Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Support for auth code based authentication flow for both app and web …

…UI driven flow.

BUG=181008
TEST=experiments that are in progress
TBR=sky

Review URL: https://chromiumcodereview.appspot.com/12704002

git-svn-id: http://src.chromium.org/svn/trunk/src/chrome/browser@190338 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
  • Loading branch information...
commit 9dccdae40f7bd87157964eaa5ca441c19a5da78c 1 parent 5aa2c68
zelidrag@chromium.org authored

Showing 56 changed files with 588 additions and 385 deletions. Show diff stats Hide diff stats

  1. +5 2 automation/automation_event_observers.h
  2. +4 4 automation/automation_event_observers_chromeos.cc
  3. +2 4 automation/automation_provider_observers.h
  4. +1 2  automation/automation_provider_observers_chromeos.cc
  5. +3 2 chromeos/app_mode/kiosk_app_launcher.cc
  6. +9 10 chromeos/chrome_browser_main_chromeos.cc
  7. +5 9 chromeos/login/auth_attempt_state.cc
  8. +3 6 chromeos/login/auth_attempt_state.h
  9. +9 10 chromeos/login/authenticator.h
  10. +29 28 chromeos/login/existing_user_controller.cc
  11. +5 10 chromeos/login/existing_user_controller.h
  12. +14 8 chromeos/login/existing_user_controller_browsertest.cc
  13. +3 5 chromeos/login/login_display.h
  14. +22 26 chromeos/login/login_performer.cc
  15. +9 12 chromeos/login/login_performer.h
  16. +5 1 chromeos/login/login_status_consumer.cc
  17. +5 4 chromeos/login/login_status_consumer.h
  18. +69 16 chromeos/login/login_utils.cc
  19. +2 2 chromeos/login/login_utils.h
  20. +7 6 chromeos/login/login_utils_browsertest.cc
  21. +3 1 chromeos/login/managed/locally_managed_user_creation_screen.cc
  22. +21 16 chromeos/login/mock_authenticator.cc
  23. +7 10 chromeos/login/mock_authenticator.h
  24. +2 4 chromeos/login/mock_login_status_consumer.cc
  25. +5 7 chromeos/login/mock_login_status_consumer.h
  26. +3 2 chromeos/login/mock_login_utils.h
  27. +33 20 chromeos/login/oauth2_login_manager.cc
  28. +5 1 chromeos/login/oauth2_login_manager.h
  29. +33 6 chromeos/login/oauth2_token_fetcher.cc
  30. +5 1 chromeos/login/oauth2_token_fetcher.h
  31. +1 1  chromeos/login/oauth_login_manager.cc
  32. +25 4 chromeos/login/oauth_login_manager.h
  33. +2 2 chromeos/login/online_attempt.cc
  34. +11 10 chromeos/login/online_attempt_host.cc
  35. +2 2 chromeos/login/online_attempt_host.h
  36. +3 3 chromeos/login/online_attempt_unittest.cc
  37. +64 46 chromeos/login/parallel_authenticator.cc
  38. +11 14 chromeos/login/parallel_authenticator.h
  39. +27 14 chromeos/login/parallel_authenticator_unittest.cc
  40. +14 10 chromeos/login/screen_locker.cc
  41. +2 2 chromeos/login/screen_locker.h
  42. +1 2  chromeos/login/screen_locker_tester.cc
  43. +2 4 chromeos/login/test_attempt_state.cc
  44. +1 2  chromeos/login/test_attempt_state.h
  45. +4 4 chromeos/login/test_login_utils.cc
  46. +1 2  chromeos/login/test_login_utils.h
  47. +17 0 chromeos/login/user.cc
  48. +13 0 chromeos/login/user.h
  49. +4 6 chromeos/login/webui_login_display.cc
  50. +2 4 chromeos/login/webui_login_display.h
  51. +3 5 chromeos/login/webui_screen_locker.cc
  52. +3 4 chromeos/login/webui_screen_locker.h
  53. +3 3 chromeos/login/wizard_controller_browsertest.cc
  54. +9 0 resources/chromeos/login/screen_gaia_signin.js
  55. +31 2 ui/webui/chromeos/login/signin_screen_handler.cc
  56. +4 4 ui/webui/chromeos/login/signin_screen_handler.h
7 automation/automation_event_observers.h
@@ -74,6 +74,10 @@ class DomEventObserver
74 74
75 75 #if defined(OS_CHROMEOS)
76 76
  77 +namespace chromeos {
  78 +struct UserCredentials;
  79 +}
  80 +
77 81 // Event observer that listens for the completion of login.
78 82 class LoginEventObserver
79 83 : public AutomationEventObserver,
@@ -86,8 +90,7 @@ class LoginEventObserver
86 90
87 91 virtual void OnLoginFailure(const chromeos::LoginFailure& error) OVERRIDE;
88 92
89   - virtual void OnLoginSuccess(const std::string& username,
90   - const std::string& password,
  93 + virtual void OnLoginSuccess(const chromeos::UserCredentials& credentials,
91 94 bool pending_requests, bool using_oauth) OVERRIDE;
92 95 // Overridden from content::NotificationObserver.
93 96 virtual void Observe(int type,
8 automation/automation_event_observers_chromeos.cc
@@ -26,10 +26,10 @@ void LoginEventObserver::OnLoginFailure(const chromeos::LoginFailure& error) {
26 26 _NotifyLoginEvent(error.GetErrorString());
27 27 }
28 28
29   -void LoginEventObserver::OnLoginSuccess(const std::string& username,
30   - const std::string& password,
31   - bool pending_requests,
32   - bool using_oauth) {
  29 +void LoginEventObserver::OnLoginSuccess(
  30 + const chromeos::UserCredentials& credentials,
  31 + bool pending_requests,
  32 + bool using_oauth) {
33 33 // Profile changes after login. Ensure AutomationProvider refers to
34 34 // the correct one.
