chrome/browser/signin/easy_unlock_service.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_SIGNIN_EASY_UNLOCK_SERVICE_H_
   6 #define CHROME_BROWSER_SIGNIN_EASY_UNLOCK_SERVICE_H_
   7
   8 #include <set>
   9 #include <string>
  10
  11 #include "base/callback_forward.h"
  12 #include "base/macros.h"
  13 #include "base/memory/scoped_ptr.h"
  14 #include "base/memory/weak_ptr.h"
  15 #include "base/observer_list.h"
  16 #include "chrome/browser/signin/easy_unlock_auth_attempt.h"
  17 #include "chrome/browser/signin/easy_unlock_metrics.h"
  18 #include "chrome/browser/signin/easy_unlock_screenlock_state_handler.h"
  19 #include "components/keyed_service/core/keyed_service.h"
  20 #include "components/proximity_auth/screenlock_state.h"
  21 #include "components/proximity_auth/webui/proximity_auth_ui_delegate.h"
  22
  23 #if defined(OS_CHROMEOS)
  24 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_types.h"
  25 #endif
  26
  27 namespace base {
  28 class DictionaryValue;
  29 class ListValue;
  30 }
  31
  32 namespace user_manager {
  33 class User;
  34 }
  35
  36 namespace user_prefs {
  37 class PrefRegistrySyncable;
  38 }
  39
  40 namespace proximity_auth {
  41 class ProximityAuthBleSystem;
  42 }
  43
  44 class EasyUnlockAppManager;
  45 class EasyUnlockServiceObserver;
  46 class Profile;
  47 class PrefRegistrySimple;
  48
  49 class EasyUnlockService : public KeyedService,
  50                           public proximity_auth::ProximityAuthUIDelegate {
  51  public:
  52   enum TurnOffFlowStatus {
  53     IDLE,
  54     PENDING,
  55     FAIL,
  56   };
  57
  58   enum Type {
  59     TYPE_REGULAR,
  60     TYPE_SIGNIN
  61   };
  62
  63   // Easy Unlock settings that the user can configure.
  64   struct UserSettings {
  65     UserSettings();
  66     ~UserSettings();
  67
  68     // Whether to require the remote device to be in very close proximity
  69     // before allowing unlock (~1 feet).
  70     bool require_close_proximity;
  71   };
  72
  73   // Gets EasyUnlockService instance.
  74   static EasyUnlockService* Get(Profile* profile);
  75
  76   // Gets EasyUnlockService instance associated with a user if the user is
  77   // logged in and his profile is initialized.
  78   static EasyUnlockService* GetForUser(const user_manager::User& user);
  79
  80   // Registers Easy Unlock profile preferences.
  81   static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
  82
  83   // Registers Easy Unlock local state entries.
  84   static void RegisterPrefs(PrefRegistrySimple* registry);
  85
  86   // Removes the hardlock state for the given user.
  87   static void ResetLocalStateForUser(const std::string& user_id);
  88
  89   // Returns the user's preferences.
  90   static UserSettings GetUserSettings(const std::string& user_id);
  91
  92   // Returns the identifier for the device.
  93   static std::string GetDeviceId();
  94
  95   // Returns true if Easy sign-in is enabled.
  96   static bool IsSignInEnabled();
  97
  98   // Returns the EasyUnlockService type.
  99   virtual Type GetType() const = 0;
 100
 101   // Returns the user currently associated with the service.
 102   virtual std::string GetUserEmail() const = 0;
 103
 104   // Launches Easy Unlock setup app.
 105   virtual void LaunchSetup() = 0;
 106
 107   // Gets/Sets/Clears the permit access for the local device.
 108   virtual const base::DictionaryValue* GetPermitAccess() const = 0;
 109   virtual void SetPermitAccess(const base::DictionaryValue& permit) = 0;
 110   virtual void ClearPermitAccess() = 0;
 111
 112   // Gets/Sets the remote devices list.
 113   virtual const base::ListValue* GetRemoteDevices() const = 0;
 114   virtual void SetRemoteDevices(const base::ListValue& devices) = 0;
 115
 116   // Runs the flow for turning Easy unlock off.
 117   virtual void RunTurnOffFlow() = 0;
 118
 119   // Resets the turn off flow if one is in progress.
 120   virtual void ResetTurnOffFlow() = 0;
 121
 122   // Returns the current turn off flow status.
 123   virtual TurnOffFlowStatus GetTurnOffFlowStatus() const = 0;
 124
 125   // Gets the challenge bytes for the user currently associated with the
 126   // service.
 127   virtual std::string GetChallenge() const = 0;
 128
 129   // Retrieved wrapped secret that should be used to unlock cryptohome for the
 130   // user currently associated with the service. If the service does not support
 131   // signin (i.e. service for a regular profile) or there is no secret available
 132   // for the user, returns an empty string.
 133   virtual std::string GetWrappedSecret() const = 0;
 134
 135   // Records metrics for Easy sign-in outcome for the given user.
 136   virtual void RecordEasySignInOutcome(const std::string& user_id,
 137                                        bool success) const = 0;
 138
 139   // Records metrics for password based flow for the given user.
