1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
|
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/ui/views/profiles/profile_picker_dice_sign_in_provider.h"
#include "base/feature_list.h"
#include "base/functional/bind.h"
#include "base/functional/callback.h"
#include "base/functional/callback_helpers.h"
#include "base/strings/string_util.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/profiles/delete_profile_helper.h"
#include "chrome/browser/profiles/keep_alive/profile_keep_alive_types.h"
#include "chrome/browser/profiles/nuke_profile_directory_utils.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/profiles/profile_attributes_storage.h"
#include "chrome/browser/profiles/profile_avatar_icon_util.h"
#include "chrome/browser/profiles/profile_manager.h"
#include "chrome/browser/signin/dice_tab_helper.h"
#include "chrome/browser/signin/identity_manager_factory.h"
#include "chrome/browser/signin/signin_promo.h"
#include "chrome/browser/signin/signin_util.h"
#include "chrome/browser/themes/theme_service.h"
#include "chrome/browser/themes/theme_service_factory.h"
#include "chrome/browser/trusted_vault/trusted_vault_encryption_keys_tab_helper.h"
#include "chrome/browser/ui/browser_navigator.h"
#include "chrome/browser/ui/browser_navigator_params.h"
#include "chrome/browser/ui/views/profiles/profile_picker_view.h"
#include "chrome/browser/ui/views/profiles/profile_picker_web_contents_host.h"
#include "chrome/common/url_constants.h"
#include "chrome/common/webui_url_constants.h"
#include "components/safe_browsing/buildflags.h"
#include "components/signin/public/base/consent_level.h"
#include "components/signin/public/base/signin_metrics.h"
#include "components/signin/public/identity_manager/account_info.h"
#include "components/signin/public/identity_manager/identity_manager.h"
#include "components/web_modal/web_contents_modal_dialog_manager.h"
#include "content/public/browser/context_menu_params.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/web_contents.h"
#include "google_apis/gaia/gaia_auth_util.h"
#include "google_apis/gaia/gaia_urls.h"
#include "net/base/url_util.h"
#include "third_party/blink/public/mojom/window_features/window_features.mojom.h"
#include "ui/views/controls/webview/web_contents_set_background_color.h"
#if BUILDFLAG(SAFE_BROWSING_AVAILABLE)
#include "chrome/browser/safe_browsing/chrome_password_reuse_detection_manager_client.h"
#endif
namespace {
bool IsTwoFactorIntersitial(const GURL& url) {
return base::StartsWith(url.spec(), chrome::kGoogleTwoFactorIntersitialURL);
}
bool IsExternalURL(const GURL& url) {
// Empty URL is used initially, about:blank is used to stop navigation after
// sign-in succeeds.
if (url.is_empty() || url == GURL(url::kAboutBlankURL)) {
return false;
}
if (gaia::HasGaiaSchemeHostPort(url)) {
return false;
}
return true;
}
} // namespace
ProfilePickerDiceSignInProvider::ProfilePickerDiceSignInProvider(
ProfilePickerWebContentsHost* host,
signin_metrics::AccessPoint signin_access_point,
base::FilePath profile_path)
: host_(host),
signin_access_point_(signin_access_point),
profile_path_(profile_path) {}
ProfilePickerDiceSignInProvider::~ProfilePickerDiceSignInProvider() {
// Handle unfinished signed-in profile creation (i.e. when callback was not
// called yet).
if (callback_) {
if (IsInitialized()) {
ResetWebContentsDelegates();
}
ProfileMetrics::LogProfileAddSignInFlowOutcome(
ProfileMetrics::ProfileSignedInFlowOutcome::kAbortedBeforeSignIn);
}
}
void ProfilePickerDiceSignInProvider::SwitchToSignIn(
StepSwitchFinishedCallback switch_finished_callback,
SignedInCallback signin_finished_callback) {
// Update the callback even if the profile is already initialized (to respect
// that the callback may be different).
