Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Side by Side Diff: chrome/browser/chromeos/login/auth/chrome_login_performer.cc

Issue 614973002: Extract LoginPerformer to chromeos/auth (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Yet another merge Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/login/auth/login_performer.h" 5 #include "chrome/browser/chromeos/login/auth/chrome_login_performer.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/logging.h" 8 #include "base/thread_task_runner_handle.h"
9 #include "base/message_loop/message_loop.h"
10 #include "base/metrics/histogram.h"
11 #include "base/prefs/pref_service.h"
12 #include "base/strings/utf_string_conversions.h"
13 #include "base/threading/thread_restrictions.h"
14 #include "chrome/browser/browser_process.h" 9 #include "chrome/browser/browser_process.h"
15 #include "chrome/browser/chrome_notification_types.h"
16 #include "chrome/browser/chromeos/boot_times_loader.h"
17 #include "chrome/browser/chromeos/login/login_utils.h" 10 #include "chrome/browser/chromeos/login/login_utils.h"
18 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticatio n.h" 11 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticatio n.h"
19 #include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h" 12 #include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h"
20 #include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h" 13 #include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h"
21 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" 14 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
22 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" 15 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
23 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" 16 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
24 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" 17 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
25 #include "chrome/browser/chromeos/profiles/profile_helper.h" 18 #include "chrome/browser/chromeos/profiles/profile_helper.h"
26 #include "chrome/browser/chromeos/settings/cros_settings.h" 19 #include "chrome/browser/chromeos/settings/cros_settings.h"
27 #include "chrome/common/pref_names.h"
28 #include "chromeos/dbus/dbus_thread_manager.h"
29 #include "chromeos/dbus/session_manager_client.h"
30 #include "chromeos/login/user_names.h"
31 #include "chromeos/settings/cros_settings_names.h"
32 #include "components/user_manager/user_manager.h"
33 #include "content/public/browser/browser_thread.h"
34 #include "content/public/browser/notification_service.h"
35 #include "content/public/browser/notification_types.h"
36 #include "content/public/browser/user_metrics.h"
37 #include "google_apis/gaia/gaia_auth_util.h"
38 #include "net/cookies/cookie_monster.h"
39 #include "net/cookies/cookie_store.h"
40 #include "net/url_request/url_request_context.h"
41 #include "net/url_request/url_request_context_getter.h"
42
43 using base::UserMetricsAction;
44 using content::BrowserThread;
45 20
46 namespace chromeos { 21 namespace chromeos {
47 22
48 LoginPerformer::LoginPerformer(Delegate* delegate) 23 ChromeLoginPerformer::ChromeLoginPerformer(Delegate* delegate)
49 : online_attempt_host_(this), 24 : LoginPerformer(base::ThreadTaskRunnerHandle::Get(), delegate),
50 last_login_failure_(AuthFailure::AuthFailureNone()),
51 delegate_(delegate),
52 password_changed_(false),
53 password_changed_callback_count_(0),
54 auth_mode_(AUTH_MODE_INTERNAL),
55 weak_factory_(this) { 25 weak_factory_(this) {
56 } 26 }
57 27
58 LoginPerformer::~LoginPerformer() { 28 ChromeLoginPerformer::~ChromeLoginPerformer() {
59 DVLOG(1) << "Deleting LoginPerformer";
60 if (authenticator_.get())
61 authenticator_->SetConsumer(NULL);
62 if (extended_authenticator_.get())
63 extended_authenticator_->SetConsumer(NULL);
64 } 29 }
65 30
66 //////////////////////////////////////////////////////////////////////////////// 31 ////////////////////////////////////////////////////////////////////////////////
67 // LoginPerformer, AuthStatusConsumer implementation: 32 // ChromeLoginPerformer, public:
68 33
69 void LoginPerformer::OnAuthFailure(const AuthFailure& failure) { 34 bool ChromeLoginPerformer::RunTrustedCheck(const base::Closure& callback) {
70 content::RecordAction(UserMetricsAction("Login_Failure"));
71 UMA_HISTOGRAM_ENUMERATION("Login.FailureReason",
72 failure.reason(),
73 AuthFailure::NUM_FAILURE_REASONS);
74
75 DVLOG(1) << "failure.reason " << failure.reason();
76 DVLOG(1) << "failure.error.state " << failure.error().state();
77
78 last_login_failure_ = failure;
79 if (delegate_) {
80 delegate_->OnAuthFailure(failure);
81 return;
82 } else {
83 // COULD_NOT_MOUNT_CRYPTOHOME, COULD_NOT_MOUNT_TMPFS:
84 // happens during offline auth only.
