1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_USER_MANAGER_IMPL_H_ 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_USER_MANAGER_IMPL_H_ 7 8 #include <map> 9 #include <string> 10 #include <vector> 11 12 #include "base/basictypes.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/observer_list.h" 15 #include "base/synchronization/lock.h" 16 #include "base/time/time.h" 17 #include "chrome/browser/chromeos/login/login_utils.h" 18 #include "chrome/browser/chromeos/login/user.h" 19 #include "chrome/browser/chromeos/login/user_image_manager_impl.h" 20 #include "chrome/browser/chromeos/login/user_manager.h" 21 #include "chrome/browser/chromeos/login/wallpaper_manager.h" 22 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" 23 #include "chrome/browser/chromeos/settings/cros_settings.h" 24 #include "chrome/browser/chromeos/settings/device_settings_service.h" 25 #include "chrome/browser/sync/profile_sync_service_observer.h" 26 #include "chromeos/dbus/session_manager_client.h" 27 #include "content/public/browser/notification_observer.h" 28 #include "content/public/browser/notification_registrar.h" 29 30 class PrefService; 31 class ProfileSyncService; 32 33 namespace policy { 34 struct DeviceLocalAccount; 35 } 36 37 namespace chromeos { 38 39 class RemoveUserDelegate; 40 class SessionLengthLimiter; 41 42 // Implementation of the UserManager. 43 class UserManagerImpl 44 : public UserManager, 45 public LoginUtils::Delegate, 46 public ProfileSyncServiceObserver, 47 public content::NotificationObserver, 48 public policy::DeviceLocalAccountPolicyService::Observer { 49 public: 50 virtual ~UserManagerImpl(); 51 52 // UserManager implementation: 53 virtual void Shutdown() OVERRIDE; 54 virtual UserImageManager* GetUserImageManager() OVERRIDE; 55 virtual const UserList& GetUsers() const OVERRIDE; 56 virtual UserList GetUsersAdmittedForMultiProfile() const OVERRIDE; 57 virtual const UserList& GetLoggedInUsers() const OVERRIDE; 58 virtual const UserList& GetLRULoggedInUsers() OVERRIDE; 59 virtual void UserLoggedIn(const std::string& email, 60 const std::string& username_hash, 61 bool browser_restart) OVERRIDE; 62 virtual void SwitchActiveUser(const std::string& email) OVERRIDE; 63 virtual void RestoreActiveSessions() OVERRIDE; 64 virtual void SessionStarted() OVERRIDE; 65 virtual void RemoveUser(const std::string& email, 66 RemoveUserDelegate* delegate) OVERRIDE; 67 virtual void RemoveUserFromList(const std::string& email) OVERRIDE; 68 virtual bool IsKnownUser(const std::string& email) const OVERRIDE; 69 virtual const User* FindUser(const std::string& email) const OVERRIDE; 70 virtual const User* FindLocallyManagedUser( 71 const string16& display_name) const OVERRIDE; 72 virtual const User* GetLoggedInUser() const OVERRIDE; 73 virtual User* GetLoggedInUser() OVERRIDE; 74 virtual const User* GetActiveUser() const OVERRIDE; 75 virtual User* GetActiveUser() OVERRIDE; 76 virtual void SaveUserOAuthStatus( 77 const std::string& username, 78 User::OAuthTokenStatus oauth_token_status) OVERRIDE; 79 virtual void SaveUserDisplayName(const std::string& username, 80 const string16& display_name) OVERRIDE; 81 virtual string16 GetUserDisplayName( 82 const std::string& username) const OVERRIDE; 83 virtual void SaveUserDisplayEmail(const std::string& username, 84 const std::string& display_email) OVERRIDE; 85 virtual std::string GetUserDisplayEmail( 86 const std::string& username) const OVERRIDE; 87 virtual std::string GetManagedUserSyncId( 88 const std::string& managed_user_id) const OVERRIDE; 89 virtual string16 GetManagerDisplayNameForManagedUser( 90 const std::string& managed_user_id) const OVERRIDE; 91 virtual std::string GetManagerUserIdForManagedUser( 92 const std::string& managed_user_id) const OVERRIDE; 93 virtual std::string GetManagerDisplayEmailForManagedUser( 94 const std::string& managed_user_id) const OVERRIDE; 95 virtual bool IsCurrentUserOwner() const OVERRIDE; 96 virtual bool IsCurrentUserNew() const OVERRIDE; 97 virtual bool IsCurrentUserNonCryptohomeDataEphemeral() const OVERRIDE; 98 virtual bool CanCurrentUserLock() const OVERRIDE; 99 virtual bool IsUserLoggedIn() const OVERRIDE; 100 virtual bool IsLoggedInAsRegularUser() const OVERRIDE; 101 virtual bool IsLoggedInAsDemoUser() const OVERRIDE; 102 virtual bool IsLoggedInAsPublicAccount() const OVERRIDE; 103 virtual bool IsLoggedInAsGuest() const OVERRIDE; 104 virtual bool IsLoggedInAsLocallyManagedUser() const OVERRIDE; 105 virtual bool IsLoggedInAsKioskApp() const OVERRIDE; 106 virtual bool IsLoggedInAsStub() const OVERRIDE; 107 virtual bool IsSessionStarted() const OVERRIDE; 