From 71f99a802dcdb4a6a6936c807f3787d59a086a2b Mon Sep 17 00:00:00 2001
From: "bartfab@chromium.org"
 <bartfab@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri, 21 Mar 2014 14:06:43 +0000
Subject: [PATCH] Show error message if authenticated user e-mail retrieval
 fails

With this CL, an error message is shown when the authenticated user's
e-mail address cannot be retrieved during enrollment or login.

TEST=New browser test
BUG=335542

Review URL: https://codereview.chromium.org/206573003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@258565 0039d316-1c4b-4281-b951-d872f2087c98
---
 chrome/app/chromeos_strings.grdp                   |  2 +-
 .../chromeos/login/saml/saml_browsertest.cc        | 44 ++++++++++++++++------
 .../chromeos/login/oobe_screen_oauth_enrollment.js |  7 +++-
 .../resources/chromeos/login/screen_gaia_signin.js |  5 ++-
 .../webui/chromeos/login/signin_screen_handler.cc  |  3 ++
 5 files changed, 47 insertions(+), 14 deletions(-)

diff --git a/chrome/app/chromeos_strings.grdp b/chrome/app/chromeos_strings.grdp
index cb987511ee72..91311a779dcf 100644
--- a/chrome/app/chromeos_strings.grdp
+++ b/chrome/app/chromeos_strings.grdp
@@ -1341,7 +1341,7 @@ Press any key to continue exploring.
   <message name="IDS_LOGIN_PREVIOUS_PASSWORD" desc="Password field text on the password changed dialog">
     Previous password
   </message>
-  <message name="IDS_LOGIN_SAML_NOTICE" desc="Text message displayed above SAML portal to learly indicate that the user is being redirected to another sign-in provider.">
+  <message name="IDS_LOGIN_SAML_NOTICE" desc="Text message displayed above SAML portal to early indicate that the user is being redirected to another sign-in provider.">
     The sign-in service below is hosted by <ph name="SAML_DOMAIN">$1<ex>saml.com</ex></ph>. Sign in to continue.
   </message>
   <message name="IDS_LOGIN_CONFIRM_PASSWORD_TITLE" desc="Title for the confirm password dialog.">
diff --git a/chrome/browser/chromeos/login/saml/saml_browsertest.cc b/chrome/browser/chromeos/login/saml/saml_browsertest.cc
index 3287ad562b05..2115001a742c 100644
--- a/chrome/browser/chromeos/login/saml/saml_browsertest.cc
+++ b/chrome/browser/chromeos/login/saml/saml_browsertest.cc
@@ -245,17 +245,7 @@ class SamlTest : public InProcessBrowserTest {
   }
 
   virtual void SetUpOnMainThread() OVERRIDE {
-    FakeGaia::MergeSessionParams params;
-    params.auth_sid_cookie = kTestAuthSIDCookie;
-    params.auth_lsid_cookie = kTestAuthLSIDCookie;
-    params.auth_code = kTestAuthCode;
-    params.refresh_token = kTestRefreshToken;
-    params.access_token = kTestAuthLoginAccessToken;
-    params.gaia_uber_token = kTestGaiaUberToken;
-    params.session_sid_cookie = kTestSessionSIDCookie;
-    params.session_lsid_cookie = kTestSessionLSIDCookie;
-    params.email = kFirstSAMLUserEmail;
-    fake_gaia_.SetMergeSessionParams(params);
+    SetMergeSessionParams(kFirstSAMLUserEmail);
 
     embedded_test_server()->RegisterRequestHandler(
         base::Bind(&FakeGaia::HandleRequest, base::Unretained(&fake_gaia_)));
@@ -279,6 +269,20 @@ class SamlTest : public InProcessBrowserTest {
     }
   }
 
