Refactor user pods to use authType property for distinct authentication modes.

chrome/browser/chromeos/login/screen_locker.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/screen_locker.h"
 
 #include <string>
 #include <vector>
 
 #include "ash/ash_switches.h"
@@ skipping 239 matching lines @@
   authentication_capture_.reset();
   weak_factory_.InvalidateWeakPtrs();
 
   VLOG(1) << "Hiding the lock screen.";
   chromeos::ScreenLocker::Hide();
 }
 
 void ScreenLocker::Authenticate(const UserContext& user_context) {
   LOG_ASSERT(IsUserLoggedIn(user_context.username))
       << "Invalid user trying to unlock.";
+
+  // Send authentication request to app using chrome.screenlockPrivate API
+  // if the authentication type is not the system password.
+  LoginDisplay::AuthType auth_type = GetAuthType(user_context.username);
+  if (auth_type != LoginDisplay::SYSTEM_PASSWORD) {
+    Profile* profile = UserManager::Get()->GetProfileByUser(
+        UserManager::Get()->GetActiveUser());

[xiyuan, 2014/02/16 18:38:14]

This is not always the case when multi profile is enabled, e.g. with both
@google.com and @gmail.com, @google.com is always used to lock regardless of
which one is active. We probably should iterate through ScreenLocker's |users_|
to find the user and the profile.

[Tim Song, 2014/02/18 23:32:44]

It seems that ScreenLocker already assumes there is only one user when
authenticating, so we can just use users_[0].

[xiyuan, 2014/02/19 00:17:52]

That is a bad assumption and we should not follow the pattern. It is used in
ScreenLocker::AuthenticateByPassword where the function is called from test
automation code and only has password. Here we have |user_context| and have the
actual user email, why not use it?

[Tim Song, 2014/02/19 19:26:57]

Done.

+    extensions::ScreenlockPrivateEventRouter* router =
+        extensions::ScreenlockPrivateEventRouter::GetFactoryInstance()
+            ->GetForProfile(profile);
+    router->OnAuthAttempted(auth_type, user_context.password);

[xiyuan, 2014/02/16 18:38:14]

How do we get feedback from the auth attempt? What if it is failed?

[Tim Song, 2014/02/18 23:32:44]

The app can unlock the screen if the auth attempt succeeds. Do we need feedback
when it fails?

[xiyuan, 2014/02/19 00:17:52]

We do after we moved the "SetInputEnabled(false)" block before this and need to
re-enable the UI after auth failure. Otherwise, user would stuck with a
input-disabled locker screen.

[Tim Song, 2014/02/19 19:26:57]

You're right. I added an acceptAuthAttempt() function to the screenlockPrivate
API to enable the input if the auth attempt is rejected.

[xiyuan, 2014/02/19 21:48:44]

SGTM. I saw you call ScreenLocker::EnableInput in the other CL but did not see
it here. Please make sure you don't lost any changes. 

+    return;
+  }

[xiyuan, 2014/02/16 18:38:14]

Should we move the whole block under "delegate_->OnAuthenticate();" at line 276?

[Tim Song, 2014/02/18 23:32:44]

Done.

+
   authentication_start_time_ = base::Time::Now();
   delegate_->SetInputEnabled(false);
   delegate_->OnAuthenticate();
 
   BrowserThread::PostTask(
       BrowserThread::UI, FROM_HERE,
       base::Bind(&Authenticator::AuthenticateToUnlock,
                  authenticator_.get(),
                  user_context));
 }
@@ skipping 27 matching lines @@
 }
 
 void ScreenLocker::ShowUserPodButton(const std::string& username,
                                      const gfx::Image& icon,
                                      const base::Closure& click_callback) {
   if (!locked_)
     return;
 
   screenlock_icon_provider_->AddIcon(username, icon);
 
-  // Append the current time to the URL so the image will not be cached.
-  std::string icon_url = ScreenlockIconSource::GetIconURLForUser(username)
-       + "?" + base::Int64ToString(base::Time::Now().ToInternalValue());
-  delegate_->ShowUserPodButton(username, icon_url, click_callback);
+  if (!username.empty()) {
+    // Append the current time to the URL so the image will not be cached.
+    std::string icon_url =
+        ScreenlockIconSource::GetIconURLForUser(username) + "?" +
+        base::Int64ToString(base::Time::Now().ToInternalValue());

[xiyuan, 2014/02/16 18:38:14]

nit: prepend a "uniq=" to give the time a param name.

[Tim Song, 2014/02/18 23:32:44]

Done.

+    delegate_->ShowUserPodButton(username, icon_url, click_callback);
+  }
+}
+
+void ScreenLocker::HideUserPodButton(const std::string& username) {
+  if (!locked_)
+    return;
+  screenlock_icon_provider_->RemoveIcon(username);
+  delegate_->HideUserPodButton(username);
+}
+
+void ScreenLocker::SetAuthType(const std::string& username,
+                               LoginDisplay::AuthType auth_type,
+                               const std::string& initial_value) {
+  if (!locked_)
+    return;
+  delegate_->SetAuthType(username, auth_type, initial_value);
+}
+
+LoginDisplay::AuthType ScreenLocker::GetAuthType(const std::string& username)
+    const {
+  // Return default authentication type when not locked.
+  if (!locked_)
+    return LoginDisplay::SYSTEM_PASSWORD;
+  return delegate_->GetAuthType(username);
 }
 
 void ScreenLocker::ShowErrorMessage(int error_msg_id,
                                     HelpAppLauncher::HelpTopic help_topic_id,
                                     bool sign_out_only) {
   delegate_->SetInputEnabled(!sign_out_only);
   delegate_->ShowErrorMessage(error_msg_id, help_topic_id);
 }
 
 void ScreenLocker::SetLoginStatusConsumer(
@@ skipping 154 matching lines @@
 
 bool ScreenLocker::IsUserLoggedIn(const std::string& username) {
   for (UserList::const_iterator it = users_.begin(); it != users_.end(); ++it) {
     if ((*it)->email() == username)
       return true;
   }
   return false;
 }
 
 }  // namespace chromeos