108 virtual bool UserSessionsRestored() const OVERRIDE; 109 virtual MergeSessionState GetMergeSessionState() const OVERRIDE; 110 virtual void SetMergeSessionState(MergeSessionState status) OVERRIDE; 111 virtual bool HasBrowserRestarted() const OVERRIDE; 112 virtual bool IsUserNonCryptohomeDataEphemeral( 113 const std::string& email) const OVERRIDE; 114 virtual void AddObserver(UserManager::Observer* obs) OVERRIDE; 115 virtual void RemoveObserver(UserManager::Observer* obs) OVERRIDE; 116 virtual void AddSessionStateObserver( 117 UserManager::UserSessionStateObserver* obs) OVERRIDE; 118 virtual void RemoveSessionStateObserver( 119 UserManager::UserSessionStateObserver* obs) OVERRIDE; 120 virtual void NotifyLocalStateChanged() OVERRIDE; 121 virtual const User* CreateLocallyManagedUserRecord( 122 const std::string& manager_id, 123 const std::string& local_user_id, 124 const std::string& sync_user_id, 125 const string16& display_name) OVERRIDE; 126 virtual std::string GenerateUniqueLocallyManagedUserId() OVERRIDE; 127 virtual void StartLocallyManagedUserCreationTransaction( 128 const string16& display_name) OVERRIDE; 129 virtual void SetLocallyManagedUserCreationTransactionUserId( 130 const std::string& email) OVERRIDE; 131 virtual void CommitLocallyManagedUserCreationTransaction() OVERRIDE; 132 133 virtual UserFlow* GetCurrentUserFlow() const OVERRIDE; 134 virtual UserFlow* GetUserFlow(const std::string& email) const OVERRIDE; 135 virtual void SetUserFlow(const std::string& email, UserFlow* flow) OVERRIDE; 136 virtual void ResetUserFlow(const std::string& email) OVERRIDE; 137 virtual bool GetAppModeChromeClientOAuthInfo( 138 std::string* chrome_client_id, 139 std::string* chrome_client_secret) OVERRIDE; 140 virtual void SetAppModeChromeClientOAuthInfo( 141 const std::string& chrome_client_id, 142 const std::string& chrome_client_secret) OVERRIDE; 143 virtual bool AreLocallyManagedUsersAllowed() const OVERRIDE; 144 145 // content::NotificationObserver implementation. 146 virtual void Observe(int type, 147 const content::NotificationSource& source, 148 const content::NotificationDetails& details) OVERRIDE; 149 150 // ProfileSyncServiceObserver implementation. 151 virtual void OnStateChanged() OVERRIDE; 152 153 // policy::DeviceLocalAccountPolicyService::Observer implementation. 154 virtual void OnPolicyUpdated(const std::string& user_id) OVERRIDE; 155 virtual void OnDeviceLocalAccountsChanged() OVERRIDE; 156 157 private: 158 friend class UserManager; 159 friend class WallpaperManager; 160 friend class UserManagerTest; 161 friend class WallpaperManagerTest; 162 163 UserManagerImpl(); 164 165 // LoginUtils::Delegate implementation: 166 // Used when restoring user sessions after crash. 167 virtual void OnProfilePrepared(Profile* profile) OVERRIDE; 168 169 // Loads |users_| from Local State if the list has not been loaded yet. 170 // Subsequent calls have no effect. Must be called on the UI thread. 171 void EnsureUsersLoaded(); 172 173 // Retrieves trusted device policies and removes users from the persistent 174 // list if ephemeral users are enabled. Schedules a callback to itself if 175 // trusted device policies are not yet available. 176 void RetrieveTrustedDevicePolicies(); 177 178 // Returns true if trusted device policies have successfully been retrieved 179 // and ephemeral users are enabled. 180 bool AreEphemeralUsersEnabled() const; 181 182 // Returns a list of users who have logged into this device previously. 183 // Same as GetUsers but used if you need to modify User from that list. 184 UserList& GetUsersAndModify(); 185 186 // Returns the user with the given email address if found in the persistent 187 // list or currently logged in as ephemeral. Returns |NULL| otherwise. 188 // Same as FindUser but returns non-const pointer to User object. 189 User* FindUserAndModify(const std::string& email); 190 191 // Returns the user with the given email address if found in the persistent 192 // list. Returns |NULL| otherwise. 193 const User* FindUserInList(const std::string& email) const; 194 195 // Same as FindUserInList but returns non-const pointer to User object. 196 User* FindUserInListAndModify(const std::string& email); 197 198 // Indicates that a user just logged in as guest. 199 void GuestUserLoggedIn(); 200 201 // Indicates that a regular user just logged in. 202 void RegularUserLoggedIn(const std::string& email, bool browser_restart); 203 204 // Indicates that a regular user just logged in as ephemeral. 