search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Pin Chrome's shortcut to the Win10 Start menu on install and OS upgrade.
[chromium-blink-merge.git] / chrome / browser / chromeos / login / auth / chrome_login_performer.cc
blob2b5bcc7b3c8f5c2b20422382998ce285332da82e
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/login/auth/chrome_login_performer.h"
6
7 #include "base/bind.h"
8 #include "base/thread_task_runner_handle.h"
9 #include "chrome/browser/browser_process.h"
10 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_user_login_flow.h"
11 #include "chrome/browser/chromeos/login/helper.h"
12 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
13 #include "chrome/browser/chromeos/login/startup_utils.h"
14 #include "chrome/browser/chromeos/login/supervised/supervised_user_authentication.h"
15 #include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h"
16 #include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h"
17 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
18 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
19 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
20 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
21 #include "chrome/browser/chromeos/profiles/profile_helper.h"
22 #include "chrome/browser/chromeos/settings/cros_settings.h"
23
24 namespace chromeos {
25
26 ChromeLoginPerformer::ChromeLoginPerformer(Delegate* delegate)
27 : LoginPerformer(base::ThreadTaskRunnerHandle::Get(),
28 delegate,
29 StartupUtils::IsWebviewSigninEnabled()),
30 weak_factory_(this) {
31 }
32
33 ChromeLoginPerformer::~ChromeLoginPerformer() {
34 }
35
36 ////////////////////////////////////////////////////////////////////////////////
37 // ChromeLoginPerformer, public:
38
39 bool ChromeLoginPerformer::RunTrustedCheck(const base::Closure& callback) {
40 CrosSettings* cros_settings = CrosSettings::Get();
41
42 CrosSettingsProvider::TrustedStatus status =
43 cros_settings->PrepareTrustedValues(
44 base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
45 weak_factory_.GetWeakPtr(),
46 callback));
47 // Must not proceed without signature verification.
48 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
49 if (delegate_)
50 delegate_->PolicyLoadFailed();
51 else
52 NOTREACHED();
53 return true; // Some callback was called.
54 } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) {
55 // Value of AllowNewUser setting is still not verified.
56 // Another attempt will be invoked after verification completion.
57 return false;
58 } else {
59 DCHECK(status == CrosSettingsProvider::TRUSTED);
60 // CrosSettingsProvider::TRUSTED
61 callback.Run();
62 return true; // Some callback was called.
63 }
64 }
65
66 void ChromeLoginPerformer::DidRunTrustedCheck(const base::Closure& callback) {
67 CrosSettings* cros_settings = CrosSettings::Get();
68
69 CrosSettingsProvider::TrustedStatus status =
70 cros_settings->PrepareTrustedValues(
71 base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
72 weak_factory_.GetWeakPtr(),
73 callback));
74 // Must not proceed without signature verification.
75 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
76 if (delegate_)
77 delegate_->PolicyLoadFailed();
78 else
79 NOTREACHED();
80 } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) {
81 // Value of AllowNewUser setting is still not verified.
82 // Another attempt will be invoked after verification completion.
83 return;
84 } else {
85 DCHECK(status == CrosSettingsProvider::TRUSTED);
86 callback.Run();
87 }
88 }
89
90 bool ChromeLoginPerformer::IsUserWhitelisted(const std::string& user_id,
91 bool* wildcard_match) {
92 return CrosSettings::IsWhitelisted(user_id, wildcard_match);
93 }
94
95 void ChromeLoginPerformer::RunOnlineWhitelistCheck(
96 const std::string& user_id,
97 bool wildcard_match,
98 const std::string& refresh_token,
99 const base::Closure& success_callback,
100 const base::Closure& failure_callback) {
101 // On enterprise devices, reconfirm login permission with the server.
102 policy::BrowserPolicyConnectorChromeOS* connector =
103 g_browser_process->platform_part()->browser_policy_connector_chromeos();
104 if (connector->IsEnterpriseManaged() && wildcard_match &&
105 !connector->IsNonEnterpriseUser(user_id)) {
106 wildcard_login_checker_.reset(new policy::WildcardLoginChecker());
107 if (refresh_token.empty()) {
108 wildcard_login_checker_->StartWithSigninContext(
109 GetSigninRequestContext(),
110 base::Bind(&ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted,
111 weak_factory_.GetWeakPtr(), success_callback,
112 failure_callback));
113 } else {
114 wildcard_login_checker_->StartWithRefreshToken(
115 refresh_token,
116 base::Bind(&ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted,
117 weak_factory_.GetWeakPtr(), success_callback,
118 failure_callback));
119 }
120 } else {
121 success_callback.Run();
122 }
123 }
124
125 scoped_refptr<Authenticator> ChromeLoginPerformer::CreateAuthenticator() {
126 return UserSessionManager::GetInstance()->CreateAuthenticator(this);
127 }
128
129 bool ChromeLoginPerformer::AreSupervisedUsersAllowed() {
130 return user_manager::UserManager::Get()->AreSupervisedUsersAllowed();
131 }
132
133 bool ChromeLoginPerformer::UseExtendedAuthenticatorForSupervisedUser(
134 const UserContext& user_context) {
135 SupervisedUserAuthentication* authentication =
136 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
137 return authentication->GetPasswordSchema(user_context.GetUserID()) ==
138 SupervisedUserAuthentication::SCHEMA_SALT_HASHED;
139 }
140
141 UserContext ChromeLoginPerformer::TransformSupervisedKey(
142 const UserContext& context) {
143 SupervisedUserAuthentication* authentication =
144 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
145 return authentication->TransformKey(context);
146 }
147
148 void ChromeLoginPerformer::SetupSupervisedUserFlow(const std::string& user_id) {
149 SupervisedUserLoginFlow* new_flow = new SupervisedUserLoginFlow(user_id);
150 new_flow->SetHost(ChromeUserManager::Get()->GetUserFlow(user_id)->host());
151 ChromeUserManager::Get()->SetUserFlow(user_id, new_flow);
152 }
153
154 void ChromeLoginPerformer::SetupEasyUnlockUserFlow(const std::string& user_id) {
155 ChromeUserManager::Get()->SetUserFlow(user_id,
156 new EasyUnlockUserLoginFlow(user_id));
157 }
158
159 bool ChromeLoginPerformer::CheckPolicyForUser(const std::string& user_id) {
160 // Login is not allowed if policy could not be loaded for the account.
161 policy::BrowserPolicyConnectorChromeOS* connector =
162 g_browser_process->platform_part()->browser_policy_connector_chromeos();
163 policy::DeviceLocalAccountPolicyService* policy_service =
164 connector->GetDeviceLocalAccountPolicyService();
165 return policy_service && policy_service->IsPolicyAvailableForUser(user_id);
166 }
167 ////////////////////////////////////////////////////////////////////////////////
168 // ChromeLoginPerformer, private:
169
170 content::BrowserContext* ChromeLoginPerformer::GetSigninContext() {
171 return ProfileHelper::GetSigninProfile();
172 }
173
174 net::URLRequestContextGetter* ChromeLoginPerformer::GetSigninRequestContext() {
175 return login::GetSigninContext();
176 }
177
178 void ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted(
179 const base::Closure& success_callback,
180 const base::Closure& failure_callback,
181 policy::WildcardLoginChecker::Result result) {
182 if (result == policy::WildcardLoginChecker::RESULT_ALLOWED) {
183 success_callback.Run();
184 } else {
185 failure_callback.Run();
186 }
187 }
188
189 } // namespace chromeos