| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ | 5 #ifndef CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ |
| 6 #define CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ | 6 #define CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 13 matching lines...) Expand all Loading... |
| 24 } | 24 } |
| 25 | 25 |
| 26 namespace policy { | 26 namespace policy { |
| 27 class WildcardLoginChecker; | 27 class WildcardLoginChecker; |
| 28 } | 28 } |
| 29 | 29 |
| 30 namespace content { | 30 namespace content { |
| 31 class BrowserContext; | 31 class BrowserContext; |
| 32 } | 32 } |
| 33 | 33 |
| 34 namespace user_manager { |
| 35 class UserID; |
| 36 } // namespace user_manager |
| 37 |
| 34 namespace chromeos { | 38 namespace chromeos { |
| 35 | 39 |
| 36 // This class encapsulates sign in operations. | 40 // This class encapsulates sign in operations. |
| 37 // Sign in is performed in a way that offline auth is executed first. | 41 // Sign in is performed in a way that offline auth is executed first. |
| 38 // Once offline auth is OK - user homedir is mounted, UI is launched. | 42 // Once offline auth is OK - user homedir is mounted, UI is launched. |
| 39 // At this point LoginPerformer |delegate_| is destroyed and it releases | 43 // At this point LoginPerformer |delegate_| is destroyed and it releases |
| 40 // LP instance ownership. LP waits for online login result. | 44 // LP instance ownership. LP waits for online login result. |
| 41 // If auth is succeeded, cookie fetcher is executed, LP instance deletes itself. | 45 // If auth is succeeded, cookie fetcher is executed, LP instance deletes itself. |
| 42 // | 46 // |
| 43 // If |delegate_| is not NULL it will handle error messages, password input. | 47 // If |delegate_| is not NULL it will handle error messages, password input. |
| 44 class CHROMEOS_EXPORT LoginPerformer : public AuthStatusConsumer, | 48 class CHROMEOS_EXPORT LoginPerformer : public AuthStatusConsumer, |
| 45 public OnlineAttemptHost::Delegate { | 49 public OnlineAttemptHost::Delegate { |
| 46 public: | 50 public: |
| 47 typedef enum AuthorizationMode { | 51 typedef enum AuthorizationMode { |
| 48 // Authorization performed internally by Chrome. | 52 // Authorization performed internally by Chrome. |
| 49 AUTH_MODE_INTERNAL, | 53 AUTH_MODE_INTERNAL, |
| 50 // Authorization performed by an extension. | 54 // Authorization performed by an extension. |
| 51 AUTH_MODE_EXTENSION | 55 AUTH_MODE_EXTENSION |
| 52 } AuthorizationMode; | 56 } AuthorizationMode; |
| 53 | 57 |
| 54 // Delegate class to get notifications from the LoginPerformer. | 58 // Delegate class to get notifications from the LoginPerformer. |
| 55 class Delegate : public AuthStatusConsumer { | 59 class Delegate : public AuthStatusConsumer { |
| 56 public: | 60 public: |
| 57 ~Delegate() override {} | 61 ~Delegate() override {} |
| 58 virtual void WhiteListCheckFailed(const std::string& email) = 0; | 62 virtual void WhiteListCheckFailed(const user_manager::UserID& user_id) = 0; |
| 59 virtual void PolicyLoadFailed() = 0; | 63 virtual void PolicyLoadFailed() = 0; |
| 60 virtual void OnOnlineChecked(const std::string& email, bool success) = 0; | 64 virtual void OnOnlineChecked(const user_manager::UserID& user_id, bool succe
ss) = 0; |
| 61 }; | 65 }; |
| 62 | 66 |
| 63 LoginPerformer(scoped_refptr<base::TaskRunner> task_runner, | 67 LoginPerformer(scoped_refptr<base::TaskRunner> task_runner, |
| 64 Delegate* delegate, | 68 Delegate* delegate, |
| 65 bool disable_client_login); | 69 bool disable_client_login); |
| 66 ~LoginPerformer() override; | 70 ~LoginPerformer() override; |
| 67 | 71 |
| 68 // Performs a login for |user_context|. | 72 // Performs a login for |user_context|. |
| 69 // If auth_mode is AUTH_MODE_EXTENSION, there are no further auth checks, | 73 // If auth_mode is AUTH_MODE_EXTENSION, there are no further auth checks, |
| 70 // AUTH_MODE_INTERNAL will perform auth checks. | 74 // AUTH_MODE_INTERNAL will perform auth checks. |
| 71 void PerformLogin(const UserContext& user_context, | 75 void PerformLogin(const UserContext& user_context, |
| 72 AuthorizationMode auth_mode); | 76 AuthorizationMode auth_mode); |
| 73 | 77 |
| 74 // Performs supervised user login with a given |user_context|. | 78 // Performs supervised user login with a given |user_context|. |
