1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_UI_LOGIN_LOGIN_PROMPT_H_
6#define CHROME_BROWSER_UI_LOGIN_LOGIN_PROMPT_H_
7
8#include <string>
9
10#include "base/basictypes.h"
11#include "base/synchronization/lock.h"
12#include "components/password_manager/core/browser/password_manager.h"
13#include "content/public/browser/notification_observer.h"
14#include "content/public/browser/resource_dispatcher_host_login_delegate.h"
15
16class GURL;
17
18namespace content {
19class RenderViewHostDelegate;
20class NotificationRegistrar;
21}  // namespace content
22
23namespace net {
24class AuthChallengeInfo;
25class HttpNetworkSession;
26class URLRequest;
27}  // namespace net
28
29// This is the base implementation for the OS-specific classes that route
30// authentication info to the net::URLRequest that needs it. These functions
31// must be implemented in a thread safe manner.
32class LoginHandler : public content::ResourceDispatcherHostLoginDelegate,
33                     public password_manager::LoginModelObserver,
34                     public content::NotificationObserver {
35 public:
36  LoginHandler(net::AuthChallengeInfo* auth_info, net::URLRequest* request);
37
38  // Builds the platform specific LoginHandler. Used from within
39  // CreateLoginPrompt() which creates tasks.
40  static LoginHandler* Create(net::AuthChallengeInfo* auth_info,
41                              net::URLRequest* request);
42
43  // ResourceDispatcherHostLoginDelegate implementation:
44  virtual void OnRequestCancelled() OVERRIDE;
45
46  // Initializes the underlying platform specific view.
47  virtual void BuildViewForPasswordManager(
48      password_manager::PasswordManager* manager,
49      const base::string16& explanation) = 0;
50
51  // Sets information about the authentication type (|form|) and the
52  // |password_manager| for this profile.
53  void SetPasswordForm(const autofill::PasswordForm& form);
54  void SetPasswordManager(password_manager::PasswordManager* password_manager);
55
56  // Returns the WebContents that needs authentication.
57  content::WebContents* GetWebContentsForLogin() const;
58
59  // Resend the request with authentication credentials.
60  // This function can be called from either thread.
61  void SetAuth(const base::string16& username, const base::string16& password);
62
63  // Display the error page without asking for credentials again.
64  // This function can be called from either thread.
65  void CancelAuth();
66
67  // Implements the content::NotificationObserver interface.
68  // Listens for AUTH_SUPPLIED and AUTH_CANCELLED notifications from other
69  // LoginHandlers so that this LoginHandler has the chance to dismiss itself
70  // if it was waiting for the same authentication.
71  virtual void Observe(int type,
72                       const content::NotificationSource& source,
73                       const content::NotificationDetails& details) OVERRIDE;
74
75  // Who/where/what asked for the authentication.
76  const net::AuthChallengeInfo* auth_info() const { return auth_info_.get(); }
77
78  // Returns whether authentication had been handled (SetAuth or CancelAuth).
79  bool WasAuthHandled() const;
80
81 protected:
82  virtual ~LoginHandler();
83
84  void SetModel(password_manager::LoginModel* model);
85
86  // Notify observers that authentication is needed.
87  void NotifyAuthNeeded();
88
89  // Performs necessary cleanup before deletion.
90  void ReleaseSoon();
91
92  // Closes the native dialog.
93  virtual void CloseDialog() = 0;
94
95 private:
96  // Starts observing notifications from other LoginHandlers.
97  void AddObservers();
98
99  // Stops observing notifications from other LoginHandlers.
100  void RemoveObservers();
101
102  // Notify observers that authentication is supplied.
103  void NotifyAuthSupplied(const base::string16& username,
104                          const base::string16& password);
105
106  // Notify observers that authentication is cancelled.
107  void NotifyAuthCancelled();
108
109  // Marks authentication as handled and returns the previous handled
110  // state.
111  bool TestAndSetAuthHandled();
112
113  // Calls SetAuth from the IO loop.
114  void SetAuthDeferred(const base::string16& username,
115                       const base::string16& password);
116
117  // Calls CancelAuth from the IO loop.
118  void CancelAuthDeferred();
119
120  // Closes the view_contents from the UI loop.
121  void CloseContentsDeferred();
122
123  // True if we've handled auth (SetAuth or CancelAuth has been called).
124  bool handled_auth_;
125  mutable base::Lock handled_auth_lock_;
126
127  // Who/where/what asked for the authentication.
128  scoped_refptr<net::AuthChallengeInfo> auth_info_;
129
130  // The request that wants login data.
131  // This should only be accessed on the IO loop.
132  net::URLRequest* request_;
133
134  // The HttpNetworkSession |request_| is associated with.
135  const net::HttpNetworkSession* http_network_session_;
136
137  // The PasswordForm sent to the PasswordManager. This is so we can refer to it
138  // when later notifying the password manager if the credentials were accepted
139  // or rejected.
140  // This should only be accessed on the UI loop.
141  autofill::PasswordForm password_form_;
142
143  // Points to the password manager owned by the WebContents requesting auth.
144  // This should only be accessed on the UI loop.
145  password_manager::PasswordManager* password_manager_;
146
147  // Cached from the net::URLRequest, in case it goes NULL on us.
148  int render_process_host_id_;
149  int render_frame_id_;
150
151  // If not null, points to a model we need to notify of our own destruction
152  // so it doesn't try and access this when its too late.
153  password_manager::LoginModel* login_model_;
154
155  // Observes other login handlers so this login handler can respond.
156  // This is only accessed on the UI thread.
157  scoped_ptr<content::NotificationRegistrar> registrar_;
158};
159
160// Details to provide the content::NotificationObserver.  Used by the automation
161// proxy for testing.
162class LoginNotificationDetails {
163 public:
164  explicit LoginNotificationDetails(LoginHandler* handler)
165      : handler_(handler) {}
166  LoginHandler* handler() const { return handler_; }
167
168 private:
169  LoginNotificationDetails() {}
170
171  LoginHandler* handler_;  // Where to send the response.
172
173  DISALLOW_COPY_AND_ASSIGN(LoginNotificationDetails);
174};
175
176// Details to provide the NotificationObserver.  Used by the automation proxy
177// for testing and by other LoginHandlers to dismiss themselves when an
178// identical auth is supplied.
179class AuthSuppliedLoginNotificationDetails : public LoginNotificationDetails {
180 public:
181  AuthSuppliedLoginNotificationDetails(LoginHandler* handler,
182                                       const base::string16& username,
183                                       const base::string16& password)
184      : LoginNotificationDetails(handler),
185        username_(username),
186        password_(password) {}
187  const base::string16& username() const { return username_; }
188  const base::string16& password() const { return password_; }
189
190 private:
191  // The username that was used for the authentication.
192  const base::string16 username_;
193
194  // The password that was used for the authentication.
195  const base::string16 password_;
196
197  DISALLOW_COPY_AND_ASSIGN(AuthSuppliedLoginNotificationDetails);
198};
199
200// Prompts the user for their username and password.  This is designed to
201// be called on the background (I/O) thread, in response to
202// net::URLRequest::Delegate::OnAuthRequired.  The prompt will be created
203// on the main UI thread via a call to UI loop's InvokeLater, and will send the
204// credentials back to the net::URLRequest on the calling thread.
205// A LoginHandler object (which lives on the calling thread) is returned,
206// which can be used to set or cancel authentication programmatically.  The
207// caller must invoke OnRequestCancelled() on this LoginHandler before
208// destroying the net::URLRequest.
209LoginHandler* CreateLoginPrompt(net::AuthChallengeInfo* auth_info,
210                                net::URLRequest* request);
211
212// Helper to remove the ref from an net::URLRequest to the LoginHandler.
213// Should only be called from the IO thread, since it accesses an
214// net::URLRequest.
215void ResetLoginHandlerForRequest(net::URLRequest* request);
216
217// Get the signon_realm under which the identity should be saved.
218std::string GetSignonRealm(const GURL& url,
219                           const net::AuthChallengeInfo& auth_info);
220
221#endif  // CHROME_BROWSER_UI_LOGIN_LOGIN_PROMPT_H_
222