1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/login/users/chrome_user_manager_impl.h"
10 #include "ash/multi_profile_uma.h"
11 #include "base/bind.h"
12 #include "base/bind_helpers.h"
13 #include "base/command_line.h"
14 #include "base/compiler_specific.h"
15 #include "base/format_macros.h"
16 #include "base/logging.h"
17 #include "base/metrics/histogram.h"
18 #include "base/prefs/pref_registry_simple.h"
19 #include "base/prefs/pref_service.h"
20 #include "base/prefs/scoped_user_pref_update.h"
21 #include "base/strings/string_util.h"
22 #include "base/strings/stringprintf.h"
23 #include "base/strings/utf_string_conversions.h"
24 #include "base/thread_task_runner_handle.h"
25 #include "base/values.h"
26 #include "chrome/browser/browser_process.h"
27 #include "chrome/browser/chrome_notification_types.h"
28 #include "chrome/browser/chromeos/login/demo_mode/demo_app_launcher.h"
29 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
30 #include "chrome/browser/chromeos/login/signin/auth_sync_observer.h"
31 #include "chrome/browser/chromeos/login/signin/auth_sync_observer_factory.h"
32 #include "chrome/browser/chromeos/login/users/avatar/user_image_manager_impl.h"
33 #include "chrome/browser/chromeos/login/users/multi_profile_user_controller.h"
34 #include "chrome/browser/chromeos/login/users/supervised_user_manager_impl.h"
35 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
36 #include "chrome/browser/chromeos/policy/device_local_account.h"
37 #include "chrome/browser/chromeos/profiles/multiprofiles_session_aborted_dialog.h"
38 #include "chrome/browser/chromeos/profiles/profile_helper.h"
39 #include "chrome/browser/chromeos/session_length_limiter.h"
40 #include "chrome/browser/profiles/profile.h"
41 #include "chrome/browser/supervised_user/chromeos/manager_password_service_factory.h"
42 #include "chrome/browser/supervised_user/chromeos/supervised_user_password_service_factory.h"
43 #include "chrome/common/chrome_constants.h"
44 #include "chrome/common/chrome_switches.h"
45 #include "chrome/common/crash_keys.h"
46 #include "chrome/common/pref_names.h"
47 #include "chrome/grit/theme_resources.h"
48 #include "chromeos/chromeos_switches.h"
49 #include "chromeos/login/user_names.h"
50 #include "chromeos/settings/cros_settings_names.h"
51 #include "components/session_manager/core/session_manager.h"
52 #include "components/user_manager/remove_user_delegate.h"
53 #include "components/user_manager/user_image/user_image.h"
54 #include "components/user_manager/user_type.h"
55 #include "content/public/browser/browser_thread.h"
56 #include "content/public/browser/notification_service.h"
57 #include "policy/policy_constants.h"
58 #include "ui/base/resource/resource_bundle.h"
59 #include "ui/wm/core/wm_core_switches.h"
61 using content::BrowserThread;
66 // A vector pref of the the regular users known on this device, arranged in LRU
68 const char kRegularUsers[] = "LoggedInUsers";
70 // A vector pref of the public accounts defined on this device.
71 const char kPublicAccounts[] = "PublicAccounts";
73 // A string pref that gets set when a public account is removed but a user is
74 // currently logged into that account, requiring the account's data to be
75 // removed after logout.
76 const char kPublicAccountPendingDataRemoval[] =
77 "PublicAccountPendingDataRemoval";
82 void ChromeUserManagerImpl::RegisterPrefs(PrefRegistrySimple* registry) {
83 ChromeUserManager::RegisterPrefs(registry);
85 registry->RegisterListPref(kPublicAccounts);
86 registry->RegisterStringPref(kPublicAccountPendingDataRemoval, std::string());
87 SupervisedUserManager::RegisterPrefs(registry);
88 SessionLengthLimiter::RegisterPrefs(registry);
92 scoped_ptr<ChromeUserManager> ChromeUserManagerImpl::CreateChromeUserManager() {
93 return scoped_ptr<ChromeUserManager>(new ChromeUserManagerImpl());
96 ChromeUserManagerImpl::ChromeUserManagerImpl()
97 : ChromeUserManager(base::ThreadTaskRunnerHandle::Get(),
98 BrowserThread::GetBlockingPool()),
99 cros_settings_(CrosSettings::Get()),
100 device_local_account_policy_service_(NULL),
101 supervised_user_manager_(new SupervisedUserManagerImpl(this)),
102 weak_factory_(this) {
103 UpdateNumberOfUsers();
105 // UserManager instance should be used only on UI thread.
106 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
108 chrome::NOTIFICATION_OWNERSHIP_STATUS_CHANGED,
109 content::NotificationService::AllSources());
111 chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED,
112 content::NotificationService::AllSources());
114 chrome::NOTIFICATION_PROFILE_CREATED,
115 content::NotificationService::AllSources());
117 // Since we're in ctor postpone any actions till this is fully created.