205 void RegularUserLoggedInAsEphemeral(const std::string& email); 206 207 // Indicates that a locally managed user just logged in. 208 void LocallyManagedUserLoggedIn(const std::string& username); 209 210 // Indicates that a user just logged into a public session. 211 void PublicAccountUserLoggedIn(User* user); 212 213 // Indicates that a kiosk app robot just logged in. 214 void KioskAppLoggedIn(const std::string& app_id); 215 216 // Indicates that a user just logged into a retail mode session. 217 void RetailModeUserLoggedIn(); 218 219 // Notifies that user has logged in. 220 // Sends NOTIFICATION_LOGIN_USER_CHANGED notification. 221 void NotifyOnLogin(); 222 223 // Reads user's oauth token status from local state preferences. 224 User::OAuthTokenStatus LoadUserOAuthStatus(const std::string& username) const; 225 226 void SetCurrentUserIsOwner(bool is_current_user_owner); 227 228 // Updates current user ownership on UI thread. 229 void UpdateOwnership(DeviceSettingsService::OwnershipStatus status, 230 bool is_owner); 231 232 // Triggers an asynchronous ownership check. 233 void CheckOwnership(); 234 235 // Removes data stored or cached outside the user's cryptohome (wallpaper, 236 // avatar, OAuth token status, display name, display email). 237 void RemoveNonCryptohomeData(const std::string& email); 238 239 // Removes a regular or locally managed user from the user list. 240 // Returns the user if found or NULL otherwise. 241 // Also removes the user from the persistent user list. 242 User* RemoveRegularOrLocallyManagedUserFromList(const std::string& username); 243 244 // If data for a public account is marked as pending removal and the user is 245 // no longer logged into that account, removes the data. 246 void CleanUpPublicAccountNonCryptohomeDataPendingRemoval(); 247 248 // Removes data belonging to public accounts that are no longer found on the 249 // user list. If the user is currently logged into one of these accounts, the 250 // data for that account is not removed immediately but marked as pending 251 // removal after logout. 252 void CleanUpPublicAccountNonCryptohomeData( 253 const std::vector<std::string>& old_public_accounts); 254 255 // Replaces the list of public accounts with those found in 256 // |device_local_accounts|. Ensures that data belonging to accounts no longer 257 // on the list is removed. Returns |true| if the list has changed. 258 // Public accounts are defined by policy. This method is called whenever an 259 // updated list of public accounts is received from policy. 260 bool UpdateAndCleanUpPublicAccounts( 261 const std::vector<policy::DeviceLocalAccount>& device_local_accounts); 262 263 // Updates the display name for public account |username| from policy settings 264 // associated with that username. 265 void UpdatePublicAccountDisplayName(const std::string& username); 266 267 // Notifies the UI about a change to the user list. 268 void NotifyUserListChanged(); 269 270 // Notifies observers that merge session state had changed. 271 void NotifyMergeSessionStateChanged(); 272 273 // Notifies observers that active user has changed. 274 void NotifyActiveUserChanged(const User* active_user); 275 276 // Notifies observers that active user_id hash has changed. 277 void NotifyActiveUserHashChanged(const std::string& hash); 278 279 // Notifies observers that user pending sessions restore has finished. 280 void NotifyPendingUserSessionsRestoreFinished(); 281 282 // Returns true if there is non-committed user creation transaction. 283 bool HasFailedLocallyManagedUserCreationTransaction(); 284 285 // Attempts to clean up data that could be left from failed user creation. 286 void RollbackLocallyManagedUserCreationTransaction(); 287 288 // Lazily creates default user flow. 289 UserFlow* GetDefaultUserFlow() const; 290 291 // Update the global LoginState. 292 void UpdateLoginState(); 293 294 // Insert |user| at the front of the LRU user list.. 295 void SetLRUUser(User* user); 296 297 // Callback to process RetrieveActiveSessions() request results. 298 void OnRestoreActiveSessions( 299 const SessionManagerClient::ActiveSessionsMap& sessions, 300 bool success); 301 302 // Called by OnRestoreActiveSessions() when there're user sessions in 303 // |pending_user_sessions_| that has to be restored one by one. 304 // Also called after first user session from that list is restored and so on. 305 // Process continues till |pending_user_sessions_| map is not empty. 306 void RestorePendingUserSessions(); 307 308 // Sends metrics in response to a regular user logging in. 309 void SendRegularUserLoginMetrics(const std::string& email); 310 311 // Interface to the signed settings store. 