Implement a policy to autologin a public account.

chrome/browser/chromeos/login/existing_user_controller.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/existing_user_controller.h"
 
 #include <vector>
 
+#include "ash/shell.h"

[bartfab (slow), 2013/02/28 10:21:33]

This is no longer used.

[dconnelly, 2013/02/28 12:52:56]

Done.

+#include "ash/wm/user_activity_detector.h"

[bartfab (slow), 2013/02/28 10:21:33]

This is no longer used.

[dconnelly, 2013/02/28 12:52:56]

Done.

 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/message_loop.h"
 #include "base/metrics/histogram.h"
 #include "base/prefs/pref_service.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
@@ skipping 117 matching lines @@
 ExistingUserController::ExistingUserController(LoginDisplayHost* host)
     : login_status_consumer_(NULL),
       host_(host),
       login_display_(host_->CreateLoginDisplay(this)),
       num_login_attempts_(0),
       cros_settings_(CrosSettings::Get()),
       weak_factory_(this),
       offline_failed_(false),
       is_login_in_progress_(false),
       password_changed_(false),
-      do_auto_enrollment_(false) {
+      do_auto_enrollment_(false),
+      signin_screen_ready_(false) {
   DCHECK(current_controller_ == NULL);
   current_controller_ = this;
 
   registrar_.Add(this,
                  chrome::NOTIFICATION_LOGIN_USER_IMAGE_CHANGED,
                  content::NotificationService::AllSources());
   registrar_.Add(this,
                  chrome::NOTIFICATION_USER_LIST_CHANGED,
                  content::NotificationService::AllSources());
   registrar_.Add(this,
                  chrome::NOTIFICATION_AUTH_SUPPLIED,
                  content::NotificationService::AllSources());
   registrar_.Add(this,
                  chrome::NOTIFICATION_SESSION_STARTED,
                  content::NotificationService::AllSources());
   cros_settings_->AddSettingsObserver(kAccountsPrefShowUserNamesOnSignIn, this);
   cros_settings_->AddSettingsObserver(kAccountsPrefAllowNewUser, this);
   cros_settings_->AddSettingsObserver(kAccountsPrefAllowGuest, this);
   cros_settings_->AddSettingsObserver(kAccountsPrefUsers, this);
+  cros_settings_->AddSettingsObserver(
+      kAccountsPrefDeviceLocalAccountAutoLoginId,
+      this);
+  cros_settings_->AddSettingsObserver(
+      kAccountsPrefDeviceLocalAccountAutoLoginDelay,
+      this);
 }
 
 void ExistingUserController::Init(const UserList& users) {
   time_init_ = base::Time::Now();
   UpdateLoginDisplay(users);
+  ConfigurePublicSessionAutoLogin();
 
   LoginUtils::Get()->PrewarmAuthentication();
   DBusThreadManager::Get()->GetSessionManagerClient()->EmitLoginPromptReady();
 }
 
 void ExistingUserController::UpdateLoginDisplay(const UserList& users) {
   bool show_users_on_signin;
   UserList filtered_users;
 
   cros_settings_->GetBoolean(kAccountsPrefShowUserNamesOnSignIn,
@@ skipping 49 matching lines @@
     const content::NotificationSource& source,
     const content::NotificationDetails& details) {
   if (type == chrome::NOTIFICATION_SESSION_STARTED) {
     // Stop listening to any notification once session has started.
     // Sign in screen objects are marked for deletion with DeleteSoon so
     // make sure no object would be used after session has started.
     // http://crbug.com/125276
     registrar_.RemoveAll();
     return;
   }
+  if (type == chrome::NOTIFICATION_SYSTEM_SETTING_CHANGED) {
+    const std::string setting = *content::Details<const std::string>(
+        details).ptr();
+    if (setting == kAccountsPrefDeviceLocalAccountAutoLoginId ||
+        setting == kAccountsPrefDeviceLocalAccountAutoLoginDelay) {
+      ConfigurePublicSessionAutoLogin();
+    }
+  }
   if (type == chrome::NOTIFICATION_SYSTEM_SETTING_CHANGED ||
       type == chrome::NOTIFICATION_USER_LIST_CHANGED) {
     if (host_ != NULL) {
       // Signed settings or user list changed. Notify views and update them.
       UpdateLoginDisplay(chromeos::UserManager::Get()->GetUsers());
       return;
     }
   }
   if (type == chrome::NOTIFICATION_AUTH_SUPPLIED) {
     // Possibly the user has authenticated against a proxy server and we might
@@ skipping 29 matching lines @@
 // ExistingUserController, private:
 
