summaryrefslogtreecommitdiff
path: root/chromium/chrome/browser/signin/account_consistency_mode_manager.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/chrome/browser/signin/account_consistency_mode_manager.cc')
-rw-r--r--chromium/chrome/browser/signin/account_consistency_mode_manager.cc208
1 files changed, 208 insertions, 0 deletions
diff --git a/chromium/chrome/browser/signin/account_consistency_mode_manager.cc b/chromium/chrome/browser/signin/account_consistency_mode_manager.cc
new file mode 100644
index 00000000000..6c1f0f04720
--- /dev/null
+++ b/chromium/chrome/browser/signin/account_consistency_mode_manager.cc
@@ -0,0 +1,208 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/signin/account_consistency_mode_manager.h"
+
+#include <string>
+
+#include "base/command_line.h"
+#include "base/logging.h"
+#include "base/metrics/field_trial_params.h"
+#include "base/metrics/histogram_macros.h"
+#include "build/build_config.h"
+#include "build/chromeos_buildflags.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/profiles/profiles_state.h"
+#include "chrome/browser/signin/account_consistency_mode_manager_factory.h"
+#include "chrome/browser/signin/chrome_signin_client_factory.h"
+#include "chrome/common/pref_names.h"
+#include "components/pref_registry/pref_registry_syncable.h"
+#include "components/prefs/pref_service.h"
+#include "components/signin/public/base/signin_buildflags.h"
+#include "components/signin/public/base/signin_pref_names.h"
+#include "google_apis/google_api_keys.h"
+
+#if BUILDFLAG(IS_CHROMEOS_ASH)
+#include "chrome/browser/ash/account_manager/account_manager_util.h"
+#endif
+
+#if BUILDFLAG(ENABLE_DICE_SUPPORT) && BUILDFLAG(ENABLE_MIRROR)
+#error "Dice and Mirror cannot be both enabled."
+#endif
+
+#if !BUILDFLAG(ENABLE_DICE_SUPPORT) && !BUILDFLAG(ENABLE_MIRROR)
+#error "Either Dice or Mirror should be enabled."
+#endif
+
+using signin::AccountConsistencyMethod;
+
+namespace {
+
+// By default, DICE is not enabled in builds lacking an API key. May be set to
+// true for tests.
+bool g_ignore_missing_oauth_client_for_testing = false;
+
+#if BUILDFLAG(ENABLE_DICE_SUPPORT)
+const char kAllowBrowserSigninArgument[] = "allow-browser-signin";
+
+bool IsBrowserSigninAllowedByCommandLine() {
+ base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
+ if (command_line->HasSwitch(kAllowBrowserSigninArgument)) {
+ std::string allowBrowserSignin =
+ command_line->GetSwitchValueASCII(kAllowBrowserSigninArgument);
+ return base::ToLowerASCII(allowBrowserSignin) == "true";
+ }
+ // If the commandline flag is not provided, the default is true.
+ return true;
+}
+
+// Returns true if Desktop Identity Consistency can be enabled for this build
+// (i.e. if OAuth client ID and client secret are configured).
+bool CanEnableDiceForBuild() {
+ if (g_ignore_missing_oauth_client_for_testing ||
+ google_apis::HasOAuthClientConfigured()) {
+ return true;
+ }
+
+ // Only log this once.
+ static bool logged_warning = []() {
+ LOG(WARNING) << "Desktop Identity Consistency cannot be enabled as no "
+ "OAuth client ID and client secret have been configured.";
+ return true;
+ }();
+ ALLOW_UNUSED_LOCAL(logged_warning);
+
+ return false;
+}
+#endif
+
+} // namespace
+
+// static
+AccountConsistencyModeManager* AccountConsistencyModeManager::GetForProfile(
+ Profile* profile) {
+ return AccountConsistencyModeManagerFactory::GetForProfile(profile);
+}
+
+AccountConsistencyModeManager::AccountConsistencyModeManager(Profile* profile)
+ : profile_(profile),
+ account_consistency_(signin::AccountConsistencyMethod::kDisabled),
+ account_consistency_initialized_(false) {
+ DCHECK(profile_);
+ DCHECK(ShouldBuildServiceForProfile(profile));
+
+#if BUILDFLAG(ENABLE_DICE_SUPPORT)
+ PrefService* prefs = profile->GetPrefs();
+ // Propagate settings changes from the previous launch to the signin-allowed
+ // pref.
