| Index: chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc
|
| diff --git a/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc b/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc
|
| index 50bdfb92b393bb1028d07ee2ed4c58c2058f0e0c..6fcf5bdc521ddd9366f13fbaf37bb5f690dae8fa 100644
|
| --- a/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc
|
| +++ b/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc
|
| @@ -7,8 +7,10 @@
|
| #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h"
|
| #include "chrome/browser/chromeos/login/quick_unlock/pin_storage_factory.h"
|
| #include "chrome/browser/chromeos/profiles/profile_helper.h"
|
| +#include "chrome/common/pref_names.h"
|
| #include "chromeos/login/auth/extended_authenticator.h"
|
| #include "chromeos/login/auth/user_context.h"
|
| +#include "components/prefs/pref_service.h"
|
| #include "extensions/browser/event_router.h"
|
|
|
| namespace extensions {
|
| @@ -16,8 +18,11 @@ namespace extensions {
|
| namespace quick_unlock_private = api::quick_unlock_private;
|
| namespace SetModes = quick_unlock_private::SetModes;
|
| namespace GetActiveModes = quick_unlock_private::GetActiveModes;
|
| +namespace CheckCredential = quick_unlock_private::CheckCredential;
|
| namespace GetAvailableModes = quick_unlock_private::GetAvailableModes;
|
| namespace OnActiveModesChanged = quick_unlock_private::OnActiveModesChanged;
|
| +using CredentialProblem = quick_unlock_private::CredentialProblem;
|
| +using CredentialCheck = quick_unlock_private::CredentialCheck;
|
| using QuickUnlockMode = quick_unlock_private::QuickUnlockMode;
|
| using QuickUnlockModeList = std::vector<QuickUnlockMode>;
|
|
|
| @@ -27,6 +32,9 @@ const char kModesAndCredentialsLengthMismatch[] =
|
| "|modes| and |credentials| must have the same number of elements";
|
| const char kMultipleModesNotSupported[] =
|
| "At most one quick unlock mode can be active.";
|
| +// Pins greater in length than |kPinCheckWeakThreshold| will be checked for
|
| +// weakness.
|
| +const int kPinCheckWeakThreshold = 2;
|
|
|
| // Returns the active set of quick unlock modes.
|
| QuickUnlockModeList ComputeActiveModes(Profile* profile) {
|
| @@ -56,6 +64,79 @@ bool AreModesEqual(const QuickUnlockModeList& a, const QuickUnlockModeList& b) {
|
| return true;
|
| }
|
|
|
| +// Returns a list of problems (if any) for a given |pin| given the policies in
|
| +// the |profile|. If |out_min_length| and/or |out_max_length| are valid
|
| +// pointers, return the profile min/max length as well.
|
| +std::vector<CredentialProblem> IsPinLengthValid(const std::string& pin,
|
| + Profile* profile,
|
| + int* out_min_length,
|
| + int* out_max_length) {
|
| + std::vector<CredentialProblem> problems;
|
| + PrefService* pref_service = profile->GetPrefs();
|
| + int min_length = pref_service->GetInteger(prefs::kPinUnlockMinimumLength);
|
| + int max_length = pref_service->GetInteger(prefs::kPinUnlockMaximumLength);
|
| + // If the maximum length is nonzero and shorter than the minimum length, the
|
| + // maximum length is the minimum length.
|
| + if (max_length != 0 && max_length < min_length)
|
| + max_length = min_length;
|
| +
|
| + if (out_min_length)
|
| + *out_min_length = min_length;
|
| + if (out_max_length)
|
| + *out_max_length = max_length;
|
| +
|
| + // Check if the pin is shorter than the minimum specified length.
|
| + if (int{pin.size()} < min_length) {
|
| + problems.push_back(CredentialProblem::CREDENTIAL_PROBLEM_TOO_SHORT);
|
| + }
|
| +
|
| + // If the maximum specified length is zero, there is no maximum length.
|
| + // Otherwise check if the pin is longer than the maximum specified length.
|
| + if (max_length != 0 && int{pin.size()} > max_length) {
|
| + problems.push_back(CredentialProblem::CREDENTIAL_PROBLEM_TOO_LONG);
|
| + }
|
| +
|
| + return problems;
|
| +}
|
| +
|
| +// Returns a list of problems (if any) for a given |pin| given the policies in
|
| +// the |profile|. If |out_allow_weak_pin| is a valid pointer, return the whether
|
| +// the |profile| allows weak pins as well.
|
| +std::vector<CredentialProblem> IsPinDifficultEnough(const std::string& pin,
|
| + Profile* profile,
|
| + bool* out_allow_weak_pin) {
|
| + std::vector<CredentialProblem> problems;
|
| + PrefService* pref_service = profile->GetPrefs();
|
| + bool allow_weak = pref_service->GetBoolean(prefs::kPinUnlockAllowWeakPins);
|
| + if (out_allow_weak_pin)
|
| + *out_allow_weak_pin = allow_weak;
|
| +
|
| + // If the pin length is |kPinCheckWeakThreshold| or less, there is no need to
|
| + // check for same character and increasing pin.
