chromeos/login/auth/authenticator.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROMEOS_LOGIN_AUTH_AUTHENTICATOR_H_
   6 #define CHROMEOS_LOGIN_AUTH_AUTHENTICATOR_H_
   7
   8 #include <string>
   9
  10 #include "base/basictypes.h"
  11 #include "base/memory/ref_counted.h"
  12 #include "chromeos/chromeos_export.h"
  13 #include "chromeos/login/auth/auth_status_consumer.h"
  14 #include "google_apis/gaia/gaia_auth_consumer.h"
  15
  16 class Profile;
  17
  18 namespace chromeos {
  19
  20 class UserContext;
  21
  22 // An interface for objects that will authenticate a Chromium OS user.
  23 // Callbacks will be called on the UI thread:
  24 // 1. On successful authentication, will call consumer_->OnAuthSuccess().
  25 // 2. On failure, will call consumer_->OnAuthFailure().
  26 // 3. On password change, will call consumer_->OnPasswordChangeDetected().
  27 class CHROMEOS_EXPORT Authenticator
  28     : public base::RefCountedThreadSafe<Authenticator> {
  29  public:
  30   explicit Authenticator(AuthStatusConsumer* consumer);
  31
  32   // Given externally authenticated username and password (part of
  33   // |user_context|), this method attempts to complete authentication process.
  34   virtual void CompleteLogin(Profile* profile,
  35                              const UserContext& user_context) = 0;
  36
  37   // Given a user credentials in |user_context|,
  38   // this method attempts to authenticate to login.
  39   // Must be called on the UI thread.
  40   virtual void AuthenticateToLogin(Profile* profile,
  41                                    const UserContext& user_context) = 0;
  42
  43   // Given a user credentials in |user_context|, this method attempts to
  44   // authenticate to unlock the computer.
  45   // Must be called on the UI thread.
  46   virtual void AuthenticateToUnlock(const UserContext& user_context) = 0;
  47
  48   // Initiates supervised user login.
  49   virtual void LoginAsSupervisedUser(const UserContext& user_context) = 0;
  50
  51   // Initiates retail mode login.
  52   virtual void LoginRetailMode() = 0;
  53
  54   // Initiates incognito ("browse without signing in") login.
  55   virtual void LoginOffTheRecord() = 0;
  56
  57   // Initiates login into the public account identified by |user_context|.
  58   virtual void LoginAsPublicSession(const UserContext& user_context) = 0;
  59
  60   // Initiates login into kiosk mode account identified by |app_user_id|.
  61   // The |app_user_id| is a generated username for the account.
  62   // |use_guest_mount| specifies whether to force the session to use a
  63   // guest mount. If this is false, we use mount a public cryptohome.
  64   virtual void LoginAsKioskAccount(const std::string& app_user_id,
  65                                    bool use_guest_mount) = 0;
  66
  67   // Completes retail mode login.
  68   virtual void OnRetailModeAuthSuccess() = 0;
  69
  70   // Notifies caller that login was successful. Must be called on the UI thread.
  71   virtual void OnAuthSuccess() = 0;
  72
  73   // Must be called on the UI thread.
  74   virtual void OnAuthFailure(const AuthFailure& error) = 0;
  75
  76   // Call these methods on the UI thread.
  77   // If a password logs the user in online, but cannot be used to
  78   // mount his cryptohome, we expect that a password change has
  79   // occurred.
  80   // Call this method to migrate the user's encrypted data
  81   // forward to use his new password.  |old_password| is the password
  82   // his data was last encrypted with.
  83   virtual void RecoverEncryptedData(const std::string& old_password) = 0;
  84
  85   // Call this method to erase the user's encrypted data
  86   // and create a new cryptohome.
  87   virtual void ResyncEncryptedData() = 0;
  88
  89   // Profile (usually off the record ) that was used to perform the last
  90   // authentication process.
  91   Profile* authentication_profile() { return authentication_profile_; }
  92
  93   // Sets consumer explicitly.
  94   void SetConsumer(AuthStatusConsumer* consumer);
  95
  96  protected:
  97   virtual ~Authenticator();
  98
  99   AuthStatusConsumer* consumer_;
 100   Profile* authentication_profile_;
 101
 102  private:
 103   friend class base::RefCountedThreadSafe<Authenticator>;
 104
 105   DISALLOW_COPY_AND_ASSIGN(Authenticator);
 106 };
 107
 108 }  // namespace chromeos
 109
 110 #endif  // CHROMEOS_LOGIN_AUTH_AUTHENTICATOR_H_