search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Disable view source for Developer Tools.
[chromium-blink-merge.git] / chrome / browser / chromeos / login / screen_locker.cc
blob1383912e047d99bae2d45e38ed43a1af45ae8c26
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/login/screen_locker.h"
6
7 #include <string>
8 #include <vector>
9
10 #include "ash/ash_switches.h"
11 #include "ash/audio/sounds.h"
12 #include "ash/desktop_background/desktop_background_controller.h"
13 #include "ash/shell.h"
14 #include "ash/wm/lock_state_controller.h"
15 #include "ash/wm/window_state.h"
16 #include "ash/wm/window_util.h"
17 #include "base/bind.h"
18 #include "base/command_line.h"
19 #include "base/lazy_instance.h"
20 #include "base/memory/weak_ptr.h"
21 #include "base/message_loop/message_loop.h"
22 #include "base/metrics/histogram.h"
23 #include "base/strings/string_util.h"
24 #include "base/timer/timer.h"
25 #include "chrome/browser/chrome_notification_types.h"
26 #include "chrome/browser/chromeos/login/authenticator.h"
27 #include "chrome/browser/chromeos/login/login_performer.h"
28 #include "chrome/browser/chromeos/login/login_utils.h"
29 #include "chrome/browser/chromeos/login/user_adding_screen.h"
30 #include "chrome/browser/chromeos/login/user_manager.h"
31 #include "chrome/browser/chromeos/login/webui_screen_locker.h"
32 #include "chrome/browser/lifetime/application_lifetime.h"
33 #include "chrome/browser/profiles/profile.h"
34 #include "chrome/browser/profiles/profile_manager.h"
35 #include "chrome/browser/signin/signin_manager.h"
36 #include "chrome/browser/signin/signin_manager_factory.h"
37 #include "chrome/browser/sync/profile_sync_service.h"
38 #include "chrome/browser/sync/profile_sync_service_factory.h"
39 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_provider.h"
40 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_source.h"
41 #include "chrome/common/chrome_switches.h"
42 #include "chromeos/audio/chromeos_sounds.h"
43 #include "chromeos/dbus/dbus_thread_manager.h"
44 #include "chromeos/dbus/session_manager_client.h"
45 #include "content/public/browser/browser_thread.h"
46 #include "content/public/browser/notification_service.h"
47 #include "content/public/browser/url_data_source.h"
48 #include "content/public/browser/user_metrics.h"
49 #include "grit/browser_resources.h"
50 #include "grit/generated_resources.h"
51 #include "media/audio/sounds/sounds_manager.h"
52 #include "ui/base/l10n/l10n_util.h"
53 #include "ui/base/resource/resource_bundle.h"
54 #include "ui/gfx/image/image.h"
55 #include "url/gurl.h"
56
57 using base::UserMetricsAction;
58 using content::BrowserThread;
59
60 namespace {
61
62 // Timeout for unlock animation guard - some animations may be required to run
63 // on successful authentication before unlocking, but we want to be sure that
64 // unlock happens even if animations are broken.
65 const int kUnlockGuardTimeoutMs = 400;
66
67 // Observer to start ScreenLocker when the screen lock
68 class ScreenLockObserver : public chromeos::SessionManagerClient::Observer,
69 public content::NotificationObserver,
70 public chromeos::UserAddingScreen::Observer {
71 public:
72 ScreenLockObserver() : session_started_(false) {
73 registrar_.Add(this,
74 chrome::NOTIFICATION_LOGIN_USER_CHANGED,
75 content::NotificationService::AllSources());
76 registrar_.Add(this,
77 chrome::NOTIFICATION_SESSION_STARTED,
78 content::NotificationService::AllSources());
79 }
80
81 // NotificationObserver overrides:
82 virtual void Observe(int type,
83 const content::NotificationSource& source,
84 const content::NotificationDetails& details) OVERRIDE {
85 switch (type) {
86 case chrome::NOTIFICATION_LOGIN_USER_CHANGED: {
87 // Register Screen Lock only after a user has logged in.
