Reauthenticate the user before launching Smart Lock setup app.

chrome/browser/signin/easy_unlock_service_regular.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/easy_unlock_service_regular.h"
 
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/metrics/field_trial.h"
 #include "base/prefs/pref_service.h"
 #include "base/prefs/scoped_user_pref_update.h"
+#include "base/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/easy_unlock_toggle_flow.h"
 #include "chrome/browser/signin/screenlock_bridge.h"
 #include "chrome/browser/ui/extensions/application_launch.h"
 #include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/pref_names.h"
 #include "components/pref_registry/pref_registry_syncable.h"
+#include "content/public/browser/browser_thread.h"
 #include "extensions/browser/extension_system.h"
 
 #if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h"
+#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_reauth.h"
+#include "chrome/browser/chromeos/login/session/user_session_manager.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "components/user_manager/user_manager.h"
 #endif
 
 namespace {
 
 // Key name of the local device permit record dictonary in kEasyUnlockPairing.
 const char kKeyPermitAccess[] = "permitAccess";
 
 // Key name of the remote device list in kEasyUnlockPairing.
 const char kKeyDevices[] = "devices";
 
 // Key name of the phone public key in a device dictionary.
 const char kKeyPhoneId[] = "permitRecord.id";
 
 }  // namespace
 
 EasyUnlockServiceRegular::EasyUnlockServiceRegular(Profile* profile)
     : EasyUnlockService(profile),
-      turn_off_flow_status_(EasyUnlockService::IDLE) {
+      turn_off_flow_status_(EasyUnlockService::IDLE),
+      weak_ptr_factory_(this) {
 }
 
 EasyUnlockServiceRegular::~EasyUnlockServiceRegular() {
 }
 
 EasyUnlockService::Type EasyUnlockServiceRegular::GetType() const {
   return EasyUnlockService::TYPE_REGULAR;
 }
 
 std::string EasyUnlockServiceRegular::GetUserEmail() const {
   return ScreenlockBridge::GetAuthenticatedUserEmail(profile());
 }
 
 void EasyUnlockServiceRegular::LaunchSetup() {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+#if defined(OS_CHROMEOS)
+  // Force the user to reauthenticate by showing a modal overlay (similar to the
+  // lock screen). The password obtained from the reauth is cached for a short
+  // period of time and used to create the cryptohome keys for sign-in.
+  if (short_lived_user_context_ && short_lived_user_context_->user_context()) {
+    OpenSetupApp();
+  } else {
+    bool reauth_success = chromeos::EasyUnlockReauth::ReauthForUserContext(
+        base::Bind(&EasyUnlockServiceRegular::OnUserContextFromReauth,
+                   weak_ptr_factory_.GetWeakPtr()));
+    if (!reauth_success)
+      OpenSetupApp();
+  }
+#else
+  OpenSetupApp();
+#endif
+}
+
+#if defined(OS_CHROMEOS)
+void EasyUnlockServiceRegular::OnUserContextFromReauth(
+    const chromeos::UserContext& user_context) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  short_lived_user_context_.reset(new chromeos::ShortLivedUserContext(
+      user_context, base::ThreadTaskRunnerHandle::Get().get()));
+  OpenSetupApp();
+}
+
+void EasyUnlockServiceRegular::OnKeysRefreshedForSetDevices(bool success) {
+  // If the keys were refreshed successfully, the hardlock state should be
+  // cleared, and Smart Lock can be used normally.
+  CheckCryptohomeKeysAndMaybeHardlock();
+}
+#endif
+
+void EasyUnlockServiceRegular::OpenSetupApp() {
   ExtensionService* service =
       extensions::ExtensionSystem::Get(profile())->extension_service();
   const extensions::Extension* extension =
       service->GetExtensionById(extension_misc::kEasyUnlockAppId, false);
 
