| Index: chromeos/login/auth/login_performer.cc
|
| diff --git a/chrome/browser/chromeos/login/auth/login_performer.cc b/chromeos/login/auth/login_performer.cc
|
| similarity index 40%
|
| rename from chrome/browser/chromeos/login/auth/login_performer.cc
|
| rename to chromeos/login/auth/login_performer.cc
|
| index 3b07888d5bd70cc51abc534dbe0a6845b43cab73..823036f783f56b0b55b7f11881ebb27108190f91 100644
|
| --- a/chrome/browser/chromeos/login/auth/login_performer.cc
|
| +++ b/chromeos/login/auth/login_performer.cc
|
| @@ -2,38 +2,22 @@
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#include "chrome/browser/chromeos/login/auth/login_performer.h"
|
| +#include "chromeos/login/auth/login_performer.h"
|
|
|
| #include "base/bind.h"
|
| #include "base/logging.h"
|
| #include "base/message_loop/message_loop.h"
|
| #include "base/metrics/histogram.h"
|
| +#include "base/metrics/user_metrics.h"
|
| +#include "base/metrics/user_metrics_action.h"
|
| #include "base/prefs/pref_service.h"
|
| #include "base/strings/utf_string_conversions.h"
|
| #include "base/threading/thread_restrictions.h"
|
| -#include "chrome/browser/browser_process.h"
|
| -#include "chrome/browser/chrome_notification_types.h"
|
| -#include "chrome/browser/chromeos/boot_times_loader.h"
|
| -#include "chrome/browser/chromeos/login/login_utils.h"
|
| -#include "chrome/browser/chromeos/login/supervised/supervised_user_authentication.h"
|
| -#include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h"
|
| -#include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h"
|
| -#include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
|
| -#include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
|
| -#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
|
| -#include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
|
| -#include "chrome/browser/chromeos/profiles/profile_helper.h"
|
| -#include "chrome/browser/chromeos/settings/cros_settings.h"
|
| -#include "chrome/common/pref_names.h"
|
| #include "chromeos/dbus/dbus_thread_manager.h"
|
| #include "chromeos/dbus/session_manager_client.h"
|
| #include "chromeos/login/user_names.h"
|
| +#include "chromeos/login_event_recorder.h"
|
| #include "chromeos/settings/cros_settings_names.h"
|
| -#include "components/user_manager/user_manager.h"
|
| -#include "content/public/browser/browser_thread.h"
|
| -#include "content/public/browser/notification_service.h"
|
| -#include "content/public/browser/notification_types.h"
|
| -#include "content/public/browser/user_metrics.h"
|
| #include "google_apis/gaia/gaia_auth_util.h"
|
| #include "net/cookies/cookie_monster.h"
|
| #include "net/cookies/cookie_store.h"
|
| @@ -41,14 +25,15 @@
|
| #include "net/url_request/url_request_context_getter.h"
|
|
|
| using base::UserMetricsAction;
|
| -using content::BrowserThread;
|
|
|
| namespace chromeos {
|
|
|
| -LoginPerformer::LoginPerformer(Delegate* delegate)
|
| - : online_attempt_host_(this),
|
| +LoginPerformer::LoginPerformer(scoped_refptr<base::TaskRunner> task_runner,
|
| + Delegate* delegate)
|
| + : delegate_(delegate),
|
| + task_runner_(task_runner),
|
| + online_attempt_host_(this),
|
| last_login_failure_(AuthFailure::AuthFailureNone()),
|
| - delegate_(delegate),
|
| password_changed_(false),
|
| password_changed_callback_count_(0),
|
| auth_mode_(AUTH_MODE_INTERNAL),
|
| @@ -67,7 +52,9 @@ LoginPerformer::~LoginPerformer() {
|
| // LoginPerformer, AuthStatusConsumer implementation:
|
|
|
| void LoginPerformer::OnAuthFailure(const AuthFailure& failure) {
|
| - content::RecordAction(UserMetricsAction("Login_Failure"));
|
| + DCHECK(task_runner_->RunsTasksOnCurrentThread());
|
| + base::RecordAction(UserMetricsAction("Login_Failure"));
|
| +
|
| UMA_HISTOGRAM_ENUMERATION("Login.FailureReason",
|
| failure.reason(),
|
| AuthFailure::NUM_FAILURE_REASONS);
|
| @@ -87,13 +74,14 @@ void LoginPerformer::OnAuthFailure(const AuthFailure& failure) {
|
| }
|
|
|
| void LoginPerformer::OnRetailModeAuthSuccess(const UserContext& user_context) {
|
| - content::RecordAction(
|
| - UserMetricsAction("Login_DemoUserLoginSuccess"));
|
| + DCHECK(task_runner_->RunsTasksOnCurrentThread());
|
| + base::RecordAction(UserMetricsAction("Login_DemoUserLoginSuccess"));
|
| AuthStatusConsumer::OnRetailModeAuthSuccess(user_context);
|
| }
|
|
|
| void LoginPerformer::OnAuthSuccess(const UserContext& user_context) {
|
| - content::RecordAction(UserMetricsAction("Login_Success"));
|
| + DCHECK(task_runner_->RunsTasksOnCurrentThread());
|
| + base::RecordAction(UserMetricsAction("Login_Success"));
|
| VLOG(1) << "LoginSuccess hash: " << user_context.GetUserIDHash();
|
| DCHECK(delegate_);
|
| // After delegate_->OnAuthSuccess(...) is called, delegate_ releases
|
| @@ -103,8 +91,8 @@ void LoginPerformer::OnAuthSuccess(const UserContext& user_context) {
|
| }
|
|
|
| void LoginPerformer::OnOffTheRecordAuthSuccess() {
|
| - content::RecordAction(
|
| - UserMetricsAction("Login_GuestLoginSuccess"));
|
| + DCHECK(task_runner_->RunsTasksOnCurrentThread());
|
| + base::RecordAction(UserMetricsAction("Login_GuestLoginSuccess"));
|
|
|
| if (delegate_)
|
| delegate_->OnOffTheRecordAuthSuccess();
|
| @@ -122,7 +110,7 @@ void LoginPerformer::OnPasswordChangeDetected() {
|
| }
|
| }
|
|
|
| -void LoginPerformer::OnChecked(const std::string& username, bool success) {
|
| +void LoginPerformer::OnChecked(const std::string& user_id, bool success) {
|
| if (!delegate_) {
|
| // Delegate is reset in case of successful offline login.
|
| // See ExistingUserConstoller::OnAuthSuccess().
|
| @@ -130,123 +118,82 @@ void LoginPerformer::OnChecked(const std::string& username, bool success) {
|
| // does not block user from sign in yet.
|
| return;
|
| }
|
| - delegate_->OnOnlineChecked(username, success);
|
| + delegate_->OnOnlineChecked(user_id, success);
|
| }
|
|
|
| ////////////////////////////////////////////////////////////////////////////////
|
| // LoginPerformer, public:
|
|
|
| +void LoginPerformer::NotifyWhitelistCheckFailure() {
|
| + if (delegate_)
|
| + delegate_->WhiteListCheckFailed(user_context_.GetUserID());
|
| + else
|
| + NOTREACHED();
|
| +}
|
| +
|
| void LoginPerformer::PerformLogin(const UserContext& user_context,
|
| AuthorizationMode auth_mode) {
|
| auth_mode_ = auth_mode;
|
| user_context_ = user_context;
|
|
|
| - CrosSettings* cros_settings = CrosSettings::Get();
|
| -
|
| - // Whitelist check is always performed during initial login.
|
| - CrosSettingsProvider::TrustedStatus status =
|
| - cros_settings->PrepareTrustedValues(
|
| - base::Bind(&LoginPerformer::PerformLogin,
|
| - weak_factory_.GetWeakPtr(),
|
| - user_context_, auth_mode));
|
| - // Must not proceed without signature verification.
|
| - if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
|
| - if (delegate_)
|
| - delegate_->PolicyLoadFailed();
|
| - else
|
| - NOTREACHED();
|
| - return;
|
| - } else if (status != CrosSettingsProvider::TRUSTED) {
|
| - // Value of AllowNewUser setting is still not verified.
|
| - // Another attempt will be invoked after verification completion.
|
| + if (RunTrustedCheck(base::Bind(&LoginPerformer::DoPerformLogin,
|
| + weak_factory_.GetWeakPtr(),
|
| + user_context_,
|
| + auth_mode))) {
|
| return;
|
| }
|
| + DoPerformLogin(user_context, auth_mode);
|
| +}
|
|
|
| - bool wildcard_match = false;
|
| +void LoginPerformer::DoPerformLogin(const UserContext& user_context,
|
| + AuthorizationMode auth_mode) {
|
| std::string email = gaia::CanonicalizeEmail(user_context.GetUserID());
|
| - bool is_whitelisted = LoginUtils::IsWhitelisted(email, &wildcard_match);
|
| - if (is_whitelisted) {
|
| - switch (auth_mode_) {
|
| - case AUTH_MODE_EXTENSION: {
|
| - // On enterprise devices, reconfirm login permission with the server.
|
| - policy::BrowserPolicyConnectorChromeOS* connector =
|
| - g_browser_process->platform_part()
|
| - ->browser_policy_connector_chromeos();
|
| - if (connector->IsEnterpriseManaged() && wildcard_match &&
|
| - !connector->IsNonEnterpriseUser(email)) {
|
| - wildcard_login_checker_.reset(new policy::WildcardLoginChecker());
|
| - wildcard_login_checker_->Start(
|
| - ProfileHelper::GetSigninProfile()->GetRequestContext(),
|
| - base::Bind(&LoginPerformer::OnlineWildcardLoginCheckCompleted,
|
| - weak_factory_.GetWeakPtr()));
|
| - } else {
|
| - StartLoginCompletion();
|
| - }
|
| - break;
|
| - }
|
| - case AUTH_MODE_INTERNAL:
|
| - StartAuthentication();
|
| - break;
|
| + bool wildcard_match = false;
|
| + if (!IsUserWhitelisted(email, &wildcard_match)) {
|
| + NotifyWhitelistCheckFailure();
|
| + return;
|
| + }
|
| + switch (auth_mode_) {
|
| + case AUTH_MODE_EXTENSION: {
|
| + RunOnlineWhitelistCheck(
|
| + email,
|
| + wildcard_match,
|
| + base::Bind(&LoginPerformer::StartLoginCompletion,
|
| + weak_factory_.GetWeakPtr()),
|
| + base::Bind(&LoginPerformer::NotifyWhitelistCheckFailure,
|
| + weak_factory_.GetWeakPtr()));
|
| + break;
|
| }
|
| - } else {
|
| - if (delegate_)
|
| - delegate_->WhiteListCheckFailed(user_context.GetUserID());
|
| - else
|
| - NOTREACHED();
|
| + case AUTH_MODE_INTERNAL:
|
| + StartAuthentication();
|
| + break;
|
| }
|
| }
|
|
|
| -void LoginPerformer::LoginAsSupervisedUser(
|
| - const UserContext& user_context) {
|
| +void LoginPerformer::LoginAsSupervisedUser(const UserContext& user_context) {
|
| DCHECK_EQ(chromeos::login::kSupervisedUserDomain,
|
| gaia::ExtractDomainName(user_context.GetUserID()));
|
|
|
| - CrosSettings* cros_settings = CrosSettings::Get();
|
| - CrosSettingsProvider::TrustedStatus status =
|
| - cros_settings->PrepareTrustedValues(
|
| - base::Bind(&LoginPerformer::LoginAsSupervisedUser,
|
| - weak_factory_.GetWeakPtr(),
|
| - user_context_));
|
| - // Must not proceed without signature verification.
|
| - if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
|
| - if (delegate_)
|
| - delegate_->PolicyLoadFailed();
|
| - else
|
| - NOTREACHED();
|
| - return;
|
| - } else if (status != CrosSettingsProvider::TRUSTED) {
|
| - // Value of kAccountsPrefSupervisedUsersEnabled setting is still not
|
| - // verified. Another attempt will be invoked after verification completion.
|
| + if (RunTrustedCheck(base::Bind(&LoginPerformer::LoginAsSupervisedUser,
|
| + weak_factory_.GetWeakPtr(),
|
| + user_context_))) {
|
| return;
|
| }
|
|
|
| - if (!user_manager::UserManager::Get()->AreSupervisedUsersAllowed()) {
|
| + if (!AreSupervisedUsersAllowed()) {
|
| LOG(ERROR) << "Login attempt of supervised user detected.";
|
| delegate_->WhiteListCheckFailed(user_context.GetUserID());
|
| return;
|
| }
|
|
|
| - SupervisedUserLoginFlow* new_flow =
|
| - new SupervisedUserLoginFlow(user_context.GetUserID());
|
| - new_flow->set_host(
|
| - ChromeUserManager::Get()->GetUserFlow(user_context.GetUserID())->host());
|
| - ChromeUserManager::Get()->SetUserFlow(user_context.GetUserID(), new_flow);
|
| -
|
| - SupervisedUserAuthentication* authentication =
|
| - ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
|
| + SetupSupervisedUserFlow(user_context.GetUserID());
|
| + UserContext user_context_copy = TransformSupervisedKey(user_context);
|
|
|
| - UserContext user_context_copy = authentication->TransformKey(user_context);
|
| -
|
| - if (authentication->GetPasswordSchema(user_context.GetUserID()) ==
|
| - SupervisedUserAuthentication::SCHEMA_SALT_HASHED) {
|
| - if (extended_authenticator_.get()) {
|
| - extended_authenticator_->SetConsumer(NULL);
|
| - }
|
| - extended_authenticator_ = ExtendedAuthenticator::Create(this);
|
| + if (UseExtendedAuthenticatorForSupervisedUser(user_context)) {
|
| + EnsureExtendedAuthenticator();
|
| // TODO(antrim) : Replace empty callback with explicit method.
|
| // http://crbug.com/351268
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI,
|
| + task_runner_->PostTask(
|
| FROM_HERE,
|
| base::Bind(&ExtendedAuthenticator::AuthenticateToMount,
|
| extended_authenticator_.get(),
|
| @@ -254,119 +201,109 @@ void LoginPerformer::LoginAsSupervisedUser(
|
| ExtendedAuthenticator::ResultCallback()));
|
|
|
| } else {
|
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI,
|
| - FROM_HERE,
|
| - base::Bind(&Authenticator::LoginAsSupervisedUser,
|
| - authenticator_.get(),
|
| - user_context_copy));
|
| + EnsureAuthenticator();
|
| + task_runner_->PostTask(FROM_HERE,
|
| + base::Bind(&Authenticator::LoginAsSupervisedUser,
|
| + authenticator_.get(),
|
| + user_context_copy));
|
| }
|
| }
|
|
|
| -void LoginPerformer::LoginRetailMode() {
|
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI, FROM_HERE,
|
| - base::Bind(&Authenticator::LoginRetailMode, authenticator_.get()));
|
| -}
|
| -
|
| -void LoginPerformer::LoginOffTheRecord() {
|
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI, FROM_HERE,
|
| - base::Bind(&Authenticator::LoginOffTheRecord, authenticator_.get()));
|
| -}
|
| -
|
| void LoginPerformer::LoginAsPublicSession(const UserContext& user_context) {
|
| - // Login is not allowed if policy could not be loaded for the account.
|
| - policy::BrowserPolicyConnectorChromeOS* connector =
|
| - g_browser_process->platform_part()->browser_policy_connector_chromeos();
|
| - policy::DeviceLocalAccountPolicyService* policy_service =
|
| - connector->GetDeviceLocalAccountPolicyService();
|
| - if (!policy_service ||
|
| - !policy_service->IsPolicyAvailableForUser(user_context.GetUserID())) {
|
| + if (!CheckPolicyForUser(user_context.GetUserID())) {
|
| DCHECK(delegate_);
|
| if (delegate_)
|
| delegate_->PolicyLoadFailed();
|
| return;
|
| }
|
|
|
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI, FROM_HERE,
|
| - base::Bind(&Authenticator::LoginAsPublicSession,
|
| - authenticator_.get(),
|
| - user_context));
|
| + EnsureAuthenticator();
|
| + task_runner_->PostTask(FROM_HERE,
|
| + base::Bind(&Authenticator::LoginAsPublicSession,
|
| + authenticator_.get(),
|
| + user_context));
|
| +}
|
| +
|
| +void LoginPerformer::LoginRetailMode() {
|
| + EnsureAuthenticator();
|
| + task_runner_->PostTask(
|
| + FROM_HERE,
|
| + base::Bind(&Authenticator::LoginRetailMode, authenticator_.get()));
|
| +}
|
| +
|
| +void LoginPerformer::LoginOffTheRecord() {
|
| + EnsureAuthenticator();
|
| + task_runner_->PostTask(
|
| + FROM_HERE,
|
| + base::Bind(&Authenticator::LoginOffTheRecord, authenticator_.get()));
|
| }
|
|
|
| void LoginPerformer::LoginAsKioskAccount(const std::string& app_user_id,
|
| bool use_guest_mount) {
|
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI, FROM_HERE,
|
| - base::Bind(&Authenticator::LoginAsKioskAccount, authenticator_.get(),
|
| - app_user_id, use_guest_mount));
|
| + EnsureAuthenticator();
|
| + task_runner_->PostTask(FROM_HERE,
|
| + base::Bind(&Authenticator::LoginAsKioskAccount,
|
| + authenticator_.get(),
|
| + app_user_id,
|
| + use_guest_mount));
|
| }
|
|
|
| void LoginPerformer::RecoverEncryptedData(const std::string& old_password) {
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI, FROM_HERE,
|
| - base::Bind(&Authenticator::RecoverEncryptedData, authenticator_.get(),
|
| - old_password));
|
| + task_runner_->PostTask(FROM_HERE,
|
| + base::Bind(&Authenticator::RecoverEncryptedData,
|
| + authenticator_.get(),
|
| + old_password));
|
| }
|
|
|
| void LoginPerformer::ResyncEncryptedData() {
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI, FROM_HERE,
|
| + task_runner_->PostTask(
|
| + FROM_HERE,
|
| base::Bind(&Authenticator::ResyncEncryptedData, authenticator_.get()));
|
| }
|
|
|
| ////////////////////////////////////////////////////////////////////////////////
|
| // LoginPerformer, private:
|
|
|
| +void LoginPerformer::EnsureExtendedAuthenticator() {
|
| + if (extended_authenticator_.get())
|
| + extended_authenticator_->SetConsumer(NULL);
|
| + extended_authenticator_ = ExtendedAuthenticator::Create(this);
|
| +}
|
| +
|
| void LoginPerformer::StartLoginCompletion() {
|
| DVLOG(1) << "Login completion started";
|
| - BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false);
|
| - Profile* profile = ProfileHelper::GetSigninProfile();
|
| -
|
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI, FROM_HERE,
|
| - base::Bind(&Authenticator::CompleteLogin, authenticator_.get(),
|
| - profile,
|
| - user_context_));
|
| + chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker("AuthStarted", false);
|
| + content::BrowserContext* browser_context = GetSigninContext();
|
| + EnsureAuthenticator();
|
| + task_runner_->PostTask(FROM_HERE,
|
| + base::Bind(&chromeos::Authenticator::CompleteLogin,
|
| + authenticator_.get(),
|
| + browser_context,
|
| + user_context_));
|
| user_context_.ClearSecrets();
|
| }
|
|
|
| void LoginPerformer::StartAuthentication() {
|
| DVLOG(1) << "Auth started";
|
| - BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false);
|
| - Profile* profile = ProfileHelper::GetSigninProfile();
|
| + chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker("AuthStarted", false);
|
| if (delegate_) {
|
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI, FROM_HERE,
|
| - base::Bind(&Authenticator::AuthenticateToLogin, authenticator_.get(),
|
| - profile,
|
| - user_context_));
|
| + EnsureAuthenticator();
|
| + content::BrowserContext* browser_context = GetSigninContext();
|
| + task_runner_->PostTask(FROM_HERE,
|
| + base::Bind(&Authenticator::AuthenticateToLogin,
|
| + authenticator_.get(),
|
| + base::Unretained(browser_context),
|
| + user_context_));
|
| // Make unobtrusive online check. It helps to determine password change
|
| // state in the case when offline login fails.
|
| - online_attempt_host_.Check(profile->GetRequestContext(), user_context_);
|
| + online_attempt_host_.Check(GetSigninRequestContext(), user_context_);
|
| } else {
|
| NOTREACHED();
|
| }
|
| user_context_.ClearSecrets();
|
| }
|
|
|
| -void LoginPerformer::OnlineWildcardLoginCheckCompleted(
|
| - policy::WildcardLoginChecker::Result result) {
|
| - if (result == policy::WildcardLoginChecker::RESULT_ALLOWED) {
|
| - StartLoginCompletion();
|
| - } else {
|
| - if (delegate_)
|
| - delegate_->WhiteListCheckFailed(user_context_.GetUserID());
|
| - }
|
| +void LoginPerformer::EnsureAuthenticator() {
|
| + authenticator_ = CreateAuthenticator();
|
| }
|
| -
|
| } // namespace chromeos
|
|
|
Chromium Code Reviews
Issue 614973002:
Extract LoginPerformer to chromeos/auth (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master