search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Disable view source for Developer Tools.
[chromium-blink-merge.git] / chrome / browser / chromeos / login / login_performer.cc
blob4866d9e9870da87c2dbf47603b893b430599c2f7
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/login/login_performer.h"
6
7 #include <string>
8
9 #include "base/bind.h"
10 #include "base/logging.h"
11 #include "base/message_loop/message_loop.h"
12 #include "base/metrics/histogram.h"
13 #include "base/prefs/pref_service.h"
14 #include "base/strings/utf_string_conversions.h"
15 #include "base/threading/thread_restrictions.h"
16 #include "chrome/browser/browser_process.h"
17 #include "chrome/browser/chrome_notification_types.h"
18 #include "chrome/browser/chromeos/boot_times_loader.h"
19 #include "chrome/browser/chromeos/login/login_utils.h"
20 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h"
21 #include "chrome/browser/chromeos/login/managed/supervised_user_login_flow.h"
22 #include "chrome/browser/chromeos/login/supervised_user_manager.h"
23 #include "chrome/browser/chromeos/login/user_manager.h"
24 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
25 #include "chrome/browser/chromeos/profiles/profile_helper.h"
26 #include "chrome/browser/chromeos/settings/cros_settings.h"
27 #include "chrome/browser/policy/browser_policy_connector.h"
28 #include "chrome/common/pref_names.h"
29 #include "chromeos/dbus/dbus_thread_manager.h"
30 #include "chromeos/dbus/session_manager_client.h"
31 #include "chromeos/settings/cros_settings_names.h"
32 #include "content/public/browser/browser_thread.h"
33 #include "content/public/browser/notification_service.h"
34 #include "content/public/browser/notification_types.h"
35 #include "content/public/browser/user_metrics.h"
36 #include "google_apis/gaia/gaia_auth_util.h"
37 #include "grit/generated_resources.h"
38 #include "net/cookies/cookie_monster.h"
39 #include "net/cookies/cookie_store.h"
40 #include "net/url_request/url_request_context.h"
41 #include "net/url_request/url_request_context_getter.h"
42 #include "ui/base/l10n/l10n_util.h"
43 #include "ui/base/resource/resource_bundle.h"
44
45 using base::UserMetricsAction;
46 using content::BrowserThread;
47
48 namespace chromeos {
49
50 LoginPerformer::LoginPerformer(Delegate* delegate)
51 : online_attempt_host_(this),
52 last_login_failure_(LoginFailure::LoginFailureNone()),
53 delegate_(delegate),
54 password_changed_(false),
55 password_changed_callback_count_(0),
56 auth_mode_(AUTH_MODE_INTERNAL),
57 weak_factory_(this) {
58 }
59
60 LoginPerformer::~LoginPerformer() {
61 DVLOG(1) << "Deleting LoginPerformer";
62 if (authenticator_.get())
63 authenticator_->SetConsumer(NULL);
64 }
65
66 ////////////////////////////////////////////////////////////////////////////////
67 // LoginPerformer, LoginStatusConsumer implementation:
68
69 void LoginPerformer::OnLoginFailure(const LoginFailure& failure) {
70 content::RecordAction(UserMetricsAction("Login_Failure"));
71 UMA_HISTOGRAM_ENUMERATION("Login.FailureReason", failure.reason(),
72 LoginFailure::NUM_FAILURE_REASONS);
73
74 DVLOG(1) << "failure.reason " << failure.reason();
75 DVLOG(1) << "failure.error.state " << failure.error().state();
76
77 last_login_failure_ = failure;
78 if (delegate_) {
79 delegate_->OnLoginFailure(failure);
80 return;
81 } else {
82 // COULD_NOT_MOUNT_CRYPTOHOME, COULD_NOT_MOUNT_TMPFS:
83 // happens during offline auth only.
84 NOTREACHED();
85 }
86 }
87
88 void LoginPerformer::OnRetailModeLoginSuccess(
89 const UserContext& user_context) {
90 content::RecordAction(
91 UserMetricsAction("Login_DemoUserLoginSuccess"));
92 LoginStatusConsumer::OnRetailModeLoginSuccess(user_context);
93 }
94
95 void LoginPerformer::OnLoginSuccess(const UserContext& user_context) {
96 content::RecordAction(UserMetricsAction("Login_Success"));
97 VLOG(1) << "LoginSuccess hash: " << user_context.username_hash;
98 DCHECK(delegate_);
99 // After delegate_->OnLoginSuccess(...) is called, delegate_ releases
100 // LoginPerformer ownership. LP now manages it's lifetime on its own.
