| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/login/auth/login_performer.h" | 5 #include "chromeos/login/auth/login_performer.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/message_loop/message_loop.h" | 9 #include "base/message_loop/message_loop.h" |
| 10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
| 11 #include "base/metrics/user_metrics.h" | 11 #include "base/metrics/user_metrics.h" |
| 12 #include "base/metrics/user_metrics_action.h" | 12 #include "base/metrics/user_metrics_action.h" |
| 13 #include "base/prefs/pref_service.h" | 13 #include "base/prefs/pref_service.h" |
| 14 #include "base/strings/utf_string_conversions.h" | 14 #include "base/strings/utf_string_conversions.h" |
| 15 #include "base/threading/thread_restrictions.h" | 15 #include "base/threading/thread_restrictions.h" |
| 16 #include "chromeos/dbus/dbus_thread_manager.h" | 16 #include "chromeos/dbus/dbus_thread_manager.h" |
| 17 #include "chromeos/dbus/session_manager_client.h" | 17 #include "chromeos/dbus/session_manager_client.h" |
| 18 #include "chromeos/login/user_names.h" | 18 #include "chromeos/login/user_names.h" |
| 19 #include "chromeos/login_event_recorder.h" | 19 #include "chromeos/login_event_recorder.h" |
| 20 #include "chromeos/settings/cros_settings_names.h" | 20 #include "chromeos/settings/cros_settings_names.h" |
| 21 #include "components/signin/core/account_id/account_id.h" | |
| 22 #include "google_apis/gaia/gaia_auth_util.h" | 21 #include "google_apis/gaia/gaia_auth_util.h" |
| 23 #include "net/cookies/cookie_monster.h" | 22 #include "net/cookies/cookie_monster.h" |
| 24 #include "net/cookies/cookie_store.h" | 23 #include "net/cookies/cookie_store.h" |
| 25 #include "net/url_request/url_request_context.h" | 24 #include "net/url_request/url_request_context.h" |
| 26 #include "net/url_request/url_request_context_getter.h" | 25 #include "net/url_request/url_request_context_getter.h" |
| 27 | 26 |
| 28 using base::UserMetricsAction; | 27 using base::UserMetricsAction; |
| 29 | 28 |
| 30 namespace chromeos { | 29 namespace chromeos { |
| 31 | 30 |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 101 } else { | 100 } else { |
| 102 NOTREACHED(); | 101 NOTREACHED(); |
| 103 } | 102 } |
| 104 } | 103 } |
| 105 | 104 |
| 106 //////////////////////////////////////////////////////////////////////////////// | 105 //////////////////////////////////////////////////////////////////////////////// |
| 107 // LoginPerformer, public: | 106 // LoginPerformer, public: |
| 108 | 107 |
| 109 void LoginPerformer::NotifyWhitelistCheckFailure() { | 108 void LoginPerformer::NotifyWhitelistCheckFailure() { |
| 110 if (delegate_) | 109 if (delegate_) |
| 111 delegate_->WhiteListCheckFailed( | 110 delegate_->WhiteListCheckFailed(user_context_.GetUserID()); |
| 112 user_context_.GetAccountId().GetUserEmail()); | |
| 113 else | 111 else |
| 114 NOTREACHED(); | 112 NOTREACHED(); |
| 115 } | 113 } |
| 116 | 114 |
| 117 void LoginPerformer::PerformLogin(const UserContext& user_context, | 115 void LoginPerformer::PerformLogin(const UserContext& user_context, |
| 118 AuthorizationMode auth_mode) { | 116 AuthorizationMode auth_mode) { |
| 119 auth_mode_ = auth_mode; | 117 auth_mode_ = auth_mode; |
| 120 user_context_ = user_context; | 118 user_context_ = user_context; |
| 121 | 119 |
| 122 if (RunTrustedCheck(base::Bind(&LoginPerformer::DoPerformLogin, | 120 if (RunTrustedCheck(base::Bind(&LoginPerformer::DoPerformLogin, |
| 123 weak_factory_.GetWeakPtr(), | 121 weak_factory_.GetWeakPtr(), |
| 124 user_context_, | 122 user_context_, |
| 125 auth_mode))) { | 123 auth_mode))) { |
