Implement the private API for quick unlock.

chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc

Index: chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc
diff --git a/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc b/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc
new file mode 100644
index 0000000000000000000000000000000000000000..a29a984ad6d695c6832df15dc70cdcc3ecdcc9e2
--- /dev/null
+++ b/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc
@@ -0,0 +1,209 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.h"
+
+#include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h"
+#include "chrome/browser/chromeos/login/quick_unlock/pin_storage_factory.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/common/extensions/api/quick_unlock_private.h"
+#include "chromeos/login/auth/extended_authenticator.h"
+#include "chromeos/login/auth/user_context.h"
+#include "extensions/browser/event_router.h"
+
+namespace quick_unlock_private = extensions::api::quick_unlock_private;
+namespace SetModes = quick_unlock_private::SetModes;
+namespace GetActiveModes = quick_unlock_private::GetActiveModes;
+namespace GetAvailableModes = quick_unlock_private::GetAvailableModes;
+namespace OnActiveModesChanged = quick_unlock_private::OnActiveModesChanged;
+using QuickUnlockMode = quick_unlock_private::QuickUnlockMode;
+using ModeList = std::vector<QuickUnlockMode>;
+
+namespace extensions {
+
+namespace {
+const char kModesAndCredentialsLengthMismatch[] =
+    "|modes| and |credentials| must have the same number of elements";
+const char kMultipleModesNotSupported[] =
+    "Currently at most one quick unlock mode can be active.";
+
+QuickUnlockPrivateSetModesFunction::CreateAuthenticator create_authenticator_ =
+    nullptr;
+
+// Triggers a QuickUnlockMode change event.
+void FireEvent(Profile* profile, const ModeList& modes) {
+  std::unique_ptr<base::ListValue> args = OnActiveModesChanged::Create(modes);
+  std::unique_ptr<extensions::Event> event(new extensions::Event(
+      extensions::events::QUICK_UNLOCK_PRIVATE_ON_ACTIVE_MODES_CHANGED,
+      OnActiveModesChanged::kEventName, std::move(args)));
+  extensions::EventRouter::Get(profile)->BroadcastEvent(std::move(event));
+}
+
+// Returns the active set of quick unlock modes.
+ModeList GetActiveModes(Profile* profile) {
+  ModeList modes;
+
+  chromeos::PinStorage* pin_storage =
+      chromeos::PinStorageFactory::GetForProfile(profile);
+  if (pin_storage->IsPinSet())
+    modes.push_back(quick_unlock_private::QUICK_UNLOCK_MODE_PIN);
+
+  return modes;
+}
+
+// Returns true if |a| and |b| contain the same elements. The elements do not
+// need to be in the same order.
+bool AreModesEqual(const ModeList& a, const ModeList& b) {
+  if (a.size() != b.size())
+    return false;
+
+  for (size_t i = 0; i < a.size(); ++i) {
+    if (std::find(b.begin(), b.end(), a[i]) == b.end())
+      return false;
+  }
+
+  return true;
+}
+
+}  // namespace
+
+//////////// quickUnlockPrivate.getAvailableModes
+
+QuickUnlockPrivateGetAvailableModesFunction::
+    QuickUnlockPrivateGetAvailableModesFunction()
+    : chrome_details_(this) {}
+
+QuickUnlockPrivateGetAvailableModesFunction::
+    ~QuickUnlockPrivateGetAvailableModesFunction() {}
+
+ExtensionFunction::ResponseAction
+QuickUnlockPrivateGetAvailableModesFunction::Run() {
+  // TODO(jdufault): Check for policy and do not return PIN if policy makes it
+  // unavailable. See crbug.com/612271.
+  const ModeList modes = {quick_unlock_private::QUICK_UNLOCK_MODE_PIN};
+
+  return RespondNow(ArgumentList(GetAvailableModes::Results::Create(modes)));
+}
+
+//////////// quickUnlockPrivate.getActiveModes
+
+QuickUnlockPrivateGetActiveModesFunction::
+    QuickUnlockPrivateGetActiveModesFunction()
+    : chrome_details_(this) {}

[Devlin, 2016/05/31 22:58:38]

If this needs chrome details, it should probably just be a
ChromeUIThreadExtensionFunction

[jdufault, 2016/06/01 00:07:35]

There's a comment on top of that function saying it is deprecated and that
ChromeExtensionFunctionDetails should be used instead.

+
+QuickUnlockPrivateGetActiveModesFunction::
+    ~QuickUnlockPrivateGetActiveModesFunction() {}
+
+ExtensionFunction::ResponseAction
+QuickUnlockPrivateGetActiveModesFunction::Run() {
+  const ModeList modes = GetActiveModes(chrome_details_.GetProfile());
+  return RespondNow(ArgumentList(GetActiveModes::Results::Create(modes)));
+}
+
+//////////// quickUnlockPrivate.setModes
+
+/* static */

[Devlin, 2016/05/31 22:58:38]

nit: // static

[jdufault, 2016/06/01 00:07:35]

Done.

