1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_AUTHENTICATOR_H_
6#define CHROME_BROWSER_CHROMEOS_LOGIN_AUTHENTICATOR_H_
7#pragma once
8
9#include "base/basictypes.h"
10#include "base/memory/ref_counted.h"
11#include "chrome/browser/chromeos/login/login_status_consumer.h"
12#include "chrome/common/net/gaia/gaia_auth_consumer.h"
13
14class Profile;
15
16namespace chromeos {
17
18// An interface for objects that will authenticate a Chromium OS user.
19// When authentication successfully completes, will call
20// consumer_->OnLoginSuccess() on the UI thread.
21// On failure, will call consumer_->OnLoginFailure() on the UI thread.
22// On password change detected, will call
23// consumer_->OnPasswordChangeDetected() on the UI thread.
24class Authenticator : public base::RefCountedThreadSafe<Authenticator> {
25 public:
26  // A domain which requires special-case parsing in canonicalization.
27  static const char kSpecialCaseDomain[];
28
29  explicit Authenticator(LoginStatusConsumer* consumer);
30  virtual ~Authenticator();
31
32  // Given a |username| and |password|, this method attempts to authenticate
33  // to login.
34  // Optionally |login_token| and |login_captcha| could be provided.
35  // Returns true if we kick off the attempt successfully and false if we can't.
36  // Must be called on the UI thread.
37  virtual bool AuthenticateToLogin(Profile* profile,
38                                   const std::string& username,
39                                   const std::string& password,
40                                   const std::string& login_token,
41                                   const std::string& login_captcha) = 0;
42
43  // Given a |username| and |password|, this method attempts to
44  // authenticate to unlock the computer.
45  // Returns true if we kick off the attempt successfully and false if
46  // we can't. Must be called on the UI thread.
47  virtual bool AuthenticateToUnlock(const std::string& username,
48                                    const std::string& password) = 0;
49
50  // Initiates incognito ("browse without signing in") login.
51  virtual void LoginOffTheRecord() = 0;
52
53  // |credentials| are the tokens that we get back from the ClientLogin API.
54  // |request_pending| is true if we still plan to call consumer_ with the
55  // results of more requests.
56  // Must be called on the UI thread.
57  virtual void OnLoginSuccess(
58      const GaiaAuthConsumer::ClientLoginResult& credentials,
59      bool request_pending) = 0;
60
61  // Must be called on the UI thread.
62  virtual void OnLoginFailure(const LoginFailure& error) = 0;
63
64  // Call these methods on the UI thread.
65  // If a password logs the user in online, but cannot be used to
66  // mount his cryptohome, we expect that a password change has
67  // occurred.
68  // Call this method to migrate the user's encrypted data
69  // forward to use his new password.  |old_password| is the password
70  // his data was last encrypted with, |result| is the blob of auth
71  // data passed back through OnPasswordChangeDetected().
72  virtual void RecoverEncryptedData(
73      const std::string& old_password,
74      const GaiaAuthConsumer::ClientLoginResult& credentials) = 0;
75
76  // Call this method to erase the user's encrypted data
77  // and create a new cryptohome.  |result| is the blob of auth
78  // data passed back through OnPasswordChangeDetected().
79  virtual void ResyncEncryptedData(
80      const GaiaAuthConsumer::ClientLoginResult& credentials) = 0;
81
82  // Attempt to authenticate online again.
83  virtual void RetryAuth(Profile* profile,
84                         const std::string& username,
85                         const std::string& password,
86                         const std::string& login_token,
87                         const std::string& login_captcha) = 0;
88
89  // Perform basic canonicalization of |email_address|, taking into account
90  // that gmail does not consider '.' or caps inside a username to matter.
91  // It also ignores everything after a '+'.
92  // For example, c.masone+abc@gmail.com == cMaSone@gmail.com, per
93  // http://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=10313#
94  static std::string Canonicalize(const std::string& email_address);
95
96 protected:
97  LoginStatusConsumer* consumer_;
98
99 private:
100  DISALLOW_COPY_AND_ASSIGN(Authenticator);
101};
102
103}  // namespace chromeos
104
105#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_AUTHENTICATOR_H_
106