101 base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
102 delegate_->OnLoginSuccess(user_context);
103 }
104
105 void LoginPerformer::OnOffTheRecordLoginSuccess() {
106 content::RecordAction(
107 UserMetricsAction("Login_GuestLoginSuccess"));
108
109 if (delegate_)
110 delegate_->OnOffTheRecordLoginSuccess();
111 else
112 NOTREACHED();
113 }
114
115 void LoginPerformer::OnPasswordChangeDetected() {
116 password_changed_ = true;
117 password_changed_callback_count_++;
118 if (delegate_) {
119 delegate_->OnPasswordChangeDetected();
120 } else {
121 NOTREACHED();
122 }
123 }
124
125 void LoginPerformer::OnChecked(const std::string& username, bool success) {
126 if (!delegate_) {
127 // Delegate is reset in case of successful offline login.
128 // See ExistingUserConstoller::OnLoginSuccess().
129 // Case when user has changed password and enters old password
130 // does not block user from sign in yet.
131 return;
132 }
133 delegate_->OnOnlineChecked(username, success);
134 }
135
136 ////////////////////////////////////////////////////////////////////////////////
137 // LoginPerformer, public:
138
139 void LoginPerformer::PerformLogin(const UserContext& user_context,
140 AuthorizationMode auth_mode) {
141 auth_mode_ = auth_mode;
142 user_context_ = user_context;
143
144 CrosSettings* cros_settings = CrosSettings::Get();
145
146 // Whitelist check is always performed during initial login.
147 CrosSettingsProvider::TrustedStatus status =
148 cros_settings->PrepareTrustedValues(
149 base::Bind(&LoginPerformer::PerformLogin,
150 weak_factory_.GetWeakPtr(),
151 user_context_, auth_mode));
152 // Must not proceed without signature verification.
153 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
154 if (delegate_)
155 delegate_->PolicyLoadFailed();
156 else
157 NOTREACHED();
158 return;
159 } else if (status != CrosSettingsProvider::TRUSTED) {
160 // Value of AllowNewUser setting is still not verified.
161 // Another attempt will be invoked after verification completion.
162 return;
163 }
164
165 bool is_whitelisted = LoginUtils::IsWhitelisted(
166 gaia::CanonicalizeEmail(user_context.username));
167 if (is_whitelisted) {
168 switch (auth_mode_) {
169 case AUTH_MODE_EXTENSION:
170 StartLoginCompletion();
171 break;
172 case AUTH_MODE_INTERNAL:
173 StartAuthentication();
174 break;
175 }
176 } else {
177 if (delegate_)
178 delegate_->WhiteListCheckFailed(user_context.username);
179 else
180 NOTREACHED();
181 }
182 }
183
184 void LoginPerformer::LoginAsLocallyManagedUser(
185 const UserContext& user_context) {
186 DCHECK_EQ(UserManager::kLocallyManagedUserDomain,
187 gaia::ExtractDomainName(user_context.username));
188
189 CrosSettings* cros_settings = CrosSettings::Get();
190 CrosSettingsProvider::TrustedStatus status =
191 cros_settings->PrepareTrustedValues(
192 base::Bind(&LoginPerformer::LoginAsLocallyManagedUser,
193 weak_factory_.GetWeakPtr(),
194 user_context_));
195 // Must not proceed without signature verification.
196 if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
197 if (delegate_)
198 delegate_->PolicyLoadFailed();
199 else
200 NOTREACHED();
201 return;
202 } else if (status != CrosSettingsProvider::TRUSTED) {
203 // Value of kAccountsPrefSupervisedUsersEnabled setting is still not
204 // verified. Another attempt will be invoked after verification completion.
