Chromium Code Reviews Chromium Code Reviews
Issue 1977923002:
Implement pin storage backend. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@lkgr| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_STORAGE_H_ | |
| 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_STORAGE_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 | |
| 10 #include "base/gtest_prod_util.h" | |
| 11 #include "base/time/time.h" | |
| 12 #include "components/keyed_service/core/keyed_service.h" | |
| 13 | |
| 14 class PrefService; | |
| 15 | |
| 16 namespace user_prefs { | |
| 17 class PrefRegistrySyncable; | |
| 18 } // namespace user_prefs | |
| 19 | |
| 20 FORWARD_DECLARE_TEST(PinStorageUnitTest, AuthenticationFailsFromTimeout); | |
| 21 FORWARD_DECLARE_TEST(PinStorageUnitTest, | |
| 22 TimeSinceLastStrongAuthReturnsPositiveValue); | |
| 23 | |
| 24 namespace chromeos { | |
| 25 | |
| 26 // TODO(jdufault): Figure out the UX we want on the lock screen when there are | |
| 27 // multiple users. We will be storing either global or per-user unlock state. If | |
| 28 // we end up storing global unlock state, we can pull the unlock attempt and | |
| 29 // strong-auth code out of this class. | |
| 30 | |
| 31 class PinStorage : public KeyedService { | |
| 32 public: | |
| 33 // TODO(jdufault): Pull these values in from policy. See crbug.com/612271. | |
| 34 static const int kMaximumUnlockAttempts = 3; | |
| 35 static const base::TimeDelta kStrongAuthTimeout; | |
| 36 | |
| 37 // Registers profile prefs. | |
| 38 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry); | |
| 39 | |
| 40 explicit PinStorage(PrefService* pref_service); | |
| 41 ~PinStorage() override; | |
| 42 | |
| 43 // Mark in storage that the user has had a strong authentication. This means | |
| 44 // that they authenticated with their password, for example. PIN unlock will | |
| 45 // timeout after a delay. | |
| 46 void MarkStrongAuth(); | |
| 47 bool HasStrongAuth() const; | |
|
stevenjb
2016/05/16 22:19:08
Each public method should have its own comment, de
jdufault
2016/05/17 19:58:26
Done.
| |
| 48 base::TimeDelta TimeSinceLastStrongAuth() const; | |
| 49 | |
| 50 // Add a PIN unlock attempt count. | |
| 51 void AddUnlockAttempt(); | |
| 52 void ResetUnlockAttemptCount(); | |
| 53 int UnlockAttemptCount() const; | |
| 54 | |
| 55 // PIN storage management. | |
| 56 bool IsPinSet() const; | |
| 57 void SetPin(const std::string& pin); | |
| 58 void RemovePin(); | |
| 59 | |
| 60 // The salt and hash for the stored pin. These methods return empty values if | |
| 61 // IsPinSet returns false. | |
| 62 std::string PinSalt() const; | |
| 63 std::string PinSecret() const; | |
| 64 | |
| 65 // Is PIN entry currently available? | |
| 66 bool IsPinAuthenticationAvailable() const; | |
| 67 | |
| 68 // Tries to authenticate the given pin. This will consume an unlock attempt. | |
| 69 // This always returns false if IsPinAuthenticationAvailable returns false. | |
| 70 bool TryAuthenticatePin(const std::string& pin); | |
| 71 | |
| 72 private: | |
| 73 FRIEND_TEST_ALL_PREFIXES(::PinStorageUnitTest, | |
| 74 AuthenticationFailsFromTimeout); | |
| 75 FRIEND_TEST_ALL_PREFIXES(::PinStorageUnitTest, | |
| 76 TimeSinceLastStrongAuthReturnsPositiveValue); | |
| 77 | |
| 78 PrefService* pref_service_; | |
| 79 int attempt_count_ = 0; | |
| 80 base::Time last_strong_auth_; | |
| 81 | |
| 82 DISALLOW_COPY_AND_ASSIGN(PinStorage); | |
| 83 }; | |
| 84 | |
| 85 } // namespace chromeos | |
| 86 | |
| 87 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_STORAGE_H_ | |
| OLD | NEW |
