| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/login/auth/login_performer.h" | 5 #include "chromeos/login/auth/login_performer.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/message_loop/message_loop.h" | 9 #include "base/message_loop/message_loop.h" |
| 10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
| 11 #include "base/metrics/user_metrics.h" | 11 #include "base/metrics/user_metrics.h" |
| 12 #include "base/metrics/user_metrics_action.h" | 12 #include "base/metrics/user_metrics_action.h" |
| 13 #include "base/prefs/pref_service.h" | 13 #include "base/prefs/pref_service.h" |
| 14 #include "base/strings/utf_string_conversions.h" | 14 #include "base/strings/utf_string_conversions.h" |
| 15 #include "base/threading/thread_restrictions.h" | 15 #include "base/threading/thread_restrictions.h" |
| 16 #include "chromeos/dbus/dbus_thread_manager.h" | 16 #include "chromeos/dbus/dbus_thread_manager.h" |
| 17 #include "chromeos/dbus/session_manager_client.h" | 17 #include "chromeos/dbus/session_manager_client.h" |
| 18 #include "chromeos/login/user_names.h" | 18 #include "chromeos/login/user_names.h" |
| 19 #include "chromeos/login_event_recorder.h" | 19 #include "chromeos/login_event_recorder.h" |
| 20 #include "chromeos/settings/cros_settings_names.h" | 20 #include "chromeos/settings/cros_settings_names.h" |
| 21 #include "components/signin/core/account_id/account_id.h" |
| 21 #include "google_apis/gaia/gaia_auth_util.h" | 22 #include "google_apis/gaia/gaia_auth_util.h" |
| 22 #include "net/cookies/cookie_monster.h" | 23 #include "net/cookies/cookie_monster.h" |
| 23 #include "net/cookies/cookie_store.h" | 24 #include "net/cookies/cookie_store.h" |
| 24 #include "net/url_request/url_request_context.h" | 25 #include "net/url_request/url_request_context.h" |
| 25 #include "net/url_request/url_request_context_getter.h" | 26 #include "net/url_request/url_request_context_getter.h" |
| 26 | 27 |
| 27 using base::UserMetricsAction; | 28 using base::UserMetricsAction; |
| 28 | 29 |
| 29 namespace chromeos { | 30 namespace chromeos { |
| 30 | 31 |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 100 } else { | 101 } else { |
| 101 NOTREACHED(); | 102 NOTREACHED(); |
| 102 } | 103 } |
| 103 } | 104 } |
| 104 | 105 |
| 105 //////////////////////////////////////////////////////////////////////////////// | 106 //////////////////////////////////////////////////////////////////////////////// |
| 106 // LoginPerformer, public: | 107 // LoginPerformer, public: |
| 107 | 108 |
| 108 void LoginPerformer::NotifyWhitelistCheckFailure() { | 109 void LoginPerformer::NotifyWhitelistCheckFailure() { |
| 109 if (delegate_) | 110 if (delegate_) |
| 110 delegate_->WhiteListCheckFailed(user_context_.GetUserID()); | 111 delegate_->WhiteListCheckFailed( |
| 112 user_context_.GetAccountId().GetUserEmail()); |
| 111 else | 113 else |
| 112 NOTREACHED(); | 114 NOTREACHED(); |
| 113 } | 115 } |
| 114 | 116 |
| 115 void LoginPerformer::PerformLogin(const UserContext& user_context, | 117 void LoginPerformer::PerformLogin(const UserContext& user_context, |
| 116 AuthorizationMode auth_mode) { | 118 AuthorizationMode auth_mode) { |
| 117 auth_mode_ = auth_mode; | 119 auth_mode_ = auth_mode; |
| 118 user_context_ = user_context; | 120 user_context_ = user_context; |
| 119 | 121 |
| 120 if (RunTrustedCheck(base::Bind(&LoginPerformer::DoPerformLogin, | 122 if (RunTrustedCheck(base::Bind(&LoginPerformer::DoPerformLogin, |
| 121 weak_factory_.GetWeakPtr(), | 123 weak_factory_.GetWeakPtr(), |
| 122 user_context_, | 124 user_context_, |
| 123 auth_mode))) { | 125 auth_mode))) { |
