Commit f6f7990d authored by Mihai Sardarescu's avatar Mihai Sardarescu Committed by Commit Bot

Add supervised argument in the X-Chrome-Connected header.

This CL adds a "supervised" argument to the X-Chrome-Connected header
when the account that is signed in to Chrome is a child account.

Design document (Google internal):
https://docs.google.com/document/d/1u5PUBIeTxXiKSpqJHDiSuc9hJ2Y9_Te4ja5eJdLfZk4/edit?usp=sharing

Bug: 1103228

Change-Id: Ic90021207213d926ed2dbb54b78eb4d9559a0da3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2431524
Commit-Queue: Mihai Sardarescu <msarda@chromium.org>
Reviewed-by: default avatarJochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813007}
parent 800d41ac
......@@ -204,11 +204,16 @@ void OneGoogleBarLoaderImpl::AuthenticatedURLLoader::SetRequestHeaders(
profile_mode = signin::PROFILE_MODE_INCOGNITO_DISABLED |
signin::PROFILE_MODE_ADD_ACCOUNT_DISABLED;
}
// TODO(crbug.com/1134045): Check whether the child account status should also
// be sent in the Mirror request header when loading the local version of
// OneGoogleBar.
std::string chrome_connected_header_value =
chrome_connected_header_helper.BuildRequestHeader(
/*is_header_request=*/true, api_url_,
// Gaia ID is only needed for (drive|docs).google.com.
/*gaia_id=*/std::string(), profile_mode,
/*gaia_id=*/std::string(),
/* is_child_account=*/base::nullopt, profile_mode,
signin::kChromeMirrorHeaderSource,
/*force_account_consistency=*/false);
if (!chrome_connected_header_value.empty()) {
......
......@@ -500,6 +500,7 @@ void FixAccountConsistencyRequestHeader(
int incognito_availibility,
AccountConsistencyMethod account_consistency,
std::string gaia_id,
const base::Optional<bool>& is_child_account,
#if defined(OS_CHROMEOS)
bool is_secondary_account_addition_allowed,
#endif
......@@ -547,8 +548,8 @@ void FixAccountConsistencyRequestHeader(
// Mirror header:
AppendOrRemoveMirrorRequestHeader(
request, redirect_url, gaia_id, account_consistency, cookie_settings,
profile_mode_mask, kChromeMirrorHeaderSource,
request, redirect_url, gaia_id, is_child_account, account_consistency,
cookie_settings, profile_mode_mask, kChromeMirrorHeaderSource,
/*force_account_consistency=*/false);
}
......
......@@ -95,6 +95,7 @@ void FixAccountConsistencyRequestHeader(
int incognito_availibility,
AccountConsistencyMethod account_consistency,
std::string gaia_id,
const base::Optional<bool>& is_child_account,
#if defined(OS_CHROMEOS)
bool is_secondary_account_addition_allowed,
#endif
......
......@@ -126,11 +126,16 @@ IN_PROC_BROWSER_TEST_F(ChromeOsMirrorAccountConsistencyTest,
PrefService* prefs = profile->GetPrefs();
prefs->SetInteger(prefs::kIncognitoModeAvailability,
IncognitoModePrefs::DISABLED);
ASSERT_EQ(1, signin::PROFILE_MODE_INCOGNITO_DISABLED);
// TODO(http://crbug.com/1134144): This test seems to test supervised profiles
// instead of child accounts. With the current implementation,
// X-Chrome-Connected header gets a supervised=true argument only for child
// profiles. Verify if these tests needs to be updated to use child accounts
// or whether supervised profiles need to be supported as well.
TestMirrorRequestForProfile(
test_server_.get(), profile,
"source=Chrome,mode=1,enable_account_consistency=true,"
"source=Chrome,mode=1,enable_account_consistency=true,supervised=false,"
"consistency_enabled_by_default=false");
}
......@@ -150,6 +155,6 @@ IN_PROC_BROWSER_TEST_F(ChromeOsMirrorAccountConsistencyTest,
AccountConsistencyModeManager::IsMirrorEnabledForProfile(profile));
TestMirrorRequestForProfile(
test_server_.get(), profile,
"source=Chrome,mode=0,enable_account_consistency=true,"
"source=Chrome,mode=0,enable_account_consistency=true,supervised=false,"
"consistency_enabled_by_default=false");
}
......@@ -72,13 +72,26 @@ void HeaderModificationDelegateImpl::ProcessRequest(
consent_level = ConsentLevel::kNotRequired;
#endif
IdentityManager* identity_manager =
IdentityManagerFactory::GetForProfile(profile_);
CoreAccountInfo account =
identity_manager->GetPrimaryAccountInfo(consent_level);
base::Optional<bool> is_child_account = base::nullopt;
if (!account.IsEmpty()) {
base::Optional<AccountInfo> extended_account_info =
identity_manager->FindExtendedAccountInfoForAccountWithRefreshToken(
account);
if (extended_account_info.has_value()) {
is_child_account = base::make_optional<bool>(
extended_account_info.value().is_child_account);
}
}
FixAccountConsistencyRequestHeader(
request_adapter, redirect_url, profile_->IsOffTheRecord(),
prefs->GetInteger(prefs::kIncognitoModeAvailability),
AccountConsistencyModeManager::GetMethodForProfile(profile_),
