Add new certificateProvider extension API.
[chromium-blink-merge.git] / chrome / browser / chromeos / login / lock / screen_locker.cc
blob2bf45b9e64618e60ae2ddc3c230ac659448f5775
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/login/lock/screen_locker.h"
7 #include <string>
8 #include <vector>
10 #include "ash/ash_switches.h"
11 #include "ash/audio/sounds.h"
12 #include "ash/desktop_background/desktop_background_controller.h"
13 #include "ash/shell.h"
14 #include "ash/wm/lock_state_controller.h"
15 #include "ash/wm/window_state.h"
16 #include "ash/wm/window_util.h"
17 #include "ash/wm/wm_event.h"
18 #include "base/bind.h"
19 #include "base/command_line.h"
20 #include "base/lazy_instance.h"
21 #include "base/memory/weak_ptr.h"
22 #include "base/message_loop/message_loop.h"
23 #include "base/metrics/histogram.h"
24 #include "base/strings/string_number_conversions.h"
25 #include "base/strings/string_util.h"
26 #include "chrome/browser/chrome_notification_types.h"
27 #include "chrome/browser/chromeos/login/lock/webui_screen_locker.h"
28 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
29 #include "chrome/browser/chromeos/login/supervised/supervised_user_authentication.h"
30 #include "chrome/browser/chromeos/login/ui/user_adding_screen.h"
31 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
32 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
33 #include "chrome/browser/lifetime/application_lifetime.h"
34 #include "chrome/browser/signin/easy_unlock_service.h"
35 #include "chrome/browser/signin/signin_manager_factory.h"
36 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_provider.h"
37 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_source.h"
38 #include "chrome/common/chrome_switches.h"
39 #include "chrome/grit/browser_resources.h"
40 #include "chrome/grit/generated_resources.h"
41 #include "chromeos/audio/chromeos_sounds.h"
42 #include "chromeos/dbus/dbus_thread_manager.h"
43 #include "chromeos/dbus/session_manager_client.h"
44 #include "chromeos/login/auth/authenticator.h"
45 #include "chromeos/login/auth/extended_authenticator.h"
46 #include "chromeos/network/portal_detector/network_portal_detector.h"
47 #include "components/signin/core/browser/signin_manager.h"
48 #include "components/user_manager/user_manager.h"
49 #include "components/user_manager/user_type.h"
50 #include "content/public/browser/browser_thread.h"
51 #include "content/public/browser/notification_service.h"
52 #include "content/public/browser/url_data_source.h"
53 #include "content/public/browser/user_metrics.h"
54 #include "content/public/browser/web_contents.h"
55 #include "content/public/browser/web_ui.h"
56 #include "media/audio/sounds/sounds_manager.h"
57 #include "ui/base/resource/resource_bundle.h"
58 #include "ui/gfx/image/image.h"
59 #include "url/gurl.h"
61 using base::UserMetricsAction;
62 using content::BrowserThread;
64 namespace chromeos {
66 namespace {
68 // Timeout for unlock animation guard - some animations may be required to run
69 // on successful authentication before unlocking, but we want to be sure that
70 // unlock happens even if animations are broken.
71 const int kUnlockGuardTimeoutMs = 400;
73 // Observer to start ScreenLocker when locking the screen is requested.
