src/chrome/browser/chromeos/login/lock/screen_locker.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/login/lock/screen_locker.h"
   6
   7 #include <string>
   8 #include <vector>
   9
  10 #include "ash/ash_switches.h"
  11 #include "ash/audio/sounds.h"
  12 #include "ash/desktop_background/desktop_background_controller.h"
  13 #include "ash/shell.h"
  14 #include "ash/wm/lock_state_controller.h"
  15 #include "ash/wm/window_state.h"
  16 #include "ash/wm/window_util.h"
  17 #include "ash/wm/wm_event.h"
  18 #include "base/bind.h"
  19 #include "base/command_line.h"
  20 #include "base/lazy_instance.h"
  21 #include "base/memory/weak_ptr.h"
  22 #include "base/message_loop/message_loop.h"
  23 #include "base/metrics/histogram.h"
  24 #include "base/strings/string_number_conversions.h"
  25 #include "base/strings/string_util.h"
  26 #include "base/timer/timer.h"
  27 #include "chrome/browser/chrome_notification_types.h"
  28 #include "chrome/browser/chromeos/login/auth/authenticator.h"
  29 #include "chrome/browser/chromeos/login/auth/extended_authenticator.h"
  30 #include "chrome/browser/chromeos/login/auth/login_performer.h"
  31 #include "chrome/browser/chromeos/login/lock/webui_screen_locker.h"
  32 #include "chrome/browser/chromeos/login/login_utils.h"
  33 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h"
  34 #include "chrome/browser/chromeos/login/ui/user_adding_screen.h"
  35 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
  36 #include "chrome/browser/chromeos/login/users/user_manager.h"
  37 #include "chrome/browser/lifetime/application_lifetime.h"
  38 #include "chrome/browser/signin/signin_manager_factory.h"
  39 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_provider.h"
  40 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_source.h"
  41 #include "chrome/common/chrome_switches.h"
  42 #include "chromeos/audio/chromeos_sounds.h"
  43 #include "chromeos/dbus/dbus_thread_manager.h"
  44 #include "chromeos/dbus/session_manager_client.h"
  45 #include "components/signin/core/browser/signin_manager.h"
  46 #include "content/public/browser/browser_thread.h"
  47 #include "content/public/browser/notification_service.h"
  48 #include "content/public/browser/url_data_source.h"
  49 #include "content/public/browser/user_metrics.h"
  50 #include "content/public/browser/web_contents.h"
  51 #include "content/public/browser/web_ui.h"
  52 #include "grit/browser_resources.h"
  53 #include "grit/generated_resources.h"
  54 #include "media/audio/sounds/sounds_manager.h"
  55 #include "ui/base/l10n/l10n_util.h"
  56 #include "ui/base/resource/resource_bundle.h"
  57 #include "ui/gfx/image/image.h"
  58 #include "url/gurl.h"
  59
  60 using base::UserMetricsAction;
  61 using content::BrowserThread;
  62
  63 namespace chromeos {
  64
  65 namespace {
  66
  67 // Timeout for unlock animation guard - some animations may be required to run
  68 // on successful authentication before unlocking, but we want to be sure that
  69 // unlock happens even if animations are broken.
  70 const int kUnlockGuardTimeoutMs = 400;
  71
  72 // Observer to start ScreenLocker when locking the screen is requested.
