Make robot account request a one-time call

Bug: 854101 Change-Id: Ibd9375295ea26ff0533dadcc8153cabfe71ba786 Reviewed-on: https://chromium-review.googlesource.com/1251443 Commit-Queue: Denis Kuznetsov <antrim@chromium.org> Reviewed-by: Sergey Poromov <poromov@chromium.org> Cr-Commit-Position: refs/heads/master@{#595088}

Make robot account request a one-time call
Bug: 854101 Change-Id: Ibd9375295ea26ff0533dadcc8153cabfe71ba786 Reviewed-on: https://chromium-review.googlesource.com/1251443 Commit-Queue: Denis Kuznetsov <antrim@chromium.org> Reviewed-by: Sergey Poromov <poromov@chromium.org> Cr-Commit-Position: refs/heads/master@{#595088}
b3eeabcc · Denis Kuznetsov · Commit Bot · 4e2538c0 · b3eeabcc · b3eeabcc
Commit b3eeabcc authored Sep 28, 2018 by Denis Kuznetsov Committed by Commit Bot Sep 28, 2018
6 changed files
--- a/chrome/browser/chromeos/policy/app_install_event_log_uploader.h
+++ b/chrome/browser/chromeos/policy/app_install_event_log_uploader.h
@@ -80,7 +80,6 @@ class AppInstallEventLogUploader : public CloudPolicyClient::Observer {
  // request when the client registers, by asking the delegate to serialize logs
  // and with the exponential backoff reset to its minimum.
  void OnRegistrationStateChanged(CloudPolicyClient* client) override;
-  void OnRobotAuthCodesFetched(CloudPolicyClient* client) override {}
  void OnClientError(CloudPolicyClient* client) override {}
 private:

--- a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
+++ b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc
@@ -551,7 +551,10 @@ void EnrollmentHandlerChromeOS::HandlePolicyValidationResult(
    } else {
      domain_ = gaia::ExtractDomainName(gaia::CanonicalizeEmail(username));
      SetStep(STEP_ROBOT_AUTH_FETCH);
-      client_->FetchRobotAuthCodes(dm_auth_->Clone());
+      client_->FetchRobotAuthCodes(
+          dm_auth_->Clone(),
+          base::BindOnce(&EnrollmentHandlerChromeOS::OnRobotAuthCodesFetched,
+                         weak_ptr_factory_.GetWeakPtr()));
    }
  } else {
    ReportResult(EnrollmentStatus::ForValidationError(validator->status()));
@@ -559,11 +562,14 @@ void EnrollmentHandlerChromeOS::HandlePolicyValidationResult(
 }
 void EnrollmentHandlerChromeOS::OnRobotAuthCodesFetched(
-    CloudPolicyClient* client) {
+    DeviceManagementStatus status,
-  DCHECK_EQ(client_.get(), client);
+    const std::string& auth_code) {
  CHECK_EQ(STEP_ROBOT_AUTH_FETCH, enrollment_step_);
+  if (status != DM_STATUS_SUCCESS) {
-  if (client->robot_api_auth_code().empty()) {
+    OnClientError(client_.get());
+    return;
+  }
+  if (auth_code.empty()) {
    // If the server doesn't provide an auth code, skip the robot auth setup.
    // This allows clients running against the test server to transparently skip
    // robot auth.
@@ -583,8 +589,8 @@ void EnrollmentHandlerChromeOS::OnRobotAuthCodesFetched(
  // Use the system request context to avoid sending user cookies.
  gaia_oauth_client_.reset(new gaia::GaiaOAuthClient(
      g_browser_process->shared_url_loader_factory()));
-  gaia_oauth_client_->GetTokensFromAuthCode(
+  gaia_oauth_client_->GetTokensFromAuthCode(client_info, auth_code,
-      client_info, client->robot_api_auth_code(), 0 /* max_retries */, this);
+                                            0 /* max_retries */, this);
 }
 // GaiaOAuthClient::Delegate callback for OAuth2 refresh token fetched.