callback_ = std::move(signin_finished_callback);
if (IsInitialized()) {
// Do not load any url because the desired sign-in screen is still loaded in
// `contents()`.
host_->ShowScreen(
contents(), GURL(),
base::BindOnce(std::move(switch_finished_callback.value()), true));
host_->SetNativeToolbarVisible(true);
return;
}
auto profile_init_callback = base::BindOnce(
&ProfilePickerDiceSignInProvider::OnProfileInitialized,
weak_ptr_factory_.GetWeakPtr(), std::move(switch_finished_callback));
ProfileManager* profile_manager = g_browser_process->profile_manager();
if (!profile_path_.empty()) {
bool profile_exists = profile_manager->LoadProfileByPath(
profile_path_, /*incognito=*/false, std::move(profile_init_callback));
DCHECK(profile_exists);
} else {
// Silently create the new profile for browsing on GAIA (so that the sign-in
// cookies are stored in the right profile).
ProfileManager::CreateMultiProfileAsync(
profile_manager->GetProfileAttributesStorage()
.ChooseNameForNewProfile(),
profiles::GetPlaceholderAvatarIndex(), /*is_hidden=*/true,
std::move(profile_init_callback));
}
}
void ProfilePickerDiceSignInProvider::ReloadSignInPage() {
if (IsInitialized() && contents()) {
contents()->GetController().Reload(content::ReloadType::BYPASSING_CACHE,
true);
}
}
void ProfilePickerDiceSignInProvider::NavigateBack() {
if (!IsInitialized() || !contents()) {
return;
}
if (contents()->GetController().CanGoBack()) {
contents()->GetController().GoBack();
return;
}
// Move from sign-in back to the previous screen of profile creation.
// Do not load any url because the desired screen is still loaded in the
// picker contents.
host_->ShowScreenInPickerContents(GURL(), base::OnceClosure());
host_->SetNativeToolbarVisible(false);
}
bool ProfilePickerDiceSignInProvider::HandleContextMenu(
content::RenderFrameHost& render_frame_host,
const content::ContextMenuParams& params) {
// Ignores context menu.
return true;
}
content::WebContents* ProfilePickerDiceSignInProvider::AddNewContents(
content::WebContents* source,
std::unique_ptr<content::WebContents> new_contents,
const GURL& target_url,
WindowOpenDisposition disposition,
const blink::mojom::WindowFeatures& window_features,
bool user_gesture,
bool* was_blocked) {
// ForceSignin flow should not have any potential link that opens a new
// browser. Currently the regular sign in flow does not contain any, but the
// SAML Force Signin flow contains a SAML speedbump page, which still contains
// external links like "Help", "Privacy" and "Terms" that will attempt to open
// a browser. As long as those links are accessible, we should not try to open
// them while Force Signin is enabled.
// TODO(crbug.com/41493894): Remove this check if the SAML speedbump is
// removed or if the links on the page are removed.
if (signin_util::IsForceSigninEnabled()) {
return nullptr;
}
NavigateParams params(profile_, target_url, ui::PAGE_TRANSITION_LINK);
// Open all links as new popups.
params.disposition = WindowOpenDisposition::NEW_POPUP;
params.contents_to_insert = std::move(new_contents);
params.window_features = window_features;
Navigate(¶ms);
return nullptr;
}
bool ProfilePickerDiceSignInProvider::HandleKeyboardEvent(
content::WebContents* source,
const input::NativeWebKeyboardEvent& event) {
return host_->GetWebContentsDelegate()->HandleKeyboardEvent(source, event);
}
void ProfilePickerDiceSignInProvider::NavigationStateChanged(
content::WebContents* source,
content::InvalidateTypes changed_flags) {
if (source != contents_.get()) {
return;
}
auto primary_account =
IdentityManagerFactory::GetForProfile(profile_)->GetPrimaryAccountInfo(
signin::ConsentLevel::kSignin);
if (IsTwoFactorIntersitial(contents_->GetVisibleURL()) &&
!primary_account.IsEmpty()) {
// This intersitial should be skipped while in the profile picker, so we
// finish flow with the current primary account. The intersitial will be
// opened in a tab after the profile is created. This is handled by the
// signed-in flow controller.
