| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/proximity_auth/proximity_auth_system.h" | 5 #include "components/proximity_auth/proximity_auth_system.h" |
| 6 | 6 |
| 7 #include "base/threading/thread_task_runner_handle.h" | 7 #include "base/threading/thread_task_runner_handle.h" |
| 8 #include "base/time/default_clock.h" |
| 8 #include "components/proximity_auth/logging/logging.h" | 9 #include "components/proximity_auth/logging/logging.h" |
| 9 #include "components/proximity_auth/proximity_auth_client.h" | 10 #include "components/proximity_auth/proximity_auth_client.h" |
| 11 #include "components/proximity_auth/proximity_auth_pref_manager.h" |
| 10 #include "components/proximity_auth/remote_device_life_cycle_impl.h" | 12 #include "components/proximity_auth/remote_device_life_cycle_impl.h" |
| 11 #include "components/proximity_auth/unlock_manager_impl.h" | 13 #include "components/proximity_auth/unlock_manager_impl.h" |
| 12 | 14 |
| 13 namespace proximity_auth { | 15 namespace proximity_auth { |
| 14 | 16 |
| 17 namespace { |
| 18 |
| 19 // The maximum number of hours permitted before the user is forced is use their |
| 20 // password to authenticate. |
| 21 const int64_t kPasswordReauthPeriodHours = 20; |
| 22 |
| 23 } // namespace |
| 24 |
| 15 ProximityAuthSystem::ProximityAuthSystem( | 25 ProximityAuthSystem::ProximityAuthSystem( |
| 16 ScreenlockType screenlock_type, | 26 ScreenlockType screenlock_type, |
| 17 ProximityAuthClient* proximity_auth_client) | 27 ProximityAuthClient* proximity_auth_client) |
| 18 : proximity_auth_client_(proximity_auth_client), | 28 : proximity_auth_client_(proximity_auth_client), |
| 19 unlock_manager_( | 29 unlock_manager_( |
| 20 new UnlockManagerImpl(screenlock_type, proximity_auth_client)), | 30 new UnlockManagerImpl(screenlock_type, proximity_auth_client)), |
| 31 clock_(new base::DefaultClock()), |
| 32 pref_manager_(new ProximityAuthPrefManager( |
| 33 proximity_auth_client->GetPrefService())), |
| 21 suspended_(false), | 34 suspended_(false), |
| 22 started_(false), | 35 started_(false), |
| 23 weak_ptr_factory_(this) {} | 36 weak_ptr_factory_(this) {} |
| 24 | 37 |
| 25 ProximityAuthSystem::ProximityAuthSystem( | 38 ProximityAuthSystem::ProximityAuthSystem( |
| 26 ScreenlockType screenlock_type, | 39 ScreenlockType screenlock_type, |
| 27 ProximityAuthClient* proximity_auth_client, | 40 ProximityAuthClient* proximity_auth_client, |
| 28 std::unique_ptr<UnlockManager> unlock_manager) | 41 std::unique_ptr<UnlockManager> unlock_manager, |
| 42 std::unique_ptr<base::Clock> clock, |
| 43 std::unique_ptr<ProximityAuthPrefManager> pref_manager) |
| 29 : proximity_auth_client_(proximity_auth_client), | 44 : proximity_auth_client_(proximity_auth_client), |
| 30 unlock_manager_(std::move(unlock_manager)), | 45 unlock_manager_(std::move(unlock_manager)), |
| 46 clock_(std::move(clock)), |
| 47 pref_manager_(std::move(pref_manager)), |
| 31 suspended_(false), | 48 suspended_(false), |
| 32 started_(false), | 49 started_(false), |
| 33 weak_ptr_factory_(this) {} | 50 weak_ptr_factory_(this) {} |
| 34 | 51 |
| 35 ProximityAuthSystem::~ProximityAuthSystem() { | 52 ProximityAuthSystem::~ProximityAuthSystem() { |
| 36 ScreenlockBridge::Get()->RemoveObserver(this); | 53 ScreenlockBridge::Get()->RemoveObserver(this); |
| 37 unlock_manager_->SetRemoteDeviceLifeCycle(nullptr); | 54 unlock_manager_->SetRemoteDeviceLifeCycle(nullptr); |
| 38 } | 55 } |
| 39 | 56 |
| 40 void ProximityAuthSystem::Start() { | 57 void ProximityAuthSystem::Start() { |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 141 } | 158 } |
| 142 } | 159 } |
| 143 | 160 |
| 144 if (remote_devices_map_.find(account_id) == remote_devices_map_.end() || | 161 if (remote_devices_map_.find(account_id) == remote_devices_map_.end() || |
| 145 remote_devices_map_[account_id].size() == 0) { | 162 remote_devices_map_[account_id].size() == 0) { |
| 146 PA_LOG(INFO) << "User " << account_id.Serialize() | 163 PA_LOG(INFO) << "User " << account_id.Serialize() |
| 147 << " does not have a RemoteDevice."; | 164 << " does not have a RemoteDevice."; |
| 148 return; | 165 return; |
| 149 } | 166 } |
| 150 | 167 |
| 168 if (ShouldForcePassword()) { |
| 169 PA_LOG(INFO) << "Forcing password reauth."; |
| 170 proximity_auth_client_->UpdateScreenlockState( |
| 171 ScreenlockState::PASSWORD_REAUTH); |
| 172 return; |
| 173 } |
| 174 |
| 151 // TODO(tengs): We currently assume each user has only one RemoteDevice, so we | 175 // TODO(tengs): We currently assume each user has only one RemoteDevice, so we |
| 152 // can simply take the first item in the list. | 176 // can simply take the first item in the list. |
| 153 cryptauth::RemoteDevice remote_device = remote_devices_map_[account_id][0]; | 177 cryptauth::RemoteDevice remote_device = remote_devices_map_[account_id][0]; |
| 154 if (!suspended_) { | 178 if (!suspended_) { |
| 155 PA_LOG(INFO) << "Creating RemoteDeviceLifeCycle for focused user: " | 179 PA_LOG(INFO) << "Creating RemoteDeviceLifeCycle for focused user: " |
| 156 << account_id.Serialize(); | 180 << account_id.Serialize(); |
| 157 remote_device_life_cycle_ = CreateRemoteDeviceLifeCycle(remote_device); | 181 remote_device_life_cycle_ = CreateRemoteDeviceLifeCycle(remote_device); |
| 158 unlock_manager_->SetRemoteDeviceLifeCycle(remote_device_life_cycle_.get()); | 182 unlock_manager_->SetRemoteDeviceLifeCycle(remote_device_life_cycle_.get()); |
| 159 remote_device_life_cycle_->AddObserver(this); | 183 remote_device_life_cycle_->AddObserver(this); |
| 160 remote_device_life_cycle_->Start(); | 184 remote_device_life_cycle_->Start(); |
| 161 } | 185 } |
| 162 } | 186 } |
| 163 | 187 |
| 188 bool ProximityAuthSystem::ShouldForcePassword() { |
| 189 // TODO(tengs): Put this force password reauth logic behind an enterprise |
| 190 // policy. See crbug.com/724717. |
| 191 int64_t now_ms = clock_->Now().ToJavaTime(); |
| 192 int64_t last_password_ms = pref_manager_->GetLastPasswordEntryTimestampMs(); |
| 193 |
| 194 if (now_ms < last_password_ms) { |
| 195 PA_LOG(ERROR) << "Invalid last password timestamp: now=" << now_ms |
| 196 << ", last_password=" << last_password_ms; |
| 197 return true; |
| 198 } |
| 199 |
| 200 return base::TimeDelta::FromMilliseconds(now_ms - last_password_ms) > |
| 201 base::TimeDelta::FromHours(kPasswordReauthPeriodHours); |
| 202 } |
| 203 |
| 164 } // proximity_auth | 204 } // proximity_auth |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2902093002:
[EasyUnlock] Force user to enter their password after 20 hours. (Closed)