88 chromeos::SessionManagerClient* session_manager =
89 chromeos::DBusThreadManager::Get()->GetSessionManagerClient();
90 if (!session_manager->HasObserver(this))
91 session_manager->AddObserver(this);
92 break;
93 }
94
95 case chrome::NOTIFICATION_SESSION_STARTED: {
96 session_started_ = true;
97 break;
98 }
99
100 default:
101 NOTREACHED();
102 }
103 }
104
105 virtual void LockScreen() OVERRIDE {
106 VLOG(1) << "Received LockScreen D-Bus signal from session manager";
107 if (chromeos::UserAddingScreen::Get()->IsRunning()) {
108 VLOG(1) << "Waiting for user adding screen to stop";
109 chromeos::UserAddingScreen::Get()->AddObserver(this);
110 chromeos::UserAddingScreen::Get()->Cancel();
111 return;
112 }
113 if (session_started_ &&
114 chromeos::UserManager::Get()->CanCurrentUserLock()) {
115 chromeos::ScreenLocker::Show();
116 } else {
117 // If the current user's session cannot be locked or the user has not
118 // completed all sign-in steps yet, log out instead. The latter is done to
119 // avoid complications with displaying the lock screen over the login
120 // screen while remaining secure in the case the user walks away during
121 // the sign-in steps. See crbug.com/112225 and crbug.com/110933.
122 VLOG(1) << "Calling session manager's StopSession D-Bus method";
123 chromeos::DBusThreadManager::Get()->
124 GetSessionManagerClient()->StopSession();
125 }
126 }
127
128 virtual void OnUserAddingFinished() OVERRIDE {
129 chromeos::UserAddingScreen::Get()->RemoveObserver(this);
130 LockScreen();
131 }
132
133 private:
134 bool session_started_;
135 content::NotificationRegistrar registrar_;
136 std::string saved_previous_input_method_id_;
137 std::string saved_current_input_method_id_;
138 std::vector<std::string> saved_active_input_method_list_;
139
140 DISALLOW_COPY_AND_ASSIGN(ScreenLockObserver);
141 };
142
143 static base::LazyInstance<ScreenLockObserver> g_screen_lock_observer =
144 LAZY_INSTANCE_INITIALIZER;
145
146 } // namespace
147
148 namespace chromeos {
149
150 // static
151 ScreenLocker* ScreenLocker::screen_locker_ = NULL;
152
153 //////////////////////////////////////////////////////////////////////////////
154 // ScreenLocker, public:
155
156 ScreenLocker::ScreenLocker(const UserList& users)
157 : users_(users),
158 locked_(false),
159 start_time_(base::Time::Now()),
160 login_status_consumer_(NULL),
161 incorrect_passwords_count_(0),
162 weak_factory_(this) {
163 DCHECK(!screen_locker_);
164 screen_locker_ = this;
165
166 ui::ResourceBundle& bundle = ui::ResourceBundle::GetSharedInstance();
167 media::SoundsManager* manager = media::SoundsManager::Get();
168 manager->Initialize(SOUND_LOCK,
169 bundle.GetRawDataResource(IDR_SOUND_LOCK_WAV));
170 manager->Initialize(SOUND_UNLOCK,
171 bundle.GetRawDataResource(IDR_SOUND_UNLOCK_WAV));
172
173 ash::Shell::GetInstance()->
174 lock_state_controller()->SetLockScreenDisplayedCallback(
175 base::Bind(base::IgnoreResult(&ash::PlaySystemSound),
176 static_cast<media::SoundsManager::SoundKey>(
177 chromeos::SOUND_LOCK),
178 true /* honor_spoken_feedback */));
179 }
180
181 void ScreenLocker::Init() {
182 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
183 delegate_.reset(new WebUIScreenLocker(this));
184 delegate_->LockScreen();
185
186 // Ownership of |icon_image_source| is passed.
187 screenlock_icon_provider_.reset(new ScreenlockIconProvider);
188 ScreenlockIconSource* screenlock_icon_source =
189 new ScreenlockIconSource(screenlock_icon_provider_->AsWeakPtr());
190 content::URLDataSource::Add(
191 Profile::FromWebUI(GetAssociatedWebUI()),
192 screenlock_icon_source);
193 }
194
195 void ScreenLocker::OnLoginFailure(const LoginFailure& error) {
196 content::RecordAction(UserMetricsAction("ScreenLocker_OnLoginFailure"));
197 if (authentication_start_time_.is_null()) {
198 LOG(ERROR) << "Start time is not set at authentication failure";
199 } else {
200 base::TimeDelta delta = base::Time::Now() - authentication_start_time_;
201 VLOG(1) << "Authentication failure: " << delta.InSecondsF() << " second(s)";
202 UMA_HISTOGRAM_TIMES("ScreenLocker.AuthenticationFailureTime", delta);
203 }
204
205 EnableInput();
206 // Don't enable signout button here as we're showing
207 // MessageBubble.
208
209 delegate_->ShowErrorMessage(incorrect_passwords_count_++ ?
210 IDS_LOGIN_ERROR_AUTHENTICATING_2ND_TIME :
211 IDS_LOGIN_ERROR_AUTHENTICATING,
212 HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT);
213
214 if (login_status_consumer_)
215 login_status_consumer_->OnLoginFailure(error);
216 }
217
218 void ScreenLocker::OnLoginSuccess(const UserContext& user_context) {
219 incorrect_passwords_count_ = 0;
220 if (authentication_start_time_.is_null()) {
221 if (!user_context.username.empty())
222 LOG(ERROR) << "Start time is not set at authentication success";
223 } else {
224 base::TimeDelta delta = base::Time::Now() - authentication_start_time_;
225 VLOG(1) << "Authentication success: " << delta.InSecondsF() << " second(s)";
226 UMA_HISTOGRAM_TIMES("ScreenLocker.AuthenticationSuccessTime", delta);
227 }
228
229 if (const User* user = UserManager::Get()->FindUser(user_context.username)) {
230 if (!user->is_active())
231 UserManager::Get()->SwitchActiveUser(user_context.username);
232 } else {
233 NOTREACHED() << "Logged in user not found.";
234 }
235
236 authentication_capture_.reset(new AuthenticationParametersCapture());
237 authentication_capture_->user_context = user_context;
238
239 // Add guard for case when something get broken in call chain to unlock
240 // for sure.
241 base::MessageLoop::current()->PostDelayedTask(
242 FROM_HERE,
243 base::Bind(&ScreenLocker::UnlockOnLoginSuccess,
244 weak_factory_.GetWeakPtr()),
245 base::TimeDelta::FromMilliseconds(kUnlockGuardTimeoutMs));
246 delegate_->AnimateAuthenticationSuccess();
247 }
248
249 void ScreenLocker::UnlockOnLoginSuccess() {
250 DCHECK(base::MessageLoopForUI::IsCurrent());
251 if (!authentication_capture_.get()) {
252 LOG(WARNING) << "Call to UnlockOnLoginSuccess without previous " <<
253 "authentication success.";
254 return;
255 }
256
257 if (login_status_consumer_) {
258 login_status_consumer_->OnLoginSuccess(
259 UserContext(authentication_capture_->user_context.username,
260 authentication_capture_->user_context.password,
261 authentication_capture_->user_context.auth_code,
262 authentication_capture_->user_context.username_hash,
263 authentication_capture_->user_context.using_oauth));
264 }
265 authentication_capture_.reset();
266 weak_factory_.InvalidateWeakPtrs();
267
268 VLOG(1) << "Hiding the lock screen.";
269 chromeos::ScreenLocker::Hide();
270 }
271
272 void ScreenLocker::Authenticate(const UserContext& user_context) {
273 LOG_ASSERT(IsUserLoggedIn(user_context.username))
274 << "Invalid user trying to unlock.";
275 authentication_start_time_ = base::Time::Now();
276 delegate_->SetInputEnabled(false);
277 delegate_->OnAuthenticate();
278
279 BrowserThread::PostTask(
280 BrowserThread::UI, FROM_HERE,
281 base::Bind(&Authenticator::AuthenticateToUnlock,
282 authenticator_.get(),
283 user_context));
284 }
285
286 void ScreenLocker::AuthenticateByPassword(const std::string& password) {
287 LOG_ASSERT(users_.size() == 1);
288 Authenticate(UserContext(users_[0]->email(), password, ""));
289 }
290
291 void ScreenLocker::ClearErrors() {
292 delegate_->ClearErrors();
293 }
294
295 void ScreenLocker::EnableInput() {
296 delegate_->SetInputEnabled(true);
297 }
298
299 void ScreenLocker::Signout() {
300 delegate_->ClearErrors();
301 content::RecordAction(UserMetricsAction("ScreenLocker_Signout"));
302 // We expect that this call will not wait for any user input.
303 // If it changes at some point, we will need to force exit.
304 chrome::AttemptUserExit();
305
306 // Don't hide yet the locker because the chrome screen may become visible
307 // briefly.
308 }
309
310 void ScreenLocker::ShowBannerMessage(const std::string& message) {
311 delegate_->ShowBannerMessage(message);
312 }
313
314 void ScreenLocker::ShowUserPodButton(const std::string& username,
315 const gfx::Image& icon,
316 const base::Closure& click_callback) {
317 if (!locked_)
318 return;
319
320 screenlock_icon_provider_->AddIcon(username, icon);
321 delegate_->ShowUserPodButton(
322 username,
323 ScreenlockIconSource::GetIconURLForUser(username),
324 click_callback);
325 }
326
327 void ScreenLocker::ShowErrorMessage(int error_msg_id,
328 HelpAppLauncher::HelpTopic help_topic_id,
329 bool sign_out_only) {
330 delegate_->SetInputEnabled(!sign_out_only);
331 delegate_->ShowErrorMessage(error_msg_id, help_topic_id);
332 }
333
334 void ScreenLocker::SetLoginStatusConsumer(
335 chromeos::LoginStatusConsumer* consumer) {
336 login_status_consumer_ = consumer;
337 }
338
339 // static
340 void ScreenLocker::Show() {
341 content::RecordAction(UserMetricsAction("ScreenLocker_Show"));
342 DCHECK(base::MessageLoopForUI::IsCurrent());
343
344 // Check whether the currently logged in user is a guest account and if so,
345 // refuse to lock the screen (crosbug.com/23764).
346 // For a demo user, we should never show the lock screen (crosbug.com/27647).
347 if (UserManager::Get()->IsLoggedInAsGuest() ||
348 UserManager::Get()->IsLoggedInAsDemoUser()) {
349 VLOG(1) << "Refusing to lock screen for guest/demo account";
350 return;
351 }
352
353 // If the active window is fullscreen, exit fullscreen to avoid the web page
354 // or app mimicking the lock screen. Do not exit fullscreen if the shelf is
355 // visible while in fullscreen because the shelf makes it harder for a web
356 // page or app to mimick the lock screen.
357 ash::wm::WindowState* active_window_state = ash::wm::GetActiveWindowState();
358 if (active_window_state &&
359 active_window_state->IsFullscreen() &&
360 active_window_state->hide_shelf_when_fullscreen()) {
361 active_window_state->ToggleFullscreen();
362 }
363
364 if (!screen_locker_) {
365 ScreenLocker* locker =
366 new ScreenLocker(UserManager::Get()->GetUnlockUsers());
367 VLOG(1) << "Created ScreenLocker " << locker;
368 locker->Init();
369 } else {
370 VLOG(1) << "ScreenLocker " << screen_locker_ << " already exists; "
371 << " calling session manager's HandleLockScreenShown D-Bus method";
372 DBusThreadManager::Get()->GetSessionManagerClient()->
373 NotifyLockScreenShown();
374 }
375 }
376
377 // static
378 void ScreenLocker::Hide() {
379 DCHECK(base::MessageLoopForUI::IsCurrent());
380 // For a guest/demo user, screen_locker_ would have never been initialized.