|
| + if (int{pin.size()} <= kPinCheckWeakThreshold)
|
| + return problems;
|
| +
|
| + // Check for same digits, increasing pin simutaneously.
|
| + bool is_same = true;
|
| + bool is_increasing = true;
|
| + bool is_decreasing = true;
|
| + for (int i = 1; i < int{pin.length()}; ++i) {
|
| + const char previous = pin[i - 1];
|
| + const char current = pin[i];
|
| +
|
| + is_same = is_same && (current == previous);
|
| + is_increasing = is_increasing && (current == previous + 1);
|
| + is_decreasing = is_decreasing && (current == previous - 1);
|
| + }
|
| +
|
| + // Pin is considered weak if either of these is met.
|
| + if ((is_same || is_increasing || is_decreasing)) {
|
| + problems.push_back(CredentialProblem::CREDENTIAL_PROBLEM_TOO_WEAK);
|
| + }
|
| +
|
| + return problems;
|
| +}
|
| +
|
| } // namespace
|
|
|
| // quickUnlockPrivate.getAvailableModes
|
| @@ -93,6 +174,48 @@ QuickUnlockPrivateGetActiveModesFunction::Run() {
|
| return RespondNow(ArgumentList(GetActiveModes::Results::Create(modes)));
|
| }
|
|
|
| +// quickUnlockPrivate.checkCredential
|
| +
|
| +QuickUnlockPrivateCheckCredentialFunction::
|
| + QuickUnlockPrivateCheckCredentialFunction()
|
| + : chrome_details_(this) {}
|
| +
|
| +QuickUnlockPrivateCheckCredentialFunction::
|
| + ~QuickUnlockPrivateCheckCredentialFunction() {}
|
| +
|
| +ExtensionFunction::ResponseAction
|
| +QuickUnlockPrivateCheckCredentialFunction::Run() {
|
| + params_ = CheckCredential::Params::Create(*args_);
|
| + EXTENSION_FUNCTION_VALIDATE(params_.get());
|
| +
|
| + auto result = base::MakeUnique<CredentialCheck>();
|
| + result->min_length = base::MakeUnique<int>();
|
| + result->max_length = base::MakeUnique<int>();
|
| + result->allow_weak_pins = base::MakeUnique<bool>();
|
| +
|
| + // Only handles pins for now.
|
| + if (params_->mode != QuickUnlockMode::QUICK_UNLOCK_MODE_PIN) {
|
| + return RespondNow(ArgumentList(CheckCredential::Results::Create(*result)));
|
| + }
|
| +
|
| + std::string tried_password = params_->credential;
|
| + if (!std::all_of(tried_password.begin(), tried_password.end(), ::isdigit))
|
| + return RespondNow(ArgumentList(CheckCredential::Results::Create(*result)));
|
| +
|
| + Profile* profile = chrome_details_.GetProfile();
|
| + auto length_problems =
|
| + IsPinLengthValid(tried_password, profile, result->min_length.get(),
|
| + result->max_length.get());
|
| + auto weak_problems = IsPinDifficultEnough(tried_password, profile,
|
| + result->allow_weak_pins.get());
|
| + result->problems.insert(result->problems.end(), length_problems.begin(),
|
| + length_problems.end());
|
| + result->problems.insert(result->problems.end(), weak_problems.begin(),
|
| + weak_problems.end());
|
| +
|
| + return RespondNow(ArgumentList(CheckCredential::Results::Create(*result)));
|
| +}
|
| +
|
| // quickUnlockPrivate.setModes
|
|
|
| QuickUnlockPrivateSetModesFunction::QuickUnlockPrivateSetModesFunction()
|
| @@ -127,6 +250,19 @@ ExtensionFunction::ResponseAction QuickUnlockPrivateSetModesFunction::Run() {
|
| return RespondNow(ArgumentList(SetModes::Results::Create(false)));
|
| }
|
|
|
| + // Verify every credential is valid based on policies.
|
| + for (size_t j = 0; j < params_->modes.size(); ++j) {
|
| + if (params_->modes[j] == QuickUnlockMode::QUICK_UNLOCK_MODE_PIN &&
|
| + !IsPinLengthValid(params_->credentials[j], chrome_details_.GetProfile(),
|
| + nullptr, nullptr)
|
| + .empty() &&
|
| + !IsPinDifficultEnough(params_->credentials[j],
|
| + chrome_details_.GetProfile(), nullptr)
|
| + .empty()) {
|
| + return RespondNow(ArgumentList(SetModes::Results::Create(false)));
|
| + }
|
| + }
|
| +
|
| user_manager::User* user = chromeos::ProfileHelper::Get()->GetUserByProfile(
|
| chrome_details_.GetProfile());
|
| chromeos::UserContext user_context(user->GetAccountId());
|
|
|
Chromium Code Reviews
Issue 2374303002:
cros: Added a new function to quick unlock api for checking unfinished pins. (Closed)
