Get user by gaia id for affiliation check.

PolicyData will now contain GAIA ID of the user.
It's better to lookup user in |known_user| by gaia id if it's present.
It could be that it will be broken if stable |username| field in policy
will became not in sync with |known_user| database.

BUG=831663
TEST=Run trybots

Change-Id: I43532cac2f5e559b8b4f71858d3f070e0e715366
Reviewed-on: https://chromium-review.googlesource.com/1009910Reviewed-by: Maksim Ivanov <emaxx@chromium.org>
Reviewed-by: Alexander Alekseev <alemate@chromium.org>
Commit-Queue: Sergey Poromov <poromov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#551631}

chrome/browser/chromeos/login/saml/saml_browsertest.cc

@@ -72,6 +72,7 @@
 #include "components/policy/policy_constants.h"
 #include "components/policy/proto/chrome_device_policy.pb.h"
 #include "components/policy/proto/device_management_backend.pb.h"
+#include "components/signin/core/account_id/account_id.h"
 #include "components/user_manager/user.h"
 #include "components/user_manager/user_manager.h"
 #include "content/public/browser/browser_thread.h"
@@ -126,6 +127,12 @@ constexpr char kHTTPSAMLUserEmail[] = "carol@example.com";
 constexpr char kNonSAMLUserEmail[] = "dan@example.com";
 constexpr char kDifferentDomainSAMLUserEmail[] = "eve@example.test";
 
+constexpr char kFirstSAMLUserGaiaId[] = "bob-gaia";
+constexpr char kSecondSAMLUserGaiaId[] = "alice-gaia";
+constexpr char kHTTPSAMLUserGaiaId[] = "carol-gaia";
+constexpr char kNonSAMLUserGaiaId[] = "dan-gaia";
+constexpr char kDifferentDomainSAMLUserGaiaId[] = "eve-gaia";
+
 constexpr char kIdPHost[] = "login.example.com";
 constexpr char kAdditionalIdPHost[] = "login2.example.com";
 
@@ -1069,26 +1076,32 @@ void SAMLPolicyTest::SetUpOnMainThread() {
 
   // Pretend that the test users' OAuth tokens are valid.
   user_manager::UserManager::Get()->SaveUserOAuthStatus(
-      AccountId::FromUserEmail(kFirstSAMLUserEmail),
+      AccountId::FromUserEmailGaiaId(kFirstSAMLUserEmail, kFirstSAMLUserGaiaId),
       user_manager::User::OAUTH2_TOKEN_STATUS_VALID);
   user_manager::UserManager::Get()->SaveUserOAuthStatus(
-      AccountId::FromUserEmail(kNonSAMLUserEmail),
+      AccountId::FromUserEmailGaiaId(kNonSAMLUserEmail, kNonSAMLUserGaiaId),
       user_manager::User::OAUTH2_TOKEN_STATUS_VALID);
   user_manager::UserManager::Get()->SaveUserOAuthStatus(
-      AccountId::FromUserEmail(kDifferentDomainSAMLUserEmail),
+      AccountId::FromUserEmailGaiaId(kDifferentDomainSAMLUserEmail,
+                                     kDifferentDomainSAMLUserGaiaId),
       user_manager::User::OAUTH2_TOKEN_STATUS_VALID);
 
   // Give affiliated users appropriate affiliation IDs.
   std::set<std::string> user_affiliation_ids;
   user_affiliation_ids.insert(kAffiliationID);
-  chromeos::ChromeUserManager::Get()->SetUserAffiliation(kFirstSAMLUserEmail,
-                                                         user_affiliation_ids);
-  chromeos::ChromeUserManager::Get()->SetUserAffiliation(kSecondSAMLUserEmail,
-                                                         user_affiliation_ids);
-  chromeos::ChromeUserManager::Get()->SetUserAffiliation(kHTTPSAMLUserEmail,
-                                                         user_affiliation_ids);
-  chromeos::ChromeUserManager::Get()->SetUserAffiliation(kNonSAMLUserEmail,
-                                                         user_affiliation_ids);
+  chromeos::ChromeUserManager::Get()->SetUserAffiliation(
+      AccountId::FromUserEmailGaiaId(kFirstSAMLUserEmail, kFirstSAMLUserGaiaId),
+      user_affiliation_ids);
+  chromeos::ChromeUserManager::Get()->SetUserAffiliation(
+      AccountId::FromUserEmailGaiaId(kSecondSAMLUserEmail,
+                                     kSecondSAMLUserGaiaId),
+      user_affiliation_ids);
+  chromeos::ChromeUserManager::Get()->SetUserAffiliation(
+      AccountId::FromUserEmailGaiaId(kHTTPSAMLUserEmail, kHTTPSAMLUserGaiaId),
+      user_affiliation_ids);
+  chromeos::ChromeUserManager::Get()->SetUserAffiliation(
+      AccountId::FromUserEmailGaiaId(kNonSAMLUserEmail, kNonSAMLUserGaiaId),
+      user_affiliation_ids);
 
