Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(867)

Side by Side Diff: chrome/browser/chromeos/login/login_performer.cc

Issue 12704002: Support for auth code based authentication flow for both app and web UI driven flow. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/login/login_performer.h" 5 #include "chrome/browser/chromeos/login/login_performer.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after
120 } 120 }
121 121
122 void LoginPerformer::OnRetailModeLoginSuccess() { 122 void LoginPerformer::OnRetailModeLoginSuccess() {
123 content::RecordAction( 123 content::RecordAction(
124 UserMetricsAction("Login_DemoUserLoginSuccess")); 124 UserMetricsAction("Login_DemoUserLoginSuccess"));
125 125
126 LoginStatusConsumer::OnRetailModeLoginSuccess(); 126 LoginStatusConsumer::OnRetailModeLoginSuccess();
127 } 127 }
128 128
129 void LoginPerformer::OnLoginSuccess( 129 void LoginPerformer::OnLoginSuccess(
130 const std::string& username, 130 const UserCredentials& credentials,
131 const std::string& password,
132 bool pending_requests, 131 bool pending_requests,
133 bool using_oauth) { 132 bool using_oauth) {
134 content::RecordAction(UserMetricsAction("Login_Success")); 133 content::RecordAction(UserMetricsAction("Login_Success"));
135 // The value of |pending_requests| indicates: 134 // The value of |pending_requests| indicates:
136 // 0 - New regular user, login success offline and online. 135 // 0 - New regular user, login success offline and online.
137 // - or - 136 // - or -
138 // Existing regular user, login success offline and online, offline 137 // Existing regular user, login success offline and online, offline
139 // authentication took longer than online authentication. 138 // authentication took longer than online authentication.
140 // - or - 139 // - or -
141 // Public account user, login successful. 140 // Public account user, login successful.
142 // 1 - Existing regular user, login success offline only. 141 // 1 - Existing regular user, login success offline only.
143 UMA_HISTOGRAM_ENUMERATION("Login.SuccessReason", pending_requests, 2); 142 UMA_HISTOGRAM_ENUMERATION("Login.SuccessReason", pending_requests, 2);
144 143
145 VLOG(1) << "LoginSuccess, pending_requests " << pending_requests; 144 VLOG(1) << "LoginSuccess, pending_requests " << pending_requests;
146 DCHECK(delegate_); 145 DCHECK(delegate_);
147 // After delegate_->OnLoginSuccess(...) is called, delegate_ releases 146 // After delegate_->OnLoginSuccess(...) is called, delegate_ releases
148 // LoginPerformer ownership. LP now manages it's lifetime on its own. 147 // LoginPerformer ownership. LP now manages it's lifetime on its own.
149 // 2 things could make it exist longer: 148 // 2 things could make it exist longer:
150 // 1. ScreenLock active (pending correct new password input) 149 // 1. ScreenLock active (pending correct new password input)
151 // 2. Pending online auth request. 150 // 2. Pending online auth request.
152 if (!pending_requests) 151 if (!pending_requests)
153 MessageLoop::current()->DeleteSoon(FROM_HERE, this); 152 MessageLoop::current()->DeleteSoon(FROM_HERE, this);
154 else 153 else
155 initial_online_auth_pending_ = true; 154 initial_online_auth_pending_ = true;
156 155
157 delegate_->OnLoginSuccess(username, 156 delegate_->OnLoginSuccess(credentials,
158 password,
159 pending_requests, 157 pending_requests,
160 using_oauth); 158 using_oauth);
161 } 159 }
162 160
163 void LoginPerformer::OnOffTheRecordLoginSuccess() { 161 void LoginPerformer::OnOffTheRecordLoginSuccess() {
164 content::RecordAction( 162 content::RecordAction(
165 UserMetricsAction("Login_GuestLoginSuccess")); 163 UserMetricsAction("Login_GuestLoginSuccess"));
166 164
167 if (delegate_) 165 if (delegate_)
168 delegate_->OnOffTheRecordLoginSuccess(); 166 delegate_->OnOffTheRecordLoginSuccess();
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after
212 ResolveScreenLocked(); 210 ResolveScreenLocked();
213 } 211 }
214 } else { 212 } else {
215 ResolveScreenUnlocked(); 213 ResolveScreenUnlocked();
216 } 214 }
217 } 215 }
218 216
219 //////////////////////////////////////////////////////////////////////////////// 217 ////////////////////////////////////////////////////////////////////////////////
220 // LoginPerformer, public: 218 // LoginPerformer, public:
221 219
222 void LoginPerformer::PerformLogin(const std::string& username, 220 void LoginPerformer::PerformLogin(const UserCredentials& credentials,
223 const std::string& password,
224 AuthorizationMode auth_mode) { 221 AuthorizationMode auth_mode) {
225 auth_mode_ = auth_mode; 222 auth_mode_ = auth_mode;
226 username_ = username; 223 credentials_ = credentials;
227 password_ = password;
228 224
229 CrosSettings* cros_settings = CrosSettings::Get(); 225 CrosSettings* cros_settings = CrosSettings::Get();
230 226
231 // Whitelist check is always performed during initial login and 227 // Whitelist check is always performed during initial login and
232 // should not be performed when ScreenLock is active (pending online auth). 228 // should not be performed when ScreenLock is active (pending online auth).
