| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/lock/screen_locker.h" | 5 #include "chrome/browser/chromeos/login/lock/screen_locker.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "ash/ash_switches.h" | 10 #include "ash/ash_switches.h" |
| 11 #include "ash/audio/sounds.h" | 11 #include "ash/audio/sounds.h" |
| 12 #include "ash/desktop_background/desktop_background_controller.h" | 12 #include "ash/desktop_background/desktop_background_controller.h" |
| 13 #include "ash/shell.h" | 13 #include "ash/shell.h" |
| 14 #include "ash/wm/common/window_state.h" | 14 #include "ash/wm/common/window_state.h" |
| 15 #include "ash/wm/common/wm_event.h" | 15 #include "ash/wm/common/wm_event.h" |
| 16 #include "ash/wm/lock_state_controller.h" | 16 #include "ash/wm/lock_state_controller.h" |
| 17 #include "ash/wm/window_state_aura.h" | 17 #include "ash/wm/window_state_aura.h" |
| 18 #include "ash/wm/window_util.h" | 18 #include "ash/wm/window_util.h" |
| 19 #include "base/bind.h" | 19 #include "base/bind.h" |
| 20 #include "base/command_line.h" | 20 #include "base/command_line.h" |
| 21 #include "base/lazy_instance.h" | 21 #include "base/lazy_instance.h" |
| 22 #include "base/macros.h" | 22 #include "base/macros.h" |
| 23 #include "base/memory/weak_ptr.h" | 23 #include "base/memory/weak_ptr.h" |
| 24 #include "base/message_loop/message_loop.h" | 24 #include "base/message_loop/message_loop.h" |
| 25 #include "base/metrics/histogram.h" | 25 #include "base/metrics/histogram.h" |
| 26 #include "base/strings/string_number_conversions.h" | 26 #include "base/strings/string_number_conversions.h" |
| 27 #include "base/strings/string_util.h" | 27 #include "base/strings/string_util.h" |
| 28 #include "chrome/browser/chrome_notification_types.h" | 28 #include "chrome/browser/chrome_notification_types.h" |
| 29 #include "chrome/browser/chromeos/login/lock/webui_screen_locker.h" | 29 #include "chrome/browser/chromeos/login/lock/webui_screen_locker.h" |
| 30 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" |
| 31 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage_factory.h" |
| 30 #include "chrome/browser/chromeos/login/session/user_session_manager.h" | 32 #include "chrome/browser/chromeos/login/session/user_session_manager.h" |
| 31 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticatio
n.h" | 33 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticatio
n.h" |
| 32 #include "chrome/browser/chromeos/login/ui/user_adding_screen.h" | 34 #include "chrome/browser/chromeos/login/ui/user_adding_screen.h" |
| 33 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" | 35 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" |
| 34 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" | 36 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" |
| 35 #include "chrome/browser/lifetime/application_lifetime.h" | 37 #include "chrome/browser/lifetime/application_lifetime.h" |
| 36 #include "chrome/browser/signin/easy_unlock_service.h" | 38 #include "chrome/browser/signin/easy_unlock_service.h" |
| 37 #include "chrome/browser/signin/signin_manager_factory.h" | 39 #include "chrome/browser/signin/signin_manager_factory.h" |
| 38 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_provider.h" | 40 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_provider.h" |
| 39 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_source.h" | 41 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_source.h" |