// Posting the task to avoid navigation re-entrancy caused by the
// next step of the flow causing a navigation.
base::SequencedTaskRunner::GetCurrentDefault()->PostTask(
FROM_HERE,
base::BindOnce(&ProfilePickerDiceSignInProvider::FinishFlow,
weak_ptr_factory_.GetWeakPtr(), primary_account));
} else if (IsExternalURL(contents_->GetVisibleURL()) &&
// SAML with ForceSignin in Profile Picker should follow the
// regular flow.
!signin_util::IsForceSigninEnabled()) {
// Attach DiceTabHelper to `contents_` so that sync consent dialog appears
// after a successful sign-in.
DiceTabHelper* tab_helper = DiceTabHelper::FromWebContents(contents_.get());
CHECK(tab_helper);
InitializeDiceTabHelper(*tab_helper, DiceTabHelperMode::kInBrowser);
// The rest of the SAML flow logic is handled by the signed-in flow
// controller.
FinishFlow(CoreAccountInfo());
}
}
web_modal::WebContentsModalDialogHost*
ProfilePickerDiceSignInProvider::GetWebContentsModalDialogHost() {
return host_->GetWebContentsModalDialogHost();
}
void ProfilePickerDiceSignInProvider::OnProfileInitialized(
StepSwitchFinishedCallback switch_finished_callback,
Profile* new_profile) {
if (!new_profile) {
std::move(switch_finished_callback.value()).Run(false);
return;
}
DCHECK(!profile_);
DCHECK(!contents());
profile_ = new_profile;
profile_keep_alive_ = std::make_unique<ScopedProfileKeepAlive>(
profile_, ProfileKeepAliveOrigin::kProfileCreationFlow);
contents_ = content::WebContents::Create(
content::WebContents::CreateParams(profile_));
contents()->SetDelegate(this);
// Create a manager that supports modal dialogs, such as for webauthn.
web_modal::WebContentsModalDialogManager::CreateForWebContents(contents());
web_modal::WebContentsModalDialogManager::FromWebContents(contents())
->SetDelegate(this);
// To allow passing encryption keys during interactions with the page,
// instantiate TrustedVaultEncryptionKeysTabHelper.
TrustedVaultEncryptionKeysTabHelper::CreateForWebContents(contents());
// Record that the sign in process starts. Its end is recorded automatically
// when the primary account is set.
signin_metrics::RecordSigninUserActionForAccessPoint(signin_access_point_);
signin_metrics::LogSigninAccessPointStarted(
signin_access_point_,
signin_metrics::PromoAction::PROMO_ACTION_NO_SIGNIN_PROMO);
// Apply the default theme to get consistent colors for toolbars in newly
// created profiles (this matters for linux where the 'system' theme is used
// for new profiles).
if (profile_path_.empty()) {
auto* theme_service = ThemeServiceFactory::GetForProfile(profile_);
theme_service->UseDefaultTheme();
}
// Make sure the web contents used for sign-in has proper background to match
// the toolbar (for dark mode).
views::WebContentsSetBackgroundColor::CreateForWebContentsWithColor(
contents(), host_->GetPreferredBackgroundColor());
base::OnceClosure navigation_finished_closure =
base::BindOnce(&ProfilePickerWebContentsHost::SetNativeToolbarVisible,
// Unretained is enough as the callback is called by the
// host itself.
base::Unretained(host_), /*visible=*/true)
.Then(base::BindOnce(std::move(switch_finished_callback.value()),
true));
host_->ShowScreen(contents(), BuildSigninURL(),
std::move(navigation_finished_closure));
#if BUILDFLAG(SAFE_BROWSING_AVAILABLE)
ChromePasswordReuseDetectionManagerClient::CreateForProfilePickerWebContents(
contents());
#endif
// Attach a `DiceTabHelper` to the `WebContents` to trigger the completion
// of the step.
