Chromium Code Reviews Chromium Code Reviews
Issue 2387253002:
cros: Added policies for screen unlock. (Closed)
| Index: chrome/browser/chromeos/login/quick_unlock/pin_storage.cc |
| diff --git a/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc b/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc |
| index 25abdaf2417994b33e3be641a5eedb34f7f25441..9e51fdd5d6c69267f796952f92cbd2d99d1fdda4 100644 |
| --- a/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc |
| +++ b/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc |
| @@ -40,10 +40,6 @@ std::string ComputeSecret(const std::string& pin, const std::string& salt) { |
| } // namespace |
| // static |
| -const base::TimeDelta PinStorage::kStrongAuthTimeout = |
| - base::TimeDelta::FromHours(24); |
| - |
| -// static |
| void PinStorage::RegisterProfilePrefs( |
| user_prefs::PrefRegistrySyncable* registry) { |
| registry->RegisterStringPref(prefs::kQuickUnlockPinSalt, "", |
| @@ -66,6 +62,32 @@ bool PinStorage::HasStrongAuth() const { |
| return !last_strong_auth_.is_null(); |
| } |
| +bool PinStorage::NeedsStrongAuth() const { |
| + PasswordConfirmation strong_auth_interval = |
| + static_cast<PasswordConfirmation>(pref_service_->GetInteger( |
| + prefs::kScreenUnlockPasswordConfirmationFrequency)); |
| + base::TimeDelta strong_auth_timeout; |
| + switch (strong_auth_interval) { |
|
jdufault
2016/10/04 17:55:06
Have a helper function that converts PasswordConfi
sammiequon
2016/10/18 22:47:49
Done.
|
| + case PasswordConfirmation::SIX_HOURS: |
| + strong_auth_timeout = base::TimeDelta::FromHours(6); |
| + break; |
| + case PasswordConfirmation::TWELVE_HOURS: |
| + strong_auth_timeout = base::TimeDelta::FromHours(12); |
| + break; |
| + case PasswordConfirmation::DAY: |
| + strong_auth_timeout = base::TimeDelta::FromDays(1); |
| + break; |
| + case PasswordConfirmation::WEEK: |
| + strong_auth_timeout = base::TimeDelta::FromDays(7); |
| + break; |
| + default: |
| + NOTREACHED(); |
| + return true; |
| + } |
| + |
| + return TimeSinceLastStrongAuth() > strong_auth_timeout; |
| +} |
| + |
| base::TimeDelta PinStorage::TimeSinceLastStrongAuth() const { |
| DCHECK(!last_strong_auth_.is_null()); |
| return base::Time::Now() - last_strong_auth_; |
| @@ -96,6 +118,16 @@ void PinStorage::RemovePin() { |
| pref_service_->SetString(prefs::kQuickUnlockPinSecret, ""); |
| } |
| +bool PinStorage::IsPinUnlockEnabled() const { |
|
jdufault
2016/10/04 17:55:05
Implement this as part of IsQuickUnlockEnabled().
sammiequon
2016/10/18 22:47:49
Aren't these seperate, like quick unlock could be
jdufault
2016/10/21 19:03:44
There's more code than just PinStorage that needs
sammiequon
2016/10/21 23:49:24
Done.
|
| + const base::ListValue* screen_lock_whitelist = |
| + pref_service_->GetList(prefs::kScreenUnlockWhitelist); |
| + auto all_value = base::StringValue("all"); |
|
jdufault
2016/10/04 17:55:05
Is this how other policy code handles logic like t
sammiequon
2016/10/18 22:47:49
https://cs.chromium.org/chromium/src/chrome/browse
|
| + auto pin_value = base::StringValue("pin"); |
| + return screen_lock_whitelist->Find(all_value) != |
| + screen_lock_whitelist->end() || |
| + screen_lock_whitelist->Find(pin_value) != screen_lock_whitelist->end(); |
| +} |
| + |
| std::string PinStorage::PinSalt() const { |
| return pref_service_->GetString(prefs::kQuickUnlockPinSalt); |
| } |
| @@ -107,11 +139,10 @@ std::string PinStorage::PinSecret() const { |
| bool PinStorage::IsPinAuthenticationAvailable() const { |
| const bool exceeded_unlock_attempts = |
| unlock_attempt_count() >= kMaximumUnlockAttempts; |
| - const bool has_strong_auth = |
| - HasStrongAuth() && TimeSinceLastStrongAuth() < kStrongAuthTimeout; |
| + const bool has_strong_auth = HasStrongAuth() && !NeedsStrongAuth(); |
| - return IsQuickUnlockEnabled() && IsPinSet() && has_strong_auth && |
| - !exceeded_unlock_attempts; |
| + return IsPinUnlockEnabled() && IsQuickUnlockEnabled() && IsPinSet() && |
| + has_strong_auth && !exceeded_unlock_attempts; |
| } |
| bool PinStorage::TryAuthenticatePin(const std::string& pin) { |
