15d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 25d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// found in the LICENSE file. 45d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 55d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SAML_SAML_OFFLINE_SIGNIN_LIMITER_H_ 65d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#define CHROME_BROWSER_CHROMEOS_LOGIN_SAML_SAML_OFFLINE_SIGNIN_LIMITER_H_ 75d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 85d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/basictypes.h" 95d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/prefs/pref_change_registrar.h" 115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/time/default_clock.h" 125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/time/time.h" 135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/timer/timer.h" 14116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "chromeos/login/auth/user_context.h" 15a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "components/keyed_service/core/keyed_service.h" 165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)class Profile; 185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)namespace base { 205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)class Clock; 215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)namespace user_prefs { 245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)class PrefRegistrySyncable; 255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)namespace chromeos { 285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Enforces a limit on the length of time for which a user authenticated via 305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// SAML can use offline authentication against a cached password before being 315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// forced to go through online authentication against GAIA again. 32a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)class SAMLOfflineSigninLimiter : public KeyedService { 335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) public: 345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Registers preferences. 355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry); 365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Called when the user successfully authenticates. |auth_flow| indicates 385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // the type of authentication flow that the user went through. 395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void SignedIn(UserContext::AuthFlow auth_flow); 405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 41a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // KeyedService: 425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual void Shutdown() OVERRIDE; 435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) private: 455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) friend class SAMLOfflineSigninLimiterFactory; 465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) friend class SAMLOfflineSigninLimiterTest; 475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // |profile| and |clock| must remain valid until Shutdown() is called. If 495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // |clock| is NULL, the |default_clock_| will be used. 505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SAMLOfflineSigninLimiter(Profile* profile, base::Clock* clock); 515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual ~SAMLOfflineSigninLimiter(); 525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Recalculates the amount of time remaining until online login should be 545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // forced and sets the |offline_signin_limit_timer_| accordingly. If the limit 555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // has expired already, sets the flag enforcing online login immediately. 565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void UpdateLimit(); 575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Sets the flag enforcing online login. This will cause the user's next login 595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // to use online authentication against GAIA. 605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void ForceOnlineLogin(); 615d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::DefaultClock default_clock_; 635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) Profile* profile_; 655d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::Clock* clock_; 665d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 675d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) PrefChangeRegistrar pref_change_registrar_; 685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<base::OneShotTimer<SAMLOfflineSigninLimiter> > 705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) offline_signin_limit_timer_; 715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(SAMLOfflineSigninLimiter); 735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}; 745d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 755d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} // namespace chromeos 765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#endif // CHROME_BROWSER_CHROMEOS_LOGIN_SAML_SAML_OFFLINE_SIGNIN_LIMITER_H_ 78