| (...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 208 } | 210 } |
| 209 | 211 |
| 210 const user_manager::User* user = | 212 const user_manager::User* user = |
| 211 user_manager::UserManager::Get()->FindUser(user_context.GetAccountId()); | 213 user_manager::UserManager::Get()->FindUser(user_context.GetAccountId()); |
| 212 if (user) { | 214 if (user) { |
| 213 if (!user->is_active()) { | 215 if (!user->is_active()) { |
| 214 saved_ime_state_ = NULL; | 216 saved_ime_state_ = NULL; |
| 215 user_manager::UserManager::Get()->SwitchActiveUser( | 217 user_manager::UserManager::Get()->SwitchActiveUser( |
| 216 user_context.GetAccountId()); | 218 user_context.GetAccountId()); |
| 217 } | 219 } |
| 220 |
| 221 // Reset the number of PIN attempts available to the user. We always do this |
| 222 // because: |
| 223 // 1. If the user signed in with a PIN, that means they should be able to |
| 224 // continue signing in with a PIN. |
| 225 // 2. If the user signed in with cryptohome keys, then the PIN timeout is |
| 226 // going to be reset as well, so it is safe to reset the unlock attempt |
| 227 // count. |
| 228 PinStorage* pin_storage = PinStorageFactory::GetForUser(user); |
| 229 if (pin_storage) |
| 230 pin_storage->ResetUnlockAttemptCount(); |
| 231 |
| 218 UserSessionManager::GetInstance()->UpdateEasyUnlockKeys(user_context); | 232 UserSessionManager::GetInstance()->UpdateEasyUnlockKeys(user_context); |
| 219 } else { | 233 } else { |
| 220 NOTREACHED() << "Logged in user not found."; | 234 NOTREACHED() << "Logged in user not found."; |
| 221 } | 235 } |
| 222 | 236 |
| 223 authentication_capture_.reset(new AuthenticationParametersCapture()); | 237 authentication_capture_.reset(new AuthenticationParametersCapture()); |
| 224 authentication_capture_->user_context = user_context; | 238 authentication_capture_->user_context = user_context; |
| 225 | 239 |
| 226 // Add guard for case when something get broken in call chain to unlock | 240 // Add guard for case when something get broken in call chain to unlock |
| 227 // for sure. | 241 // for sure. |
| 228 base::MessageLoop::current()->PostDelayedTask( | 242 base::MessageLoop::current()->PostDelayedTask( |
| 229 FROM_HERE, | 243 FROM_HERE, |
| 230 base::Bind(&ScreenLocker::UnlockOnLoginSuccess, | 244 base::Bind(&ScreenLocker::UnlockOnLoginSuccess, |
| 231 weak_factory_.GetWeakPtr()), | 245 weak_factory_.GetWeakPtr()), |
| 232 base::TimeDelta::FromMilliseconds(kUnlockGuardTimeoutMs)); | 246 base::TimeDelta::FromMilliseconds(kUnlockGuardTimeoutMs)); |
| 233 delegate_->AnimateAuthenticationSuccess(); | 247 delegate_->AnimateAuthenticationSuccess(); |
| 234 } | 248 } |
| 235 | 249 |
| 250 void ScreenLocker::OnPasswordAuthSuccess(const UserContext& user_context) { |
| 251 // The user has signed in using their password, so reset the PIN timeout. |
| 252 PinStorage* pin_storage = |
| 253 PinStorageFactory::GetForAccountId(user_context.GetAccountId()); |
| 254 if (pin_storage) |
| 255 pin_storage->MarkStrongAuth(); |
| 256 } |
| 257 |
| 236 void ScreenLocker::UnlockOnLoginSuccess() { | 258 void ScreenLocker::UnlockOnLoginSuccess() { |
| 237 DCHECK(base::MessageLoopForUI::IsCurrent()); | 259 DCHECK(base::MessageLoopForUI::IsCurrent()); |
| 238 if (!authentication_capture_.get()) { | 260 if (!authentication_capture_.get()) { |
| 239 LOG(WARNING) << "Call to UnlockOnLoginSuccess without previous " << | 261 LOG(WARNING) << "Call to UnlockOnLoginSuccess without previous " << |