| 124 return; | 126 return; |
| 125 } | 127 } |
| 126 DoPerformLogin(user_context_, auth_mode); | 128 DoPerformLogin(user_context_, auth_mode); |
| 127 } | 129 } |
| 128 | 130 |
| 129 void LoginPerformer::DoPerformLogin(const UserContext& user_context, | 131 void LoginPerformer::DoPerformLogin(const UserContext& user_context, |
| 130 AuthorizationMode auth_mode) { | 132 AuthorizationMode auth_mode) { |
| 131 std::string email = gaia::CanonicalizeEmail(user_context.GetUserID()); | 133 const std::string email = |
| 134 gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); |
| 132 bool wildcard_match = false; | 135 bool wildcard_match = false; |
| 133 | 136 |
| 134 if (!IsUserWhitelisted(email, &wildcard_match)) { | 137 if (!IsUserWhitelisted(email, &wildcard_match)) { |
| 135 NotifyWhitelistCheckFailure(); | 138 NotifyWhitelistCheckFailure(); |
| 136 return; | 139 return; |
| 137 } | 140 } |
| 138 | 141 |
| 139 if (user_context.GetAuthFlow() == UserContext::AUTH_FLOW_EASY_UNLOCK) | 142 if (user_context.GetAuthFlow() == UserContext::AUTH_FLOW_EASY_UNLOCK) |
| 140 SetupEasyUnlockUserFlow(user_context.GetUserID()); | 143 SetupEasyUnlockUserFlow(user_context.GetAccountId().GetUserEmail()); |
| 141 | 144 |
| 142 switch (auth_mode_) { | 145 switch (auth_mode_) { |
| 143 case AUTH_MODE_EXTENSION: { | 146 case AUTH_MODE_EXTENSION: { |
| 144 RunOnlineWhitelistCheck( | 147 RunOnlineWhitelistCheck( |
| 145 email, wildcard_match, user_context.GetRefreshToken(), | 148 email, wildcard_match, user_context.GetRefreshToken(), |
| 146 base::Bind(&LoginPerformer::StartLoginCompletion, | 149 base::Bind(&LoginPerformer::StartLoginCompletion, |
| 147 weak_factory_.GetWeakPtr()), | 150 weak_factory_.GetWeakPtr()), |
| 148 base::Bind(&LoginPerformer::NotifyWhitelistCheckFailure, | 151 base::Bind(&LoginPerformer::NotifyWhitelistCheckFailure, |
| 149 weak_factory_.GetWeakPtr())); | 152 weak_factory_.GetWeakPtr())); |
| 150 break; | 153 break; |
| 151 } | 154 } |
| 152 case AUTH_MODE_INTERNAL: | 155 case AUTH_MODE_INTERNAL: |
| 153 StartAuthentication(); | 156 StartAuthentication(); |
| 154 break; | 157 break; |
| 155 } | 158 } |
| 156 } | 159 } |
| 157 | 160 |
| 158 void LoginPerformer::LoginAsSupervisedUser(const UserContext& user_context) { | 161 void LoginPerformer::LoginAsSupervisedUser(const UserContext& user_context) { |
| 159 DCHECK_EQ(chromeos::login::kSupervisedUserDomain, | 162 DCHECK_EQ( |
| 160 gaia::ExtractDomainName(user_context.GetUserID())); | 163 chromeos::login::kSupervisedUserDomain, |
| 164 gaia::ExtractDomainName(user_context.GetAccountId().GetUserEmail())); |
| 161 | 165 |
| 162 user_context_ = user_context; | 166 user_context_ = user_context; |
| 163 user_context_.SetUserType(user_manager::USER_TYPE_SUPERVISED); | 167 user_context_.SetUserType(user_manager::USER_TYPE_SUPERVISED); |
| 164 | 168 |
| 165 if (RunTrustedCheck(base::Bind(&LoginPerformer::TrustedLoginAsSupervisedUser, | 169 if (RunTrustedCheck(base::Bind(&LoginPerformer::TrustedLoginAsSupervisedUser, |
| 166 weak_factory_.GetWeakPtr(), | 170 weak_factory_.GetWeakPtr(), |
| 167 user_context_))) { | 171 user_context_))) { |
| 168 return; | 172 return; |
| 169 } | 173 } |
| 170 TrustedLoginAsSupervisedUser(user_context_); | 174 TrustedLoginAsSupervisedUser(user_context_); |
| 171 } | 175 } |
| 172 | 176 |
| 173 void LoginPerformer::TrustedLoginAsSupervisedUser( | 177 void LoginPerformer::TrustedLoginAsSupervisedUser( |
| 174 const UserContext& user_context) { | 178 const UserContext& user_context) { |
| 175 if (!AreSupervisedUsersAllowed()) { | 179 if (!AreSupervisedUsersAllowed()) { |
