Implement ephemeral users

chrome/browser/chromeos/login/user_manager.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_USER_MANAGER_H_
 #define CHROME_BROWSER_CHROMEOS_LOGIN_USER_MANAGER_H_
 #pragma once
 
 #include <string>
 
@@ skipping 30 matching lines @@
                     public ProfileSyncServiceObserver,
                     public content::NotificationObserver {
  public:
   // Returns a shared instance of a UserManager. Not thread-safe, should only be
   // called from the main UI thread.
   static UserManager* Get();
 
   // Registers user manager preferences.
   static void RegisterPrefs(PrefService* local_state);
 
-  // Returns a list of the users who have logged into this device previously.
-  // It is sorted in order of recency, with most recent at the beginning.
+  // Returns a list of users who have logged into this device previously. This
+  // is sorted by last login date with the most recent user at the beginning.
   const UserList& GetUsers() const;
 
-  // Indicates that a user with the given email has just logged in.
-  // The persistent list will be updated accordingly.
+  // Indicates that a user with the given email has just logged in. The
+  // persistent list is updated accordingly if the user is not ephemeral.
   void UserLoggedIn(const std::string& email);
 
   // Indicates that user just logged on as the demo user.
   void DemoUserLoggedIn();
 
   // Indicates that user just started incognito session.
   void GuestUserLoggedIn();
 
   // Removes the user from the device. Note, it will verify that the given user
   // isn't the owner, so calling this method for the owner will take no effect.
   // Note, |delegate| can be NULL.
   void RemoveUser(const std::string& email,
                   RemoveUserDelegate* delegate);
 
   // Removes the user from the persistent list only. Also removes the user's
   // picture.
   void RemoveUserFromList(const std::string& email);
 
-  // Returns true if given user has logged into the device before.
+  // Returns true if a user with the given email address is found in the
+  // persistent list or currently logged in as ephemeral.
   virtual bool IsKnownUser(const std::string& email) const;
 
-  // Returns a user with given email or |NULL| if no such user exists.
+  // Returns the user with the given email address if found in the persistent
+  // list or currently logged in as ephemeral. Returns |NULL| otherwise.
   const User* FindUser(const std::string& email) const;
 
   // Returns the logged-in user.
   const User& logged_in_user() const { return *logged_in_user_; }
   User& logged_in_user() { return *logged_in_user_; }
 
   // Returns true if given display name is unique.
   bool IsDisplayNameUnique(const std::string& display_name) const;
 
   // Saves user's oauth token status in local state preferences.
@@ skipping 46 matching lines @@
 
   // Accessor for current_user_is_owner_
   virtual bool current_user_is_owner() const;
   virtual void set_current_user_is_owner(bool current_user_is_owner);
 
   // Accessor for current_user_is_new_.
   bool current_user_is_new() const {
     return current_user_is_new_;
   }
 
+  // Accessor for current_user_is_ephemeral_.
+  bool current_user_is_ephemeral() const {

[Nikita (slow), 2012/03/07 10:03:04]

needs merge:

Rename to IsCurrentUserEphemeral().
Add to the UserManager interface and mock.

[use bartfab instead, 2012/03/07 11:10:08]

After addressing your other comments, the method is actually gone completely
now.

+    return current_user_is_ephemeral_;
+  }
+
   bool user_is_logged_in() const { return user_is_logged_in_; }
 
   // Returns true if we're logged in as a demo user.
   bool IsLoggedInAsDemoUser() const;
 
   // Returns true if we're logged in as a Guest.
   bool IsLoggedInAsGuest() const;
 
   // Interface that observers of UserManager must implement in order
   // to receive notification when local state preferences is changed
@@ skipping 18 matching lines @@
   }
 
  protected:
   UserManager();
   virtual ~UserManager();
 
   // Returns image filepath for the given user.
   FilePath GetImagePathForUser(const std::string& username);
 
  private:
+  friend class UserManagerTest;
+
   // Loads |users_| from Local State if the list has not been loaded yet.
   // Subsequent calls have no effect. Must be called on the UI thread.
   void EnsureUsersLoaded();
 
+  // Retrieves trusted device policies and removes users from the persistent
+  // list if ephemeral users are enabled. Schedules a callback to itself if
+  // trusted device policies are not yet available.
+  void RetrieveTrustedDevicePolicies();
+
+  // Returns true if trusted device policies have successfully been retrieved
+  // and ephemeral users are enabled.
+  bool AreEphemeralUsersEnabled() const;
+
+  // Returns true if the user with the given email address is to be treated as
+  // ephemeral.
+  bool IsEphemeralUser(const std::string& email) const;
+
+  // Returns the user with the given email address if found in the persistent
+  // list. Returns |NULL| otherwise.
+  const User* FindUserInList(const std::string& email) const;
+
   // Makes stub user the current logged-in user (for test paths).
   void StubUserLoggedIn();
 
