Add handling for existing local account mapping in custom attributes as

per [1].

[1] https://docs.google.com/document/d/1zDUlxBwkhNXBQRNifEjK2fylRKE7WmYALej1u-bzshk

Change-Id: I641595027b2e4571d44431486ac2ef2105b586c6
Bug: 1038515
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1973359Reviewed-by: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Tien Mai <tienmai@chromium.org>
Commit-Queue: Rakesh Soma <rakeshsoma@google.com>
Cr-Commit-Position: refs/heads/master@{#728566}

chrome/credential_provider/DEPS

@@ -5,6 +5,7 @@ include_rules = [
   "+components/crash",
   "+google_apis",
   "+third_party/boringssl/src/include",
+  "+third_party/re2",
 ]
 
 specific_include_rules = {

chrome/credential_provider/gaiacp/BUILD.gn

@@ -120,6 +120,7 @@ source_set("gaiacp_lib") {
     "//components/crash/content/app:crash_export_thunks",
     "//components/crash/content/app:run_as_crashpad_handler",
     "//third_party/boringssl",
+    "//third_party/re2",
   ]
   if (is_component_build) {
     deps += [ "//content/public/common" ]

chrome/credential_provider/gaiacp/gaia_credential_base.h

@@ -75,8 +75,8 @@ class ATL_NO_VTABLE CGaiaCredentialBase
     StdParentHandles parent_handles;
   };
 
-  // Returns true if "enable_ad_association" registry key is set to 1.
-  static bool IsAdToGoogleAssociationEnabled();
+  // Returns true if "enable_cloud_association" registry key is set to 1.
+  static bool IsCloudAssociationEnabled();
 
  protected:
   CGaiaCredentialBase();

chrome/credential_provider/gaiacp/gaia_credential_provider.cc

@@ -438,7 +438,7 @@ HRESULT CGaiaCredentialProvider::CreateReauthCredentials(
     if (!AssociatedUserValidator::Get()->HasInternetConnection() &&
         !AssociatedUserValidator::Get()->IsOnlineLoginStale(sid)) {
       continue;
-    } else if (CGaiaCredentialBase::IsAdToGoogleAssociationEnabled() &&
+    } else if (CGaiaCredentialBase::IsCloudAssociationEnabled() &&
                OSUserManager::Get()->IsUserDomainJoined(sid)) {
       if (user_id[0] && is_token_handle_valid_for_user) {
         continue;

chrome/credential_provider/gaiacp/gaia_credential_provider_unittests.cc

@@ -454,7 +454,7 @@ class GcpCredentialProviderWithGaiaUsersTest
 
 void GcpCredentialProviderWithGaiaUsersTest::SetUp() {
   GcpCredentialProviderTest::SetUp();
-  ASSERT_EQ(S_OK, SetGlobalFlagForTesting(L"enable_ad_association", 0));
+  ASSERT_EQ(S_OK, SetGlobalFlagForTesting(L"enable_cloud_association", 0));
 }
 
 // TODO(crbug.com/1038339): Test is failing consistently.
@@ -471,7 +471,7 @@ TEST_P(GcpCredentialProviderWithGaiaUsersTest, DISABLED_ReauthCredentialTest) {
   CComBSTR sid;
   if (is_ad_user) {
     // Add an AD user. Note that this covers the scenario where
-    // enable_ad_association is set to false.
+    // enable_cloud_association is set to false.
     ASSERT_EQ(S_OK, fake_os_user_manager()->CreateTestOSUser(
                         L"username", L"password", L"full name", L"comment",
                         L"gaia-id", L"foo@gmail.com", L"domain", &sid));
@@ -549,7 +549,7 @@ class GcpCredentialProviderWithADUsersTest
 
 void GcpCredentialProviderWithADUsersTest::SetUp() {
   GcpCredentialProviderTest::SetUp();
-  ASSERT_EQ(S_OK, SetGlobalFlagForTesting(L"enable_ad_association", 1));
+  ASSERT_EQ(S_OK, SetGlobalFlagForTesting(L"enable_cloud_association", 1));
 }
 
 // TODO(crbug.com/1038351): Test fails on Windows.

chrome/credential_provider/gaiacp/gcp_utils.cc

@@ -778,6 +778,35 @@ std::string GetDictStringUTF8(const base::Value& dict, const char* name) {
   return value && value->is_string() ? value->GetString() : std::string();
 }
 
+HRESULT SearchForListInStringDictUTF8(
+    const std::string& list_key,
+    const std::string& json_string,
+    const std::initializer_list<base::StringPiece>& path,
+    std::vector<std::string>* output) {
+  DCHECK(path.size() > 0);
+
+  base::Optional<base::Value> json_obj =
+      base::JSONReader::Read(json_string, base::JSON_ALLOW_TRAILING_COMMAS);
+  if (!json_obj || !json_obj->is_dict()) {
+    LOGFN(ERROR) << "base::JSONReader::Read failed to translate to JSON";
+    return E_FAIL;
+  }
+
+  auto* value = json_obj->FindListPath(base::JoinString(path, "."));
+  if (value && value->is_list()) {
+    base::Value::ListStorage& string_list = value->GetList();
+    for (const base::Value& entry : string_list) {
+      if (entry.FindKey(list_key) && entry.FindKey(list_key)->is_string()) {
+        std::string value = entry.FindKey(list_key)->GetString();
+        output->push_back(value);
+      } else {
+        return E_FAIL;
+      }
+    }
+  }
+  return S_OK;
+}
+
 std::string GetDictStringUTF8(const std::unique_ptr<base::Value>& dict,
                               const char* name) {
   return GetDictStringUTF8(*dict, name);