85 NOTREACHED();
86 }
87 }
88
89 void LoginPerformer::OnRetailModeAuthSuccess(const UserContext& user_context) {
90 content::RecordAction(
91 UserMetricsAction("Login_DemoUserLoginSuccess"));
92 AuthStatusConsumer::OnRetailModeAuthSuccess(user_context);
93 }
94
95 void LoginPerformer::OnAuthSuccess(const UserContext& user_context) {
96 content::RecordAction(UserMetricsAction("Login_Success"));
97 VLOG(1) << "LoginSuccess hash: " << user_context.GetUserIDHash();
98 DCHECK(delegate_);
99 // After delegate_->OnAuthSuccess(...) is called, delegate_ releases
100 // LoginPerformer ownership. LP now manages it's lifetime on its own.
101 base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
102 delegate_->OnAuthSuccess(user_context);
103 }
104
105 void LoginPerformer::OnOffTheRecordAuthSuccess() {
106 content::RecordAction(
107 UserMetricsAction("Login_GuestLoginSuccess"));
108
109 if (delegate_)
110 delegate_->OnOffTheRecordAuthSuccess();
111 else
112 NOTREACHED();
113 }
114
115 void LoginPerformer::OnPasswordChangeDetected() {
116 password_changed_ = true;
117 password_changed_callback_count_++;
118 if (delegate_) {
119 delegate_->OnPasswordChangeDetected();
120 } else {
121 NOTREACHED();
122 }
123 }
124
125 void LoginPerformer::OnChecked(const std::string& username, bool success) {
126 if (!delegate_) {
127 // Delegate is reset in case of successful offline login.
128 // See ExistingUserConstoller::OnAuthSuccess().
129 // Case when user has changed password and enters old password
130 // does not block user from sign in yet.
131 return;
132 }
133 delegate_->OnOnlineChecked(username, success);
134 }
135
136 ////////////////////////////////////////////////////////////////////////////////
137 // LoginPerformer, public:
138
139 void LoginPerformer::PerformLogin(const UserContext& user_context,
140 AuthorizationMode auth_mode) {
141 auth_mode_ = auth_mode;
142 user_context_ = user_context;
143
144 CrosSettings* cros_settings = CrosSettings::Get(); 35 CrosSettings* cros_settings = CrosSettings::Get();
145 36
146 // Whitelist check is always performed during initial login.
147 CrosSettingsProvider::TrustedStatus status = 37 CrosSettingsProvider::TrustedStatus status =
148 cros_settings->PrepareTrustedValues( 38 cros_settings->PrepareTrustedValues(
149 base::Bind(&LoginPerformer::PerformLogin, 39 base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
150 weak_factory_.GetWeakPtr(), 40 weak_factory_.GetWeakPtr(),
151 user_context_, auth_mode)); 41 callback));
152 // Must not proceed without signature verification. 42 // Must not proceed without signature verification.
153 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) { 43 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
154 if (delegate_) 44 if (delegate_)
155 delegate_->PolicyLoadFailed(); 45 delegate_->PolicyLoadFailed();
156 else 46 else
157 NOTREACHED(); 47 NOTREACHED();
158 return; 48 return true; // Some callback was called.
159 } else if (status != CrosSettingsProvider::TRUSTED) { 49 } else if (status != CrosSettingsProvider::TRUSTED) {
160 // Value of AllowNewUser setting is still not verified. 50 // Value of AllowNewUser setting is still not verified.
161 // Another attempt will be invoked after verification completion. 51 // Another attempt will be invoked after verification completion.
162 return; 52 return false;
163 }
164
165 bool wildcard_match = false;
166 std::string email = gaia::CanonicalizeEmail(user_context.GetUserID());
167 bool is_whitelisted = LoginUtils::IsWhitelisted(email, &wildcard_match);
168 if (is_whitelisted) {
169 switch (auth_mode_) {
170 case AUTH_MODE_EXTENSION: {
171 // On enterprise devices, reconfirm login permission with the server.
172 policy::BrowserPolicyConnectorChromeOS* connector =
173 g_browser_process->platform_part()
174 ->browser_policy_connector_chromeos();
175 if (connector->IsEnterpriseManaged() && wildcard_match &&
176 !connector->IsNonEnterpriseUser(email)) {
177 wildcard_login_checker_.reset(new policy::WildcardLoginChecker());
178 wildcard_login_checker_->Start(
179 ProfileHelper::GetSigninProfile()->GetRequestContext(),
180 base::Bind(&LoginPerformer::OnlineWildcardLoginCheckCompleted,
181 weak_factory_.GetWeakPtr()));
182 } else {
183 StartLoginCompletion();
184 }
185 break;
186 }
187 case AUTH_MODE_INTERNAL:
188 StartAuthentication();
189 break;
190 }
191 } else { 53 } else {
192 if (delegate_) 54 // CrosSettingsProvider::TRUSTED
Nikita (slow) 2014/10/20 12:30:27 nit: add DCHECK instead // just in case this enum
193 delegate_->WhiteListCheckFailed(user_context.GetUserID()); 55 callback.Run();
194 else 56 return true; // Some callback was called.
195 NOTREACHED();
196 } 57 }
197 } 58 }
198 59
199 void LoginPerformer::LoginAsSupervisedUser( 60 void ChromeLoginPerformer::DidRunTrustedCheck(const base::Closure& callback) {
200 const UserContext& user_context) { 61 CrosSettings* cros_settings = CrosSettings::Get();
201 DCHECK_EQ(chromeos::login::kSupervisedUserDomain,
202 gaia::ExtractDomainName(user_context.GetUserID()));
203 62
204 CrosSettings* cros_settings = CrosSettings::Get();
205 CrosSettingsProvider::TrustedStatus status = 63 CrosSettingsProvider::TrustedStatus status =
206 cros_settings->PrepareTrustedValues( 64 cros_settings->PrepareTrustedValues(
207 base::Bind(&LoginPerformer::LoginAsSupervisedUser, 65 base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
208 weak_factory_.GetWeakPtr(), 66 weak_factory_.GetWeakPtr(),
209 user_context_)); 67 callback));
210 // Must not proceed without signature verification. 68 // Must not proceed without signature verification.
211 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) { 69 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
212 if (delegate_) 70 if (delegate_)
213 delegate_->PolicyLoadFailed(); 71 delegate_->PolicyLoadFailed();
214 else 72 else
215 NOTREACHED(); 73 NOTREACHED();
74 } else if (status != CrosSettingsProvider::TRUSTED) {
75 // Value of AllowNewUser setting is still not verified.
76 // Another attempt will be invoked after verification completion.
216 return; 77 return;
217 } else if (status != CrosSettingsProvider::TRUSTED) {
218 // Value of kAccountsPrefSupervisedUsersEnabled setting is still not
219 // verified. Another attempt will be invoked after verification completion.
220 return;
221 }
222
223 if (!user_manager::UserManager::Get()->AreSupervisedUsersAllowed()) {
224 LOG(ERROR) << "Login attempt of supervised user detected.";
225 delegate_->WhiteListCheckFailed(user_context.GetUserID());
226 return;
227 }
228
229 SupervisedUserLoginFlow* new_flow =
230 new SupervisedUserLoginFlow(user_context.GetUserID());
231 new_flow->set_host(
232 ChromeUserManager::Get()->GetUserFlow(user_context.GetUserID())->host());
233 ChromeUserManager::Get()->SetUserFlow(user_context.GetUserID(), new_flow);
234
235 SupervisedUserAuthentication* authentication =
236 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
237
238 UserContext user_context_copy = authentication->TransformKey(user_context);
239
240 if (authentication->GetPasswordSchema(user_context.GetUserID()) ==
241 SupervisedUserAuthentication::SCHEMA_SALT_HASHED) {
242 if (extended_authenticator_.get()) {
243 extended_authenticator_->SetConsumer(NULL);
244 }
245 extended_authenticator_ = ExtendedAuthenticator::Create(this);
246 // TODO(antrim) : Replace empty callback with explicit method.
247 // http://crbug.com/351268
248 BrowserThread::PostTask(
249 BrowserThread::UI,
250 FROM_HERE,
251 base::Bind(&ExtendedAuthenticator::AuthenticateToMount,
252 extended_authenticator_.get(),
253 user_context_copy,
254 ExtendedAuthenticator::ResultCallback()));
255
256 } else { 78 } else {
257 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); 79 // CrosSettingsProvider::TRUSTED
Nikita (slow) 2014/10/20 12:30:27 nit: Add DCHECK instead.
258 BrowserThread::PostTask( 80 callback.Run();
259 BrowserThread::UI,
260 FROM_HERE,
261 base::Bind(&Authenticator::LoginAsSupervisedUser,
262 authenticator_.get(),
263 user_context_copy));
264 } 81 }
265 } 82 }
266 83
267 void LoginPerformer::LoginRetailMode() { 84 bool ChromeLoginPerformer::IsUserWhitelisted(const std::string& user_id,
268 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); 85 bool* wildcard_match) {
269 BrowserThread::PostTask( 86 return LoginUtils::IsWhitelisted(user_id, wildcard_match);
270 BrowserThread::UI, FROM_HERE,
271 base::Bind(&Authenticator::LoginRetailMode, authenticator_.get()));
272 } 87 }
273 88
274 void LoginPerformer::LoginOffTheRecord() { 89 void ChromeLoginPerformer::RunOnlineWhitelistCheck(
275 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); 90 const std::string& user_id,
276 BrowserThread::PostTask( 91 bool wildcard_match,
277 BrowserThread::UI, FROM_HERE, 92 const base::Closure& success_callback,
278 base::Bind(&Authenticator::LoginOffTheRecord, authenticator_.get())); 93 const base::Closure& failure_callback) {
94 // On enterprise devices, reconfirm login permission with the server.
95 policy::BrowserPolicyConnectorChromeOS* connector =
96 g_browser_process->platform_part()->browser_policy_connector_chromeos();
97 if (connector->IsEnterpriseManaged() && wildcard_match &&
98 !connector->IsNonEnterpriseUser(user_id)) {
99 wildcard_login_checker_.reset(new policy::WildcardLoginChecker());
100 wildcard_login_checker_->Start(
101 ProfileHelper::GetSigninProfile()->GetRequestContext(),
102 base::Bind(&ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted,
103 weak_factory_.GetWeakPtr(),
104 success_callback,
105 failure_callback));
106 } else {
107 success_callback.Run();
108 }
279 } 109 }
280 110
281 void LoginPerformer::LoginAsPublicSession(const UserContext& user_context) { 111 scoped_refptr<Authenticator> ChromeLoginPerformer::CreateAuthenticator() {
112 return LoginUtils::Get()->CreateAuthenticator(this);
113 }
114
115 bool ChromeLoginPerformer::AreSupervisedUsersAllowed() {
116 return user_manager::UserManager::Get()->AreSupervisedUsersAllowed();
117 }
118
119 bool ChromeLoginPerformer::UseExtendedAuthenticatorForSupervisedUser(
120 const UserContext& user_context) {
121 SupervisedUserAuthentication* authentication =
122 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
123 return authentication->GetPasswordSchema(user_context.GetUserID()) ==
124 SupervisedUserAuthentication::SCHEMA_SALT_HASHED;
125 }
126
127 UserContext ChromeLoginPerformer::TransformSupervisedKey(
128 const UserContext& context) {
129 SupervisedUserAuthentication* authentication =
130 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
131 return authentication->TransformKey(context);
132 }
133
134 void ChromeLoginPerformer::SetupSupervisedUserFlow(const std::string& user_id) {
135 SupervisedUserLoginFlow* new_flow = new SupervisedUserLoginFlow(user_id);
136 new_flow->set_host(ChromeUserManager::Get()->GetUserFlow(user_id)->host());
137 ChromeUserManager::Get()->SetUserFlow(user_id, new_flow);
138 }
139
140 bool ChromeLoginPerformer::CheckPolicyForUser(const std::string& user_id) {
282 // Login is not allowed if policy could not be loaded for the account. 141 // Login is not allowed if policy could not be loaded for the account.
283 policy::BrowserPolicyConnectorChromeOS* connector = 142 policy::BrowserPolicyConnectorChromeOS* connector =
284 g_browser_process->platform_part()->browser_policy_connector_chromeos(); 143 g_browser_process->platform_part()->browser_policy_connector_chromeos();
285 policy::DeviceLocalAccountPolicyService* policy_service = 144 policy::DeviceLocalAccountPolicyService* policy_service =
286 connector->GetDeviceLocalAccountPolicyService(); 145 connector->GetDeviceLocalAccountPolicyService();
287 if (!policy_service || 146 return policy_service && policy_service->IsPolicyAvailableForUser(user_id);
288 !policy_service->IsPolicyAvailableForUser(user_context.GetUserID())) { 147 }
289 DCHECK(delegate_); 148 ////////////////////////////////////////////////////////////////////////////////
290 if (delegate_) 149 // ChromeLoginPerformer, private:
291 delegate_->PolicyLoadFailed();
292 return;
293 }
294 150
295 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); 151 content::BrowserContext* ChromeLoginPerformer::GetSigninContext() {
296 BrowserThread::PostTask( 152 return ProfileHelper::GetSigninProfile();
297 BrowserThread::UI, FROM_HERE,
298 base::Bind(&Authenticator::LoginAsPublicSession,
299 authenticator_.get(),
300 user_context));
301 } 153 }
302 154
303 void LoginPerformer::LoginAsKioskAccount(const std::string& app_user_id, 155 net::URLRequestContextGetter* ChromeLoginPerformer::GetSigninRequestContext() {
304 bool use_guest_mount) { 156 return ProfileHelper::GetSigninProfile()->GetRequestContext();
305 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
306 BrowserThread::PostTask(
307 BrowserThread::UI, FROM_HERE,
308 base::Bind(&Authenticator::LoginAsKioskAccount, authenticator_.get(),
309 app_user_id, use_guest_mount));
310 } 157 }
311 158
312 void LoginPerformer::RecoverEncryptedData(const std::string& old_password) { 159 void ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted(
313 BrowserThread::PostTask( 160 const base::Closure& success_callback,
314 BrowserThread::UI, FROM_HERE, 161 const base::Closure& failure_callback,
315 base::Bind(&Authenticator::RecoverEncryptedData, authenticator_.get(),
316 old_password));
317 }
318
319 void LoginPerformer::ResyncEncryptedData() {
320 BrowserThread::PostTask(
321 BrowserThread::UI, FROM_HERE,
322 base::Bind(&Authenticator::ResyncEncryptedData, authenticator_.get()));
323 }
324
325 ////////////////////////////////////////////////////////////////////////////////
326 // LoginPerformer, private:
327
328 void LoginPerformer::StartLoginCompletion() {
329 DVLOG(1) << "Login completion started";
330 BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false);
331 Profile* profile = ProfileHelper::GetSigninProfile();
332
333 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
334 BrowserThread::PostTask(
335 BrowserThread::UI, FROM_HERE,
336 base::Bind(&Authenticator::CompleteLogin, authenticator_.get(),
337 profile,
338 user_context_));
339 user_context_.ClearSecrets();
340 }
341
342 void LoginPerformer::StartAuthentication() {
343 DVLOG(1) << "Auth started";
344 BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false);
345 Profile* profile = ProfileHelper::GetSigninProfile();
346 if (delegate_) {
347 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
348 BrowserThread::PostTask(
349 BrowserThread::UI, FROM_HERE,
350 base::Bind(&Authenticator::AuthenticateToLogin, authenticator_.get(),
351 profile,
352 user_context_));
353 // Make unobtrusive online check. It helps to determine password change
354 // state in the case when offline login fails.
355 online_attempt_host_.Check(profile->GetRequestContext(), user_context_);
356 } else {
357 NOTREACHED();
358 }
359 user_context_.ClearSecrets();
360 }
361
362 void LoginPerformer::OnlineWildcardLoginCheckCompleted(
363 policy::WildcardLoginChecker::Result result) { 162 policy::WildcardLoginChecker::Result result) {
364 if (result == policy::WildcardLoginChecker::RESULT_ALLOWED) { 163 if (result == policy::WildcardLoginChecker::RESULT_ALLOWED) {
365 StartLoginCompletion(); 164 success_callback.Run();
366 } else { 165 } else {
367 if (delegate_) 166 failure_callback.Run();
368 delegate_->WhiteListCheckFailed(user_context_.GetUserID());
369 } 167 }
370 } 168 }
371 169
372 } // namespace chromeos 170 } // namespace chromeos
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698