  73 class ScreenLockObserver : public SessionManagerClient::StubDelegate,
  74                            public content::NotificationObserver,
  75                            public UserAddingScreen::Observer {
  76  public:
  77   ScreenLockObserver() : session_started_(false) {
  78     registrar_.Add(this,
  79                    chrome::NOTIFICATION_SESSION_STARTED,
  80                    content::NotificationService::AllSources());
  81     DBusThreadManager::Get()->GetSessionManagerClient()->SetStubDelegate(this);
  82   }
  83
  84   virtual ~ScreenLockObserver() {
  85     if (DBusThreadManager::IsInitialized()) {
  86       DBusThreadManager::Get()->GetSessionManagerClient()->SetStubDelegate(
  87           NULL);
  88     }
  89   }
  90
  91   bool session_started() const { return session_started_; }
  92
  93   // SessionManagerClient::StubDelegate overrides:
  94   virtual void LockScreenForStub() OVERRIDE {
  95     ScreenLocker::HandleLockScreenRequest();
  96   }
  97
  98   // NotificationObserver overrides:
  99   virtual void Observe(int type,
 100                        const content::NotificationSource& source,
 101                        const content::NotificationDetails& details) OVERRIDE {
 102     if (type == chrome::NOTIFICATION_SESSION_STARTED)
 103       session_started_ = true;
 104     else
 105       NOTREACHED() << "Unexpected notification " << type;
 106   }
 107
 108   // UserAddingScreen::Observer overrides:
 109   virtual void OnUserAddingFinished() OVERRIDE {
 110     UserAddingScreen::Get()->RemoveObserver(this);
 111     ScreenLocker::HandleLockScreenRequest();
 112   }
 113
 114  private:
 115   bool session_started_;
 116   content::NotificationRegistrar registrar_;
 117
 118   DISALLOW_COPY_AND_ASSIGN(ScreenLockObserver);
 119 };
 120
 121 ScreenLockObserver* g_screen_lock_observer = NULL;
 122
 123 }  // namespace
 124
 125 // static
 126 ScreenLocker* ScreenLocker::screen_locker_ = NULL;
 127
 128 //////////////////////////////////////////////////////////////////////////////
 129 // ScreenLocker, public:
 130
 131 ScreenLocker::ScreenLocker(const UserList& users)
 132     : users_(users),
 133       locked_(false),
 134       start_time_(base::Time::Now()),
 135       login_status_consumer_(NULL),
 136       incorrect_passwords_count_(0),
 137       weak_factory_(this) {
 138   DCHECK(!screen_locker_);
 139   screen_locker_ = this;
 140
 141   ui::ResourceBundle& bundle = ui::ResourceBundle::GetSharedInstance();
 142   media::SoundsManager* manager = media::SoundsManager::Get();
 143   manager->Initialize(SOUND_LOCK,
 144                       bundle.GetRawDataResource(IDR_SOUND_LOCK_WAV));
 145   manager->Initialize(SOUND_UNLOCK,
 146                       bundle.GetRawDataResource(IDR_SOUND_UNLOCK_WAV));
 147
 148   ash::Shell::GetInstance()->
 149       lock_state_controller()->SetLockScreenDisplayedCallback(
 150           base::Bind(base::IgnoreResult(&ash::PlaySystemSoundIfSpokenFeedback),
 151                      static_cast<media::SoundsManager::SoundKey>(
 152                          chromeos::SOUND_LOCK)));
 153 }
 154
 155 void ScreenLocker::Init() {
 156   authenticator_ = LoginUtils::Get()->CreateAuthenticator(this);
 157   extended_authenticator_ = new ExtendedAuthenticator(this);
 158   delegate_.reset(new WebUIScreenLocker(this));
 159   delegate_->LockScreen();
 160
 161   // Ownership of |icon_image_source| is passed.
 162   screenlock_icon_provider_.reset(new ScreenlockIconProvider);
 163   ScreenlockIconSource* screenlock_icon_source =
 164       new ScreenlockIconSource(screenlock_icon_provider_->AsWeakPtr());
 165   content::URLDataSource::Add(
 166       GetAssociatedWebUI()->GetWebContents()->GetBrowserContext(),
 167       screenlock_icon_source);
 168 }
 169
 170 void ScreenLocker::OnLoginFailure(const LoginFailure& error) {
 171   content::RecordAction(UserMetricsAction("ScreenLocker_OnLoginFailure"));
 172   if (authentication_start_time_.is_null()) {
 173     LOG(ERROR) << "Start time is not set at authentication failure";
 174   } else {
 175     base::TimeDelta delta = base::Time::Now() - authentication_start_time_;
 176     VLOG(1) << "Authentication failure: " << delta.InSecondsF() << " second(s)";
 177     UMA_HISTOGRAM_TIMES("ScreenLocker.AuthenticationFailureTime", delta);
 178   }
 179
 180   EnableInput();
 181   // Don't enable signout button here as we're showing
 182   // MessageBubble.
 183
 184   delegate_->ShowErrorMessage(incorrect_passwords_count_++ ?
 185                                   IDS_LOGIN_ERROR_AUTHENTICATING_2ND_TIME :
 186                                   IDS_LOGIN_ERROR_AUTHENTICATING,
 187                               HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT);
 188
 189   if (login_status_consumer_)
 190     login_status_consumer_->OnLoginFailure(error);
 191 }
 192
 193 void ScreenLocker::OnLoginSuccess(const UserContext& user_context) {
 194   incorrect_passwords_count_ = 0;
 195   if (authentication_start_time_.is_null()) {
 196     if (!user_context.GetUserID().empty())
 197       LOG(ERROR) << "Start time is not set at authentication success";
 198   } else {
 199     base::TimeDelta delta = base::Time::Now() - authentication_start_time_;
 200     VLOG(1) << "Authentication success: " << delta.InSecondsF() << " second(s)";
 201     UMA_HISTOGRAM_TIMES("ScreenLocker.AuthenticationSuccessTime", delta);
 202   }
 203
 204   const User* user = UserManager::Get()->FindUser(user_context.GetUserID());
 205   if (user) {
 206     if (!user->is_active())
 207       UserManager::Get()->SwitchActiveUser(user_context.GetUserID());
 208   } else {
 209     NOTREACHED() << "Logged in user not found.";
 210   }
 211
 212   authentication_capture_.reset(new AuthenticationParametersCapture());
 213   authentication_capture_->user_context = user_context;
 214
 215   // Add guard for case when something get broken in call chain to unlock
 216   // for sure.
 217   base::MessageLoop::current()->PostDelayedTask(
 218       FROM_HERE,
 219       base::Bind(&ScreenLocker::UnlockOnLoginSuccess,
 220           weak_factory_.GetWeakPtr()),
 221       base::TimeDelta::FromMilliseconds(kUnlockGuardTimeoutMs));
 222   delegate_->AnimateAuthenticationSuccess();
 223 }
 224
 225 void ScreenLocker::UnlockOnLoginSuccess() {
 226   DCHECK(base::MessageLoopForUI::IsCurrent());
 227   if (!authentication_capture_.get()) {
 228     LOG(WARNING) << "Call to UnlockOnLoginSuccess without previous " <<
 229       "authentication success.";
 230     return;
 231   }
 232
 233   if (login_status_consumer_) {
 234     login_status_consumer_->OnLoginSuccess(
 235         authentication_capture_->user_context);
 236   }
 237   authentication_capture_.reset();
 238   weak_factory_.InvalidateWeakPtrs();
 239
 240   VLOG(1) << "Hiding the lock screen.";
 241   chromeos::ScreenLocker::Hide();
 242 }
 243
 244 void ScreenLocker::Authenticate(const UserContext& user_context) {
 245   LOG_ASSERT(IsUserLoggedIn(user_context.GetUserID()))
 246       << "Invalid user trying to unlock.";
 247
 248   authentication_start_time_ = base::Time::Now();
 249   delegate_->SetInputEnabled(false);
 250   delegate_->OnAuthenticate();
 251
 252   // Special case: supervised users. Use special authenticator.
 253   if (const User* user = FindUnlockUser(user_context.GetUserID())) {
 254     if (user->GetType() == User::USER_TYPE_LOCALLY_MANAGED) {
 255       UserContext updated_context = UserManager::Get()
 256                                         ->GetSupervisedUserManager()
 257                                         ->GetAuthentication()
 258                                         ->TransformKey(user_context);
 259       // TODO(antrim) : replace empty closure with explicit method.
 260       // http://crbug.com/351268
 261       BrowserThread::PostTask(
 262           BrowserThread::UI,
 263           FROM_HERE,
 264           base::Bind(&ExtendedAuthenticator::AuthenticateToCheck,
 265                      extended_authenticator_.get(),
 266                      updated_context,
 267                      base::Closure()));
 268       return;
 269     }
 270   }
 271
 272   // TODO(antrim) : migrate to new authenticator for all types of users.
 273   // http://crbug.com/351268
 274   BrowserThread::PostTask(
 275       BrowserThread::UI, FROM_HERE,
 276       base::Bind(&Authenticator::AuthenticateToUnlock,
 277                  authenticator_.get(),
 278                  user_context));
 279 }
 280
 281 const User* ScreenLocker::FindUnlockUser(const std::string& user_id) {
 282   const User* unlock_user = NULL;
 283   for (UserList::const_iterator it = users_.begin(); it != users_.end(); ++it) {
 284     if ((*it)->email() == user_id) {
 285       unlock_user = *it;
 286       break;
 287     }
 288   }
 289   return unlock_user;
 290 }
 291
 292 void ScreenLocker::ClearErrors() {
 293   delegate_->ClearErrors();
 294 }
 295
 296 void ScreenLocker::Signout() {
 297   delegate_->ClearErrors();
 298   content::RecordAction(UserMetricsAction("ScreenLocker_Signout"));
 299   // We expect that this call will not wait for any user input.
 300   // If it changes at some point, we will need to force exit.
 301   chrome::AttemptUserExit();
 302
 303   // Don't hide yet the locker because the chrome screen may become visible
 304   // briefly.
 305 }
 306
 307 void ScreenLocker::EnableInput() {
 308   delegate_->SetInputEnabled(true);
 309 }
 310
 311 void ScreenLocker::ShowErrorMessage(int error_msg_id,
 312                                     HelpAppLauncher::HelpTopic help_topic_id,
 313                                     bool sign_out_only) {
 314   delegate_->SetInputEnabled(!sign_out_only);
 315   delegate_->ShowErrorMessage(error_msg_id, help_topic_id);
 316 }
 317
 318 void ScreenLocker::SetLoginStatusConsumer(
 319     chromeos::LoginStatusConsumer* consumer) {
 320   login_status_consumer_ = consumer;
 321 }
 322
 323 // static
 324 void ScreenLocker::InitClass() {
 325   DCHECK(!g_screen_lock_observer);
 326   g_screen_lock_observer = new ScreenLockObserver;
 327 }
 328
 329 // static
 330 void ScreenLocker::ShutDownClass() {
 331   DCHECK(g_screen_lock_observer);
 332   delete g_screen_lock_observer;
 333   g_screen_lock_observer = NULL;
 334 }
 335
 336 // static
 337 void ScreenLocker::HandleLockScreenRequest() {
 338   VLOG(1) << "Received LockScreen request from session manager";
 339   DCHECK(g_screen_lock_observer);
 340   if (UserAddingScreen::Get()->IsRunning()) {
 341     VLOG(1) << "Waiting for user adding screen to stop";
 342     UserAddingScreen::Get()->AddObserver(g_screen_lock_observer);
 343     UserAddingScreen::Get()->Cancel();
 344     return;
 345   }
 346   if (g_screen_lock_observer->session_started() &&
 347       UserManager::Get()->CanCurrentUserLock()) {
 348     ScreenLocker::Show();
 349     ash::Shell::GetInstance()->lock_state_controller()->OnStartingLock();
 350   } else {
 351     // If the current user's session cannot be locked or the user has not
 352     // completed all sign-in steps yet, log out instead. The latter is done to
 353     // avoid complications with displaying the lock screen over the login
 354     // screen while remaining secure in the case the user walks away during
 355     // the sign-in steps. See crbug.com/112225 and crbug.com/110933.
 356     VLOG(1) << "Calling session manager's StopSession D-Bus method";
 357     DBusThreadManager::Get()->GetSessionManagerClient()->StopSession();
 358   }
 359 }
 360
 361 // static
 362 void ScreenLocker::Show() {
 363   content::RecordAction(UserMetricsAction("ScreenLocker_Show"));
 364   DCHECK(base::MessageLoopForUI::IsCurrent());
 365
 366   // Check whether the currently logged in user is a guest account and if so,
 367   // refuse to lock the screen (crosbug.com/23764).
 368   // For a demo user, we should never show the lock screen (crosbug.com/27647).
 369   if (UserManager::Get()->IsLoggedInAsGuest() ||
 370       UserManager::Get()->IsLoggedInAsDemoUser()) {
 371     VLOG(1) << "Refusing to lock screen for guest/demo account";
 372     return;
 373   }
 374
 375   // If the active window is fullscreen, exit fullscreen to avoid the web page
 376   // or app mimicking the lock screen. Do not exit fullscreen if the shelf is
 377   // visible while in fullscreen because the shelf makes it harder for a web
 378   // page or app to mimick the lock screen.
 379   ash::wm::WindowState* active_window_state = ash::wm::GetActiveWindowState();
 380   if (active_window_state &&
 381       active_window_state->IsFullscreen() &&
 382       active_window_state->hide_shelf_when_fullscreen()) {
 383     const ash::wm::WMEvent event(ash::wm::WM_EVENT_TOGGLE_FULLSCREEN);
 384     active_window_state->OnWMEvent(&event);
 385   }
 386
 387   if (!screen_locker_) {
 388     ScreenLocker* locker =
 389         new ScreenLocker(UserManager::Get()->GetUnlockUsers());
 390     VLOG(1) << "Created ScreenLocker " << locker;
 391     locker->Init();
 392   } else {
 393     VLOG(1) << "ScreenLocker " << screen_locker_ << " already exists; "
 394             << " calling session manager's HandleLockScreenShown D-Bus method";
 395     DBusThreadManager::Get()->GetSessionManagerClient()->
 396         NotifyLockScreenShown();
 397   }
 398 }
 399
 400 // static
 401 void ScreenLocker::Hide() {
 402   DCHECK(base::MessageLoopForUI::IsCurrent());
 403   // For a guest/demo user, screen_locker_ would have never been initialized.
 404   if (UserManager::Get()->IsLoggedInAsGuest() ||
 405       UserManager::Get()->IsLoggedInAsDemoUser()) {
 406     VLOG(1) << "Refusing to hide lock screen for guest/demo account";
 407     return;
 408   }
 409
 410   DCHECK(screen_locker_);
 411   base::Callback<void(void)> callback =
 412       base::Bind(&ScreenLocker::ScheduleDeletion);
 413   ash::Shell::GetInstance()->lock_state_controller()->
 414     OnLockScreenHide(callback);
 415 }
 416
 417 void ScreenLocker::ScheduleDeletion() {
 418   // Avoid possible multiple calls.
 419   if (screen_locker_ == NULL)
 420     return;
 421   VLOG(1) << "Deleting ScreenLocker " << screen_locker_;
 422
 423   ash::PlaySystemSoundIfSpokenFeedback(SOUND_UNLOCK);
 424
 425   delete screen_locker_;
 426   screen_locker_ = NULL;
 427 }
 428
 429 ////////////////////////////////////////////////////////////////////////////////
 430 // ScreenLocker, private:
 431
 432 ScreenLocker::~ScreenLocker() {
 433   VLOG(1) << "Destroying ScreenLocker " << this;
 434   DCHECK(base::MessageLoopForUI::IsCurrent());
 435
 436   if (authenticator_.get())
 437     authenticator_->SetConsumer(NULL);
 438   ClearErrors();
 439
 440   VLOG(1) << "Moving desktop background to unlocked container";
 441   ash::Shell::GetInstance()->
 442       desktop_background_controller()->MoveDesktopToUnlockedContainer();
 443
 444   screen_locker_ = NULL;
 445   bool state = false;
 446   VLOG(1) << "Emitting SCREEN_LOCK_STATE_CHANGED with state=" << state;
 447   content::NotificationService::current()->Notify(
 448       chrome::NOTIFICATION_SCREEN_LOCK_STATE_CHANGED,
 449       content::Source<ScreenLocker>(this),
 450       content::Details<bool>(&state));
 451
 452   VLOG(1) << "Calling session manager's HandleLockScreenDismissed D-Bus method";
 453   DBusThreadManager::Get()->GetSessionManagerClient()->
 454       NotifyLockScreenDismissed();
 455 }
 456
 457 void ScreenLocker::SetAuthenticator(Authenticator* authenticator) {
 458   authenticator_ = authenticator;
 459 }
 460
 461 void ScreenLocker::ScreenLockReady() {
 462   locked_ = true;
 463   base::TimeDelta delta = base::Time::Now() - start_time_;
 464   VLOG(1) << "ScreenLocker " << this << " is ready after "
 465           << delta.InSecondsF() << " second(s)";
 466   UMA_HISTOGRAM_TIMES("ScreenLocker.ScreenLockTime", delta);
 467
 468   VLOG(1) << "Moving desktop background to locked container";
 469   ash::Shell::GetInstance()->
 470       desktop_background_controller()->MoveDesktopToLockedContainer();
 471
 472   bool state = true;
 473   VLOG(1) << "Emitting SCREEN_LOCK_STATE_CHANGED with state=" << state;
 474   content::NotificationService::current()->Notify(
 475       chrome::NOTIFICATION_SCREEN_LOCK_STATE_CHANGED,
 476       content::Source<ScreenLocker>(this),
 477       content::Details<bool>(&state));
 478   VLOG(1) << "Calling session manager's HandleLockScreenShown D-Bus method";
 479   DBusThreadManager::Get()->GetSessionManagerClient()->NotifyLockScreenShown();
 480 }
 481
 482 content::WebUI* ScreenLocker::GetAssociatedWebUI() {
 483   return delegate_->GetAssociatedWebUI();
 484 }
 485
 486 bool ScreenLocker::IsUserLoggedIn(const std::string& username) {
 487   for (UserList::const_iterator it = users_.begin(); it != users_.end(); ++it) {
 488     if ((*it)->email() == username)
 489       return true;
 490   }
 491   return false;
 492 }
 493
 494 }  // namespace chromeos