1ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// Use of this source code is governed by a BSD-style license that can be
3c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// found in the LICENSE file.
4c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
5c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_AUTHENTICATOR_H_
6c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#define CHROME_BROWSER_CHROMEOS_LOGIN_AUTHENTICATOR_H_
73345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#pragma once
8c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
93345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#include "base/basictypes.h"
10ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "base/memory/ref_counted.h"
11c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "chrome/browser/chromeos/login/login_status_consumer.h"
12c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "chrome/common/net/gaia/gaia_auth_consumer.h"
13c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
14c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass Profile;
15c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
16c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochnamespace chromeos {
17c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
18c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// An interface for objects that will authenticate a Chromium OS user.
19c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// When authentication successfully completes, will call
20731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick// consumer_->OnLoginSuccess() on the UI thread.
21c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// On failure, will call consumer_->OnLoginFailure() on the UI thread.
22c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// On password change detected, will call
23c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// consumer_->OnPasswordChangeDetected() on the UI thread.
24c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass Authenticator : public base::RefCountedThreadSafe<Authenticator> {
25c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch public:
263f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen  // A domain which requires special-case parsing in canonicalization.
273f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen  static const char kSpecialCaseDomain[];
283f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen
293345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  explicit Authenticator(LoginStatusConsumer* consumer);
303345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  virtual ~Authenticator();
31c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
32c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // Given a |username| and |password|, this method attempts to authenticate
33c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // to login.
34c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // Optionally |login_token| and |login_captcha| could be provided.
35c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // Returns true if we kick off the attempt successfully and false if we can't.
36c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // Must be called on the UI thread.
37c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  virtual bool AuthenticateToLogin(Profile* profile,
38c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch                                   const std::string& username,
39c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch                                   const std::string& password,
40c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch                                   const std::string& login_token,
41c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch                                   const std::string& login_captcha) = 0;
42c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
43c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // Given a |username| and |password|, this method attempts to
44c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // authenticate to unlock the computer.
45c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // Returns true if we kick off the attempt successfully and false if
46c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // we can't. Must be called on the UI thread.
47c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  virtual bool AuthenticateToUnlock(const std::string& username,
48c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch                                    const std::string& password) = 0;
49c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
50ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen  // Initiates incognito ("browse without signing in") login.
51c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  virtual void LoginOffTheRecord() = 0;
52c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
53731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick  // |credentials| are the tokens that we get back from the ClientLogin API.
54731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick  // |request_pending| is true if we still plan to call consumer_ with the
55731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick  // results of more requests.
56731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick  // Must be called on the UI thread.
57c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  virtual void OnLoginSuccess(
58731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick      const GaiaAuthConsumer::ClientLoginResult& credentials,
59731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick      bool request_pending) = 0;
60731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick
61731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick  // Must be called on the UI thread.
623345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  virtual void OnLoginFailure(const LoginFailure& error) = 0;
63c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
64c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // Call these methods on the UI thread.
65c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // If a password logs the user in online, but cannot be used to
66c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // mount his cryptohome, we expect that a password change has
67c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // occurred.
68c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // Call this method to migrate the user's encrypted data
69c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // forward to use his new password.  |old_password| is the password
70c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // his data was last encrypted with, |result| is the blob of auth
71c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // data passed back through OnPasswordChangeDetected().
72c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  virtual void RecoverEncryptedData(
73c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch      const std::string& old_password,
74c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch      const GaiaAuthConsumer::ClientLoginResult& credentials) = 0;
75c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
76c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // Call this method to erase the user's encrypted data
77c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // and create a new cryptohome.  |result| is the blob of auth
78c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // data passed back through OnPasswordChangeDetected().
79c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  virtual void ResyncEncryptedData(
80c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch      const GaiaAuthConsumer::ClientLoginResult& credentials) = 0;
81c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
82731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick  // Attempt to authenticate online again.
83731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick  virtual void RetryAuth(Profile* profile,
84731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick                         const std::string& username,
85731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick                         const std::string& password,
86731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick                         const std::string& login_token,
87731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick                         const std::string& login_captcha) = 0;
88731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick
893345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  // Perform basic canonicalization of |email_address|, taking into account
903345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  // that gmail does not consider '.' or caps inside a username to matter.
913345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  // It also ignores everything after a '+'.
923345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  // For example, c.masone+abc@gmail.com == cMaSone@gmail.com, per
933345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  // http://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=10313#
943345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  static std::string Canonicalize(const std::string& email_address);
953345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick
96c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch protected:
97c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  LoginStatusConsumer* consumer_;
98c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
99c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch private:
100c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  DISALLOW_COPY_AND_ASSIGN(Authenticator);
101c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch};
102c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
103c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch}  // namespace chromeos
104c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
105c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_AUTHENTICATOR_H_
106