1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "base/memory/scoped_ptr.h" 12 #include "base/memory/weak_ptr.h" 13 #include "chrome/browser/chromeos/policy/wildcard_login_checker.h" 14 #include "chromeos/login/auth/auth_status_consumer.h" 15 #include "chromeos/login/auth/authenticator.h" 16 #include "chromeos/login/auth/extended_authenticator.h" 17 #include "chromeos/login/auth/online_attempt_host.h" 18 #include "chromeos/login/auth/user_context.h" 19 #include "content/public/browser/notification_observer.h" 20 #include "content/public/browser/notification_registrar.h" 21 #include "google_apis/gaia/google_service_auth_error.h" 22 23 namespace policy { 24 class WildcardLoginChecker; 25 } 26 27 namespace chromeos { 28 29 // This class encapsulates sign in operations. 30 // Sign in is performed in a way that offline auth is executed first. 31 // Once offline auth is OK - user homedir is mounted, UI is launched. 32 // At this point LoginPerformer |delegate_| is destroyed and it releases 33 // LP instance ownership. LP waits for online login result. 34 // If auth is succeeded, cookie fetcher is executed, LP instance deletes itself. 35 // 36 // If |delegate_| is not NULL it will handle error messages, password input. 37 class LoginPerformer : public AuthStatusConsumer, 38 public OnlineAttemptHost::Delegate { 39 public: 40 typedef enum AuthorizationMode { 41 // Authorization performed internally by Chrome. 42 AUTH_MODE_INTERNAL, 43 // Authorization performed by an extension. 44 AUTH_MODE_EXTENSION 45 } AuthorizationMode; 46 47 // Delegate class to get notifications from the LoginPerformer. 48 class Delegate : public AuthStatusConsumer { 49 public: 50 virtual ~Delegate() {} 51 virtual void WhiteListCheckFailed(const std::string& email) = 0; 52 virtual void PolicyLoadFailed() = 0; 53 virtual void OnOnlineChecked(const std::string& email, bool success) = 0; 54 }; 55 56 explicit LoginPerformer(Delegate* delegate); 57 virtual ~LoginPerformer(); 58 59 // AuthStatusConsumer implementation: 60 virtual void OnAuthFailure(const AuthFailure& error) OVERRIDE; 61 virtual void OnRetailModeAuthSuccess( 62 const UserContext& user_context) OVERRIDE; 63 virtual void OnAuthSuccess(const UserContext& user_context) OVERRIDE; 64 virtual void OnOffTheRecordAuthSuccess() OVERRIDE; 65 virtual void OnPasswordChangeDetected() OVERRIDE; 66 67 // Performs a login for |user_context|. 68 // If auth_mode is AUTH_MODE_EXTENSION, there are no further auth checks, 69 // AUTH_MODE_INTERNAL will perform auth checks. 70 void PerformLogin(const UserContext& user_context, 71 AuthorizationMode auth_mode); 72 73 // Performs supervised user login with a given |user_context|. 74 void LoginAsSupervisedUser(const UserContext& user_context); 75 76 // Performs retail mode login. 77 void LoginRetailMode(); 78 79 // Performs actions to prepare guest mode login. 80 void LoginOffTheRecord(); 81 82 // Performs public session login with a given |user_context|. 83 void LoginAsPublicSession(const UserContext& user_context); 84 85 // Performs a login into the kiosk mode account with |app_user_id|. 86 void LoginAsKioskAccount(const std::string& app_user_id, 87 bool use_guest_mount); 88 89 // Migrates cryptohome using |old_password| specified. 90 void RecoverEncryptedData(const std::string& old_password); 91 92 // Reinitializes cryptohome with the new password. 93 void ResyncEncryptedData(); 94 95 // Returns latest auth error. 96 const GoogleServiceAuthError& error() const { 97 return last_login_failure_.error(); 98 } 99 100 // True if password change has been detected. 101 bool password_changed() { return password_changed_; } 102 103 // Number of times we've been called with OnPasswordChangeDetected(). 104 // If user enters incorrect old password, same LoginPerformer instance will 105 // be called so callback count makes it possible to distinguish initial 106 // "password changed detected" event from further attempts to enter old 107 // password for cryptohome migration (when > 1). 108 int password_changed_callback_count() { 109 return password_changed_callback_count_; 110 } 111 112 void set_delegate(Delegate* delegate) { delegate_ = delegate; } 113 114 AuthorizationMode auth_mode() const { return auth_mode_; } 115 116 protected: 117 // Implements OnlineAttemptHost::Delegate. 118 virtual void OnChecked(const std::string& username, bool success) OVERRIDE; 119 120 private: 121 // Starts login completion of externally authenticated user. 122 void StartLoginCompletion(); 123 124 // Starts authentication. 125 void StartAuthentication(); 126 127 // Completion callback for the online wildcard login check for enterprise 128 // devices. Continues the login process or signals whitelist check failure 129 // depending on the value of |result|. 130 void OnlineWildcardLoginCheckCompleted( 131 policy::WildcardLoginChecker::Result result); 132 133 // Used for logging in. 134 scoped_refptr<Authenticator> authenticator_; 135 scoped_refptr<ExtendedAuthenticator> extended_authenticator_; 136 137 // Used to make auxiliary online check. 138 OnlineAttemptHost online_attempt_host_; 139 140 // Represents last login failure that was encountered when communicating to 141 // sign-in server. AuthFailure.LoginFailureNone() by default. 142 AuthFailure last_login_failure_; 143 144 // User credentials for the current login attempt. 145 UserContext user_context_; 146 147 // Notifications receiver. 148 Delegate* delegate_; 149 150 // True if password change has been detected. 151 // Once correct password is entered homedir migration is executed. 152 bool password_changed_; 153 int password_changed_callback_count_; 154 155 // Authorization mode type. 156 AuthorizationMode auth_mode_; 157 158 // Used to verify logins that matched wildcard on the login whitelist. 159 scoped_ptr<policy::WildcardLoginChecker> wildcard_login_checker_; 160 161 base::WeakPtrFactory<LoginPerformer> weak_factory_; 162 163 DISALLOW_COPY_AND_ASSIGN(LoginPerformer); 164 }; 165 166 } // namespace chromeos 167 168 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ 169