1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
6 #define CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_
10 #include "base/basictypes.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/memory/weak_ptr.h"
13 #include "chrome/browser/chromeos/policy/wildcard_login_checker.h"
14 #include "chromeos/login/auth/auth_status_consumer.h"
15 #include "chromeos/login/auth/authenticator.h"
16 #include "chromeos/login/auth/extended_authenticator.h"
17 #include "chromeos/login/auth/online_attempt_host.h"
18 #include "chromeos/login/auth/user_context.h"
19 #include "content/public/browser/notification_observer.h"
20 #include "content/public/browser/notification_registrar.h"
21 #include "google_apis/gaia/google_service_auth_error.h"
24 class WildcardLoginChecker;
29 // This class encapsulates sign in operations.
30 // Sign in is performed in a way that offline auth is executed first.
31 // Once offline auth is OK - user homedir is mounted, UI is launched.
32 // At this point LoginPerformer |delegate_| is destroyed and it releases
33 // LP instance ownership. LP waits for online login result.
34 // If auth is succeeded, cookie fetcher is executed, LP instance deletes itself.
36 // If |delegate_| is not NULL it will handle error messages, password input.
37 class LoginPerformer : public AuthStatusConsumer,
38 public OnlineAttemptHost::Delegate {
40 typedef enum AuthorizationMode {
41 // Authorization performed internally by Chrome.
43 // Authorization performed by an extension.
47 // Delegate class to get notifications from the LoginPerformer.
48 class Delegate : public AuthStatusConsumer {
50 virtual ~Delegate() {}
51 virtual void WhiteListCheckFailed(const std::string& email) = 0;
52 virtual void PolicyLoadFailed() = 0;
53 virtual void OnOnlineChecked(const std::string& email, bool success) = 0;
56 explicit LoginPerformer(Delegate* delegate);
57 virtual ~LoginPerformer();
59 // AuthStatusConsumer implementation:
60 virtual void OnAuthFailure(const AuthFailure& error) OVERRIDE;
61 virtual void OnRetailModeAuthSuccess(
62 const UserContext& user_context) OVERRIDE;
63 virtual void OnAuthSuccess(const UserContext& user_context) OVERRIDE;
64 virtual void OnOffTheRecordAuthSuccess() OVERRIDE;
65 virtual void OnPasswordChangeDetected() OVERRIDE;
67 // Performs a login for |user_context|.
68 // If auth_mode is AUTH_MODE_EXTENSION, there are no further auth checks,
69 // AUTH_MODE_INTERNAL will perform auth checks.
70 void PerformLogin(const UserContext& user_context,
71 AuthorizationMode auth_mode);
73 // Performs supervised user login with a given |user_context|.
74 void LoginAsSupervisedUser(const UserContext& user_context);
76 // Performs retail mode login.
77 void LoginRetailMode();
79 // Performs actions to prepare guest mode login.
80 void LoginOffTheRecord();
82 // Performs public session login with a given |user_context|.
83 void LoginAsPublicSession(const UserContext& user_context);
85 // Performs a login into the kiosk mode account with |app_user_id|.
86 void LoginAsKioskAccount(const std::string& app_user_id,
87 bool use_guest_mount);
89 // Migrates cryptohome using |old_password| specified.
90 void RecoverEncryptedData(const std::string& old_password);
92 // Reinitializes cryptohome with the new password.
93 void ResyncEncryptedData();
95 // Returns latest auth error.
96 const GoogleServiceAuthError& error() const {
97 return last_login_failure_.error();
100 // True if password change has been detected.
101 bool password_changed() { return password_changed_; }
103 // Number of times we've been called with OnPasswordChangeDetected().
104 // If user enters incorrect old password, same LoginPerformer instance will
105 // be called so callback count makes it possible to distinguish initial
106 // "password changed detected" event from further attempts to enter old
107 // password for cryptohome migration (when > 1).
108 int password_changed_callback_count() {
109 return password_changed_callback_count_;
112 void set_delegate(Delegate* delegate) { delegate_ = delegate; }
114 AuthorizationMode auth_mode() const { return auth_mode_; }
117 // Implements OnlineAttemptHost::Delegate.
118 virtual void OnChecked(const std::string& username, bool success) OVERRIDE;
121 // Starts login completion of externally authenticated user.
122 void StartLoginCompletion();
124 // Starts authentication.
125 void StartAuthentication();
127 // Completion callback for the online wildcard login check for enterprise
128 // devices. Continues the login process or signals whitelist check failure
129 // depending on the value of |result|.
130 void OnlineWildcardLoginCheckCompleted(
131 policy::WildcardLoginChecker::Result result);
133 // Used for logging in.
134 scoped_refptr<Authenticator> authenticator_;
135 scoped_refptr<ExtendedAuthenticator> extended_authenticator_;
137 // Used to make auxiliary online check.
138 OnlineAttemptHost online_attempt_host_;
140 // Represents last login failure that was encountered when communicating to
141 // sign-in server. AuthFailure.LoginFailureNone() by default.
142 AuthFailure last_login_failure_;
144 // User credentials for the current login attempt.
145 UserContext user_context_;
147 // Notifications receiver.
150 // True if password change has been detected.
151 // Once correct password is entered homedir migration is executed.
152 bool password_changed_;
153 int password_changed_callback_count_;
155 // Authorization mode type.
156 AuthorizationMode auth_mode_;
158 // Used to verify logins that matched wildcard on the login whitelist.
159 scoped_ptr<policy::WildcardLoginChecker> wildcard_login_checker_;
161 base::WeakPtrFactory<LoginPerformer> weak_factory_;
163 DISALLOW_COPY_AND_ASSIGN(LoginPerformer);
166 } // namespace chromeos
168 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_AUTH_LOGIN_PERFORMER_H_