[GCPW] Rename TokenHandleValidator to AssociatedUserValidator.

This better reflects the use of this class as something used to
validate access for users associated with GCPW.

Bug: 924520
Change-Id: I78e8b5a72b1a9f4030b016ad9c920d53b2f789e6
Reviewed-on: https://chromium-review.googlesource.com/c/1489103
Commit-Queue: Tien Mai <tienmai@chromium.org>
Reviewed-by: Roger Tawa <rogerta@chromium.org>
Cr-Commit-Position: refs/heads/master@{#635862}

chrome/credential_provider/gaiacp/BUILD.gn

@@ -60,6 +60,8 @@ config("common_config") {
 
 source_set("gaiacp_lib") {
   sources = [
+    "associated_user_validator.cc",
+    "associated_user_validator.h",
     "auth_utils.cc",
     "auth_utils.h",
     "gaia_credential.cc",
@@ -95,8 +97,6 @@ source_set("gaiacp_lib") {
     "scoped_user_profile.cc",
     "scoped_user_profile.h",
     "stdafx.h",
-    "token_handle_validator.cc",
-    "token_handle_validator.h",
     "win_http_url_fetcher.cc",
     "win_http_url_fetcher.h",
   ]

chrome/credential_provider/gaiacp/token_handle_validator.cc → chrome/credential_provider/gaiacp/associated_user_validator.cc

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "chrome/credential_provider/gaiacp/token_handle_validator.h"
+#include "chrome/credential_provider/gaiacp/associated_user_validator.h"
 
 #include <ntstatus.h>
 #include <process.h>
@@ -25,13 +25,13 @@
 namespace credential_provider {
 
 const base::TimeDelta
-    TokenHandleValidator::kDefaultTokenHandleValidationTimeout =
+    AssociatedUserValidator::kDefaultTokenHandleValidationTimeout =
         base::TimeDelta::FromMilliseconds(3000);
 
-const base::TimeDelta TokenHandleValidator::kTokenHandleValidityLifetime =
+const base::TimeDelta AssociatedUserValidator::kTokenHandleValidityLifetime =
     base::TimeDelta::FromSeconds(30);
 
-const char TokenHandleValidator::kTokenInfoUrl[] =
+const char AssociatedUserValidator::kTokenInfoUrl[] =
     "https://www.googleapis.com/oauth2/v2/tokeninfo";
 
 namespace {
@@ -49,7 +49,7 @@ unsigned __stdcall CheckReauthStatus(void* param) {
       reinterpret_cast<CheckReauthParams*>(param));
 
   auto fetcher =
-      WinHttpUrlFetcher::Create(GURL(TokenHandleValidator::kTokenInfoUrl));
+      WinHttpUrlFetcher::Create(GURL(AssociatedUserValidator::kTokenInfoUrl));
 
   if (fetcher) {
     fetcher->SetRequestHeader("Content-Type",
@@ -94,7 +94,7 @@ unsigned __stdcall CheckReauthStatus(void* param) {
 
 bool TokenHandleNeedsUpdate(const base::Time& last_refresh) {
   return (base::Time::Now() - last_refresh) >
-         TokenHandleValidator::kTokenHandleValidityLifetime;
+         AssociatedUserValidator::kTokenHandleValidityLifetime;
 }
 
 bool WaitForQueryResult(const base::win::ScopedHandle& thread_handle,
@@ -204,14 +204,14 @@ HRESULT ModifyUserAccess(const std::unique_ptr<ScopedLsaPolicy>& policy,
 
 }  // namespace
 
-TokenHandleValidator::TokenHandleInfo::TokenHandleInfo() = default;
-TokenHandleValidator::TokenHandleInfo::~TokenHandleInfo() = default;
+AssociatedUserValidator::TokenHandleInfo::TokenHandleInfo() = default;
+AssociatedUserValidator::TokenHandleInfo::~TokenHandleInfo() = default;
 
-TokenHandleValidator::TokenHandleInfo::TokenHandleInfo(
+AssociatedUserValidator::TokenHandleInfo::TokenHandleInfo(
     const base::string16& token_handle)
     : queried_token_handle(token_handle), last_update(base::Time::Now()) {}
 
