Add ICU message format support
[chromium-blink-merge.git] / chromeos / login / auth / login_performer.h
bloba4e6ab36cc06e671515d71a238fdf96d6306a491
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
6 #define CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
8 #include <string>
10 #include "base/basictypes.h"
11 #include "base/callback.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/memory/weak_ptr.h"
14 #include "chromeos/chromeos_export.h"
15 #include "chromeos/login/auth/auth_status_consumer.h"
16 #include "chromeos/login/auth/authenticator.h"
17 #include "chromeos/login/auth/extended_authenticator.h"
18 #include "chromeos/login/auth/user_context.h"
19 #include "google_apis/gaia/google_service_auth_error.h"
21 namespace net {
22 class URLRequestContextGetter;
25 namespace policy {
26 class WildcardLoginChecker;
29 namespace content {
30 class BrowserContext;
33 namespace chromeos {
35 // This class encapsulates sign in operations.
36 // Sign in is performed in a way that offline auth is executed first.
37 // Once offline auth is OK - user homedir is mounted, UI is launched.
38 // At this point LoginPerformer |delegate_| is destroyed and it releases
39 // LP instance ownership. LP waits for online login result.
40 // If auth is succeeded, cookie fetcher is executed, LP instance deletes itself.
42 // If |delegate_| is not NULL it will handle error messages, password input.
43 class CHROMEOS_EXPORT LoginPerformer : public AuthStatusConsumer {
44 public:
45 typedef enum AuthorizationMode {
46 // Authorization performed internally by Chrome.
47 AUTH_MODE_INTERNAL,
48 // Authorization performed by an extension.
49 AUTH_MODE_EXTENSION
50 } AuthorizationMode;
52 // Delegate class to get notifications from the LoginPerformer.
53 class Delegate : public AuthStatusConsumer {
54 public:
55 ~Delegate() override {}
56 virtual void WhiteListCheckFailed(const std::string& email) = 0;
57 virtual void PolicyLoadFailed() = 0;
60 LoginPerformer(scoped_refptr<base::TaskRunner> task_runner,
61 Delegate* delegate);
62 ~LoginPerformer() override;
64 // Performs a login for |user_context|.
65 // If auth_mode is AUTH_MODE_EXTENSION, there are no further auth checks,
66 // AUTH_MODE_INTERNAL will perform auth checks.
67 void PerformLogin(const UserContext& user_context,
68 AuthorizationMode auth_mode);
70 // Performs supervised user login with a given |user_context|.
71 void LoginAsSupervisedUser(const UserContext& user_context);
73 // Performs actions to prepare guest mode login.
74 void LoginOffTheRecord();
76 // Performs public session login with a given |user_context|.
77 void LoginAsPublicSession(const UserContext& user_context);
79 // Performs a login into the kiosk mode account with |app_user_id|.
80 void LoginAsKioskAccount(const std::string& app_user_id,
81 bool use_guest_mount);
83 // AuthStatusConsumer implementation:
84 void OnAuthFailure(const AuthFailure& error) override;
85 void OnAuthSuccess(const UserContext& user_context) override;
86 void OnOffTheRecordAuthSuccess() override;
87 void OnPasswordChangeDetected() override;
89 // Migrates cryptohome using |old_password| specified.
90 void RecoverEncryptedData(const std::string& old_password);
92 // Reinitializes cryptohome with the new password.
93 void ResyncEncryptedData();
95 // Returns latest auth error.
96 const GoogleServiceAuthError& error() const {
97 return last_login_failure_.error();
100 // True if password change has been detected.
101 bool password_changed() { return password_changed_; }
103 // Number of times we've been called with OnPasswordChangeDetected().
104 // If user enters incorrect old password, same LoginPerformer instance will
105 // be called so callback count makes it possible to distinguish initial
106 // "password changed detected" event from further attempts to enter old
107 // password for cryptohome migration (when > 1).