35 35 if (automation_) {
6 automation/automation_provider_observers.h
@@ -693,8 +693,7 @@ class LoginObserver : public chromeos::LoginStatusConsumer {
693 693 virtual void OnLoginFailure(const chromeos::LoginFailure& error);
694 694
695 695 virtual void OnLoginSuccess(
696   - const std::string& username,
697   - const std::string& password,
  696 + const chromeos::UserCredentials& credentials,
698 697 bool pending_requests,
699 698 bool using_oauth);
700 699
@@ -783,8 +782,7 @@ class ScreenUnlockObserver : public ScreenLockUnlockObserver,
783 782 virtual void OnLoginFailure(const chromeos::LoginFailure& error);
784 783
785 784 virtual void OnLoginSuccess(
786   - const std::string& username,
787   - const std::string& password,
  785 + const chromeos::UserCredentials& credentials,
788 786 bool pending_requests,
789 787 bool using_oauth) {}
790 788
3  automation/automation_provider_observers_chromeos.cc
@@ -106,8 +106,7 @@ void LoginObserver::OnLoginFailure(const chromeos::LoginFailure& error) {
106 106 }
107 107
108 108 void LoginObserver::OnLoginSuccess(
109   - const std::string& username,
110   - const std::string& password,
  109 + const chromeos::UserCredentials& credentials,
111 110 bool pending_requests,
112 111 bool using_oauth) {
113 112 controller_->set_login_status_consumer(NULL);
5 chromeos/app_mode/kiosk_app_launcher.cc
@@ -116,9 +116,10 @@ class KioskAppLauncher::ProfileLoader : public LoginUtils::Delegate {
116 116
117 117 void Start() {
118 118 LoginUtils::Get()->PrepareProfile(
119   - GetAppUserNameFromAppId(launcher_->app_id_),
  119 + UserCredentials(GetAppUserNameFromAppId(launcher_->app_id_),
  120 + std::string(), // password
  121 + std::string()), // auth_code
120 122 std::string(), // display email
121   - std::string(), // password
122 123 false, // using_oauth
123 124 false, // has_cookies
124 125 this);
19 chromeos/chrome_browser_main_chromeos.cc
@@ -145,10 +145,11 @@ class StubLogin : public LoginStatusConsumer,
145 145 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
146 146 authenticator_.get()->AuthenticateToLogin(
147 147 g_browser_process->profile_manager()->GetDefaultProfile(),
148   - username,
149   - password,
150   - std::string(),
151   - std::string());
  148 + UserCredentials(username,
  149 + password,
  150 + std::string()), // auth_code
  151 + std::string(), // login_token
  152 + std::string()); // login_captcha
152 153 }
153 154
154 155 virtual ~StubLogin() {
@@ -160,18 +161,16 @@ class StubLogin : public LoginStatusConsumer,
160 161 delete this;
161 162 }
162 163
163   - virtual void OnLoginSuccess(const std::string& username,
164   - const std::string& password,
  164 + virtual void OnLoginSuccess(const UserCredentials& credentials,
165 165 bool pending_requests,
166 166 bool using_oauth) OVERRIDE {
167 167 pending_requests_ = pending_requests;
168 168 if (!profile_prepared_) {
169 169 // Will call OnProfilePrepared in the end.
170   - LoginUtils::Get()->PrepareProfile(username,
171   - std::string(),
172   - password,
  170 + LoginUtils::Get()->PrepareProfile(credentials,
  171 + std::string(), // display_email
173 172 using_oauth,
174   - false,
  173 + false, // has_cookies
175 174 this);
176 175 } else if (!pending_requests) {
177 176 delete this;
14 chromeos/login/auth_attempt_state.cc
@@ -14,15 +14,13 @@ using content::BrowserThread;
14 14
15 15 namespace chromeos {
16 16
17   -AuthAttemptState::AuthAttemptState(const std::string& username,
18   - const std::string& password,
  17 +AuthAttemptState::AuthAttemptState(const UserCredentials& credentials,
19 18 const std::string& ascii_hash,
20 19 const std::string& login_token,
21 20 const std::string& login_captcha,
22 21 const User::UserType user_type,
23 22 const bool user_is_new)
24   - : username(username),
25   - password(password),
  23 + : credentials(credentials),
26 24 ascii_hash(ascii_hash),
27 25 login_token(login_token),
28 26 login_captcha(login_captcha),
@@ -39,7 +37,7 @@ AuthAttemptState::AuthAttemptState(const std::string& username,
39 37
40 38 AuthAttemptState::AuthAttemptState(const std::string& username,
41 39 const std::string& ascii_hash)
42   - : username(username),
  40 + : credentials(username, "", ""),
43 41 ascii_hash(ascii_hash),
44 42 user_type(User::USER_TYPE_REGULAR),
45 43 unlock(true),
@@ -52,12 +50,10 @@ AuthAttemptState::AuthAttemptState(const std::string& username,
52 50 cryptohome_code_(cryptohome::MOUNT_ERROR_NONE) {
53 51 }
54 52
55   -AuthAttemptState::AuthAttemptState(const std::string& username,
56   - const std::string& password,
  53 +AuthAttemptState::AuthAttemptState(const UserCredentials& credentials,
57 54 const std::string& ascii_hash,
58 55 const bool user_is_new)
59   - : username(username),
60   - password(password),
  56 + : credentials(credentials),
61 57 ascii_hash(ascii_hash),
62 58 user_type(User::USER_TYPE_REGULAR),
63 59 unlock(true),
9 chromeos/login/auth_attempt_state.h
@@ -21,8 +21,7 @@ namespace chromeos {
21 21 class AuthAttemptState {
22 22 public:
23 23 // Used to initialize for a login attempt.
24   - AuthAttemptState(const std::string& username,
25   - const std::string& password,
  24 + AuthAttemptState(const UserCredentials& credentials,
26 25 const std::string& ascii_hash,
27 26 const std::string& login_token,
28 27 const std::string& login_captcha,
@@ -30,8 +29,7 @@ class AuthAttemptState {
30 29 const bool user_is_new);
31 30
32 31 // Used to initialize for a externally authenticated login.
33   - AuthAttemptState(const std::string& username,
34   - const std::string& password,
  32 + AuthAttemptState(const UserCredentials& credentials,
35 33 const std::string& ascii_hash,
36 34 const bool user_is_new);
37 35
@@ -70,10 +68,9 @@ class AuthAttemptState {
70 68
71 69 // Saved so we can retry client login, and also so we know for whom login
72 70 // has succeeded, in the event of successful completion.
73   - const std::string username;
  71 + const UserCredentials credentials;
74 72
75 73 // These fields are saved so we can retry client login.
76   - const std::string password;
77 74 const std::string ascii_hash;
78 75 const std::string login_token;
79 76 const std::string login_captcha;
19 chromeos/login/authenticator.h
@@ -16,6 +16,8 @@ class Profile;
16 16
17 17 namespace chromeos {
18 18
  19 +struct UserCredentials;
  20 +
19 21 // An interface for objects that will authenticate a Chromium OS user.
20 22 // When authentication successfully completes, will call
21 23 // consumer_->OnLoginSuccess() on the UI thread.
@@ -29,28 +31,26 @@ class Authenticator : public base::RefCountedThreadSafe<Authenticator> {
29 31 // Given externally authenticated |username| and |password|, this method
30 32 // attempts to complete authentication process.