-TokenHandleValidator::TokenHandleInfo::TokenHandleInfo(
+AssociatedUserValidator::TokenHandleInfo::TokenHandleInfo(
     const base::string16& token_handle,
     base::Time update_time,
     base::win::ScopedHandle::Handle thread_handle)
@@ -220,28 +220,29 @@ TokenHandleValidator::TokenHandleInfo::TokenHandleInfo(
       pending_query_thread(thread_handle) {}
 
 // static
-TokenHandleValidator* TokenHandleValidator::Get() {
+AssociatedUserValidator* AssociatedUserValidator::Get() {
   return *GetInstanceStorage();
 }
 
 // static
-TokenHandleValidator** TokenHandleValidator::GetInstanceStorage() {
-  static TokenHandleValidator instance(kDefaultTokenHandleValidationTimeout);
-  static TokenHandleValidator* instance_storage = &instance;
+AssociatedUserValidator** AssociatedUserValidator::GetInstanceStorage() {
+  static AssociatedUserValidator instance(kDefaultTokenHandleValidationTimeout);
+  static AssociatedUserValidator* instance_storage = &instance;
 
   return &instance_storage;
 }
 
-TokenHandleValidator::TokenHandleValidator(base::TimeDelta validation_timeout)
+AssociatedUserValidator::AssociatedUserValidator(
+    base::TimeDelta validation_timeout)
     : validation_timeout_(validation_timeout) {}
 
-TokenHandleValidator::~TokenHandleValidator() = default;
+AssociatedUserValidator::~AssociatedUserValidator() = default;
 
-bool TokenHandleValidator::HasInternetConnection() {
+bool AssociatedUserValidator::HasInternetConnection() {
   return InternetAvailabilityChecker::Get()->HasInternetConnection();
 }
 
-void TokenHandleValidator::GetAssociatedSids(
+void AssociatedUserValidator::GetAssociatedSids(
     std::set<base::string16>* associated_sids) {
   DCHECK(associated_sids);
 
@@ -250,7 +251,7 @@ void TokenHandleValidator::GetAssociatedSids(
     associated_sids->insert(it.first);
 }
 
-bool TokenHandleValidator::IsUserAccessBlockingEnforced(
+bool AssociatedUserValidator::IsUserAccessBlockingEnforced(
     CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus) const {
   if (!MdmEnrollmentEnabled())
     return false;
@@ -261,7 +262,7 @@ bool TokenHandleValidator::IsUserAccessBlockingEnforced(
   return true;
 }
 
-void TokenHandleValidator::DenySigninForUsersWithInvalidTokenHandles(
+void AssociatedUserValidator::DenySigninForUsersWithInvalidTokenHandles(
     CREDENTIAL_PROVIDER_USAGE_SCENARIO cpus) {
   if (!IsUserAccessBlockingEnforced(cpus))
     return;
@@ -293,7 +294,7 @@ void TokenHandleValidator::DenySigninForUsersWithInvalidTokenHandles(
   }
 }
 
-HRESULT TokenHandleValidator::RestoreUserAccess(const base::string16& sid) {
+HRESULT AssociatedUserValidator::RestoreUserAccess(const base::string16& sid) {
   if (locked_user_sids_.erase(sid)) {
     auto policy = ScopedLsaPolicy::Create(POLICY_ALL_ACCESS);
     return ModifyUserAccess(policy, sid, true);
@@ -302,7 +303,7 @@ HRESULT TokenHandleValidator::RestoreUserAccess(const base::string16& sid) {
   return S_OK;
 }
 
-void TokenHandleValidator::AllowSigninForUsersWithInvalidTokenHandles() {
+void AssociatedUserValidator::AllowSigninForUsersWithInvalidTokenHandles() {
   LOGFN(INFO);
   auto policy = ScopedLsaPolicy::Create(POLICY_ALL_ACCESS);
   for (auto& sid : locked_user_sids_) {
@@ -313,7 +314,7 @@ void TokenHandleValidator::AllowSigninForUsersWithInvalidTokenHandles() {
   locked_user_sids_.clear();
 }
 
-void TokenHandleValidator::StartRefreshingTokenHandleValidity() {
+void AssociatedUserValidator::StartRefreshingTokenHandleValidity() {
   std::map<base::string16, base::string16> sid_to_handle;
   HRESULT hr = CleanupStaleUsersAndGetTokenHandles(&sid_to_handle);
 
