[cros login, new GAIA] New UI for not authorized error

Drop "offline sign in" help article reference since HelpApp doesn't have that content.

BUG=468257,469459

Review URL: https://codereview.chromium.org/1058433002

Cr-Commit-Position: refs/heads/master@{#324421}

chrome/app/chromeos_strings.grdp

@@ -14,7 +14,7 @@
     Chromebase
   </message>
   <message name="IDS_CHROMEBIT" desc="The localized name for Chromebit">
-    Chromebit  
+    Chromebit
   </message>
   <!-- Idle logout dialog for retail mode -->
   <message name="IDS_IDLE_LOGOUT_TITLE" desc="Dialog title for the idle logout dialog. Used in retail mode only.">
@@ -1623,6 +1623,12 @@ Press any key to continue exploring.
   <message name="IDS_BROWSE_WITHOUT_SIGNING_IN_BUTTON">
     Skip sign-in and browse as Guest
   </message>
+  <message name="IDS_WHITELIST_ERROR_TRY_AGAIN_BUTTON" desc="The text of the try again button on the whitelist error UI.">
+    Try again
+  </message>
+  <message name="IDS_WHITELIST_ERROR_LEARN_MORE_BUTTON" desc="The text of the learn more link on the whitelist error UI.">
+    Learn more
+  </message>
   <message name="IDS_CREATE_ACCOUNT_HTML" desc="Text shown on side of Google sign-in UI.">
     If you don't have a Google Account you can <ph name="LINK_START">$1<ex>&gt;a&lt;</ex></ph>create a Google Account<ph name="LINK_END">$2<ex>&gt;/a&lt;</ex></ph> now.
   </message>

chrome/browser/chromeos/login/app_launch_signin_screen.cc

@@ -184,10 +184,8 @@ void AppLaunchSigninScreen::OnAuthFailure(const AuthFailure& error) {
   LOG(ERROR) << "Unlock failure: " << error.reason();
   webui_handler_->ClearAndEnablePassword();
   webui_handler_->ShowError(
-     0,
-     l10n_util::GetStringUTF8(IDS_LOGIN_ERROR_AUTHENTICATING_KIOSK),
-     std::string(),
-     HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT_OFFLINE);
+      0, l10n_util::GetStringUTF8(IDS_LOGIN_ERROR_AUTHENTICATING_KIOSK),
+      std::string(), HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT);
 }
 
 void AppLaunchSigninScreen::OnAuthSuccess(const UserContext& user_context) {

chrome/browser/chromeos/login/existing_user_controller.cc

@@ -691,18 +691,18 @@ void ExistingUserController::WhiteListCheckFailed(const std::string& email) {
   PerformLoginFinishedActions(true /* start public session timer */);
   offline_failed_ = false;
 
-  if (g_browser_process->platform_part()
-          ->browser_policy_connector_chromeos()
-          ->IsEnterpriseManaged()) {
-    ShowError(IDS_ENTERPRISE_LOGIN_ERROR_WHITELIST, email);
+  if (StartupUtils::IsWebviewSigninEnabled()) {
+    login_display_->ShowWhitelistCheckFailedError();
   } else {
-    ShowError(IDS_LOGIN_ERROR_WHITELIST, email);
-  }
-
-  if (StartupUtils::IsWebviewSigninEnabled())
-    login_display_->ShowSigninUI("");
-  else
+    if (g_browser_process->platform_part()
+            ->browser_policy_connector_chromeos()
+            ->IsEnterpriseManaged()) {
+      ShowError(IDS_ENTERPRISE_LOGIN_ERROR_WHITELIST, email);
+    } else {
+      ShowError(IDS_LOGIN_ERROR_WHITELIST, email);
+    }
     login_display_->ShowSigninUI(email);
+  }
 
   if (auth_status_consumer_) {
     auth_status_consumer_->OnAuthFailure(
@@ -941,17 +941,9 @@ gfx::NativeWindow ExistingUserController::GetNativeWindow() const {
 
 void ExistingUserController::ShowError(int error_id,
                                        const std::string& details) {
-  // TODO(dpolukhin): show detailed error info. |details| string contains
-  // low level error info that is not localized and even is not user friendly.
-  // For now just ignore it because error_text contains all required information
-  // for end users, developers can see details string in Chrome logs.
   VLOG(1) << details;
   HelpAppLauncher::HelpTopic help_topic_id;
-  bool is_offline = !network_state_helper_->IsConnected();
   switch (login_performer_->error().state()) {
-    case GoogleServiceAuthError::CONNECTION_FAILED:
-      help_topic_id = HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT_OFFLINE;
-      break;
     case GoogleServiceAuthError::ACCOUNT_DISABLED:
       help_topic_id = HelpAppLauncher::HELP_ACCOUNT_DISABLED;
       break;
@@ -959,9 +951,7 @@ void ExistingUserController::ShowError(int error_id,
       help_topic_id = HelpAppLauncher::HELP_HOSTED_ACCOUNT;
       break;
     default:
-      help_topic_id = is_offline ?
-          HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT_OFFLINE :
-          HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT;
+      help_topic_id = HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT;
       break;
   }
 

