Chromium Code Reviews Chromium Code Reviews
Issue 614973002:
Extract LoginPerformer to chromeos/auth (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chromeos/login/auth/login_performer.cc |
| diff --git a/chrome/browser/chromeos/login/auth/login_performer.cc b/chromeos/login/auth/login_performer.cc |
| similarity index 41% |
| rename from chrome/browser/chromeos/login/auth/login_performer.cc |
| rename to chromeos/login/auth/login_performer.cc |
| index c3200a4132f5ebf9b0db525e8426e3a5fcca18e7..8e35e7b8d3728c98916f25bb0ff6cfdaf5c72b8d 100644 |
| --- a/chrome/browser/chromeos/login/auth/login_performer.cc |
| +++ b/chromeos/login/auth/login_performer.cc |
| @@ -2,38 +2,22 @@ |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| -#include "chrome/browser/chromeos/login/auth/login_performer.h" |
| +#include "chromeos/login/auth/login_performer.h" |
| #include "base/bind.h" |
| #include "base/logging.h" |
| #include "base/message_loop/message_loop.h" |
| #include "base/metrics/histogram.h" |
| +#include "base/metrics/user_metrics.h" |
| +#include "base/metrics/user_metrics_action.h" |
| #include "base/prefs/pref_service.h" |
| #include "base/strings/utf_string_conversions.h" |
| #include "base/threading/thread_restrictions.h" |
| -#include "chrome/browser/browser_process.h" |
| -#include "chrome/browser/chrome_notification_types.h" |
| -#include "chrome/browser/chromeos/boot_times_loader.h" |
| -#include "chrome/browser/chromeos/login/login_utils.h" |
| -#include "chrome/browser/chromeos/login/supervised/supervised_user_authentication.h" |
| -#include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h" |
| -#include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h" |
| -#include "chrome/browser/chromeos/login/users/chrome_user_manager.h" |
| -#include "chrome/browser/chromeos/login/users/supervised_user_manager.h" |
| -#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
| -#include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" |
| -#include "chrome/browser/chromeos/profiles/profile_helper.h" |
| -#include "chrome/browser/chromeos/settings/cros_settings.h" |
| -#include "chrome/common/pref_names.h" |
| #include "chromeos/dbus/dbus_thread_manager.h" |
| #include "chromeos/dbus/session_manager_client.h" |
| #include "chromeos/login/user_names.h" |
| +#include "chromeos/login_event_recorder.h" |
| #include "chromeos/settings/cros_settings_names.h" |
| -#include "components/user_manager/user_manager.h" |
| -#include "content/public/browser/browser_thread.h" |
| -#include "content/public/browser/notification_service.h" |
| -#include "content/public/browser/notification_types.h" |
| -#include "content/public/browser/user_metrics.h" |
| #include "google_apis/gaia/gaia_auth_util.h" |
| #include "net/cookies/cookie_monster.h" |
| #include "net/cookies/cookie_store.h" |
| @@ -41,14 +25,15 @@ |
| #include "net/url_request/url_request_context_getter.h" |
| using base::UserMetricsAction; |
| -using content::BrowserThread; |
| namespace chromeos { |
| -LoginPerformer::LoginPerformer(Delegate* delegate) |
| - : online_attempt_host_(this), |
| +LoginPerformer::LoginPerformer(scoped_refptr<base::TaskRunner> task_runner, |
| + Delegate* delegate) |
| + : delegate_(delegate), |
| + task_runner_(task_runner), |
| + online_attempt_host_(this), |
| last_login_failure_(AuthFailure::AuthFailureNone()), |
| - delegate_(delegate), |
| password_changed_(false), |
| password_changed_callback_count_(0), |
| auth_mode_(AUTH_MODE_INTERNAL), |
| @@ -67,7 +52,9 @@ LoginPerformer::~LoginPerformer() { |
| // LoginPerformer, AuthStatusConsumer implementation: |
| void LoginPerformer::OnAuthFailure(const AuthFailure& failure) { |
| - content::RecordAction(UserMetricsAction("Login_Failure")); |
| + DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| + base::RecordAction(UserMetricsAction("Login_Failure")); |
| + |
| UMA_HISTOGRAM_ENUMERATION("Login.FailureReason", |
| failure.reason(), |
| AuthFailure::NUM_FAILURE_REASONS); |
| @@ -87,13 +74,14 @@ void LoginPerformer::OnAuthFailure(const AuthFailure& failure) { |
| } |
| void LoginPerformer::OnRetailModeAuthSuccess(const UserContext& user_context) { |
| - content::RecordAction( |
| - UserMetricsAction("Login_DemoUserLoginSuccess")); |
| + DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| + base::RecordAction(UserMetricsAction("Login_DemoUserLoginSuccess")); |
| AuthStatusConsumer::OnRetailModeAuthSuccess(user_context); |
| } |
| void LoginPerformer::OnAuthSuccess(const UserContext& user_context) { |
| - content::RecordAction(UserMetricsAction("Login_Success")); |
| + DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| + base::RecordAction(UserMetricsAction("Login_Success")); |
| VLOG(1) << "LoginSuccess hash: " << user_context.GetUserIDHash(); |
| DCHECK(delegate_); |
| // After delegate_->OnAuthSuccess(...) is called, delegate_ releases |
| @@ -103,8 +91,8 @@ void LoginPerformer::OnAuthSuccess(const UserContext& user_context) { |
| } |
| void LoginPerformer::OnOffTheRecordAuthSuccess() { |
| - content::RecordAction( |
| - UserMetricsAction("Login_GuestLoginSuccess")); |
| + DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| + base::RecordAction(UserMetricsAction("Login_GuestLoginSuccess")); |
| if (delegate_) |
| delegate_->OnOffTheRecordAuthSuccess(); |
| @@ -136,117 +124,74 @@ void LoginPerformer::OnChecked(const std::string& username, bool success) { |
| //////////////////////////////////////////////////////////////////////////////// |
| // LoginPerformer, public: |
| +void LoginPerformer::NotifyWhitelistCheckFailure() { |
| + if (delegate_) |
| + delegate_->WhiteListCheckFailed(user_context_.GetUserID()); |
| + else |
| + NOTREACHED(); |
| +} |
| + |
| void LoginPerformer::PerformLogin(const UserContext& user_context, |
| AuthorizationMode auth_mode) { |
| auth_mode_ = auth_mode; |
| user_context_ = user_context; |
| - CrosSettings* cros_settings = CrosSettings::Get(); |
| - |
| - // Whitelist check is always performed during initial login. |
| - CrosSettingsProvider::TrustedStatus status = |
| - cros_settings->PrepareTrustedValues( |
| - base::Bind(&LoginPerformer::PerformLogin, |
| - weak_factory_.GetWeakPtr(), |
| - user_context_, auth_mode)); |
| - // Must not proceed without signature verification. |
| - if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) { |
| - if (delegate_) |
| - delegate_->PolicyLoadFailed(); |
| - else |
| - NOTREACHED(); |
| - return; |
| - } else if (status != CrosSettingsProvider::TRUSTED) { |
| - // Value of AllowNewUser setting is still not verified. |
| - // Another attempt will be invoked after verification completion. |
| + if (RunTrustedCheck(base::Bind(&LoginPerformer::DoPerformLogin, |
| + weak_factory_.GetWeakPtr(), |
| + user_context_, |
| + auth_mode))) |
| return; |
|
Nikita (slow)
2014/10/06 14:55:33
nit: Add {}
|
| - } |
| + DoPerformLogin(user_context, auth_mode); |
| +} |
| - bool wildcard_match = false; |
| +void LoginPerformer::DoPerformLogin(const UserContext& user_context, |
| + AuthorizationMode auth_mode) { |
| std::string email = gaia::CanonicalizeEmail(user_context.GetUserID()); |
| - bool is_whitelisted = LoginUtils::IsWhitelisted(email, &wildcard_match); |
| - if (is_whitelisted) { |
| - switch (auth_mode_) { |
| - case AUTH_MODE_EXTENSION: { |
| - // On enterprise devices, reconfirm login permission with the server. |
| - policy::BrowserPolicyConnectorChromeOS* connector = |
| - g_browser_process->platform_part() |
| - ->browser_policy_connector_chromeos(); |
| - if (connector->IsEnterpriseManaged() && wildcard_match && |
| - !connector->IsNonEnterpriseUser(email)) { |
| - wildcard_login_checker_.reset(new policy::WildcardLoginChecker()); |
| - wildcard_login_checker_->Start( |
| - ProfileHelper::GetSigninProfile()->GetRequestContext(), |
| - base::Bind(&LoginPerformer::OnlineWildcardLoginCheckCompleted, |
| - weak_factory_.GetWeakPtr())); |
| - } else { |
| - StartLoginCompletion(); |
| - } |
| - break; |
| - } |
| - case AUTH_MODE_INTERNAL: |
| - StartAuthentication(); |
| - break; |
| + bool wildcard_match = false; |
| + if (!IsUserWhitelisted(email, &wildcard_match)) { |
| + NotifyWhitelistCheckFailure(); |
| + return; |
| + } |
| + switch (auth_mode_) { |
| + case AUTH_MODE_EXTENSION: { |
| + RunOnlineWhitelistCheck( |
| + email, |
| + wildcard_match, |
| + base::Bind(&LoginPerformer::StartLoginCompletion, |
| + weak_factory_.GetWeakPtr()), |
| + base::Bind(&LoginPerformer::NotifyWhitelistCheckFailure, |
| + weak_factory_.GetWeakPtr())); |
| + break; |
| } |
| - } else { |
| - if (delegate_) |
| - delegate_->WhiteListCheckFailed(user_context.GetUserID()); |
| - else |
| - NOTREACHED(); |
| + case AUTH_MODE_INTERNAL: |
| + StartAuthentication(); |
| + break; |
| } |
| } |
| -void LoginPerformer::LoginAsSupervisedUser( |
| - const UserContext& user_context) { |
| +void LoginPerformer::LoginAsSupervisedUser(const UserContext& user_context) { |
| DCHECK_EQ(chromeos::login::kSupervisedUserDomain, |
| gaia::ExtractDomainName(user_context.GetUserID())); |
| - CrosSettings* cros_settings = CrosSettings::Get(); |
| - CrosSettingsProvider::TrustedStatus status = |
| - cros_settings->PrepareTrustedValues( |
| - base::Bind(&LoginPerformer::LoginAsSupervisedUser, |
| - weak_factory_.GetWeakPtr(), |
| - user_context_)); |
| - // Must not proceed without signature verification. |
| - if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) { |
| - if (delegate_) |
| - delegate_->PolicyLoadFailed(); |
| - else |
| - NOTREACHED(); |
| - return; |
| - } else if (status != CrosSettingsProvider::TRUSTED) { |
| - // Value of kAccountsPrefSupervisedUsersEnabled setting is still not |
| - // verified. Another attempt will be invoked after verification completion. |
| + if (RunTrustedCheck(base::Bind(&LoginPerformer::LoginAsSupervisedUser, |
| + weak_factory_.GetWeakPtr(), |
| + user_context_))) |
| return; |
|
Nikita (slow)
2014/10/06 14:55:33
nit: Add {}
|
| - } |
| - if (!user_manager::UserManager::Get()->AreSupervisedUsersAllowed()) { |
| + if (!AreSupervisedUsersAllowed()) { |
| LOG(ERROR) << "Login attempt of supervised user detected."; |
| delegate_->WhiteListCheckFailed(user_context.GetUserID()); |
| return; |
| } |
| - SupervisedUserLoginFlow* new_flow = |
| - new SupervisedUserLoginFlow(user_context.GetUserID()); |
| - new_flow->set_host( |
| - ChromeUserManager::Get()->GetUserFlow(user_context.GetUserID())->host()); |
| - ChromeUserManager::Get()->SetUserFlow(user_context.GetUserID(), new_flow); |
| + SetupSupervisedUserFlow(user_context.GetUserID()); |
| + UserContext user_context_copy = TransformSupervisedKey(user_context); |
| - SupervisedUserAuthentication* authentication = |
| - ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication(); |
| - |
| - UserContext user_context_copy = authentication->TransformKey(user_context); |
| - |
| - if (authentication->GetPasswordSchema(user_context.GetUserID()) == |
| - SupervisedUserAuthentication::SCHEMA_SALT_HASHED) { |
| - if (extended_authenticator_.get()) { |
| - extended_authenticator_->SetConsumer(NULL); |
| - } |
| - extended_authenticator_ = new ExtendedAuthenticator(this); |
| + if (UseExtendedAuthenticatorForSupervisedUser(user_context)) { |
| + EnsureExtendedAuthenticator(); |
| // TODO(antrim) : Replace empty callback with explicit method. |
| // http://crbug.com/351268 |
| - BrowserThread::PostTask( |
| - BrowserThread::UI, |
| + task_runner_->PostTask( |
| FROM_HERE, |
| base::Bind(&ExtendedAuthenticator::AuthenticateToMount, |
| extended_authenticator_.get(), |
| @@ -254,119 +199,110 @@ void LoginPerformer::LoginAsSupervisedUser( |
| ExtendedAuthenticator::ResultCallback())); |
| } else { |
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| - BrowserThread::PostTask( |
| - BrowserThread::UI, |
| - FROM_HERE, |
| - base::Bind(&Authenticator::LoginAsSupervisedUser, |
| - authenticator_.get(), |
| - user_context_copy)); |
| + EnsureAuthenticator(); |
| + task_runner_->PostTask(FROM_HERE, |
| + base::Bind(&Authenticator::LoginAsSupervisedUser, |
| + authenticator_.get(), |
| + user_context_copy)); |
| } |
| } |
| -void LoginPerformer::LoginRetailMode() { |
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| - BrowserThread::PostTask( |
| - BrowserThread::UI, FROM_HERE, |
| - base::Bind(&Authenticator::LoginRetailMode, authenticator_.get())); |
| -} |
| - |
| -void LoginPerformer::LoginOffTheRecord() { |
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| - BrowserThread::PostTask( |
| - BrowserThread::UI, FROM_HERE, |
| - base::Bind(&Authenticator::LoginOffTheRecord, authenticator_.get())); |
| -} |
| - |
| void LoginPerformer::LoginAsPublicSession(const UserContext& user_context) { |
| - // Login is not allowed if policy could not be loaded for the account. |
| - policy::BrowserPolicyConnectorChromeOS* connector = |
| - g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| - policy::DeviceLocalAccountPolicyService* policy_service = |
| - connector->GetDeviceLocalAccountPolicyService(); |
| - if (!policy_service || |
| - !policy_service->IsPolicyAvailableForUser(user_context.GetUserID())) { |
| + if (!CheckPolicyForUser(user_context.GetUserID())) { |
| DCHECK(delegate_); |
| if (delegate_) |
| delegate_->PolicyLoadFailed(); |
| return; |
| } |
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| - BrowserThread::PostTask( |
| - BrowserThread::UI, FROM_HERE, |
| - base::Bind(&Authenticator::LoginAsPublicSession, |
| - authenticator_.get(), |
| - user_context)); |
| + EnsureAuthenticator(); |
| + task_runner_->PostTask(FROM_HERE, |
| + base::Bind(&Authenticator::LoginAsPublicSession, |
| + authenticator_.get(), |
| + user_context)); |
| +} |
| + |
| +void LoginPerformer::LoginRetailMode() { |
| + EnsureAuthenticator(); |
| + task_runner_->PostTask( |
| + FROM_HERE, |
| + base::Bind(&Authenticator::LoginRetailMode, authenticator_.get())); |
| +} |
| + |
| +void LoginPerformer::LoginOffTheRecord() { |
| + EnsureAuthenticator(); |
| + task_runner_->PostTask( |
| + FROM_HERE, |
| + base::Bind(&Authenticator::LoginOffTheRecord, authenticator_.get())); |
| } |
| void LoginPerformer::LoginAsKioskAccount(const std::string& app_user_id, |
| bool use_guest_mount) { |
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| - BrowserThread::PostTask( |
| - BrowserThread::UI, FROM_HERE, |
| - base::Bind(&Authenticator::LoginAsKioskAccount, authenticator_.get(), |
| - app_user_id, use_guest_mount)); |
| + EnsureAuthenticator(); |
| + task_runner_->PostTask(FROM_HERE, |
| + base::Bind(&Authenticator::LoginAsKioskAccount, |
| + authenticator_.get(), |
| + app_user_id, |
| + use_guest_mount)); |
| } |
| void LoginPerformer::RecoverEncryptedData(const std::string& old_password) { |
| - BrowserThread::PostTask( |
| - BrowserThread::UI, FROM_HERE, |
| - base::Bind(&Authenticator::RecoverEncryptedData, authenticator_.get(), |
| - old_password)); |
| + task_runner_->PostTask(FROM_HERE, |
| + base::Bind(&Authenticator::RecoverEncryptedData, |
| + authenticator_.get(), |
| + old_password)); |
| } |
| void LoginPerformer::ResyncEncryptedData() { |
| - BrowserThread::PostTask( |
| - BrowserThread::UI, FROM_HERE, |
| + task_runner_->PostTask( |
| + FROM_HERE, |
| base::Bind(&Authenticator::ResyncEncryptedData, authenticator_.get())); |
| } |
| //////////////////////////////////////////////////////////////////////////////// |
| // LoginPerformer, private: |
| +void LoginPerformer::EnsureExtendedAuthenticator() { |
| + if (extended_authenticator_.get()) { |
|
Nikita (slow)
2014/10/06 14:55:33
nit: drop {}
|
| + extended_authenticator_->SetConsumer(NULL); |
| + } |
| + extended_authenticator_ = new ExtendedAuthenticator(this); |
| +} |
| + |
| void LoginPerformer::StartLoginCompletion() { |
| DVLOG(1) << "Login completion started"; |
| - BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false); |
| - Profile* profile = ProfileHelper::GetSigninProfile(); |
| - |
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| - BrowserThread::PostTask( |
| - BrowserThread::UI, FROM_HERE, |
| - base::Bind(&Authenticator::CompleteLogin, authenticator_.get(), |
| - profile, |
| - user_context_)); |
| + chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker("AuthStarted", false); |
| + Profile* profile = GetSigninProfile(); |
|
Nikita (slow)
2014/10/06 14:55:33
You should not use Profile in this base class, use
|
| + EnsureAuthenticator(); |
| + task_runner_->PostTask(FROM_HERE, |
| + base::Bind(&chromeos::Authenticator::CompleteLogin, |
| + authenticator_.get(), |
| + profile, |
| + user_context_)); |
| user_context_.ClearSecrets(); |
| } |
| void LoginPerformer::StartAuthentication() { |
| DVLOG(1) << "Auth started"; |
| - BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false); |
| - Profile* profile = ProfileHelper::GetSigninProfile(); |
| + chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker("AuthStarted", false); |
| if (delegate_) { |
| - authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| - BrowserThread::PostTask( |
| - BrowserThread::UI, FROM_HERE, |
| - base::Bind(&Authenticator::AuthenticateToLogin, authenticator_.get(), |
| - profile, |
| - user_context_)); |
| + EnsureAuthenticator(); |
| + Profile* profile = GetSigninProfile(); |
| + task_runner_->PostTask(FROM_HERE, |
| + base::Bind(&Authenticator::AuthenticateToLogin, |
| + authenticator_.get(), |
| + base::Unretained(profile), |
| + user_context_)); |
| // Make unobtrusive online check. It helps to determine password change |
| // state in the case when offline login fails. |
| - online_attempt_host_.Check(profile->GetRequestContext(), user_context_); |
| + online_attempt_host_.Check(GetSigninRequestContext(), user_context_); |
| } else { |
| NOTREACHED(); |
| } |
| user_context_.ClearSecrets(); |
| } |
| -void LoginPerformer::OnlineWildcardLoginCheckCompleted( |
| - policy::WildcardLoginChecker::Result result) { |
| - if (result == policy::WildcardLoginChecker::RESULT_ALLOWED) { |
| - StartLoginCompletion(); |
| - } else { |
| - if (delegate_) |
| - delegate_->WhiteListCheckFailed(user_context_.GetUserID()); |
| - } |
| +void LoginPerformer::EnsureAuthenticator() { |
| + authenticator_ = CreateAuthenticator(); |
| } |
| - |
| } // namespace chromeos |
