Home | History | Annotate | Download | only in login
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_LOGIN_PERFORMER_H_
      6 #define CHROME_BROWSER_CHROMEOS_LOGIN_LOGIN_PERFORMER_H_
      7 
      8 #include <string>
      9 
     10 #include "base/basictypes.h"
     11 #include "base/memory/scoped_ptr.h"
     12 #include "base/memory/weak_ptr.h"
     13 #include "chrome/browser/chromeos/login/authenticator.h"
     14 #include "chrome/browser/chromeos/login/login_status_consumer.h"
     15 #include "chrome/browser/chromeos/login/online_attempt_host.h"
     16 #include "chrome/browser/chromeos/login/user.h"
     17 #include "chrome/browser/profiles/profile_manager.h"
     18 #include "content/public/browser/notification_observer.h"
     19 #include "content/public/browser/notification_registrar.h"
     20 #include "google_apis/gaia/google_service_auth_error.h"
     21 
     22 namespace policy {
     23 class WildcardLoginChecker;
     24 }
     25 
     26 namespace chromeos {
     27 
     28 // This class encapsulates sign in operations.
     29 // Sign in is performed in a way that offline auth is executed first.
     30 // Once offline auth is OK - user homedir is mounted, UI is launched.
     31 // At this point LoginPerformer |delegate_| is destroyed and it releases
     32 // LP instance ownership. LP waits for online login result.
     33 // If auth is succeeded, cookie fetcher is executed, LP instance deletes itself.
     34 //
     35 // If |delegate_| is not NULL it will handle error messages, password input.
     36 class LoginPerformer : public LoginStatusConsumer,
     37                        public OnlineAttemptHost::Delegate {
     38  public:
     39   typedef enum AuthorizationMode {
     40     // Authorization performed internally by Chrome.
     41     AUTH_MODE_INTERNAL,
     42     // Authorization performed by an extension.
     43     AUTH_MODE_EXTENSION
     44   } AuthorizationMode;
     45 
     46   // Delegate class to get notifications from the LoginPerformer.
     47   class Delegate : public LoginStatusConsumer {
     48    public:
     49     virtual ~Delegate() {}
     50     virtual void WhiteListCheckFailed(const std::string& email) = 0;
     51     virtual void PolicyLoadFailed() = 0;
     52     virtual void OnOnlineChecked(const std::string& email, bool success) = 0;
     53   };
     54 
     55   explicit LoginPerformer(Delegate* delegate);
     56   virtual ~LoginPerformer();
     57 
     58   // LoginStatusConsumer implementation:
     59   virtual void OnLoginFailure(const LoginFailure& error) OVERRIDE;
     60   virtual void OnRetailModeLoginSuccess(
     61       const UserContext& user_context) OVERRIDE;
     62   virtual void OnLoginSuccess(const UserContext& user_context) OVERRIDE;
     63   virtual void OnOffTheRecordLoginSuccess() OVERRIDE;
     64   virtual void OnPasswordChangeDetected() OVERRIDE;
     65 
     66   // Performs a login for |user_context|.
     67   // If auth_mode is AUTH_MODE_EXTENSION, there are no further auth checks,
     68   // AUTH_MODE_INTERNAL will perform auth checks.
     69   void PerformLogin(const UserContext& user_context,
     70                     AuthorizationMode auth_mode);
     71 
     72   // Performs locally managed user login with a given |user_context|.
     73   void LoginAsLocallyManagedUser(const UserContext& user_context);
     74 
     75   // Performs retail mode login.
     76   void LoginRetailMode();
     77 
     78   // Performs actions to prepare guest mode login.
     79   void LoginOffTheRecord();
     80 
     81   // Performs a login into the public account identified by |username|.
     82   void LoginAsPublicAccount(const std::string& username);
     83 
     84   // Performs a login into the kiosk mode account with |app_user_id|.
     85   void LoginAsKioskAccount(const std::string& app_user_id);
     86 
     87   // Migrates cryptohome using |old_password| specified.
     88   void RecoverEncryptedData(const std::string& old_password);
     89 
     90   // Reinitializes cryptohome with the new password.
     91   void ResyncEncryptedData();
     92 
     93   // Returns latest auth error.
     94   const GoogleServiceAuthError& error() const {
     95     return last_login_failure_.error();
     96   }
     97 
     98   // True if password change has been detected.
     99   bool password_changed() { return password_changed_; }
    100 
    101   // Number of times we've been called with OnPasswordChangeDetected().
    102   // If user enters incorrect old password, same LoginPerformer instance will
    103   // be called so callback count makes it possible to distinguish initial
    104   // "password changed detected" event from further attempts to enter old
    105   // password for cryptohome migration (when > 1).
    106   int password_changed_callback_count() {
    107     return password_changed_callback_count_;
    108   }
    109 
    110   void set_delegate(Delegate* delegate) { delegate_ = delegate; }
    111 
    112   AuthorizationMode auth_mode() const { return auth_mode_; }
    113 
    114  protected:
    115   // Implements OnlineAttemptHost::Delegate.
    116   virtual void OnChecked(const std::string& username, bool success) OVERRIDE;
    117 
    118  private:
    119   // Starts login completion of externally authenticated user.
    120   void StartLoginCompletion();
    121 
    122   // Starts authentication.
    123   void StartAuthentication();
    124 
    125   // Completion callback for the online wildcard login check for enterprise
    126   // devices. Continues the login process or signals whitelist check failure
    127   // depending on the value of |result|.
    128   void OnlineWildcardLoginCheckCompleted(bool result);
    129 
    130   // Used for logging in.
    131   scoped_refptr<Authenticator> authenticator_;
    132 
    133   // Used to make auxiliary online check.
    134   OnlineAttemptHost online_attempt_host_;
    135 
    136   // Represents last login failure that was encountered when communicating to
    137   // sign-in server. LoginFailure.LoginFailureNone() by default.
    138   LoginFailure last_login_failure_;
    139 
    140   // User credentials for the current login attempt.
    141   UserContext user_context_;
    142 
    143   // Notifications receiver.
    144   Delegate* delegate_;
    145 
    146   // True if password change has been detected.
    147   // Once correct password is entered homedir migration is executed.
    148   bool password_changed_;
    149   int password_changed_callback_count_;
    150 
    151   // Authorization mode type.
    152   AuthorizationMode auth_mode_;
    153 
    154   // Used to verify logins that matched wildcard on the login whitelist.
    155   scoped_ptr<policy::WildcardLoginChecker> wildcard_login_checker_;
    156 
    157   base::WeakPtrFactory<LoginPerformer> weak_factory_;
    158 
    159   DISALLOW_COPY_AND_ASSIGN(LoginPerformer);
    160 };
    161 
    162 }  // namespace chromeos
    163 
    164 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_LOGIN_PERFORMER_H_
    165