--- a/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h
+++ b/chrome/browser/chromeos/policy/enrollment_handler_chromeos.h
@@ -100,7 +100,6 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer,
  // CloudPolicyClient::Observer:
  void OnPolicyFetched(CloudPolicyClient* client) override;
  void OnRegistrationStateChanged(CloudPolicyClient* client) override;
-  void OnRobotAuthCodesFetched(CloudPolicyClient* client) override;
  void OnClientError(CloudPolicyClient* client) override;
  // CloudPolicyStore::Observer:
@@ -211,6 +210,10 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer,
  // Handles the policy validation result for the offline demo mode.
  void OnOfflinePolicyValidated(DeviceCloudPolicyValidator* validator);
+  // Handles the fetching auth codes for robot accounts during enrollment.
+  void OnRobotAuthCodesFetched(DeviceManagementStatus status,
+                               const std::string& auth_code);
  std::unique_ptr<DeviceCloudPolicyValidator> CreateValidator(
      std::unique_ptr<enterprise_management::PolicyFetchResponse> policy,
      const std::string& domain);

--- a/components/policy/core/common/cloud/cloud_policy_client.cc
+++ b/components/policy/core/common/cloud/cloud_policy_client.cc
@@ -150,9 +150,6 @@ TranslatePolicyValidationResultSeverity(
 CloudPolicyClient::Observer::~Observer() {}
-void CloudPolicyClient::Observer::OnRobotAuthCodesFetched(
-    CloudPolicyClient* client) {}
 CloudPolicyClient::CloudPolicyClient(
    const std::string& machine_id,
    const std::string& machine_model,
@@ -461,7 +458,8 @@ void CloudPolicyClient::UploadPolicyValidationReport(
  request_jobs_.back()->Start(job_callback);
 }
-void CloudPolicyClient::FetchRobotAuthCodes(std::unique_ptr<DMAuth> auth) {
+void CloudPolicyClient::FetchRobotAuthCodes(std::unique_ptr<DMAuth> auth,
+                                            RobotAuthCodeCallback callback) {
  CHECK(is_registered());
  DCHECK(auth->has_dm_token());
@@ -479,9 +477,9 @@ void CloudPolicyClient::FetchRobotAuthCodes(std::unique_ptr<DMAuth> auth) {
  request->add_auth_scope(GaiaConstants::kAnyApiOAuth2Scope);
  request->set_device_type(em::DeviceServiceApiAccessRequest::CHROME_OS);
-  policy_fetch_request_job_->Start(
+  policy_fetch_request_job_->Start(base::AdaptCallbackForRepeating(
-      base::Bind(&CloudPolicyClient::OnFetchRobotAuthCodesCompleted,
+      base::BindOnce(&CloudPolicyClient::OnFetchRobotAuthCodesCompleted,
-                 weak_ptr_factory_.GetWeakPtr()));
+                     weak_ptr_factory_.GetWeakPtr(), std::move(callback))));
 }
 void CloudPolicyClient::Unregister() {
@@ -870,6 +868,7 @@ void CloudPolicyClient::OnRegisterCompleted(
 }
 void CloudPolicyClient::OnFetchRobotAuthCodesCompleted(
+    RobotAuthCodeCallback callback,
    DeviceManagementStatus status,
    int net_error,
    const em::DeviceManagementResponse& response) {
@@ -878,16 +877,14 @@ void CloudPolicyClient::OnFetchRobotAuthCodesCompleted(
    LOG(WARNING) << "Invalid service api access response.";
    status = DM_STATUS_RESPONSE_DECODING_ERROR;
  }
  status_ = status;
  if (status == DM_STATUS_SUCCESS) {
-    robot_api_auth_code_ = response.service_api_access_response().auth_code();
    DVLOG(1) << "Device robot account auth code fetch complete - code = "
-             << robot_api_auth_code_;
+             << response.service_api_access_response().auth_code();
+    std::move(callback).Run(status,
-    NotifyRobotAuthCodesFetched();
+                            response.service_api_access_response().auth_code());
  } else {
-    NotifyClientError();
+    std::move(callback).Run(status, std::string());
  }
 }
@@ -1142,11 +1139,6 @@ void CloudPolicyClient::NotifyRegistrationStateChanged() {
    observer.OnRegistrationStateChanged(this);
 }
-void CloudPolicyClient::NotifyRobotAuthCodesFetched() {
-  for (auto& observer : observers_)
-    observer.OnRobotAuthCodesFetched(this);
-}
 void CloudPolicyClient::NotifyClientError() {
  for (auto& observer : observers_)
    observer.OnClientError(this);