| 240 "authentication success."; | 262 "authentication success."; |
| 241 return; | 263 return; |
| 242 } | 264 } |
| 243 | 265 |
| 244 if (auth_status_consumer_) { | 266 if (auth_status_consumer_) { |
| 245 auth_status_consumer_->OnAuthSuccess(authentication_capture_->user_context); | 267 auth_status_consumer_->OnAuthSuccess(authentication_capture_->user_context); |
| 246 } | 268 } |
| 247 authentication_capture_.reset(); | 269 authentication_capture_.reset(); |
| 248 weak_factory_.InvalidateWeakPtrs(); | 270 weak_factory_.InvalidateWeakPtrs(); |
| 249 | 271 |
| 250 VLOG(1) << "Hiding the lock screen."; | 272 VLOG(1) << "Hiding the lock screen."; |
| 251 chromeos::ScreenLocker::Hide(); | 273 chromeos::ScreenLocker::Hide(); |
| 252 } | 274 } |
| 253 | 275 |
| 254 void ScreenLocker::Authenticate(const UserContext& user_context) { | 276 void ScreenLocker::Authenticate(const UserContext& user_context) { |
| 255 LOG_ASSERT(IsUserLoggedIn(user_context.GetAccountId().GetUserEmail())) | 277 LOG_ASSERT(IsUserLoggedIn(user_context.GetAccountId())) |
| 256 << "Invalid user trying to unlock."; | 278 << "Invalid user trying to unlock."; |
| 257 | 279 |
| 258 authentication_start_time_ = base::Time::Now(); | 280 authentication_start_time_ = base::Time::Now(); |
| 259 delegate_->SetInputEnabled(false); | 281 delegate_->SetInputEnabled(false); |
| 260 delegate_->OnAuthenticate(); | 282 delegate_->OnAuthenticate(); |
| 261 | 283 |
| 262 // Special case: supervised users. Use special authenticator. | 284 const user_manager::User* user = FindUnlockUser(user_context.GetAccountId()); |
| 263 if (const user_manager::User* user = | 285 if (user) { |
| 264 FindUnlockUser(user_context.GetAccountId().GetUserEmail())) { | 286 // Check to see if the user submitted a PIN and it is valid. |
| 287 const std::string pin = user_context.GetKey()->GetSecret(); |
| 288 |
| 289 // We only want to try authenticating the pin if it is a number, |
| 290 // otherwise we will timeout PIN if the user enters their account password |
| 291 // incorrectly more than a few times. |
| 292 int dummy_value; |
| 293 if (base::StringToInt(pin, &dummy_value)) { |
| 294 chromeos::PinStorage* pin_storage = |
| 295 chromeos::PinStorageFactory::GetForUser(user); |
| 296 if (pin_storage && pin_storage->TryAuthenticatePin(pin)) { |
| 297 OnAuthSuccess(user_context); |
| 298 return; |
| 299 } |
| 300 } |
| 301 |
| 302 // Special case: supervised users. Use special authenticator. |
| 265 if (user->GetType() == user_manager::USER_TYPE_SUPERVISED) { | 303 if (user->GetType() == user_manager::USER_TYPE_SUPERVISED) { |
| 266 UserContext updated_context = ChromeUserManager::Get() | 304 UserContext updated_context = ChromeUserManager::Get() |
| 267 ->GetSupervisedUserManager() | 305 ->GetSupervisedUserManager() |
| 268 ->GetAuthentication() | 306 ->GetAuthentication() |
| 269 ->TransformKey(user_context); | 307 ->TransformKey(user_context); |
| 270 // TODO(antrim) : replace empty closure with explicit method. | |
| 271 // http://crbug.com/351268 | |
| 272 BrowserThread::PostTask( | 308 BrowserThread::PostTask( |
| 273 BrowserThread::UI, | 309 BrowserThread::UI, FROM_HERE, |
| 274 FROM_HERE, | |
| 275 base::Bind(&ExtendedAuthenticator::AuthenticateToCheck, | 310 base::Bind(&ExtendedAuthenticator::AuthenticateToCheck, |
| 276 extended_authenticator_.get(), | 311 extended_authenticator_.get(), updated_context, |
