chrome/browser/signin/easy_unlock_service_signin_chromeos.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/signin/easy_unlock_service_signin_chromeos.h"
   6
   7 #include "base/basictypes.h"
   8 #include "base/bind.h"
   9 #include "base/location.h"
  10 #include "base/logging.h"
  11 #include "base/stl_util.h"
  12 #include "base/sys_info.h"
  13 #include "base/thread_task_runner_handle.h"
  14 #include "base/time/time.h"
  15 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h"
  16 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
  17 #include "chrome/browser/signin/easy_unlock_app_manager.h"
  18 #include "chrome/browser/signin/easy_unlock_metrics.h"
  19 #include "chromeos/login/auth/user_context.h"
  20 #include "chromeos/tpm/tpm_token_loader.h"
  21
  22 namespace {
  23
  24 // The maximum allowed backoff interval when waiting for cryptohome to start.
  25 uint32 kMaxCryptohomeBackoffIntervalMs = 10000u;
  26
  27 // If the data load fails, the initial interval after which the load will be
  28 // retried. Further intervals will exponentially increas by factor 2.
  29 uint32 kInitialCryptohomeBackoffIntervalMs = 200u;
  30
  31 // Calculates the backoff interval that should be used next.
  32 // |backoff| The last backoff interval used.
  33 uint32 GetNextBackoffInterval(uint32 backoff) {
  34   if (backoff == 0u)
  35     return kInitialCryptohomeBackoffIntervalMs;
  36   return backoff * 2;
  37 }
  38
  39 void LoadDataForUser(
  40     const std::string& user_id,
  41     uint32 backoff_ms,
  42     const chromeos::EasyUnlockKeyManager::GetDeviceDataListCallback& callback);
  43
  44 // Callback passed to |LoadDataForUser()|.
  45 // If |LoadDataForUser| function succeeded, it invokes |callback| with the
  46 // results.
  47 // If |LoadDataForUser| failed and further retries are allowed, schedules new
  48 // |LoadDataForUser| call with some backoff. If no further retires are allowed,
  49 // it invokes |callback| with the |LoadDataForUser| results.
  50 void RetryDataLoadOnError(
  51     const std::string& user_id,
  52     uint32 backoff_ms,
  53     const chromeos::EasyUnlockKeyManager::GetDeviceDataListCallback& callback,
  54     bool success,
  55     const chromeos::EasyUnlockDeviceKeyDataList& data_list) {
  56   if (success) {
  57     callback.Run(success, data_list);
  58     return;
  59   }
  60
  61   uint32 next_backoff_ms = GetNextBackoffInterval(backoff_ms);
  62   if (next_backoff_ms > kMaxCryptohomeBackoffIntervalMs) {
  63     callback.Run(false, data_list);
  64     return;
  65   }
  66
  67   base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
  68       FROM_HERE,
  69       base::Bind(&LoadDataForUser, user_id, next_backoff_ms, callback),
  70       base::TimeDelta::FromMilliseconds(next_backoff_ms));
  71 }
  72
  73 // Loads device data list associated with the user's Easy unlock keys.