74 class ScreenLockObserver : public SessionManagerClient::StubDelegate,
75 public content::NotificationObserver,
76 public UserAddingScreen::Observer {
77 public:
78 ScreenLockObserver() : session_started_(false) {
79 registrar_.Add(this,
80 chrome::NOTIFICATION_SESSION_STARTED,
81 content::NotificationService::AllSources());
82 DBusThreadManager::Get()->GetSessionManagerClient()->SetStubDelegate(this);
85 ~ScreenLockObserver() override {
86 if (DBusThreadManager::IsInitialized()) {
87 DBusThreadManager::Get()->GetSessionManagerClient()->SetStubDelegate(
88 NULL);
92 bool session_started() const { return session_started_; }
94 // SessionManagerClient::StubDelegate overrides:
95 void LockScreenForStub() override { ScreenLocker::HandleLockScreenRequest(); }
97 // NotificationObserver overrides:
98 void Observe(int type,
99 const content::NotificationSource& source,
100 const content::NotificationDetails& details) override {
101 if (type == chrome::NOTIFICATION_SESSION_STARTED)
102 session_started_ = true;
103 else
104 NOTREACHED() << "Unexpected notification " << type;
107 // UserAddingScreen::Observer overrides:
108 void OnUserAddingFinished() override {
109 UserAddingScreen::Get()->RemoveObserver(this);
110 ScreenLocker::HandleLockScreenRequest();
113 private:
114 bool session_started_;
115 content::NotificationRegistrar registrar_;
117 DISALLOW_COPY_AND_ASSIGN(ScreenLockObserver);
120 ScreenLockObserver* g_screen_lock_observer = NULL;
122 } // namespace
124 // static
125 ScreenLocker* ScreenLocker::screen_locker_ = NULL;
127 //////////////////////////////////////////////////////////////////////////////
128 // ScreenLocker, public:
130 ScreenLocker::ScreenLocker(const user_manager::UserList& users)
131 : users_(users),
132 locked_(false),
133 start_time_(base::Time::Now()),
134 auth_status_consumer_(NULL),
135 incorrect_passwords_count_(0),
136 weak_factory_(this) {
137 DCHECK(!screen_locker_);
138 screen_locker_ = this;
140 ui::ResourceBundle& bundle = ui::ResourceBundle::GetSharedInstance();
141 media::SoundsManager* manager = media::SoundsManager::Get();
142 manager->Initialize(SOUND_LOCK,
143 bundle.GetRawDataResource(IDR_SOUND_LOCK_WAV));
144 manager->Initialize(SOUND_UNLOCK,
145 bundle.GetRawDataResource(IDR_SOUND_UNLOCK_WAV));
147 ash::Shell::GetInstance()->
148 lock_state_controller()->SetLockScreenDisplayedCallback(
149 base::Bind(base::IgnoreResult(&ash::PlaySystemSoundIfSpokenFeedback),
150 static_cast<media::SoundsManager::SoundKey>(
151 chromeos::SOUND_LOCK)));
154 void ScreenLocker::Init() {
155 input_method::InputMethodManager* imm =
156 input_method::InputMethodManager::Get();
157 saved_ime_state_ = imm->GetActiveIMEState();
158 imm->SetState(saved_ime_state_->Clone());
160 authenticator_ = UserSessionManager::GetInstance()->CreateAuthenticator(this);
161 extended_authenticator_ = ExtendedAuthenticator::Create(this);
162 delegate_.reset(new WebUIScreenLocker(this));
163 delegate_->LockScreen();
165 // Ownership of |icon_image_source| is passed.
166 screenlock_icon_provider_.reset(new ScreenlockIconProvider);
167 ScreenlockIconSource* screenlock_icon_source =
168 new ScreenlockIconSource(screenlock_icon_provider_->AsWeakPtr());
169 content::URLDataSource::Add(
170 GetAssociatedWebUI()->GetWebContents()->GetBrowserContext(),
171 screenlock_icon_source);
174 void ScreenLocker::OnAuthFailure(const AuthFailure& error) {
175 content::RecordAction(UserMetricsAction("ScreenLocker_OnLoginFailure"));
176 if (authentication_start_time_.is_null()) {
177 LOG(ERROR) << "Start time is not set at authentication failure";
178 } else {
179 base::TimeDelta delta = base::Time::Now() - authentication_start_time_;
180 VLOG(1) << "Authentication failure: " << delta.InSecondsF() << " second(s)";
181 UMA_HISTOGRAM_TIMES("ScreenLocker.AuthenticationFailureTime", delta);
184 EnableInput();
185 // Don't enable signout button here as we're showing
186 // MessageBubble.
188 delegate_->ShowErrorMessage(incorrect_passwords_count_++ ?
