1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
6 #define CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
10 #include "base/basictypes.h"
11 #include "base/callback.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/memory/weak_ptr.h"
14 #include "chromeos/chromeos_export.h"
15 #include "chromeos/login/auth/auth_status_consumer.h"
16 #include "chromeos/login/auth/authenticator.h"
17 #include "chromeos/login/auth/extended_authenticator.h"
18 #include "chromeos/login/auth/online_attempt_host.h"
19 #include "chromeos/login/auth/user_context.h"
20 #include "google_apis/gaia/google_service_auth_error.h"
23 class URLRequestContextGetter
;
27 class WildcardLoginChecker
;
36 // This class encapsulates sign in operations.
37 // Sign in is performed in a way that offline auth is executed first.
38 // Once offline auth is OK - user homedir is mounted, UI is launched.
39 // At this point LoginPerformer |delegate_| is destroyed and it releases
40 // LP instance ownership. LP waits for online login result.
41 // If auth is succeeded, cookie fetcher is executed, LP instance deletes itself.
43 // If |delegate_| is not NULL it will handle error messages, password input.
44 class CHROMEOS_EXPORT LoginPerformer
: public AuthStatusConsumer
,
45 public OnlineAttemptHost::Delegate
{
47 typedef enum AuthorizationMode
{
48 // Authorization performed internally by Chrome.
50 // Authorization performed by an extension.
54 // Delegate class to get notifications from the LoginPerformer.
55 class Delegate
: public AuthStatusConsumer
{
57 ~Delegate() override
{}
58 virtual void WhiteListCheckFailed(const std::string
& email
) = 0;
59 virtual void PolicyLoadFailed() = 0;
60 virtual void OnOnlineChecked(const std::string
& email
, bool success
) = 0;
63 LoginPerformer(scoped_refptr
<base::TaskRunner
> task_runner
,
65 bool disable_client_login
);
66 ~LoginPerformer() override
;
68 // Performs a login for |user_context|.
69 // If auth_mode is AUTH_MODE_EXTENSION, there are no further auth checks,
70 // AUTH_MODE_INTERNAL will perform auth checks.
71 void PerformLogin(const UserContext
& user_context
,
72 AuthorizationMode auth_mode
);
74 // Performs supervised user login with a given |user_context|.
75 void LoginAsSupervisedUser(const UserContext
& user_context
);
77 // Performs actions to prepare guest mode login.
78 void LoginOffTheRecord();
80 // Performs public session login with a given |user_context|.
81 void LoginAsPublicSession(const UserContext
& user_context
);
83 // Performs a login into the kiosk mode account with |app_user_id|.
84 void LoginAsKioskAccount(const std::string
& app_user_id
,
85 bool use_guest_mount
);
87 // AuthStatusConsumer implementation:
88 void OnAuthFailure(const AuthFailure
& error
) override
;
89 void OnAuthSuccess(const UserContext
& user_context
) override
;
90 void OnOffTheRecordAuthSuccess() override
;
91 void OnPasswordChangeDetected() override
;
93 // Migrates cryptohome using |old_password| specified.
94 void RecoverEncryptedData(const std::string
& old_password
);
96 // Reinitializes cryptohome with the new password.
97 void ResyncEncryptedData();
99 // Returns latest auth error.
100 const GoogleServiceAuthError
& error() const {
101 return last_login_failure_
.error();
104 // True if password change has been detected.
105 bool password_changed() { return password_changed_
; }
107 // Number of times we've been called with OnPasswordChangeDetected().
108 // If user enters incorrect old password, same LoginPerformer instance will
109 // be called so callback count makes it possible to distinguish initial
110 // "password changed detected" event from further attempts to enter old
111 // password for cryptohome migration (when > 1).
112 int password_changed_callback_count() {
113 return password_changed_callback_count_
;
116 void set_delegate(Delegate
* delegate
) { delegate_
= delegate
; }
118 AuthorizationMode
auth_mode() const { return auth_mode_
; }
120 // Check if user is allowed to sign in on device. |wildcard_match| will
121 // contain additional information whether this user is explicitly listed or
122 // not (may be relevant for extension-based sign-in).
