cros: Added a new function to quick unlock api for checking unfinished pins.

chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.h"
 
 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h"
 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage_factory.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/common/pref_names.h"
 #include "chromeos/login/auth/extended_authenticator.h"
 #include "chromeos/login/auth/user_context.h"
+#include "components/prefs/pref_service.h"
 #include "extensions/browser/event_router.h"
 
 namespace extensions {
 
 namespace quick_unlock_private = api::quick_unlock_private;
 namespace SetModes = quick_unlock_private::SetModes;
 namespace GetActiveModes = quick_unlock_private::GetActiveModes;
+namespace IsCredentialUsable = quick_unlock_private::IsCredentialUsable;
 namespace GetAvailableModes = quick_unlock_private::GetAvailableModes;
 namespace OnActiveModesChanged = quick_unlock_private::OnActiveModesChanged;
+using CredentialRequirementFailure =
+    quick_unlock_private::CredentialRequirementFailure;
+using CredentialRequirement = quick_unlock_private::CredentialRequirement;
 using QuickUnlockMode = quick_unlock_private::QuickUnlockMode;
 using QuickUnlockModeList = std::vector<QuickUnlockMode>;
 
 namespace {
 
 const char kModesAndCredentialsLengthMismatch[] =
     "|modes| and |credentials| must have the same number of elements";
 const char kMultipleModesNotSupported[] =
     "At most one quick unlock mode can be active.";
 
@@ skipping 18 matching lines @@
   // This is a slow comparison algorithm, but the number of entries in |a| and
   // |b| will always be very low (0-3 items) so it doesn't matter.
   for (size_t i = 0; i < a.size(); ++i) {
     if (std::find(b.begin(), b.end(), a[i]) == b.end())
       return false;
   }
 
   return true;
 }
 
+bool CheckPinInvalid(const std::string& pin,

[jdufault, 2016/09/30 01:05:50]

I think it would be easier to read if this was stated positively, because if we
want to negate it there will be two double-negatives. So what about IsPinValid?

For example, this is confusing to read:

  if (!CheckPinInvalid(...)) { /* ... */ }

[sammiequon, 2016/09/30 18:38:35]

Done.

+                     Profile* profile,
+                     CredentialRequirement* result) {

[jdufault, 2016/09/30 01:05:50]

Document that |result| is optional.

[sammiequon, 2016/09/30 18:38:35]

Done.

+  bool is_invalid = false;
+  PrefService* prefservice = profile->GetPrefs();

[jdufault, 2016/09/30 01:05:50]

nit: pref_service or just prefs

[sammiequon, 2016/09/30 18:38:35]

Done.

+  int minimum_length = prefservice->GetInteger(prefs::kPinUnlockMinimumLength);
+  int maximum_length = prefservice->GetInteger(prefs::kPinUnlockMaximumLength);
+  if (result) {
+    result->min_length.reset(new int(minimum_length));

[jdufault, 2016/09/30 01:05:50]

base::MakeUnique(minimum_length)

[sammiequon, 2016/09/30 18:38:35]

Done.

+    result->max_length.reset(new int(maximum_length));
+  }
+
+  // Check if the pin is shorter than the minimum specified length.
+  if (int{pin.size()} < minimum_length) {
+    is_invalid = true;
+    if (result) {
+      result->failures.push_back(CredentialRequirementFailure::
+                                     CREDENTIAL_REQUIREMENT_FAILURE_TOO_SHORT);

[jdufault, 2016/09/30 01:05:50]

Did you run git cl format? This looks strange.

[sammiequon, 2016/09/30 18:38:35]

Yes I did.

+    }
+  }
+
+  // If the maximum specified length is shorter or equal to the minimum
+  // specified length, there is no maximum length. Otherwise check if the pin is
+  // longer than the maximum specified length.
+  if (maximum_length > minimum_length && int{pin.size()} > maximum_length) {
+    is_invalid = true;
+    if (result) {
+      result->failures.push_back(CredentialRequirementFailure::
+                                     CREDENTIAL_REQUIREMENT_FAILURE_TOO_LONG);
+    }
+  }
+  return is_invalid;

[jdufault, 2016/09/30 01:05:50]

nit: newline above

[sammiequon, 2016/09/30 18:38:35]

Done.

+}
+
 }  // namespace
 
 // quickUnlockPrivate.getAvailableModes
 
 QuickUnlockPrivateGetAvailableModesFunction::
     QuickUnlockPrivateGetAvailableModesFunction()
     : chrome_details_(this) {}
 
 QuickUnlockPrivateGetAvailableModesFunction::
     ~QuickUnlockPrivateGetAvailableModesFunction() {}
@@ skipping 17 matching lines @@
 QuickUnlockPrivateGetActiveModesFunction::
     ~QuickUnlockPrivateGetActiveModesFunction() {}
 
 ExtensionFunction::ResponseAction
 QuickUnlockPrivateGetActiveModesFunction::Run() {
   const QuickUnlockModeList modes =
       ComputeActiveModes(chrome_details_.GetProfile());
   return RespondNow(ArgumentList(GetActiveModes::Results::Create(modes)));
 }
 
+// quickUnlockPrivate.isCredentialUsable
+
+QuickUnlockPrivateIsCredentialUsableFunction::
+    QuickUnlockPrivateIsCredentialUsableFunction()
+    : chrome_details_(this) {}
+
+QuickUnlockPrivateIsCredentialUsableFunction::
+    ~QuickUnlockPrivateIsCredentialUsableFunction() {}
+
+ExtensionFunction::ResponseAction
+QuickUnlockPrivateIsCredentialUsableFunction::Run() {
+  params_ = IsCredentialUsable::Params::Create(*args_);
+  EXTENSION_FUNCTION_VALIDATE(params_.get());
+
+  std::unique_ptr<CredentialRequirement> result =

[jdufault, 2016/09/30 01:05:50]

auto*

[sammiequon, 2016/09/30 18:38:35]

auto* does not work but auto does.