IdentityManagerFactory::GetForProfile(profile_)
->GetPrimaryAccountInfo(consent_level)
.gaia,
account.gaia, is_child_account,
#if defined(OS_CHROMEOS)
is_secondary_account_addition_allowed,
#endif
......
......@@ -32,6 +32,7 @@ const char kIsSameTabAttrName[] = "is_same_tab";
const char kIsSamlAttrName[] = "is_saml";
const char kProfileModeAttrName[] = "mode";
const char kServiceTypeAttrName[] = "action";
const char kSupervisedAttrName[] = "supervised";
const char kSourceAttrName[] = "source";
#if defined(OS_ANDROID) || defined(OS_IOS)
const char kEligibleForConsistency[] = "eligible_for_consistency";
......@@ -70,9 +71,13 @@ std::string ChromeConnectedHeaderHelper::BuildRequestCookieIfPossible(
ChromeConnectedHeaderHelper chrome_connected_helper(account_consistency);
if (!chrome_connected_helper.ShouldBuildRequestHeader(url, cookie_settings))
return "";
// Child accounts are not supported on iOS, so it is preferred to not include
// this information in the ChromeConnected cookie.
return chrome_connected_helper.BuildRequestHeader(
false /* is_header_request */, url, gaia_id, profile_mode_mask,
"" /* source */, false /* force_account_consistency */);
false /* is_header_request */, url, gaia_id,
base::nullopt /* is_child_account */, profile_mode_mask, "" /* source */,
false /* force_account_consistency */);
}
// static
......@@ -178,6 +183,7 @@ std::string ChromeConnectedHeaderHelper::BuildRequestHeader(
bool is_header_request,
const GURL& url,
const std::string& gaia_id,
const base::Optional<bool>& is_child_account,
int profile_mode_mask,
const std::string& source,
bool force_account_consistency) {
......@@ -220,6 +226,11 @@ std::string ChromeConnectedHeaderHelper::BuildRequestHeader(
account_consistency_ == AccountConsistencyMethod::kMirror;
parts.push_back(base::StringPrintf("%s=%s", kEnableAccountConsistencyAttrName,
is_mirror_enabled ? "true" : "false"));
if (is_child_account.has_value()) {
parts.push_back(
base::StringPrintf("%s=%s", kSupervisedAttrName,
is_child_account.value() ? "true" : "false"));
}
parts.push_back(base::StringPrintf(
"%s=%s", kConsistencyEnabledByDefaultAttrName, "false"));
......
......@@ -7,6 +7,7 @@
#include <string>
#include "base/optional.h"
#include "components/signin/core/browser/signin_header_helper.h"
#include "components/signin/public/base/account_consistency_method.h"
......@@ -40,6 +41,7 @@ class ChromeConnectedHeaderHelper : public SigninHeaderHelper {
std::string BuildRequestHeader(bool is_header_request,
const GURL& url,
const std::string& gaia_id,
const base::Optional<bool>& is_child_account,
int profile_mode_mask,
const std::string& source,
bool force_account_consistency);
......
......@@ -167,6 +167,7 @@ void AppendOrRemoveMirrorRequestHeader(
RequestAdapter* request,
const GURL& redirect_url,
const std::string& gaia_id,
const base::Optional<bool>& is_child_account,
AccountConsistencyMethod account_consistency,
const content_settings::CookieSettings* cookie_settings,
int profile_mode_mask,
......@@ -177,8 +178,8 @@ void AppendOrRemoveMirrorRequestHeader(
std::string chrome_connected_header_value;
if (chrome_connected_helper.ShouldBuildRequestHeader(url, cookie_settings)) {
chrome_connected_header_value = chrome_connected_helper.BuildRequestHeader(
true /* is_header_request */, url, gaia_id, profile_mode_mask, source,
force_account_consistency);
true /* is_header_request */, url, gaia_id, is_child_account,
profile_mode_mask, source, force_account_consistency);
}
chrome_connected_helper.AppendOrRemoveRequestHeader(
request, redirect_url, kChromeConnectedHeader,
......
......@@ -238,6 +238,7 @@ void AppendOrRemoveMirrorRequestHeader(
RequestAdapter* request,
const GURL& redirect_url,
const std::string& gaia_id,
const base::Optional<bool>& is_child_account,
AccountConsistencyMethod account_consistency,
const content_settings::CookieSettings* cookie_settings,
int profile_mode_mask,
......
......@@ -141,8 +141,12 @@ void SigninURLLoaderThrottle::ProcessRequest(
// Disable incognito and adding accounts for now. This shouldn't matter in
// practice though since we are skipping the /SignOutOptions page completely
// with the manage=true param.
//
// TODO(crbug.com/1134042): Check whether the child account status should also
// be sent in the Mirror request header from WebLayer.
signin::AppendOrRemoveMirrorRequestHeader(
&request_adapter, new_url, delegate->GetGaiaId(),
base::nullopt /* is_child_account */,
signin::AccountConsistencyMethod::kMirror,
CookieSettingsFactory::GetForBrowserContext(browser_context_).get(),
signin::PROFILE_MODE_INCOGNITO_DISABLED |
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment