1cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ 6cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/basictypes.h" 115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/weak_ptr.h" 13a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "chrome/browser/chromeos/policy/wildcard_login_checker.h" 14116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "chromeos/login/auth/auth_status_consumer.h" 155f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chromeos/login/auth/authenticator.h" 165f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chromeos/login/auth/extended_authenticator.h" 1703b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)#include "chromeos/login/auth/online_attempt_host.h" 18116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "chromeos/login/auth/user_context.h" 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "content/public/browser/notification_observer.h" 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "content/public/browser/notification_registrar.h" 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "google_apis/gaia/google_service_auth_error.h" 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)namespace policy { 245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)class WildcardLoginChecker; 255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace chromeos { 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This class encapsulates sign in operations. 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Sign in is performed in a way that offline auth is executed first. 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Once offline auth is OK - user homedir is mounted, UI is launched. 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// At this point LoginPerformer |delegate_| is destroyed and it releases 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// LP instance ownership. LP waits for online login result. 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// If auth is succeeded, cookie fetcher is executed, LP instance deletes itself. 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 367dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch// If |delegate_| is not NULL it will handle error messages, password input. 37116680a4aac90f2aa7413d9095a592090648e557Ben Murdochclass LoginPerformer : public AuthStatusConsumer, 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public OnlineAttemptHost::Delegate { 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) typedef enum AuthorizationMode { 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Authorization performed internally by Chrome. 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AUTH_MODE_INTERNAL, 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Authorization performed by an extension. 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AUTH_MODE_EXTENSION 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } AuthorizationMode; 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Delegate class to get notifications from the LoginPerformer. 48116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch class Delegate : public AuthStatusConsumer { 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual ~Delegate() {} 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void WhiteListCheckFailed(const std::string& email) = 0; 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void PolicyLoadFailed() = 0; 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void OnOnlineChecked(const std::string& email, bool success) = 0; 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) explicit LoginPerformer(Delegate* delegate); 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual ~LoginPerformer(); 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 59116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // AuthStatusConsumer implementation: 60116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch virtual void OnAuthFailure(const AuthFailure& error) OVERRIDE; 61116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch virtual void OnRetailModeAuthSuccess( 62c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) const UserContext& user_context) OVERRIDE; 63116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch virtual void OnAuthSuccess(const UserContext& user_context) OVERRIDE; 64116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch virtual void OnOffTheRecordAuthSuccess() OVERRIDE; 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void OnPasswordChangeDetected() OVERRIDE; 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 67c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // Performs a login for |user_context|. 682a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // If auth_mode is AUTH_MODE_EXTENSION, there are no further auth checks, 692a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // AUTH_MODE_INTERNAL will perform auth checks. 70c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) void PerformLogin(const UserContext& user_context, 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AuthorizationMode auth_mode); 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 735f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Performs supervised user login with a given |user_context|. 745f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) void LoginAsSupervisedUser(const UserContext& user_context); 752a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 762a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Performs retail mode login. 772a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) void LoginRetailMode(); 782a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 792a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Performs actions to prepare guest mode login. 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void LoginOffTheRecord(); 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 825f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Performs public session login with a given |user_context|. 835f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) void LoginAsPublicSession(const UserContext& user_context); 842a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 85424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) // Performs a login into the kiosk mode account with |app_user_id|. 865d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void LoginAsKioskAccount(const std::string& app_user_id, 87effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch bool use_guest_mount); 88424c4d7b64af9d0d8fd9624f381f469654d5e3d2Torne (Richard Coles) 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Migrates cryptohome using |old_password| specified. 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void RecoverEncryptedData(const std::string& old_password); 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Reinitializes cryptohome with the new password. 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void ResyncEncryptedData(); 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns latest auth error. 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const GoogleServiceAuthError& error() const { 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return last_login_failure_.error(); 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // True if password change has been detected. 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool password_changed() { return password_changed_; } 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Number of times we've been called with OnPasswordChangeDetected(). 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // If user enters incorrect old password, same LoginPerformer instance will 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // be called so callback count makes it possible to distinguish initial 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // "password changed detected" event from further attempts to enter old 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // password for cryptohome migration (when > 1). 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int password_changed_callback_count() { 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return password_changed_callback_count_; 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void set_delegate(Delegate* delegate) { delegate_ = delegate; } 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AuthorizationMode auth_mode() const { return auth_mode_; } 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) protected: 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Implements OnlineAttemptHost::Delegate. 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void OnChecked(const std::string& username, bool success) OVERRIDE; 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Starts login completion of externally authenticated user. 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void StartLoginCompletion(); 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Starts authentication. 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void StartAuthentication(); 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Completion callback for the online wildcard login check for enterprise 1285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // devices. Continues the login process or signals whitelist check failure 1295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // depending on the value of |result|. 130a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) void OnlineWildcardLoginCheckCompleted( 131a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) policy::WildcardLoginChecker::Result result); 1325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Used for logging in. 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<Authenticator> authenticator_; 13523730a6e56a168d1879203e4b3819bb36e3d8f1fTorne (Richard Coles) scoped_refptr<ExtendedAuthenticator> extended_authenticator_; 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Used to make auxiliary online check. 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) OnlineAttemptHost online_attempt_host_; 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Represents last login failure that was encountered when communicating to 141116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // sign-in server. AuthFailure.LoginFailureNone() by default. 142116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch AuthFailure last_login_failure_; 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1442a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // User credentials for the current login attempt. 145c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) UserContext user_context_; 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Notifications receiver. 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Delegate* delegate_; 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // True if password change has been detected. 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Once correct password is entered homedir migration is executed. 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool password_changed_; 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int password_changed_callback_count_; 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Authorization mode type. 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AuthorizationMode auth_mode_; 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Used to verify logins that matched wildcard on the login whitelist. 1595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<policy::WildcardLoginChecker> wildcard_login_checker_; 1605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::WeakPtrFactory<LoginPerformer> weak_factory_; 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(LoginPerformer); 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace chromeos 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 168cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#endif // CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_ 169