Reauthenticate the user before launching Smart Lock setup app.

chrome/browser/signin/easy_unlock_service_regular.cc

Index: chrome/browser/signin/easy_unlock_service_regular.cc
diff --git a/chrome/browser/signin/easy_unlock_service_regular.cc b/chrome/browser/signin/easy_unlock_service_regular.cc
index 5ea569515db2f27f221ba06b7f90f80d581a8b23..45bfbd84aa95efc9058aca403a6c7d5a7b641491 100644
--- a/chrome/browser/signin/easy_unlock_service_regular.cc
+++ b/chrome/browser/signin/easy_unlock_service_regular.cc
@@ -9,6 +9,7 @@
 #include "base/metrics/field_trial.h"
 #include "base/prefs/pref_service.h"
 #include "base/prefs/scoped_user_pref_update.h"
+#include "base/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/profiles/profile.h"
@@ -18,9 +19,13 @@
 #include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/pref_names.h"
 #include "components/pref_registry/pref_registry_syncable.h"
+#include "content/public/browser/browser_thread.h"
 #include "extensions/browser/extension_system.h"
 
 #if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h"
+#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_reauth.h"
+#include "chrome/browser/chromeos/login/session/user_session_manager.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "components/user_manager/user_manager.h"
 #endif
@@ -40,7 +45,8 @@ const char kKeyPhoneId[] = "permitRecord.id";
 
 EasyUnlockServiceRegular::EasyUnlockServiceRegular(Profile* profile)
     : EasyUnlockService(profile),
-      turn_off_flow_status_(EasyUnlockService::IDLE) {
+      turn_off_flow_status_(EasyUnlockService::IDLE),
+      weak_ptr_factory_(this) {
 }
 
 EasyUnlockServiceRegular::~EasyUnlockServiceRegular() {
@@ -55,6 +61,42 @@ std::string EasyUnlockServiceRegular::GetUserEmail() const {
 }
 
 void EasyUnlockServiceRegular::LaunchSetup() {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+#if defined(OS_CHROMEOS)
+  // Force the user to reauthenticate by showing a modal overlay (similar to the
+  // lock screen). The password obtained from the reauth is cached for a short
+  // period of time and used to create the cryptohome keys for sign-in.
+  if (short_lived_user_context_ && short_lived_user_context_->user_context()) {
+    OpenSetupApp();
+  } else {
+    bool reauth_success = chromeos::EasyUnlockReauth::ReauthForUserContext(
+        base::Bind(&EasyUnlockServiceRegular::OnUserContextFromReauth,
+                   weak_ptr_factory_.GetWeakPtr()));
+    if (!reauth_success)
+      OpenSetupApp();
+  }
+#else
+  OpenSetupApp();
+#endif
+}
+
+#if defined(OS_CHROMEOS)
+void EasyUnlockServiceRegular::OnUserContextFromReauth(
+    const chromeos::UserContext& user_context) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  short_lived_user_context_.reset(new chromeos::ShortLivedUserContext(
+      user_context, base::ThreadTaskRunnerHandle::Get().get()));
+  OpenSetupApp();
+}
+
+void EasyUnlockServiceRegular::OnKeysRefreshedForSetDevices(bool success) {
+  // If the keys were refreshed successfully, the hardlock state should be
+  // cleared, and Smart Lock can be used normally.
+  CheckCryptohomeKeysAndMaybeHardlock();
+}
+#endif
+
+void EasyUnlockServiceRegular::OpenSetupApp() {
   ExtensionService* service =
       extensions::ExtensionSystem::Get(profile())->extension_service();
   const extensions::Extension* extension =
@@ -103,7 +145,27 @@ void EasyUnlockServiceRegular::SetRemoteDevices(
   DictionaryPrefUpdate pairing_update(profile()->GetPrefs(),
                                       prefs::kEasyUnlockPairing);
   pairing_update->SetWithoutPathExpansion(kKeyDevices, devices.DeepCopy());
+
+#if defined(OS_CHROMEOS)
+  if (short_lived_user_context_ && short_lived_user_context_->user_context() &&
+      !devices.empty()) {

[tbarzic, 2014/10/27 21:44:44]

I concerned about the case where user does not finish setup, and
SetRemoteDevices gets called due to sync, in which case easy signin would end up
being available on next login (with no real feedback to the user)

[xiyuan, 2014/10/28 20:38:03]

Agree. We probably should make sure |short_lived_user_context_| get reset when
the setup window is dismissed, either by user or from sync.

[Tim Song, 2014/10/31 17:57:37]

Done. I put the logic binding the user context to the app window in
ShortLivedUserContext.

+    // We may already have the password cached, so proceed to create the
+    // cryptohome keys for sign-in or the system will be hardlocked.
+    chromeos::UserContext* user_context =
+        short_lived_user_context_->user_context();
+    chromeos::EasyUnlockKeyManager* key_manager =
+        chromeos::UserSessionManager::GetInstance()->GetEasyUnlockKeyManager();
+    key_manager->RefreshKeys(
+        *user_context,
+        devices,
+        base::Bind(&EasyUnlockServiceRegular::OnKeysRefreshedForSetDevices,
+                   weak_ptr_factory_.GetWeakPtr()));

[tbarzic, 2014/10/27 21:44:43]

reset user context?
also, can we make sure the context is reset when setup app window closes.

[Tim Song, 2014/10/31 17:57:37]

Done.

+  } else {
+    CheckCryptohomeKeysAndMaybeHardlock();
+  }
+#else
   CheckCryptohomeKeysAndMaybeHardlock();
+#endif
 }
 
 void EasyUnlockServiceRegular::ClearRemoteDevices() {
@@ -173,6 +235,10 @@ void EasyUnlockServiceRegular::InitializeInternal() {
 }
 
 void EasyUnlockServiceRegular::ShutdownInternal() {
+#if defined(OS_CHROMEOS)
+  short_lived_user_context_.reset();
+#endif
+
   turn_off_flow_.reset();
   turn_off_flow_status_ = EasyUnlockService::IDLE;
   registrar_.RemoveAll();