| 176 LOG(ERROR) << "Login attempt of supervised user detected."; | 180 LOG(ERROR) << "Login attempt of supervised user detected."; |
| 177 delegate_->WhiteListCheckFailed(user_context.GetUserID()); | 181 delegate_->WhiteListCheckFailed(user_context.GetAccountId().GetUserEmail()); |
| 178 return; | 182 return; |
| 179 } | 183 } |
| 180 | 184 |
| 181 SetupSupervisedUserFlow(user_context.GetUserID()); | 185 SetupSupervisedUserFlow(user_context.GetAccountId().GetUserEmail()); |
| 182 UserContext user_context_copy = TransformSupervisedKey(user_context); | 186 UserContext user_context_copy = TransformSupervisedKey(user_context); |
| 183 | 187 |
| 184 if (UseExtendedAuthenticatorForSupervisedUser(user_context)) { | 188 if (UseExtendedAuthenticatorForSupervisedUser(user_context)) { |
| 185 EnsureExtendedAuthenticator(); | 189 EnsureExtendedAuthenticator(); |
| 186 // TODO(antrim) : Replace empty callback with explicit method. | 190 // TODO(antrim) : Replace empty callback with explicit method. |
| 187 // http://crbug.com/351268 | 191 // http://crbug.com/351268 |
| 188 task_runner_->PostTask( | 192 task_runner_->PostTask( |
| 189 FROM_HERE, | 193 FROM_HERE, |
| 190 base::Bind(&ExtendedAuthenticator::AuthenticateToMount, | 194 base::Bind(&ExtendedAuthenticator::AuthenticateToMount, |
| 191 extended_authenticator_.get(), | 195 extended_authenticator_.get(), |
| 192 user_context_copy, | 196 user_context_copy, |
| 193 ExtendedAuthenticator::ResultCallback())); | 197 ExtendedAuthenticator::ResultCallback())); |
| 194 | 198 |
| 195 } else { | 199 } else { |
| 196 EnsureAuthenticator(); | 200 EnsureAuthenticator(); |
| 197 task_runner_->PostTask(FROM_HERE, | 201 task_runner_->PostTask(FROM_HERE, |
| 198 base::Bind(&Authenticator::LoginAsSupervisedUser, | 202 base::Bind(&Authenticator::LoginAsSupervisedUser, |
| 199 authenticator_.get(), | 203 authenticator_.get(), |
| 200 user_context_copy)); | 204 user_context_copy)); |
| 201 } | 205 } |
| 202 } | 206 } |
| 203 | 207 |
| 204 void LoginPerformer::LoginAsPublicSession(const UserContext& user_context) { | 208 void LoginPerformer::LoginAsPublicSession(const UserContext& user_context) { |
| 205 if (!CheckPolicyForUser(user_context.GetUserID())) { | 209 if (!CheckPolicyForUser(user_context.GetAccountId().GetUserEmail())) { |
| 206 DCHECK(delegate_); | 210 DCHECK(delegate_); |
| 207 if (delegate_) | 211 if (delegate_) |
| 208 delegate_->PolicyLoadFailed(); | 212 delegate_->PolicyLoadFailed(); |
| 209 return; | 213 return; |
| 210 } | 214 } |
| 211 | 215 |
| 212 EnsureAuthenticator(); | 216 EnsureAuthenticator(); |
| 213 task_runner_->PostTask(FROM_HERE, | 217 task_runner_->PostTask(FROM_HERE, |
| 214 base::Bind(&Authenticator::LoginAsPublicSession, | 218 base::Bind(&Authenticator::LoginAsPublicSession, |
| 215 authenticator_.get(), | 219 authenticator_.get(), |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 282 } else { | 286 } else { |
| 283 NOTREACHED(); | 287 NOTREACHED(); |
| 284 } | 288 } |
| 285 user_context_.ClearSecrets(); | 289 user_context_.ClearSecrets(); |
| 286 } | 290 } |
| 287 | 291 |
| 288 void LoginPerformer::EnsureAuthenticator() { | 292 void LoginPerformer::EnsureAuthenticator() { |
| 289 authenticator_ = CreateAuthenticator(); | 293 authenticator_ = CreateAuthenticator(); |
| 290 } | 294 } |
| 291 } // namespace chromeos | 295 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1412813003:
This CL replaces user_manager::UserID with AccountId. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@468875--Chrome-OS-handles-deletion-of-Gmail-account-poorly--Create-AccountID-structure-part2--user_names