+void QuickUnlockPrivateSetModesFunction::SetCreateAuthenticatorForTesting(
+    QuickUnlockPrivateSetModesFunction::CreateAuthenticator allocator) {
+  create_authenticator_ = allocator;
+}
+
+QuickUnlockPrivateSetModesFunction::QuickUnlockPrivateSetModesFunction()
+    : chrome_details_(this) {

[Devlin, 2016/05/31 22:58:38]

ditto re ChromeUIThreadExtensionFunction

[jdufault, 2016/06/01 00:07:35]

See above.

+  // Setup a fake authenticator if we are testing.
+  if (create_authenticator_)
+    extended_authenticator_ = create_authenticator_(this);
+  else
+    extended_authenticator_ = chromeos::ExtendedAuthenticator::Create(this);
+}
+
+QuickUnlockPrivateSetModesFunction::~QuickUnlockPrivateSetModesFunction() {}
+
+ExtensionFunction::ResponseAction QuickUnlockPrivateSetModesFunction::Run() {
+  std::unique_ptr<SetModes::Params> params(SetModes::Params::Create(*args_));
+  EXTENSION_FUNCTION_VALIDATE(params.get());
+
+  if (params->modes.size() != params->credentials.size())
+    return RespondNow(Error(kModesAndCredentialsLengthMismatch));
+
+  if (params->modes.size() > 1)
+    return RespondNow(Error(kMultipleModesNotSupported));
+
+  user_manager::User* user = chromeos::ProfileHelper::Get()->GetUserByProfile(
+      chrome_details_.GetProfile());
+  chromeos::UserContext user_context(user->GetAccountId());
+  user_context.SetKey(chromeos::Key(params->account_password));
+
+  // The extension function needs to stay alive while the authenticator is
+  // running the password check. Add a ref before the authenticator starts, and
+  // remove the ref after it invokes one of the OnAuth* callbacks.
+  AddRef();

[Devlin, 2016/05/31 22:58:38]

Do we need this even though we have the implicit refcount with the bind?

[jdufault, 2016/06/01 00:07:35]

Yes, because the implicit refcount is being done on extended_authenticator_
(which holds a pointer to SetModesFunction object).

The manual ref management is keeping the SetModesFunction instance alive so that
the extended_authenticator_ instance can call into it.

+
+  content::BrowserThread::PostTask(
+      content::BrowserThread::UI, FROM_HERE,
+      base::Bind(&chromeos::ExtendedAuthenticator::AuthenticateToCheck,
+                 extended_authenticator_.get(), user_context, base::Closure()));
+
+  return RespondLater();
+}
+
+void QuickUnlockPrivateSetModesFunction::OnAuthFailure(
+    const chromeos::AuthFailure& error) {
+  results_ = SetModes::Results::Create(false);

[Devlin, 2016/05/31 22:58:38]

Use Respond().  Also, should this be an error?

[jdufault, 2016/06/01 00:07:35]

Done.
The password is a user-entered value, so it's a valid scenario it fails to
authenticate. I've been using Error when the API is used incorrectly or in
unsupported ways.

+  SendResponse(true);
+  Release();
+}
+
+void QuickUnlockPrivateSetModesFunction::OnAuthSuccess(
+    const chromeos::UserContext& user_context) {
+  const ModeList initial_modes = GetActiveModes(chrome_details_.GetProfile());
+  ApplyModeChange();
+  const ModeList updated_modes = GetActiveModes(chrome_details_.GetProfile());
+
+  if (!AreModesEqual(initial_modes, updated_modes))
+    FireEvent(chrome_details_.GetProfile(), updated_modes);
+
+  results_ = SetModes::Results::Create(true);
+  SendResponse(true);

[Devlin, 2016/05/31 22:58:38]

use Resond()

[jdufault, 2016/06/01 00:07:35]

Done.

+  Release();
+}
+
+void QuickUnlockPrivateSetModesFunction::ApplyModeChange() {
+  std::unique_ptr<SetModes::Params> params(SetModes::Params::Create(*args_));
+
+  // This function is setup so it is easy to add another quick unlock mode while
+  // following all of the invariants, which are:
+  //
+  // 1: If an unlock type is not specified, it should be deactivated.
+  // 2: If a credential for an unlock type is empty, it should not be touched.
+  // 3: Otherwise, the credential should be set to the new value.
+
+  bool update_pin = true;
+  std::string pin_credential;
+
+  // Compute values for update_pin, pin_credential, etc.
+  for (size_t i = 0; i < params->modes.size(); ++i) {
+    const QuickUnlockMode mode = params->modes[i];
+    const std::string credential = params->credentials[i];

[Devlin, 2016/05/31 22:58:38]

const &?

[jdufault, 2016/06/01 00:07:35]

Done.

+
+    if (mode == quick_unlock_private::QUICK_UNLOCK_MODE_PIN) {
+      update_pin = !credential.empty();
+      pin_credential = credential;
+    }
+  }
+
+  // Use the computed update_pin, pin_credential, etc, values.
+  if (update_pin) {
+    Profile* profile = chrome_details_.GetProfile();
+    chromeos::PinStorage* pin_storage =
+        chromeos::PinStorageFactory::GetForProfile(profile);
+
+    if (pin_credential.empty())
+      pin_storage->RemovePin();
+    else
+      pin_storage->SetPin(pin_credential);
+  }
+}
+
+}  // namespace extensions