Cros: Active Directory UI tweaks

Removed default autocomplete to device domain. Removed message for device name input with regex. BUG=chromium:865474 TEST=manual Change-Id: Ib334f89ae0d4a27153cd69e5100253cce18f40a1 Reviewed-on: https://chromium-review.googlesource.com/c/1255730 Commit-Queue: Roman Sorokin <rsorokin@chromium.org> Reviewed-by: Jacob Dufault <jdufault@chromium.org> Cr-Commit-Position: refs/heads/master@{#596692}

Cros: Active Directory UI tweaks
Removed default autocomplete to device domain. Removed message for device name input with regex. BUG=chromium:865474 TEST=manual Change-Id: Ib334f89ae0d4a27153cd69e5100253cce18f40a1 Reviewed-on: https://chromium-review.googlesource.com/c/1255730 Commit-Queue: Roman Sorokin <rsorokin@chromium.org> Reviewed-by: Jacob Dufault <jdufault@chromium.org> Cr-Commit-Position: refs/heads/master@{#596692}
7a8c1a43 · Roman Sorokin · Commit Bot · 304f457b · 7a8c1a43 · 7a8c1a43
Commit 7a8c1a43 authored Oct 04, 2018 by Roman Sorokin Committed by Commit Bot Oct 04, 2018
6 changed files
--- a/chrome/app/chromeos_strings.grdp
+++ b/chrome/app/chromeos_strings.grdp
@@ -3008,9 +3008,6 @@
  <message name="IDS_AD_DEVICE_NAME_INPUT_LABEL" desc="Admin-facing. Label for device name input field on the Active Directory domain join screen. User should tell us the name of their device.">
    Chromebook device name
  </message>
-  <message name="IDS_AD_DEVICE_NAME_REGEX_INPUT_LABEL" desc="Admin-facing. Label for device name input field on the Active Directory domain join screen. User should tell us the name of their device.">
-    Chromebook device name (<ph name="REGEX">$1<ex>^DEVICE_\d+$</ex></ph>)
-  </message>
  <message name="IDS_AD_DOMAIN_JOIN_WELCOME_MESSAGE" desc="Admin-facing. Welcome message on the Active Directory domain join screen.">
    Join device to domain
  </message>

--- a/chrome/browser/chromeos/login/active_directory_login_browsertest.cc
+++ b/chrome/browser/chromeos/login/active_directory_login_browsertest.cc
@@ -73,7 +73,7 @@ class ActiveDirectoryLoginTest : public LoginManagerTest {
        // Using the same realm as supervised user domain. Should be treated as
        // normal realm.
        test_realm_(user_manager::kSupervisedUserDomain),
-        autocomplete_realm_(test_realm_) {}
+        test_user_(kTestActiveDirectoryUser + ("@" + test_realm_)) {}

  ~ActiveDirectoryLoginTest() override = default;

@@ -110,8 +110,7 @@ class ActiveDirectoryLoginTest : public LoginManagerTest {

  void MarkAsActiveDirectoryEnterprise() {
    StartupUtils::MarkOobeCompleted();
-    active_directory_test_helper::PrepareLogin(kTestActiveDirectoryUser +
-                                               ("@" + test_realm_));
+    active_directory_test_helper::PrepareLogin(test_user_);
  }

  void TriggerPasswordChangeScreen() {
@@ -120,7 +119,7 @@ class ActiveDirectoryLoginTest : public LoginManagerTest {

    fake_auth_policy_client()->set_auth_error(
        authpolicy::ERROR_PASSWORD_EXPIRED);
-    SubmitActiveDirectoryCredentials(kTestActiveDirectoryUser, kPassword);
+    SubmitActiveDirectoryCredentials(test_user_, kPassword);
    screen_waiter.Wait();
    TestAdPasswordChangeError(std::string());
  }
@@ -157,7 +156,7 @@ class ActiveDirectoryLoginTest : public LoginManagerTest {
            JSElement(kAdOfflineAuthId, kAdAutocompleteRealm) + innerText),
        base::kWhitespaceASCII, &autocomplete_domain_ui);
    // Checks if realm is set to autocomplete username.
-    EXPECT_EQ("@" + autocomplete_realm_, autocomplete_domain_ui);
+    EXPECT_EQ(autocomplete_realm_, autocomplete_domain_ui);