DiceTabHelper::CreateForWebContents(contents());
DiceTabHelper* tab_helper = DiceTabHelper::FromWebContents(contents());
CHECK(tab_helper);
InitializeDiceTabHelper(*tab_helper, DiceTabHelperMode::kInPicker);
}
bool ProfilePickerDiceSignInProvider::IsInitialized() const {
return profile_ != nullptr;
}
void ProfilePickerDiceSignInProvider::FinishFlow(
const CoreAccountInfo& account_info) {
DCHECK(IsInitialized());
host_->SetNativeToolbarVisible(false);
ResetWebContentsDelegates();
std::move(callback_).Run(profile_.get(), account_info, std::move(contents_));
}
void ProfilePickerDiceSignInProvider::FinishFlowInPicker(
Profile* profile,
signin_metrics::AccessPoint /*access_point*/,
signin_metrics::PromoAction /*promo_action*/,
content::WebContents* /*contents*/,
const CoreAccountInfo& account_info) {
CHECK_EQ(profile, profile_.get());
FinishFlow(account_info);
}
void ProfilePickerDiceSignInProvider::ResetWebContentsDelegates() {
contents()->SetDelegate(nullptr);
web_modal::WebContentsModalDialogManager::FromWebContents(contents())
->SetDelegate(nullptr);
}
GURL ProfilePickerDiceSignInProvider::BuildSigninURL() const {
// Use the Emebedded flow if we are in the context of ForceSignin.
signin::Flow signin_flow = signin_util::IsForceSigninEnabled()
? signin::Flow::EMBEDDED_PROMO
: signin::Flow::PROMO;
return signin::GetChromeSyncURLForDice({
.request_dark_scheme = host_->ShouldUseDarkColors(),
.flow = signin_flow,
});
}
void ProfilePickerDiceSignInProvider::InitializeDiceTabHelper(
DiceTabHelper& helper,
DiceTabHelperMode mode) {
DiceTabHelper::EnableSyncCallback enable_sync_callback;
DiceTabHelper::ShowSigninErrorCallback show_signin_error_callback;
// Use |redirect_url| and not |continue_url|, so that the DiceTabHelper can
// redirect to chrome:// URLs such as the NTP.
GURL redirect_url;
bool record_signin_started_metrics = true;
switch (mode) {
case DiceTabHelperMode::kInPicker:
// This is the default case. The signin flow starts in the picker,
// assuming that this is not SAML. If the user uses a SAML account, a
// browser window will open, and the `DiceTabHelper` will be reinitialized
// with the `kInBrowser` mode.
enable_sync_callback = base::BindRepeating(
&ProfilePickerDiceSignInProvider::FinishFlowInPicker,
weak_ptr_factory_.GetWeakPtr());
// TODO(crbug.com/40276801): Handle signin errors in the profile
// picker.
show_signin_error_callback = base::DoNothing();
break;
case DiceTabHelperMode::kInBrowser:
// This is used when a SAML flow is detected (through a navigation outside
// of Gaia).
enable_sync_callback = DiceTabHelper::GetEnableSyncCallbackForBrowser();
show_signin_error_callback =
DiceTabHelper::GetShowSigninErrorCallbackForBrowser();
redirect_url = GURL(chrome::kChromeUINewTabURL);
// The metrics were already recorded once when starting the flow in the
// profile picker.
record_signin_started_metrics = false;
break;
}
helper.InitializeSigninFlow(
BuildSigninURL(), signin_access_point_,
signin_metrics::Reason::kSigninPrimaryAccount,
signin_metrics::PromoAction::PROMO_ACTION_NO_SIGNIN_PROMO,
std::move(redirect_url), record_signin_started_metrics,
std::move(enable_sync_callback),
/* TODO(crbug.com/418139693): Update the callback once this entry point is
supported for history sync. */
/*history_sync_optin_callback=*/base::NullCallback(),
DiceTabHelper::OnSigninHeaderReceived(),
std::move(show_signin_error_callback));
}
|