 ExistingUserController::~ExistingUserController() {
   LoginUtils::Get()->DelegateDeleted(this);
 
   cros_settings_->RemoveSettingsObserver(kAccountsPrefShowUserNamesOnSignIn,
                                          this);
   cros_settings_->RemoveSettingsObserver(kAccountsPrefAllowNewUser, this);
   cros_settings_->RemoveSettingsObserver(kAccountsPrefAllowGuest, this);
   cros_settings_->RemoveSettingsObserver(kAccountsPrefUsers, this);
+  cros_settings_->RemoveSettingsObserver(
+      kAccountsPrefDeviceLocalAccountAutoLoginId,
+      this);
+  cros_settings_->RemoveSettingsObserver(
+      kAccountsPrefDeviceLocalAccountAutoLoginDelay,
+      this);
 
   if (current_controller_ == this) {
     current_controller_ = NULL;
   } else {
     NOTREACHED() << "More than one controller are alive.";
   }
   DCHECK(login_display_.get());
 }
 
 ////////////////////////////////////////////////////////////////////////////////
@@ skipping 34 matching lines @@
   // TODO(nkostylev): A11y message.
 }
 
 void ExistingUserController::CompleteLogin(const std::string& username,
                                            const std::string& password) {
   if (!host_) {
     // Complete login event was generated already from UI. Ignore notification.
     return;
   }
 
+  // Stop the auto-login timer when attempting login.
+  StopPublicSessionAutoLoginTimer();
+
   // Disable UI while loading user profile.
   login_display_->SetUIEnabled(false);
 
   if (!time_init_.is_null()) {
     base::TimeDelta delta = base::Time::Now() - time_init_;
     UMA_HISTOGRAM_MEDIUM_TIMES("Login.PromptToCompleteLoginTime", delta);
     time_init_ = base::Time();  // Reset to null.
   }
 
   host_->OnCompleteLogin();
@@ skipping 36 matching lines @@
 }
 
 string16 ExistingUserController::GetConnectedNetworkName() {
   return GetCurrentNetworkName();
 }
 
 void ExistingUserController::Login(const std::string& username,
                                    const std::string& password) {
   if (username.empty() || password.empty())
     return;
+
+  // Stop the auto-login timer when attempting login.
+  StopPublicSessionAutoLoginTimer();
+
   // Disable clicking on other windows.
   login_display_->SetUIEnabled(false);
 
   BootTimesLoader::Get()->RecordLoginAttempted();
 
   if (last_login_attempt_username_ != username) {
     last_login_attempt_username_ = username;
     num_login_attempts_ = 0;
     // Also reset state variables, which are used to determine password change.
     offline_failed_ = false;
@@ skipping 27 matching lines @@
           UserManager::kLocallyManagedUserDomain) {
     login_performer_->LoginAsLocallyManagedUser(username, password);
   } else {
     login_performer_->PerformLogin(username, password, auth_mode);
   }
   accessibility::MaybeSpeak(
       l10n_util::GetStringUTF8(IDS_CHROMEOS_ACC_LOGIN_SIGNING_IN));
 }
 
 void ExistingUserController::LoginAsRetailModeUser() {
+  // Stop the auto-login timer when attempting login.
+  StopPublicSessionAutoLoginTimer();
+
   // Disable clicking on other windows.
   login_display_->SetUIEnabled(false);
   // TODO(rkc): Add a CHECK to make sure retail mode logins are allowed once
   // the enterprise policy wiring is done for retail mode.
 
