Support token-based enrollment in test server

Bug: 854101 Change-Id: Iea1248fd7d8bcb8c5eb0443c713fbf8717b1255a Reviewed-on: https://chromium-review.googlesource.com/1251542 Commit-Queue: Denis Kuznetsov <antrim@chromium.org> Reviewed-by: Sergey Poromov <poromov@chromium.org> Cr-Commit-Position: refs/heads/master@{#595080}

Support token-based enrollment in test server
Bug: 854101 Change-Id: Iea1248fd7d8bcb8c5eb0443c713fbf8717b1255a Reviewed-on: https://chromium-review.googlesource.com/1251542 Commit-Queue: Denis Kuznetsov <antrim@chromium.org> Reviewed-by: Sergey Poromov <poromov@chromium.org> Cr-Commit-Position: refs/heads/master@{#595080}
9fec807b · Denis Kuznetsov · Commit Bot · ffcc82e0 · 9fec807b
Commit 9fec807b authored Sep 28, 2018 by Denis Kuznetsov Committed by Commit Bot Sep 28, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 10 deletions

chrome/browser/policy/test/policy_testserver.py chrome/browser/policy/test/policy_testserver.py +36 -10

No files found.
--- a/chrome/browser/policy/test/policy_testserver.py
+++ b/chrome/browser/policy/test/policy_testserver.py
@@ -53,8 +53,11 @@ Example:
  "available_licenses" : {
      "annual": 10,
      "perpetual": 20
-   }
+   },
+   "token_enrollment": {
+      "token": "abcd-ef01-123123123",
+      "username": "admin@example.com"
+   },
 }
 """
@@ -391,6 +394,18 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
    return None
+  def CheckEnrollmentToken(self):
+    """Extracts the enrollment token from the request and returns it. The token
+    is GoogleEnrollmentToken token from an Authorization header. Returns None
+    if no token is present.
+    """
+    match = re.match('GoogleEnrollmentToken auth=(\\w+)',
+                     self.headers.getheader('Authorization', ''))
+    if match:
+      return match.group(1)
+    return None
  def ProcessRegister(self, msg):
    """Handles a register request.
@@ -403,15 +418,26 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
    Returns:
      A tuple of HTTP status code and response data to send to the client.
    """
-    # Check the auth token and device ID.
+    enrollment_token = self.CheckEnrollmentToken()
-    auth = self.CheckGoogleLogin()
-    if not auth:
-      return (403, 'No authorization')
    policy = self.server.GetPolicies()
-    if ('managed_users' not in policy):
+    if enrollment_token:
-      return (500, 'Error in config - no managed users')
+      if ((not policy['token_enrollment']) or
-    username = self.server.ResolveUser(auth)
+          (not policy['token_enrollment']['token']) or
+          (not policy['token_enrollment']['username'])):
+        return (500, 'Error in config - no token-based enrollment')
+      if policy['token_enrollment']['token'] != enrollment_token:
+        return (403, 'Invalid enrollment token')
+      username = policy['token_enrollment']['username']
+    else:
+      # Check the auth token and device ID.
+      auth = self.CheckGoogleLogin()
+      if not auth:
+        return (403, 'No authorization')
+      if ('managed_users' not in policy):
+        return (500, 'Error in config - no managed users')
+      username = self.server.ResolveUser(auth)
    if ('*' not in policy['managed_users'] and
        username not in policy['managed_users']):
      return (403, 'Unmanaged')