  74 void LoadDataForUser(
  75     const std::string& user_id,
  76     uint32 backoff_ms,
  77     const chromeos::EasyUnlockKeyManager::GetDeviceDataListCallback& callback) {
  78   chromeos::EasyUnlockKeyManager* key_manager =
  79       chromeos::UserSessionManager::GetInstance()->GetEasyUnlockKeyManager();
  80   DCHECK(key_manager);
  81
  82   key_manager->GetDeviceDataList(
  83       chromeos::UserContext(user_id),
  84       base::Bind(&RetryDataLoadOnError, user_id, backoff_ms, callback));
  85 }
  86
  87 }  // namespace
  88
  89 EasyUnlockServiceSignin::UserData::UserData()
  90     : state(EasyUnlockServiceSignin::USER_DATA_STATE_INITIAL) {
  91 }
  92
  93 EasyUnlockServiceSignin::UserData::~UserData() {}
  94
  95 EasyUnlockServiceSignin::EasyUnlockServiceSignin(Profile* profile)
  96     : EasyUnlockService(profile),
  97       allow_cryptohome_backoff_(true),
  98       service_active_(false),
  99       user_pod_last_focused_timestamp_(base::TimeTicks::Now()),
 100       weak_ptr_factory_(this) {
 101 }
 102
 103 EasyUnlockServiceSignin::~EasyUnlockServiceSignin() {
 104 }
 105
 106 void EasyUnlockServiceSignin::SetCurrentUser(const std::string& user_id) {
 107   OnFocusedUserChanged(user_id);
 108 }
 109
 110 EasyUnlockService::Type EasyUnlockServiceSignin::GetType() const {
 111   return EasyUnlockService::TYPE_SIGNIN;
 112 }
 113
 114 std::string EasyUnlockServiceSignin::GetUserEmail() const {
 115   return user_id_;
 116 }
 117
 118 void EasyUnlockServiceSignin::LaunchSetup() {
 119   NOTREACHED();
 120 }
 121
 122 const base::DictionaryValue* EasyUnlockServiceSignin::GetPermitAccess() const {
 123   return NULL;
 124 }
 125
 126 void EasyUnlockServiceSignin::SetPermitAccess(
 127     const base::DictionaryValue& permit) {
 128   NOTREACHED();
 129 }
 130
 131 void EasyUnlockServiceSignin::ClearPermitAccess() {
 132   NOTREACHED();
 133 }
 134
 135 const base::ListValue* EasyUnlockServiceSignin::GetRemoteDevices() const {
 136   const UserData* data = FindLoadedDataForCurrentUser();
 137   if (!data)
 138     return NULL;
 139   return &data->remote_devices_value;
 140 }
 141
 142 void EasyUnlockServiceSignin::SetRemoteDevices(
 143     const base::ListValue& devices) {
 144   NOTREACHED();
 145 }
 146
 147 void EasyUnlockServiceSignin::RunTurnOffFlow() {
 148   NOTREACHED();
 149 }
 150
 151 void EasyUnlockServiceSignin::ResetTurnOffFlow() {
 152   NOTREACHED();
 153 }
 154
 155 EasyUnlockService::TurnOffFlowStatus
 156     EasyUnlockServiceSignin::GetTurnOffFlowStatus() const {
 157   return EasyUnlockService::IDLE;
 158 }
 159
 160 std::string EasyUnlockServiceSignin::GetChallenge() const {
 161   const UserData* data = FindLoadedDataForCurrentUser();
 162   // TODO(xiyuan): Use correct remote device instead of hard coded first one.
 163   uint32 device_index = 0;
 164   if (!data || data->devices.size() <= device_index)
 165     return std::string();
 166   return data->devices[device_index].challenge;
 167 }
 168
 169 std::string EasyUnlockServiceSignin::GetWrappedSecret() const {
 170   const UserData* data = FindLoadedDataForCurrentUser();
 171   // TODO(xiyuan): Use correct remote device instead of hard coded first one.
 172   uint32 device_index = 0;
 173   if (!data || data->devices.size() <= device_index)
 174     return std::string();
 175   return data->devices[device_index].wrapped_secret;
 176 }
 177
 178 void EasyUnlockServiceSignin::RecordEasySignInOutcome(
 179     const std::string& user_id,
 180     bool success) const {
 181   DCHECK_EQ(GetUserEmail(), user_id);
 182
 183   RecordEasyUnlockSigninEvent(
 184       success ? EASY_UNLOCK_SUCCESS : EASY_UNLOCK_FAILURE);
 185   if (success) {
 186     RecordEasyUnlockSigninDuration(
 187         base::TimeTicks::Now() - user_pod_last_focused_timestamp_);
 188   }
 189   DVLOG(1) << "Easy sign-in " << (success ? "success" : "failure");
 190 }
 191
 192 void EasyUnlockServiceSignin::RecordPasswordLoginEvent(
 193     const std::string& user_id) const {
 194   // This happens during tests, where a user could log in without the user pod
 195   // being focused.
