Chromium Code Reviews Chromium Code Reviews
Issue 1220843003:
Perform online reauth when password is changed for a locked profile. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/ui/webui/signin/user_manager_screen_handler.cc |
| diff --git a/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc b/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc |
| index 6887224827e7b10446995c7b751d0b0e0774d125..087ac6c27033049e4d47c214687d9c22ff039879 100644 |
| --- a/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc |
| +++ b/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc |
| @@ -124,23 +124,13 @@ std::string GetAvatarImageAtIndex( |
| return webui::GetBitmapDataUrl(resized_image.AsBitmap()); |
| } |
| -size_t GetIndexOfProfileWithEmail(const ProfileInfoCache& info_cache, |
| - const std::string& email) { |
| - const base::string16& profile_email = base::UTF8ToUTF16(email); |
| - for (size_t i = 0; i < info_cache.GetNumberOfProfiles(); ++i) { |
| - if (info_cache.GetUserNameOfProfileAtIndex(i) == profile_email) |
| - return i; |
| - } |
| - return std::string::npos; |
| -} |
| - |
| extensions::ScreenlockPrivateEventRouter* GetScreenlockRouter( |
| const std::string& email) { |
| - const ProfileInfoCache& info_cache = |
| - g_browser_process->profile_manager()->GetProfileInfoCache(); |
| - const size_t profile_index = GetIndexOfProfileWithEmail(info_cache, email); |
| + base::FilePath path = |
| + profiles::GetPathOfProfileWithEmail(g_browser_process->profile_manager(), |
| + email); |
| Profile* profile = g_browser_process->profile_manager() |
| - ->GetProfileByPath(info_cache.GetPathOfProfileAtIndex(profile_index)); |
| + ->GetProfileByPath(path); |
| return extensions::ScreenlockPrivateEventRouter::GetFactoryInstance()->Get( |
| profile); |
| } |
| @@ -366,14 +356,13 @@ UserManagerScreenHandler::GetScreenType() const { |
| } |
| void UserManagerScreenHandler::Unlock(const std::string& user_email) { |
| - const ProfileInfoCache& info_cache = |
| - g_browser_process->profile_manager()->GetProfileInfoCache(); |
| - const size_t profile_index = |
| - GetIndexOfProfileWithEmail(info_cache, user_email); |
| - DCHECK_LT(profile_index, info_cache.GetNumberOfProfiles()); |
| - |
| - authenticating_profile_index_ = profile_index; |
| - ReportAuthenticationResult(true, ProfileMetrics::AUTH_LOCAL); |
| + base::FilePath path = |
| + profiles::GetPathOfProfileWithEmail(g_browser_process->profile_manager(), |
| + user_email); |
| + if (!path.empty()) { |
| + authenticating_profile_path_ = path; |
| + ReportAuthenticationResult(true, ProfileMetrics::AUTH_LOCAL); |
| + } |
| } |
| void UserManagerScreenHandler::AttemptEasySignin( |
| @@ -420,6 +409,13 @@ void UserManagerScreenHandler::HandleAuthenticatedLaunchUser( |
| if (!base::GetValueAsFilePath(*profile_path_value, &profile_path)) |
| return; |
| + ProfileInfoCache& info_cache = |
| + g_browser_process->profile_manager()->GetProfileInfoCache(); |
|
Alexei Svitkine (slow)
2015/07/24 16:36:42
Nit: Make this a pointer via &g_browser_process->p
Roger Tawa OOO till Jul 10th
2015/07/24 17:01:29
I think I'll keep it as is. All the code in chrom
|
| + |
| + ProfileAttributesEntry* entry; |
| + if (!info_cache.GetProfileAttributesWithPath(profile_path, &entry)) |
| + return; |
| + |
| base::string16 email_address; |
| if (!args->GetString(1, &email_address)) |
| return; |
| @@ -428,16 +424,9 @@ void UserManagerScreenHandler::HandleAuthenticatedLaunchUser( |
| if (!args->GetString(2, &password)) |
| return; |
| - const ProfileInfoCache& info_cache = |
| - g_browser_process->profile_manager()->GetProfileInfoCache(); |
| - size_t profile_index = info_cache.GetIndexOfProfileWithPath(profile_path); |
| - |
| - if (profile_index == std::string::npos) { |
| - NOTREACHED(); |
| - return; |
| - } |
| + authenticating_profile_path_ = profile_path; |
| - authenticating_profile_index_ = profile_index; |
| + size_t profile_index = info_cache.GetIndexOfProfileWithPath(profile_path); |
| if (LocalAuth::ValidateLocalAuthCredentials(profile_index, password)) { |
| ReportAuthenticationResult(true, ProfileMetrics::AUTH_LOCAL); |
| return; |
| @@ -453,29 +442,17 @@ void UserManagerScreenHandler::HandleAuthenticatedLaunchUser( |
| oauth_client_.reset(new gaia::GaiaOAuthClient( |
| web_ui()->GetWebContents()->GetBrowserContext()->GetRequestContext())); |
| } |
| - std::string token = info_cache.GetPasswordChangeDetectionTokenAtIndex( |
| - profile_index); |
| + |
| + std::string token = entry->GetPasswordChangeDetectionToken(); |
| if (!token.empty()) { |
| oauth_client_->GetTokenHandleInfo(token, kMaxOAuthRetries, this); |
| return; |
| } |
| // In order to support the upgrade case where we have a local hash but no |
| - // password token, we fall back on (deprecated) ClientLogin. This will |
