Make robot account request a one-time call

Bug: 854101
Change-Id: Ibd9375295ea26ff0533dadcc8153cabfe71ba786
Reviewed-on: https://chromium-review.googlesource.com/1251443
Commit-Queue: Denis Kuznetsov <antrim@chromium.org>
Reviewed-by: Sergey Poromov <poromov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#595088}

chrome/browser/chromeos/policy/app_install_event_log_uploader.h

@@ -80,7 +80,6 @@ class AppInstallEventLogUploader : public CloudPolicyClient::Observer {
   // request when the client registers, by asking the delegate to serialize logs
   // and with the exponential backoff reset to its minimum.
   void OnRegistrationStateChanged(CloudPolicyClient* client) override;
-  void OnRobotAuthCodesFetched(CloudPolicyClient* client) override {}
   void OnClientError(CloudPolicyClient* client) override {}
 
  private:

chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc

@@ -551,7 +551,10 @@ void EnrollmentHandlerChromeOS::HandlePolicyValidationResult(
     } else {
       domain_ = gaia::ExtractDomainName(gaia::CanonicalizeEmail(username));
       SetStep(STEP_ROBOT_AUTH_FETCH);
-      client_->FetchRobotAuthCodes(dm_auth_->Clone());
+      client_->FetchRobotAuthCodes(
+          dm_auth_->Clone(),
+          base::BindOnce(&EnrollmentHandlerChromeOS::OnRobotAuthCodesFetched,
+                         weak_ptr_factory_.GetWeakPtr()));
     }
   } else {
     ReportResult(EnrollmentStatus::ForValidationError(validator->status()));
@@ -559,11 +562,14 @@ void EnrollmentHandlerChromeOS::HandlePolicyValidationResult(
 }
 
 void EnrollmentHandlerChromeOS::OnRobotAuthCodesFetched(
-    CloudPolicyClient* client) {
-  DCHECK_EQ(client_.get(), client);
+    DeviceManagementStatus status,
+    const std::string& auth_code) {
   CHECK_EQ(STEP_ROBOT_AUTH_FETCH, enrollment_step_);
-
-  if (client->robot_api_auth_code().empty()) {
+  if (status != DM_STATUS_SUCCESS) {
+    OnClientError(client_.get());
+    return;
+  }
+  if (auth_code.empty()) {
     // If the server doesn't provide an auth code, skip the robot auth setup.
     // This allows clients running against the test server to transparently skip
     // robot auth.
@@ -583,8 +589,8 @@ void EnrollmentHandlerChromeOS::OnRobotAuthCodesFetched(
   // Use the system request context to avoid sending user cookies.
   gaia_oauth_client_.reset(new gaia::GaiaOAuthClient(
       g_browser_process->shared_url_loader_factory()));
-  gaia_oauth_client_->GetTokensFromAuthCode(
-      client_info, client->robot_api_auth_code(), 0 /* max_retries */, this);
+  gaia_oauth_client_->GetTokensFromAuthCode(client_info, auth_code,
+                                            0 /* max_retries */, this);
 }
 
 // GaiaOAuthClient::Delegate callback for OAuth2 refresh token fetched.

chrome/browser/chromeos/policy/enrollment_handler_chromeos.h

@@ -100,7 +100,6 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer,
   // CloudPolicyClient::Observer:
   void OnPolicyFetched(CloudPolicyClient* client) override;
   void OnRegistrationStateChanged(CloudPolicyClient* client) override;
-  void OnRobotAuthCodesFetched(CloudPolicyClient* client) override;
   void OnClientError(CloudPolicyClient* client) override;
 
   // CloudPolicyStore::Observer:
@@ -211,6 +210,10 @@ class EnrollmentHandlerChromeOS : public CloudPolicyClient::Observer,
   // Handles the policy validation result for the offline demo mode.
   void OnOfflinePolicyValidated(DeviceCloudPolicyValidator* validator);
 