189 IDS_LOGIN_ERROR_AUTHENTICATING_2ND_TIME :
190 IDS_LOGIN_ERROR_AUTHENTICATING,
191 HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT);
193 if (auth_status_consumer_)
194 auth_status_consumer_->OnAuthFailure(error);
197 void ScreenLocker::OnAuthSuccess(const UserContext& user_context) {
198 incorrect_passwords_count_ = 0;
199 if (authentication_start_time_.is_null()) {
200 if (!user_context.GetUserID().empty())
201 LOG(ERROR) << "Start time is not set at authentication success";
202 } else {
203 base::TimeDelta delta = base::Time::Now() - authentication_start_time_;
204 VLOG(1) << "Authentication success: " << delta.InSecondsF() << " second(s)";
205 UMA_HISTOGRAM_TIMES("ScreenLocker.AuthenticationSuccessTime", delta);
208 const user_manager::User* user =
209 user_manager::UserManager::Get()->FindUser(user_context.GetUserID());
210 if (user) {
211 if (!user->is_active()) {
212 saved_ime_state_ = NULL;
213 user_manager::UserManager::Get()->SwitchActiveUser(
214 user_context.GetUserID());
216 UserSessionManager::GetInstance()->UpdateEasyUnlockKeys(user_context);
217 } else {
218 NOTREACHED() << "Logged in user not found.";
221 authentication_capture_.reset(new AuthenticationParametersCapture());
222 authentication_capture_->user_context = user_context;
224 // Add guard for case when something get broken in call chain to unlock
225 // for sure.
226 base::MessageLoop::current()->PostDelayedTask(
227 FROM_HERE,
228 base::Bind(&ScreenLocker::UnlockOnLoginSuccess,
229 weak_factory_.GetWeakPtr()),
230 base::TimeDelta::FromMilliseconds(kUnlockGuardTimeoutMs));
231 delegate_->AnimateAuthenticationSuccess();
234 void ScreenLocker::UnlockOnLoginSuccess() {
235 DCHECK(base::MessageLoopForUI::IsCurrent());
236 if (!authentication_capture_.get()) {
237 LOG(WARNING) << "Call to UnlockOnLoginSuccess without previous " <<
238 "authentication success.";
239 return;
242 if (auth_status_consumer_) {
243 auth_status_consumer_->OnAuthSuccess(authentication_capture_->user_context);
245 authentication_capture_.reset();
246 weak_factory_.InvalidateWeakPtrs();
248 VLOG(1) << "Hiding the lock screen.";
249 chromeos::ScreenLocker::Hide();
252 void ScreenLocker::Authenticate(const UserContext& user_context) {
253 LOG_ASSERT(IsUserLoggedIn(user_context.GetUserID()))
254 << "Invalid user trying to unlock.";
256 authentication_start_time_ = base::Time::Now();
257 delegate_->SetInputEnabled(false);
258 delegate_->OnAuthenticate();
260 // Special case: supervised users. Use special authenticator.
261 if (const user_manager::User* user =
262 FindUnlockUser(user_context.GetUserID())) {
263 if (user->GetType() == user_manager::USER_TYPE_SUPERVISED) {
264 UserContext updated_context = ChromeUserManager::Get()
265 ->GetSupervisedUserManager()
266 ->GetAuthentication()
267 ->TransformKey(user_context);
268 // TODO(antrim) : replace empty closure with explicit method.
269 // http://crbug.com/351268
270 BrowserThread::PostTask(
271 BrowserThread::UI,
272 FROM_HERE,
273 base::Bind(&ExtendedAuthenticator::AuthenticateToCheck,
274 extended_authenticator_.get(),
275 updated_context,
276 base::Closure()));
277 return;
281 BrowserThread::PostTask(
282 BrowserThread::UI, FROM_HERE,
283 base::Bind(&ExtendedAuthenticator::AuthenticateToCheck,
284 extended_authenticator_.get(),
285 user_context,
286 base::Closure()));
289 const user_manager::User* ScreenLocker::FindUnlockUser(
290 const std::string& user_id) {
291 const user_manager::User* unlock_user = NULL;
292 for (user_manager::UserList::const_iterator it = users_.begin();
293 it != users_.end();
294 ++it) {
295 if ((*it)->email() == user_id) {
296 unlock_user = *it;
297 break;
300 return unlock_user;
303 void ScreenLocker::ClearErrors() {
304 delegate_->ClearErrors();
307 void ScreenLocker::Signout() {
308 delegate_->ClearErrors();
309 content::RecordAction(UserMetricsAction("ScreenLocker_Signout"));
310 // We expect that this call will not wait for any user input.