   OpenApplication(AppLaunchParams(
       profile(), extension, extensions::LAUNCH_CONTAINER_WINDOW, NEW_WINDOW));
 }
 
 const base::DictionaryValue* EasyUnlockServiceRegular::GetPermitAccess() const {
@@ skipping 28 matching lines @@
     return devices;
 
   return NULL;
 }
 
 void EasyUnlockServiceRegular::SetRemoteDevices(
     const base::ListValue& devices) {
   DictionaryPrefUpdate pairing_update(profile()->GetPrefs(),
                                       prefs::kEasyUnlockPairing);
   pairing_update->SetWithoutPathExpansion(kKeyDevices, devices.DeepCopy());
+
+#if defined(OS_CHROMEOS)
+  if (short_lived_user_context_ && short_lived_user_context_->user_context() &&
+      !devices.empty()) {

[tbarzic, 2014/10/27 21:44:44]

I concerned about the case where user does not finish setup, and
SetRemoteDevices gets called due to sync, in which case easy signin would end up
being available on next login (with no real feedback to the user)

[xiyuan, 2014/10/28 20:38:03]

Agree. We probably should make sure |short_lived_user_context_| get reset when
the setup window is dismissed, either by user or from sync.

[Tim Song, 2014/10/31 17:57:37]

Done. I put the logic binding the user context to the app window in
ShortLivedUserContext.

+    // We may already have the password cached, so proceed to create the
+    // cryptohome keys for sign-in or the system will be hardlocked.
+    chromeos::UserContext* user_context =
+        short_lived_user_context_->user_context();
+    chromeos::EasyUnlockKeyManager* key_manager =
+        chromeos::UserSessionManager::GetInstance()->GetEasyUnlockKeyManager();
+    key_manager->RefreshKeys(
+        *user_context,
+        devices,
+        base::Bind(&EasyUnlockServiceRegular::OnKeysRefreshedForSetDevices,
+                   weak_ptr_factory_.GetWeakPtr()));

[tbarzic, 2014/10/27 21:44:43]

reset user context?
also, can we make sure the context is reset when setup app window closes.

[Tim Song, 2014/10/31 17:57:37]

Done.

+  } else {
+    CheckCryptohomeKeysAndMaybeHardlock();
+  }
+#else
   CheckCryptohomeKeysAndMaybeHardlock();
+#endif
 }
 
 void EasyUnlockServiceRegular::ClearRemoteDevices() {
   DictionaryPrefUpdate pairing_update(profile()->GetPrefs(),
                                       prefs::kEasyUnlockPairing);
   pairing_update->RemoveWithoutPathExpansion(kKeyDevices, NULL);
   CheckCryptohomeKeysAndMaybeHardlock();
 }
 
 void EasyUnlockServiceRegular::RunTurnOffFlow() {
@@ skipping 49 matching lines @@
 void EasyUnlockServiceRegular::InitializeInternal() {
   registrar_.Init(profile()->GetPrefs());
   registrar_.Add(
       prefs::kEasyUnlockAllowed,
       base::Bind(&EasyUnlockServiceRegular::OnPrefsChanged,
                  base::Unretained(this)));
   OnPrefsChanged();
 }
 
 void EasyUnlockServiceRegular::ShutdownInternal() {
+#if defined(OS_CHROMEOS)
+  short_lived_user_context_.reset();
+#endif
+
   turn_off_flow_.reset();
   turn_off_flow_status_ = EasyUnlockService::IDLE;
   registrar_.RemoveAll();
 }
 
 bool EasyUnlockServiceRegular::IsAllowedInternal() {
 #if defined(OS_CHROMEOS)
   if (!user_manager::UserManager::Get()->IsLoggedInAsRegularUser())
     return false;
 
@@ skipping 30 matching lines @@
 
   if (!success) {
     SetTurnOffFlowStatus(FAIL);
     return;
   }
 
   ClearRemoteDevices();
   SetTurnOffFlowStatus(IDLE);
   ReloadApp();
 }