@@ -327,7 +328,7 @@ void TokenHandleValidator::StartRefreshingTokenHandleValidity() {
   CheckTokenHandleValidity(sid_to_handle);
 }
 
-void TokenHandleValidator::CheckTokenHandleValidity(
+void AssociatedUserValidator::CheckTokenHandleValidity(
     const std::map<base::string16, base::string16>& handles_to_verify) {
   for (auto it = handles_to_verify.cbegin(); it != handles_to_verify.cend();
        ++it) {
@@ -375,7 +376,7 @@ void TokenHandleValidator::CheckTokenHandleValidity(
   }
 }
 
-void TokenHandleValidator::StartTokenValidityQuery(
+void AssociatedUserValidator::StartTokenValidityQuery(
     const base::string16& sid,
     const base::string16& token_handle,
     base::TimeDelta timeout) {
@@ -404,7 +405,7 @@ void TokenHandleValidator::StartTokenValidityQuery(
       token_handle, max_end_time, reinterpret_cast<HANDLE>(wait_thread));
 }
 
-bool TokenHandleValidator::IsTokenHandleValidForUser(
+bool AssociatedUserValidator::IsTokenHandleValidForUser(
     const base::string16& sid) {
   // All token handles are valid when no internet connection is available.
   if (!HasInternetConnection())

chrome/credential_provider/gaiacp/token_handle_validator.h → chrome/credential_provider/gaiacp/associated_user_validator.h

@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef CHROME_CREDENTIAL_PROVIDER_GAIACP_TOKEN_HANDLE_VALIDATOR_H_
-#define CHROME_CREDENTIAL_PROVIDER_GAIACP_TOKEN_HANDLE_VALIDATOR_H_
+#ifndef CHROME_CREDENTIAL_PROVIDER_GAIACP_ASSOCIATED_USER_VALIDATOR_H_
+#define CHROME_CREDENTIAL_PROVIDER_GAIACP_ASSOCIATED_USER_VALIDATOR_H_
 
 #include <credentialprovider.h>
 
@@ -20,7 +20,7 @@ namespace credential_provider {
 
 // Caches the current validity of token handles and updates the validity if
 // it is older than a specified validity lifetime.
-class TokenHandleValidator {
+class AssociatedUserValidator {
  public:
   // Default timeout when querying token info for token handles. If a timeout
   // occurs the token handle is assumed to be valid.
@@ -34,7 +34,7 @@ class TokenHandleValidator {
   // Default URL used to fetch token info for token handles.
   static const char kTokenInfoUrl[];
 
-  static TokenHandleValidator* Get();
+  static AssociatedUserValidator* Get();
 
   // Get all the token handles for all associated users and start queries
   // for their validity. The queries are fired in separate threads but
@@ -71,8 +71,8 @@ class TokenHandleValidator {
   void GetAssociatedSids(std::set<base::string16>* associated_sids);
 
  protected:
-  explicit TokenHandleValidator(base::TimeDelta validation_timeout);
-  virtual ~TokenHandleValidator();
+  explicit AssociatedUserValidator(base::TimeDelta validation_timeout);
+  virtual ~AssociatedUserValidator();
 
   bool HasInternetConnection();
   void CheckTokenHandleValidity(
@@ -82,7 +82,7 @@ class TokenHandleValidator {
                                base::TimeDelta timeout);
 
   // Returns the storage used for the instance pointer.
-  static TokenHandleValidator** GetInstanceStorage();
+  static AssociatedUserValidator** GetInstanceStorage();
 
   // Stores information about the current state of a user's token handle.
   // This information includes:
@@ -122,4 +122,4 @@ class TokenHandleValidator {
 
 }  // namespace credential_provider
 
-#endif  // CHROME_CREDENTIAL_PROVIDER_GAIACP_TOKEN_HANDLE_VALIDATOR_H_
+#endif  // CHROME_CREDENTIAL_PROVIDER_GAIACP_ASSOCIATED_USER_VALIDATOR_H_