+      base::MakeUnique<CredentialRequirement>();
+
+  QuickUnlockMode mode = params_->mode;

[jdufault, 2016/09/30 01:05:50]

I don't think you need this local if you're only using it once.

[sammiequon, 2016/09/30 18:38:35]

Done.

+  // Only handles pins for now.
+  if (mode != QuickUnlockMode::QUICK_UNLOCK_MODE_PIN) {
+    return RespondNow(
+        ArgumentList(IsCredentialUsable::Results::Create(*result)));
+  }
+
+  std::string tried_password = params_->attempted_password;
+
+  Profile* profile = chrome_details_.GetProfile();
+  CheckPinInvalid(tried_password, profile, result.get());
+
+  // If the pin length is two or less, there is no need to check for same
+  // character and increasing pin.
+  const int pin_check_easy_threshold = 2;

[jdufault, 2016/09/30 01:05:50]

Is this an optimization? If so, I don't think it is worthwhile - the overhead of
calling this function will dwarf any savings.

[sammiequon, 2016/09/30 18:38:35]

The const int? It's just to show what the 2 stands for.

+  if (int{tried_password.size()} > pin_check_easy_threshold) {
+    // Check for same digits, increasing pin simutaneously.
+    bool is_same = true, is_increasing = true;

[jdufault, 2016/09/30 01:05:50]

Separate these into different lines.

[sammiequon, 2016/09/30 18:38:35]

Done.

+    char last_char;
+    for (int j = 0; j < int{tried_password.size()}; j++) {

[jdufault, 2016/09/30 01:05:50]

Iterate over chars directly

  for (char c : tried_password) { ... }

[sammiequon, 2016/09/30 18:38:35]

Done.

+      if (j == 0) {
+        last_char = tried_password[j];
+        continue;
+      }
+      is_same = is_same && (tried_password[j] == last_char);
+      is_increasing = is_increasing && (tried_password[j] == last_char + 1);

[jdufault, 2016/09/30 01:05:50]

This algorithm looks different from the JS one. For example, I think this will
consider 4321 as strong.

[sammiequon, 2016/09/30 18:38:35]

Yes the google doc only says increasing.

[jdufault, 2016/10/04 22:57:27]

I think we should also consider 4321 weak.

[sammiequon, 2016/10/05 19:48:10]

Done.

+      last_char = tried_password[j];
+    }
+
+    // Pin is considered weak if either of these is met.
+    if (is_same || is_increasing) {
+      result->failures.push_back(CredentialRequirementFailure::
+                                     CREDENTIAL_REQUIREMENT_FAILURE_TOO_WEAK);
+    }
+  }
+
+  return RespondNow(ArgumentList(IsCredentialUsable::Results::Create(*result)));
+}
+
 // quickUnlockPrivate.setModes
 
 QuickUnlockPrivateSetModesFunction::QuickUnlockPrivateSetModesFunction()
     : chrome_details_(this) {}
 
 QuickUnlockPrivateSetModesFunction::~QuickUnlockPrivateSetModesFunction() {}
 
 void QuickUnlockPrivateSetModesFunction::SetAuthenticatorAllocatorForTesting(
     const QuickUnlockPrivateSetModesFunction::AuthenticatorAllocator&
         allocator) {
@@ skipping 14 matching lines @@
 
   if (params_->modes.size() > 1)
     return RespondNow(Error(kMultipleModesNotSupported));
 
   // Verify every credential is numeric.
   for (const std::string& credential : params_->credentials) {
     if (!std::all_of(credential.begin(), credential.end(), ::isdigit))
       return RespondNow(ArgumentList(SetModes::Results::Create(false)));
   }
 
+  // Verify every credential is valid based on policies.
+  for (const std::string& credential : params_->credentials) {
+    if (CheckPinInvalid(credential, chrome_details_.GetProfile(), nullptr))

[jdufault, 2016/09/30 01:05:50]

This assumes that every credential is a PIN, which is not necessarily true.

[sammiequon, 2016/09/30 18:38:35]

Done.

+      return RespondNow(ArgumentList(SetModes::Results::Create(false)));
+  }
+
   user_manager::User* user = chromeos::ProfileHelper::Get()->GetUserByProfile(
       chrome_details_.GetProfile());
   chromeos::UserContext user_context(user->GetAccountId());
   user_context.SetKey(chromeos::Key(params_->account_password));
 
   // Lazily allocate the authenticator. We do this here, instead of in the ctor,
   // so that tests can install a fake.
   if (authenticator_allocator_.is_null())
     extended_authenticator_ = chromeos::ExtendedAuthenticator::Create(this);
   else
@@ skipping 83 matching lines @@
   }
 
   std::unique_ptr<base::ListValue> args = OnActiveModesChanged::Create(modes);
   std::unique_ptr<Event> event(
       new Event(events::QUICK_UNLOCK_PRIVATE_ON_ACTIVE_MODES_CHANGED,
                 OnActiveModesChanged::kEventName, std::move(args)));
   EventRouter::Get(browser_context())->BroadcastEvent(std::move(event));
 }
 
 }  // namespace extensions