311 // If it changes at some point, we will need to force exit.
312 chrome::AttemptUserExit();
314 // Don't hide yet the locker because the chrome screen may become visible
315 // briefly.
318 void ScreenLocker::EnableInput() {
319 delegate_->SetInputEnabled(true);
322 void ScreenLocker::ShowErrorMessage(int error_msg_id,
323 HelpAppLauncher::HelpTopic help_topic_id,
324 bool sign_out_only) {
325 delegate_->SetInputEnabled(!sign_out_only);
326 delegate_->ShowErrorMessage(error_msg_id, help_topic_id);
329 void ScreenLocker::SetLoginStatusConsumer(
330 chromeos::AuthStatusConsumer* consumer) {
331 auth_status_consumer_ = consumer;
334 // static
335 void ScreenLocker::InitClass() {
336 DCHECK(!g_screen_lock_observer);
337 g_screen_lock_observer = new ScreenLockObserver;
340 // static
341 void ScreenLocker::ShutDownClass() {
342 DCHECK(g_screen_lock_observer);
343 delete g_screen_lock_observer;
344 g_screen_lock_observer = NULL;
347 // static
348 void ScreenLocker::HandleLockScreenRequest() {
349 VLOG(1) << "Received LockScreen request from session manager";
350 DCHECK(g_screen_lock_observer);
351 if (UserAddingScreen::Get()->IsRunning()) {
352 VLOG(1) << "Waiting for user adding screen to stop";
353 UserAddingScreen::Get()->AddObserver(g_screen_lock_observer);
354 UserAddingScreen::Get()->Cancel();
355 return;
357 if (g_screen_lock_observer->session_started() &&
358 user_manager::UserManager::Get()->CanCurrentUserLock()) {
359 ScreenLocker::Show();
360 ash::Shell::GetInstance()->lock_state_controller()->OnStartingLock();
361 } else {
362 // If the current user's session cannot be locked or the user has not
363 // completed all sign-in steps yet, log out instead. The latter is done to
364 // avoid complications with displaying the lock screen over the login
365 // screen while remaining secure in the case the user walks away during
366 // the sign-in steps. See crbug.com/112225 and crbug.com/110933.
367 VLOG(1) << "Calling session manager's StopSession D-Bus method";
368 DBusThreadManager::Get()->GetSessionManagerClient()->StopSession();
370 // Close captive portal window and clear signin profile.
371 NetworkPortalDetector::Get()->OnLockScreenRequest();
374 // static
375 void ScreenLocker::Show() {
376 content::RecordAction(UserMetricsAction("ScreenLocker_Show"));
377 DCHECK(base::MessageLoopForUI::IsCurrent());
379 // Check whether the currently logged in user is a guest account and if so,
380 // refuse to lock the screen (crosbug.com/23764).
381 if (user_manager::UserManager::Get()->IsLoggedInAsGuest()) {
382 VLOG(1) << "Refusing to lock screen for guest account";
383 return;
386 // If the active window is fullscreen, exit fullscreen to avoid the web page
387 // or app mimicking the lock screen. Do not exit fullscreen if the shelf is
388 // visible while in fullscreen because the shelf makes it harder for a web
389 // page or app to mimick the lock screen.
390 ash::wm::WindowState* active_window_state = ash::wm::GetActiveWindowState();
391 if (active_window_state &&
392 active_window_state->IsFullscreen() &&
393 active_window_state->hide_shelf_when_fullscreen()) {
394 const ash::wm::WMEvent event(ash::wm::WM_EVENT_TOGGLE_FULLSCREEN);
395 active_window_state->OnWMEvent(&event);
398 if (!screen_locker_) {
399 ScreenLocker* locker =
400 new ScreenLocker(user_manager::UserManager::Get()->GetUnlockUsers());
401 VLOG(1) << "Created ScreenLocker " << locker;
402 locker->Init();
403 } else {
404 VLOG(1) << "ScreenLocker " << screen_locker_ << " already exists; "
405 << " calling session manager's HandleLockScreenShown D-Bus method";
406 DBusThreadManager::Get()->GetSessionManagerClient()->
407 NotifyLockScreenShown();
411 // static
412 void ScreenLocker::Hide() {
413 DCHECK(base::MessageLoopForUI::IsCurrent());
414 // For a guest user, screen_locker_ would have never been initialized.