312 CrosSettings* cros_settings_; 313 314 // Interface to device-local account definitions and associated policy. 315 policy::DeviceLocalAccountPolicyService* device_local_account_policy_service_; 316 317 // True if users have been loaded from prefs already. 318 bool users_loaded_; 319 320 // List of all known users. User instances are owned by |this|. Regular users 321 // are removed by |RemoveUserFromList|, public accounts by 322 // |UpdateAndCleanUpPublicAccounts|. 323 UserList users_; 324 325 // List of all users that are logged in current session. These point to User 326 // instances in |users_|. Only one of them could be marked as active. 327 UserList logged_in_users_; 328 329 // A list of all users that are logged in the current session. In contrast to 330 // |logged_in_users|, the order of this list is least recently used so that 331 // the active user should always be the first one in the list. 332 UserList lru_logged_in_users_; 333 334 // The list which gets reported when the |lru_logged_in_users_| list is empty. 335 UserList temp_single_logged_in_users_; 336 337 // The logged-in user that is currently active in current session. 338 // NULL until a user has logged in, then points to one 339 // of the User instances in |users_|, the |guest_user_| instance or an 340 // ephemeral user instance. 341 User* active_user_; 342 343 // True if SessionStarted() has been called. 344 bool session_started_; 345 346 // True is user sessions has been restored after crash. 347 // On a normal boot then login into user sessions this will be false. 348 bool user_sessions_restored_; 349 350 // Cached flag of whether currently logged-in user is owner or not. 351 // May be accessed on different threads, requires locking. 352 bool is_current_user_owner_; 353 mutable base::Lock is_current_user_owner_lock_; 354 355 // Cached flag of whether the currently logged-in user existed before this 356 // login. 357 bool is_current_user_new_; 358 359 // Cached flag of whether the currently logged-in user is a regular user who 360 // logged in as ephemeral. Storage of persistent information is avoided for 361 // such users by not adding them to the persistent user list, not downloading 362 // their custom avatars and mounting their cryptohomes using tmpfs. Defaults 363 // to |false|. 364 bool is_current_user_ephemeral_regular_user_; 365 366 // Cached flag indicating whether the ephemeral user policy is enabled. 367 // Defaults to |false| if the value has not been read from trusted device 368 // policy yet. 369 bool ephemeral_users_enabled_; 370 371 // Cached flag indicating whether the locally managed users are enabled by 372 // policy. Defaults to |false| if the value has not been read from trusted 373 // device policy yet. 374 bool locally_managed_users_enabled_by_policy_; 375 376 // Merge session state (cookie restore process state). 377 MergeSessionState merge_session_state_; 378 379 // Cached name of device owner. Defaults to empty string if the value has not 380 // been read from trusted device policy yet. 381 std::string owner_email_; 382 383 // Chrome oauth client id and secret - override values for kiosk mode. 384 std::string chrome_client_id_; 385 std::string chrome_client_secret_; 386 387 content::NotificationRegistrar registrar_; 388 389 // Profile sync service which is observed to take actions after sync 390 // errors appear. NOTE: there is no guarantee that it is the current sync 391 // service, so do NOT use it outside |OnStateChanged| method. 392 ProfileSyncService* observed_sync_service_; 393 394 ObserverList<UserManager::Observer> observer_list_; 395 396 // TODO(nkostylev): Merge with session state refactoring CL. 397 ObserverList<UserManager::UserSessionStateObserver> 398 session_state_observer_list_; 399 400 // User avatar manager. 401 scoped_ptr<UserImageManagerImpl> user_image_manager_; 402 403 // Session length limiter. 404 scoped_ptr<SessionLengthLimiter> session_length_limiter_; 405 406 typedef std::map<std::string, UserFlow*> FlowMap; 407 408 // Lazy-initialized default flow. 409 mutable scoped_ptr<UserFlow> default_flow_; 410 411 // Specific flows by user e-mail. Keys should be canonicalized before 412 // access. 413 FlowMap specific_flows_; 414 415 // User sessions that have to be restored after browser crash. 416 // [user_id] > [user_id_hash] 417 SessionManagerClient::ActiveSessionsMap pending_user_sessions_; 418 419 // Time at which this object was created. 420 base::TimeTicks manager_creation_time_; 421 422 DISALLOW_COPY_AND_ASSIGN(UserManagerImpl); 423 }; 424 425 } // namespace chromeos 426 427 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_USER_MANAGER_IMPL_H_ 428