| blob | 9ea329512551025b92fd53bd28ba780762992959 |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 // The signin manager encapsulates some functionality tracking
6 // which user is signed in. See SigninManagerBase for full description of
7 // responsibilities. The class defined in this file provides functionality
8 // required by all platforms except Chrome OS.
9 //
10 // When a user is signed in, a ClientLogin request is run on their behalf.
11 // Auth tokens are fetched from Google and the results are stored in the
12 // TokenService.
13 // TODO(tim): Bug 92948, 226464. ClientLogin is all but gone from use.
15 #ifndef CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_
16 #define CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_
18 #if defined(OS_CHROMEOS)
19 // On Chrome OS, SigninManagerBase is all that exists.
22 #else
24 #include <set>
25 #include <string>
56 // The callback invoked once the OAuth token has been fetched during signin,
57 // but before the profile transitions to the "signed-in" state. This allows
58 // callers to load policy and prompt the user appropriately before completing
59 // signin. The callback is passed the just-fetched OAuth login refresh token.
62 // Returns true if |url| is a web signin URL and should be hosted in an
63 // isolated, privileged signin process.
66 // This is used to distinguish URLs belonging to the special web signin flow
67 // running in the special signin process from other URLs on the same domain.
68 // We do not grant WebUI privilieges / bindings to this process or to URLs of
69 // this scheme; enforcement of privileges is handled separately by
70 // OneClickSigninHelper.
76 // Returns true if the username is allowed based on the policy string.
80 // Attempt to sign in this user with existing credentials from the cookie jar.
81 // |session_index| indicates which user account to use if the cookie jar
82 // contains a multi-login session. Otherwise the end result of this call is
83 // the same as StartSignIn().
84 // If non-null, the passed |signin_complete| callback is invoked once signin
85 // has been completed and the oauth login token has been generated - the
86 // callback will not be invoked if no token is generated (either because of
87 // a failed signin or because web-based signin is not enabled).
88 // The callback should invoke SignOut() or CompletePendingSignin() to either
89 // continue or cancel the in-process signin.
96 // Attempt to sign in this user with the given oauth code. The cookie jar
97 // may not be set up properly for the same user, thus will call the
98 // mergeSession endpoint to populate the cookie jar.
105 // Copies auth credentials from one SigninManager to this one. This is used
106 // when creating a new profile during the signin process to transfer the
107 // in-progress credentials to the new profile.
110 // Sign a user out, removing the preference, erasing all keys
111 // associated with the user, and canceling all auth in progress.
114 // On platforms where SigninManager is responsible for dealing with
115 // invalid username policy updates, we need to check this during
116 // initialization and sign the user out.
120 // Invoked from an OAuthTokenFetchedCallback to complete user signin.
123 // Invoked from SigninManagerAndroid to indicate that the sign-in process
124 // has completed for |username|.
127 // Returns true if there's a signin in progress.
132 // Returns true if the passed username is allowed by policy. Virtual for
133 // mocking in tests.
136 // If an authentication is in progress, return the username being
137 // authenticated. Returns an empty string if no auth is in progress.
140 // Handles errors if a required user info key is not returned from the
141 // GetUserInfo call.
144 // Set the profile preference to turn off one-click sign-in so that it won't
145 // ever show it again in this profile (even if the user tries a new account).
148 // GaiaAuthConsumer
159 // content::RenderProcessHostObserver
163 // Tells the SigninManager whether to prohibit signout for this profile.
164 // If |prohibit_signout| is true, then signout will be prohibited.
167 // If true, signout is prohibited for this profile (calls to SignOut() are
168 // ignored).
171 // Checks if signin is allowed for the profile that owns |io_data|. This must
172 // be invoked on the IO thread, and can be used to check if signin is enabled
173 // on that thread.
176 // Allows the SigninManager to track the privileged signin process
177 // identified by |host_id| so that we can later ask (via IsSigninProcess)
178 // if it is safe to sign the user in from the current context (see
179 // OneClickSigninHelper). All of this tracking state is reset once the
180 // renderer process terminates.
181 //
182 // N.B. This is the id returned by RenderProcessHost::GetID().
188 // Add or remove observers for the merge session notification.
193 // Flag saying whether signing out is allowed.
198 SIGNIN_TYPE_NONE,
199 SIGNIN_TYPE_WITH_CREDENTIALS,
200 SIGNIN_TYPE_WITH_OAUTH_CODE
201 };
209 // If user was signed in, load tokens from DB if available.
212 // Called to setup the transient signin data during one of the
213 // StartSigninXXX methods. |type| indicates which of the methods is being
214 // used to perform the signin while |username| and |password| identify the
215 // account to be signed in. Returns false and generates an auth error if the
216 // passed |username| is not allowed by policy.
221 // Called to verify GAIA cookies asynchronously before starting auto sign-in
222 // without password.
225 // Called when GAIA cookies are fetched. If LSID cookie is valid, then start
226 // auto sign-in by exchanging cookies for an oauth code.
230 // Persists |username| as the currently signed-in account, and triggers
231 // a sign-in success notification.
234 // Called when a new request to re-authenticate a user is in progress.
235 // Will clear in memory data but leaves the db as such so when the browser
236 // restarts we can use the old token(which might throw a password error).
239 // Called to handle an error from a GAIA auth fetch. Sets the last error
240 // to |error|, sends out a notification of login failure, and clears the
241 // transient signin data if |clear_transient_data| is true.
248 // ClientLogin identity.
253 // Result of the last client login, kept pending the lookup of the
254 // canonical email.
255 ClientLoginResult last_result_;
257 // Actual client login handler.
260 // OAuth revocation fetcher for sign outs.
263 // Fetcher for the obfuscated user id.
266 // The type of sign being performed. This value is valid only between a call
267 // to one of the StartSigninXXX methods and when the sign in is either
268 // successful or not.
269 SigninType type_;
271 // Temporarily saves the oauth2 refresh and access tokens when signing in
272 // with credentials. These will be passed to TokenService so that it does
273 // not need to mint new ones.
274 ClientOAuthResult temp_oauth_login_tokens_;
278 // See SetSigninProcess. Tracks the currently active signin process
279 // by ID, if there is one.
282 // The RenderProcessHosts being observed.
285 // Callback invoked during signin after an OAuth token has been fetched
286 // but before signin is complete.
287 OAuthTokenFetchedCallback oauth_token_fetched_callback_;
291 // Helper object to listen for changes to signin preferences stored in non-
292 // profile-specific local prefs (like kGoogleServicesUsernamePattern).
293 PrefChangeRegistrar local_state_pref_registrar_;
295 // Helper object to listen for changes to the signin allowed preference.
296 BooleanPrefMember signin_allowed_;
298 // Helper to merge signed in account into the content area.
302 };