--- a/components/policy/core/common/cloud/cloud_policy_client.h
+++ b/components/policy/core/common/cloud/cloud_policy_client.h
@@ -71,6 +71,11 @@ class POLICY_EXPORT CloudPolicyClient {
      DeviceManagementStatus,
      const std::vector<enterprise_management::RemoteCommand>&)>;
+  // A callback for fetching device robot OAuth2 authorization tokens.
+  // Only occurs during enrollment, after the device is registered.
+  using RobotAuthCodeCallback =
+      base::OnceCallback<void(DeviceManagementStatus, const std::string&)>;
  // A callback which fetches device dm_token based on user affiliation.
  // Should be called once per registration.
  using DeviceDMTokenCallback = base::RepeatingCallback<std::string(
@@ -89,11 +94,6 @@ class POLICY_EXPORT CloudPolicyClient {
    // successful completion of registration and unregistration requests.
    virtual void OnRegistrationStateChanged(CloudPolicyClient* client) = 0;
-    // Called when a request for device robot OAuth2 authorization tokens
-    // returns successfully. Only occurs during enrollment. Optional
-    // (default implementation is a noop).
-    virtual void OnRobotAuthCodesFetched(CloudPolicyClient* client);
    // Indicates there's been an error in a previously-issued request.
    virtual void OnClientError(CloudPolicyClient* client) = 0;
  };
@@ -183,7 +183,9 @@ class POLICY_EXPORT CloudPolicyClient {
  // Requests OAuth2 auth codes for the device robot account. The client being
  // registered is a prerequisite to this operation and this call will CHECK if
  // the client is not in registered state.
-  virtual void FetchRobotAuthCodes(std::unique_ptr<DMAuth> auth);
+  // The |callback| will be called when the operation completes.
+  virtual void FetchRobotAuthCodes(std::unique_ptr<DMAuth> auth,
+                                   RobotAuthCodeCallback callback);
  // Sends an unregistration request to the server.
  virtual void Unregister();
@@ -349,10 +351,6 @@ class POLICY_EXPORT CloudPolicyClient {
    return status_;
  }
-  const std::string& robot_api_auth_code() const {
-    return robot_api_auth_code_;
-  }
  // Returns the invalidation version that was used for the last FetchPolicy.
  // Observers can call this method from their OnPolicyFetched method to
  // determine which at which invalidation version the policy was fetched.
@@ -403,6 +401,7 @@ class POLICY_EXPORT CloudPolicyClient {
  // Callback for robot account api authorization requests.
  void OnFetchRobotAuthCodesCompleted(
+      RobotAuthCodeCallback callback,
      DeviceManagementStatus status,
      int net_error,
      const enterprise_management::DeviceManagementResponse& response);
@@ -475,7 +474,6 @@ class POLICY_EXPORT CloudPolicyClient {
  // Observer notification helpers.
  void NotifyPolicyFetched();
  void NotifyRegistrationStateChanged();
-  void NotifyRobotAuthCodesFetched();
  void NotifyClientError();
  // Data necessary for constructing policy requests.
@@ -492,7 +490,6 @@ class POLICY_EXPORT CloudPolicyClient {
  base::Time last_policy_timestamp_;
  int public_key_version_ = -1;
  bool public_key_version_valid_ = false;
-  std::string robot_api_auth_code_;
  // Device DMToken for affiliated user policy requests.
  // Retrieved from |device_dm_token_callback_| on registration.
  std::string device_dm_token_;

--- a/components/policy/core/common/cloud/mock_cloud_policy_client.h
+++ b/components/policy/core/common/cloud/mock_cloud_policy_client.h
@@ -105,7 +105,6 @@ class MockCloudPolicyClientObserver : public CloudPolicyClient::Observer {
  MOCK_METHOD1(OnPolicyFetched, void(CloudPolicyClient*));
  MOCK_METHOD1(OnRegistrationStateChanged, void(CloudPolicyClient*));
-  MOCK_METHOD1(OnRobotAuthCodesFetched, void(CloudPolicyClient*));
  MOCK_METHOD1(OnClientError, void(CloudPolicyClient*));
 private: