chrome/browser/chromeos/login/login_performer.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_LOGIN_PERFORMER_H_
   6 #define CHROME_BROWSER_CHROMEOS_LOGIN_LOGIN_PERFORMER_H_
   7
   8 #include <string>
   9
  10 #include "base/basictypes.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "base/memory/weak_ptr.h"
  13 #include "chrome/browser/chromeos/login/authenticator.h"
  14 #include "chrome/browser/chromeos/login/extended_authenticator.h"
  15 #include "chrome/browser/chromeos/login/login_status_consumer.h"
  16 #include "chrome/browser/chromeos/login/online_attempt_host.h"
  17 #include "chrome/browser/chromeos/login/user.h"
  18 #include "chrome/browser/chromeos/policy/wildcard_login_checker.h"
  19 #include "chrome/browser/profiles/profile_manager.h"
  20 #include "content/public/browser/notification_observer.h"
  21 #include "content/public/browser/notification_registrar.h"
  22 #include "google_apis/gaia/google_service_auth_error.h"
  23
  24 namespace policy {
  25 class WildcardLoginChecker;
  26 }
  27
  28 namespace chromeos {
  29
  30 // This class encapsulates sign in operations.
  31 // Sign in is performed in a way that offline auth is executed first.
  32 // Once offline auth is OK - user homedir is mounted, UI is launched.
  33 // At this point LoginPerformer |delegate_| is destroyed and it releases
  34 // LP instance ownership. LP waits for online login result.
  35 // If auth is succeeded, cookie fetcher is executed, LP instance deletes itself.
  36 //
  37 // If |delegate_| is not NULL it will handle error messages, password input.
  38 class LoginPerformer : public LoginStatusConsumer,
  39                        public OnlineAttemptHost::Delegate {
  40  public:
  41   typedef enum AuthorizationMode {
  42     // Authorization performed internally by Chrome.
  43     AUTH_MODE_INTERNAL,
  44     // Authorization performed by an extension.
  45     AUTH_MODE_EXTENSION
  46   } AuthorizationMode;
  47
  48   // Delegate class to get notifications from the LoginPerformer.
  49   class Delegate : public LoginStatusConsumer {
  50    public:
  51     virtual ~Delegate() {}
  52     virtual void WhiteListCheckFailed(const std::string& email) = 0;
  53     virtual void PolicyLoadFailed() = 0;
  54     virtual void OnOnlineChecked(const std::string& email, bool success) = 0;
  55   };
  56
  57   explicit LoginPerformer(Delegate* delegate);
  58   virtual ~LoginPerformer();
  59
  60   // LoginStatusConsumer implementation:
  61   virtual void OnLoginFailure(const LoginFailure& error) OVERRIDE;
  62   virtual void OnRetailModeLoginSuccess(
  63       const UserContext& user_context) OVERRIDE;
  64   virtual void OnLoginSuccess(const UserContext& user_context) OVERRIDE;
  65   virtual void OnOffTheRecordLoginSuccess() OVERRIDE;
  66   virtual void OnPasswordChangeDetected() OVERRIDE;
  67
  68   // Performs a login for |user_context|.
  69   // If auth_mode is AUTH_MODE_EXTENSION, there are no further auth checks,
  70   // AUTH_MODE_INTERNAL will perform auth checks.
  71   void PerformLogin(const UserContext& user_context,
  72                     AuthorizationMode auth_mode);
  73
  74   // Performs locally managed user login with a given |user_context|.
  75   void LoginAsLocallyManagedUser(const UserContext& user_context);
  76
  77   // Performs retail mode login.
  78   void LoginRetailMode();
  79
  80   // Performs actions to prepare guest mode login.
  81   void LoginOffTheRecord();
  82
  83   // Performs a login into the public account identified by |username|.
  84   void LoginAsPublicAccount(const std::string& username);
  85
  86   // Performs a login into the kiosk mode account with |app_user_id|.
  87   void LoginAsKioskAccount(const std::string& app_user_id,
  88                            bool use_guest_mount);
  89
  90   // Migrates cryptohome using |old_password| specified.
  91   void RecoverEncryptedData(const std::string& old_password);
  92
  93   // Reinitializes cryptohome with the new password.
  94   void ResyncEncryptedData();
  95
  96   // Returns latest auth error.
  97   const GoogleServiceAuthError& error() const {
  98     return last_login_failure_.error();
  99   }
 100
 101   // True if password change has been detected.
 102   bool password_changed() { return password_changed_; }
 103
 104   // Number of times we've been called with OnPasswordChangeDetected().
 105   // If user enters incorrect old password, same LoginPerformer instance will
 106   // be called so callback count makes it possible to distinguish initial
 107   // "password changed detected" event from further attempts to enter old
 108   // password for cryptohome migration (when > 1).
 109   int password_changed_callback_count() {
 110     return password_changed_callback_count_;
 111   }
 112
 113   void set_delegate(Delegate* delegate) { delegate_ = delegate; }
 114
 115   AuthorizationMode auth_mode() const { return auth_mode_; }
 116
 117  protected:
 118   // Implements OnlineAttemptHost::Delegate.
 119   virtual void OnChecked(const std::string& username, bool success) OVERRIDE;
 120
 121  private:
 122   // Starts login completion of externally authenticated user.
 123   void StartLoginCompletion();
 124
 125   // Starts authentication.
 126   void StartAuthentication();
 127
 128   // Completion callback for the online wildcard login check for enterprise
 129   // devices. Continues the login process or signals whitelist check failure
 130   // depending on the value of |result|.
 131   void OnlineWildcardLoginCheckCompleted(
 132       policy::WildcardLoginChecker::Result result);
 133
 134   // Used for logging in.
 135   scoped_refptr<Authenticator> authenticator_;
 136   scoped_refptr<ExtendedAuthenticator> extended_authenticator_;
 137
 138   // Used to make auxiliary online check.
 139   OnlineAttemptHost online_attempt_host_;
 140
 141   // Represents last login failure that was encountered when communicating to
 142   // sign-in server. LoginFailure.LoginFailureNone() by default.
 143   LoginFailure last_login_failure_;
 144
 145   // User credentials for the current login attempt.
 146   UserContext user_context_;
 147
 148   // Notifications receiver.
 149   Delegate* delegate_;
 150
 151   // True if password change has been detected.
 152   // Once correct password is entered homedir migration is executed.
 153   bool password_changed_;
 154   int password_changed_callback_count_;
 155
 156   // Authorization mode type.
 157   AuthorizationMode auth_mode_;
 158
 159   // Used to verify logins that matched wildcard on the login whitelist.
 160   scoped_ptr<policy::WildcardLoginChecker> wildcard_login_checker_;
 161
 162   base::WeakPtrFactory<LoginPerformer> weak_factory_;
 163
 164   DISALLOW_COPY_AND_ASSIGN(LoginPerformer);
 165 };
 166
 167 }  // namespace chromeos
 168
 169 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_LOGIN_PERFORMER_H_