381 if (UserManager::Get()->IsLoggedInAsGuest() ||
382 UserManager::Get()->IsLoggedInAsDemoUser()) {
383 VLOG(1) << "Refusing to hide lock screen for guest/demo account";
384 return;
385 }
386
387 DCHECK(screen_locker_);
388 base::Callback<void(void)> callback =
389 base::Bind(&ScreenLocker::ScheduleDeletion);
390 ash::Shell::GetInstance()->lock_state_controller()->
391 OnLockScreenHide(callback);
392 }
393
394 void ScreenLocker::ScheduleDeletion() {
395 // Avoid possible multiple calls.
396 if (screen_locker_ == NULL)
397 return;
398 VLOG(1) << "Deleting ScreenLocker " << screen_locker_;
399
400 ash::PlaySystemSound(SOUND_UNLOCK, true /* honor_spoken_feedback */);
401
402 delete screen_locker_;
403 screen_locker_ = NULL;
404 }
405
406 // static
407 void ScreenLocker::InitClass() {
408 g_screen_lock_observer.Get();
409 }
410
411 ////////////////////////////////////////////////////////////////////////////////
412 // ScreenLocker, private:
413
414 ScreenLocker::~ScreenLocker() {
415 VLOG(1) << "Destroying ScreenLocker " << this;
416 DCHECK(base::MessageLoopForUI::IsCurrent());
417
418 if (authenticator_.get())
419 authenticator_->SetConsumer(NULL);
420 ClearErrors();
421
422 VLOG(1) << "Moving desktop background to unlocked container";
423 ash::Shell::GetInstance()->
424 desktop_background_controller()->MoveDesktopToUnlockedContainer();
425
426 screen_locker_ = NULL;
427 bool state = false;
428 VLOG(1) << "Emitting SCREEN_LOCK_STATE_CHANGED with state=" << state;
429 content::NotificationService::current()->Notify(
430 chrome::NOTIFICATION_SCREEN_LOCK_STATE_CHANGED,
431 content::Source<ScreenLocker>(this),
432 content::Details<bool>(&state));
433 VLOG(1) << "Calling session manager's HandleLockScreenDismissed D-Bus method";
434 DBusThreadManager::Get()->GetSessionManagerClient()->
435 NotifyLockScreenDismissed();
436 }
437
438 void ScreenLocker::SetAuthenticator(Authenticator* authenticator) {
439 authenticator_ = authenticator;
440 }
441
442 void ScreenLocker::ScreenLockReady() {
443 locked_ = true;
444 base::TimeDelta delta = base::Time::Now() - start_time_;
445 VLOG(1) << "ScreenLocker " << this << " is ready after "
446 << delta.InSecondsF() << " second(s)";
447 UMA_HISTOGRAM_TIMES("ScreenLocker.ScreenLockTime", delta);
448
449 VLOG(1) << "Moving desktop background to locked container";
450 ash::Shell::GetInstance()->
451 desktop_background_controller()->MoveDesktopToLockedContainer();
452
453 bool state = true;
454 VLOG(1) << "Emitting SCREEN_LOCK_STATE_CHANGED with state=" << state;
455 content::NotificationService::current()->Notify(
456 chrome::NOTIFICATION_SCREEN_LOCK_STATE_CHANGED,
457 content::Source<ScreenLocker>(this),
458 content::Details<bool>(&state));
459 VLOG(1) << "Calling session manager's HandleLockScreenShown D-Bus method";
460 DBusThreadManager::Get()->GetSessionManagerClient()->NotifyLockScreenShown();
461 }
462
463 content::WebUI* ScreenLocker::GetAssociatedWebUI() {
464 return delegate_->GetAssociatedWebUI();
465 }
466
467 bool ScreenLocker::IsUserLoggedIn(const std::string& username) {
468 for (UserList::const_iterator it = users_.begin(); it != users_.end(); ++it) {
469 if ((*it)->email() == username)
470 return true;
471 }
472 return false;
473 }
474
475 } // namespace chromeos