arc: Enable silent PlayStore Sign-In.

This CL implements experimental feature to skip 'Sign In' button
in OptIn flow. Currently it is implemented as 'sandbox' on server
side and this is available only for internal IP addresses. It is
optional and can be activated in chrome://flags.

BUG=b/28987931
TEST=Manually on device in both modes.

Review-Url: https://codereview.chromium.org/2320813002
Cr-Commit-Position: refs/heads/master@{#417180}

chrome/app/generated_resources.grd

@@ -13580,6 +13580,20 @@ Please check your email at <ph name="ACCOUNT_EMAIL">$2<ex>jane.doe@gmail.com</ex
         Enables the browser task scheduler to dispatch tasks instead of the existing worker pools. The browser task scheduler will only be used if variation parameters are available.
       </message>
 
+      <!-- Arc authorization -->
+      <if expr="chromeos">
+        <message name="IDS_FLAGS_ARC_USE_AUTH_ENDPOINT_NAME"
+                 desc="Name of about:flag option to control the arc authorization endpoint."
+                 translateable="false">
+          Android apps authorization point
+        </message>
+        <message name="IDS_FLAGS_ARC_USE_AUTH_ENDPOINT_DESCRIPTION"
+                 desc="Desciption of about:flag option to control the arc authorization endpoint."
+                 translateable="false">
+          Enable Android apps authorization point to automatic sign-in in OptIn flow.
+        </message>
+      </if>
+
       <!-- Windows 8 Metro mode. -->
       <if expr="is_win">
         <message name="IDS_METRO_FLOW_DESCRIPTION"

chrome/browser/about_flags.cc

@@ -2067,6 +2067,14 @@ const FeatureEntry kFeatureEntries[] = {
     {"enable-gamepad-extensions", IDS_FLAGS_GAMEPAD_EXTENSIONS_NAME,
      IDS_FLAGS_GAMEPAD_EXTENSIONS_DESCRIPTION, kOsAll,
      FEATURE_VALUE_TYPE(features::kGamepadExtensions)},
+#if defined(OS_CHROMEOS)
+    {"arc-use-auth-endpoint", IDS_FLAGS_ARC_USE_AUTH_ENDPOINT_NAME,
+     IDS_FLAGS_ARC_USE_AUTH_ENDPOINT_DESCRIPTION, kOsCrOS,
+     SINGLE_VALUE_TYPE_AND_VALUE(
+       chromeos::switches::kArcUseAuthEndpoint,
+       "https://www-googleapis-staging.sandbox.google.com/oauth2/v4/" \
+       "ExchangeToken")},
+#endif
     // NOTE: Adding new command-line switches requires adding corresponding
     // entries to enum "LoginCustomFlags" in histograms.xml. See note in
     // histograms.xml and don't forget to run AboutFlagsHistogramTest unit test.

chrome/browser/chromeos/BUILD.gn

@@ -189,6 +189,9 @@ source_set("chromeos") {
     "arc/arc_android_management_checker.cc",
     "arc/arc_android_management_checker.h",
     "arc/arc_android_management_checker_delegate.h",
+    "arc/arc_auth_code_fetcher.cc",
+    "arc/arc_auth_code_fetcher.h",
+    "arc/arc_auth_code_fetcher_delegate.h",
     "arc/arc_auth_context.cc",
     "arc/arc_auth_context.h",
     "arc/arc_auth_context_delegate.h",