+  void SetMergeSessionParams(const std::string& email) {
+    FakeGaia::MergeSessionParams params;
+    params.auth_sid_cookie = kTestAuthSIDCookie;
+    params.auth_lsid_cookie = kTestAuthLSIDCookie;
+    params.auth_code = kTestAuthCode;
+    params.refresh_token = kTestRefreshToken;
+    params.access_token = kTestAuthLoginAccessToken;
+    params.gaia_uber_token = kTestGaiaUberToken;
+    params.session_sid_cookie = kTestSessionSIDCookie;
+    params.session_lsid_cookie = kTestSessionLSIDCookie;
+    params.email = email;
+    fake_gaia_.SetMergeSessionParams(params);
+  }
+
   WebUILoginDisplay* GetLoginDisplay() {
     ExistingUserController* controller =
         ExistingUserController::current_controller();
@@ -504,6 +508,24 @@ IN_PROC_BROWSER_TEST_F(SamlTest, UseAutenticatedUserEmailAddress) {
   EXPECT_EQ(kFirstSAMLUserEmail, user->email());
 }
 
+// Verifies that if the authenticated user's e-mail address cannot be retrieved,
+// an error message is shown.
+IN_PROC_BROWSER_TEST_F(SamlTest, FailToRetrieveAutenticatedUserEmailAddress) {
+  fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");
+  StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail);
+
+  SetSignFormField("Email", "fake_user");
+  SetSignFormField("Password", "fake_password");
+  ExecuteJsInSigninFrame("document.getElementById('Submit').click();");
+
+  OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait();
+
+  SetMergeSessionParams("");
+  SendConfirmPassword("fake_password");
+
+  OobeScreenWaiter(OobeDisplay::SCREEN_FATAL_ERROR).Wait();
+}
+
 // Tests the password confirm flow: show error on the first failure and
 // fatal error on the second failure.
 IN_PROC_BROWSER_TEST_F(SamlTest, PasswordConfirmFlow) {
diff --git a/chrome/browser/resources/chromeos/login/oobe_screen_oauth_enrollment.js b/chrome/browser/resources/chromeos/login/oobe_screen_oauth_enrollment.js
index 01e82ca8da23..7ed334c5d99c 100644
--- a/chrome/browser/resources/chromeos/login/oobe_screen_oauth_enrollment.js
+++ b/chrome/browser/resources/chromeos/login/oobe_screen_oauth_enrollment.js
@@ -249,7 +249,12 @@ login.createScreen('OAuthEnrollmentScreen', 'oauth-enrollment', function() {
      * @param {string} email The authenticated user's e-mail address.
      */
     setAuthenticatedUserEmail: function(attemptToken, email) {
-      if (this.attemptToken_ == attemptToken)
+      if (this.attemptToken_ != attemptToken)
+        return;
+
+      if (!email)
+        this.showError(loadTimeData.getString('fatalEnrollmentError'), false);
+      else
         chrome.send('oauthEnrollCompleteLogin', [email]);
     },
 
diff --git a/chrome/browser/resources/chromeos/login/screen_gaia_signin.js b/chrome/browser/resources/chromeos/login/screen_gaia_signin.js
index 86565520b3d6..aa88b576b03f 100644
--- a/chrome/browser/resources/chromeos/login/screen_gaia_signin.js
+++ b/chrome/browser/resources/chromeos/login/screen_gaia_signin.js
@@ -325,7 +325,10 @@ login.createScreen('GaiaSigninScreen', 'gaia-signin', function() {
      * @param {string} email The authenticated user's e-mail address.
      */
     setAuthenticatedUserEmail: function(attemptToken, email) {
-      this.gaiaAuthHost_.setAuthenticatedUserEmail(attemptToken, email);
+      if (!email)
+        this.showFatalAuthError();
+      else
+        this.gaiaAuthHost_.setAuthenticatedUserEmail(attemptToken, email);
     },
 
     /**
diff --git a/chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc b/chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc
index b572b948e9f6..f28d7831e12e 100644
--- a/chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc
+++ b/chrome/browser/ui/webui/chromeos/login/signin_screen_handler.cc
@@ -434,6 +434,9 @@ void SigninScreenHandler::DeclareLocalizedValues(
   builder->Add("easyUnlockTooltip",
                IDS_LOGIN_EASY_UNLOCK_TOOLTIP);
 
+  builder->Add("fatalEnrollmentError",
+               IDS_ENTERPRISE_ENROLLMENT_AUTH_FATAL_ERROR);
+
   if (chromeos::KioskModeSettings::Get()->IsKioskModeEnabled())
     builder->Add("demoLoginMessage", IDS_KIOSK_MODE_LOGIN_MESSAGE);
 
-- 
2.11.4.GIT