chrome/browser/chromeos/login/quick_unlock/pin_storage.h - Issue 2387253002: cros: Added policies for screen unlock.

Side by Side Diff: chrome/browser/chromeos/login/quick_unlock/pin_storage.h

Issue 2387253002: cros: Added policies for screen unlock. (Closed)

Patch Set: Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_STORAGE_H_	5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_STORAGE_H_

6 #define CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_STORAGE_H_	6 #define CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_STORAGE_H_

7	7

8 #include <string>	8 #include <string>

9	9

10 #include "base/gtest_prod_util.h"	10 #include "base/gtest_prod_util.h"

11 #include "base/time/time.h"	11 #include "base/time/time.h"

12 #include "components/keyed_service/core/keyed_service.h"	12 #include "components/keyed_service/core/keyed_service.h"

13	13

14 class PrefService;	14 class PrefService;

15	15

16 namespace user_prefs {	16 namespace user_prefs {

17 class PrefRegistrySyncable;	17 class PrefRegistrySyncable;

18 } // namespace user_prefs	18 } // namespace user_prefs

19	19

20 class PinStorageTestApi;	20 class PinStorageTestApi;

21	21

22 namespace chromeos {	22 namespace chromeos {

23	23

24 class PinStorage : public KeyedService {	24 class PinStorage : public KeyedService {

25 public:	25 public:

26 // TODO(jdufault): Pull these values in from policy. See crbug.com/612271.	26 // TODO(jdufault): Pull these values in from policy. See crbug.com/612271.

27 static const int kMaximumUnlockAttempts = 3;	27 static const int kMaximumUnlockAttempts = 3;
	jdufault 2016/10/04 17:55:06 This value should be changeable using policy. This value should be changeable using policy. sammiequon 2016/10/18 22:47:49 I did not see this on the doc, but I will do it in Show quoted text On 2016/10/04 17:55:06, jdufault wrote: > This value should be changeable using policy. I did not see this on the doc, but I will do it in a separate CL.
28 static const base::TimeDelta kStrongAuthTimeout;

29	28

30 // Registers profile prefs.	29 // Registers profile prefs.

31 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);	30 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);

32	31

33 explicit PinStorage(PrefService* pref_service);	32 explicit PinStorage(PrefService* pref_service);

34 ~PinStorage() override;	33 ~PinStorage() override;

35	34

36 // Mark in storage that the user has had a strong authentication. This means	35 // Mark in storage that the user has had a strong authentication. This means

37 // that they authenticated with their password, for example. PIN unlock will	36 // that they authenticated with their password, for example. PIN unlock will

38 // timeout after a delay.	37 // timeout after a delay.

39 void MarkStrongAuth();	38 void MarkStrongAuth();

40 // Returns true if the user has been strongly authenticated.	39 // Returns true if the user has been strongly authenticated.

41 bool HasStrongAuth() const;	40 bool HasStrongAuth() const;
	jdufault 2016/10/04 17:55:06 Why did you decide to define NeedsStrongAuth separ Why did you decide to define NeedsStrongAuth separately from HasStrongAuth? It seems reasonable to put all of the NeedsStrongAuth logic into HasStrongAuth. Right now, it is very confusing for a reader because HasStrongAuth and NeedsStrongAuth are only subtly different. This makes the API confusing. sammiequon 2016/10/18 22:47:49 I thought HasStrongAuth would be needed separately Show quoted text On 2016/10/04 17:55:06, jdufault wrote: > Why did you decide to define NeedsStrongAuth separately from HasStrongAuth? It > seems reasonable to put all of the NeedsStrongAuth logic into HasStrongAuth. > > Right now, it is very confusing for a reader because HasStrongAuth and > NeedsStrongAuth are only subtly different. This makes the API confusing. I thought HasStrongAuth would be needed separately on some cases. A lot tests check to see if last_strong_auth is null. jdufault 2016/10/21 19:03:44 The API is very confusing right now, I think it's Show quoted text On 2016/10/18 22:47:49, sammiequon wrote: > On 2016/10/04 17:55:06, jdufault wrote: > > Why did you decide to define NeedsStrongAuth separately from HasStrongAuth? It > > seems reasonable to put all of the NeedsStrongAuth logic into HasStrongAuth. > > > > Right now, it is very confusing for a reader because HasStrongAuth and > > NeedsStrongAuth are only subtly different. This makes the API confusing. > > I thought HasStrongAuth would be needed separately on some cases. A lot tests > check to see if last_strong_auth is null. The API is very confusing right now, I think it's worth adding such a method to a test utility class instead of here. FWIW, it should generally not be possible to have a PinStorage instance where there is no last_strong_auth_ time. sammiequon 2016/10/21 23:49:24 Done. Show quoted text On 2016/10/21 19:03:44, jdufault wrote: > On 2016/10/18 22:47:49, sammiequon wrote: > > On 2016/10/04 17:55:06, jdufault wrote: > > > Why did you decide to define NeedsStrongAuth separately from HasStrongAuth? > It > > > seems reasonable to put all of the NeedsStrongAuth logic into HasStrongAuth. > > > > > > Right now, it is very confusing for a reader because HasStrongAuth and > > > NeedsStrongAuth are only subtly different. This makes the API confusing. > > > > I thought HasStrongAuth would be needed separately on some cases. A lot tests > > check to see if last_strong_auth is null. > > The API is very confusing right now, I think it's worth adding such a method to > a test utility class instead of here. > > FWIW, it should generally not be possible to have a PinStorage instance where > there is no last_strong_auth_ time. Done.
	41 // Returns true if the user last strong authentication was longer than the set