    // Checks if bottom bar is visible.
    JSExpect("!Oobe.getInstance().headerHidden");
@@ -180,6 +179,16 @@ class ActiveDirectoryLoginTest : public LoginManagerTest {
    JSExpect(JSElement(kAdOfflineAuthId, kAdUserInput) + ".invalid");
  }

+  void SetUserInput(const std::string& value) {
+    js_checker().ExecuteAsync(JSElement(kAdOfflineAuthId, kAdUserInput) +
+                              ".value='" + value + "'");
+  }
+
+  void TestUserInput(const std::string& value) {
+    js_checker().ExpectEQ(JSElement(kAdOfflineAuthId, kAdUserInput) + ".value",
+                          value);
+  }
+
  // Checks if password input is marked as invalid.
  void TestPasswordError() {
    TestLoginVisible();
@@ -277,6 +286,7 @@ class ActiveDirectoryLoginTest : public LoginManagerTest {
  }

  const std::string test_realm_;
+  const std::string test_user_;
  std::string autocomplete_realm_;

 private:
@@ -295,7 +305,7 @@ class ActiveDirectoryLoginAutocompleteTest : public ActiveDirectoryLoginTest {
    device_settings.mutable_login_screen_domain_auto_complete()
        ->set_login_screen_domain_auto_complete(kTestUserRealm);
    fake_auth_policy_client()->set_device_policy(device_settings);
-    autocomplete_realm_ = kTestUserRealm;
+    autocomplete_realm_ = "@" + std::string(kTestUserRealm);
  }

 private:
@@ -315,12 +325,12 @@ class ActiveDirectoryLoginAutocompleteTest : public ActiveDirectoryLoginTest {
 // Test successful Active Directory login.
 IN_PROC_BROWSER_TEST_F_WITH_PRE(ActiveDirectoryLoginTest, LoginSuccess) {
  TestNoError();
-  TestDomainVisible();
+  TestDomainHidden();

  content::WindowedNotificationObserver session_start_waiter(
      chrome::NOTIFICATION_SESSION_STARTED,
      content::NotificationService::AllSources());
-  SubmitActiveDirectoryCredentials(kTestActiveDirectoryUser, kPassword);
+  SubmitActiveDirectoryCredentials(test_user_, kPassword);
  session_start_waiter.Wait();
 }

@@ -328,17 +338,17 @@ IN_PROC_BROWSER_TEST_F_WITH_PRE(ActiveDirectoryLoginTest, LoginSuccess) {
 IN_PROC_BROWSER_TEST_F_WITH_PRE(ActiveDirectoryLoginTest, LoginErrors) {
  SetupActiveDirectoryJSNotifications();
  TestNoError();
-  TestDomainVisible();
+  TestDomainHidden();

  content::DOMMessageQueue message_queue;

  SubmitActiveDirectoryCredentials("", "");
  TestUserError();
-  TestDomainVisible();
+  TestDomainHidden();

-  SubmitActiveDirectoryCredentials(kTestActiveDirectoryUser, "");
+  SubmitActiveDirectoryCredentials(test_user_, "");
  TestPasswordError();
-  TestDomainVisible();
+  TestDomainHidden();

  SubmitActiveDirectoryCredentials(std::string(kTestActiveDirectoryUser) + "@",
                                   kPassword);
@@ -347,31 +357,30 @@ IN_PROC_BROWSER_TEST_F_WITH_PRE(ActiveDirectoryLoginTest, LoginErrors) {
  TestDomainHidden();

  fake_auth_policy_client()->set_auth_error(authpolicy::ERROR_BAD_USER_NAME);
-  SubmitActiveDirectoryCredentials(
-      std::string(kTestActiveDirectoryUser) + "@" + test_realm_, kPassword);
+  SubmitActiveDirectoryCredentials(test_user_, kPassword);
  WaitForMessage(&message_queue, "\"ShowAuthError\"");
  TestUserError();
-  TestDomainVisible();
+  TestDomainHidden();