   // Set up fake networks.
   DBusThreadManager::Get()

chrome/browser/chromeos/login/users/chrome_user_manager.h

@@ -10,6 +10,8 @@
 #include "base/task_runner.h"
 #include "chrome/browser/chromeos/login/users/affiliation.h"
 #include "chrome/browser/chromeos/login/users/user_manager_interface.h"
+#include "components/signin/core/account_id/account_id.h"
+#include "components/user_manager/user.h"
 #include "components/user_manager/user_manager_base.h"
 
 namespace chromeos {
@@ -30,10 +32,10 @@ class ChromeUserManager : public user_manager::UserManagerBase,
   static user_manager::UserList GetUsersAllowedAsSupervisedUserManagers(
       const user_manager::UserList& user_list);
 
-  // Sets affiliation status for the user |user_id| judging by
-  // |user_affiliation_ids| and device affiliation IDs.
+  // Sets affiliation status for the user identified with |account_id|
+  // judging by |user_affiliation_ids| and device affiliation IDs.
   virtual void SetUserAffiliation(
-      const std::string& user_email,
+      const AccountId& account_id,
       const AffiliationIDSet& user_affiliation_ids) = 0;
 
   // Return whether the given user should be reported (see

chrome/browser/chromeos/login/users/chrome_user_manager_impl.cc

@@ -1316,10 +1316,8 @@ void ChromeUserManagerImpl::UpdateUserTimeZoneRefresher(Profile* profile) {
 }
 
 void ChromeUserManagerImpl::SetUserAffiliation(
-    const std::string& user_email,
+    const AccountId& account_id,
     const AffiliationIDSet& user_affiliation_ids) {
-  const AccountId& account_id = user_manager::known_user::GetAccountId(
-      user_email, std::string() /* id */, AccountType::UNKNOWN);
   user_manager::User* user = FindUserAndModify(account_id);
 
   if (user) {

chrome/browser/chromeos/login/users/chrome_user_manager_impl.h

@@ -149,7 +149,7 @@ class ChromeUserManagerImpl
   // ChromeUserManager implementation:
   bool IsEnterpriseManaged() const override;
   void SetUserAffiliation(
-      const std::string& user_email,
+      const AccountId& account_id,
       const AffiliationIDSet& user_affiliation_ids) override;
   bool ShouldReportUser(const std::string& user_id) const override;
 

chrome/browser/chromeos/login/users/fake_chrome_user_manager.cc

@@ -707,7 +707,7 @@ void FakeChromeUserManager::OnUserRemoved(const AccountId& account_id) {
 }
 
 void FakeChromeUserManager::SetUserAffiliation(
-    const std::string& user_email,
+    const AccountId& account_id,
     const AffiliationIDSet& user_affiliation_ids) {}
 
 bool FakeChromeUserManager::ShouldReportUser(const std::string& user_id) const {

chrome/browser/chromeos/login/users/fake_chrome_user_manager.h

@@ -172,7 +172,7 @@ class FakeChromeUserManager : public ChromeUserManager {
 
   // ChromeUserManager override.
   void SetUserAffiliation(
-      const std::string& user_email,
+      const AccountId& account_id,
       const AffiliationIDSet& user_affiliation_ids) override;
   bool ShouldReportUser(const std::string& user_id) const override;
 

chrome/browser/chromeos/login/users/mock_user_manager.h

@@ -142,7 +142,7 @@ class MockUserManager : public ChromeUserManager {
   UserFlow* GetCurrentUserFlow() const override;
   UserFlow* GetUserFlow(const AccountId&) const override;
   MOCK_METHOD2(SetUserAffiliation,
-               void(const std::string& user_id,
+               void(const AccountId& account_id,
                     const chromeos::AffiliationIDSet& user_affiliation_ids));
 
   bool ShouldReportUser(const std::string& user_id) const override;

chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.cc

@@ -429,7 +429,7 @@ void UserCloudPolicyManagerChromeOS::OnStoreLoaded(
         policy_data->user_affiliation_ids().end());
 
     chromeos::ChromeUserManager::Get()->SetUserAffiliation(
-        policy_data->username(), set_of_user_affiliation_ids);
+        account_id_, set_of_user_affiliation_ids);
   }
 }