1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/login/lock/screen_locker.h"
10 #include "ash/ash_switches.h"
11 #include "ash/audio/sounds.h"
12 #include "ash/desktop_background/desktop_background_controller.h"
13 #include "ash/shell.h"
14 #include "ash/wm/lock_state_controller.h"
15 #include "ash/wm/window_state.h"
16 #include "ash/wm/window_util.h"
17 #include "ash/wm/wm_event.h"
18 #include "base/bind.h"
19 #include "base/command_line.h"
20 #include "base/lazy_instance.h"
21 #include "base/memory/weak_ptr.h"
22 #include "base/message_loop/message_loop.h"
23 #include "base/metrics/histogram.h"
24 #include "base/strings/string_number_conversions.h"
25 #include "base/strings/string_util.h"
26 #include "base/timer/timer.h"
27 #include "chrome/browser/chrome_notification_types.h"
28 #include "chrome/browser/chromeos/login/auth/authenticator.h"
29 #include "chrome/browser/chromeos/login/auth/extended_authenticator.h"
30 #include "chrome/browser/chromeos/login/auth/login_performer.h"
31 #include "chrome/browser/chromeos/login/lock/webui_screen_locker.h"
32 #include "chrome/browser/chromeos/login/login_utils.h"
33 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h"
34 #include "chrome/browser/chromeos/login/ui/user_adding_screen.h"
35 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
36 #include "chrome/browser/chromeos/login/users/user_manager.h"
37 #include "chrome/browser/lifetime/application_lifetime.h"
38 #include "chrome/browser/signin/signin_manager_factory.h"
39 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_provider.h"
40 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_source.h"
41 #include "chrome/common/chrome_switches.h"
42 #include "chromeos/audio/chromeos_sounds.h"
43 #include "chromeos/dbus/dbus_thread_manager.h"
44 #include "chromeos/dbus/session_manager_client.h"
45 #include "components/signin/core/browser/signin_manager.h"
46 #include "content/public/browser/browser_thread.h"
47 #include "content/public/browser/notification_service.h"
48 #include "content/public/browser/url_data_source.h"
49 #include "content/public/browser/user_metrics.h"
50 #include "content/public/browser/web_contents.h"
51 #include "content/public/browser/web_ui.h"
52 #include "grit/browser_resources.h"
53 #include "grit/generated_resources.h"
54 #include "media/audio/sounds/sounds_manager.h"
55 #include "ui/base/l10n/l10n_util.h"
56 #include "ui/base/resource/resource_bundle.h"
57 #include "ui/gfx/image/image.h"
60 using base::UserMetricsAction;
61 using content::BrowserThread;
67 // Timeout for unlock animation guard - some animations may be required to run
68 // on successful authentication before unlocking, but we want to be sure that
69 // unlock happens even if animations are broken.
70 const int kUnlockGuardTimeoutMs = 400;
72 // Observer to start ScreenLocker when locking the screen is requested.
73 class ScreenLockObserver : public SessionManagerClient::StubDelegate,
74 public content::NotificationObserver,
75 public UserAddingScreen::Observer {
77 ScreenLockObserver() : session_started_(false) {
79 chrome::NOTIFICATION_SESSION_STARTED,
80 content::NotificationService::AllSources());
81 DBusThreadManager::Get()->GetSessionManagerClient()->SetStubDelegate(this);
84 virtual ~ScreenLockObserver() {
85 if (DBusThreadManager::IsInitialized()) {
86 DBusThreadManager::Get()->GetSessionManagerClient()->SetStubDelegate(
91 bool session_started() const { return session_started_; }
93 // SessionManagerClient::StubDelegate overrides:
94 virtual void LockScreenForStub() OVERRIDE {
95 ScreenLocker::HandleLockScreenRequest();
98 // NotificationObserver overrides:
99 virtual void Observe(int type,
100 const content::NotificationSource& source,
101 const content::NotificationDetails& details) OVERRIDE {
102 if (type == chrome::NOTIFICATION_SESSION_STARTED)
103 session_started_ = true;
105 NOTREACHED() << "Unexpected notification " << type;
108 // UserAddingScreen::Observer overrides:
109 virtual void OnUserAddingFinished() OVERRIDE {
110 UserAddingScreen::Get()->RemoveObserver(this);
111 ScreenLocker::HandleLockScreenRequest();
115 bool session_started_;
116 content::NotificationRegistrar registrar_;
118 DISALLOW_COPY_AND_ASSIGN(ScreenLockObserver);
121 ScreenLockObserver* g_screen_lock_observer = NULL;
126 ScreenLocker* ScreenLocker::screen_locker_ = NULL;
128 //////////////////////////////////////////////////////////////////////////////
129 // ScreenLocker, public:
131 ScreenLocker::ScreenLocker(const UserList& users)
134 start_time_(base::Time::Now()),
135 login_status_consumer_(NULL),
136 incorrect_passwords_count_(0),
137 weak_factory_(this) {
138 DCHECK(!screen_locker_);
139 screen_locker_ = this;
141 ui::ResourceBundle& bundle = ui::ResourceBundle::GetSharedInstance();
142 media::SoundsManager* manager = media::SoundsManager::Get();
143 manager->Initialize(SOUND_LOCK,
144 bundle.GetRawDataResource(IDR_SOUND_LOCK_WAV));
145 manager->Initialize(SOUND_UNLOCK,
146 bundle.GetRawDataResource(IDR_SOUND_UNLOCK_WAV));
148 ash::Shell::GetInstance()->
149 lock_state_controller()->SetLockScreenDisplayedCallback(
150 base::Bind(base::IgnoreResult(&ash::PlaySystemSoundIfSpokenFeedback),
151 static_cast<media::SoundsManager::SoundKey>(
152 chromeos::SOUND_LOCK)));
155 void ScreenLocker::Init() {
156 authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
157 extended_authenticator_ = new ExtendedAuthenticator(this);
158 delegate_.reset(new WebUIScreenLocker(this));
159 delegate_->LockScreen();
161 // Ownership of |icon_image_source| is passed.