chrome/credential_provider/gaiacp/gaia_credential_base.cc

@@ -30,6 +30,7 @@
 #include "base/win/scoped_com_initializer.h"
 #include "base/win/scoped_handle.h"
 #include "chrome/credential_provider/common/gcp_strings.h"
+#include "chrome/credential_provider/gaiacp/associated_user_validator.h"
 #include "chrome/credential_provider/gaiacp/auth_utils.h"
 #include "chrome/credential_provider/gaiacp/gaia_credential_provider_i.h"
 #include "chrome/credential_provider/gaiacp/gaia_resources.h"
@@ -43,7 +44,6 @@
 #include "chrome/credential_provider/gaiacp/reg_utils.h"
 #include "chrome/credential_provider/gaiacp/scoped_lsa_policy.h"
 #include "chrome/credential_provider/gaiacp/scoped_user_profile.h"
-#include "chrome/credential_provider/gaiacp/token_handle_validator.h"
 #include "chrome/installer/launcher_support/chrome_launcher_support.h"
 #include "content/public/common/content_switches.h"
 #include "google_apis/gaia/gaia_auth_util.h"
@@ -748,7 +748,8 @@ HRESULT CGaiaCredentialBase::HandleAutologon(
   }
 
   // Restore user's access so that they can sign in.
-  HRESULT hr = TokenHandleValidator::Get()->RestoreUserAccess(OLE2W(get_sid()));
+  HRESULT hr =
+      AssociatedUserValidator::Get()->RestoreUserAccess(OLE2W(get_sid()));
   if (FAILED(hr) && hr != HRESULT_FROM_NT(STATUS_OBJECT_NAME_NOT_FOUND)) {
     LOGFN(ERROR) << "RestoreUserAccess hr=" << putHR(hr);
     return hr;

chrome/credential_provider/gaiacp/gaia_credential_base_unittests.cc

@@ -517,7 +517,7 @@ TEST_F(GcpGaiaCredentialBaseTest, NewUserDisabledThroughUsageScenario) {
 TEST_F(GcpGaiaCredentialBaseTest, InvalidUserUnlockedAfterSignin) {
   // Enforce token handle verification with user locking when the token handle
   // is not valid.
-  FakeTokenHandleValidator validator;
+  FakeAssociatedUserValidator validator;
   FakeInternetAvailabilityChecker internet_checker;
   ASSERT_EQ(S_OK, SetGlobalFlagForTesting(kRegMdmUrl, L"https://mdm.com"));
   GoogleMdmEnrollmentStatusForTesting force_success(true);
@@ -534,7 +534,7 @@ TEST_F(GcpGaiaCredentialBaseTest, InvalidUserUnlockedAfterSignin) {
 
   // Invalid token fetch result.
   fake_http_url_fetcher_factory()->SetFakeResponse(
-      GURL(TokenHandleValidator::kTokenInfoUrl),
+      GURL(AssociatedUserValidator::kTokenInfoUrl),
       FakeWinHttpUrlFetcher::Headers(), "{}");
 
   // Lock the user through their token handle.
@@ -544,7 +544,7 @@ TEST_F(GcpGaiaCredentialBaseTest, InvalidUserUnlockedAfterSignin) {
   // User should have invalid token handle and be locked.
   DWORD reg_value = 0;
   EXPECT_FALSE(validator.IsTokenHandleValidForUser(OLE2W(sid)));
-  EXPECT_EQ(true, validator.IsUserLocked(OLE2W(sid)));
+  EXPECT_EQ(true, validator.IsUserAccessBlocked(OLE2W(sid)));
   EXPECT_EQ(S_OK,
             GetMachineRegDWORD(kWinlogonUserListRegKey, username, &reg_value));
   EXPECT_EQ(0u, reg_value);
@@ -579,7 +579,7 @@ TEST_F(GcpGaiaCredentialBaseTest, InvalidUserUnlockedAfterSignin) {
   // Email should be the same as the default one.
   EXPECT_EQ(test->GetFinalEmail(), kDefaultEmail);
 
-  EXPECT_EQ(false, validator.IsUserLocked(OLE2W(sid)));
+  EXPECT_EQ(false, validator.IsUserAccessBlocked(OLE2W(sid)));
   EXPECT_NE(S_OK,
             GetMachineRegDWORD(kWinlogonUserListRegKey, username, &reg_value));
 

