| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ | |
| 6 #define CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 | |
| 10 #include "base/basictypes.h" | |
| 11 #include "base/callback.h" | |
| 12 #include "base/memory/scoped_ptr.h" | |
| 13 #include "base/memory/weak_ptr.h" | |
| 14 #include "chromeos/chromeos_export.h" | |
| 15 #include "chromeos/login/auth/auth_status_consumer.h" | |
| 16 #include "chromeos/login/auth/authenticator.h" | |
| 17 #include "chromeos/login/auth/extended_authenticator.h" | |
| 18 #include "chromeos/login/auth/online_attempt_host.h" | |
| 19 #include "chromeos/login/auth/user_context.h" | |
| 20 #include "google_apis/gaia/google_service_auth_error.h" | |
| 21 | |
| 22 namespace net { | |
| 23 class URLRequestContextGetter; | |
| 24 } | |
| 25 | |
| 26 namespace policy { | |
| 27 class WildcardLoginChecker; | |
| 28 } | |
| 29 | |
| 30 namespace content { | |
| 31 class BrowserContext; | |
| 32 } | |
| 33 | |
| 34 namespace chromeos { | |
| 35 | |
| 36 // This class encapsulates sign in operations. | |
| 37 // Sign in is performed in a way that offline auth is executed first. | |
| 38 // Once offline auth is OK - user homedir is mounted, UI is launched. | |
| 39 // At this point LoginPerformer |delegate_| is destroyed and it releases | |
| 40 // LP instance ownership. LP waits for online login result. | |
| 41 // If auth is succeeded, cookie fetcher is executed, LP instance deletes itself. | |
| 42 // | |
| 43 // If |delegate_| is not NULL it will handle error messages, password input. | |
| 44 class CHROMEOS_EXPORT LoginPerformer : public AuthStatusConsumer, | |
| 45 public OnlineAttemptHost::Delegate { | |
| 46 public: | |
| 47 typedef enum AuthorizationMode { | |
| 48 // Authorization performed internally by Chrome. | |
| 49 AUTH_MODE_INTERNAL, | |
| 50 // Authorization performed by an extension. | |
| 51 AUTH_MODE_EXTENSION | |
| 52 } AuthorizationMode; | |
| 53 | |
| 54 // Delegate class to get notifications from the LoginPerformer. | |
| 55 class Delegate : public AuthStatusConsumer { | |
| 56 public: | |
| 57 virtual ~Delegate() {} | |
| 58 virtual void WhiteListCheckFailed(const std::string& email) = 0; | |
| 59 virtual void PolicyLoadFailed() = 0; | |
| 60 virtual void OnOnlineChecked(const std::string& email, bool success) = 0; | |
| 61 }; | |
| 62 | |
| 63 LoginPerformer(scoped_refptr<base::TaskRunner> task_runner, | |
| 64 Delegate* delegate); | |
| 65 virtual ~LoginPerformer(); | |
| 66 | |
| 67 // Performs a login for |user_context|. | |
| 68 // If auth_mode is AUTH_MODE_EXTENSION, there are no further auth checks, | |
| 69 // AUTH_MODE_INTERNAL will perform auth checks. | |
| 70 void PerformLogin(const UserContext& user_context, | |
| 71 AuthorizationMode auth_mode); | |
| 72 | |
| 73 // Performs supervised user login with a given |user_context|. | |
| 74 void LoginAsSupervisedUser(const UserContext& user_context); | |
| 75 | |
| 76 // Performs retail mode login. | |
| 77 void LoginRetailMode(); | |
| 78 | |
| 79 // Performs actions to prepare guest mode login. | |
| 80 void LoginOffTheRecord(); | |
| 81 | |
| 82 // Performs public session login with a given |user_context|. | |
| 83 void LoginAsPublicSession(const UserContext& user_context); | |
| 84 | |
| 85 // Performs a login into the kiosk mode account with |app_user_id|. | |
| 86 void LoginAsKioskAccount(const std::string& app_user_id, | |
| 87 bool use_guest_mount); | |
| 88 | |
| 89 // AuthStatusConsumer implementation: | |
| 90 virtual void OnAuthFailure(const AuthFailure& error) override; | |
| 91 virtual void OnRetailModeAuthSuccess( | |
| 92 const UserContext& user_context) override; | |
| 93 virtual void OnAuthSuccess(const UserContext& user_context) override; | |
| 94 virtual void OnOffTheRecordAuthSuccess() override; | |
| 95 virtual void OnPasswordChangeDetected() override; | |
| 96 | |
| 97 // Migrates cryptohome using |old_password| specified. | |
| 98 void RecoverEncryptedData(const std::string& old_password); | |
| 99 | |
| 100 // Reinitializes cryptohome with the new password. | |
| 101 void ResyncEncryptedData(); | |
| 102 | |
| 103 // Returns latest auth error. | |
| 104 const GoogleServiceAuthError& error() const { | |
| 105 return last_login_failure_.error(); | |
| 106 } | |
| 107 | |
| 108 // True if password change has been detected. | |
| 109 bool password_changed() { return password_changed_; } | |
| 110 | |
| 111 // Number of times we've been called with OnPasswordChangeDetected(). | |
| 112 // If user enters incorrect old password, same LoginPerformer instance will | |
| 113 // be called so callback count makes it possible to distinguish initial | |
| 114 // "password changed detected" event from further attempts to enter old | |
| 115 // password for cryptohome migration (when > 1). | |
| 116 int password_changed_callback_count() { | |
| 117 return password_changed_callback_count_; | |
| 118 } | |
| 119 | |
| 120 void set_delegate(Delegate* delegate) { delegate_ = delegate; } | |