205 return;
206 }
207
208 if (!UserManager::Get()->AreLocallyManagedUsersAllowed()) {
209 LOG(ERROR) << "Login attempt of locally managed user detected.";
210 delegate_->WhiteListCheckFailed(user_context.username);
211 return;
212 }
213
214 SupervisedUserLoginFlow* new_flow =
215 new SupervisedUserLoginFlow(user_context.username);
216 new_flow->set_host(
217 UserManager::Get()->GetUserFlow(user_context.username)->host());
218 UserManager::Get()->SetUserFlow(user_context.username, new_flow);
219
220 SupervisedUserAuthentication* authentication = UserManager::Get()->
221 GetSupervisedUserManager()->GetAuthentication();
222
223 if (authentication->PasswordNeedsMigration(user_context.username)) {
224 authentication->SchedulePasswordMigration(user_context.username,
225 user_context.password,
226 new_flow);
227 }
228
229 UserContext user_context_copy(
230 user_context.username,
231 user_context.password,
232 user_context.auth_code,
233 user_context.username_hash,
234 user_context.using_oauth);
235
236 user_context_copy.password = authentication->TransformPassword(
237 user_context_copy.username,
238 user_context_copy.password);
239
240 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
241 BrowserThread::PostTask(
242 BrowserThread::UI, FROM_HERE,
243 base::Bind(&Authenticator::LoginAsLocallyManagedUser,
244 authenticator_.get(),
245 user_context_copy));
246 }
247
248 void LoginPerformer::LoginRetailMode() {
249 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
250 BrowserThread::PostTask(
251 BrowserThread::UI, FROM_HERE,
252 base::Bind(&Authenticator::LoginRetailMode, authenticator_.get()));
253 }
254
255 void LoginPerformer::LoginOffTheRecord() {
256 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
257 BrowserThread::PostTask(
258 BrowserThread::UI, FROM_HERE,
259 base::Bind(&Authenticator::LoginOffTheRecord, authenticator_.get()));
260 }
261
262 void LoginPerformer::LoginAsPublicAccount(const std::string& username) {
263 // Login is not allowed if policy could not be loaded for the account.
264 policy::DeviceLocalAccountPolicyService* policy_service =
265 g_browser_process->browser_policy_connector()->
266 GetDeviceLocalAccountPolicyService();
267 if (!policy_service || !policy_service->IsPolicyAvailableForUser(username)) {
268 DCHECK(delegate_);
269 if (delegate_)
270 delegate_->PolicyLoadFailed();
271 return;
272 }
273
274 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
275 BrowserThread::PostTask(
276 BrowserThread::UI, FROM_HERE,
277 base::Bind(&Authenticator::LoginAsPublicAccount, authenticator_.get(),
278 username));
279 }
280
281 void LoginPerformer::LoginAsKioskAccount(const std::string& app_user_id) {
282 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
283 BrowserThread::PostTask(
284 BrowserThread::UI, FROM_HERE,
285 base::Bind(&Authenticator::LoginAsKioskAccount, authenticator_.get(),
286 app_user_id));
287 }
288
289 void LoginPerformer::RecoverEncryptedData(const std::string& old_password) {
290 BrowserThread::PostTask(
291 BrowserThread::UI, FROM_HERE,
292 base::Bind(&Authenticator::RecoverEncryptedData, authenticator_.get(),
293 old_password));
294 }
295
296 void LoginPerformer::ResyncEncryptedData() {
297 BrowserThread::PostTask(
298 BrowserThread::UI, FROM_HERE,
299 base::Bind(&Authenticator::ResyncEncryptedData, authenticator_.get()));
300 }
301
302 ////////////////////////////////////////////////////////////////////////////////
303 // LoginPerformer, private:
304
305 void LoginPerformer::StartLoginCompletion() {
306 DVLOG(1) << "Login completion started";
307 BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false);
308 Profile* profile = ProfileHelper::GetSigninProfile();
309
310 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
311 BrowserThread::PostTask(
312 BrowserThread::UI, FROM_HERE,
313 base::Bind(&Authenticator::CompleteLogin, authenticator_.get(),
314 profile,
315 user_context_));
316
317 user_context_.password.clear();
318 user_context_.auth_code.clear();
319 }
320
321 void LoginPerformer::StartAuthentication() {
322 DVLOG(1) << "Auth started";
323 BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false);
324 Profile* profile = ProfileHelper::GetSigninProfile();
325 if (delegate_) {
326 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
327 BrowserThread::PostTask(
328 BrowserThread::UI, FROM_HERE,
329 base::Bind(&Authenticator::AuthenticateToLogin, authenticator_.get(),
330 profile,
331 user_context_));
332 // Make unobtrusive online check. It helps to determine password change
333 // state in the case when offline login fails.
334 online_attempt_host_.Check(profile, user_context_);
335 } else {
336 NOTREACHED();
337 }
338 user_context_.password.clear();
339 user_context_.auth_code.clear();
340 }
341
342 } // namespace chromeos