chrome/credential_provider/gaiacp/gaia_credential_provider.cc

@@ -16,6 +16,7 @@
 #include "base/values.h"
 #include "chrome/common/chrome_version.h"
 #include "chrome/credential_provider/common/gcp_strings.h"
+#include "chrome/credential_provider/gaiacp/associated_user_validator.h"
 #include "chrome/credential_provider/gaiacp/gaia_credential.h"
 #include "chrome/credential_provider/gaiacp/gaia_credential_other_user.h"
 #include "chrome/credential_provider/gaiacp/gaia_credential_provider_i.h"
@@ -25,7 +26,6 @@
 #include "chrome/credential_provider/gaiacp/reauth_credential.h"
 #include "chrome/credential_provider/gaiacp/reauth_credential_anonymous.h"
 #include "chrome/credential_provider/gaiacp/reg_utils.h"
-#include "chrome/credential_provider/gaiacp/token_handle_validator.h"
 
 namespace credential_provider {
 
@@ -109,7 +109,7 @@ void CGaiaCredentialProvider::FinalRelease() {
   ClearTransient();
   // Unlock all the users that had their access locked due to invalid token
   // handles.
-  TokenHandleValidator::Get()->AllowSigninForUsersWithInvalidTokenHandles();
+  AssociatedUserValidator::Get()->AllowSigninForUsersWithInvalidTokenHandles();
 }
 
 bool CGaiaCredentialProvider::ShouldCreateAnonymousCredential() {
@@ -139,7 +139,7 @@ bool CGaiaCredentialProvider::ShouldCreateAnonymousReauthCredential(
     bool other_user_credential_exists) {
   // If user lockout is not enforced, no need to create anonymous reauth
   // credential.
-  if (!TokenHandleValidator::Get()->IsUserAccessBlockingEnforced(cpus_))
+  if (!AssociatedUserValidator::Get()->IsUserAccessBlockingEnforced(cpus_))
     return false;
 
   // TODO(crbug.com/935695): On domain joined machines, the "Other User" tile
@@ -278,7 +278,7 @@ HRESULT CGaiaCredentialProvider::CreateReauthCredentials(
 
     // If the token handle is valid, no need to create a reauth credential.
     // The user can just sign in using their password.
-    if (TokenHandleValidator::Get()->IsTokenHandleValidForUser(sid))
+    if (AssociatedUserValidator::Get()->IsTokenHandleValidForUser(sid))
       continue;
 
     CComPtr<IGaiaCredential> cred;
@@ -309,7 +309,7 @@ HRESULT CGaiaCredentialProvider::CreateAnonymousReauthCredentialsIfNeeded(
     return S_OK;
 
   std::set<base::string16> associated_sids;
-  TokenHandleValidator::Get()->GetAssociatedSids(&associated_sids);
+  AssociatedUserValidator::Get()->GetAssociatedSids(&associated_sids);
 
   OSUserManager* manager = OSUserManager::Get();
 
@@ -326,7 +326,8 @@ HRESULT CGaiaCredentialProvider::CreateAnonymousReauthCredentialsIfNeeded(
     // TODO(crbug.com/935697).
     if (reauth_sids.find(associated_sid) != reauth_sids.end())
       continue;
-    if (TokenHandleValidator::Get()->IsTokenHandleValidForUser(associated_sid))
+    if (AssociatedUserValidator::Get()->IsTokenHandleValidForUser(
+            associated_sid))
       continue;
 
     wchar_t username[kWindowsUsernameBufferLength];

chrome/credential_provider/gaiacp/gaia_credential_provider_filter.cc

@@ -3,8 +3,9 @@
 // found in the LICENSE file.
 
 #include "chrome/credential_provider/gaiacp/gaia_credential_provider_filter.h"
+
+#include "chrome/credential_provider/gaiacp/associated_user_validator.h"
 #include "chrome/credential_provider/gaiacp/logging.h"
-#include "chrome/credential_provider/gaiacp/token_handle_validator.h"
 
 namespace credential_provider {
 
@@ -29,7 +30,8 @@ HRESULT CGaiaCredentialProviderFilter::Filter(
     DWORD providers_count) {
   // Check to see if any users need to have their access to this system
   // using the normal credential providers revoked.
-  TokenHandleValidator::Get()->DenySigninForUsersWithInvalidTokenHandles(cpus);
+  AssociatedUserValidator::Get()->DenySigninForUsersWithInvalidTokenHandles(
+      cpus);
   return S_OK;
 }
 