+ bool signin_allowed = IsDiceSignInAllowed() &&
+ prefs->GetBoolean(prefs::kSigninAllowedOnNextStartup);
+ prefs->SetBoolean(prefs::kSigninAllowed, signin_allowed);
+
+ UMA_HISTOGRAM_BOOLEAN("Signin.SigninAllowed", signin_allowed);
+#endif
+
+ account_consistency_ = ComputeAccountConsistencyMethod(profile_);
+ DCHECK_EQ(account_consistency_, ComputeAccountConsistencyMethod(profile_));
+ account_consistency_initialized_ = true;
+}
+
+AccountConsistencyModeManager::~AccountConsistencyModeManager() {}
+
+// static
+void AccountConsistencyModeManager::RegisterProfilePrefs(
+ user_prefs::PrefRegistrySyncable* registry) {
+ registry->RegisterBooleanPref(prefs::kSigninAllowedOnNextStartup, true);
+}
+
+// static
+AccountConsistencyMethod AccountConsistencyModeManager::GetMethodForProfile(
+ Profile* profile) {
+ if (!ShouldBuildServiceForProfile(profile))
+ return AccountConsistencyMethod::kDisabled;
+
+ return AccountConsistencyModeManager::GetForProfile(profile)
+ ->GetAccountConsistencyMethod();
+}
+
+// static
+bool AccountConsistencyModeManager::IsDiceEnabledForProfile(Profile* profile) {
+ return GetMethodForProfile(profile) == AccountConsistencyMethod::kDice;
+}
+
+#if BUILDFLAG(ENABLE_DICE_SUPPORT)
+// static
+bool AccountConsistencyModeManager::IsDiceSignInAllowed() {
+ return CanEnableDiceForBuild() && IsBrowserSigninAllowedByCommandLine();
+}
+#endif // BUILDFLAG(ENABLE_DICE_SUPPORT)
+
+// static
+bool AccountConsistencyModeManager::IsMirrorEnabledForProfile(
+ Profile* profile) {
+ return GetMethodForProfile(profile) == AccountConsistencyMethod::kMirror;
+}
+
+// static
+void AccountConsistencyModeManager::SetIgnoreMissingOAuthClientForTesting() {
+ g_ignore_missing_oauth_client_for_testing = true;
+}
+
+// static
+bool AccountConsistencyModeManager::ShouldBuildServiceForProfile(
+ Profile* profile) {
+ return profile->IsRegularProfile();
+}
+
+AccountConsistencyMethod
+AccountConsistencyModeManager::GetAccountConsistencyMethod() {
+#if BUILDFLAG(IS_CHROMEOS_ASH)
+ // TODO(https://crbug.com/860671): ChromeOS should use the cached value.
+ // Changing the value dynamically is not supported.
+ return ComputeAccountConsistencyMethod(profile_);
+#else
+ // The account consistency method should not change during the lifetime of a
+ // profile. We always return the cached value, but still check that it did not
+ // change, in order to detect inconsisent states. See https://crbug.com/860471
+ CHECK(account_consistency_initialized_);
+ CHECK_EQ(ComputeAccountConsistencyMethod(profile_), account_consistency_);
+ return account_consistency_;
+#endif
+}
+
+// static
+signin::AccountConsistencyMethod
+AccountConsistencyModeManager::ComputeAccountConsistencyMethod(
+ Profile* profile) {
+ DCHECK(ShouldBuildServiceForProfile(profile));
+
+#if BUILDFLAG(IS_CHROMEOS_ASH)
+ if (!ash::IsAccountManagerAvailable(profile))
+ return AccountConsistencyMethod::kDisabled;
+#endif
+
+#if BUILDFLAG(IS_CHROMEOS_LACROS)
+ // Account consistency is unavailable on Managed Guest Sessions and Public
+ // Sessions.
+ if (profiles::IsPublicSession())
+ return AccountConsistencyMethod::kDisabled;
+#endif
+
+#if BUILDFLAG(ENABLE_MIRROR)
+ return AccountConsistencyMethod::kMirror;
+#endif
+
+#if BUILDFLAG(ENABLE_DICE_SUPPORT)
+ if (!profile->GetPrefs()->GetBoolean(prefs::kSigninAllowed)) {
+ VLOG(1) << "Desktop Identity Consistency disabled as sign-in to Chrome"
+ "is not allowed";
+ return AccountConsistencyMethod::kDisabled;
+ }
+
+ return AccountConsistencyMethod::kDice;
+#endif
+
+ NOTREACHED();
+ return AccountConsistencyMethod::kDisabled;
+}
View Lorry Controller Status