chrome/browser/chromeos/login/help_app_launcher.h

@@ -26,9 +26,7 @@ class HelpAppLauncher : public base::RefCountedThreadSafe<HelpAppLauncher> {
     HELP_CONNECTIVITY = 188752,
     // Showed at EULA screen as "Learn more" about stats/crash reports.
     HELP_STATS_USAGE = 183078,
-    // Showed whenever there're troubles signing in (offline case).
-    HELP_CANT_ACCESS_ACCOUNT_OFFLINE = 188755,
-    // Showed whenever there're troubles signing in (online case).
+    // Showed whenever there're troubles signing in.
     HELP_CANT_ACCESS_ACCOUNT = 188036,
     // Showed in case when account was disabled.
     HELP_ACCOUNT_DISABLED = 188756,

chrome/browser/chromeos/login/ui/login_display.h

@@ -138,6 +138,10 @@ class LoginDisplay {
   // Shows signin UI with specified email.
   virtual void ShowSigninUI(const std::string& email) = 0;
 
+  // Show whitelist check failed error. Happens after user completes online
+  // signin but whitelist check fails.
+  virtual void ShowWhitelistCheckFailedError() = 0;
+
   gfx::Rect background_bounds() const { return background_bounds_; }
   void set_background_bounds(const gfx::Rect& background_bounds) {
     background_bounds_ = background_bounds;

chrome/browser/chromeos/login/ui/mock_login_display.h

@@ -26,6 +26,7 @@ class MockLoginDisplay : public LoginDisplay {
   MOCK_METHOD1(ShowGaiaPasswordChanged, void(const std::string&));
   MOCK_METHOD1(ShowPasswordChangedDialog, void(bool));
   MOCK_METHOD1(ShowSigninUI, void(const std::string&));
+  MOCK_METHOD0(ShowWhitelistCheckFailedError, void(void));
   MOCK_METHOD1(OnBeforeUserRemoved, void(const std::string&));
   MOCK_METHOD1(OnUserRemoved, void(const std::string&));
 

chrome/browser/chromeos/login/ui/webui_login_display.cc

@@ -195,6 +195,11 @@ void WebUILoginDisplay::ShowSigninUI(const std::string& email) {
     webui_handler_->ShowSigninUI(email);
 }
 
+void WebUILoginDisplay::ShowWhitelistCheckFailedError() {
+  if (webui_handler_)
+    webui_handler_->ShowWhitelistCheckFailedError();
+}
+
 // WebUILoginDisplay, NativeWindowDelegate implementation: ---------------------
 gfx::NativeWindow WebUILoginDisplay::GetNativeWindow() const {
   return parent_window();

chrome/browser/chromeos/login/ui/webui_login_display.h

@@ -44,6 +44,7 @@ class WebUILoginDisplay : public LoginDisplay,
   void ShowGaiaPasswordChanged(const std::string& username) override;
   void ShowPasswordChangedDialog(bool show_password_error) override;
   void ShowSigninUI(const std::string& email) override;
+  void ShowWhitelistCheckFailedError() override;
 
   // NativeWindowDelegate implementation:
   gfx::NativeWindow GetNativeWindow() const override;

chrome/browser/resources/chromeos/login/gaia_whiteist_error.js

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+Polymer('gaia-whitelist-error', (function() {
+  // The help topic regarding user not being in the whitelist.
+  /** @const */ var HELP_CANT_ACCESS_ACCOUNT = 188036;
+
+  return {
+    enterpriseManaged: false,
+
+    onLearnMoreClicked: function() {
+      chrome.send('launchHelpApp', [HELP_CANT_ACCESS_ACCOUNT]);
+    },
+
+    tryAgainButtonClicked: function() {
+      $('gaia-signin').showWhitelistCheckFailedError(false);
+    }
+  };
+})());