108 int password_changed_callback_count() {
109 return password_changed_callback_count_;
112 void set_delegate(Delegate* delegate) { delegate_ = delegate; }
114 AuthorizationMode auth_mode() const { return auth_mode_; }
116 // Check if user is allowed to sign in on device. |wildcard_match| will
117 // contain additional information whether this user is explicitly listed or
118 // not (may be relevant for extension-based sign-in).
119 virtual bool IsUserWhitelisted(const std::string& user_id,
120 bool* wildcard_match) = 0;
122 protected:
123 // Platform-dependant methods to be implemented by concrete class.
125 // Run trusted check for a platform. If trusted check have to be performed
126 // asynchronously, |false| will be returned, and either delegate's
127 // PolicyLoadFailed() or |callback| will be called upon actual check.
128 virtual bool RunTrustedCheck(const base::Closure& callback) = 0;
130 // This method should run addional online check if user can sign in on device.
131 // Either |success_callback| or |failure_callback| should be called upon this
132 // check.
133 virtual void RunOnlineWhitelistCheck(
134 const std::string& user_id,
135 bool wildcard_match,
136 const std::string& refresh_token,
137 const base::Closure& success_callback,
138 const base::Closure& failure_callback) = 0;
140 // Supervised users-related methods.
142 // Check if supervised users are allowed on this device.
143 virtual bool AreSupervisedUsersAllowed() = 0;
145 // Check which authenticator should be used for supervised user.
146 virtual bool UseExtendedAuthenticatorForSupervisedUser(
147 const UserContext& user_context) = 0;
149 // Probably transform supervised user's authentication key.
150 virtual UserContext TransformSupervisedKey(const UserContext& context) = 0;
152 // Set up sign-in flow for supervised user.
153 virtual void SetupSupervisedUserFlow(const std::string& user_id) = 0;
155 // Set up sign-in flow for Easy Unlock.
156 virtual void SetupEasyUnlockUserFlow(const std::string& user_id) = 0;
158 // Run policy check for |user_id|. If something is wrong, delegate's
159 // PolicyLoadFailed is called.
160 virtual bool CheckPolicyForUser(const std::string& user_id) = 0;
162 // Look up browser context to use during signin.
163 virtual content::BrowserContext* GetSigninContext() = 0;
165 // Get RequestContext used for sign in.
166 virtual net::URLRequestContextGetter* GetSigninRequestContext() = 0;
168 // Create authenticator implementation.
169 virtual scoped_refptr<Authenticator> CreateAuthenticator() = 0;
171 void set_authenticator(scoped_refptr<Authenticator> authenticator);
173 // Notifications receiver.
174 Delegate* delegate_;
176 private:
177 // Starts login completion of externally authenticated user.
178 void StartLoginCompletion();
180 // Starts authentication.
181 void StartAuthentication();
182 void NotifyWhitelistCheckFailure();
184 // Makes sure that authenticator is created.
185 void EnsureAuthenticator();
186 void EnsureExtendedAuthenticator();
188 // Actual implementation of LoginAsSupervisedUser that is run after trusted
189 // values check.
190 void TrustedLoginAsSupervisedUser(const UserContext& user_context);
192 // Actual implementantion of PeformLogin that is run after trusted values
193 // check.
194 void DoPerformLogin(const UserContext& user_context,
195 AuthorizationMode auth_mode);
197 scoped_refptr<base::TaskRunner> task_runner_;
199 // Used for logging in.
200 scoped_refptr<Authenticator> authenticator_;
202 // Used for logging in.
203 scoped_refptr<ExtendedAuthenticator> extended_authenticator_;
205 // Represents last login failure that was encountered when communicating to
206 // sign-in server. AuthFailure.LoginFailureNone() by default.
207 AuthFailure last_login_failure_;
209 // User credentials for the current login attempt.
210 UserContext user_context_;
212 // True if password change has been detected.
213 // Once correct password is entered homedir migration is executed.
214 bool password_changed_;
215 int password_changed_callback_count_;
217 // Authorization mode type.
218 AuthorizationMode auth_mode_;
220 base::WeakPtrFactory<LoginPerformer> weak_factory_;
221 DISALLOW_COPY_AND_ASSIGN(LoginPerformer);
224 } // namespace chromeos
226 #endif // CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_