   // Only one instance of LoginPerformer should exist at a time.
   login_performer_.reset(NULL);
   login_performer_.reset(new LoginPerformer(this));
   is_login_in_progress_ = true;
   login_performer_->LoginRetailMode();
   accessibility::MaybeSpeak(
       l10n_util::GetStringUTF8(IDS_CHROMEOS_ACC_LOGIN_SIGNIN_DEMOUSER));
 }
 
 void ExistingUserController::LoginAsGuest() {
+  // Stop the auto-login timer when attempting login.
+  StopPublicSessionAutoLoginTimer();
+
   // Disable clicking on other windows.
   login_display_->SetUIEnabled(false);
 
   CrosSettingsProvider::TrustedStatus status =
       cros_settings_->PrepareTrustedValues(
           base::Bind(&ExistingUserController::LoginAsGuest,
                      weak_factory_.GetWeakPtr()));
   // Must not proceed without signature verification.
   if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
     login_display_->ShowError(IDS_LOGIN_ERROR_OWNER_KEY_LOST, 1,
                               HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT);
     // Reenable clicking on other windows and status area.
     login_display_->SetUIEnabled(true);
+    StartPublicSessionAutoLoginTimer();
     display_email_.clear();
     return;
   } else if (status != CrosSettingsProvider::TRUSTED) {
     // Value of AllowNewUser setting is still not verified.
     // Another attempt will be invoked after verification completion.
     return;
   }
 
   bool allow_guest;
   cros_settings_->GetBoolean(kAccountsPrefAllowGuest, &allow_guest);
   if (!allow_guest) {
     // Disallowed. The UI should normally not show the guest pod but if for some
     // reason this has been made available to the user here is the time to tell
     // this nicely.
     login_display_->ShowError(IDS_LOGIN_ERROR_WHITELIST, 1,
                               HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT);
     // Reenable clicking on other windows and status area.
     login_display_->SetUIEnabled(true);
+    StartPublicSessionAutoLoginTimer();
     display_email_.clear();
     return;
   }
 
   // Only one instance of LoginPerformer should exist at a time.
   login_performer_.reset(NULL);
   login_performer_.reset(new LoginPerformer(this));
   is_login_in_progress_ = true;
   login_performer_->LoginOffTheRecord();
   accessibility::MaybeSpeak(
       l10n_util::GetStringUTF8(IDS_CHROMEOS_ACC_LOGIN_SIGNIN_OFFRECORD));
 }
 
 void ExistingUserController::MigrateUserData(const std::string& old_password) {
   // LoginPerformer instance has state of the user so it should exist.
   if (login_performer_.get())
     login_performer_->RecoverEncryptedData(old_password);
 }
 
 void ExistingUserController::LoginAsPublicAccount(
     const std::string& username) {
+  // Stop the auto-login timer when attempting login.
+  StopPublicSessionAutoLoginTimer();
+
   // Disable clicking on other windows.
   login_display_->SetUIEnabled(false);
 
   CrosSettingsProvider::TrustedStatus status =
       cros_settings_->PrepareTrustedValues(
           base::Bind(&ExistingUserController::LoginAsPublicAccount,
                      weak_factory_.GetWeakPtr(),
                      username));
   // If device policy is permanently unavailable, logging into public accounts
   // is not possible.
   if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
     login_display_->ShowError(IDS_LOGIN_ERROR_OWNER_KEY_LOST, 1,
                               HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT);
     // Re-enable clicking on other windows.
     login_display_->SetUIEnabled(true);
     return;
   }
 
   // If device policy is not verified yet, this function will be called again
   // when verification finishes.
   if (status != CrosSettingsProvider::TRUSTED)
     return;
 
   // If there is no public account with the given |username|, logging in is not
   // possible.
   const User* user = UserManager::Get()->FindUser(username);
   if (!user || user->GetType() != User::USER_TYPE_PUBLIC_ACCOUNT) {
     // Re-enable clicking on other windows.
     login_display_->SetUIEnabled(true);
+    StartPublicSessionAutoLoginTimer();
     return;
   }
 
   // Only one instance of LoginPerformer should exist at a time.
   login_performer_.reset(NULL);
   login_performer_.reset(new LoginPerformer(this));
   is_login_in_progress_ = true;
   login_performer_->LoginAsPublicAccount(username);
   accessibility::MaybeSpeak(
       l10n_util::GetStringUTF8(IDS_CHROMEOS_ACC_LOGIN_SIGNIN_PUBLIC_ACCOUNT));
 }
 
+void ExistingUserController::OnSigninScreenReady() {
+  signin_screen_ready_ = true;
+  StartPublicSessionAutoLoginTimer();
+}
+
 void ExistingUserController::OnUserSelected(const std::string& username) {
   login_performer_.reset(NULL);
   num_login_attempts_ = 0;
 }
 
 void ExistingUserController::OnStartEnterpriseEnrollment() {
   DeviceSettingsService::Get()->GetOwnershipStatusAsync(
       base::Bind(&ExistingUserController::OnEnrollmentOwnershipCheckCompleted,
                  weak_factory_.GetWeakPtr()));
 }
@@ skipping 118 matching lines @@
         ShowError(IDS_LOGIN_ERROR_AUTHENTICATING_HOSTED, error);
       } else {
         if (!is_known_user)
           ShowError(IDS_LOGIN_ERROR_AUTHENTICATING_NEW, error);
         else
           ShowError(IDS_LOGIN_ERROR_AUTHENTICATING, error);
       }
     }
     // Reenable clicking on other windows and status area.
     login_display_->SetUIEnabled(true);
+    StartPublicSessionAutoLoginTimer();
   }
 
   // Reset user flow to default, so that special flow will not affect next
   // attempt.
   UserManager::Get()->ResetUserFlow(last_login_attempt_username_);
 
   if (login_status_consumer_)
     login_status_consumer_->OnLoginFailure(failure);
 
   // Clear the recorded displayed email so it won't affect any future attempts.
   display_email_.clear();
 }
 
 void ExistingUserController::OnLoginSuccess(
     const std::string& username,
     const std::string& password,
     bool pending_requests,
     bool using_oauth) {
   is_login_in_progress_ = false;
   offline_failed_ = false;
 
+  StopPublicSessionAutoLoginTimer();
+
   bool has_cookies =
       login_performer_->auth_mode() == LoginPerformer::AUTH_MODE_EXTENSION;
 
   // Login performer will be gone so cache this value to use
   // once profile is loaded.
   password_changed_ = login_performer_->password_changed();
 
   // LoginPerformer instance will delete itself once online auth result is OK.
   // In case of failure it'll bring up ScreenLock and ask for
   // correct password/display error message.
@@ skipping 105 matching lines @@
   // Reenable clicking on other windows and status area.
   login_display_->SetUIEnabled(true);
   login_display_->ShowSigninUI(email);
 
   if (login_status_consumer_) {
     login_status_consumer_->OnLoginFailure(LoginFailure(
           LoginFailure::WHITELIST_CHECK_FAILED));
   }
 
   display_email_.clear();
+
+  StartPublicSessionAutoLoginTimer();
 }
 
 void ExistingUserController::PolicyLoadFailed() {
   ShowError(IDS_LOGIN_ERROR_OWNER_KEY_LOST, "");
 
