1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROMEOS_LOGIN_AUTH_AUTHENTICATOR_H_ 6#define CHROMEOS_LOGIN_AUTH_AUTHENTICATOR_H_ 7 8#include <string> 9 10#include "base/basictypes.h" 11#include "base/memory/ref_counted.h" 12#include "chromeos/chromeos_export.h" 13#include "chromeos/login/auth/auth_status_consumer.h" 14#include "google_apis/gaia/gaia_auth_consumer.h" 15 16class Profile; 17 18namespace chromeos { 19 20class UserContext; 21 22// An interface for objects that will authenticate a Chromium OS user. 23// Callbacks will be called on the UI thread: 24// 1. On successful authentication, will call consumer_->OnAuthSuccess(). 25// 2. On failure, will call consumer_->OnAuthFailure(). 26// 3. On password change, will call consumer_->OnPasswordChangeDetected(). 27class CHROMEOS_EXPORT Authenticator 28 : public base::RefCountedThreadSafe<Authenticator> { 29 public: 30 explicit Authenticator(AuthStatusConsumer* consumer); 31 32 // Given externally authenticated username and password (part of 33 // |user_context|), this method attempts to complete authentication process. 34 virtual void CompleteLogin(Profile* profile, 35 const UserContext& user_context) = 0; 36 37 // Given a user credentials in |user_context|, 38 // this method attempts to authenticate to login. 39 // Must be called on the UI thread. 40 virtual void AuthenticateToLogin(Profile* profile, 41 const UserContext& user_context) = 0; 42 43 // Given a user credentials in |user_context|, this method attempts to 44 // authenticate to unlock the computer. 45 // Must be called on the UI thread. 46 virtual void AuthenticateToUnlock(const UserContext& user_context) = 0; 47 48 // Initiates supervised user login. 49 virtual void LoginAsSupervisedUser(const UserContext& user_context) = 0; 50 51 // Initiates retail mode login. 52 virtual void LoginRetailMode() = 0; 53 54 // Initiates incognito ("browse without signing in") login. 55 virtual void LoginOffTheRecord() = 0; 56 57 // Initiates login into the public account identified by |user_context|. 58 virtual void LoginAsPublicSession(const UserContext& user_context) = 0; 59 60 // Initiates login into kiosk mode account identified by |app_user_id|. 61 // The |app_user_id| is a generated username for the account. 62 // |use_guest_mount| specifies whether to force the session to use a 63 // guest mount. If this is false, we use mount a public cryptohome. 64 virtual void LoginAsKioskAccount(const std::string& app_user_id, 65 bool use_guest_mount) = 0; 66 67 // Completes retail mode login. 68 virtual void OnRetailModeAuthSuccess() = 0; 69 70 // Notifies caller that login was successful. Must be called on the UI thread. 71 virtual void OnAuthSuccess() = 0; 72 73 // Must be called on the UI thread. 74 virtual void OnAuthFailure(const AuthFailure& error) = 0; 75 76 // Call these methods on the UI thread. 77 // If a password logs the user in online, but cannot be used to 78 // mount his cryptohome, we expect that a password change has 79 // occurred. 80 // Call this method to migrate the user's encrypted data 81 // forward to use his new password. |old_password| is the password 82 // his data was last encrypted with. 83 virtual void RecoverEncryptedData(const std::string& old_password) = 0; 84 85 // Call this method to erase the user's encrypted data 86 // and create a new cryptohome. 87 virtual void ResyncEncryptedData() = 0; 88 89 // Profile (usually off the record ) that was used to perform the last 90 // authentication process. 91 Profile* authentication_profile() { return authentication_profile_; } 92 93 // Sets consumer explicitly. 94 void SetConsumer(AuthStatusConsumer* consumer); 95 96 protected: 97 virtual ~Authenticator(); 98 99 AuthStatusConsumer* consumer_; 100 Profile* authentication_profile_; 101 102 private: 103 friend class base::RefCountedThreadSafe<Authenticator>; 104 105 DISALLOW_COPY_AND_ASSIGN(Authenticator); 106}; 107 108} // namespace chromeos 109 110#endif // CHROMEOS_LOGIN_AUTH_AUTHENTICATOR_H_ 111