chrome/browser/chromeos/arc/arc_auth_code_fetcher.cc

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/arc/arc_auth_code_fetcher.h"
+
+#include "base/json/json_string_value_serializer.h"
+#include "base/json/json_writer.h"
+#include "base/values.h"
+#include "chrome/browser/chromeos/arc/arc_auth_code_fetcher_delegate.h"
+#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
+#include "chrome/browser/signin/signin_manager_factory.h"
+#include "chrome/browser/ui/ash/multi_user/multi_user_util.h"
+#include "components/signin/core/account_id/account_id.h"
+#include "components/signin/core/browser/profile_oauth2_token_service.h"
+#include "components/signin/core/browser/signin_manager_base.h"
+#include "components/user_manager/known_user.h"
+#include "content/public/browser/browser_context.h"
+#include "content/public/common/url_constants.h"
+#include "google_apis/gaia/gaia_auth_fetcher.h"
+#include "google_apis/gaia/gaia_constants.h"
+#include "net/base/load_flags.h"
+#include "net/http/http_status_code.h"
+#include "net/url_request/url_fetcher.h"
+
+namespace arc {
+
+namespace {
+
+constexpr int kGetAuthCodeNetworkRetry = 3;
+
+constexpr char kConsumerName[] = "ArcAuthContext";
+constexpr char kToken[] = "token";
+constexpr char kDeviceId[] = "device_id";
+constexpr char kDeviceType[] = "device_type";
+constexpr char kDeviceTypeArc[] = "arc_plus_plus";
+constexpr char kLoginScopedToken[] = "login_scoped_token";
+constexpr char kGetAuthCodeHeaders[] =
+    "Content-Type: application/json; charset=utf-8";
+constexpr char kContentTypeJSON[] = "application/json";
+
+}  // namespace
+
+ArcAuthCodeFetcher::ArcAuthCodeFetcher(
+    ArcAuthCodeFetcherDelegate* delegate,
+    net::URLRequestContextGetter* request_context_getter,
+    Profile* profile,
+    const std::string& auth_endpoint)
+    : OAuth2TokenService::Consumer(kConsumerName),
+      delegate_(delegate),
+      request_context_getter_(request_context_getter),
+      profile_(profile),
+      auth_endpoint_(auth_endpoint) {
+  // Get token service and account ID to fetch auth tokens.
+  ProfileOAuth2TokenService* const token_service =
+      ProfileOAuth2TokenServiceFactory::GetForProfile(profile_);
+  const SigninManagerBase* const signin_manager =
+      SigninManagerFactory::GetForProfile(profile_);
+  CHECK(token_service && signin_manager);
+  const std::string& account_id = signin_manager->GetAuthenticatedAccountId();
+  DCHECK(!account_id.empty());
+  DCHECK(token_service->RefreshTokenIsAvailable(account_id));
+
+  OAuth2TokenService::ScopeSet scopes;
+  scopes.insert(GaiaConstants::kOAuth1LoginScope);
+  login_token_request_.reset(
+      token_service->StartRequest(account_id, scopes, this).release());
+}
+
+ArcAuthCodeFetcher::~ArcAuthCodeFetcher() {}
+
+void ArcAuthCodeFetcher::OnGetTokenSuccess(
+    const OAuth2TokenService::Request* request,
+    const std::string& access_token,
+    const base::Time& expiration_time) {
+  ResetFetchers();
+
+  const std::string device_id = user_manager::known_user::GetDeviceId(
+      multi_user_util::GetAccountIdFromProfile(profile_));
+  DCHECK(!device_id.empty());
+
+  base::DictionaryValue request_data;
+  request_data.SetString(kLoginScopedToken, access_token);
+  request_data.SetString(kDeviceType, kDeviceTypeArc);
+  request_data.SetString(kDeviceId, device_id);
+  std::string request_string;
+  base::JSONWriter::Write(request_data, &request_string);
+
+  DCHECK(!auth_endpoint_.empty());
+  auth_code_fetcher_ = net::URLFetcher::Create(0, GURL(auth_endpoint_),
+                                               net::URLFetcher::POST, this);
+  auth_code_fetcher_->SetRequestContext(request_context_getter_);
+  auth_code_fetcher_->SetUploadData(kContentTypeJSON, request_string);
+  auth_code_fetcher_->SetLoadFlags(net::LOAD_DISABLE_CACHE |
+                                   net::LOAD_BYPASS_CACHE);
+  auth_code_fetcher_->SetAutomaticallyRetryOnNetworkChanges(
+      kGetAuthCodeNetworkRetry);
+  auth_code_fetcher_->SetExtraRequestHeaders(kGetAuthCodeHeaders);
+  auth_code_fetcher_->Start();
+}
+
+void ArcAuthCodeFetcher::OnGetTokenFailure(
+    const OAuth2TokenService::Request* request,
+    const GoogleServiceAuthError& error) {
+  VLOG(2) << "Failed to get LST " << error.ToString() << ".";
+  ResetFetchers();
+
+  delegate_->OnAuthCodeFailed();
+}
+
+void ArcAuthCodeFetcher::OnURLFetchComplete(const net::URLFetcher* source) {
+  const int response_code = source->GetResponseCode();
+  std::string json_string;
+  source->GetResponseAsString(&json_string);
+
+  ResetFetchers();
+
+  if (response_code != net::HTTP_OK) {
+    VLOG(2) << "Server returned wrong response code: " << response_code << ".";
+    delegate_->OnAuthCodeFailed();
+    return;
+  }
+
+  JSONStringValueDeserializer deserializer(json_string);
+  std::string error_msg;
+  std::unique_ptr<base::Value> auth_code_info =
+      deserializer.Deserialize(nullptr, &error_msg);
+  if (!auth_code_info) {
+    VLOG(2) << "Unable to deserialize auth code json data: " << error_msg
+            << ".";
+    delegate_->OnAuthCodeFailed();
+    return;
+  }
+
+  std::unique_ptr<base::DictionaryValue> auth_code_dictionary =
+      base::DictionaryValue::From(std::move(auth_code_info));
+  if (!auth_code_dictionary) {
+    NOTREACHED();
+    delegate_->OnAuthCodeFailed();
+    return;
+  }
+
+  std::string auth_code;
+  if (!auth_code_dictionary->GetString(kToken, &auth_code) ||
+      auth_code.empty()) {
+    VLOG(2) << "Response does not contain auth code.";
+    delegate_->OnAuthCodeFailed();
+    return;
+  }
+
+  delegate_->OnAuthCodeSuccess(auth_code);
+}
+
+void ArcAuthCodeFetcher::ResetFetchers() {
+  login_token_request_.reset();
+  auth_code_fetcher_.reset();
+}
+
+}  // namespace arc