   // Notifies on new user session.
   void NotifyOnLogin();
 
+  // Resets internal state to the initial values before user login.
+  void LogoutForTest();
+
   // Reads user's oauth token status from local state preferences.
   User::OAuthTokenStatus LoadUserOAuthStatus(const std::string& username) const;
 
   // Sets one of the default images for the specified user and saves this
   // setting in local state.
   // Does not send LOGIN_USER_IMAGE_CHANGED notification.
   void SetInitialUserImage(const std::string& username);
 
   // Sets image for user |username| and sends LOGIN_USER_IMAGE_CHANGED
   // notification unless this is a new user and image is set for the first time.
@@ skipping 40 matching lines @@
   // ProfileDownloaderDelegate implementation.
   virtual int GetDesiredImageSideLength() const OVERRIDE;
   virtual Profile* GetBrowserProfile() OVERRIDE;
   virtual std::string GetCachedPictureURL() const OVERRIDE;
   virtual void OnDownloadComplete(ProfileDownloader* downloader,
                                   bool success) OVERRIDE;
 
   // Creates a new User instance.
   User* CreateUser(const std::string& email) const;
 
+  // Removes the user from the persistent list only. Also removes the user's
+  // picture.
+  void RemoveUserFromListInternal(const std::string& email);
+
   // Loads user image from its file.
   scoped_refptr<UserImageLoader> image_loader_;
 
   // List of all known users. User instances are owned by |this| and deleted
-  // when a user is removed with |RemoveUser|.
+  // when users are removed by |RemoveUserFromListInternal|.
   mutable UserList users_;
 
   // Map of users' display names used to determine which users have unique
   // display names.
   mutable base::hash_map<std::string, size_t> display_name_count_;
 
   // User instance used to represent the demo user.
   User demo_user_;
 
   // User instance used to represent the off-the-record (guest) user.
   User guest_user_;
 
   // A stub User instance for test paths (running without a logged-in user).
   User stub_user_;
 
   // The logged-in user. NULL until a user has logged in, then points to one
-  // of the User instances in |users_| or to the |guest_user_| instance.
-  // In test paths without login points to the |stub_user_| instance.
+  // of the User instances in |users_|, the |guest_user_| instance or an
+  // ephemeral user instance. In test paths without login points to the
+  // |stub_user_| instance.
   User* logged_in_user_;
 
   // Cached flag of whether currently logged-in user is owner or not.
   // May be accessed on different threads, requires locking.
   bool current_user_is_owner_;
   mutable base::Lock current_user_is_owner_lock_;
 
   // Cached flag of whether the currently logged-in user existed before this
   // login.
   bool current_user_is_new_;
 
+  // Cached flag of whether the currently logged-in user is ephemeral. Storage
+  // of persistent information is avoided for such users by not adding them to
+  // the user list in local state, not downloading their custom user images and
+  // mounting their cryptohomes using tmpfs.
+  bool current_user_is_ephemeral_;

[Nikita (slow), 2012/03/07 10:03:04]

nit: Should follow naming that other members in UserManagerImpl use.
is_current_user_ephemeral_

[use bartfab instead, 2012/03/07 11:10:08]

Done.

+
   // Cached flag of whether any user is logged in at the moment.
   bool user_is_logged_in_;
 
+  // Cached flag indicating whether ephemeral users are enabled. Defaults to
+  // |false| if the value has not been read from trusted device policy yet.
+  bool ephemeral_users_enabled_;
+
+  // Cached name of device owner. Defaults to empty string if the value has not
+  // been read from trusted device policy yet.
+  std::string owner_email_;

[Nikita (slow), 2012/03/07 10:03:04]

We already have cached versions of trusted settings available.

Why do we need to cache ephemeral_users_enabled_, owner_email_ in one more
place?

[use bartfab instead, 2012/03/07 11:10:08]

Before accessing cached trusted settings, GetTrusted() must be called to check
whether they are available. If the settings are not yet available, this sets up
a callback. Every access to cached trusted settings can therefore lead to an
additional callback being set up.

Caching the settings locally allows a single well-defined callback to be used
for their retrieval.

+
   content::NotificationRegistrar registrar_;
 
   // Profile sync service which is observed to take actions after sync
   // errors appear. NOTE: there is no guarantee that it is the current sync
   // service, so do NOT use it outside |OnStateChanged| method.
   ProfileSyncService* observed_sync_service_;
 
   friend struct base::DefaultLazyInstanceTraits<UserManager>;
 
   ObserverList<Observer> observer_list_;
@@ skipping 17 matching lines @@
 
   // Data URL for |downloaded_profile_image_|.
   std::string downloaded_profile_image_data_url_;
 
   DISALLOW_COPY_AND_ASSIGN(UserManager);
 };
 
 }  // namespace chromeos
 
 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_USER_MANAGER_H_