1ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// Use of this source code is governed by a BSD-style license that can be 3c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// found in the LICENSE file. 4c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 5c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_AUTHENTICATOR_H_ 6c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#define CHROME_BROWSER_CHROMEOS_LOGIN_AUTHENTICATOR_H_ 73345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#pragma once 8c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 93345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#include "base/basictypes.h" 10ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "base/memory/ref_counted.h" 11c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "chrome/browser/chromeos/login/login_status_consumer.h" 12c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "chrome/common/net/gaia/gaia_auth_consumer.h" 13c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 14c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass Profile; 15c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 16c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochnamespace chromeos { 17c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 18c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// An interface for objects that will authenticate a Chromium OS user. 19c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// When authentication successfully completes, will call 20731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick// consumer_->OnLoginSuccess() on the UI thread. 21c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// On failure, will call consumer_->OnLoginFailure() on the UI thread. 22c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// On password change detected, will call 23c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// consumer_->OnPasswordChangeDetected() on the UI thread. 24c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdochclass Authenticator : public base::RefCountedThreadSafe<Authenticator> { 25c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch public: 263f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen // A domain which requires special-case parsing in canonicalization. 273f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen static const char kSpecialCaseDomain[]; 283f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen 293345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick explicit Authenticator(LoginStatusConsumer* consumer); 303345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick virtual ~Authenticator(); 31c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 32c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Given a |username| and |password|, this method attempts to authenticate 33c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // to login. 34c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Optionally |login_token| and |login_captcha| could be provided. 35c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Returns true if we kick off the attempt successfully and false if we can't. 36c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Must be called on the UI thread. 37c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch virtual bool AuthenticateToLogin(Profile* profile, 38c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const std::string& username, 39c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const std::string& password, 40c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const std::string& login_token, 41c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const std::string& login_captcha) = 0; 42c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 43c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Given a |username| and |password|, this method attempts to 44c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // authenticate to unlock the computer. 45c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Returns true if we kick off the attempt successfully and false if 46c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // we can't. Must be called on the UI thread. 47c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch virtual bool AuthenticateToUnlock(const std::string& username, 48c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const std::string& password) = 0; 49c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 50ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen // Initiates incognito ("browse without signing in") login. 51c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch virtual void LoginOffTheRecord() = 0; 52c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 53731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // |credentials| are the tokens that we get back from the ClientLogin API. 54731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // |request_pending| is true if we still plan to call consumer_ with the 55731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // results of more requests. 56731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // Must be called on the UI thread. 57c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch virtual void OnLoginSuccess( 58731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick const GaiaAuthConsumer::ClientLoginResult& credentials, 59731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick bool request_pending) = 0; 60731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 61731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // Must be called on the UI thread. 623345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick virtual void OnLoginFailure(const LoginFailure& error) = 0; 63c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 64c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Call these methods on the UI thread. 65c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // If a password logs the user in online, but cannot be used to 66c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // mount his cryptohome, we expect that a password change has 67c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // occurred. 68c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Call this method to migrate the user's encrypted data 69c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // forward to use his new password. |old_password| is the password 70c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // his data was last encrypted with, |result| is the blob of auth 71c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // data passed back through OnPasswordChangeDetected(). 72c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch virtual void RecoverEncryptedData( 73c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const std::string& old_password, 74c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const GaiaAuthConsumer::ClientLoginResult& credentials) = 0; 75c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 76c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Call this method to erase the user's encrypted data 77c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // and create a new cryptohome. |result| is the blob of auth 78c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // data passed back through OnPasswordChangeDetected(). 79c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch virtual void ResyncEncryptedData( 80c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch const GaiaAuthConsumer::ClientLoginResult& credentials) = 0; 81c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 82731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // Attempt to authenticate online again. 83731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick virtual void RetryAuth(Profile* profile, 84731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick const std::string& username, 85731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick const std::string& password, 86731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick const std::string& login_token, 87731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick const std::string& login_captcha) = 0; 88731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 893345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // Perform basic canonicalization of |email_address|, taking into account 903345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // that gmail does not consider '.' or caps inside a username to matter. 913345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // It also ignores everything after a '+'. 923345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // For example, c.masone+abc@gmail.com == cMaSone@gmail.com, per 933345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // http://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=10313# 943345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick static std::string Canonicalize(const std::string& email_address); 953345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick 96c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch protected: 97c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch LoginStatusConsumer* consumer_; 98c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 99c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch private: 100c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch DISALLOW_COPY_AND_ASSIGN(Authenticator); 101c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch}; 102c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 103c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch} // namespace chromeos 104c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 105c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#endif // CHROME_BROWSER_CHROMEOS_LOGIN_AUTHENTICATOR_H_ 106