+  // Handles the fetching auth codes for robot accounts during enrollment.
+  void OnRobotAuthCodesFetched(DeviceManagementStatus status,
+                               const std::string& auth_code);
+
   std::unique_ptr<DeviceCloudPolicyValidator> CreateValidator(
       std::unique_ptr<enterprise_management::PolicyFetchResponse> policy,
       const std::string& domain);

components/policy/core/common/cloud/cloud_policy_client.cc

@@ -150,9 +150,6 @@ TranslatePolicyValidationResultSeverity(
 
 CloudPolicyClient::Observer::~Observer() {}
 
-void CloudPolicyClient::Observer::OnRobotAuthCodesFetched(
-    CloudPolicyClient* client) {}
-
 CloudPolicyClient::CloudPolicyClient(
     const std::string& machine_id,
     const std::string& machine_model,
@@ -461,7 +458,8 @@ void CloudPolicyClient::UploadPolicyValidationReport(
   request_jobs_.back()->Start(job_callback);
 }
 
-void CloudPolicyClient::FetchRobotAuthCodes(std::unique_ptr<DMAuth> auth) {
+void CloudPolicyClient::FetchRobotAuthCodes(std::unique_ptr<DMAuth> auth,
+                                            RobotAuthCodeCallback callback) {
   CHECK(is_registered());
   DCHECK(auth->has_dm_token());
 
@@ -479,9 +477,9 @@ void CloudPolicyClient::FetchRobotAuthCodes(std::unique_ptr<DMAuth> auth) {
   request->add_auth_scope(GaiaConstants::kAnyApiOAuth2Scope);
   request->set_device_type(em::DeviceServiceApiAccessRequest::CHROME_OS);
 
-  policy_fetch_request_job_->Start(
-      base::Bind(&CloudPolicyClient::OnFetchRobotAuthCodesCompleted,
-                 weak_ptr_factory_.GetWeakPtr()));
+  policy_fetch_request_job_->Start(base::AdaptCallbackForRepeating(
+      base::BindOnce(&CloudPolicyClient::OnFetchRobotAuthCodesCompleted,
+                     weak_ptr_factory_.GetWeakPtr(), std::move(callback))));
 }
 
 void CloudPolicyClient::Unregister() {
@@ -870,6 +868,7 @@ void CloudPolicyClient::OnRegisterCompleted(
 }
 
 void CloudPolicyClient::OnFetchRobotAuthCodesCompleted(
+    RobotAuthCodeCallback callback,
     DeviceManagementStatus status,
     int net_error,
     const em::DeviceManagementResponse& response) {
@@ -878,16 +877,14 @@ void CloudPolicyClient::OnFetchRobotAuthCodesCompleted(
     LOG(WARNING) << "Invalid service api access response.";
     status = DM_STATUS_RESPONSE_DECODING_ERROR;
   }
-
   status_ = status;
   if (status == DM_STATUS_SUCCESS) {
-    robot_api_auth_code_ = response.service_api_access_response().auth_code();
     DVLOG(1) << "Device robot account auth code fetch complete - code = "
-             << robot_api_auth_code_;
-
-    NotifyRobotAuthCodesFetched();
+             << response.service_api_access_response().auth_code();
+    std::move(callback).Run(status,
+                            response.service_api_access_response().auth_code());
   } else {
-    NotifyClientError();
+    std::move(callback).Run(status, std::string());
   }
 }
 
@@ -1142,11 +1139,6 @@ void CloudPolicyClient::NotifyRegistrationStateChanged() {
     observer.OnRegistrationStateChanged(this);
 }
 
-void CloudPolicyClient::NotifyRobotAuthCodesFetched() {
-  for (auto& observer : observers_)
-    observer.OnRobotAuthCodesFetched(this);
-}
-
 void CloudPolicyClient::NotifyClientError() {
   for (auto& observer : observers_)
     observer.OnClientError(this);

components/policy/core/common/cloud/cloud_policy_client.h

@@ -71,6 +71,11 @@ class POLICY_EXPORT CloudPolicyClient {
       DeviceManagementStatus,
       const std::vector<enterprise_management::RemoteCommand>&)>;
 