 196   if (GetUserEmail() != user_id)
 197     return;
 198
 199   if (!IsEnabled())
 200     return;
 201
 202   EasyUnlockAuthEvent event = GetPasswordAuthEvent();
 203   RecordEasyUnlockSigninEvent(event);
 204   DVLOG(1) << "Easy Sign-in password login event, event=" << event;
 205 }
 206
 207 void EasyUnlockServiceSignin::StartAutoPairing(
 208     const AutoPairingResultCallback& callback) {
 209   NOTREACHED();
 210 }
 211
 212 void EasyUnlockServiceSignin::SetAutoPairingResult(
 213     bool success,
 214     const std::string& error) {
 215   NOTREACHED();
 216 }
 217
 218 void EasyUnlockServiceSignin::InitializeInternal() {
 219   if (chromeos::LoginState::Get()->IsUserLoggedIn())
 220     return;
 221
 222   service_active_ = true;
 223
 224   chromeos::LoginState::Get()->AddObserver(this);
 225   ScreenlockBridge* screenlock_bridge = ScreenlockBridge::Get();
 226   screenlock_bridge->AddObserver(this);
 227   if (!screenlock_bridge->focused_user_id().empty())
 228     OnFocusedUserChanged(screenlock_bridge->focused_user_id());
 229 }
 230
 231 void EasyUnlockServiceSignin::ShutdownInternal() {
 232   if (!service_active_)
 233     return;
 234   service_active_ = false;
 235
 236   weak_ptr_factory_.InvalidateWeakPtrs();
 237   ScreenlockBridge::Get()->RemoveObserver(this);
 238   chromeos::LoginState::Get()->RemoveObserver(this);
 239   STLDeleteContainerPairSecondPointers(user_data_.begin(), user_data_.end());
 240   user_data_.clear();
 241 }
 242
 243 bool EasyUnlockServiceSignin::IsAllowedInternal() const {
 244   return service_active_ &&
 245          !user_id_.empty() &&
 246          !chromeos::LoginState::Get()->IsUserLoggedIn();
 247 }
 248
 249 void EasyUnlockServiceSignin::OnWillFinalizeUnlock(bool success) {
 250   // This code path should only be exercised for the lock screen, not for the
 251   // sign-in screen.
 252   NOTREACHED();
 253 }
 254
 255 void EasyUnlockServiceSignin::OnSuspendDone() {
 256   // Ignored.
 257 }
 258
 259 void EasyUnlockServiceSignin::OnScreenDidLock(
 260     ScreenlockBridge::LockHandler::ScreenType screen_type) {
 261   // In production code, the screen type should always be the signin screen; but
 262   // in tests, the screen type might be different.
 263   if (screen_type != ScreenlockBridge::LockHandler::SIGNIN_SCREEN)
 264     return;
 265
 266   // Update initial UI is when the account picker on login screen is ready.
 267   ShowInitialUserState();
 268   user_pod_last_focused_timestamp_ = base::TimeTicks::Now();
 269 }
 270
 271 void EasyUnlockServiceSignin::OnScreenDidUnlock(
 272     ScreenlockBridge::LockHandler::ScreenType screen_type) {
 273   // In production code, the screen type should always be the signin screen; but
 274   // in tests, the screen type might be different.
 275   if (screen_type != ScreenlockBridge::LockHandler::SIGNIN_SCREEN)
 276     return;
 277
 278   DisableAppWithoutResettingScreenlockState();
 279
 280   Shutdown();
 281 }
 282
 283 void EasyUnlockServiceSignin::OnFocusedUserChanged(const std::string& user_id) {
 284   if (user_id_ == user_id)
 285     return;
 286
 287   // Setting or clearing the user_id may changed |IsAllowed| value, so in these
 288   // cases update the app state. Otherwise, it's enough to notify the app the
 289   // user data has been updated.
 290   bool should_update_app_state = user_id_.empty() != user_id.empty();
 291   user_id_ = user_id;
 292   user_pod_last_focused_timestamp_ = base::TimeTicks::Now();
 293
 294   ResetScreenlockState();
 295   ShowInitialUserState();
 296
 297   if (should_update_app_state) {
 298     UpdateAppState();
 299   } else {
 300     NotifyUserUpdated();
 301   }
 302
 303   LoadCurrentUserDataIfNeeded();
 304
 305   // Start loading TPM system token.