chrome/credential_provider/gaiacp/gcp_utils.h

@@ -246,10 +246,23 @@ base::string16 GetDictString(const std::unique_ptr<base::Value>& dict,
 // names provided in the input should be in order. Below is an example : Lets
 // say the json object is {"key1": {"key2": {"key3": "value1"}}, "key4":
 // "value2"}. Then to search for the key "key3", this method should be called
-// by providing the names vector as {"key1", "key2", "key3"}.
+// by providing the |path| as {"key1", "key2", "key3"}.
 std::string SearchForKeyInStringDictUTF8(
     const std::string& json_string,
     const std::initializer_list<base::StringPiece>& path);
+
+// Perform a recursive search on a nested dictionary object. Note that the
+// names provided in the input should be in order. Below is an example : Lets
+// say the json object is
+// {"key1": {"key2": {"value": "value1", "value": "value2"}}}.
+// Then to search for the key "key2" and list_key as "value", then this method
+// should be called by providing |list_key| as "value", |path| as
+// ["key1", "key2"] and the result returned would be ["value1", "value2"].
+HRESULT SearchForListInStringDictUTF8(
+    const std::string& list_key,
+    const std::string& json_string,
+    const std::initializer_list<base::StringPiece>& path,
+    std::vector<std::string>* output);
 std::string GetDictStringUTF8(const base::Value& dict, const char* name);
 std::string GetDictStringUTF8(const std::unique_ptr<base::Value>& dict,
                               const char* name);

chrome/credential_provider/gaiacp/reauth_credential.cc

@@ -44,7 +44,7 @@ HRESULT CReauthCredential::GetUserGlsCommandline(
                                        OLE2CW(email_for_reauth_));
     }
     return CGaiaCredentialBase::GetUserGlsCommandline(command_line);
-  } else if (CGaiaCredentialBase::IsAdToGoogleAssociationEnabled() &&
+  } else if (CGaiaCredentialBase::IsCloudAssociationEnabled() &&
              OSUserManager::Get()->IsUserDomainJoined(OLE2CW(os_user_sid_))) {
     // Note that if ADAssociationIsEnabled and the reauth credential is an AD
     // user account, then fallback to the GaiaCredentialBase for loading Gls.
@@ -99,7 +99,7 @@ HRESULT CReauthCredential::GetStringValueImpl(DWORD field_id, wchar_t** value) {
     // If its an AD user sid without a user_id set in the registry, then
     // we need to show a different description message.
     if (email_for_reauth_.Length() == 0 &&
-        CGaiaCredentialBase::IsAdToGoogleAssociationEnabled() &&
+        CGaiaCredentialBase::IsCloudAssociationEnabled() &&
         OSUserManager::Get()->IsUserDomainJoined(sid)) {
       description_label_id = IDS_REAUTH_AD_NO_USER_FID_DESCRIPTION_BASE;
     } else {

chrome/credential_provider/gaiacp/reauth_credential_unittests.cc

@@ -93,9 +93,9 @@ TEST_P(GcpReauthCredentialGetStringValueTest, FidDescription) {
   const bool is_user_domain_joined = std::get<2>(GetParam());
   const bool is_sid_empty = std::get<3>(GetParam());
 
-  // Override registry to enable AD association with google.
-  constexpr wchar_t kRegEnableADAssociation[] = L"enable_ad_association";
-  ASSERT_EQ(S_OK, SetGlobalFlagForTesting(kRegEnableADAssociation,
+  // Override registry to enable cloud association with google.
+  constexpr wchar_t kRegCloudAssociation[] = L"enable_cloud_association";
+  ASSERT_EQ(S_OK, SetGlobalFlagForTesting(kRegCloudAssociation,
                                           is_ad_association_enabled));
 
   Microsoft::WRL::ComPtr<IReauthCredential> reauth;
@@ -332,9 +332,9 @@ TEST_F(GcpReauthCredentialGlsRunnerTest, NoGaiaIdAvailable) {
 TEST_F(GcpReauthCredentialGlsRunnerTest, NoGaiaIdAvailableForADUser) {
   USES_CONVERSION;
 
-  // Override registry to enable AD association with google.
-  constexpr wchar_t kRegEnableADAssociation[] = L"enable_ad_association";
-  ASSERT_EQ(S_OK, SetGlobalFlagForTesting(kRegEnableADAssociation, 1));
+  // Override registry to enable cloud association with google.
+  constexpr wchar_t kRegCloudAssociation[] = L"enable_cloud_association";
+  ASSERT_EQ(S_OK, SetGlobalFlagForTesting(kRegCloudAssociation, 1));
 
   CredentialProviderSigninDialogTestDataStorage test_data_storage;