chromeos/login/auth/authenticator.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROMEOS_LOGIN_AUTH_AUTHENTICATOR_H_
   6 #define CHROMEOS_LOGIN_AUTH_AUTHENTICATOR_H_
   7
   8 #include <string>
   9
  10 #include "base/basictypes.h"
  11 #include "base/memory/ref_counted.h"
  12 #include "chromeos/chromeos_export.h"
  13 #include "chromeos/login/auth/auth_status_consumer.h"
  14 #include "google_apis/gaia/gaia_auth_consumer.h"
  15
  16 namespace content {
  17 class BrowserContext;
  18 }
  19
  20 namespace chromeos {
  21
  22 class UserContext;
  23
  24 // An interface for objects that will authenticate a Chromium OS user.
  25 // Callbacks will be called on the UI thread:
  26 // 1. On successful authentication, will call consumer_->OnAuthSuccess().
  27 // 2. On failure, will call consumer_->OnAuthFailure().
  28 // 3. On password change, will call consumer_->OnPasswordChangeDetected().
  29 class CHROMEOS_EXPORT Authenticator
  30     : public base::RefCountedThreadSafe<Authenticator> {
  31  public:
  32   explicit Authenticator(AuthStatusConsumer* consumer);
  33
  34   // Given externally authenticated username and password (part of
  35   // |user_context|), this method attempts to complete authentication process.
  36   virtual void CompleteLogin(content::BrowserContext* browser_context,
  37                              const UserContext& user_context) = 0;
  38
  39   // Given a user credentials in |user_context|,
  40   // this method attempts to authenticate to login.
  41   // Must be called on the UI thread.
  42   virtual void AuthenticateToLogin(content::BrowserContext* browser_context,
  43                                    const UserContext& user_context) = 0;
  44
  45   // Given a user credentials in |user_context|, this method attempts to
  46   // authenticate to unlock the computer.
  47   // Must be called on the UI thread.
  48   virtual void AuthenticateToUnlock(const UserContext& user_context) = 0;
  49
  50   // Initiates supervised user login.
  51   virtual void LoginAsSupervisedUser(const UserContext& user_context) = 0;
  52
  53   // Initiates incognito ("browse without signing in") login.
  54   virtual void LoginOffTheRecord() = 0;
  55
  56   // Initiates login into the public account identified by |user_context|.
  57   virtual void LoginAsPublicSession(const UserContext& user_context) = 0;
  58
  59   // Initiates login into kiosk mode account identified by |app_user_id|.
  60   // The |app_user_id| is a generated username for the account.
  61   // |use_guest_mount| specifies whether to force the session to use a
  62   // guest mount. If this is false, we use mount a public cryptohome.
  63   virtual void LoginAsKioskAccount(const std::string& app_user_id,
  64                                    bool use_guest_mount) = 0;
  65
  66   // Notifies caller that login was successful. Must be called on the UI thread.
  67   virtual void OnAuthSuccess() = 0;
  68
  69   // Must be called on the UI thread.
  70   virtual void OnAuthFailure(const AuthFailure& error) = 0;
  71
  72   // Call these methods on the UI thread.
  73   // If a password logs the user in online, but cannot be used to
  74   // mount his cryptohome, we expect that a password change has
  75   // occurred.
  76   // Call this method to migrate the user's encrypted data
  77   // forward to use his new password.  |old_password| is the password
  78   // his data was last encrypted with.
  79   virtual void RecoverEncryptedData(const std::string& old_password) = 0;
  80
  81   // Call this method to erase the user's encrypted data
  82   // and create a new cryptohome.
  83   virtual void ResyncEncryptedData() = 0;
  84
  85   // BrowserContext (usually off the record) that was used to perform the last
  86   // authentication process.
  87   content::BrowserContext* authentication_context() {
  88     return authentication_context_;
  89   }
  90
  91   // Sets consumer explicitly.
  92   void SetConsumer(AuthStatusConsumer* consumer);
  93
  94  protected:
  95   virtual ~Authenticator();
  96
  97   AuthStatusConsumer* consumer_;
  98   content::BrowserContext* authentication_context_;
  99
 100  private:
 101   friend class base::RefCountedThreadSafe<Authenticator>;
 102
 103   DISALLOW_COPY_AND_ASSIGN(Authenticator);
 104 };
 105
 106 }  // namespace chromeos
 107
 108 #endif  // CHROMEOS_LOGIN_AUTH_AUTHENTICATOR_H_