chrome/browser/chromeos/arc/arc_auth_code_fetcher.h

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_ARC_ARC_AUTH_CODE_FETCHER_H_
+#define CHROME_BROWSER_CHROMEOS_ARC_ARC_AUTH_CODE_FETCHER_H_
+
+#include <memory>
+#include <string>
+
+#include "base/macros.h"
+#include "google_apis/gaia/oauth2_token_service.h"
+#include "net/url_request/url_fetcher_delegate.h"
+
+class Profile;
+
+namespace net {
+class URLFetcher;
+class URLRequestContextGetter;
+}
+
+namespace arc {
+
+class ArcAuthCodeFetcherDelegate;
+
+class ArcAuthCodeFetcher : public OAuth2TokenService::Consumer,
+                           public net::URLFetcherDelegate {
+ public:
+  ArcAuthCodeFetcher(ArcAuthCodeFetcherDelegate* delegate,
+                     net::URLRequestContextGetter* request_context_getter,
+                     Profile* profile,
+                     const std::string& auth_endpoint);
+  ~ArcAuthCodeFetcher() override;
+
+  // OAuth2TokenService::Consumer:
+  void OnGetTokenSuccess(const OAuth2TokenService::Request* request,
+                         const std::string& access_token,
+                         const base::Time& expiration_time) override;
+  void OnGetTokenFailure(const OAuth2TokenService::Request* request,
+                         const GoogleServiceAuthError& error) override;
+
+  // net::URLFetcherDelegate:
+  void OnURLFetchComplete(const net::URLFetcher* source) override;
+
+ private:
+  void ResetFetchers();
+
+  // Unowned pointers.
+  ArcAuthCodeFetcherDelegate* const delegate_;
+  net::URLRequestContextGetter* const request_context_getter_;
+  Profile* const profile_;
+
+  // URL to request auth code.
+  const std::string auth_endpoint_;
+
+  std::unique_ptr<OAuth2TokenService::Request> login_token_request_;
+  std::unique_ptr<net::URLFetcher> auth_code_fetcher_;
+
+  DISALLOW_COPY_AND_ASSIGN(ArcAuthCodeFetcher);
+};
+
+}  // namespace arc
+
+#endif  // CHROME_BROWSER_CHROMEOS_ARC_ARC_AUTH_CODE_FETCHER_H_