233 if (!ScreenLocker::default_screen_locker()) { 229 if (!ScreenLocker::default_screen_locker()) {
234 CrosSettingsProvider::TrustedStatus status = 230 CrosSettingsProvider::TrustedStatus status =
235 cros_settings->PrepareTrustedValues( 231 cros_settings->PrepareTrustedValues(
236 base::Bind(&LoginPerformer::PerformLogin, 232 base::Bind(&LoginPerformer::PerformLogin,
237 weak_factory_.GetWeakPtr(), 233 weak_factory_.GetWeakPtr(),
238 username, password, auth_mode)); 234 credentials_, auth_mode));
239 // Must not proceed without signature verification. 235 // Must not proceed without signature verification.
240 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) { 236 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
241 if (delegate_) 237 if (delegate_)
242 delegate_->PolicyLoadFailed(); 238 delegate_->PolicyLoadFailed();
243 else 239 else
244 NOTREACHED(); 240 NOTREACHED();
245 return; 241 return;
246 } else if (status != CrosSettingsProvider::TRUSTED) { 242 } else if (status != CrosSettingsProvider::TRUSTED) {
247 // Value of AllowNewUser setting is still not verified. 243 // Value of AllowNewUser setting is still not verified.
248 // Another attempt will be invoked after verification completion. 244 // Another attempt will be invoked after verification completion.
249 return; 245 return;
250 } 246 }
251 } 247 }
252 248
253 bool is_whitelisted = LoginUtils::IsWhitelisted( 249 bool is_whitelisted = LoginUtils::IsWhitelisted(
254 gaia::CanonicalizeEmail(username)); 250 gaia::CanonicalizeEmail(credentials.username));
255 if (ScreenLocker::default_screen_locker() || is_whitelisted) { 251 if (ScreenLocker::default_screen_locker() || is_whitelisted) {
256 switch (auth_mode_) { 252 switch (auth_mode_) {
257 case AUTH_MODE_EXTENSION: 253 case AUTH_MODE_EXTENSION:
258 StartLoginCompletion(); 254 StartLoginCompletion();
259 break; 255 break;
260 case AUTH_MODE_INTERNAL: 256 case AUTH_MODE_INTERNAL:
261 StartAuthentication(); 257 StartAuthentication();
262 break; 258 break;
263 } 259 }
264 } else { 260 } else {
265 if (delegate_) 261 if (delegate_)
266 delegate_->WhiteListCheckFailed(username); 262 delegate_->WhiteListCheckFailed(credentials.username);
267 else 263 else
268 NOTREACHED(); 264 NOTREACHED();
269 } 265 }
270 } 266 }
271 267
272 void LoginPerformer::CreateLocallyManagedUser(const string16& display_name, 268 void LoginPerformer::CreateLocallyManagedUser(const string16& display_name,
273 const std::string& password) { 269 const std::string& password) {
274 std::string id = UserManager::Get()->GenerateUniqueLocallyManagedUserId(); 270 std::string id = UserManager::Get()->GenerateUniqueLocallyManagedUserId();
275 const User* user = UserManager::Get()-> 271 const User* user = UserManager::Get()->
276 CreateLocallyManagedUserRecord(id, display_name); 272 CreateLocallyManagedUserRecord(id, display_name);
277 LoginAsLocallyManagedUser(user->email(), password); 273 LoginAsLocallyManagedUser(UserCredentials(user->email(),
274 password,
275 std::string())); // auth_code
278 } 276 }
279 277
280 void LoginPerformer::LoginAsLocallyManagedUser(const std::string& username, 278 void LoginPerformer::LoginAsLocallyManagedUser(
281 const std::string& password) { 279 const UserCredentials& credentials) {
282 DCHECK_EQ(UserManager::kLocallyManagedUserDomain, 280 DCHECK_EQ(UserManager::kLocallyManagedUserDomain,
283 gaia::ExtractDomainName(username)); 281 gaia::ExtractDomainName(credentials.username));
284 // TODO(nkostylev): Check that policy allows locally managed user login. 282 // TODO(nkostylev): Check that policy allows locally managed user login.