415 if (user_manager::UserManager::Get()->IsLoggedInAsGuest()) {
416 VLOG(1) << "Refusing to hide lock screen for guest account";
417 return;
420 DCHECK(screen_locker_);
421 base::Callback<void(void)> callback =
422 base::Bind(&ScreenLocker::ScheduleDeletion);
423 ash::Shell::GetInstance()->lock_state_controller()->
424 OnLockScreenHide(callback);
427 void ScreenLocker::ScheduleDeletion() {
428 // Avoid possible multiple calls.
429 if (screen_locker_ == NULL)
430 return;
431 VLOG(1) << "Deleting ScreenLocker " << screen_locker_;
433 ash::PlaySystemSoundIfSpokenFeedback(SOUND_UNLOCK);
435 delete screen_locker_;
436 screen_locker_ = NULL;
439 ////////////////////////////////////////////////////////////////////////////////
440 // ScreenLocker, private:
442 ScreenLocker::~ScreenLocker() {
443 VLOG(1) << "Destroying ScreenLocker " << this;
444 DCHECK(base::MessageLoopForUI::IsCurrent());
446 if (authenticator_.get())
447 authenticator_->SetConsumer(NULL);
448 ClearErrors();
450 VLOG(1) << "Moving desktop background to unlocked container";
451 ash::Shell::GetInstance()->
452 desktop_background_controller()->MoveDesktopToUnlockedContainer();
454 screen_locker_ = NULL;
455 bool state = false;
456 VLOG(1) << "Emitting SCREEN_LOCK_STATE_CHANGED with state=" << state;
457 content::NotificationService::current()->Notify(
458 chrome::NOTIFICATION_SCREEN_LOCK_STATE_CHANGED,
459 content::Source<ScreenLocker>(this),
460 content::Details<bool>(&state));
462 VLOG(1) << "Calling session manager's HandleLockScreenDismissed D-Bus method";
463 DBusThreadManager::Get()->GetSessionManagerClient()->
464 NotifyLockScreenDismissed();
466 if (saved_ime_state_.get()) {
467 input_method::InputMethodManager::Get()->SetState(saved_ime_state_);
471 void ScreenLocker::SetAuthenticator(Authenticator* authenticator) {
472 authenticator_ = authenticator;
475 void ScreenLocker::ScreenLockReady() {
476 locked_ = true;
477 base::TimeDelta delta = base::Time::Now() - start_time_;
478 VLOG(1) << "ScreenLocker " << this << " is ready after "
479 << delta.InSecondsF() << " second(s)";
480 UMA_HISTOGRAM_TIMES("ScreenLocker.ScreenLockTime", delta);
482 VLOG(1) << "Moving desktop background to locked container";
483 ash::Shell::GetInstance()->
484 desktop_background_controller()->MoveDesktopToLockedContainer();
486 bool state = true;
487 VLOG(1) << "Emitting SCREEN_LOCK_STATE_CHANGED with state=" << state;
488 content::NotificationService::current()->Notify(
489 chrome::NOTIFICATION_SCREEN_LOCK_STATE_CHANGED,
490 content::Source<ScreenLocker>(this),
491 content::Details<bool>(&state));
492 VLOG(1) << "Calling session manager's HandleLockScreenShown D-Bus method";
493 DBusThreadManager::Get()->GetSessionManagerClient()->NotifyLockScreenShown();
495 input_method::InputMethodManager::Get()
496 ->GetActiveIMEState()
497 ->EnableLockScreenLayouts();
500 content::WebUI* ScreenLocker::GetAssociatedWebUI() {
501 return delegate_->GetAssociatedWebUI();
504 bool ScreenLocker::IsUserLoggedIn(const std::string& username) {
505 for (user_manager::UserList::const_iterator it = users_.begin();
506 it != users_.end();
507 ++it) {
508 if ((*it)->email() == username)
509 return true;
511 return false;
514 } // namespace chromeos