| 75 void LoginAsSupervisedUser(const UserContext& user_context); | 79 void LoginAsSupervisedUser(const UserContext& user_context); |
| 76 | 80 |
| 77 // Performs actions to prepare guest mode login. | 81 // Performs actions to prepare guest mode login. |
| 78 void LoginOffTheRecord(); | 82 void LoginOffTheRecord(); |
| 79 | 83 |
| 80 // Performs public session login with a given |user_context|. | 84 // Performs public session login with a given |user_context|. |
| 81 void LoginAsPublicSession(const UserContext& user_context); | 85 void LoginAsPublicSession(const UserContext& user_context); |
| 82 | 86 |
| 83 // Performs a login into the kiosk mode account with |app_user_id|. | 87 // Performs a login into the kiosk mode account with |app_user_id|. |
| 84 void LoginAsKioskAccount(const std::string& app_user_id, | 88 void LoginAsKioskAccount(const user_manager::UserID& app_user_id, |
| 85 bool use_guest_mount); | 89 bool use_guest_mount); |
| 86 | 90 |
| 87 // AuthStatusConsumer implementation: | 91 // AuthStatusConsumer implementation: |
| 88 void OnAuthFailure(const AuthFailure& error) override; | 92 void OnAuthFailure(const AuthFailure& error) override; |
| 89 void OnAuthSuccess(const UserContext& user_context) override; | 93 void OnAuthSuccess(const UserContext& user_context) override; |
| 90 void OnOffTheRecordAuthSuccess() override; | 94 void OnOffTheRecordAuthSuccess() override; |
| 91 void OnPasswordChangeDetected() override; | 95 void OnPasswordChangeDetected() override; |
| 92 | 96 |
| 93 // Migrates cryptohome using |old_password| specified. | 97 // Migrates cryptohome using |old_password| specified. |
| 94 void RecoverEncryptedData(const std::string& old_password); | 98 void RecoverEncryptedData(const std::string& old_password); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 112 int password_changed_callback_count() { | 116 int password_changed_callback_count() { |
| 113 return password_changed_callback_count_; | 117 return password_changed_callback_count_; |
| 114 } | 118 } |
| 115 | 119 |
| 116 void set_delegate(Delegate* delegate) { delegate_ = delegate; } | 120 void set_delegate(Delegate* delegate) { delegate_ = delegate; } |
| 117 | 121 |
| 118 AuthorizationMode auth_mode() const { return auth_mode_; } | 122 AuthorizationMode auth_mode() const { return auth_mode_; } |
| 119 | 123 |
| 120 protected: | 124 protected: |
| 121 // Implements OnlineAttemptHost::Delegate. | 125 // Implements OnlineAttemptHost::Delegate. |
| 122 void OnChecked(const std::string& user_id, bool success) override; | 126 void OnChecked(const user_manager::UserID& user_id, bool success) override; |
| 123 | 127 |
| 124 // Platform-dependant methods to be implemented by concrete class. | 128 // Platform-dependant methods to be implemented by concrete class. |
| 125 | 129 |
| 126 // Run trusted check for a platform. If trusted check have to be performed | 130 // Run trusted check for a platform. If trusted check have to be performed |
| 127 // asynchronously, |false| will be returned, and either delegate's | 131 // asynchronously, |false| will be returned, and either delegate's |
| 128 // PolicyLoadFailed() or |callback| will be called upon actual check. | 132 // PolicyLoadFailed() or |callback| will be called upon actual check. |
| 129 virtual bool RunTrustedCheck(const base::Closure& callback) = 0; | 133 virtual bool RunTrustedCheck(const base::Closure& callback) = 0; |
| 130 | 134 |
| 131 // Check if user is allowed to sign in on device. |wildcard_match| will | 135 // Check if user is allowed to sign in on device. |wildcard_match| will |
| 132 // contain additional information whether this user is explicitly listed or | 136 // contain additional information whether this user is explicitly listed or |
| 133 // not (may be relevant for extension-based sign-in). | 137 // not (may be relevant for extension-based sign-in). |
| 134 virtual bool IsUserWhitelisted(const std::string& user_id, | 138 virtual bool IsUserWhitelisted(const user_manager::UserID& user_id, |
| 135 bool* wildcard_match) = 0; | 139 bool* wildcard_match) = 0; |
| 136 | 140 |
| 137 // This method should run addional online check if user can sign in on device. | 141 // This method should run addional online check if user can sign in on device. |