 306   // The system token will be needed to sign a nonce using TPM private key
 307   // during the sign-in protocol.
 308   EasyUnlockScreenlockStateHandler::HardlockState hardlock_state;
 309   if (GetPersistedHardlockState(&hardlock_state) &&
 310       hardlock_state != EasyUnlockScreenlockStateHandler::NO_PAIRING) {
 311     chromeos::TPMTokenLoader::Get()->EnsureStarted();
 312   }
 313 }
 314
 315 void EasyUnlockServiceSignin::LoggedInStateChanged() {
 316   if (!chromeos::LoginState::Get()->IsUserLoggedIn())
 317     return;
 318   DisableAppWithoutResettingScreenlockState();
 319 }
 320
 321 void EasyUnlockServiceSignin::LoadCurrentUserDataIfNeeded() {
 322   // TODO(xiyuan): Revisit this when adding tests.
 323   if (!base::SysInfo::IsRunningOnChromeOS())
 324     return;
 325
 326   if (user_id_.empty() || !service_active_)
 327     return;
 328
 329   std::map<std::string, UserData*>::iterator it = user_data_.find(user_id_);
 330   if (it == user_data_.end())
 331     user_data_.insert(std::make_pair(user_id_, new UserData()));
 332
 333   UserData* data = user_data_[user_id_];
 334
 335   if (data->state != USER_DATA_STATE_INITIAL)
 336     return;
 337   data->state = USER_DATA_STATE_LOADING;
 338
 339   LoadDataForUser(
 340       user_id_,
 341       allow_cryptohome_backoff_ ? 0u : kMaxCryptohomeBackoffIntervalMs,
 342       base::Bind(&EasyUnlockServiceSignin::OnUserDataLoaded,
 343                  weak_ptr_factory_.GetWeakPtr(),
 344                  user_id_));
 345 }
 346
 347 void EasyUnlockServiceSignin::OnUserDataLoaded(
 348     const std::string& user_id,
 349     bool success,
 350     const chromeos::EasyUnlockDeviceKeyDataList& devices) {
 351   allow_cryptohome_backoff_ = false;
 352
 353   UserData* data = user_data_[user_id];
 354   data->state = USER_DATA_STATE_LOADED;
 355   if (success) {
 356     data->devices = devices;
 357     chromeos::EasyUnlockKeyManager::DeviceDataListToRemoteDeviceList(
 358         user_id, devices, &data->remote_devices_value);
 359
 360     // User could have a NO_HARDLOCK state but has no remote devices if
 361     // previous user session shuts down before
 362     // CheckCryptohomeKeysAndMaybeHardlock finishes. Set NO_PAIRING state
 363     // and update UI to remove the confusing spinner in this case.
 364     EasyUnlockScreenlockStateHandler::HardlockState hardlock_state;
 365     if (devices.empty() &&
 366         GetPersistedHardlockState(&hardlock_state) &&
 367         hardlock_state == EasyUnlockScreenlockStateHandler::NO_HARDLOCK) {
 368       SetHardlockStateForUser(user_id,
 369                               EasyUnlockScreenlockStateHandler::NO_PAIRING);
 370     }
 371   }
 372
 373   // If the fetched data belongs to the currently focused user, notify the app
 374   // that it has to refresh it's user data.
 375   if (user_id == user_id_)
 376     NotifyUserUpdated();
 377 }
 378
 379 const EasyUnlockServiceSignin::UserData*
 380     EasyUnlockServiceSignin::FindLoadedDataForCurrentUser() const {
 381   if (user_id_.empty())
 382     return NULL;
 383
 384   std::map<std::string, UserData*>::const_iterator it =
 385       user_data_.find(user_id_);
 386   if (it == user_data_.end())
 387     return NULL;
 388   if (it->second->state != USER_DATA_STATE_LOADED)
 389     return NULL;
 390   return it->second;
 391 }