) override;
 
   // Given |user_context|, this method attempts to authenticate to your
@@ -103,8 +106,8 @@ class CHROMEOS_EXPORT CryptohomeAuthenticator
   // Upon failure to login consumer_->OnAuthFailure() is called
   // with an error message.
   //
-  // Uses |profile| when doing URL fetches.
-  virtual void AuthenticateToLogin(Profile* profile,
+  // Uses |context| when doing URL fetches.
+  virtual void AuthenticateToLogin(content::BrowserContext* context,
                                    const UserContext& user_context) override;
 
   // Given |user_context|, this method attempts to authenticate to the cached

chrome/browser/chromeos/login/auth/login_performer.h → chromeos/login/auth/login_performer.h

@@ -2,28 +2,35 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
-#define CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
+#ifndef CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
+#define CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
 
 #include <string>
 
 #include "base/basictypes.h"
+#include "base/callback.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
-#include "chrome/browser/chromeos/policy/wildcard_login_checker.h"
+#include "chromeos/chromeos_export.h"
 #include "chromeos/login/auth/auth_status_consumer.h"
 #include "chromeos/login/auth/authenticator.h"
 #include "chromeos/login/auth/extended_authenticator.h"
 #include "chromeos/login/auth/online_attempt_host.h"
 #include "chromeos/login/auth/user_context.h"
-#include "content/public/browser/notification_observer.h"
-#include "content/public/browser/notification_registrar.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 
+namespace net {
+class URLRequestContextGetter;
+}
+
 namespace policy {
 class WildcardLoginChecker;
 }
 
+namespace content {
+class BrowserContext;
+}
+
 namespace chromeos {
 
 // This class encapsulates sign in operations.
@@ -34,8 +41,8 @@ namespace chromeos {
 // If auth is succeeded, cookie fetcher is executed, LP instance deletes itself.
 //
 // If |delegate_| is not NULL it will handle error messages, password input.
-class LoginPerformer : public AuthStatusConsumer,
-                       public OnlineAttemptHost::Delegate {
+class CHROMEOS_EXPORT LoginPerformer : public AuthStatusConsumer,
+                                       public OnlineAttemptHost::Delegate {
  public:
   typedef enum AuthorizationMode {
     // Authorization performed internally by Chrome.
@@ -53,17 +60,10 @@ class LoginPerformer : public AuthStatusConsumer,
     virtual void OnOnlineChecked(const std::string& email, bool success) = 0;
   };
 
-  explicit LoginPerformer(Delegate* delegate);
+  LoginPerformer(scoped_refptr<base::TaskRunner> task_runner,
+                 Delegate* delegate);
   virtual ~LoginPerformer();
 
-  // AuthStatusConsumer implementation:
-  virtual void OnAuthFailure(const AuthFailure& error) override;
-  virtual void OnRetailModeAuthSuccess(
-      const UserContext& user_context) override;
-  virtual void OnAuthSuccess(const UserContext& user_context) override;
-  virtual void OnOffTheRecordAuthSuccess() override;
-  virtual void OnPasswordChangeDetected() override;
-
   // Performs a login for |user_context|.
   // If auth_mode is AUTH_MODE_EXTENSION, there are no further auth checks,
   // AUTH_MODE_INTERNAL will perform auth checks.
@@ -86,6 +86,14 @@ class LoginPerformer : public AuthStatusConsumer,
   void LoginAsKioskAccount(const std::string& app_user_id,
                            bool use_guest_mount);
 
+  // AuthStatusConsumer implementation:
+  virtual void OnAuthFailure(const AuthFailure& error) override;
+  virtual void OnRetailModeAuthSuccess(
+      const UserContext& user_context) override;
+  virtual void OnAuthSuccess(const UserContext& user_context) override;
+  virtual void OnOffTheRecordAuthSuccess() override;
+  virtual void OnPasswordChangeDetected() override;
+
   // Migrates cryptohome using |old_password| specified.
   void RecoverEncryptedData(const std::string& old_password);
 