31 33 virtual void CompleteLogin(Profile* profile,
32   - const std::string& username,
33   - const std::string& password) = 0;
  34 + const UserCredentials& credentials) = 0;
34 35
35 36 // Given a |username| and |password|, this method attempts to authenticate
36 37 // to login.
37 38 // Optionally |login_token| and |login_captcha| could be provided.
38 39 // Must be called on the UI thread.
39 40 virtual void AuthenticateToLogin(Profile* profile,
40   - const std::string& username,
41   - const std::string& password,
  41 + const UserCredentials& credentials,
42 42 const std::string& login_token,
43 43 const std::string& login_captcha) = 0;
44 44
45 45 // Given a |username| and |password|, this method attempts to
46 46 // authenticate to unlock the computer.
47 47 // Must be called on the UI thread.
48   - virtual void AuthenticateToUnlock(const std::string& username,
49   - const std::string& password) = 0;
  48 + virtual void AuthenticateToUnlock(
  49 + const UserCredentials& credentials) = 0;
50 50
51 51 // Initiates locally managed user login.
52   - virtual void LoginAsLocallyManagedUser(const std::string& username,
53   - const std::string& password) = 0;
  52 + virtual void LoginAsLocallyManagedUser(
  53 + const UserCredentials& credentials) = 0;
54 54
55 55 // Initiates retail mode login.
56 56 virtual void LoginRetailMode() = 0;
@@ -88,8 +88,7 @@ class Authenticator : public base::RefCountedThreadSafe<Authenticator> {
88 88
89 89 // Attempt to authenticate online again.
90 90 virtual void RetryAuth(Profile* profile,
91   - const std::string& username,
92   - const std::string& password,
  91 + const UserCredentials& credentials,
93 92 const std::string& login_token,
94 93 const std::string& login_captcha) = 0;
95 94
57 chromeos/login/existing_user_controller.cc
@@ -219,6 +219,7 @@ void ExistingUserController::ResumeLogin() {
219 219 // This means the user signed-in, then auto-enrollment used his credentials
220 220 // to enroll and succeeded.
221 221 resume_login_callback_.Run();
  222 + resume_login_callback_.Reset();
222 223 }
223 224
224 225 void ExistingUserController::PrepareKioskAppLaunch() {
@@ -357,8 +358,7 @@ void ExistingUserController::CreateLocallyManagedUser(
357 358 // TODO(nkostylev): A11y message.
358 359 }
359 360
360   -void ExistingUserController::CompleteLogin(const std::string& username,
361   - const std::string& password) {
  361 +void ExistingUserController::CompleteLogin(const UserCredentials& credentials) {
362 362 if (!host_) {
363 363 // Complete login event was generated already from UI. Ignore notification.
364 364 return;
@@ -383,12 +383,11 @@ void ExistingUserController::CompleteLogin(const std::string& username,
383 383 DeviceSettingsService::Get()->GetOwnershipStatusAsync(
384 384 base::Bind(&ExistingUserController::CompleteLoginInternal,
385 385 weak_factory_.GetWeakPtr(),
386   - username, password));
  386 + credentials));
387 387 }
388 388
389 389 void ExistingUserController::CompleteLoginInternal(
390   - const std::string& username,
391   - const std::string& password,
  390 + const UserCredentials& credentials,
392 391 DeviceSettingsService::OwnershipStatus ownership_status,
393 392 bool is_owner) {
394 393 // Auto-enrollment must have made a decision by now. It's too late to enroll
@@ -400,18 +399,18 @@ void ExistingUserController::CompleteLoginInternal(
400 399 // complete enrollment, or opt-out of it. So this controller shouldn't force
401 400 // enrollment again if it is reused for another sign-in.
402 401 do_auto_enrollment_ = false;
403   - auto_enrollment_username_ = username;
  402 + auto_enrollment_username_ = credentials.username;
404 403 resume_login_callback_ = base::Bind(
405 404 &ExistingUserController::PerformLogin,
406 405 weak_factory_.GetWeakPtr(),
407   - username, password, LoginPerformer::AUTH_MODE_EXTENSION);
408   - ShowEnrollmentScreen(true, username);
  406 + credentials, LoginPerformer::AUTH_MODE_EXTENSION);
  407 + ShowEnrollmentScreen(true, credentials.username);
409 408 // Enable UI for the enrollment screen. SetUIEnabled(true) will post a
410 409 // request to show the sign-in screen again when invoked at the sign-in
411 410 // screen; invoke SetUIEnabled() after navigating to the enrollment screen.
412 411 login_display_->SetUIEnabled(true);
413 412 } else {
414   - PerformLogin(username, password, LoginPerformer::AUTH_MODE_EXTENSION);
  413 + PerformLogin(credentials, LoginPerformer::AUTH_MODE_EXTENSION);
415 414 }
416 415 }
417 416
@@ -419,9 +418,9 @@ string16 ExistingUserController::GetConnectedNetworkName() {
419 418 return GetCurrentNetworkName();
420 419 }
421 420
422   -void ExistingUserController::Login(const std::string& username,
423   - const std::string& password) {
424   - if (username.empty() || password.empty())
  421 +void ExistingUserController::Login(const UserCredentials& credentials) {
  422 + if ((credentials.username.empty() || credentials.password.empty()) &&
  423 + credentials.auth_code.empty())
425 424 return;
426 425
427 426 // Stop the auto-login timer when attempting login.
@@ -432,24 +431,22 @@ void ExistingUserController::Login(const std::string& username,
432 431
433 432 BootTimesLoader::Get()->RecordLoginAttempted();
434 433
435   - if (last_login_attempt_username_ != username) {
436   - last_login_attempt_username_ = username;
  434 + if (last_login_attempt_username_ != credentials.username) {
  435 + last_login_attempt_username_ = credentials.username;
437 436 num_login_attempts_ = 0;
438 437 // Also reset state variables, which are used to determine password change.
439 438 offline_failed_ = false;
440 439 online_succeeded_for_.clear();
441 440 }
442 441 num_login_attempts_++;
443   - PerformLogin(username, password, LoginPerformer::AUTH_MODE_INTERNAL);
  442 + PerformLogin(credentials, LoginPerformer::AUTH_MODE_INTERNAL);
444 443 }
445 444
446 445 void ExistingUserController::PerformLogin(
447   - std::string username,
448   - std::string password,
  446 + const UserCredentials& credentials,
449 447 LoginPerformer::AuthorizationMode auth_mode) {
450 448 // Disable UI while loading user profile.
451 449 login_display_->SetUIEnabled(false);
452   - resume_login_callback_.Reset();
453 450
454 451 // Use the same LoginPerformer for subsequent login as it has state
455 452 // such as Authenticator instance.