 140   virtual void RecordPasswordLoginEvent(const std::string& user_id) const = 0;
 141
 142   // Starts auto pairing.
 143   typedef base::Callback<void(bool success, const std::string& error)>
 144       AutoPairingResultCallback;
 145   virtual void StartAutoPairing(const AutoPairingResultCallback& callback) = 0;
 146
 147   // Sets auto pairing result.
 148   virtual void SetAutoPairingResult(bool success, const std::string& error) = 0;
 149
 150   // Sets the service up and schedules service initialization.
 151   void Initialize(scoped_ptr<EasyUnlockAppManager> app_manager);
 152
 153   // Whether easy unlock is allowed to be used. If the controlling preference
 154   // is set (from policy), this returns the preference value. Otherwise, it is
 155   // permitted if the flag is enabled.
 156   bool IsAllowed() const;
 157
 158   // Whether Easy Unlock is currently enabled for this user.
 159   bool IsEnabled() const;
 160
 161   // Sets the hardlock state for the associated user.
 162   void SetHardlockState(EasyUnlockScreenlockStateHandler::HardlockState state);
 163
 164   // Returns the hardlock state for the associated user.
 165   EasyUnlockScreenlockStateHandler::HardlockState GetHardlockState() const;
 166
 167   // Gets the persisted hardlock state. Return true if there is persisted
 168   // hardlock state and the value would be set to |state|. Otherwise,
 169   // returns false and |state| is unchanged.
 170   bool GetPersistedHardlockState(
 171       EasyUnlockScreenlockStateHandler::HardlockState* state) const;
 172
 173   // Shows the hardlock or connecting state as initial UI before cryptohome
 174   // keys checking and state update from the app.
 175   void ShowInitialUserState();
 176
 177   // Updates the user pod on the signin/lock screen for the user associated with
 178   // the service to reflect the provided screenlock state.
 179   bool UpdateScreenlockState(proximity_auth::ScreenlockState state);
 180
 181   // Returns the screenlock state if it is available. Otherwise STATE_INACTIVE
 182   // is returned.
 183   proximity_auth::ScreenlockState GetScreenlockState();
 184
 185   // Starts an auth attempt for the user associated with the service. The
 186   // attempt type (unlock vs. signin) will depend on the service type.
 187   void AttemptAuth(const std::string& user_id);
 188
 189   // Similar to above but a callback is invoked after the auth attempt is
 190   // finalized instead of default unlock/sign-in.
 191   typedef EasyUnlockAuthAttempt::FinalizedCallback AttemptAuthCallback;
 192   void AttemptAuth(const std::string& user_id,
 193                    const AttemptAuthCallback& callback);
 194
 195   // Finalizes the previously started auth attempt for easy unlock. If called on
 196   // signin profile service, it will cancel the current auth attempt if one
 197   // exists.
 198   void FinalizeUnlock(bool success);
 199
 200   // Finalizes previously started auth attempt for easy signin. If called on
 201   // regular profile service, it will cancel the current auth attempt if one
 202   // exists.
 203   void FinalizeSignin(const std::string& secret);
 204
 205   // Handles Easy Unlock auth failure for the user.
 206   void HandleAuthFailure(const std::string& user_id);
 207
 208   // Checks the consistency between pairing data and cryptohome keys. Set
 209   // hardlock state if the two do not match.
 210   void CheckCryptohomeKeysAndMaybeHardlock();
 211
 212   // Marks the Easy Unlock screen lock state as the one associated with the
 213   // trial run initiated by Easy Unlock app.
 214   void SetTrialRun();
 215
 216   // Records that the user clicked on the lock icon during the trial run
 217   // initiated by the Easy Unlock app.
 218   void RecordClickOnLockIcon();
 219
 220   void AddObserver(EasyUnlockServiceObserver* observer);
 221   void RemoveObserver(EasyUnlockServiceObserver* observer);
 222
 223   // ProximityAuthUIDelegate:
 224   scoped_ptr<proximity_auth::CryptAuthClientFactory>
 225   CreateCryptAuthClientFactory() override;
 226   cryptauth::DeviceClassifier GetDeviceClassifier() override;
 227
 228  protected:
 229   explicit EasyUnlockService(Profile* profile);
 230   ~EasyUnlockService() override;
 231
 232   // Does a service type specific initialization.
 233   virtual void InitializeInternal() = 0;
 234
 235   // Does a service type specific shutdown. Called from |Shutdown|.
 236   virtual void ShutdownInternal() = 0;
 237
 238   // Service type specific tests for whether the service is allowed. Returns
 239   // false if service is not allowed. If true is returned, the service may still
 240   // not be allowed if common tests fail (e.g. if Bluetooth is not available).
 241   virtual bool IsAllowedInternal() const = 0;
 242
 243   // Called while processing a user gesture to unlock the screen using Easy
 244   // Unlock, just before the screen is unlocked.
 245   virtual void OnWillFinalizeUnlock(bool success) = 0;
 246
 247   // Called when the local device resumes after a suspend.