	42 // preference. This should not be called if HasStrongAuth returns false.

	43 bool NeedsStrongAuth() const;

42 // Returns the time since the last strong authentication. This should not be	44 // Returns the time since the last strong authentication. This should not be

43 // called if HasStrongAuth returns false.	45 // called if HasStrongAuth returns false.

44 base::TimeDelta TimeSinceLastStrongAuth() const;	46 base::TimeDelta TimeSinceLastStrongAuth() const;

45	47

46 // Add a PIN unlock attempt count.	48 // Add a PIN unlock attempt count.

47 void AddUnlockAttempt();	49 void AddUnlockAttempt();

48 // Reset the number of unlock attempts to 0.	50 // Reset the number of unlock attempts to 0.

49 void ResetUnlockAttemptCount();	51 void ResetUnlockAttemptCount();

50 // Returns the number of unlock attempts.	52 // Returns the number of unlock attempts.

51 int unlock_attempt_count() const { return unlock_attempt_count_; }	53 int unlock_attempt_count() const { return unlock_attempt_count_; }

52	54

53 // Returns true if a pin is set.	55 // Returns true if a pin is set.

54 bool IsPinSet() const;	56 bool IsPinSet() const;

55 // Sets the pin to the given value; IsPinSet will return true.	57 // Sets the pin to the given value; IsPinSet will return true.

56 void SetPin(const std::string& pin);	58 void SetPin(const std::string& pin);

57 // Removes the pin; IsPinSet will return false.	59 // Removes the pin; IsPinSet will return false.

58 void RemovePin();	60 void RemovePin();

	61 // Checks the to see if pin unlock enabled.

	62 bool IsPinUnlockEnabled() const;

59	63

60 // Is PIN entry currently available?	64 // Is PIN entry currently available?

61 bool IsPinAuthenticationAvailable() const;	65 bool IsPinAuthenticationAvailable() const;

62	66

63 // Tries to authenticate the given pin. This will consume an unlock attempt.	67 // Tries to authenticate the given pin. This will consume an unlock attempt.

64 // This always returns false if IsPinAuthenticationAvailable returns false.	68 // This always returns false if IsPinAuthenticationAvailable returns false.

65 bool TryAuthenticatePin(const std::string& pin);	69 bool TryAuthenticatePin(const std::string& pin);

66	70

67 private:	71 private:

68 // Return the stored salt/secret. This is fetched directly from pref_service_.	72 // Return the stored salt/secret. This is fetched directly from pref_service_.

69 std::string PinSalt() const;	73 std::string PinSalt() const;

70 std::string PinSecret() const;	74 std::string PinSecret() const;

71	75

72 friend class ::PinStorageTestApi;	76 friend class ::PinStorageTestApi;

73	77

74 PrefService* pref_service_;	78 PrefService* pref_service_;

75 int unlock_attempt_count_ = 0;	79 int unlock_attempt_count_ = 0;

76 base::Time last_strong_auth_;	80 base::Time last_strong_auth_;

77	81

78 DISALLOW_COPY_AND_ASSIGN(PinStorage);	82 DISALLOW_COPY_AND_ASSIGN(PinStorage);

79 };	83 };

80	84

81 } // namespace chromeos	85 } // namespace chromeos

82	86

83 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_STORAGE_H_	87 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_STORAGE_H_

OLD	NEW

« no previous file with comments | « no previous file | chrome/browser/chromeos/login/quick_unlock/pin_storage.cc » ('j') | chrome/browser/chromeos/login/quick_unlock/pin_storage.cc » ('J')