@@ -463,11 +460,14 @@ void ExistingUserController::PerformLogin(
463 460 }
464 461
465 462 is_login_in_progress_ = true;
466   - if (gaia::ExtractDomainName(username) ==
  463 + if (gaia::ExtractDomainName(credentials.username) ==
467 464 UserManager::kLocallyManagedUserDomain) {
468   - login_performer_->LoginAsLocallyManagedUser(username, password);
  465 + login_performer_->LoginAsLocallyManagedUser(
  466 + UserCredentials(credentials.username,
  467 + credentials.password,
  468 + std::string())); // auth_code
469 469 } else {
470   - login_performer_->PerformLogin(username, password, auth_mode);
  470 + login_performer_->PerformLogin(credentials, auth_mode);
471 471 }
472 472 accessibility::MaybeSpeak(
473 473 l10n_util::GetStringUTF8(IDS_CHROMEOS_ACC_LOGIN_SIGNING_IN));
@@ -754,8 +754,7 @@ void ExistingUserController::OnLoginFailure(const LoginFailure& failure) {
754 754 }
755 755
756 756 void ExistingUserController::OnLoginSuccess(
757   - const std::string& username,
758   - const std::string& password,
  757 + const UserCredentials& credentials,
759 758 bool pending_requests,
760 759 bool using_oauth) {
761 760 is_login_in_progress_ = false;
@@ -764,7 +763,8 @@ void ExistingUserController::OnLoginSuccess(
764 763 StopPublicSessionAutoLoginTimer();
765 764
766 765 bool has_cookies =
767   - login_performer_->auth_mode() == LoginPerformer::AUTH_MODE_EXTENSION;
  766 + login_performer_->auth_mode() == LoginPerformer::AUTH_MODE_EXTENSION &&
  767 + credentials.auth_code.empty();
768 768
769 769 // Login performer will be gone so cache this value to use
770 770 // once profile is loaded.
@@ -779,9 +779,8 @@ void ExistingUserController::OnLoginSuccess(
779 779 ignore_result(login_performer_.release());
780 780
781 781 // Will call OnProfilePrepared() in the end.
782   - LoginUtils::Get()->PrepareProfile(username,
  782 + LoginUtils::Get()->PrepareProfile(credentials,
783 783 display_email_,
784   - password,
785 784 using_oauth,
786 785 has_cookies,
787 786 this);
@@ -789,7 +788,7 @@ void ExistingUserController::OnLoginSuccess(
789 788 display_email_.clear();
790 789
791 790 // Notify LoginDisplay to allow it provide visual feedback to user.
792   - login_display_->OnLoginSuccess(username);
  791 + login_display_->OnLoginSuccess(credentials.username);
793 792 }
794 793
795 794 void ExistingUserController::OnProfilePrepared(Profile* profile) {
@@ -825,7 +824,9 @@ void ExistingUserController::OnProfilePrepared(Profile* profile) {
825 824 // Inform |login_status_consumer_| about successful login. Set most
826 825 // parameters to empty since they're not needed.
827 826 if (login_status_consumer_)
828   - login_status_consumer_->OnLoginSuccess("", "", false, false);
  827 + login_status_consumer_->OnLoginSuccess(UserCredentials(),
  828 + false, // pending_requests
  829 + false); // using_oauth
829 830 login_display_->OnFadeOut();
830 831 }
831 832
15 chromeos/login/existing_user_controller.h
@@ -76,11 +76,9 @@ class ExistingUserController : public LoginDisplay::Delegate,
76 76 virtual void CreateAccount() OVERRIDE;
77 77 virtual void CreateLocallyManagedUser(const string16& display_name,
78 78 const std::string& password) OVERRIDE;
79   - virtual void CompleteLogin(const std::string& username,
80   - const std::string& password) OVERRIDE;
  79 + virtual void CompleteLogin(const UserCredentials& credentials) OVERRIDE;
81 80 virtual string16 GetConnectedNetworkName() OVERRIDE;
82   - virtual void Login(const std::string& username,
83   - const std::string& password) OVERRIDE;
  81 + virtual void Login(const UserCredentials& credentials) OVERRIDE;
84 82 virtual void MigrateUserData(const std::string& old_password) OVERRIDE;
85 83 virtual void LoginAsRetailModeUser() OVERRIDE;
86 84 virtual void LoginAsGuest() OVERRIDE;
@@ -132,8 +130,7 @@ class ExistingUserController : public LoginDisplay::Delegate,
132 130 // LoginPerformer::Delegate implementation:
133 131 virtual void OnLoginFailure(const LoginFailure& error) OVERRIDE;
134 132 virtual void OnLoginSuccess(
135   - const std::string& username,
136   - const std::string& password,
  133 + const UserCredentials& credentials,
137 134 bool pending_requests,
138 135 bool using_oauth) OVERRIDE;
139 136 virtual void OnOffTheRecordLoginSuccess() OVERRIDE;
@@ -190,16 +187,14 @@ class ExistingUserController : public LoginDisplay::Delegate,
190 187 // Invoked to complete login. Login might be suspended if auto-enrollment
191 188 // has to be performed, and will resume once auto-enrollment completes.
192 189 void CompleteLoginInternal(
193   - const std::string& username,
194   - const std::string& password,
  190 + const UserCredentials& credentials,
195 191 DeviceSettingsService::OwnershipStatus ownership_status,
196 192 bool is_owner);
197 193
198 194 // Creates |login_performer_| if necessary and calls login() on it.
199 195 // The string arguments aren't passed by const reference because this is
200 196 // posted as |resume_login_callback_| and resets it.
