[EasyUnlock] Force user to enter their password after 20 hours.

chrome/browser/signin/easy_unlock_service_regular.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/easy_unlock_service_regular.h"
 
 #include <stdint.h>
 
 #include <utility>
 
@@ skipping 506 matching lines @@
 }
 
 void EasyUnlockServiceRegular::OnScreenDidLock(
     proximity_auth::ScreenlockBridge::LockHandler::ScreenType screen_type) {
   will_unlock_using_easy_unlock_ = false;
   lock_screen_last_shown_timestamp_ = base::TimeTicks::Now();
 }
 
 void EasyUnlockServiceRegular::OnScreenDidUnlock(
     proximity_auth::ScreenlockBridge::LockHandler::ScreenType screen_type) {
+  bool is_lock_screen =
+      screen_type == proximity_auth::ScreenlockBridge::LockHandler::LOCK_SCREEN;
+
+  if (!will_unlock_using_easy_unlock_ &&
+      (is_lock_screen || !base::CommandLine::ForCurrentProcess()->HasSwitch(
+                             proximity_auth::switches::kEnableChromeOSLogin))) {

[sacomoto, 2017/05/24 17:35:21]

Why do you care about the kEnableChromeOSLogin switch? Shouldn't we record the
timestamp even if the EasyUnlock login is enable?

[Tim Song, 2017/05/24 18:00:12]

The login logic is handled by EasyUnlockServiceSignInChromeOS, so we don't know
if the login was done by a password or by EasyUnlock here. It's simply easier
for now to ignore the login case for now and assume all logins are done by
passwords.

+    // If a password was used, then record the current timestamp. This timestamp
+    // is used to enforce password reauths after a certain time has elapsed.
+    GetProximityAuthPrefManager()->SetLastPasswordEntryTimestampMs(
+        base::Time::Now().ToJavaTime());
+  }
+
   // Notifications of signin screen unlock events can also reach this code path;
   // disregard them.
-  if (screen_type != proximity_auth::ScreenlockBridge::LockHandler::LOCK_SCREEN)
+  if (!is_lock_screen)
     return;
 
   // Only record metrics for users who have enabled the feature.
   if (IsEnabled()) {
-    EasyUnlockAuthEvent event =
-        will_unlock_using_easy_unlock_
-            ? EASY_UNLOCK_SUCCESS
-            : GetPasswordAuthEvent();
+    EasyUnlockAuthEvent event = will_unlock_using_easy_unlock_
+                                    ? EASY_UNLOCK_SUCCESS
+                                    : GetPasswordAuthEvent();
     RecordEasyUnlockScreenUnlockEvent(event);
 
     if (will_unlock_using_easy_unlock_) {
-      RecordEasyUnlockScreenUnlockDuration(
-          base::TimeTicks::Now() - lock_screen_last_shown_timestamp_);
+      RecordEasyUnlockScreenUnlockDuration(base::TimeTicks::Now() -
+                                           lock_screen_last_shown_timestamp_);
     }
   }
 
   will_unlock_using_easy_unlock_ = false;
 
   // If we synced remote devices while the screen was locked, we can now load
   // the new remote devices.
   if (deferring_device_load_) {
     PA_LOG(INFO) << "Loading deferred devices after screen unlock.";
     deferring_device_load_ = false;
@@ skipping 64 matching lines @@
 
 cryptauth::CryptAuthDeviceManager*
 EasyUnlockServiceRegular::GetCryptAuthDeviceManager() {
   cryptauth::CryptAuthDeviceManager* manager =
       ChromeCryptAuthServiceFactory::GetInstance()
           ->GetForBrowserContext(profile())
           ->GetCryptAuthDeviceManager();
   DCHECK(manager);
   return manager;
 }