chrome/browser/chromeos/arc/arc_auth_code_fetcher_delegate.h

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_ARC_ARC_AUTH_CODE_FETCHER_DELEGATE_H_
+#define CHROME_BROWSER_CHROMEOS_ARC_ARC_AUTH_CODE_FETCHER_DELEGATE_H_
+
+namespace arc {
+
+class ArcAuthCodeFetcherDelegate {
+ public:
+  virtual void OnAuthCodeSuccess(const std::string& auth_code) = 0;
+  virtual void OnAuthCodeFailed() = 0;
+
+ protected:
+  virtual ~ArcAuthCodeFetcherDelegate() {}
+};
+
+}  // namespace arc
+
+#endif  // CHROME_BROWSER_CHROMEOS_ARC_ARC_AUTH_CODE_FETCHER_DELEGATE_H_

chrome/browser/chromeos/arc/arc_auth_context.cc

@@ -69,16 +69,19 @@ void ArcAuthContext::OnRefreshTokenTimeout() {
 
 void ArcAuthContext::OnMergeSessionSuccess(const std::string& data) {
   context_prepared_ = true;
+  ResetFetchers();
   delegate_->OnContextReady();
 }
 
 void ArcAuthContext::OnMergeSessionFailure(
     const GoogleServiceAuthError& error) {
   VLOG(2) << "Failed to merge gaia session " << error.ToString() << ".";
+  ResetFetchers();
   delegate_->OnPrepareContextFailed();
 }
 
 void ArcAuthContext::OnUbertokenSuccess(const std::string& token) {
+  ResetFetchers();
   merger_fetcher_.reset(
       new GaiaAuthFetcher(this, GaiaConstants::kChromeOSSource,
                           storage_partition_->GetURLRequestContext()));
@@ -87,6 +90,7 @@ void ArcAuthContext::OnUbertokenSuccess(const std::string& token) {
 
 void ArcAuthContext::OnUbertokenFailure(const GoogleServiceAuthError& error) {
   VLOG(2) << "Failed to get ubertoken " << error.ToString() << ".";
+  ResetFetchers();
   delegate_->OnPrepareContextFailed();
 }
 
@@ -112,11 +116,21 @@ void ArcAuthContext::PrepareContext() {
 
 void ArcAuthContext::StartFetchers() {
   DCHECK(!refresh_token_timeout_.IsRunning());
-  merger_fetcher_.reset();
+  ResetFetchers();
   ubertoken_fetcher_.reset(
       new UbertokenFetcher(token_service_, this, GaiaConstants::kChromeOSSource,
                            storage_partition_->GetURLRequestContext()));
   ubertoken_fetcher_->StartFetchingToken(account_id_);
 }
 
+void ArcAuthContext::ResetFetchers() {
+  merger_fetcher_.reset();
+  ubertoken_fetcher_.reset();
+}
+
+net::URLRequestContextGetter* ArcAuthContext::GetURLRequestContext() {
+  DCHECK(context_prepared_);
+  return storage_partition_->GetURLRequestContext();
+}
+
 }  // namespace arc

chrome/browser/chromeos/arc/arc_auth_context.h

@@ -19,6 +19,10 @@ namespace content {
 class StoragePartition;
 }
 
+namespace net {
+class URLRequestContextGetter;
+}
+
 namespace arc {
 
 class ArcAuthContextDelegate;
@@ -32,6 +36,9 @@ class ArcAuthContext : public UbertokenConsumer,
 
   void PrepareContext();
 
