Sync token creation on in-session password change.

New sync token has to be created on in-session password change. The token received from the sync token API is stored locally. Other user devices detect password update and send user through the online re-auth in order to sync the credentials. Bug: 1090341 Change-Id: I5212ac2094a549dd6ee5ac96aba5d0150781ab86 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2339977 Commit-Queue: Maciek Slusarczyk <mslus@chromium.org> Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org> Cr-Commit-Position: refs/heads/master@{#798496}

Sync token creation on in-session password change.
New sync token has to be created on in-session password change. The token received from the sync token API is stored locally. Other user devices detect password update and send user through the online re-auth in order to sync the credentials. Bug: 1090341 Change-Id: I5212ac2094a549dd6ee5ac96aba5d0150781ab86 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2339977 Commit-Queue: Maciek Slusarczyk <mslus@chromium.org> Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org> Cr-Commit-Position: refs/heads/master@{#798496}
3b6760b5 · Maciek Slusarczyk · Commit Bot · 7af49afa · 3b6760b5 · 3b6760b5
Commit 3b6760b5 authored Aug 16, 2020 by Maciek Slusarczyk Committed by Commit Bot Aug 16, 2020
2 changed files
--- a/chrome/browser/chromeos/login/saml/in_session_password_change_manager.cc
+++ b/chrome/browser/chromeos/login/saml/in_session_password_change_manager.cc
@@ -21,6 +21,7 @@
 #include "chrome/common/pref_names.h"
 #include "chromeos/login/auth/user_context.h"
 #include "components/prefs/pref_service.h"
+#include "components/user_manager/known_user.h"
 #include "components/user_manager/user_manager.h"
 #include "content/public/browser/browser_task_traits.h"
 #include "content/public/browser/browser_thread.h"
@@ -409,6 +410,9 @@ void InSessionPasswordChangeManager::OnAuthSuccess(
  DismissExpiryNotification();
  PasswordChangeDialog::Dismiss();
  ConfirmPasswordChangeDialog::Dismiss();
+  // We request a new sync token. It will be updated locally and signal the fact
+  // of password change to other devices owned by the user.
+  CreateTokenAsync();
  RecordEvent(InSessionPasswordChangeEvent::kFinishPasswordChange);
 }

@@ -422,6 +426,34 @@ void InSessionPasswordChangeManager::OnLockStateChanged(bool locked) {
  }
 }

+void InSessionPasswordChangeManager::OnTokenCreated(
+    const std::string& sync_token) {
+  user_manager::known_user::SetPasswordSyncToken(primary_user_->GetAccountId(),
+                                                 sync_token);
+}
+
+void InSessionPasswordChangeManager::OnTokenFetched(
+    const std::string& sync_token) {
+  // Ignored.
+}
+
+void InSessionPasswordChangeManager::OnTokenVerified(bool is_valid) {
+  // Ignored.
+}
+
+void InSessionPasswordChangeManager::OnApiCallFailed(
+    PasswordSyncTokenFetcher::ErrorType error_type) {
+  // TODO(crbug.com/1112896): Error types will be tracked by UMA histograms.
+  // Going forward we should also consider re-trying token creation depending on
+  // the error_type.
+}
+
+void InSessionPasswordChangeManager::CreateTokenAsync() {
+  password_sync_token_fetcher_ = std::make_unique<PasswordSyncTokenFetcher>(
+      primary_profile_->GetURLLoaderFactory(), primary_profile_, this);
+  password_sync_token_fetcher_->StartTokenCreate();
+}
+
 // static
 InSessionPasswordChangeManager* InSessionPasswordChangeManager::GetNullable() {
  return g_test_instance ? g_test_instance

--- a/chrome/browser/chromeos/login/saml/in_session_password_change_manager.h
+++ b/chrome/browser/chromeos/login/saml/in_session_password_change_manager.h
@@ -12,6 +12,7 @@
 #include "base/memory/scoped_refptr.h"
 #include "base/observer_list.h"
 #include "base/time/time.h"
+#include "chrome/browser/chromeos/login/saml/password_sync_token_fetcher.h"
 #include "chromeos/login/auth/auth_status_consumer.h"

 class Profile;
@@ -58,8 +59,10 @@ class RecheckPasswordExpiryTask {
 // long as the primary user session exists  (but only if the primary user's
 // InSessionPasswordChange policy is enabled and the kInSessionPasswordChange
 // feature is enabled).
-class InSessionPasswordChangeManager : public AuthStatusConsumer,
-                                       public ash::SessionActivationObserver {
+class InSessionPasswordChangeManager
+    : public AuthStatusConsumer,
+      public ash::SessionActivationObserver,
+      public PasswordSyncTokenFetcher::Consumer {
 public:
  // Events in the in-session SAML password change flow.
  enum class Event {
@@ -154,16 +157,23 @@ class InSessionPasswordChangeManager : public AuthStatusConsumer,
  void AddObserver(Observer* observer);
  void RemoveObserver(Observer* observer);

-  // AuthStatusConsumer:
+  // AuthStatusConsumer
  void OnAuthFailure(const AuthFailure& error) override;
  void OnPasswordChangeDetected(const UserContext& user_context) override;
  void OnAuthSuccess(const UserContext& user_context) override;

-  // ash::SessionActivationObserver:
+  // ash::SessionActivationObserver
  void OnSessionActivated(bool activated) override;
  void OnLockStateChanged(bool locked) override;

+  // PasswordSyncTokenFetcher::Consumer
+  void OnTokenCreated(const std::string& sync_token) override;
+  void OnTokenFetched(const std::string& sync_token) override;
+  void OnTokenVerified(bool is_valid) override;
+  void OnApiCallFailed(PasswordSyncTokenFetcher::ErrorType error_type) override;
+
 private:
+  void CreateTokenAsync();
  static InSessionPasswordChangeManager* GetNullable();

  void NotifyObservers(Event event);
@@ -176,6 +186,7 @@ class InSessionPasswordChangeManager : public AuthStatusConsumer,
  int urgent_warning_days_;
  bool renotify_on_unlock_ = false;
  PasswordSource password_source_ = PasswordSource::PASSWORDS_SCRAPED;
+  std::unique_ptr<PasswordSyncTokenFetcher> password_sync_token_fetcher_;

  friend class InSessionPasswordChangeManagerTest;