   // Reenable clicking on other windows and status area.
   login_display_->SetUIEnabled(true);
 
   display_email_.clear();
+
+  // Policy load failure stops login attempts -- restart the timer.
+  StartPublicSessionAutoLoginTimer();
 }
 
 void ExistingUserController::OnOnlineChecked(const std::string& username,
                                              bool success) {
   if (success && last_login_attempt_username_ == username) {
     online_succeeded_for_ = username;
     // Wait for login attempt to end, if it hasn't yet.
     if (offline_failed_ && !is_login_in_progress_)
       ShowGaiaPasswordChanged(username);
   }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // ExistingUserController, private:
 
 void ExistingUserController::ActivateWizard(const std::string& screen_name) {
   DictionaryValue* params = NULL;
   if (chromeos::UserManager::Get()->IsLoggedInAsGuest()) {
     params = new DictionaryValue;
     params->SetString("start_url", guest_mode_url_.spec());
   }
   host_->StartWizard(screen_name, params);
 }
 
+base::OneShotTimer<ExistingUserController>&
+    ExistingUserController::auto_login_timer() {
+  if (!auto_login_timer_)
+    auto_login_timer_.reset(new base::OneShotTimer<ExistingUserController>);
+  return *auto_login_timer_;
+}
+
+void ExistingUserController::ConfigurePublicSessionAutoLogin() {
+  if (!cros_settings_->GetString(
+          kAccountsPrefDeviceLocalAccountAutoLoginId,
+          &public_session_auto_login_username_)) {
+    public_session_auto_login_username_ = "";
+  }
+  if (!cros_settings_->GetInteger(
+          kAccountsPrefDeviceLocalAccountAutoLoginDelay,
+          &public_session_auto_login_delay_)) {
+    public_session_auto_login_delay_ = 0;
+  }
+
+  if (!public_session_auto_login_username_.empty())
+    StartPublicSessionAutoLoginTimer();
+  else
+    StopPublicSessionAutoLoginTimer();
+}
+
+void ExistingUserController::ResetPublicSessionAutoLoginTimer() {
+  // Only restart the auto-login timer if it's already running.
+  if (auto_login_timer().IsRunning()) {

[bartfab (slow), 2013/02/28 10:21:33]

This and the many calls to StopPublicSessionTimer() all cause the timer to be
unconditionally instantiated, defeating the mechanism you put in to ensure that
the timer is only constructed if needed.

To fix this, you should make auto_login_timer() return a pointer to the timer,
treating NULL and (!NULL && IsRunning()) as "no timer running".

[dconnelly, 2013/02/28 12:52:56]

Done.

+    StopPublicSessionAutoLoginTimer();
+    StartPublicSessionAutoLoginTimer();
+  }
+}
+
+void ExistingUserController::OnPublicSessionAutoLoginTimerFire() {
+  DCHECK(signin_screen_ready_ &&
+         !is_login_in_progress_ &&
+         !public_session_auto_login_username_.empty());
+  LoginAsPublicAccount(public_session_auto_login_username_);
+}
+
+void ExistingUserController::StopPublicSessionAutoLoginTimer() {
+  auto_login_timer().Stop();
+}
+
+void ExistingUserController::StartPublicSessionAutoLoginTimer() {
+  if (!signin_screen_ready_ ||
+      is_login_in_progress_ ||
+      public_session_auto_login_username_.empty()) {
+    return;
+  }
+
+  // Start the auto-login timer.
+  auto_login_timer().Start(
+      FROM_HERE,
+      base::TimeDelta::FromMilliseconds(
+          public_session_auto_login_delay_),
+      base::Bind(
+          &ExistingUserController::OnPublicSessionAutoLoginTimerFire,
+          weak_factory_.GetWeakPtr()));
+}
+
 gfx::NativeWindow ExistingUserController::GetNativeWindow() const {
   return host_->GetNativeWindow();
 }
 
 void ExistingUserController::InitializeStartUrls() const {
   std::vector<std::string> start_urls;
 
   PrefService* prefs = g_browser_process->local_state();
   const base::ListValue *urls;
   bool show_getstarted_guide = false;
@@ skipping 127 matching lines @@
   // changed.
   UserManager::Get()->SaveUserOAuthStatus(
       username,
       User::OAUTH2_TOKEN_STATUS_INVALID);
 
   login_display_->SetUIEnabled(true);
   login_display_->ShowGaiaPasswordChanged(username);
 }
 
 }  // namespace chromeos