285 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); 283 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
286 BrowserThread::PostTask( 284 BrowserThread::PostTask(
287 BrowserThread::UI, FROM_HERE, 285 BrowserThread::UI, FROM_HERE,
288 base::Bind(&Authenticator::LoginAsLocallyManagedUser, 286 base::Bind(&Authenticator::LoginAsLocallyManagedUser,
289 authenticator_.get(), 287 authenticator_.get(),
290 username, 288 credentials));
291 password));
292 } 289 }
293 290
294 void LoginPerformer::LoginRetailMode() { 291 void LoginPerformer::LoginRetailMode() {
295 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); 292 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
296 BrowserThread::PostTask( 293 BrowserThread::PostTask(
297 BrowserThread::UI, FROM_HERE, 294 BrowserThread::UI, FROM_HERE,
298 base::Bind(&Authenticator::LoginRetailMode, authenticator_.get())); 295 base::Bind(&Authenticator::LoginRetailMode, authenticator_.get()));
299 } 296 }
300 297
301 void LoginPerformer::LoginOffTheRecord() { 298 void LoginPerformer::LoginOffTheRecord() {
(...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after
487 void LoginPerformer::StartLoginCompletion() { 484 void LoginPerformer::StartLoginCompletion() {
488 DVLOG(1) << "Login completion started"; 485 DVLOG(1) << "Login completion started";
489 BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false); 486 BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false);
490 Profile* profile = g_browser_process->profile_manager()->GetDefaultProfile(); 487 Profile* profile = g_browser_process->profile_manager()->GetDefaultProfile();
491 488
492 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); 489 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
493 BrowserThread::PostTask( 490 BrowserThread::PostTask(
494 BrowserThread::UI, FROM_HERE, 491 BrowserThread::UI, FROM_HERE,
495 base::Bind(&Authenticator::CompleteLogin, authenticator_.get(), 492 base::Bind(&Authenticator::CompleteLogin, authenticator_.get(),
496 profile, 493 profile,
497 username_, 494 credentials_));
498 password_));
499 495
500 password_.clear(); 496 credentials_.password.clear();
497 credentials_.auth_code.clear();
501 } 498 }
502 499
503 void LoginPerformer::StartAuthentication() { 500 void LoginPerformer::StartAuthentication() {
504 DVLOG(1) << "Auth started"; 501 DVLOG(1) << "Auth started";
505 BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false); 502 BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false);
506 Profile* profile; 503 Profile* profile;
507 { 504 {
508 // This should be the first place where GetDefaultProfile() is called with 505 // This should be the first place where GetDefaultProfile() is called with
509 // logged_in_ = true. This will trigger a call to Profile::CreateProfile() 506 // logged_in_ = true. This will trigger a call to Profile::CreateProfile()
510 // which requires IO access. 507 // which requires IO access.
511 base::ThreadRestrictions::ScopedAllowIO allow_io; 508 base::ThreadRestrictions::ScopedAllowIO allow_io;
512 profile = g_browser_process->profile_manager()->GetDefaultProfile(); 509 profile = g_browser_process->profile_manager()->GetDefaultProfile();
513 } 510 }
514 if (delegate_) { 511 if (delegate_) {
515 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); 512 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
516 BrowserThread::PostTask( 513 BrowserThread::PostTask(
517 BrowserThread::UI, FROM_HERE, 514 BrowserThread::UI, FROM_HERE,
518 base::Bind(&Authenticator::AuthenticateToLogin, authenticator_.get(), 515 base::Bind(&Authenticator::AuthenticateToLogin, authenticator_.get(),
519 profile, 516 profile,
520 username_, 517 credentials_,
521 password_,
522 std::string(), 518 std::string(),
523 std::string())); 519 std::string()));
524 // Make unobtrusive online check. It helps to determine password change 520 // Make unobtrusive online check. It helps to determine password change
525 // state in the case when offline login fails. 521 // state in the case when offline login fails.
526 online_attempt_host_.Check(profile, username_, password_); 522 online_attempt_host_.Check(profile, credentials_);
527 } else { 523 } else {
528 DCHECK(authenticator_.get()) 524 DCHECK(authenticator_.get())
529 << "Authenticator instance doesn't exist for login attempt retry."; 525 << "Authenticator instance doesn't exist for login attempt retry.";
530 // At this point offline auth has been successful, 526 // At this point offline auth has been successful,
531 // retry online auth, using existing Authenticator instance. 527 // retry online auth, using existing Authenticator instance.
532 BrowserThread::PostTask( 528 BrowserThread::PostTask(
533 BrowserThread::UI, FROM_HERE, 529 BrowserThread::UI, FROM_HERE,
534 base::Bind(&Authenticator::RetryAuth, authenticator_.get(), 530 base::Bind(&Authenticator::RetryAuth, authenticator_.get(),
535 profile, 531 profile,
536 username_, 532 credentials_,
537 password_,
538 std::string(), 533 std::string(),
539 std::string())); 534 std::string()));
540 } 535 }
541 password_.clear(); 536 credentials_.password.clear();
537 credentials_.auth_code.clear();
542 } 538 }
543 539
544 } // namespace chromeos 540 } // namespace chromeos
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698