| 126 return; | 124 return; |
| 127 } | 125 } |
| 128 DoPerformLogin(user_context_, auth_mode); | 126 DoPerformLogin(user_context_, auth_mode); |
| 129 } | 127 } |
| 130 | 128 |
| 131 void LoginPerformer::DoPerformLogin(const UserContext& user_context, | 129 void LoginPerformer::DoPerformLogin(const UserContext& user_context, |
| 132 AuthorizationMode auth_mode) { | 130 AuthorizationMode auth_mode) { |
| 133 const std::string email = | 131 std::string email = gaia::CanonicalizeEmail(user_context.GetUserID()); |
| 134 gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); | |
| 135 bool wildcard_match = false; | 132 bool wildcard_match = false; |
| 136 | 133 |
| 137 if (!IsUserWhitelisted(email, &wildcard_match)) { | 134 if (!IsUserWhitelisted(email, &wildcard_match)) { |
| 138 NotifyWhitelistCheckFailure(); | 135 NotifyWhitelistCheckFailure(); |
| 139 return; | 136 return; |
| 140 } | 137 } |
| 141 | 138 |
| 142 if (user_context.GetAuthFlow() == UserContext::AUTH_FLOW_EASY_UNLOCK) | 139 if (user_context.GetAuthFlow() == UserContext::AUTH_FLOW_EASY_UNLOCK) |
| 143 SetupEasyUnlockUserFlow(user_context.GetAccountId().GetUserEmail()); | 140 SetupEasyUnlockUserFlow(user_context.GetUserID()); |
| 144 | 141 |
| 145 switch (auth_mode_) { | 142 switch (auth_mode_) { |
| 146 case AUTH_MODE_EXTENSION: { | 143 case AUTH_MODE_EXTENSION: { |
| 147 RunOnlineWhitelistCheck( | 144 RunOnlineWhitelistCheck( |
| 148 email, wildcard_match, user_context.GetRefreshToken(), | 145 email, wildcard_match, user_context.GetRefreshToken(), |
| 149 base::Bind(&LoginPerformer::StartLoginCompletion, | 146 base::Bind(&LoginPerformer::StartLoginCompletion, |
| 150 weak_factory_.GetWeakPtr()), | 147 weak_factory_.GetWeakPtr()), |
| 151 base::Bind(&LoginPerformer::NotifyWhitelistCheckFailure, | 148 base::Bind(&LoginPerformer::NotifyWhitelistCheckFailure, |
| 152 weak_factory_.GetWeakPtr())); | 149 weak_factory_.GetWeakPtr())); |
| 153 break; | 150 break; |
| 154 } | 151 } |
| 155 case AUTH_MODE_INTERNAL: | 152 case AUTH_MODE_INTERNAL: |
| 156 StartAuthentication(); | 153 StartAuthentication(); |
| 157 break; | 154 break; |
| 158 } | 155 } |
| 159 } | 156 } |
| 160 | 157 |
| 161 void LoginPerformer::LoginAsSupervisedUser(const UserContext& user_context) { | 158 void LoginPerformer::LoginAsSupervisedUser(const UserContext& user_context) { |
| 162 DCHECK_EQ( | 159 DCHECK_EQ(chromeos::login::kSupervisedUserDomain, |
| 163 chromeos::login::kSupervisedUserDomain, | 160 gaia::ExtractDomainName(user_context.GetUserID())); |
| 164 gaia::ExtractDomainName(user_context.GetAccountId().GetUserEmail())); | |
| 165 | 161 |
| 166 user_context_ = user_context; | 162 user_context_ = user_context; |
| 167 user_context_.SetUserType(user_manager::USER_TYPE_SUPERVISED); | 163 user_context_.SetUserType(user_manager::USER_TYPE_SUPERVISED); |
| 168 | 164 |
| 169 if (RunTrustedCheck(base::Bind(&LoginPerformer::TrustedLoginAsSupervisedUser, | 165 if (RunTrustedCheck(base::Bind(&LoginPerformer::TrustedLoginAsSupervisedUser, |
| 170 weak_factory_.GetWeakPtr(), | 166 weak_factory_.GetWeakPtr(), |
| 171 user_context_))) { | 167 user_context_))) { |
| 172 return; | 168 return; |
| 173 } | 169 } |
| 174 TrustedLoginAsSupervisedUser(user_context_); | 170 TrustedLoginAsSupervisedUser(user_context_); |
| 175 } | 171 } |
| 176 | 172 |
| 177 void LoginPerformer::TrustedLoginAsSupervisedUser( | 173 void LoginPerformer::TrustedLoginAsSupervisedUser( |
| 178 const UserContext& user_context) { | 174 const UserContext& user_context) { |
| 179 if (!AreSupervisedUsersAllowed()) { | 175 if (!AreSupervisedUsersAllowed()) { |