| - // have to be removed in future versions as the service gets turned down |
| - // but by then we'll have seamlessly updated the majority of users. |
| - client_login_.reset(new GaiaAuthFetcher( |
| - this, |
| - GaiaConstants::kChromeSource, |
| - web_ui()->GetWebContents()->GetBrowserContext()->GetRequestContext())); |
| - |
| - client_login_->StartClientLogin( |
| - base::UTF16ToUTF8(email_address), |
| - password, |
| - GaiaConstants::kSyncService, |
| - std::string(), |
| - std::string(), |
| - GaiaAuthFetcher::HostedAccountsAllowed); |
| + // password token, the user perform a full online reauth. |
| + UserManager::ShowReauthDialog(web_ui()->GetWebContents()->GetBrowserContext(), |
| + base::UTF16ToUTF8(email_address_)); |
|
Alexei Svitkine (slow)
2015/07/24 16:36:42
What's the reason for doing the conversion at the
Roger Tawa OOO till Jul 10th
2015/07/24 17:01:29
Everyone email is just an std::string (except when
Alexei Svitkine (slow)
2015/07/24 17:09:08
Woot, that's even better. :)
|
| } |
| void UserManagerScreenHandler::HandleRemoveUser(const base::ListValue* args) { |
| @@ -579,23 +556,10 @@ void UserManagerScreenHandler::OnGetTokenInfoResponse( |
| void UserManagerScreenHandler::OnOAuthError() { |
| // Password has changed. Go through online signin flow. |
| - // ... if we had it. Until then, use deprecated ClientLogin to validate |
| - // the password. This will have to be changed soon. (TODO: bcwhite) |
| - oauth_client_.reset(); |
| - client_login_.reset(new GaiaAuthFetcher( |
| - this, |
| - GaiaConstants::kChromeSource, |
| - web_ui()->GetWebContents()->GetBrowserContext()->GetRequestContext())); |
| - |
| DCHECK(!email_address_.empty()); |
| - DCHECK(!password_attempt_.empty()); |
| - client_login_->StartClientLogin( |
| - base::UTF16ToUTF8(email_address_), |
| - password_attempt_, |
| - GaiaConstants::kSyncService, |
| - std::string(), |
| - std::string(), |
| - GaiaAuthFetcher::HostedAccountsAllowed); |
| + oauth_client_.reset(); |
| + UserManager::ShowReauthDialog(web_ui()->GetWebContents()->GetBrowserContext(), |
| + base::UTF16ToUTF8(email_address_)); |
| } |
| void UserManagerScreenHandler::OnNetworkError(int response_code) { |
| @@ -604,43 +568,6 @@ void UserManagerScreenHandler::OnNetworkError(int response_code) { |
| ReportAuthenticationResult(false, ProfileMetrics::AUTH_FAILED_OFFLINE); |
| } |
| -void UserManagerScreenHandler::OnClientLoginSuccess( |
| - const ClientLoginResult& result) { |
| - oauth_client_.reset(); |
| - LocalAuth::SetLocalAuthCredentials(authenticating_profile_index_, |
| - password_attempt_); |
| - ReportAuthenticationResult(true, ProfileMetrics::AUTH_ONLINE); |
| -} |
| - |
| -void UserManagerScreenHandler::OnClientLoginFailure( |
| - const GoogleServiceAuthError& error) { |
| - const GoogleServiceAuthError::State state = error.state(); |
| - // Some "error" results mean the password was correct but some other action |
| - // should be taken. For our purposes, we only care that the password was |
| - // correct so count those as a success. |
| - bool success = (state == GoogleServiceAuthError::NONE || |
| - state == GoogleServiceAuthError::CAPTCHA_REQUIRED || |
| - state == GoogleServiceAuthError::TWO_FACTOR || |
| - state == GoogleServiceAuthError::ACCOUNT_DELETED || |
| - state == GoogleServiceAuthError::ACCOUNT_DISABLED || |
| - state == GoogleServiceAuthError::WEB_LOGIN_REQUIRED); |
| - |
| - // If the password was correct, the user must have changed it since the |
| - // profile was locked. Save the password to streamline future unlocks. |
| - if (success) { |
| - DCHECK(!password_attempt_.empty()); |
| - LocalAuth::SetLocalAuthCredentials(authenticating_profile_index_, |
| - password_attempt_); |
| - } |
| - |
| - bool offline = error.IsTransientError(); |
| - ProfileMetrics::ProfileAuth failure_metric = |
| - offline ? ProfileMetrics::AUTH_FAILED_OFFLINE : |
| - ProfileMetrics::AUTH_FAILED; |
| - ReportAuthenticationResult( |
| - success, success ? ProfileMetrics::AUTH_ONLINE : failure_metric); |
| -} |
| - |
| void UserManagerScreenHandler::RegisterMessages() { |
| web_ui()->RegisterMessageCallback(kJsApiUserManagerInitialize, |
| base::Bind(&UserManagerScreenHandler::HandleInitialize, |
| @@ -841,12 +768,8 @@ void UserManagerScreenHandler::ReportAuthenticationResult( |
| password_attempt_.clear(); |
| if (success) { |
| - const ProfileInfoCache& info_cache = |
| - g_browser_process->profile_manager()->GetProfileInfoCache(); |
| - base::FilePath path = info_cache.GetPathOfProfileAtIndex( |
| - authenticating_profile_index_); |
| profiles::SwitchToProfile( |
| - path, |
| + authenticating_profile_path_, |
| desktop_type_, |
| true, |
| base::Bind(&UserManagerScreenHandler::OnSwitchToProfileComplete, |