+  // Returns the URL request context information associated with this context.
+  net::URLRequestContextGetter* GetURLRequestContext();
+
   // OAuth2TokenService::Observer:
   void OnRefreshTokenAvailable(const std::string& account_id) override;
   void OnRefreshTokensLoaded() override;
@@ -50,6 +57,7 @@ class ArcAuthContext : public UbertokenConsumer,
 
  private:
   void StartFetchers();
+  void ResetFetchers();
   void OnRefreshTokenTimeout();
 
   // Unowned pointers.

chrome/browser/chromeos/arc/arc_auth_service.cc

@@ -14,6 +14,7 @@
 #include "base/logging.h"
 #include "base/strings/string16.h"
 #include "chrome/browser/chromeos/arc/arc_android_management_checker.h"
+#include "chrome/browser/chromeos/arc/arc_auth_code_fetcher.h"
 #include "chrome/browser/chromeos/arc/arc_auth_context.h"
 #include "chrome/browser/chromeos/arc/arc_auth_notification.h"
 #include "chrome/browser/chromeos/arc/arc_optin_uma.h"
@@ -598,6 +599,7 @@ void ArcAuthService::ShutdownBridge() {
   playstore_launcher_.reset();
   auth_callback_.Reset();
   android_management_checker_.reset();
+  auth_code_fetcher_.reset();
   arc_bridge_service()->Shutdown();
   if (state_ != State::NOT_INITIALIZED)
     SetState(State::STOPPED);
@@ -791,6 +793,19 @@ void ArcAuthService::OnPrepareContextFailed() {
   UpdateOptInCancelUMA(OptInCancelReason::NETWORK_ERROR);
 }
 
+void ArcAuthService::OnAuthCodeSuccess(const std::string& auth_code) {
+  SetAuthCodeAndStartArc(auth_code);
+}
+
+void ArcAuthService::OnAuthCodeFailed() {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  DCHECK_EQ(state_, State::FETCHING_CODE);
+  ShutdownBridgeAndShowUI(
+      UIPage::ERROR,
+      l10n_util::GetStringUTF16(IDS_ARC_SERVER_COMMUNICATION_ERROR));
+  UpdateOptInCancelUMA(OptInCancelReason::NETWORK_ERROR);
+}
+
 void ArcAuthService::CheckAndroidManagement(bool background_mode) {
   // Do not send requests for Chrome OS managed users.
   if (IsAccountManaged(profile_)) {
@@ -840,13 +855,28 @@ void ArcAuthService::OnAndroidManagementChecked(
 }
 
 void ArcAuthService::StartArcIfSignedIn() {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   if (state_ == State::ACTIVE)
     return;
+
   if (profile_->GetPrefs()->GetBoolean(prefs::kArcSignedIn) ||
       IsOptInVerificationDisabled()) {
     StartArc();
   } else {
-    ShowUI(UIPage::LSO_PROGRESS, base::string16());
+    const base::CommandLine* command_line =
+        base::CommandLine::ForCurrentProcess();
+    std::string auth_endpoint;
+    if (command_line->HasSwitch(chromeos::switches::kArcUseAuthEndpoint)) {
+      auth_endpoint = command_line->GetSwitchValueASCII(
+          chromeos::switches::kArcUseAuthEndpoint);
+    }
+
+    if (!auth_endpoint.empty()) {
+      auth_code_fetcher_.reset(new ArcAuthCodeFetcher(
+          this, context_->GetURLRequestContext(), profile_, auth_endpoint));
+    } else {
+      ShowUI(UIPage::LSO_PROGRESS, base::string16());
+    }
   }
 }
 