| 121 | |
| 122 AuthorizationMode auth_mode() const { return auth_mode_; } | |
| 123 | |
| 124 protected: | |
| 125 // Implements OnlineAttemptHost::Delegate. | |
| 126 virtual void OnChecked(const std::string& user_id, bool success) override; | |
| 127 | |
| 128 // Platform-dependant methods to be implemented by concrete class. | |
| 129 | |
| 130 // Run trusted check for a platform. If trusted check have to be performed | |
| 131 // asynchronously, |false| will be returned, and either delegate's | |
| 132 // PolicyLoadFailed() or |callback| will be called upon actual check. | |
| 133 virtual bool RunTrustedCheck(const base::Closure& callback) = 0; | |
| 134 | |
| 135 // Check if user is allowed to sign in on device. |wildcard_match| will | |
| 136 // contain additional information whether this user is explicitly listed or | |
| 137 // not (may be relevant for extension-based sign-in). | |
| 138 virtual bool IsUserWhitelisted(const std::string& user_id, | |
| 139 bool* wildcard_match) = 0; | |
| 140 | |
| 141 // This method should run addional online check if user can sign in on device. | |
| 142 // Either |success_callback| or |failure_callback| should be called upon this | |
| 143 // check. | |
| 144 virtual void RunOnlineWhitelistCheck( | |
| 145 const std::string& user_id, | |
| 146 bool wildcard_match, | |
| 147 const base::Closure& success_callback, | |
| 148 const base::Closure& failure_callback) = 0; | |
| 149 | |
| 150 // Supervised users-related methods. | |
| 151 | |
| 152 // Check if supervised users are allowed on this device. | |
| 153 virtual bool AreSupervisedUsersAllowed() = 0; | |
| 154 | |
| 155 // Check which authenticator should be used for supervised user. | |
| 156 virtual bool UseExtendedAuthenticatorForSupervisedUser( | |
| 157 const UserContext& user_context) = 0; | |
| 158 | |
| 159 // Probably transform supervised user's authentication key. | |
| 160 virtual UserContext TransformSupervisedKey(const UserContext& context) = 0; | |
| 161 | |
| 162 // Set up sign-in flow for supervised user. | |
| 163 virtual void SetupSupervisedUserFlow(const std::string& user_id) = 0; | |
| 164 | |
| 165 // Run policy check for |user_id|. If something is wrong, delegate's | |
| 166 // PolicyLoadFailed is called. | |
| 167 virtual bool CheckPolicyForUser(const std::string& user_id) = 0; | |
| 168 | |
| 169 // Look up browser context to use during signin. | |
| 170 virtual content::BrowserContext* GetSigninContext() = 0; | |
| 171 | |
| 172 // Get RequestContext used for sign in. | |
| 173 virtual net::URLRequestContextGetter* GetSigninRequestContext() = 0; | |
| 174 | |
| 175 // Create authenticator implementation. | |
| 176 virtual scoped_refptr<Authenticator> CreateAuthenticator() = 0; | |
| 177 | |
| 178 void set_authenticator(scoped_refptr<Authenticator> authenticator); | |
| 179 | |
| 180 // Notifications receiver. | |
| 181 Delegate* delegate_; | |
| 182 | |
| 183 private: | |
| 184 // Starts login completion of externally authenticated user. | |
| 185 void StartLoginCompletion(); | |
| 186 | |
| 187 // Starts authentication. | |
| 188 void StartAuthentication(); | |
| 189 void NotifyWhitelistCheckFailure(); | |
| 190 | |
| 191 // Makes sure that authenticator is created. | |
| 192 void EnsureAuthenticator(); | |
| 193 void EnsureExtendedAuthenticator(); | |
| 194 | |
| 195 // Actual implementantion of PeformLogin that is run after trusted values | |
| 196 // check. | |
| 197 void DoPerformLogin(const UserContext& user_context, | |
| 198 AuthorizationMode auth_mode); | |
| 199 | |
| 200 scoped_refptr<base::TaskRunner> task_runner_; | |
| 201 | |
| 202 // Used for logging in. | |
| 203 scoped_refptr<Authenticator> authenticator_; | |
| 204 | |
| 205 // Used for logging in. | |
| 206 scoped_refptr<ExtendedAuthenticator> extended_authenticator_; | |
| 207 | |
| 208 // Used to make auxiliary online check. | |
| 209 OnlineAttemptHost online_attempt_host_; | |
| 210 | |
| 211 // Represents last login failure that was encountered when communicating to | |
| 212 // sign-in server. AuthFailure.LoginFailureNone() by default. | |
| 213 AuthFailure last_login_failure_; | |
| 214 | |
| 215 // User credentials for the current login attempt. | |
| 216 UserContext user_context_; | |
| 217 | |
| 218 // True if password change has been detected. | |
| 219 // Once correct password is entered homedir migration is executed. | |
| 220 bool password_changed_; | |
| 221 int password_changed_callback_count_; | |
| 222 | |
| 223 // Authorization mode type. | |
| 224 AuthorizationMode auth_mode_; | |
| 225 | |
| 226 base::WeakPtrFactory<LoginPerformer> weak_factory_; | |
| 227 DISALLOW_COPY_AND_ASSIGN(LoginPerformer); | |
| 228 }; | |
| 229 | |
| 230 } // namespace chromeos | |
| 231 | |
| 232 #endif // CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 681593003:
Revert of Extract LoginPerformer to chromeos/auth (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master