chrome/credential_provider/gaiacp/gaia_credential_provider_module.cc

@@ -10,13 +10,13 @@
 #include "base/macros.h"
 #include "chrome/common/chrome_version.h"
 #include "chrome/credential_provider/eventlog/gcp_eventlog_messages.h"
+#include "chrome/credential_provider/gaiacp/associated_user_validator.h"
 #include "chrome/credential_provider/gaiacp/gaia_credential_base.h"
 #include "chrome/credential_provider/gaiacp/gaia_credential_provider_filter.h"
 #include "chrome/credential_provider/gaiacp/gaia_credential_provider_i.h"
 #include "chrome/credential_provider/gaiacp/gcp_crash_reporting.h"
 #include "chrome/credential_provider/gaiacp/grit/gaia_static_resources.h"
 #include "chrome/credential_provider/gaiacp/logging.h"
-#include "chrome/credential_provider/gaiacp/token_handle_validator.h"
 #include "components/crash/content/app/crash_switches.h"
 #include "content/public/common/content_switches.h"
 
@@ -76,7 +76,7 @@ CGaiaCredentialProviderModule::UpdateRegistryAppId(BOOL do_register) throw() {
 
 void CGaiaCredentialProviderModule::RefreshTokenHandleValidity() {
   if (!token_handle_validity_refreshed_) {
-    credential_provider::TokenHandleValidator::Get()
+    credential_provider::AssociatedUserValidator::Get()
         ->StartRefreshingTokenHandleValidity();
     token_handle_validity_refreshed_ = true;
   }

chrome/credential_provider/gaiacp/gaia_credential_provider_unittests.cc

@@ -13,11 +13,11 @@
 #include "base/test/test_reg_util_win.h"
 #include "base/win/registry.h"
 #include "chrome/credential_provider/common/gcp_strings.h"
+#include "chrome/credential_provider/gaiacp/associated_user_validator.h"
 #include "chrome/credential_provider/gaiacp/gaia_credential_provider.h"
 #include "chrome/credential_provider/gaiacp/gaia_credential_provider_i.h"
 #include "chrome/credential_provider/gaiacp/mdm_utils.h"
 #include "chrome/credential_provider/gaiacp/reg_utils.h"
-#include "chrome/credential_provider/gaiacp/token_handle_validator.h"
 #include "chrome/credential_provider/test/com_fakes.h"
 #include "chrome/credential_provider/test/gcp_fakes.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -174,7 +174,7 @@ TEST_F(GcpCredentialProviderTest, CpusUnlock) {
 }
 
 TEST_F(GcpCredentialProviderTest, AddPersonAfterUserRemove) {
-  FakeTokenHandleValidator token_handle_validator;
+  FakeAssociatedUserValidator associated_user_validator;
   FakeInternetAvailabilityChecker internet_checker;
 
   // Set up such that MDM is enabled, mulit-users is not, and a user already
@@ -217,7 +217,7 @@ TEST_F(GcpCredentialProviderTest, AddPersonAfterUserRemove) {
             fake_os_user_manager()->RemoveUser(kDummyUsername, kDummyPassword));
 
   // Start token handle refresh threads.
-  token_handle_validator.StartRefreshingTokenHandleValidity();
+  associated_user_validator.StartRefreshingTokenHandleValidity();
   {
     CComPtr<ICredentialProvider> provider;
     ASSERT_EQ(S_OK,
@@ -254,7 +254,7 @@ class GcpCredentialProviderMdmTest
       public testing::WithParamInterface<std::tuple<bool, int, bool>> {};
 
 TEST_P(GcpCredentialProviderMdmTest, Basic) {
-  FakeTokenHandleValidator token_handle_validator;
+  FakeAssociatedUserValidator associated_user_validator;
   FakeInternetAvailabilityChecker internet_checker;
 
   const bool config_mdm_url = std::get<0>(GetParam());
@@ -279,7 +279,7 @@ TEST_P(GcpCredentialProviderMdmTest, Basic) {
 
   // Valid token fetch result.
   fake_http_url_fetcher_factory()->SetFakeResponse(
-      GURL(TokenHandleValidator::kTokenInfoUrl),
+      GURL(AssociatedUserValidator::kTokenInfoUrl),
       FakeWinHttpUrlFetcher::Headers(), "{\"expires_in\":1}");
 
   CComPtr<ICredentialProvider> provider;
@@ -326,7 +326,7 @@ TEST_P(GcpCredentialProviderWithGaiaUsersTest, ReauthCredentialTest) {
   const bool has_token_handle = std::get<0>(GetParam());
   const bool valid_token_handle = std::get<1>(GetParam());
   const bool has_internet = std::get<2>(GetParam());
-  FakeTokenHandleValidator token_handle_validator;
+  FakeAssociatedUserValidator associated_user_validator;
   FakeInternetAvailabilityChecker internet_checker(
       has_internet ? FakeInternetAvailabilityChecker::kHicForceYes
                    : FakeInternetAvailabilityChecker::kHicForceNo);
@@ -340,12 +340,12 @@ TEST_P(GcpCredentialProviderWithGaiaUsersTest, ReauthCredentialTest) {
 
   // Token fetch result.
   fake_http_url_fetcher_factory()->SetFakeResponse(
-      GURL(TokenHandleValidator::kTokenInfoUrl),
+      GURL(AssociatedUserValidator::kTokenInfoUrl),
       FakeWinHttpUrlFetcher::Headers(),
       valid_token_handle ? "{\"expires_in\":1}" : "{}");
 
   // Start token handle refresh threads.
-  token_handle_validator.StartRefreshingTokenHandleValidity();
+  associated_user_validator.StartRefreshingTokenHandleValidity();
 
   CComPtr<ICredentialProviderSetUserArray> user_array;
   ASSERT_EQ(
@@ -414,7 +414,7 @@ void GcpCredentialProviderAvailableCredentialsTest::SetUp() {
 }
 
 TEST_P(GcpCredentialProviderAvailableCredentialsTest, AvailableCredentials) {
-  FakeTokenHandleValidator token_handle_validator;
+  FakeAssociatedUserValidator associated_user_validator;
   FakeInternetAvailabilityChecker internet_checker;
   FakeCredentialProviderUserArray array;
 
@@ -438,15 +438,15 @@ TEST_P(GcpCredentialProviderAvailableCredentialsTest, AvailableCredentials) {
 
   // Token fetch result.
   fake_http_url_fetcher_factory()->SetFakeResponse(
-      GURL(TokenHandleValidator::kTokenInfoUrl),
+      GURL(AssociatedUserValidator::kTokenInfoUrl),
       FakeWinHttpUrlFetcher::Headers(),
       valid_token_handles ? "{\"expires_in\":1}" : "{}");
 
   // Start token handle refresh threads.
-  token_handle_validator.StartRefreshingTokenHandleValidity();
+  associated_user_validator.StartRefreshingTokenHandleValidity();
 
   // Lock users as needed based on the validity of their token handles.
-  token_handle_validator.DenySigninForUsersWithInvalidTokenHandles(cpus);
+  associated_user_validator.DenySigninForUsersWithInvalidTokenHandles(cpus);
 
   CComPtr<ICredentialProviderSetUserArray> user_array;
   ASSERT_EQ(
@@ -466,11 +466,11 @@ TEST_P(GcpCredentialProviderAvailableCredentialsTest, AvailableCredentials) {
     // Normally, the user with invalid token handles would be removed from
     // the user array except if not all the users are shown. In this case,
     // the user that locked the system is always sent in the user array.
-    if (!token_handle_validator.IsUserLocked(OLE2W(first_sid)) ||
+    if (!associated_user_validator.IsUserAccessBlocked(OLE2W(first_sid)) ||
         (!all_users_shown && !second_user_locking_system)) {
       array.AddUser(OLE2CW(first_sid), first_username);
     }
-    if (!token_handle_validator.IsUserLocked(OLE2W(first_sid)) ||
+    if (!associated_user_validator.IsUserAccessBlocked(OLE2W(first_sid)) ||
         (!all_users_shown && second_user_locking_system)) {
       array.AddUser(OLE2CW(second_sid), second_username);
     }

chrome/credential_provider/test/BUILD.gn

@@ -6,12 +6,12 @@ import("//testing/test.gni")
 
 test("gcp_unittests") {
   sources = [
+    "../gaiacp/associated_user_validator_unittests.cc",
     "../gaiacp/gaia_credential_base_unittests.cc",
     "../gaiacp/gaia_credential_provider_unittests.cc",
     "../gaiacp/gaia_credential_unittests.cc",
     "../gaiacp/gcp_utils_unittests.cc",
     "../gaiacp/reauth_credential_unittests.cc",
-    "../gaiacp/token_handle_validator_unittests.cc",
     "com_fakes.cc",
     "com_fakes.h",
     "fake_gls_run_helper.cc",