  fake_auth_policy_client()->set_auth_error(authpolicy::ERROR_BAD_PASSWORD);
-  SubmitActiveDirectoryCredentials(kTestActiveDirectoryUser, kPassword);
+  SubmitActiveDirectoryCredentials(test_user_, kPassword);
  WaitForMessage(&message_queue, "\"ShowAuthError\"");
  TestPasswordError();
-  TestDomainVisible();
+  TestDomainHidden();

  fake_auth_policy_client()->set_auth_error(authpolicy::ERROR_UNKNOWN);
-  SubmitActiveDirectoryCredentials(kTestActiveDirectoryUser, kPassword);
+  SubmitActiveDirectoryCredentials(test_user_, kPassword);
  WaitForMessage(&message_queue, "\"ShowAuthError\"");
  // Inputs are not invalidated for the unknown error.
  TestNoError();
-  TestDomainVisible();
+  TestDomainHidden();
 }

 // Test successful Active Directory login from the password change screen.
 IN_PROC_BROWSER_TEST_F_WITH_PRE(ActiveDirectoryLoginTest,
                                PasswordChange_LoginSuccess) {
  TestLoginVisible();
-  TestDomainVisible();
+  TestDomainHidden();

  TriggerPasswordChangeScreen();

@@ -389,7 +398,7 @@ IN_PROC_BROWSER_TEST_F_WITH_PRE(ActiveDirectoryLoginTest,
 IN_PROC_BROWSER_TEST_F_WITH_PRE(ActiveDirectoryLoginTest,
                                PasswordChange_UIErrors) {
  TestLoginVisible();
-  TestDomainVisible();
+  TestDomainHidden();

  TriggerPasswordChangeScreen();
  // Password rejected by UX.
@@ -421,7 +430,7 @@ IN_PROC_BROWSER_TEST_F_WITH_PRE(ActiveDirectoryLoginTest,
 IN_PROC_BROWSER_TEST_F_WITH_PRE(ActiveDirectoryLoginTest,
                                PasswordChange_ReopenClearErrors) {
  TestLoginVisible();
-  TestDomainVisible();
+  TestDomainHidden();

  TriggerPasswordChangeScreen();

@@ -434,12 +443,50 @@ IN_PROC_BROWSER_TEST_F_WITH_PRE(ActiveDirectoryLoginTest,
  TriggerPasswordChangeScreen();
 }

-// Tests that DeviceLoginScreenDomainAutoComplete policy overrides device realm
-// for user autocomplete.
+// Tests that autocomplete works. Submits username without domain.
+IN_PROC_BROWSER_TEST_F_WITH_PRE(ActiveDirectoryLoginAutocompleteTest,
+                                LoginSuccess) {
+  TestNoError();
+  TestDomainVisible();
+
+  content::WindowedNotificationObserver session_start_waiter(
+      chrome::NOTIFICATION_SESSION_STARTED,
+      content::NotificationService::AllSources());
+  SubmitActiveDirectoryCredentials(kTestActiveDirectoryUser, kPassword);
+  session_start_waiter.Wait();
+}
+
+// Tests that user could override autocomplete domain.
 IN_PROC_BROWSER_TEST_F_WITH_PRE(ActiveDirectoryLoginAutocompleteTest,
                                TestAutocomplete) {
+  SetupActiveDirectoryJSNotifications();
+
+  TestLoginVisible();
+  TestDomainVisible();
+  fake_auth_policy_client()->set_auth_error(authpolicy::ERROR_BAD_PASSWORD);
+  content::DOMMessageQueue message_queue;
+
+  // Submit with a different domain.
+  SetUserInput(test_user_);
+  TestDomainHidden();
+  TestUserInput(test_user_);
+  SubmitActiveDirectoryCredentials(test_user_, "password");
+  WaitForMessage(&message_queue, "\"ShowAuthError\"");
+  TestLoginVisible();
+  TestDomainHidden();
+  TestUserInput(test_user_);
+
+  // Set userinput with the autocomplete domain. JS will remove the autocomplete
+  // domain.
+  SetUserInput(kTestActiveDirectoryUser + autocomplete_realm_);
+  TestDomainVisible();
+  TestUserInput(kTestActiveDirectoryUser);
+  SubmitActiveDirectoryCredentials(
+      kTestActiveDirectoryUser + autocomplete_realm_, "password");
+  WaitForMessage(&message_queue, "\"ShowAuthError\"");
  TestLoginVisible();
  TestDomainVisible();
+  TestUserInput(kTestActiveDirectoryUser);
 }

