Home | History | Annotate | Download | only in auth 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
      6 #define CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
      7 
      8 #include <string>
      9 
     10 #include "base/basictypes.h"
     11 #include "base/memory/scoped_ptr.h"
     12 #include "base/memory/weak_ptr.h"
     13 #include "chrome/browser/chromeos/policy/wildcard_login_checker.h"
     14 #include "chromeos/login/auth/auth_status_consumer.h"
     15 #include "chromeos/login/auth/authenticator.h"
     16 #include "chromeos/login/auth/extended_authenticator.h"
     17 #include "chromeos/login/auth/online_attempt_host.h"
     18 #include "chromeos/login/auth/user_context.h"
     19 #include "content/public/browser/notification_observer.h"
     20 #include "content/public/browser/notification_registrar.h"
     21 #include "google_apis/gaia/google_service_auth_error.h"
     22 
     23 namespace policy {
     24 class WildcardLoginChecker;
     25 }
     26 
     27 namespace chromeos {
     28 
     29 // This class encapsulates sign in operations.
     30 // Sign in is performed in a way that offline auth is executed first.
     31 // Once offline auth is OK - user homedir is mounted, UI is launched.
     32 // At this point LoginPerformer |delegate_| is destroyed and it releases
     33 // LP instance ownership. LP waits for online login result.
     34 // If auth is succeeded, cookie fetcher is executed, LP instance deletes itself.
     35 //
     36 // If |delegate_| is not NULL it will handle error messages, password input.
     37 class LoginPerformer : public AuthStatusConsumer,
     38                        public OnlineAttemptHost::Delegate {
     39  public:
     40   typedef enum AuthorizationMode {
     41     // Authorization performed internally by Chrome.
     42     AUTH_MODE_INTERNAL,
     43     // Authorization performed by an extension.
     44     AUTH_MODE_EXTENSION
     45   } AuthorizationMode;
     46 
     47   // Delegate class to get notifications from the LoginPerformer.
     48   class Delegate : public AuthStatusConsumer {
     49    public:
     50     virtual ~Delegate() {}
     51     virtual void WhiteListCheckFailed(const std::string& email) = 0;
     52     virtual void PolicyLoadFailed() = 0;
     53     virtual void OnOnlineChecked(const std::string& email, bool success) = 0;
     54   };
     55 
     56   explicit LoginPerformer(Delegate* delegate);
     57   virtual ~LoginPerformer();
     58 
     59   // AuthStatusConsumer implementation:
     60   virtual void OnAuthFailure(const AuthFailure& error) OVERRIDE;
     61   virtual void OnRetailModeAuthSuccess(
     62       const UserContext& user_context) OVERRIDE;
     63   virtual void OnAuthSuccess(const UserContext& user_context) OVERRIDE;
     64   virtual void OnOffTheRecordAuthSuccess() OVERRIDE;
     65   virtual void OnPasswordChangeDetected() OVERRIDE;
     66 
     67   // Performs a login for |user_context|.
     68   // If auth_mode is AUTH_MODE_EXTENSION, there are no further auth checks,
     69   // AUTH_MODE_INTERNAL will perform auth checks.
     70   void PerformLogin(const UserContext& user_context,
     71                     AuthorizationMode auth_mode);
     72 
     73   // Performs supervised user login with a given |user_context|.
     74   void LoginAsSupervisedUser(const UserContext& user_context);
     75 
     76   // Performs retail mode login.
     77   void LoginRetailMode();
     78 
     79   // Performs actions to prepare guest mode login.
     80   void LoginOffTheRecord();
     81 
     82   // Performs public session login with a given |user_context|.
     83   void LoginAsPublicSession(const UserContext& user_context);
     84 
     85   // Performs a login into the kiosk mode account with |app_user_id|.
     86   void LoginAsKioskAccount(const std::string& app_user_id,
     87                            bool use_guest_mount);
     88 
     89   // Migrates cryptohome using |old_password| specified.
     90   void RecoverEncryptedData(const std::string& old_password);
     91 
     92   // Reinitializes cryptohome with the new password.
     93   void ResyncEncryptedData();
     94 
     95   // Returns latest auth error.
     96   const GoogleServiceAuthError& error() const {
     97     return last_login_failure_.error();
     98   }
     99 
    100   // True if password change has been detected.
    101   bool password_changed() { return password_changed_; }
    102 
    103   // Number of times we've been called with OnPasswordChangeDetected().
    104   // If user enters incorrect old password, same LoginPerformer instance will
    105   // be called so callback count makes it possible to distinguish initial
    106   // "password changed detected" event from further attempts to enter old
    107   // password for cryptohome migration (when > 1).
    108   int password_changed_callback_count() {
    109     return password_changed_callback_count_;
    110   }
    111 
    112   void set_delegate(Delegate* delegate) { delegate_ = delegate; }
    113 
    114   AuthorizationMode auth_mode() const { return auth_mode_; }
    115 
    116  protected:
    117   // Implements OnlineAttemptHost::Delegate.
    118   virtual void OnChecked(const std::string& username, bool success) OVERRIDE;
    119 
    120  private:
    121   // Starts login completion of externally authenticated user.
    122   void StartLoginCompletion();
    123 
    124   // Starts authentication.
    125   void StartAuthentication();
    126 
    127   // Completion callback for the online wildcard login check for enterprise
    128   // devices. Continues the login process or signals whitelist check failure
    129   // depending on the value of |result|.
    130   void OnlineWildcardLoginCheckCompleted(
    131       policy::WildcardLoginChecker::Result result);
    132 
    133   // Used for logging in.
    134   scoped_refptr<Authenticator> authenticator_;
    135   scoped_refptr<ExtendedAuthenticator> extended_authenticator_;
    136 
    137   // Used to make auxiliary online check.
    138   OnlineAttemptHost online_attempt_host_;
    139 
    140   // Represents last login failure that was encountered when communicating to
    141   // sign-in server. AuthFailure.LoginFailureNone() by default.
    142   AuthFailure last_login_failure_;
    143 
    144   // User credentials for the current login attempt.
    145   UserContext user_context_;
    146 
    147   // Notifications receiver.
    148   Delegate* delegate_;
    149 
    150   // True if password change has been detected.
    151   // Once correct password is entered homedir migration is executed.
    152   bool password_changed_;
    153   int password_changed_callback_count_;
    154 
    155   // Authorization mode type.
    156   AuthorizationMode auth_mode_;
    157 
    158   // Used to verify logins that matched wildcard on the login whitelist.
    159   scoped_ptr<policy::WildcardLoginChecker> wildcard_login_checker_;
    160 
    161   base::WeakPtrFactory<LoginPerformer> weak_factory_;
    162 
    163   DISALLOW_COPY_AND_ASSIGN(LoginPerformer);
    164 };
    165 
    166 }  // namespace chromeos
    167 
    168 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
    169