| 180 LOG(ERROR) << "Login attempt of supervised user detected."; | 176 LOG(ERROR) << "Login attempt of supervised user detected."; |
| 181 delegate_->WhiteListCheckFailed(user_context.GetAccountId().GetUserEmail()); | 177 delegate_->WhiteListCheckFailed(user_context.GetUserID()); |
| 182 return; | 178 return; |
| 183 } | 179 } |
| 184 | 180 |
| 185 SetupSupervisedUserFlow(user_context.GetAccountId().GetUserEmail()); | 181 SetupSupervisedUserFlow(user_context.GetUserID()); |
| 186 UserContext user_context_copy = TransformSupervisedKey(user_context); | 182 UserContext user_context_copy = TransformSupervisedKey(user_context); |
| 187 | 183 |
| 188 if (UseExtendedAuthenticatorForSupervisedUser(user_context)) { | 184 if (UseExtendedAuthenticatorForSupervisedUser(user_context)) { |
| 189 EnsureExtendedAuthenticator(); | 185 EnsureExtendedAuthenticator(); |
| 190 // TODO(antrim) : Replace empty callback with explicit method. | 186 // TODO(antrim) : Replace empty callback with explicit method. |
| 191 // http://crbug.com/351268 | 187 // http://crbug.com/351268 |
| 192 task_runner_->PostTask( | 188 task_runner_->PostTask( |
| 193 FROM_HERE, | 189 FROM_HERE, |
| 194 base::Bind(&ExtendedAuthenticator::AuthenticateToMount, | 190 base::Bind(&ExtendedAuthenticator::AuthenticateToMount, |
| 195 extended_authenticator_.get(), | 191 extended_authenticator_.get(), |
| 196 user_context_copy, | 192 user_context_copy, |
| 197 ExtendedAuthenticator::ResultCallback())); | 193 ExtendedAuthenticator::ResultCallback())); |
| 198 | 194 |
| 199 } else { | 195 } else { |
| 200 EnsureAuthenticator(); | 196 EnsureAuthenticator(); |
| 201 task_runner_->PostTask(FROM_HERE, | 197 task_runner_->PostTask(FROM_HERE, |
| 202 base::Bind(&Authenticator::LoginAsSupervisedUser, | 198 base::Bind(&Authenticator::LoginAsSupervisedUser, |
| 203 authenticator_.get(), | 199 authenticator_.get(), |
| 204 user_context_copy)); | 200 user_context_copy)); |
| 205 } | 201 } |
| 206 } | 202 } |
| 207 | 203 |
| 208 void LoginPerformer::LoginAsPublicSession(const UserContext& user_context) { | 204 void LoginPerformer::LoginAsPublicSession(const UserContext& user_context) { |
| 209 if (!CheckPolicyForUser(user_context.GetAccountId().GetUserEmail())) { | 205 if (!CheckPolicyForUser(user_context.GetUserID())) { |
| 210 DCHECK(delegate_); | 206 DCHECK(delegate_); |
| 211 if (delegate_) | 207 if (delegate_) |
| 212 delegate_->PolicyLoadFailed(); | 208 delegate_->PolicyLoadFailed(); |
| 213 return; | 209 return; |
| 214 } | 210 } |
| 215 | 211 |
| 216 EnsureAuthenticator(); | 212 EnsureAuthenticator(); |
| 217 task_runner_->PostTask(FROM_HERE, | 213 task_runner_->PostTask(FROM_HERE, |
| 218 base::Bind(&Authenticator::LoginAsPublicSession, | 214 base::Bind(&Authenticator::LoginAsPublicSession, |
| 219 authenticator_.get(), | 215 authenticator_.get(), |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 286 } else { | 282 } else { |
| 287 NOTREACHED(); | 283 NOTREACHED(); |
| 288 } | 284 } |
| 289 user_context_.ClearSecrets(); | 285 user_context_.ClearSecrets(); |
| 290 } | 286 } |
| 291 | 287 |
| 292 void LoginPerformer::EnsureAuthenticator() { | 288 void LoginPerformer::EnsureAuthenticator() { |
| 293 authenticator_ = CreateAuthenticator(); | 289 authenticator_ = CreateAuthenticator(); |
| 294 } | 290 } |
| 295 } // namespace chromeos | 291 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1425093004:
Revert of This CL replaces user_manager::UserID with AccountId. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@468875--Chrome-OS-handles-deletion-of-Gmail-account-poorly--Create-AccountID-structure-part2--user_names