chrome/browser/chromeos/login/managed/supervised_user_authentication.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_
   5 #define CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_
   6
   7 #include "base/basictypes.h"
   8 #include "base/compiler_specific.h"
   9 #include "base/memory/weak_ptr.h"
  10 #include "base/strings/string16.h"
  11 #include "base/values.h"
  12 #include "chrome/browser/chromeos/login/managed/supervised_user_login_flow.h"
  13
  14 namespace chromeos {
  15
  16 class SupervisedUserManager;
  17
  18 // This is a class that encapsulates all details of password handling for
  19 // supervised users.
  20 // Main property is the schema used to handle password. For now it can be either
  21 // plain password schema, when plain text password is passed to standard
  22 // cryprohome authentication algorithm without modification, or hashed password
  23 // schema, when password is additionally hashed with user-specific salt.
  24 // Second schema is required to allow password syncing across devices for
  25 // supervised users.
  26 class SupervisedUserAuthentication {
  27  public:
  28   enum Schema {
  29     SCHEMA_PLAIN = 1,
  30     SCHEMA_SALT_HASHED = 2
  31   };
  32
  33   explicit SupervisedUserAuthentication(SupervisedUserManager* owner);
  34   virtual ~SupervisedUserAuthentication();
  35
  36   // Transforms password according to schema specified in Local State.
  37   std::string TransformPassword(const std::string& supervised_user_id,
  38                                 const std::string& password);
  39
  40   // Returns |true| if current password schema for user is different from
  41   // target schema.
  42   bool PasswordNeedsMigration(const std::string& user_id);
  43
  44   // Schedules password migration for |user_id| with |password| as a plain text
  45   // password. Migration should happen during |user_login_flow|.
  46   void SchedulePasswordMigration(const std::string& user_id,
  47                                  const std::string& password,
  48                                  SupervisedUserLoginFlow* user_login_flow);
  49
  50   // Fills |password_data| with |password|-specific data for |user_id|,
  51   // depending on target schema. Does not affect Local State.
  52   bool FillDataForNewUser(const std::string& user_id,
  53                           const std::string& password,
  54                           base::DictionaryValue* password_data);
  55
  56   // Stores |password_data| for |user_id| in Local State. Only public parts
  57   // of |password_data| will be stored.
  58   void StorePasswordData(const std::string& user_id,
  59                          const base::DictionaryValue& password_data);
  60
  61  private:
  62   SupervisedUserManager* owner_;
  63
  64   // Controls if migration is enabled.
  65   bool migration_enabled_;
  66
  67   // Target schema version. Affects migration process and new user creation.
  68   Schema stable_schema_;
  69
  70   // Utility method that gets schema version for |user_id| from Local State.
  71   Schema GetPasswordSchema(const std::string& user_id);
  72
  73   DISALLOW_COPY_AND_ASSIGN(SupervisedUserAuthentication);
  74 };
  75
  76 } // namespace chromeos
  77
  78 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_