search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Elim cr-checkbox
[chromium-blink-merge.git] / chrome / browser / chromeos / login / auth / chrome_login_performer.cc
blobe913bc17c8765c93c69a049b38ecbf5188d5979f
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/login/auth/chrome_login_performer.h"
6
7 #include "base/bind.h"
8 #include "base/thread_task_runner_handle.h"
9 #include "chrome/browser/browser_process.h"
10 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_user_login_flow.h"
11 #include "chrome/browser/chromeos/login/helper.h"
12 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
13 #include "chrome/browser/chromeos/login/supervised/supervised_user_authentication.h"
14 #include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h"
15 #include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h"
16 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
17 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
18 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
19 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
20 #include "chrome/browser/chromeos/profiles/profile_helper.h"
21 #include "chrome/browser/chromeos/settings/cros_settings.h"
22
23 namespace chromeos {
24
25 ChromeLoginPerformer::ChromeLoginPerformer(Delegate* delegate)
26 : LoginPerformer(base::ThreadTaskRunnerHandle::Get(), delegate),
27 weak_factory_(this) {}
28
29 ChromeLoginPerformer::~ChromeLoginPerformer() {
30 }
31
32 ////////////////////////////////////////////////////////////////////////////////
33 // ChromeLoginPerformer, public:
34
35 bool ChromeLoginPerformer::RunTrustedCheck(const base::Closure& callback) {
36 CrosSettings* cros_settings = CrosSettings::Get();
37
38 CrosSettingsProvider::TrustedStatus status =
39 cros_settings->PrepareTrustedValues(
40 base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
41 weak_factory_.GetWeakPtr(),
42 callback));
43 // Must not proceed without signature verification.
44 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
45 if (delegate_)
46 delegate_->PolicyLoadFailed();
47 else
48 NOTREACHED();
49 return true; // Some callback was called.
50 } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) {
51 // Value of AllowNewUser setting is still not verified.
52 // Another attempt will be invoked after verification completion.
53 return false;
54 } else {
55 DCHECK(status == CrosSettingsProvider::TRUSTED);
56 // CrosSettingsProvider::TRUSTED
57 callback.Run();
58 return true; // Some callback was called.
59 }
60 }
61
62 void ChromeLoginPerformer::DidRunTrustedCheck(const base::Closure& callback) {
63 CrosSettings* cros_settings = CrosSettings::Get();
64
65 CrosSettingsProvider::TrustedStatus status =
66 cros_settings->PrepareTrustedValues(
67 base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck,
68 weak_factory_.GetWeakPtr(),
69 callback));
70 // Must not proceed without signature verification.
71 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
72 if (delegate_)
73 delegate_->PolicyLoadFailed();
74 else
75 NOTREACHED();
76 } else if (status == CrosSettingsProvider::TEMPORARILY_UNTRUSTED) {
77 // Value of AllowNewUser setting is still not verified.
78 // Another attempt will be invoked after verification completion.
79 return;
80 } else {
81 DCHECK(status == CrosSettingsProvider::TRUSTED);
82 callback.Run();
83 }
84 }
85
86 bool ChromeLoginPerformer::IsUserWhitelisted(const std::string& user_id,
87 bool* wildcard_match) {
88 return CrosSettings::IsWhitelisted(user_id, wildcard_match);
89 }
90
91 void ChromeLoginPerformer::RunOnlineWhitelistCheck(
92 const std::string& user_id,
93 bool wildcard_match,
94 const std::string& refresh_token,
95 const base::Closure& success_callback,
96 const base::Closure& failure_callback) {
97 // On enterprise devices, reconfirm login permission with the server.
98 policy::BrowserPolicyConnectorChromeOS* connector =
99 g_browser_process->platform_part()->browser_policy_connector_chromeos();
100 if (connector->IsEnterpriseManaged() && wildcard_match &&
101 !connector->IsNonEnterpriseUser(user_id)) {
102 wildcard_login_checker_.reset(new policy::WildcardLoginChecker());
103 if (refresh_token.empty()) {
104 wildcard_login_checker_->StartWithSigninContext(
105 GetSigninRequestContext(),
106 base::Bind(&ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted,
107 weak_factory_.GetWeakPtr(), success_callback,
108 failure_callback));
109 } else {
110 wildcard_login_checker_->StartWithRefreshToken(
111 refresh_token,
112 base::Bind(&ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted,
113 weak_factory_.GetWeakPtr(), success_callback,
114 failure_callback));
115 }
116 } else {
117 success_callback.Run();
118 }
119 }
120
121 scoped_refptr<Authenticator> ChromeLoginPerformer::CreateAuthenticator() {
122 return UserSessionManager::GetInstance()->CreateAuthenticator(this);
123 }
124
125 bool ChromeLoginPerformer::AreSupervisedUsersAllowed() {
126 return user_manager::UserManager::Get()->AreSupervisedUsersAllowed();
127 }
128
129 bool ChromeLoginPerformer::UseExtendedAuthenticatorForSupervisedUser(
130 const UserContext& user_context) {
131 SupervisedUserAuthentication* authentication =
132 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
133 return authentication->GetPasswordSchema(user_context.GetUserID()) ==
134 SupervisedUserAuthentication::SCHEMA_SALT_HASHED;
135 }
136
137 UserContext ChromeLoginPerformer::TransformSupervisedKey(
138 const UserContext& context) {
139 SupervisedUserAuthentication* authentication =
140 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
141 return authentication->TransformKey(context);
142 }
143
144 void ChromeLoginPerformer::SetupSupervisedUserFlow(const std::string& user_id) {
145 SupervisedUserLoginFlow* new_flow = new SupervisedUserLoginFlow(user_id);
146 new_flow->SetHost(ChromeUserManager::Get()->GetUserFlow(user_id)->host());
147 ChromeUserManager::Get()->SetUserFlow(user_id, new_flow);
148 }
149
150 void ChromeLoginPerformer::SetupEasyUnlockUserFlow(const std::string& user_id) {
151 ChromeUserManager::Get()->SetUserFlow(user_id,
152 new EasyUnlockUserLoginFlow(user_id));
153 }
154
155 bool ChromeLoginPerformer::CheckPolicyForUser(const std::string& user_id) {
156 // Login is not allowed if policy could not be loaded for the account.
157 policy::BrowserPolicyConnectorChromeOS* connector =
158 g_browser_process->platform_part()->browser_policy_connector_chromeos();
159 policy::DeviceLocalAccountPolicyService* policy_service =
160 connector->GetDeviceLocalAccountPolicyService();
161 return policy_service && policy_service->IsPolicyAvailableForUser(user_id);
162 }
163 ////////////////////////////////////////////////////////////////////////////////
164 // ChromeLoginPerformer, private:
165
166 content::BrowserContext* ChromeLoginPerformer::GetSigninContext() {
167 return ProfileHelper::GetSigninProfile();
168 }
169
170 net::URLRequestContextGetter* ChromeLoginPerformer::GetSigninRequestContext() {
171 return login::GetSigninContext();
172 }
173
174 void ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted(
175 const base::Closure& success_callback,
176 const base::Closure& failure_callback,
177 policy::WildcardLoginChecker::Result result) {
178 if (result == policy::WildcardLoginChecker::RESULT_ALLOWED) {
179 success_callback.Run();
180 } else {
181 failure_callback.Run();
182 }
183 }
184
185 } // namespace chromeos