| 277 updated_context, | 312 base::Bind(&ScreenLocker::OnPasswordAuthSuccess, |
| 278 base::Closure())); | 313 weak_factory_.GetWeakPtr(), updated_context))); |
| 279 return; | 314 return; |
| 280 } | 315 } |
| 281 } | 316 } |
| 282 | 317 |
| 283 BrowserThread::PostTask( | 318 BrowserThread::PostTask( |
| 284 BrowserThread::UI, FROM_HERE, | 319 BrowserThread::UI, FROM_HERE, |
| 285 base::Bind(&ExtendedAuthenticator::AuthenticateToCheck, | 320 base::Bind(&ExtendedAuthenticator::AuthenticateToCheck, |
| 286 extended_authenticator_.get(), | 321 extended_authenticator_.get(), user_context, |
| 287 user_context, | 322 base::Bind(&ScreenLocker::OnPasswordAuthSuccess, |
| 288 base::Closure())); | 323 weak_factory_.GetWeakPtr(), user_context))); |
| 289 } | 324 } |
| 290 | 325 |
| 291 const user_manager::User* ScreenLocker::FindUnlockUser( | 326 const user_manager::User* ScreenLocker::FindUnlockUser( |
| 292 const std::string& user_id) { | 327 const AccountId& account_id) { |
| 293 const user_manager::User* unlock_user = NULL; | 328 for (const user_manager::User* user : users_) { |
| 294 for (user_manager::UserList::const_iterator it = users_.begin(); | 329 if (user->GetAccountId() == account_id) |
| 295 it != users_.end(); | 330 return user; |
| 296 ++it) { | |
| 297 if ((*it)->email() == user_id) { | |
| 298 unlock_user = *it; | |
| 299 break; | |
| 300 } | |
| 301 } | 331 } |
| 302 return unlock_user; | 332 return nullptr; |
| 303 } | 333 } |
| 304 | 334 |
| 305 void ScreenLocker::ClearErrors() { | 335 void ScreenLocker::ClearErrors() { |
| 306 delegate_->ClearErrors(); | 336 delegate_->ClearErrors(); |
| 307 } | 337 } |
| 308 | 338 |
| 309 void ScreenLocker::Signout() { | 339 void ScreenLocker::Signout() { |
| 310 delegate_->ClearErrors(); | 340 delegate_->ClearErrors(); |
| 311 content::RecordAction(UserMetricsAction("ScreenLocker_Signout")); | 341 content::RecordAction(UserMetricsAction("ScreenLocker_Signout")); |
| 312 // We expect that this call will not wait for any user input. | 342 // We expect that this call will not wait for any user input. |
| (...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 496 | 526 |
| 497 input_method::InputMethodManager::Get() | 527 input_method::InputMethodManager::Get() |
| 498 ->GetActiveIMEState() | 528 ->GetActiveIMEState() |
| 499 ->EnableLockScreenLayouts(); | 529 ->EnableLockScreenLayouts(); |
| 500 } | 530 } |
| 501 | 531 |
| 502 content::WebUI* ScreenLocker::GetAssociatedWebUI() { | 532 content::WebUI* ScreenLocker::GetAssociatedWebUI() { |
| 503 return delegate_->GetAssociatedWebUI(); | 533 return delegate_->GetAssociatedWebUI(); |
| 504 } | 534 } |
| 505 | 535 |
| 506 bool ScreenLocker::IsUserLoggedIn(const std::string& username) { | 536 bool ScreenLocker::IsUserLoggedIn(const AccountId& account_id) const { |
| 507 for (user_manager::UserList::const_iterator it = users_.begin(); | 537 for (user_manager::User* user : users_) { |
| 508 it != users_.end(); | 538 if (user->GetAccountId() == account_id) |
| 509 ++it) { | |
| 510 if ((*it)->email() == username) | |
| 511 return true; | 539 return true; |
| 512 } | 540 } |
| 513 return false; | 541 return false; |
| 514 } | 542 } |
| 515 | 543 |
| 516 } // namespace chromeos | 544 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2015413002:
Enable the PIN keyboard on the lockscreen. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@lkgr