1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_
5 #define CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_
7 #include "base/basictypes.h"
8 #include "base/compiler_specific.h"
9 #include "base/memory/weak_ptr.h"
10 #include "base/strings/string16.h"
11 #include "base/values.h"
12 #include "chrome/browser/chromeos/login/managed/supervised_user_login_flow.h"
16 class SupervisedUserManager;
18 // This is a class that encapsulates all details of password handling for
20 // Main property is the schema used to handle password. For now it can be either
21 // plain password schema, when plain text password is passed to standard
22 // cryprohome authentication algorithm without modification, or hashed password
23 // schema, when password is additionally hashed with user-specific salt.
24 // Second schema is required to allow password syncing across devices for
26 class SupervisedUserAuthentication {
30 SCHEMA_SALT_HASHED = 2
33 explicit SupervisedUserAuthentication(SupervisedUserManager* owner);
34 virtual ~SupervisedUserAuthentication();
36 // Transforms password according to schema specified in Local State.
37 std::string TransformPassword(const std::string& supervised_user_id,
38 const std::string& password);
40 // Returns |true| if current password schema for user is different from
42 bool PasswordNeedsMigration(const std::string& user_id);
44 // Schedules password migration for |user_id| with |password| as a plain text
45 // password. Migration should happen during |user_login_flow|.
46 void SchedulePasswordMigration(const std::string& user_id,
47 const std::string& password,
48 SupervisedUserLoginFlow* user_login_flow);
50 // Fills |password_data| with |password|-specific data for |user_id|,
51 // depending on target schema. Does not affect Local State.
52 bool FillDataForNewUser(const std::string& user_id,
53 const std::string& password,
54 base::DictionaryValue* password_data);
56 // Stores |password_data| for |user_id| in Local State. Only public parts
57 // of |password_data| will be stored.
58 void StorePasswordData(const std::string& user_id,
59 const base::DictionaryValue& password_data);
61 bool NeedPasswordChange(const std::string& user_id,
62 const base::DictionaryValue* password_data);
65 void ChangeSupervisedUserPassword(const std::string& manager_id,
66 const std::string& master_key,
67 const std::string& supervised_user_id,
68 const base::DictionaryValue* password_data);
70 // Called by supervised user
71 void ScheduleSupervisedPasswordChange(
72 const std::string& supervised_user_id,
73 const base::DictionaryValue* password_data);
76 SupervisedUserManager* owner_;
78 // Controls if migration is enabled.
79 bool migration_enabled_;
81 // Target schema version. Affects migration process and new user creation.
82 Schema stable_schema_;
84 // Utility method that gets schema version for |user_id| from Local State.
85 Schema GetPasswordSchema(const std::string& user_id);
87 DISALLOW_COPY_AND_ASSIGN(SupervisedUserAuthentication);
90 } // namespace chromeos
92 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_MANAGED_SUPERVISED_USER_AUTHENTICATION_H_