 #undef IN_PROC_BROWSER_TEST_F_WITH_PRE

--- a/chrome/browser/resources/chromeos/login/offline_ad_login.html
+++ b/chrome/browser/resources/chromeos/login/offline_ad_login.html
@@ -101,7 +101,7 @@
              hidden="[[!isDomainJoin]]" value="[[machineName]]"
              disabled="[[disabled]]" invalid="[[machineNameInvalid]]"
              pattern="[[machineNameInputPattern_]]"
-              label="[[getMachineNameLabel_(locale, selectedConfigOption_)]]"
+              label="[[i18nDynamic(locale, 'oauthEnrollAdMachineNameInput')]]"
              on-keydown="onKeydownMachineNameInput_"
              error-message="[[getMachineNameError_(locale, errorState,
                  selectedConfigOption_)]]">
@@ -114,7 +114,7 @@
              label="[[i18nDynamic(locale, 'adAuthLoginUsername')]]"
              on-keydown="onKeydownUserInput_"
              error-message="[[i18nDynamic(locale, 'adLoginInvalidUsername')]]">
-            <span slot="suffix" hidden="[[domainHidden(userName)]]">
+            <span slot="suffix" hidden="[[domainHidden(userRealm, userName)]]">
              [[userRealm]]
            </span>
          </cr-input>

--- a/chrome/browser/resources/chromeos/login/offline_ad_login.js
+++ b/chrome/browser/resources/chromeos/login/offline_ad_login.js
@@ -429,15 +429,6 @@ Polymer({
    return errorState != ACTIVE_DIRECTORY_ERROR_STATE.MACHINE_NAME_TOO_LONG;
  },

-  getMachineNameLabel_: function(locale) {
-    if (this.machineNameInputPattern_) {
-      return this.i18nDynamic(
-          locale, 'oauthEnrollAdMachineNameInputRegex',
-          this.machineNameInputPattern_);
-    }
-    return this.i18nDynamic(locale, 'oauthEnrollAdMachineNameInput');
-  },
-
  getMachineNameError_: function(locale, errorState) {
    if (errorState == ACTIVE_DIRECTORY_ERROR_STATE.MACHINE_NAME_TOO_LONG)
      return this.i18nDynamic(locale, 'adJoinErrorMachineNameTooLong');
@@ -485,8 +476,8 @@ Polymer({
    }
  },

-  domainHidden: function(userName) {
-    return userName && userName.includes('@');
+  domainHidden: function(userRealm, userName) {
+    return !userRealm || (userName && userName.includes('@'));
  },

  onKeydownAuthPasswordInput_: function(e) {

--- a/chrome/browser/resources/chromeos/login/screen_gaia_signin.js
+++ b/chrome/browser/resources/chromeos/login/screen_gaia_signin.js
@@ -1272,8 +1272,6 @@ login.createScreen('GaiaSigninScreen', 'gaia-signin', function() {

      if ('emailDomain' in params)
        adAuthUI.userRealm = '@' + params['emailDomain'];
-      else if ('realm' in params)
-        adAuthUI.userRealm = '@' + params['realm'];

      adAuthUI.userName = params['email'];
      adAuthUI.focus();

--- a/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc
+++ b/chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.cc
@@ -565,8 +565,6 @@ void EnrollmentScreenHandler::DeclareLocalizedValues(

  /* Active Directory strings */
  builder->Add("oauthEnrollAdMachineNameInput", IDS_AD_DEVICE_NAME_INPUT_LABEL);
-  builder->Add("oauthEnrollAdMachineNameInputRegex",
-               IDS_AD_DEVICE_NAME_REGEX_INPUT_LABEL);
  builder->Add("oauthEnrollAdDomainJoinWelcomeMessage",
               IDS_AD_DOMAIN_JOIN_WELCOME_MESSAGE);
  builder->Add("adAuthLoginUsername", IDS_AD_AUTH_LOGIN_USER);