201   - void PerformLogin(std::string username,
202   - std::string password,
  197 + void PerformLogin(const UserCredentials& credentials,
203 198 LoginPerformer::AuthorizationMode auth_mode);
204 199
205 200 void set_login_performer_delegate(LoginPerformer::Delegate* d) {
22 chromeos/login/existing_user_controller_browsertest.cc
@@ -345,7 +345,8 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerTest, ExistingUserLogin) {
345 345 .Times(1)
346 346 .WillOnce(WithArg<0>(Invoke(CreateAuthenticator)));
347 347 EXPECT_CALL(*mock_login_utils_,
348   - PrepareProfile(kUsername, _, kPassword, _, _, _))
  348 + PrepareProfile(UserCredentials(kUsername, kPassword, ""),
  349 + _, _, _, _))
349 350 .Times(1)
350 351 .WillOnce(InvokeWithoutArgs(&profile_prepared_cb_,
351 352 &base::Callback<void(void)>::Run));
@@ -365,7 +366,7 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerTest, ExistingUserLogin) {
365 366 EXPECT_CALL(*mock_user_manager_->user_manager(), IsCurrentUserNew())
366 367 .Times(AnyNumber())
367 368 .WillRepeatedly(Return(false));
368   - existing_user_controller()->Login(kUsername, kPassword);
  369 + existing_user_controller()->Login(UserCredentials(kUsername, kPassword, ""));
369 370 content::RunAllPendingInMessageLoop();
370 371 }
371 372
@@ -390,7 +391,8 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerTest, AutoEnrollAfterSignIn) {
390 391 .Times(1)
391 392 .InSequence(uiEnabledSequence);
392 393 existing_user_controller()->DoAutoEnrollment();
393   - existing_user_controller()->CompleteLogin(kUsername, kPassword);
  394 + existing_user_controller()->CompleteLogin(
  395 + UserCredentials(kUsername, kPassword, ""));
394 396 content::RunAllPendingInMessageLoop();
395 397 }
396 398
@@ -412,7 +414,8 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerTest,
412 414 .Times(1)
413 415 .WillOnce(WithArg<0>(Invoke(CreateAuthenticatorNewUser)));
414 416 EXPECT_CALL(*mock_login_utils_,
415   - PrepareProfile(kNewUsername, _, kPassword, _, _, _))
  417 + PrepareProfile(UserCredentials(kNewUsername, kPassword, ""),
  418 + _, _, _, _))
416 419 .Times(1)
417 420 .WillOnce(InvokeWithoutArgs(&profile_prepared_cb_,
418 421 &base::Callback<void(void)>::Run));
@@ -438,7 +441,8 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerTest,
438 441 .Times(1)
439 442 .InSequence(uiEnabledSequence);
440 443
441   - existing_user_controller()->CompleteLogin(kNewUsername, kPassword);
  444 + existing_user_controller()->CompleteLogin(
  445 + UserCredentials(kNewUsername, kPassword, ""));
442 446 content::RunAllPendingInMessageLoop();
443 447 }
444 448
@@ -542,7 +546,8 @@ class ExistingUserControllerPublicSessionTest
542 546 .Times(1)
543 547 .WillOnce(WithArg<0>(Invoke(create_authenticator)));
544 548 EXPECT_CALL(*mock_login_utils_,
545   - PrepareProfile(username, _, password, _, _, _))
  549 + PrepareProfile(UserCredentials(username, password, ""),
  550 + _, _, _, _))
546 551 .Times(1)
547 552 .WillOnce(InvokeWithoutArgs(&profile_prepared_cb_,
548 553 &base::Callback<void(void)>::Run));
@@ -725,7 +730,7 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest,
725 730 ASSERT_TRUE(auto_login_timer());
726 731
727 732 // Login and check that it stopped the timer.
728   - existing_user_controller()->Login(kUsername, kPassword);
  733 + existing_user_controller()->Login(UserCredentials(kUsername, kPassword, ""));
729 734 EXPECT_TRUE(is_login_in_progress());
730 735 ASSERT_TRUE(auto_login_timer());
731 736 EXPECT_FALSE(auto_login_timer()->IsRunning());
@@ -778,7 +783,8 @@ IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest,
778 783 ASSERT_TRUE(auto_login_timer());
779 784
780 785 // Check that login completes and stops the timer.
781   - existing_user_controller()->CompleteLogin(kUsername, kPassword);
  786 + existing_user_controller()->CompleteLogin(
  787 + UserCredentials(kUsername, kPassword, ""));
782 788 ASSERT_TRUE(auto_login_timer());
783 789 EXPECT_FALSE(auto_login_timer()->IsRunning());
784 790
8 chromeos/login/login_display.h
@@ -41,18 +41,16 @@ class LoginDisplay : public RemoveUserDelegate {
41 41 virtual void CreateLocallyManagedUser(const string16& display_name,
42 42 const std::string& password) = 0;
43 43
44   - // Complete sign process with specified |username| and |password|.
  44 + // Complete sign process with specified |credentials|.
45 45 // Used for new users authenticated through an extension.
46   - virtual void CompleteLogin(const std::string& username,
47   - const std::string& password) = 0;
  46 + virtual void CompleteLogin(const UserCredentials& credentials) = 0;
48 47
49 48 // Returns name of the currently connected network.
50 49 virtual string16 GetConnectedNetworkName() = 0;
51 50
52 51 // Sign in using |username| and |password| specified.
53 52 // Used for known users only.
54   - virtual void Login(const std::string& username,
55   - const std::string& password) = 0;
  53 + virtual void Login(const UserCredentials& credentials) = 0;
56 54
57 55 // Sign in as a retail mode user.
58 56 virtual void LoginAsRetailModeUser() = 0;
48 chromeos/login/login_performer.cc
@@ -127,8 +127,7 @@ void LoginPerformer::OnRetailModeLoginSuccess() {
127 127 }
128 128
129 129 void LoginPerformer::OnLoginSuccess(
130   - const std::string& username,
131   - const std::string& password,
  130 + const UserCredentials& credentials,
132 131 bool pending_requests,
133 132 bool using_oauth) {
134 133 content::RecordAction(UserMetricsAction("Login_Success"));
@@ -154,8 +153,7 @@ void LoginPerformer::OnLoginSuccess(
154 153 else
155 154 initial_online_auth_pending_ = true;
156 155
157   - delegate_->OnLoginSuccess(username,
158   - password,
  156 + delegate_->OnLoginSuccess(credentials,
159 157 pending_requests,
160 158 using_oauth);
161 159 }
@@ -219,12 +217,10 @@ void LoginPerformer::Observe(int type,
219 217 ////////////////////////////////////////////////////////////////////////////////
220 218 // LoginPerformer, public:
221 219
222   -void LoginPerformer::PerformLogin(const std::string& username,
223   - const std::string& password,
  220 +void LoginPerformer::PerformLogin(const UserCredentials& credentials,
224 221 AuthorizationMode auth_mode) {
225 222 auth_mode_ = auth_mode;
226   - username_ = username;
227   - password_ = password;
  223 + credentials_ = credentials;
228 224
229 225 CrosSettings* cros_settings = CrosSettings::Get();
230 226
@@ -235,7 +231,7 @@ void LoginPerformer::PerformLogin(const std::string& username,
235 231 cros_settings->PrepareTrustedValues(
236 232 base::Bind(&LoginPerformer::PerformLogin,
237 233 weak_factory_.GetWeakPtr(),
238   - username, password, auth_mode));
  234 + credentials_, auth_mode));
239 235 // Must not proceed without signature verification.
240 236 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
241 237 if (delegate_)
@@ -251,7 +247,7 @@ void LoginPerformer::PerformLogin(const std::string& username,
251 247 }
252 248
253 249 bool is_whitelisted = LoginUtils::IsWhitelisted(
254   - gaia::CanonicalizeEmail(username));
  250 + gaia::CanonicalizeEmail(credentials.username));
255 251 if (ScreenLocker::default_screen_locker() || is_whitelisted) {
256 252 switch (auth_mode_) {
257 253 case AUTH_MODE_EXTENSION:
@@ -263,7 +259,7 @@ void LoginPerformer::PerformLogin(const std::string& username,
263 259 }
264 260 } else {
265 261 if (delegate_)
266   - delegate_->WhiteListCheckFailed(username);
  262 + delegate_->WhiteListCheckFailed(credentials.username);
267 263 else
268 264 NOTREACHED();
269 265 }
@@ -274,21 +270,22 @@ void LoginPerformer::CreateLocallyManagedUser(const string16& display_name,
274 270 std::string id = UserManager::Get()->GenerateUniqueLocallyManagedUserId();
275 271 const User* user = UserManager::Get()->
276 272 CreateLocallyManagedUserRecord(id, display_name);
277   - LoginAsLocallyManagedUser(user->email(), password);
  273 + LoginAsLocallyManagedUser(UserCredentials(user->email(),
  274 + password,
  275 + std::string())); // auth_code
278 276 }
279 277
280   -void LoginPerformer::LoginAsLocallyManagedUser(const std::string& username,
281   - const std::string& password) {
  278 +void LoginPerformer::LoginAsLocallyManagedUser(
  279 + const UserCredentials& credentials) {
282 280 DCHECK_EQ(UserManager::kLocallyManagedUserDomain,
283   - gaia::ExtractDomainName(username));
  281 + gaia::ExtractDomainName(credentials.username));
284 282 // TODO(nkostylev): Check that policy allows locally managed user login.
285 283 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
286 284 BrowserThread::PostTask(
287 285 BrowserThread::UI, FROM_HERE,
288 286 base::Bind(&Authenticator::LoginAsLocallyManagedUser,
289 287 authenticator_.get(),
290   - username,
291   - password));
  288 + credentials));
292 289 }
293 290
294 291 void LoginPerformer::LoginRetailMode() {
@@ -494,10 +491,10 @@ void LoginPerformer::StartLoginCompletion() {
494 491 BrowserThread::UI, FROM_HERE,
495 492 base::Bind(&Authenticator::CompleteLogin, authenticator_.get(),
496 493 profile,
497   - username_,
498   - password_));
  494 + credentials_));
499 495
500   - password_.clear();
  496 + credentials_.password.clear();
  497 + credentials_.auth_code.clear();
501 498 }
502 499
503 500 void LoginPerformer::StartAuthentication() {
@@ -517,13 +514,12 @@ void LoginPerformer::StartAuthentication() {
517 514 BrowserThread::UI, FROM_HERE,
518 515 base::Bind(&Authenticator::AuthenticateToLogin, authenticator_.get(),
519 516 profile,
520   - username_,
521   - password_,
  517 + credentials_,
522 518 std::string(),
523 519 std::string()));
524 520 // Make unobtrusive online check. It helps to determine password change
525 521 // state in the case when offline login fails.
526   - online_attempt_host_.Check(profile, username_, password_);
  522 + online_attempt_host_.Check(profile, credentials_);
527 523 } else {
528 524 DCHECK(authenticator_.get())
529 525 << "Authenticator instance doesn't exist for login attempt retry.";
@@ -533,12 +529,12 @@ void LoginPerformer::StartAuthentication() {
533 529 BrowserThread::UI, FROM_HERE,
534 530 base::Bind(&Authenticator::RetryAuth, authenticator_.get(),
535 531 profile,
536   - username_,
537   - password_,
  532 + credentials_,
538 533 std::string(),
539 534 std::string()));
540 535 }
541   - password_.clear();
  536 + credentials_.password.clear();
  537 + credentials_.auth_code.clear();
542 538 }
543 539
544 540 } // namespace chromeos
21 chromeos/login/login_performer.h
@@ -12,6 +12,7 @@
12 12 #include "chrome/browser/chromeos/login/authenticator.h"
13 13 #include "chrome/browser/chromeos/login/login_status_consumer.h"
14 14 #include "chrome/browser/chromeos/login/online_attempt_host.h"
  15 +#include "chrome/browser/chromeos/login/user.h"
15 16 #include "chrome/browser/profiles/profile_manager.h"
16 17 #include "content/public/browser/notification_observer.h"
17 18 #include "content/public/browser/notification_registrar.h"
@@ -84,18 +85,16 @@ class LoginPerformer : public LoginStatusConsumer,
84 85 virtual void OnLoginFailure(const LoginFailure& error) OVERRIDE;
85 86 virtual void OnRetailModeLoginSuccess() OVERRIDE;
86 87 virtual void OnLoginSuccess(
87   - const std::string& username,
88   - const std::string& password,
  88 + const UserCredentials& credentials,
89 89 bool pending_requests,
90 90 bool using_oauth) OVERRIDE;
91 91 virtual void OnOffTheRecordLoginSuccess() OVERRIDE;
92 92 virtual void OnPasswordChangeDetected() OVERRIDE;
93 93
94   - // Performs a login for |username| and |password|. If auth_mode is
95   - // AUTH_MODE_EXTENSION, there are no further auth checks, AUTH_MODE_INTERNAL
96   - // will perform auth checks.
97   - void PerformLogin(const std::string& username,
98   - const std::string& password,
  94 + // Performs a login for |credentials|.
  95 + // If auth_mode is AUTH_MODE_EXTENSION, there are no further auth checks,
  96 + // AUTH_MODE_INTERNAL will perform auth checks.
  97 + void PerformLogin(const UserCredentials& credentials,
99 98 AuthorizationMode auth_mode);
100 99
101 100 // Performs locally managed user creation and login.
@@ -104,8 +103,7 @@ class LoginPerformer : public LoginStatusConsumer,
104 103
105 104 // Performs locally managed user login with a given |username| and |password|.
106 105 // Managed user creation should be done with CreateLocallyManagedUser().
107   - void LoginAsLocallyManagedUser(const std::string& username,
108   - const std::string& password);
  106 + void LoginAsLocallyManagedUser(const UserCredentials& credentials);
109 107
110 108 // Performs retail mode login.
111 109 void LoginRetailMode();
@@ -198,9 +196,8 @@ class LoginPerformer : public LoginStatusConsumer,
198 196 // sign-in server. LoginFailure.LoginFailureNone() by default.
199 197 LoginFailure last_login_failure_;
200 198
201   - // Username and password for the current login attempt.
202   - std::string username_;
203   - std::string password_;
  199 + // User credentials for the current login attempt.
  200 + UserCredentials credentials_;
204 201
205 202 // Notifications receiver.
206 203 Delegate* delegate_;
6 chromeos/login/login_status_consumer.cc
@@ -8,7 +8,11 @@
8 8 namespace chromeos {
9 9
10 10 void LoginStatusConsumer::OnRetailModeLoginSuccess() {
11   - OnLoginSuccess(kRetailModeUserEMail, "", false, false);
  11 + OnLoginSuccess(UserCredentials(kRetailModeUserEMail,
  12 + "", // password
  13 + ""), // auth_code
  14 + false, // pending_requests
  15 + false); // using_oauth
12 16 }
13 17
14 18 void LoginStatusConsumer::OnPasswordChangeDetected() {
9 chromeos/login/login_status_consumer.h
@@ -14,6 +14,8 @@
14 14
15 15 namespace chromeos {
16 16
  17 +struct UserCredentials;
  18 +
17 19 class LoginFailure {
18 20 public:
19 21 enum FailureReason {
@@ -115,12 +117,11 @@ class LoginStatusConsumer {
115 117 // Unless overridden for special processing, this should always call
116 118 // OnLoginSuccess with the magic |kRetailModeUserEMail| constant.
117 119 virtual void OnRetailModeLoginSuccess();
118   - // The current login attempt has succeeded for
119   - // |username|/|password|. If |pending_requests| is false, we're totally done.
  120 + // The current login attempt has succeeded for |credentials|.
  121 + // If |pending_requests| is false, we're totally done.
120 122 // If it's true, we will still have some more results to report later.
121 123 virtual void OnLoginSuccess(
122   - const std::string& username,
123   - const std::string& password,
  124 + const UserCredentials& credentials,
124 125 bool pending_requests,
125 126 bool using_oauth) = 0;
126 127 // The current guest login attempt has succeeded.
85 chromeos/login/login_utils.cc
@@ -27,6 +27,7 @@
27 27 #include "base/time.h"
28 28 #include "base/utf_string_conversions.h"
29 29 #include "chrome/browser/about_flags.h"
  30 +#include "chrome/browser/app_mode/app_mode_utils.h"
30 31 #include "chrome/browser/browser_process.h"
31 32 #include "chrome/browser/browser_shutdown.h"
32 33 #include "chrome/browser/chromeos/boot_times_loader.h"
@@ -69,6 +70,7 @@
69 70 #include "chrome/browser/ui/startup/startup_browser_creator.h"
70 71 #include "chrome/common/chrome_notification_types.h"
71 72 #include "chrome/common/chrome_paths.h"
  73 +#include "chrome/common/chrome_switches.h"
72 74 #include "chrome/common/logging_chrome.h"
73 75 #include "chrome/common/pref_names.h"
74 76 #include "chromeos/dbus/dbus_thread_manager.h"
@@ -139,9 +141,8 @@ class LoginUtilsImpl
139 141 virtual void DoBrowserLaunch(Profile* profile,
140 142 LoginDisplayHost* login_host) OVERRIDE;
141 143 virtual void PrepareProfile(
142   - const std::string& username,
  144 + const UserCredentials& credentials,
143 145 const std::string& display_email,
144   - const std::string& password,
145 146 bool using_oauth,
146 147 bool has_cookies,
147 148 LoginUtils::Delegate* delegate) OVERRIDE;
@@ -197,6 +198,10 @@ class LoginUtilsImpl
197 198 // Finalized profile preparation.
198 199 void FinalizePrepareProfile(Profile* user_profile);
199 200
  201 + // Initializes member variables needed for session restore process via
  202 + // OAuthLoginManager.
  203 + void InitSessionRestoreStrategy();
  204 +
200 205 // Restores GAIA auth cookies for the created user profile from OAuth2 token.
201 206 void RestoreAuthSession(Profile* user_profile,
202 207 bool restore_from_auth_cookies);
@@ -210,7 +215,7 @@ class LoginUtilsImpl
210 215 // Starts signing related services. Initiates TokenService token retrieval.
211 216 void StartSignedInServices(Profile* profile);
212 217
213   - std::string password_;
  218 + UserCredentials credentials_;
214 219 bool using_oauth_;
215 220 // True if the authentication profile's cookie jar should contain
216 221 // authentication cookies from the authentication extension log in flow.
@@ -226,6 +231,11 @@ class LoginUtilsImpl
226 231 // online state change.
227 232 bool should_restore_auth_session_;
228 233
  234 + // Sesion restore strategy.
  235 + OAuthLoginManager::SessionRestoreStrategy session_restore_strategy_;
  236 + // OAuth2 refresh token for session restore.
  237 + std::string oauth2_refresh_token_;
  238 +
229 239 content::NotificationRegistrar registrar_;
230 240
231 241 // This is set via a notification after the profile has initialized the
@@ -305,24 +315,23 @@ void LoginUtilsImpl::DoBrowserLaunch(Profile* profile,
305 315 }
306 316
307 317 void LoginUtilsImpl::PrepareProfile(
308   - const std::string& username,
  318 + const UserCredentials& credentials,
309 319 const std::string& display_email,
310   - const std::string& password,
311 320 bool using_oauth,
312 321 bool has_cookies,
313 322 LoginUtils::Delegate* delegate) {
314 323 BootTimesLoader* btl = BootTimesLoader::Get();
315 324
316   - VLOG(1) << "Completing login for " << username;
  325 + VLOG(1) << "Completing login for " << credentials.username;
317 326
318 327 btl->AddLoginTimeMarker("StartSession-Start", false);
319 328 DBusThreadManager::Get()->GetSessionManagerClient()->StartSession(
320   - username);
  329 + credentials.username);
321 330 btl->AddLoginTimeMarker("StartSession-End", false);
322 331
323 332 btl->AddLoginTimeMarker("UserLoggedIn-Start", false);
324 333 UserManager* user_manager = UserManager::Get();
325   - user_manager->UserLoggedIn(username, false);
  334 + user_manager->UserLoggedIn(credentials.username, false);
326 335 btl->AddLoginTimeMarker("UserLoggedIn-End", false);
327 336
328 337 // Switch log file as soon as possible.
@@ -331,13 +340,14 @@ void LoginUtilsImpl::PrepareProfile(
331 340
332 341 // Update user's displayed email.
333 342 if (!display_email.empty())
334   - user_manager->SaveUserDisplayEmail(username, display_email);
  343 + user_manager->SaveUserDisplayEmail(credentials.username, display_email);
335 344
336   - password_ = password;
  345 + credentials_ = credentials;
337 346
338 347 using_oauth_ = using_oauth;
339 348 has_web_auth_cookies_ = has_cookies;
340 349 delegate_ = delegate;
  350 + InitSessionRestoreStrategy();
341 351
342 352 policy::BrowserPolicyConnector* connector =
343 353 g_browser_process->browser_policy_connector();
@@ -351,12 +361,12 @@ void LoginUtilsImpl::PrepareProfile(
351 361 bool wait_for_policy_fetch =
352 362 using_oauth_ &&
353 363 authenticator_.get() &&
354   - (connector->GetUserAffiliation(username) ==
  364 + (connector->GetUserAffiliation(credentials_.username) ==
355 365 policy::USER_AFFILIATION_MANAGED);
356 366
357 367 // Initialize user policy before the profile is created so the profile
358 368 // initialization code sees the cached policy settings.
359   - connector->InitializeUserPolicy(username,
  369 + connector->InitializeUserPolicy(credentials_.username,
360 370 user_manager->IsLoggedInAsPublicAccount(),
361 371 wait_for_policy_fetch);
362 372
@@ -423,6 +433,46 @@ void LoginUtilsImpl::InitProfilePreferences(Profile* user_profile) {
423 433 RespectLocalePreference(user_profile);
424 434 }
425 435
  436 +void LoginUtilsImpl::InitSessionRestoreStrategy() {
  437 + CommandLine* command_line = CommandLine::ForCurrentProcess();
  438 + bool in_app_mode = chrome::IsRunningInForcedAppMode();
  439 +
  440 + // Are we in kiosk app mode?
  441 + if (in_app_mode) {
  442 + if (command_line->HasSwitch(::switches::kAppModeOAuth2Token)) {
  443 + oauth2_refresh_token_ = command_line->GetSwitchValueASCII(
  444 + ::switches::kAppModeOAuth2Token);
  445 + }
  446 +
  447 + if (command_line->HasSwitch(::switches::kAppModeAuthCode)) {
  448 + credentials_.auth_code = command_line->GetSwitchValueASCII(
  449 + ::switches::kAppModeAuthCode);
  450 + }
  451 +
  452 + DCHECK(!has_web_auth_cookies_);
  453 + if (!credentials_.auth_code.empty()) {
  454 + session_restore_strategy_ = OAuthLoginManager::RESTORE_FROM_AUTH_CODE;
  455 + } else if (!oauth2_refresh_token_.empty()) {
  456 + session_restore_strategy_ =
  457 + OAuthLoginManager::RESTORE_FROM_PASSED_OAUTH2_REFRESH_TOKEN;
  458 + } else {
  459 + session_restore_strategy_ =
  460 + OAuthLoginManager::RESTORE_FROM_SAVED_OAUTH2_REFRESH_TOKEN;
  461 + }
  462 + return;
  463 + }
  464 +
  465 + if (has_web_auth_cookies_) {
  466 + session_restore_strategy_ = OAuthLoginManager::RESTORE_FROM_COOKIE_JAR;
  467 + } else if (!credentials_.auth_code.empty()) {
  468 + session_restore_strategy_ = OAuthLoginManager::RESTORE_FROM_AUTH_CODE;
  469 + } else {
  470 + session_restore_strategy_ =
  471 + OAuthLoginManager::RESTORE_FROM_SAVED_OAUTH2_REFRESH_TOKEN;
  472 + }
  473 +}
  474 +
  475 +
426 476 void LoginUtilsImpl::OnProfileCreated(
427 477 Profile* user_profile,
428 478 Profile::CreateStatus status) {
@@ -499,7 +549,9 @@ void LoginUtilsImpl::RestoreAuthSession(Profile* user_profile,
499 549 authenticator_ && authenticator_->authentication_profile() ?
500 550 authenticator_->authentication_profile()->GetRequestContext() :
501 551 NULL,
502   - restore_from_auth_cookies);
  552 + session_restore_strategy_,
  553 + oauth2_refresh_token_,
  554 + credentials_.auth_code);
503 555 }
504 556
505 557 void LoginUtilsImpl::FinalizePrepareProfile(Profile* user_profile) {
@@ -600,17 +652,18 @@ void LoginUtilsImpl::StartSignedInServices(Profile* user_profile) {
600 652 // We may not always have a passphrase (for example, on a restart after a
601 653 // browser crash). Only notify the sync service if we have a passphrase,
602 654 // so it can do any required re-encryption.
603   - if (!password_.empty() && sync_service) {
  655 + if (!credentials_.password.empty() && sync_service) {
604 656 GoogleServiceSigninSuccessDetails details(
605 657 signin->GetAuthenticatedUsername(),
606   - password_);
  658 + credentials_.password);
607 659 content::NotificationService::current()->Notify(
608 660 chrome::NOTIFICATION_GOOGLE_SIGNIN_SUCCESSFUL,
609 661 content::Source<Profile>(user_profile),
610 662 content::Details<const GoogleServiceSigninSuccessDetails>(&details));
611 663 }
612 664 }
613   - password_.clear();
  665 + credentials_.password.clear();
  666 + credentials_.auth_code.clear();
614 667 }
615 668
616 669 void LoginUtilsImpl::RespectLocalePreference(Profile* profile) {
4 chromeos/login/login_utils.h
@@ -20,6 +20,7 @@ namespace chromeos {
20 20 class Authenticator;
21 21 class LoginDisplayHost;
22 22 class LoginStatusConsumer;
  23 +struct UserCredentials;
23 24
24 25 class LoginUtils {
25 26 public:
@@ -64,9 +65,8 @@ class LoginUtils {
64 65 // this value, shown in UI.
65 66 // Also see DelegateDeleted method.
66 67 virtual void PrepareProfile(
67   - const std::string& username,
  68 + const UserCredentials& credentials,
68 69 const std::string& display_email,
69   - const std::string& password,
70 70 bool using_oauth,
71 71 bool has_cookies,
72 72 Delegate* delegate) = 0;
13 chromeos/login/login_utils_browsertest.cc
@@ -386,8 +386,7 @@ class LoginUtilsTest : public testing::Test,
386 386 FAIL() << "OnLoginFailure not expected";
387 387 }
388 388
389   - virtual void OnLoginSuccess(const std::string& username,
390   - const std::string& password,
  389 + virtual void OnLoginSuccess(const UserCredentials& credentials,
391 390 bool pending_requests,
392 391 bool using_oauth) OVERRIDE {
393 392 FAIL() << "OnLoginSuccess not expected";
@@ -416,15 +415,17 @@ class LoginUtilsTest : public testing::Test,
416 415 scoped_refptr<Authenticator> authenticator =
417 416 LoginUtils::Get()->CreateAuthenticator(this);
418 417 authenticator->CompleteLogin(ProfileManager::GetDefaultProfile(),
419   - username,
420   - "password");
  418 + UserCredentials(username,
  419 + "password",
  420 + ""));
421 421
422 422 const bool kUsingOAuth = true;