| 138 // Either |success_callback| or |failure_callback| should be called upon this | 142 // Either |success_callback| or |failure_callback| should be called upon this |
| 139 // check. | 143 // check. |
| 140 virtual void RunOnlineWhitelistCheck( | 144 virtual void RunOnlineWhitelistCheck( |
| 141 const std::string& user_id, | 145 const user_manager::UserID& user_id, |
| 142 bool wildcard_match, | 146 bool wildcard_match, |
| 143 const std::string& refresh_token, | 147 const std::string& refresh_token, |
| 144 const base::Closure& success_callback, | 148 const base::Closure& success_callback, |
| 145 const base::Closure& failure_callback) = 0; | 149 const base::Closure& failure_callback) = 0; |
| 146 | 150 |
| 147 // Supervised users-related methods. | 151 // Supervised users-related methods. |
| 148 | 152 |
| 149 // Check if supervised users are allowed on this device. | 153 // Check if supervised users are allowed on this device. |
| 150 virtual bool AreSupervisedUsersAllowed() = 0; | 154 virtual bool AreSupervisedUsersAllowed() = 0; |
| 151 | 155 |
| 152 // Check which authenticator should be used for supervised user. | 156 // Check which authenticator should be used for supervised user. |
| 153 virtual bool UseExtendedAuthenticatorForSupervisedUser( | 157 virtual bool UseExtendedAuthenticatorForSupervisedUser( |
| 154 const UserContext& user_context) = 0; | 158 const UserContext& user_context) = 0; |
| 155 | 159 |
| 156 // Probably transform supervised user's authentication key. | 160 // Probably transform supervised user's authentication key. |
| 157 virtual UserContext TransformSupervisedKey(const UserContext& context) = 0; | 161 virtual UserContext TransformSupervisedKey(const UserContext& context) = 0; |
| 158 | 162 |
| 159 // Set up sign-in flow for supervised user. | 163 // Set up sign-in flow for supervised user. |
| 160 virtual void SetupSupervisedUserFlow(const std::string& user_id) = 0; | 164 virtual void SetupSupervisedUserFlow(const user_manager::UserID& user_id) = 0; |
| 161 | 165 |
| 162 // Set up sign-in flow for Easy Unlock. | 166 // Set up sign-in flow for Easy Unlock. |
| 163 virtual void SetupEasyUnlockUserFlow(const std::string& user_id) = 0; | 167 virtual void SetupEasyUnlockUserFlow(const user_manager::UserID& user_id) = 0; |
| 164 | 168 |
| 165 // Run policy check for |user_id|. If something is wrong, delegate's | 169 // Run policy check for |user_id|. If something is wrong, delegate's |
| 166 // PolicyLoadFailed is called. | 170 // PolicyLoadFailed is called. |
| 167 virtual bool CheckPolicyForUser(const std::string& user_id) = 0; | 171 virtual bool CheckPolicyForUser(const user_manager::UserID& user_id) = 0; |
| 168 | 172 |
| 169 // Look up browser context to use during signin. | 173 // Look up browser context to use during signin. |
| 170 virtual content::BrowserContext* GetSigninContext() = 0; | 174 virtual content::BrowserContext* GetSigninContext() = 0; |
| 171 | 175 |
| 172 // Get RequestContext used for sign in. | 176 // Get RequestContext used for sign in. |
| 173 virtual net::URLRequestContextGetter* GetSigninRequestContext() = 0; | 177 virtual net::URLRequestContextGetter* GetSigninRequestContext() = 0; |
| 174 | 178 |
| 175 // Create authenticator implementation. | 179 // Create authenticator implementation. |
| 176 virtual scoped_refptr<Authenticator> CreateAuthenticator() = 0; | 180 virtual scoped_refptr<Authenticator> CreateAuthenticator() = 0; |
| 177 | 181 |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 230 // TODO(antrim): remove once we got rid of /ClientLogin. | 234 // TODO(antrim): remove once we got rid of /ClientLogin. |
| 231 bool disable_client_login_; | 235 bool disable_client_login_; |
| 232 | 236 |
| 233 base::WeakPtrFactory<LoginPerformer> weak_factory_; | 237 base::WeakPtrFactory<LoginPerformer> weak_factory_; |
| 234 DISALLOW_COPY_AND_ASSIGN(LoginPerformer); | 238 DISALLOW_COPY_AND_ASSIGN(LoginPerformer); |
| 235 }; | 239 }; |
| 236 | 240 |
| 237 } // namespace chromeos | 241 } // namespace chromeos |
| 238 | 242 |
| 239 #endif // CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ | 243 #endif // CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1165323004:
We should use UserID object to identify users instead of username.
Base URL: https://chromium.googlesource.com/chromium/src.git@master