123 virtual bool IsUserWhitelisted(const std::string
& user_id
,
124 bool* wildcard_match
) = 0;
127 // Implements OnlineAttemptHost::Delegate.
128 void OnChecked(const std::string
& user_id
, bool success
) override
;
130 // Platform-dependant methods to be implemented by concrete class.
132 // Run trusted check for a platform. If trusted check have to be performed
133 // asynchronously, |false| will be returned, and either delegate's
134 // PolicyLoadFailed() or |callback| will be called upon actual check.
135 virtual bool RunTrustedCheck(const base::Closure
& callback
) = 0;
137 // This method should run addional online check if user can sign in on device.
138 // Either |success_callback| or |failure_callback| should be called upon this
140 virtual void RunOnlineWhitelistCheck(
141 const std::string
& user_id
,
143 const std::string
& refresh_token
,
144 const base::Closure
& success_callback
,
145 const base::Closure
& failure_callback
) = 0;
147 // Supervised users-related methods.
149 // Check if supervised users are allowed on this device.
150 virtual bool AreSupervisedUsersAllowed() = 0;
152 // Check which authenticator should be used for supervised user.
153 virtual bool UseExtendedAuthenticatorForSupervisedUser(
154 const UserContext
& user_context
) = 0;
156 // Probably transform supervised user's authentication key.
157 virtual UserContext
TransformSupervisedKey(const UserContext
& context
) = 0;
159 // Set up sign-in flow for supervised user.
160 virtual void SetupSupervisedUserFlow(const std::string
& user_id
) = 0;
162 // Set up sign-in flow for Easy Unlock.
163 virtual void SetupEasyUnlockUserFlow(const std::string
& user_id
) = 0;
165 // Run policy check for |user_id|. If something is wrong, delegate's
166 // PolicyLoadFailed is called.
167 virtual bool CheckPolicyForUser(const std::string
& user_id
) = 0;
169 // Look up browser context to use during signin.
170 virtual content::BrowserContext
* GetSigninContext() = 0;
172 // Get RequestContext used for sign in.
173 virtual net::URLRequestContextGetter
* GetSigninRequestContext() = 0;
175 // Create authenticator implementation.
176 virtual scoped_refptr
<Authenticator
> CreateAuthenticator() = 0;
178 void set_authenticator(scoped_refptr
<Authenticator
> authenticator
);
180 // Notifications receiver.
184 // Starts login completion of externally authenticated user.
185 void StartLoginCompletion();
187 // Starts authentication.
188 void StartAuthentication();
189 void NotifyWhitelistCheckFailure();
191 // Makes sure that authenticator is created.
192 void EnsureAuthenticator();
193 void EnsureExtendedAuthenticator();
195 // Actual implementation of LoginAsSupervisedUser that is run after trusted
197 void TrustedLoginAsSupervisedUser(const UserContext
& user_context
);
199 // Actual implementantion of PeformLogin that is run after trusted values
201 void DoPerformLogin(const UserContext
& user_context
,
202 AuthorizationMode auth_mode
);
204 scoped_refptr
<base::TaskRunner
> task_runner_
;
206 // Used for logging in.
207 scoped_refptr
<Authenticator
> authenticator_
;
209 // Used for logging in.
210 scoped_refptr
<ExtendedAuthenticator
> extended_authenticator_
;
212 // Used to make auxiliary online check.
213 OnlineAttemptHost online_attempt_host_
;
215 // Represents last login failure that was encountered when communicating to
216 // sign-in server. AuthFailure.LoginFailureNone() by default.
217 AuthFailure last_login_failure_
;
219 // User credentials for the current login attempt.
220 UserContext user_context_
;
222 // True if password change has been detected.
223 // Once correct password is entered homedir migration is executed.
224 bool password_changed_
;
225 int password_changed_callback_count_
;
227 // Authorization mode type.
228 AuthorizationMode auth_mode_
;
230 // TODO(antrim): remove once we got rid of /ClientLogin.
231 bool disable_client_login_
;
233 base::WeakPtrFactory
<LoginPerformer
> weak_factory_
;
234 DISALLOW_COPY_AND_ASSIGN(LoginPerformer
);
237 } // namespace chromeos
239 #endif // CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_