chrome/browser/resources/chromeos/login/gaia_whitelist_error.html

+<link rel="import" href="chrome://resources/polymer/polymer/polymer.html">
+<link rel="import" href="chrome://resources/polymer/paper-button/paper-button.html">
+<link rel="import" href="chrome://resources/polymer/core-icons/core-icons.html">
+
+<polymer-element name="gaia-whitelist-error" attributes="errorMsg
+    enterpriseErrorMsg tryAgainBtn learnMoreBtn">
+  <template>
+    <style>
+      #container {
+        padding: 40px;
+      }
+
+      #icon-container {
+        margin-bottom: 14px;
+      }
+
+      core-icon {
+        color: #fbc02d;
+        height: 28px;
+        width: 28px;
+      }
+
+      #text-container {
+        color: grey;
+        line-height: 130%;
+        text-align: center;
+        width: 240px;
+      }
+
+      #controls-container {
+        width: 100%;
+      }
+
+      .learn-more-button {
+        color: rgb(66, 133, 244);
+        text-transform: none;
+      }
+
+      .try-again-button {
+        background-color: rgb(66, 133, 244);
+        color: rgb(255, 255, 255);
+        width: 126px;
+      }
+    </style>
+    <div id="container" vertical layout center fit>
+      <div flex layout center-justified vertical>
+        <div id="icon-container" vertical layout center>
+          <core-icon icon="warning"></core-icon>
+        </div>
+        <div id="text-container">
+          <div id="error-msg" hidden?="{{enterpriseManaged}}">
+            {{errorMsg}}
+          </div>
+          <div id="enterprise-error-msg" hidden?="{{!enterpriseManaged}}">
+            {{enterpriseErrorMsg}}
+          </div>
+        </div>
+      </div>
+      <div id="controls-container" horizontal layout justified
+          center>
+        <paper-button class="learn-more-button"
+            on-tap={{onLearnMoreClicked}}>
+          {{learnMoreBtn}}
+        </paper-button>
+        <paper-button class="try-again-button" raised
+            on-tap="{{tryAgainButtonClicked}}">
+          {{tryAgainBtn}}
+        </paper-button>
+      </div>
+    </div>
+  </template>
+</polymer-element>
\ No newline at end of file

chrome/browser/resources/chromeos/login/login.html

@@ -9,6 +9,7 @@
 <title i18n-content="title"></title>
 <include src="login_resources.html">
 <include src="throbber_notice.html">
+<include src="gaia_whitelist_error.html">
 <script src="chrome://oobe/login.js"></script>
 <script src="chrome://oobe/gaia_auth_host.js"></script>
 </head>
@@ -16,4 +17,4 @@
   <include src="screen_container.html">
   <script src="chrome://resources/js/i18n_template2.js"></script>
 </body>
-</html>
+</html>
\ No newline at end of file

chrome/browser/resources/chromeos/login/login.js

@@ -7,6 +7,7 @@
  */
 
 <include src="login_common.js">
+<include src="gaia_whiteist_error.js">
 
 cr.define('cr.ui.Oobe', function() {
   return {

chrome/browser/resources/chromeos/login/screen_gaia_signin.css

@@ -242,3 +242,29 @@ webview#signin-frame {
 #saml-notice-message {
   margin: 0 auto;
 }
+
+#gaia-whitelist-error {
+  bottom: 0;
+  display: none;
+  left: 0;
+  position: absolute;
+  right: 0;
+  top: 0;
+}
+
+.new-gaia-flow #gaia-whitelist-error {
+  display: block;
+  visibility: hidden;
+}
+
+.new-gaia-flow .whitelist-error #gaia-whitelist-error {
+  visibility: visible;
+}
+
+.new-gaia-flow #gaia-signin.whitelist-error .step-contents {
+  visibility: hidden;
+}
+
+.new-gaia-flow #gaia-signin.whitelist-error .step-loading {
+  visibility: hidden;
+}
\ No newline at end of file

chrome/browser/resources/chromeos/login/screen_gaia_signin.html

@@ -31,6 +31,13 @@
     <div class="throbber"></div>
     <throbber-notice i18n-values="text:gaiaLoadingNewGaia"></throbber-notice>
   </div>
+  <gaia-whitelist-error
+      i18n-values="errorMsg:whitelistErrorConsumer;
+                   enterpriseErrorMsg:whitelistErrorEnterprise;
+                   tryAgainBtn:tryAgainButton;
+                   learnMoreBtn:learnMoreButton"
+      id="gaia-whitelist-error">
+  </gaia-whitelist-error>
   <div id="enterprise-info-container" hidden>
     <include src="enterprise_info.html">
   </div>

chrome/browser/resources/chromeos/login/screen_gaia_signin.js

@@ -23,7 +23,8 @@ login.createScreen('GaiaSigninScreen', 'gaia-signin', function() {
       'doReload',
       'onWebviewError',
       'onFrameError',
-      'updateCancelButtonState'
+      'updateCancelButtonState',
+      'showWhitelistCheckFailedError'
     ],
 
     /**
@@ -750,6 +751,7 @@ login.createScreen('GaiaSigninScreen', 'gaia-signin', function() {
 
       $('pod-row').loadLastWallpaper();
       Oobe.showScreen({id: SCREEN_ACCOUNT_PICKER});
+      this.classList.remove('whitelist-error');
       Oobe.resetSigninUI(true);
     },
 
