diff options
Diffstat (limited to 'chromium/components/signin/internal/identity_manager/primary_account_policy_manager_impl.cc')
-rw-r--r-- | chromium/components/signin/internal/identity_manager/primary_account_policy_manager_impl.cc | 114 |
1 files changed, 0 insertions, 114 deletions
diff --git a/chromium/components/signin/internal/identity_manager/primary_account_policy_manager_impl.cc b/chromium/components/signin/internal/identity_manager/primary_account_policy_manager_impl.cc deleted file mode 100644 index 9116698b912..00000000000 --- a/chromium/components/signin/internal/identity_manager/primary_account_policy_manager_impl.cc +++ /dev/null @@ -1,114 +0,0 @@ -// Copyright 2019 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "components/signin/internal/identity_manager/primary_account_policy_manager_impl.h" - -#include "base/bind.h" -#include "base/logging.h" -#include "build/build_config.h" -#include "components/signin/internal/identity_manager/primary_account_manager.h" -#include "components/signin/public/base/signin_client.h" -#include "components/signin/public/base/signin_metrics.h" -#include "components/signin/public/base/signin_pref_names.h" -#include "components/signin/public/identity_manager/account_info.h" -#include "components/signin/public/identity_manager/identity_utils.h" - -PrimaryAccountPolicyManagerImpl::PrimaryAccountPolicyManagerImpl( - SigninClient* client) - : client_(client) {} - -PrimaryAccountPolicyManagerImpl::~PrimaryAccountPolicyManagerImpl() { - local_state_pref_registrar_.RemoveAll(); -} - -void PrimaryAccountPolicyManagerImpl::InitializePolicy( - PrefService* local_state, - PrimaryAccountManager* primary_account_manager) { - // local_state can be null during unit tests. - if (local_state) { - local_state_pref_registrar_.Init(local_state); - local_state_pref_registrar_.Add( - prefs::kGoogleServicesUsernamePattern, - base::BindRepeating(&PrimaryAccountPolicyManagerImpl:: - OnGoogleServicesUsernamePatternChanged, - weak_pointer_factory_.GetWeakPtr(), - primary_account_manager)); - } - signin_allowed_.Init( - prefs::kSigninAllowed, client_->GetPrefs(), - base::BindRepeating( - &PrimaryAccountPolicyManagerImpl::OnSigninAllowedPrefChanged, - base::Unretained(this), primary_account_manager)); - - CoreAccountInfo account_info = primary_account_manager->GetPrimaryAccountInfo( - signin::ConsentLevel::kSync); - if (!account_info.account_id.empty() && - (!IsAllowedUsername(account_info.email) || !IsSigninAllowed())) { - // User is signed in, but the username is invalid or signin is no longer - // allowed, so the user must be sign out. - // - // This may happen in the following cases: - // a. The user has toggled off signin allowed in settings. - // b. The administrator changed the policy since the last signin. - // - // Note: The token service has not yet loaded its credentials, so accounts - // cannot be revoked here. - // - // On desktop, when PrimaryAccountManager is initializing, the profile was - // not yet marked with sign out allowed. Therefore sign out is not allowed - // and all calls to RevokeSyncConsent() and ClearPrimaryAccount() methods - // are no-op. - // - // TODO(msarda): RevokeSyncConsent() method do not guarantee that the sync - // consent can really be revoked (this depends on whether sign out is - // allowed). Add a check here on desktop to make it clear that - // RevokeSyncConsent() does not do anything. - primary_account_manager->RevokeSyncConsent( - signin_metrics::SIGNIN_PREF_CHANGED_DURING_SIGNIN, - signin_metrics::SignoutDelete::kIgnoreMetric); - } -} - -void PrimaryAccountPolicyManagerImpl::OnGoogleServicesUsernamePatternChanged( - PrimaryAccountManager* primary_account_manager) { - if (primary_account_manager->HasPrimaryAccount(signin::ConsentLevel::kSync) && - !IsAllowedUsername( - primary_account_manager - ->GetPrimaryAccountInfo(signin::ConsentLevel::kSync) - .email)) { - // Signed in user is invalid according to the current policy so sign - // the user out. - primary_account_manager->ClearPrimaryAccount( - signin_metrics::GOOGLE_SERVICE_NAME_PATTERN_CHANGED, - signin_metrics::SignoutDelete::kIgnoreMetric); - } -} - -bool PrimaryAccountPolicyManagerImpl::IsSigninAllowed() const { - return signin_allowed_.GetValue(); -} - -void PrimaryAccountPolicyManagerImpl::OnSigninAllowedPrefChanged( - PrimaryAccountManager* primary_account_manager) { - if (!IsSigninAllowed() && - primary_account_manager->HasPrimaryAccount(signin::ConsentLevel::kSync)) { - VLOG(0) << "IsSigninAllowed() set to false, signing out the user"; - primary_account_manager->ClearPrimaryAccount( - signin_metrics::SIGNOUT_PREF_CHANGED, - signin_metrics::SignoutDelete::kIgnoreMetric); - } -} - -bool PrimaryAccountPolicyManagerImpl::IsAllowedUsername( - const std::string& username) const { - const PrefService* local_state = local_state_pref_registrar_.prefs(); - - // TODO(crbug.com/908121): We need to deal for now with the fact that many - // unit tests have a null |local_state| passed to InitializePolicy(), in which - // case all usernames are considered 'allowed'. - if (!local_state) - return true; - - return signin::IsUsernameAllowedByPatternFromPrefs(local_state, username); -} |