chrome/browser/chromeos/login/existing_user_controller.cc - Issue 1183893005: ChromeOS: user whitelist check should happen before entering password.

Side by Side Diff: chrome/browser/chromeos/login/existing_user_controller.cc

Issue 1183893005: ChromeOS: user whitelist check should happen before entering password. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/browser/chromeos/login/existing_user_controller.h ('k') | chrome/browser/chromeos/login/lock/webui_screen_locker.h » ('j') | chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/chromeos/login/existing_user_controller.h"	5 #include "chrome/browser/chromeos/login/existing_user_controller.h"

6	6

7 #include <vector>	7 #include <vector>

8	8

9 #include "base/bind.h"	9 #include "base/bind.h"

10 #include "base/bind_helpers.h"	10 #include "base/bind_helpers.h"

(...skipping 434 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
445 }	445 }

446	446

447 void ExistingUserController::ShowWrongHWIDScreen() {	447 void ExistingUserController::ShowWrongHWIDScreen() {

448 host_->StartWizard(WizardController::kWrongHWIDScreenName);	448 host_->StartWizard(WizardController::kWrongHWIDScreenName);

449 }	449 }

450	450

451 void ExistingUserController::Signout() {	451 void ExistingUserController::Signout() {

452 NOTREACHED();	452 NOTREACHED();

453 }	453 }

454	454

	455 bool ExistingUserController::IsUserWhitelisted(const std::string& user_id) {

	456 bool wildcard_match = false;

	457 if (login_performer_.get())

	458 return login_performer_->IsUserWhitelisted(user_id, &wildcard_match);

	459

	460 return ChromeLoginPerformer(this).IsUserWhitelisted(user_id, &wildcard_match);
	Denis Kuznetsov (DE-MUC) 2015/06/18 11:13:31 What is the case when we will not have login_perfo What is the case when we will not have login_performer_ at this point? Does it really makes sense to create new object for just one check? Alexander Alekseev 2015/06/19 00:54:08 login_performer is created only in PerformLogin(), Show quoted text On 2015/06/18 11:13:31, Denis Kuznetsov wrote: > What is the case when we will not have login_performer_ at this point? > Does it really makes sense to create new object for just one check? login_performer is created only in PerformLogin(), and should be used for one user only. So at this point (before user has entered password), login_performer is NULL. I've added re-use of existing login_performer just in case this method would be called from somewhere during active login process. Denis Kuznetsov (DE-MUC) 2015/06/25 19:21:11 First, ChromeLoginPerfomer is somewhat large objec Show quoted text On 2015/06/19 00:54:08, Alexander Alekseev wrote: > On 2015/06/18 11:13:31, Denis Kuznetsov wrote: > > What is the case when we will not have login_performer_ at this point? > > Does it really makes sense to create new object for just one check? > > login_performer is created only in PerformLogin(), and should be used for one > user only. So at this point (before user has entered password), login_performer > is NULL. > > I've added re-use of existing login_performer just in case this method would be > called from somewhere during active login process. First, ChromeLoginPerfomer is somewhat large object to create (it has not-so-obvious constructor). Second, this approach is incorrect - if you create LoginPerformer in this way there is a chance that it will not load policy, and you will get wrong results. Third, this example shows that ChomeLoginPerformer is a wrong place for IsUserWhitelisted check - UserManager seem to be a more appropriate class for that. Alexander Alekseev 2015/07/11 01:02:05 components/ cannot include chrome/ . But the check Show quoted text On 2015/06/25 19:21:11, Denis Kuznetsov wrote: > On 2015/06/19 00:54:08, Alexander Alekseev wrote: > > On 2015/06/18 11:13:31, Denis Kuznetsov wrote: > > > What is the case when we will not have login_performer_ at this point? > > > Does it really makes sense to create new object for just one check? > > > > login_performer is created only in PerformLogin(), and should be used for one > > user only. So at this point (before user has entered password), > login_performer > > is NULL. > > > > I've added re-use of existing login_performer just in case this method would > be > > called from somewhere during active login process. > > First, ChromeLoginPerfomer is somewhat large object to create (it has > not-so-obvious constructor). > Second, this approach is incorrect - if you create LoginPerformer in this way > there is a chance that it will not load policy, and you will get wrong results. > Third, this example shows that ChomeLoginPerformer is a wrong place for > IsUserWhitelisted check - UserManager seem to be a more appropriate class for > that. components/ cannot include chrome/ . But the check can be directly here.
	461 }

	462

455 void ExistingUserController::OnConsumerKioskAutoLaunchCheckCompleted(	463 void ExistingUserController::OnConsumerKioskAutoLaunchCheckCompleted(

456 KioskAppManager::ConsumerKioskAutoLaunchStatus status) {	464 KioskAppManager::ConsumerKioskAutoLaunchStatus status) {

457 if (status == KioskAppManager::CONSUMER_KIOSK_AUTO_LAUNCH_CONFIGURABLE)	465 if (status == KioskAppManager::CONSUMER_KIOSK_AUTO_LAUNCH_CONFIGURABLE)

458 ShowKioskEnableScreen();	466 ShowKioskEnableScreen();

459 }	467 }

460	468

461 void ExistingUserController::OnEnrollmentOwnershipCheckCompleted(	469 void ExistingUserController::OnEnrollmentOwnershipCheckCompleted(

462 DeviceSettingsService::OwnershipStatus status) {	470 DeviceSettingsService::OwnershipStatus status) {

463 if (status == DeviceSettingsService::OWNERSHIP_NONE) {	471 if (status == DeviceSettingsService::OWNERSHIP_NONE) {

464 ShowEnrollmentScreen();	472 ShowEnrollmentScreen();

(...skipping 783 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1248 if (!success) {	1256 if (!success) {

1249 LOG(ERROR) << "OAuth2 token fetch failed.";	1257 LOG(ERROR) << "OAuth2 token fetch failed.";

1250 OnAuthFailure(AuthFailure(AuthFailure::FAILED_TO_INITIALIZE_TOKEN));	1258 OnAuthFailure(AuthFailure(AuthFailure::FAILED_TO_INITIALIZE_TOKEN));

1251 return;	1259 return;

1252 }	1260 }

1253 UserSessionManager::GetInstance()->OnOAuth2TokensFetched(user_context);	1261 UserSessionManager::GetInstance()->OnOAuth2TokensFetched(user_context);

1254 PerformLogin(user_context, LoginPerformer::AUTH_MODE_EXTENSION);	1262 PerformLogin(user_context, LoginPerformer::AUTH_MODE_EXTENSION);

1255 }	1263 }

1256	1264

1257 } // namespace chromeos	1265 } // namespace chromeos

OLD	NEW