@@ -773,5 +775,24 @@ login.createScreen('GaiaSigninScreen', 'gaia-signin', function() {
     onWebviewError: function(data) {
       chrome.send('webviewLoadAborted', [data.error]);
     },
+
+    /**
+     * Show/Hide error when user is not in whitelist. When UI is hidden
+     * GAIA is reloaded.
+     * @param {boolean} show Show/hide error UI.
+     * @param {!Object} opt_data Optional additional information.
+     */
+    showWhitelistCheckFailedError: function(show, opt_data) {
+      if (opt_data) {
+        $('gaia-whitelist-error').enterpriseManaged =
+            opt_data.enterpriseManaged;
+      }
+
+      this.classList.toggle('whitelist-error', show);
+      this.loading = !show;
+
+      if (!show)
+        Oobe.showSigninUI();
+    },
   };
 });

chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc

@@ -324,6 +324,11 @@ void GaiaScreenHandler::DeclareLocalizedValues(
                IDS_LOGIN_CONSUMER_MANAGEMENT_ENROLLMENT);
   builder->Add("backButton", IDS_ACCNAME_BACK);
   builder->Add("closeButton", IDS_CLOSE);
+  builder->Add("whitelistErrorConsumer", IDS_LOGIN_ERROR_WHITELIST);
+  builder->Add("whitelistErrorEnterprise",
+               IDS_ENTERPRISE_LOGIN_ERROR_WHITELIST);
+  builder->Add("tryAgainButton", IDS_WHITELIST_ERROR_TRY_AGAIN_BUTTON);
+  builder->Add("learnMoreButton", IDS_WHITELIST_ERROR_LEARN_MORE_BUTTON);
   builder->Add("gaiaLoadingNewGaia", IDS_LOGIN_GAIA_LOADING_MESSAGE);
 
   // Strings used by the SAML fatal error dialog.
@@ -838,6 +843,15 @@ void GaiaScreenHandler::MaybePreloadAuthExtension() {
   }
 }
 
+void GaiaScreenHandler::ShowWhitelistCheckFailedError() {
+  base::DictionaryValue params;
+  params.SetBoolean("enterpriseManaged",
+                    g_browser_process->platform_part()
+                        ->browser_policy_connector_chromeos()
+                        ->IsEnterpriseManaged());
+  CallJS("showWhitelistCheckFailedError", true, params);
+}
+
 void GaiaScreenHandler::LoadAuthExtension(bool force,
                                           bool silent_load,
                                           bool offline) {

chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.h

@@ -85,6 +85,9 @@ class GaiaScreenHandler : public BaseScreenHandler {
   // pre-loads it.
   void MaybePreloadAuthExtension();
 
+  // Show error UI at the end of GAIA flow when user is not whitelisted.
+  void ShowWhitelistCheckFailedError();
+
   FrameState frame_state() const { return frame_state_; }
   net::Error frame_error() const { return frame_error_; }
 

chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc

@@ -928,6 +928,11 @@ void SigninScreenHandler::ShowSigninScreenForCreds(
   gaia_screen_handler_->ShowSigninScreenForCreds(username, password);
 }
 
+void SigninScreenHandler::ShowWhitelistCheckFailedError() {
+  DCHECK(gaia_screen_handler_);
+  gaia_screen_handler_->ShowWhitelistCheckFailedError();
+}
+
 void SigninScreenHandler::Observe(int type,
                                   const content::NotificationSource& source,
                                   const content::NotificationDetails& details) {

chrome/browser/ui/webui/chromeos/login/signin_screen_handler.h

@@ -92,6 +92,7 @@ class LoginDisplayWebUIHandler {
   // Show sign-in screen for the given credentials.
   virtual void ShowSigninScreenForCreds(const std::string& username,
                                         const std::string& password) = 0;
+  virtual void ShowWhitelistCheckFailedError() = 0;
   virtual void LoadUsers(const base::ListValue& users_list,
                          bool show_guest) = 0;
  protected:
@@ -300,6 +301,7 @@ class SigninScreenHandler
   void ShowErrorScreen(LoginDisplay::SigninError error_id) override;
   void ShowSigninScreenForCreds(const std::string& username,
                                 const std::string& password) override;
+  void ShowWhitelistCheckFailedError() override;
   void LoadUsers(const base::ListValue& users_list, bool show_guest) override;
 
   // content::NotificationObserver implementation:

chromeos/login/auth/login_performer.cc

@@ -143,6 +143,7 @@ void LoginPerformer::DoPerformLogin(const UserContext& user_context,
                                     AuthorizationMode auth_mode) {
   std::string email = gaia::CanonicalizeEmail(user_context.GetUserID());
   bool wildcard_match = false;
+
   if (!IsUserWhitelisted(email, &wildcard_match)) {
     NotifyWhitelistCheckFailure();
     return;