 248   virtual void OnSuspendDone() = 0;
 249
 250   // KeyedService override:
 251   void Shutdown() override;
 252
 253   // Exposes the profile to which the service is attached to subclasses.
 254   const Profile* profile() const { return profile_; }
 255   Profile* profile() { return profile_; }
 256
 257   // Opens an Easy Unlock Setup app window.
 258   void OpenSetupApp();
 259
 260   // Reloads the Easy unlock component app if it's loaded and resets the lock
 261   // screen state.
 262   void ReloadAppAndLockScreen();
 263
 264   // Checks whether Easy unlock should be running and updates app state.
 265   void UpdateAppState();
 266
 267   // Disables easy unlock app without affecting lock screen state.
 268   // Used primarily by signin service when user logged in state changes to
 269   // logged in but before screen gets unlocked. At this point service shutdown
 270   // is imminent and the app can be safely unloaded, but, for esthetic reasons,
 271   // the lock screen UI should remain unchanged until the screen unlocks.
 272   void DisableAppWithoutResettingScreenlockState();
 273
 274   // Notifies the easy unlock app that the user state has been updated.
 275   void NotifyUserUpdated();
 276
 277   // Notifies observers that the turn off flow status changed.
 278   void NotifyTurnOffOperationStatusChanged();
 279
 280   // Resets the screenlock state set by this service.
 281   void ResetScreenlockState();
 282
 283   // Updates |screenlock_state_handler_|'s hardlocked state.
 284   void SetScreenlockHardlockedState(
 285       EasyUnlockScreenlockStateHandler::HardlockState state);
 286
 287   const EasyUnlockScreenlockStateHandler* screenlock_state_handler() const {
 288     return screenlock_state_handler_.get();
 289   }
 290
 291   // Saves hardlock state for the given user. Update UI if the currently
 292   // associated user is the same.
 293   void SetHardlockStateForUser(
 294       const std::string& user_id,
 295       EasyUnlockScreenlockStateHandler::HardlockState state);
 296
 297   // Returns the authentication event for a recent password sign-in or unlock,
 298   // according to the current state of the service.
 299   EasyUnlockAuthEvent GetPasswordAuthEvent() const;
 300
 301  private:
 302   // A class to detect whether a bluetooth adapter is present.
 303   class BluetoothDetector;
 304
 305   // Initializes the service after EasyUnlockAppManager is ready.
 306   void InitializeOnAppManagerReady();
 307
 308   // Gets |screenlock_state_handler_|. Returns NULL if Easy Unlock is not
 309   // allowed. Otherwise, if |screenlock_state_handler_| is not set, an instance
 310   // is created. Do not cache the returned value, as it may go away if Easy
 311   // Unlock gets disabled.
 312   EasyUnlockScreenlockStateHandler* GetScreenlockStateHandler();
 313
 314   // Callback when Bluetooth adapter present state changes.
 315   void OnBluetoothAdapterPresentChanged();
 316
 317 #if defined(OS_CHROMEOS)
 318   // Callback for get key operation from CheckCryptohomeKeysAndMaybeHardlock.
 319   void OnCryptohomeKeysFetchedForChecking(
 320       const std::string& user_id,
 321       const std::set<std::string> paired_devices,
 322       bool success,
 323       const chromeos::EasyUnlockDeviceKeyDataList& key_data_list);
 324 #endif
 325
 326   // Updates the service to state for handling system suspend.
 327   void PrepareForSuspend();
 328
 329   void EnsureTpmKeyPresentIfNeeded();
 330
 331   Profile* profile_;
 332
 333   scoped_ptr<EasyUnlockAppManager> app_manager_;
 334
 335   // Created lazily in |GetScreenlockStateHandler|.
 336   scoped_ptr<EasyUnlockScreenlockStateHandler> screenlock_state_handler_;
 337
 338   // The handler for the current auth attempt. Set iff an auth attempt is in
 339   // progress.
 340   scoped_ptr<EasyUnlockAuthAttempt> auth_attempt_;
 341
 342   scoped_ptr<BluetoothDetector> bluetooth_detector_;
 343
 344   // The proximity auth over Bluetooth Low Energy system. This is main entry
 345   // point to bootstap Smart Lock to discover phones over Bluetooth Low
 346   // Energy.
 347   scoped_ptr<proximity_auth::ProximityAuthBleSystem> proximity_auth_ble_system_;
 348
 349 #if defined(OS_CHROMEOS)
 350   // Monitors suspend and wake state of ChromeOS.
 351   class PowerMonitor;
 352   scoped_ptr<PowerMonitor> power_monitor_;
 353 #endif
 354
 355   // Whether the service has been shut down.
 356   bool shut_down_;
 357
 358   bool tpm_key_checked_;
 359
 360   base::ObserverList<EasyUnlockServiceObserver> observers_;
 361
 362   base::WeakPtrFactory<EasyUnlockService> weak_ptr_factory_;
 363
 364   DISALLOW_COPY_AND_ASSIGN(EasyUnlockService);
 365 };
 366
 367 #endif  // CHROME_BROWSER_SIGNIN_EASY_UNLOCK_SERVICE_H_