@@ -115,7 +123,62 @@ class LoginPerformer : public AuthStatusConsumer,
 
  protected:
   // Implements OnlineAttemptHost::Delegate.
-  virtual void OnChecked(const std::string& username, bool success) override;
+  virtual void OnChecked(const std::string& user_id, bool success) override;
+
+  // Platform-dependant methods to be implemented by concrete class.
+
+  // Run trusted check for a platform. If trusted check have to be performed
+  // asynchronously, |false| will be returned, and either delegate's
+  // PolicyLoadFailed() or |callback| will be called upon actual check.
+  virtual bool RunTrustedCheck(const base::Closure& callback) = 0;
+
+  // Check if user is allowed to sign in on device. |wildcard_match| will
+  // contain additional information whether this user is explicitly listed or
+  // not (may be relevant for extension-based sign-in).
+  virtual bool IsUserWhitelisted(const std::string& user_id,
+                                 bool* wildcard_match) = 0;
+
+  // This method should run addional online check if user can sign in on device.
+  // Either |success_callback| or |failure_callback| should be called upon this
+  // check.
+  virtual void RunOnlineWhitelistCheck(
+      const std::string& user_id,
+      bool wildcard_match,
+      const base::Closure& success_callback,
+      const base::Closure& failure_callback) = 0;
+
+  // Supervised users-related methods.
+
+  // Check if supervised users are allowed on this device.
+  virtual bool AreSupervisedUsersAllowed() = 0;
+
+  // Check which authenticator should be used for supervised user.
+  virtual bool UseExtendedAuthenticatorForSupervisedUser(
+      const UserContext& user_context) = 0;
+
+  // Probably transform supervised user's authentication key.
+  virtual UserContext TransformSupervisedKey(const UserContext& context) = 0;
+
+  // Set up sign-in flow for supervised user.
+  virtual void SetupSupervisedUserFlow(const std::string& user_id) = 0;
+
+  // Run policy check for |user_id|. If something is wrong, delegate's
+  // PolicyLoadFailed is called.
+  virtual bool CheckPolicyForUser(const std::string& user_id) = 0;
+
+  // Look up browser context to use during signin.
+  virtual content::BrowserContext* GetSigninContext() = 0;
+
+  // Get RequestContext used for sign in.
+  virtual net::URLRequestContextGetter* GetSigninRequestContext() = 0;
+
+  // Create authenticator implementation.
+  virtual scoped_refptr<Authenticator> CreateAuthenticator() = 0;
+
+  void set_authenticator(scoped_refptr<Authenticator> authenticator);
+
+  // Notifications receiver.
+  Delegate* delegate_;
 
  private:
   // Starts login completion of externally authenticated user.
@@ -123,15 +186,23 @@ class LoginPerformer : public AuthStatusConsumer,
 
   // Starts authentication.
   void StartAuthentication();
+  void NotifyWhitelistCheckFailure();
+
+  // Makes sure that authenticator is created.
+  void EnsureAuthenticator();
+  void EnsureExtendedAuthenticator();
 
-  // Completion callback for the online wildcard login check for enterprise
-  // devices. Continues the login process or signals whitelist check failure
-  // depending on the value of |result|.
-  void OnlineWildcardLoginCheckCompleted(
-      policy::WildcardLoginChecker::Result result);
+  // Actual implementantion of PeformLogin that is run after trusted values
+  // check.
+  void DoPerformLogin(const UserContext& user_context,
+                      AuthorizationMode auth_mode);
+
+  scoped_refptr<base::TaskRunner> task_runner_;
 
   // Used for logging in.
   scoped_refptr<Authenticator> authenticator_;
+
+  // Used for logging in.
   scoped_refptr<ExtendedAuthenticator> extended_authenticator_;
 
   // Used to make auxiliary online check.
@@ -144,9 +215,6 @@ class LoginPerformer : public AuthStatusConsumer,
   // User credentials for the current login attempt.
   UserContext user_context_;
 
-  // Notifications receiver.
-  Delegate* delegate_;
-
   // True if password change has been detected.
   // Once correct password is entered homedir migration is executed.
   bool password_changed_;
@@ -155,14 +223,10 @@ class LoginPerformer : public AuthStatusConsumer,
   // Authorization mode type.
   AuthorizationMode auth_mode_;
 
-  // Used to verify logins that matched wildcard on the login whitelist.
-  scoped_ptr<policy::WildcardLoginChecker> wildcard_login_checker_;
-
   base::WeakPtrFactory<LoginPerformer> weak_factory_;
-
   DISALLOW_COPY_AND_ASSIGN(LoginPerformer);
 };
 
 }  // namespace chromeos
 
-#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
+#endif  // CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_

chromeos/login/auth/mock_authenticator.cc

@@ -17,14 +17,14 @@ MockAuthenticator::MockAuthenticator(AuthStatusConsumer* consumer,
       message_loop_(base::MessageLoopProxy::current()) {
 }
 
-void MockAuthenticator::CompleteLogin(Profile* profile,
+void MockAuthenticator::CompleteLogin(content::BrowserContext* ignored,
                                       const UserContext& user_context) {
   if (expected_user_context_ != user_context)
     NOTREACHED();
   OnAuthSuccess();
 }
 
-void MockAuthenticator::AuthenticateToLogin(Profile* profile,
+void MockAuthenticator::AuthenticateToLogin(content::BrowserContext* ignored,
                                             const UserContext& user_context) {
   if (user_context == expected_user_context_) {
     message_loop_->PostTask(

chromeos/login/auth/mock_authenticator.h

@@ -13,7 +13,9 @@
 #include "chromeos/login/auth/user_context.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-class Profile;
+namespace content {
+class BrowserContext;
+}
 
 namespace chromeos {
 
@@ -25,9 +27,9 @@ class CHROMEOS_EXPORT MockAuthenticator : public Authenticator {
                     const UserContext& expected_user_context);
 
   // Authenticator:
-  virtual void CompleteLogin(Profile* profile,
+  virtual void CompleteLogin(content::BrowserContext* context,
                              const UserContext& user_context) override;
-  virtual void AuthenticateToLogin(Profile* profile,
+  virtual void AuthenticateToLogin(content::BrowserContext* context,
                                    const UserContext& user_context) override;
   virtual void AuthenticateToUnlock(const UserContext& user_context) override;
   virtual void LoginAsSupervisedUser(const UserContext& user_context) override;