Chromium Code Reviews Chromium Code Reviews
Issue 143463009:
Add policy that forces SAML users to log in online periodically (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SAML_OFFLINE_SIGNIN_LIMITER_H_ | |
| 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_SAML_OFFLINE_SIGNIN_LIMITER_H_ | |
| 7 | |
| 8 #include "base/basictypes.h" | |
| 9 #include "base/memory/scoped_ptr.h" | |
| 10 #include "base/prefs/pref_change_registrar.h" | |
| 11 #include "base/time/default_clock.h" | |
| 12 #include "base/time/time.h" | |
| 13 #include "base/timer/timer.h" | |
| 14 #include "chrome/browser/chromeos/login/user.h" | |
| 15 #include "components/browser_context_keyed_service/browser_context_keyed_service .h" | |
| 16 | |
| 17 class Profile; | |
| 18 | |
| 19 namespace base { | |
| 20 class Clock; | |
| 21 } | |
| 22 | |
| 23 namespace user_prefs { | |
| 24 class PrefRegistrySyncable; | |
| 25 } | |
| 26 | |
| 27 namespace chromeos { | |
| 28 | |
| 29 // Enforces a limit on the length of time for which a user authenticated via | |
| 30 // SAML can use offline authentication against a cached password before being | |
| 31 // forced to go through online authentication against GAIA again. | |
| 32 class SAMLOfflineSigninLimiter : public BrowserContextKeyedService { | |
| 33 public: | |
| 34 // Registers preferences. | |
| 35 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry); | |
| 36 | |
| 37 // Called when the user successfully authenticates. |auth_flow| indicates | |
| 38 // the type of authentication flow that the user went though. | |
|
Nikita (slow)
2014/01/23 17:50:09
nit: went through
bartfab (slow)
2014/01/24 12:56:07
Done.
| |
| 39 void SignedIn(UserContext::AuthFlow auth_flow); | |
| 40 | |
| 41 // BrowserContextKeyedService: | |
| 42 void Shutdown() OVERRIDE; | |
| 43 | |
| 44 private: | |
| 45 friend class SAMLOfflineSigninLimiterFactory; | |
| 46 friend class SAMLOfflineSigninLimiterTest; | |
| 47 | |
| 48 // |profile| and |clock| must remain valid until Shutdown() is called. If | |
| 49 // |clock| is NULL, the |default_clock_| will be used. | |
| 50 SAMLOfflineSigninLimiter(Profile* profile, base::Clock* clock); | |
| 51 virtual ~SAMLOfflineSigninLimiter(); | |
| 52 | |
| 53 // Recalculates the amount of time remaining until online login should be | |
| 54 // forced and sets the |offline_signin_limit_timer_| accordingly. If the limit | |
| 55 // has expired already, sets the flag enforcing online login immediately. | |
| 56 void UpdateLimit(); | |
| 57 | |
| 58 // Sets the flag enforcing online login. This will cause the user's next login | |
| 59 // to use online authentication against GAIA. | |
| 60 void ForceOnlineLogin(); | |
| 61 | |
| 62 base::DefaultClock default_clock_; | |
| 63 | |
| 64 Profile* profile_; | |
| 65 base::Clock* clock_; | |
| 66 | |
| 67 PrefChangeRegistrar pref_change_registrar_; | |
| 68 | |
| 69 scoped_ptr<base::OneShotTimer<SAMLOfflineSigninLimiter> > | |
| 70 offline_signin_limit_timer_; | |
| 71 | |
| 72 DISALLOW_COPY_AND_ASSIGN(SAMLOfflineSigninLimiter); | |
| 73 }; | |
| 74 | |
| 75 } // namespace chromeos | |
| 76 | |
| 77 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_SAML_OFFLINE_SIGNIN_LIMITER_H_ | |
| OLD | NEW |