chrome/browser/chromeos/arc/arc_auth_service.h

@@ -13,6 +13,7 @@
 #include "base/memory/weak_ptr.h"
 #include "base/observer_list.h"
 #include "chrome/browser/chromeos/arc/arc_android_management_checker_delegate.h"
+#include "chrome/browser/chromeos/arc/arc_auth_code_fetcher_delegate.h"
 #include "chrome/browser/chromeos/arc/arc_auth_context_delegate.h"
 #include "components/arc/arc_bridge_service.h"
 #include "components/arc/arc_service.h"
@@ -37,6 +38,7 @@ class PrefRegistrySyncable;
 namespace arc {
 
 class ArcAndroidManagementChecker;
+class ArcAuthCodeFetcher;
 class ArcAuthContext;
 enum class ProvisioningResult : int;
 
@@ -48,6 +50,7 @@ class ArcAuthService : public ArcService,
                        public InstanceHolder<mojom::AuthInstance>::Observer,
                        public ArcAndroidManagementCheckerDelegate,
                        public ArcAuthContextDelegate,
+                       public ArcAuthCodeFetcherDelegate,
                        public syncable_prefs::PrefServiceSyncableObserver,
                        public syncable_prefs::SyncedPrefObserver {
  public:
@@ -175,6 +178,10 @@ class ArcAuthService : public ArcService,
   void OnContextReady() override;
   void OnPrepareContextFailed() override;
 
+  // ArcAuthCodeFetcherDelegate:
+  void OnAuthCodeSuccess(const std::string& auth_code) override;
+  void OnAuthCodeFailed() override;
+
   // ArcAndroidManagementCheckerDelegate:
   void OnAndroidManagementChecked(
       policy::AndroidManagementClient::Result result) override;
@@ -234,6 +241,7 @@ class ArcAuthService : public ArcService,
   bool waiting_for_reply_ = false;
 
   std::unique_ptr<ArcAuthContext> context_;
+  std::unique_ptr<ArcAuthCodeFetcher> auth_code_fetcher_;
   std::unique_ptr<ArcAndroidManagementChecker> android_management_checker_;
 
   base::Time sign_in_time_;

chromeos/chromeos_switches.cc

@@ -61,6 +61,10 @@ const char kAppOemManifestFile[] = "app-mode-oem-manifest";
 // Signals the availability of the ARC instance on this device.
 const char kArcAvailable[] = "arc-available";
 
+// Specifies ARC authorization endpoint to enable automatic sign-in in OptIn
+// flow.
+const char kArcUseAuthEndpoint[] = "arc-use-auth-endpoint";
+
 // Screenshot testing: specifies the directoru where artifacts will be stored.
 const char kArtifactsDir[] = "artifacts-dir";
 

chromeos/chromeos_switches.h

@@ -29,6 +29,7 @@ CHROMEOS_EXPORT extern const char kAllowFailedPolicyFetchForTest[];
 CHROMEOS_EXPORT extern const char kAllowRAInDevMode[];
 CHROMEOS_EXPORT extern const char kAppOemManifestFile[];
 CHROMEOS_EXPORT extern const char kArcAvailable[];
+CHROMEOS_EXPORT extern const char kArcUseAuthEndpoint[];
 CHROMEOS_EXPORT extern const char kArtifactsDir[];
 CHROMEOS_EXPORT extern const char kAshWebUIInit[];
 CHROMEOS_EXPORT extern const char kChildWallpaperLarge[];

tools/metrics/histograms/histograms.xml

@@ -85650,6 +85650,7 @@ To add a new entry, add it with any value and run test to compute valid value.
   <int value="1421620678" label="simple-clear-browsing-data-support-string"/>
   <int value="1442798825" label="enable-quic"/>
   <int value="1454363479" label="disable-storage-manager"/>
+  <int value="1458583431" label="arc-use-auth-endpoint"/>
   <int value="1459529277" label="disable-text-input-focus-manager"/>
   <int value="1465624446" label="disable-zero-copy"/>
   <int value="1466380480" label="enable-device-discovery-notifications"/>