+  // A callback for fetching device robot OAuth2 authorization tokens.
+  // Only occurs during enrollment, after the device is registered.
+  using RobotAuthCodeCallback =
+      base::OnceCallback<void(DeviceManagementStatus, const std::string&)>;
+
   // A callback which fetches device dm_token based on user affiliation.
   // Should be called once per registration.
   using DeviceDMTokenCallback = base::RepeatingCallback<std::string(
@@ -89,11 +94,6 @@ class POLICY_EXPORT CloudPolicyClient {
     // successful completion of registration and unregistration requests.
     virtual void OnRegistrationStateChanged(CloudPolicyClient* client) = 0;
 
-    // Called when a request for device robot OAuth2 authorization tokens
-    // returns successfully. Only occurs during enrollment. Optional
-    // (default implementation is a noop).
-    virtual void OnRobotAuthCodesFetched(CloudPolicyClient* client);
-
     // Indicates there's been an error in a previously-issued request.
     virtual void OnClientError(CloudPolicyClient* client) = 0;
   };
@@ -183,7 +183,9 @@ class POLICY_EXPORT CloudPolicyClient {
   // Requests OAuth2 auth codes for the device robot account. The client being
   // registered is a prerequisite to this operation and this call will CHECK if
   // the client is not in registered state.
-  virtual void FetchRobotAuthCodes(std::unique_ptr<DMAuth> auth);
+  // The |callback| will be called when the operation completes.
+  virtual void FetchRobotAuthCodes(std::unique_ptr<DMAuth> auth,
+                                   RobotAuthCodeCallback callback);
 
   // Sends an unregistration request to the server.
   virtual void Unregister();
@@ -349,10 +351,6 @@ class POLICY_EXPORT CloudPolicyClient {
     return status_;
   }
 
-  const std::string& robot_api_auth_code() const {
-    return robot_api_auth_code_;
-  }
-
   // Returns the invalidation version that was used for the last FetchPolicy.
   // Observers can call this method from their OnPolicyFetched method to
   // determine which at which invalidation version the policy was fetched.
@@ -403,6 +401,7 @@ class POLICY_EXPORT CloudPolicyClient {
 
   // Callback for robot account api authorization requests.
   void OnFetchRobotAuthCodesCompleted(
+      RobotAuthCodeCallback callback,
       DeviceManagementStatus status,
       int net_error,
       const enterprise_management::DeviceManagementResponse& response);
@@ -475,7 +474,6 @@ class POLICY_EXPORT CloudPolicyClient {
   // Observer notification helpers.
   void NotifyPolicyFetched();
   void NotifyRegistrationStateChanged();
-  void NotifyRobotAuthCodesFetched();
   void NotifyClientError();
 
   // Data necessary for constructing policy requests.
@@ -492,7 +490,6 @@ class POLICY_EXPORT CloudPolicyClient {
   base::Time last_policy_timestamp_;
   int public_key_version_ = -1;
   bool public_key_version_valid_ = false;
-  std::string robot_api_auth_code_;
   // Device DMToken for affiliated user policy requests.
   // Retrieved from |device_dm_token_callback_| on registration.
   std::string device_dm_token_;

components/policy/core/common/cloud/mock_cloud_policy_client.h

@@ -105,7 +105,6 @@ class MockCloudPolicyClientObserver : public CloudPolicyClient::Observer {
 
   MOCK_METHOD1(OnPolicyFetched, void(CloudPolicyClient*));
   MOCK_METHOD1(OnRegistrationStateChanged, void(CloudPolicyClient*));
-  MOCK_METHOD1(OnRobotAuthCodesFetched, void(CloudPolicyClient*));
   MOCK_METHOD1(OnClientError, void(CloudPolicyClient*));
 
  private: