summaryrefslogtreecommitdiff
path: root/chromium/components/signin/internal/identity_manager/primary_account_policy_manager_impl.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/components/signin/internal/identity_manager/primary_account_policy_manager_impl.cc')
-rw-r--r--chromium/components/signin/internal/identity_manager/primary_account_policy_manager_impl.cc114
1 files changed, 0 insertions, 114 deletions
diff --git a/chromium/components/signin/internal/identity_manager/primary_account_policy_manager_impl.cc b/chromium/components/signin/internal/identity_manager/primary_account_policy_manager_impl.cc
deleted file mode 100644
index 9116698b912..00000000000
--- a/chromium/components/signin/internal/identity_manager/primary_account_policy_manager_impl.cc
+++ /dev/null
@@ -1,114 +0,0 @@
-// Copyright 2019 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "components/signin/internal/identity_manager/primary_account_policy_manager_impl.h"
-
-#include "base/bind.h"
-#include "base/logging.h"
-#include "build/build_config.h"
-#include "components/signin/internal/identity_manager/primary_account_manager.h"
-#include "components/signin/public/base/signin_client.h"
-#include "components/signin/public/base/signin_metrics.h"
-#include "components/signin/public/base/signin_pref_names.h"
-#include "components/signin/public/identity_manager/account_info.h"
-#include "components/signin/public/identity_manager/identity_utils.h"
-
-PrimaryAccountPolicyManagerImpl::PrimaryAccountPolicyManagerImpl(
- SigninClient* client)
- : client_(client) {}
-
-PrimaryAccountPolicyManagerImpl::~PrimaryAccountPolicyManagerImpl() {
- local_state_pref_registrar_.RemoveAll();
-}
-
-void PrimaryAccountPolicyManagerImpl::InitializePolicy(
- PrefService* local_state,
- PrimaryAccountManager* primary_account_manager) {
- // local_state can be null during unit tests.
- if (local_state) {
- local_state_pref_registrar_.Init(local_state);
- local_state_pref_registrar_.Add(
- prefs::kGoogleServicesUsernamePattern,
- base::BindRepeating(&PrimaryAccountPolicyManagerImpl::
- OnGoogleServicesUsernamePatternChanged,
- weak_pointer_factory_.GetWeakPtr(),
- primary_account_manager));
- }
- signin_allowed_.Init(
- prefs::kSigninAllowed, client_->GetPrefs(),
- base::BindRepeating(
- &PrimaryAccountPolicyManagerImpl::OnSigninAllowedPrefChanged,
- base::Unretained(this), primary_account_manager));
-
- CoreAccountInfo account_info = primary_account_manager->GetPrimaryAccountInfo(
- signin::ConsentLevel::kSync);
- if (!account_info.account_id.empty() &&
- (!IsAllowedUsername(account_info.email) || !IsSigninAllowed())) {
- // User is signed in, but the username is invalid or signin is no longer
- // allowed, so the user must be sign out.
- //
- // This may happen in the following cases:
- // a. The user has toggled off signin allowed in settings.
- // b. The administrator changed the policy since the last signin.
- //
- // Note: The token service has not yet loaded its credentials, so accounts
- // cannot be revoked here.
- //
- // On desktop, when PrimaryAccountManager is initializing, the profile was
- // not yet marked with sign out allowed. Therefore sign out is not allowed
- // and all calls to RevokeSyncConsent() and ClearPrimaryAccount() methods
- // are no-op.
- //
- // TODO(msarda): RevokeSyncConsent() method do not guarantee that the sync
- // consent can really be revoked (this depends on whether sign out is
- // allowed). Add a check here on desktop to make it clear that
- // RevokeSyncConsent() does not do anything.
- primary_account_manager->RevokeSyncConsent(
- signin_metrics::SIGNIN_PREF_CHANGED_DURING_SIGNIN,
- signin_metrics::SignoutDelete::kIgnoreMetric);
- }
-}
-
-void PrimaryAccountPolicyManagerImpl::OnGoogleServicesUsernamePatternChanged(
- PrimaryAccountManager* primary_account_manager) {
- if (primary_account_manager->HasPrimaryAccount(signin::ConsentLevel::kSync) &&
- !IsAllowedUsername(
- primary_account_manager
- ->GetPrimaryAccountInfo(signin::ConsentLevel::kSync)
- .email)) {
- // Signed in user is invalid according to the current policy so sign
- // the user out.
- primary_account_manager->ClearPrimaryAccount(
- signin_metrics::GOOGLE_SERVICE_NAME_PATTERN_CHANGED,
- signin_metrics::SignoutDelete::kIgnoreMetric);
- }
-}
-
-bool PrimaryAccountPolicyManagerImpl::IsSigninAllowed() const {
- return signin_allowed_.GetValue();
-}
-
-void PrimaryAccountPolicyManagerImpl::OnSigninAllowedPrefChanged(
- PrimaryAccountManager* primary_account_manager) {
- if (!IsSigninAllowed() &&
- primary_account_manager->HasPrimaryAccount(signin::ConsentLevel::kSync)) {
- VLOG(0) << "IsSigninAllowed() set to false, signing out the user";
- primary_account_manager->ClearPrimaryAccount(
- signin_metrics::SIGNOUT_PREF_CHANGED,
- signin_metrics::SignoutDelete::kIgnoreMetric);
- }
-}
-
-bool PrimaryAccountPolicyManagerImpl::IsAllowedUsername(
- const std::string& username) const {
- const PrefService* local_state = local_state_pref_registrar_.prefs();
-
- // TODO(crbug.com/908121): We need to deal for now with the fact that many
- // unit tests have a null |local_state| passed to InitializePolicy(), in which
- // case all usernames are considered 'allowed'.
- if (!local_state)
- return true;
-
- return signin::IsUsernameAllowedByPatternFromPrefs(local_state, username);
-}
View Lorry Controller Status