162 screenlock_icon_provider_.reset(new ScreenlockIconProvider);
163 ScreenlockIconSource* screenlock_icon_source =
164 new ScreenlockIconSource(screenlock_icon_provider_->AsWeakPtr());
165 content::URLDataSource::Add(
166 GetAssociatedWebUI()->GetWebContents()->GetBrowserContext(),
167 screenlock_icon_source);
170 void ScreenLocker::OnLoginFailure(const LoginFailure& error) {
171 content::RecordAction(UserMetricsAction("ScreenLocker_OnLoginFailure"));
172 if (authentication_start_time_.is_null()) {
173 LOG(ERROR) << "Start time is not set at authentication failure";
175 base::TimeDelta delta = base::Time::Now() - authentication_start_time_;
176 VLOG(1) << "Authentication failure: " << delta.InSecondsF() << " second(s)";
177 UMA_HISTOGRAM_TIMES("ScreenLocker.AuthenticationFailureTime", delta);
181 // Don't enable signout button here as we're showing
184 delegate_->ShowErrorMessage(incorrect_passwords_count_++ ?
185 IDS_LOGIN_ERROR_AUTHENTICATING_2ND_TIME :
186 IDS_LOGIN_ERROR_AUTHENTICATING,
187 HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT);
189 if (login_status_consumer_)
190 login_status_consumer_->OnLoginFailure(error);
193 void ScreenLocker::OnLoginSuccess(const UserContext& user_context) {
194 incorrect_passwords_count_ = 0;
195 if (authentication_start_time_.is_null()) {
196 if (!user_context.GetUserID().empty())
197 LOG(ERROR) << "Start time is not set at authentication success";
199 base::TimeDelta delta = base::Time::Now() - authentication_start_time_;
200 VLOG(1) << "Authentication success: " << delta.InSecondsF() << " second(s)";
201 UMA_HISTOGRAM_TIMES("ScreenLocker.AuthenticationSuccessTime", delta);
204 const User* user = UserManager::Get()->FindUser(user_context.GetUserID());
206 if (!user->is_active())
207 UserManager::Get()->SwitchActiveUser(user_context.GetUserID());
209 NOTREACHED() << "Logged in user not found.";
212 authentication_capture_.reset(new AuthenticationParametersCapture());
213 authentication_capture_->user_context = user_context;
215 // Add guard for case when something get broken in call chain to unlock
217 base::MessageLoop::current()->PostDelayedTask(
219 base::Bind(&ScreenLocker::UnlockOnLoginSuccess,
220 weak_factory_.GetWeakPtr()),
221 base::TimeDelta::FromMilliseconds(kUnlockGuardTimeoutMs));
222 delegate_->AnimateAuthenticationSuccess();
225 void ScreenLocker::UnlockOnLoginSuccess() {
226 DCHECK(base::MessageLoopForUI::IsCurrent());
227 if (!authentication_capture_.get()) {
228 LOG(WARNING) << "Call to UnlockOnLoginSuccess without previous " <<
229 "authentication success.";
233 if (login_status_consumer_) {
234 login_status_consumer_->OnLoginSuccess(
235 authentication_capture_->user_context);
237 authentication_capture_.reset();
238 weak_factory_.InvalidateWeakPtrs();
240 VLOG(1) << "Hiding the lock screen.";
241 chromeos::ScreenLocker::Hide();
244 void ScreenLocker::Authenticate(const UserContext& user_context) {
245 LOG_ASSERT(IsUserLoggedIn(user_context.GetUserID()))
246 << "Invalid user trying to unlock.";
248 authentication_start_time_ = base::Time::Now();
249 delegate_->SetInputEnabled(false);
250 delegate_->OnAuthenticate();
252 // Special case: supervised users. Use special authenticator.
253 if (const User* user = FindUnlockUser(user_context.GetUserID())) {
254 if (user->GetType() == User::USER_TYPE_LOCALLY_MANAGED) {
255 UserContext updated_context = UserManager::Get()
256 ->GetSupervisedUserManager()
257 ->GetAuthentication()
258 ->TransformKey(user_context);
259 // TODO(antrim) : replace empty closure with explicit method.
260 // http://crbug.com/351268
261 BrowserThread::PostTask(
264 base::Bind(&ExtendedAuthenticator::AuthenticateToCheck,
265 extended_authenticator_.get(),
272 // TODO(antrim) : migrate to new authenticator for all types of users.
273 // http://crbug.com/351268
274 BrowserThread::PostTask(
275 BrowserThread::UI, FROM_HERE,
276 base::Bind(&Authenticator::AuthenticateToUnlock,
277 authenticator_.get(),
281 const User* ScreenLocker::FindUnlockUser(const std::string& user_id) {
282 const User* unlock_user = NULL;
283 for (UserList::const_iterator it = users_.begin(); it != users_.end(); ++it) {
284 if ((*it)->email() == user_id) {
292 void ScreenLocker::ClearErrors() {
293 delegate_->ClearErrors();
296 void ScreenLocker::Signout() {
297 delegate_->ClearErrors();
298 content::RecordAction(UserMetricsAction("ScreenLocker_Signout"));
299 // We expect that this call will not wait for any user input.
300 // If it changes at some point, we will need to force exit.
301 chrome::AttemptUserExit();
303 // Don't hide yet the locker because the chrome screen may become visible
307 void ScreenLocker::EnableInput() {
308 delegate_->SetInputEnabled(true);
311 void ScreenLocker::ShowErrorMessage(int error_msg_id,
312 HelpAppLauncher::HelpTopic help_topic_id,
313 bool sign_out_only) {
314 delegate_->SetInputEnabled(!sign_out_only);
315 delegate_->ShowErrorMessage(error_msg_id, help_topic_id);
318 void ScreenLocker::SetLoginStatusConsumer(
319 chromeos::LoginStatusConsumer* consumer) {
320 login_status_consumer_ = consumer;
324 void ScreenLocker::InitClass() {
325 DCHECK(!g_screen_lock_observer);
326 g_screen_lock_observer = new ScreenLockObserver;
330 void ScreenLocker::ShutDownClass() {
331 DCHECK(g_screen_lock_observer);
332 delete g_screen_lock_observer;
333 g_screen_lock_observer = NULL;
337 void ScreenLocker::HandleLockScreenRequest() {
338 VLOG(1) << "Received LockScreen request from session manager";
339 DCHECK(g_screen_lock_observer);
340 if (UserAddingScreen::Get()->IsRunning()) {
341 VLOG(1) << "Waiting for user adding screen to stop";
342 UserAddingScreen::Get()->AddObserver(g_screen_lock_observer);
343 UserAddingScreen::Get()->Cancel();
346 if (g_screen_lock_observer->session_started() &&
347 UserManager::Get()->CanCurrentUserLock()) {
348 ScreenLocker::Show();
349 ash::Shell::GetInstance()->lock_state_controller()->OnStartingLock();
351 // If the current user's session cannot be locked or the user has not
352 // completed all sign-in steps yet, log out instead. The latter is done to
353 // avoid complications with displaying the lock screen over the login
354 // screen while remaining secure in the case the user walks away during
355 // the sign-in steps. See crbug.com/112225 and crbug.com/110933.
356 VLOG(1) << "Calling session manager's StopSession D-Bus method";
357 DBusThreadManager::Get()->GetSessionManagerClient()->StopSession();
362 void ScreenLocker::Show() {
363 content::RecordAction(UserMetricsAction("ScreenLocker_Show"));
364 DCHECK(base::MessageLoopForUI::IsCurrent());
366 // Check whether the currently logged in user is a guest account and if so,
367 // refuse to lock the screen (crosbug.com/23764).
368 // For a demo user, we should never show the lock screen (crosbug.com/27647).
369 if (UserManager::Get()->IsLoggedInAsGuest() ||
370 UserManager::Get()->IsLoggedInAsDemoUser()) {
371 VLOG(1) << "Refusing to lock screen for guest/demo account";
375 // If the active window is fullscreen, exit fullscreen to avoid the web page
376 // or app mimicking the lock screen. Do not exit fullscreen if the shelf is
377 // visible while in fullscreen because the shelf makes it harder for a web
378 // page or app to mimick the lock screen.
379 ash::wm::WindowState* active_window_state = ash::wm::GetActiveWindowState();
380 if (active_window_state &&
381 active_window_state->IsFullscreen() &&
382 active_window_state->hide_shelf_when_fullscreen()) {
383 const ash::wm::WMEvent event(ash::wm::WM_EVENT_TOGGLE_FULLSCREEN);
384 active_window_state->OnWMEvent(&event);
387 if (!screen_locker_) {
388 ScreenLocker* locker =
389 new ScreenLocker(UserManager::Get()->GetUnlockUsers());
390 VLOG(1) << "Created ScreenLocker " << locker;
393 VLOG(1) << "ScreenLocker " << screen_locker_ << " already exists; "
394 << " calling session manager's HandleLockScreenShown D-Bus method";
395 DBusThreadManager::Get()->GetSessionManagerClient()->
396 NotifyLockScreenShown();
401 void ScreenLocker::Hide() {
402 DCHECK(base::MessageLoopForUI::IsCurrent());
403 // For a guest/demo user, screen_locker_ would have never been initialized.
404 if (UserManager::Get()->IsLoggedInAsGuest() ||
405 UserManager::Get()->IsLoggedInAsDemoUser()) {
406 VLOG(1) << "Refusing to hide lock screen for guest/demo account";
410 DCHECK(screen_locker_);
411 base::Callback<void(void)> callback =
412 base::Bind(&ScreenLocker::ScheduleDeletion);
413 ash::Shell::GetInstance()->lock_state_controller()->
414 OnLockScreenHide(callback);
417 void ScreenLocker::ScheduleDeletion() {
418 // Avoid possible multiple calls.
419 if (screen_locker_ == NULL)
421 VLOG(1) << "Deleting ScreenLocker " << screen_locker_;
423 ash::PlaySystemSoundIfSpokenFeedback(SOUND_UNLOCK);
425 delete screen_locker_;
426 screen_locker_ = NULL;
429 ////////////////////////////////////////////////////////////////////////////////
430 // ScreenLocker, private:
432 ScreenLocker::~ScreenLocker() {
433 VLOG(1) << "Destroying ScreenLocker " << this;
434 DCHECK(base::MessageLoopForUI::IsCurrent());
436 if (authenticator_.get())
437 authenticator_->SetConsumer(NULL);
440 VLOG(1) << "Moving desktop background to unlocked container";
441 ash::Shell::GetInstance()->
442 desktop_background_controller()->MoveDesktopToUnlockedContainer();
444 screen_locker_ = NULL;
446 VLOG(1) << "Emitting SCREEN_LOCK_STATE_CHANGED with state=" << state;
447 content::NotificationService::current()->Notify(
448 chrome::NOTIFICATION_SCREEN_LOCK_STATE_CHANGED,
449 content::Source<ScreenLocker>(this),
450 content::Details<bool>(&state));
452 VLOG(1) << "Calling session manager's HandleLockScreenDismissed D-Bus method";
453 DBusThreadManager::Get()->GetSessionManagerClient()->
454 NotifyLockScreenDismissed();
457 void ScreenLocker::SetAuthenticator(Authenticator* authenticator) {
458 authenticator_ = authenticator;
461 void ScreenLocker::ScreenLockReady() {
463 base::TimeDelta delta = base::Time::Now() - start_time_;
464 VLOG(1) << "ScreenLocker " << this << " is ready after "
465 << delta.InSecondsF() << " second(s)";
466 UMA_HISTOGRAM_TIMES("ScreenLocker.ScreenLockTime", delta);
468 VLOG(1) << "Moving desktop background to locked container";
469 ash::Shell::GetInstance()->
470 desktop_background_controller()->MoveDesktopToLockedContainer();
473 VLOG(1) << "Emitting SCREEN_LOCK_STATE_CHANGED with state=" << state;
474 content::NotificationService::current()->Notify(
475 chrome::NOTIFICATION_SCREEN_LOCK_STATE_CHANGED,
476 content::Source<ScreenLocker>(this),
477 content::Details<bool>(&state));
478 VLOG(1) << "Calling session manager's HandleLockScreenShown D-Bus method";
479 DBusThreadManager::Get()->GetSessionManagerClient()->NotifyLockScreenShown();
482 content::WebUI* ScreenLocker::GetAssociatedWebUI() {
483 return delegate_->GetAssociatedWebUI();
486 bool ScreenLocker::IsUserLoggedIn(const std::string& username) {
487 for (UserList::const_iterator it = users_.begin(); it != users_.end(); ++it) {
488 if ((*it)->email() == username)
494 } // namespace chromeos