chrome/credential_provider/test/gcp_fakes.cc

@@ -552,25 +552,26 @@ HRESULT FakeWinHttpUrlFetcher::Close() {
 
 ///////////////////////////////////////////////////////////////////////////////
 
-FakeTokenHandleValidator::FakeTokenHandleValidator()
-    : TokenHandleValidator(
-          TokenHandleValidator::kDefaultTokenHandleValidationTimeout),
+FakeAssociatedUserValidator::FakeAssociatedUserValidator()
+    : AssociatedUserValidator(
+          AssociatedUserValidator::kDefaultTokenHandleValidationTimeout),
       original_validator_(*GetInstanceStorage()) {
   *GetInstanceStorage() = this;
 }
 
-FakeTokenHandleValidator::FakeTokenHandleValidator(
+FakeAssociatedUserValidator::FakeAssociatedUserValidator(
     base::TimeDelta validation_timeout)
-    : TokenHandleValidator(validation_timeout),
+    : AssociatedUserValidator(validation_timeout),
       original_validator_(*GetInstanceStorage()) {
   *GetInstanceStorage() = this;
 }
 
-FakeTokenHandleValidator::~FakeTokenHandleValidator() {
+FakeAssociatedUserValidator::~FakeAssociatedUserValidator() {
   *GetInstanceStorage() = original_validator_;
 }
 
-bool FakeTokenHandleValidator::IsUserLocked(const base::string16& sid) const {
+bool FakeAssociatedUserValidator::IsUserAccessBlocked(
+    const base::string16& sid) const {
   return locked_user_sids_.find(sid) != locked_user_sids_.end();
 }
 

chrome/credential_provider/test/gcp_fakes.h

@@ -12,12 +12,12 @@
 
 #include "base/strings/string16.h"
 #include "base/win/scoped_handle.h"
+#include "chrome/credential_provider/gaiacp/associated_user_validator.h"
 #include "chrome/credential_provider/gaiacp/internet_availability_checker.h"
 #include "chrome/credential_provider/gaiacp/os_process_manager.h"
 #include "chrome/credential_provider/gaiacp/os_user_manager.h"
 #include "chrome/credential_provider/gaiacp/scoped_lsa_policy.h"
 #include "chrome/credential_provider/gaiacp/scoped_user_profile.h"
-#include "chrome/credential_provider/gaiacp/token_handle_validator.h"
 #include "chrome/credential_provider/gaiacp/win_http_url_fetcher.h"
 
 namespace base {
@@ -279,18 +279,18 @@ class FakeWinHttpUrlFetcher : public WinHttpUrlFetcher {
 
 ///////////////////////////////////////////////////////////////////////////////
 
-class FakeTokenHandleValidator : public TokenHandleValidator {
+class FakeAssociatedUserValidator : public AssociatedUserValidator {
  public:
-  FakeTokenHandleValidator();
-  explicit FakeTokenHandleValidator(base::TimeDelta validation_timeout);
-  ~FakeTokenHandleValidator() override;
+  FakeAssociatedUserValidator();
+  explicit FakeAssociatedUserValidator(base::TimeDelta validation_timeout);
+  ~FakeAssociatedUserValidator() override;
 
   // Returns whether the user should be locked out of sign in (only used in
   // tests).
-  bool IsUserLocked(const base::string16& sid) const;
+  bool IsUserAccessBlocked(const base::string16& sid) const;
 
  private:
-  TokenHandleValidator* original_validator_ = nullptr;
+  AssociatedUserValidator* original_validator_ = nullptr;
 };
 
 ///////////////////////////////////////////////////////////////////////////////

chrome/credential_provider/test/gls_runner_test_base.h

@@ -38,7 +38,7 @@ class GlsRunnerTestBase : public ::testing::Test {
   registry_util::RegistryOverrideManager registry_override_;
   FakeGlsRunHelper run_helper_;
   FakeInternetAvailabilityChecker fake_internet_checker_;
-  FakeTokenHandleValidator fake_token_handle_validator_;
+  FakeAssociatedUserValidator fake_associated_user_validator_;
   FakeWinHttpUrlFetcherFactory fake_http_url_fetcher_factory_;
 };