118 if (base::MessageLoop::current()) {
119 base::MessageLoop::current()->PostTask(
121 base::Bind(&ChromeUserManagerImpl::RetrieveTrustedDevicePolicies,
122 weak_factory_.GetWeakPtr()));
125 local_accounts_subscription_ = cros_settings_->AddSettingsObserver(
126 kAccountsPrefDeviceLocalAccounts,
127 base::Bind(&ChromeUserManagerImpl::RetrieveTrustedDevicePolicies,
128 weak_factory_.GetWeakPtr()));
129 multi_profile_user_controller_.reset(
130 new MultiProfileUserController(this, GetLocalState()));
132 policy::BrowserPolicyConnectorChromeOS* connector =
133 g_browser_process->platform_part()->browser_policy_connector_chromeos();
134 avatar_policy_observer_.reset(new policy::CloudExternalDataPolicyObserver(
136 connector->GetDeviceLocalAccountPolicyService(),
137 policy::key::kUserAvatarImage,
139 avatar_policy_observer_->Init();
141 wallpaper_policy_observer_.reset(new policy::CloudExternalDataPolicyObserver(
143 connector->GetDeviceLocalAccountPolicyService(),
144 policy::key::kWallpaperImage,
146 wallpaper_policy_observer_->Init();
149 ChromeUserManagerImpl::~ChromeUserManagerImpl() {
152 void ChromeUserManagerImpl::Shutdown() {
153 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
154 ChromeUserManager::Shutdown();
156 local_accounts_subscription_.reset();
158 // Stop the session length limiter.
159 session_length_limiter_.reset();
161 if (device_local_account_policy_service_)
162 device_local_account_policy_service_->RemoveObserver(this);
164 for (UserImageManagerMap::iterator it = user_image_managers_.begin(),
165 ie = user_image_managers_.end();
168 it->second->Shutdown();
170 multi_profile_user_controller_.reset();
171 avatar_policy_observer_.reset();
172 wallpaper_policy_observer_.reset();
173 registrar_.RemoveAll();
176 MultiProfileUserController*
177 ChromeUserManagerImpl::GetMultiProfileUserController() {
178 return multi_profile_user_controller_.get();
181 UserImageManager* ChromeUserManagerImpl::GetUserImageManager(
182 const std::string& user_id) {
183 UserImageManagerMap::iterator ui = user_image_managers_.find(user_id);
184 if (ui != user_image_managers_.end())
185 return ui->second.get();
186 linked_ptr<UserImageManagerImpl> mgr(new UserImageManagerImpl(user_id, this));
187 user_image_managers_[user_id] = mgr;
191 SupervisedUserManager* ChromeUserManagerImpl::GetSupervisedUserManager() {
192 return supervised_user_manager_.get();
195 user_manager::UserList ChromeUserManagerImpl::GetUsersAdmittedForMultiProfile()
197 // Supervised users are not allowed to use multi-profiles.
198 if (GetLoggedInUsers().size() == 1 &&
199 GetPrimaryUser()->GetType() != user_manager::USER_TYPE_REGULAR) {
200 return user_manager::UserList();
203 user_manager::UserList result;
204 const user_manager::UserList& users = GetUsers();
205 for (user_manager::UserList::const_iterator it = users.begin();
208 if ((*it)->GetType() == user_manager::USER_TYPE_REGULAR &&
209 !(*it)->is_logged_in()) {
210 MultiProfileUserController::UserAllowedInSessionReason check;
211 multi_profile_user_controller_->IsUserAllowedInSession((*it)->email(),
214 MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS) {
215 return user_manager::UserList();
218 // Users with a policy that prevents them being added to a session will be
219 // shown in login UI but will be grayed out.
220 // Same applies to owner account (see http://crbug.com/385034).
221 if (check == MultiProfileUserController::ALLOWED ||
222 check == MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS ||
223 check == MultiProfileUserController::NOT_ALLOWED_OWNER_AS_SECONDARY ||
225 MultiProfileUserController::NOT_ALLOWED_POLICY_CERT_TAINTED) {
226 result.push_back(*it);
234 user_manager::UserList ChromeUserManagerImpl::GetUnlockUsers() const {
235 const user_manager::UserList& logged_in_users = GetLoggedInUsers();
236 if (logged_in_users.empty())
237 return user_manager::UserList();
239 user_manager::UserList unlock_users;
241 ProfileHelper::Get()->GetProfileByUserUnsafe(GetPrimaryUser());
242 std::string primary_behavior =
243 profile->GetPrefs()->GetString(prefs::kMultiProfileUserBehavior);
245 // Specific case: only one logged in user or
246 // primary user has primary-only multi-profile policy.
247 if (logged_in_users.size() == 1 ||
248 primary_behavior == MultiProfileUserController::kBehaviorPrimaryOnly) {
249 if (GetPrimaryUser()->can_lock())
250 unlock_users.push_back(primary_user_);
252 // Fill list of potential unlock users based on multi-profile policy state.
253 for (user_manager::UserList::const_iterator it = logged_in_users.begin();
254 it != logged_in_users.end();
256 user_manager::User* user = (*it);
257 Profile* profile = ProfileHelper::Get()->GetProfileByUserUnsafe(user);
258 const std::string behavior =
259 profile->GetPrefs()->GetString(prefs::kMultiProfileUserBehavior);
260 if (behavior == MultiProfileUserController::kBehaviorUnrestricted &&
262 unlock_users.push_back(user);
263 } else if (behavior == MultiProfileUserController::kBehaviorPrimaryOnly) {
265 << "Spotted primary-only multi-profile policy for non-primary user";
273 void ChromeUserManagerImpl::SessionStarted() {
274 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
275 ChromeUserManager::SessionStarted();
277 content::NotificationService::current()->Notify(
278 chrome::NOTIFICATION_SESSION_STARTED,
279 content::Source<UserManager>(this),
280 content::Details<const user_manager::User>(GetActiveUser()));
283 void ChromeUserManagerImpl::RemoveUserInternal(
284 const std::string& user_email,
285 user_manager::RemoveUserDelegate* delegate) {
286 CrosSettings* cros_settings = CrosSettings::Get();
288 const base::Closure& callback =
289 base::Bind(&ChromeUserManagerImpl::RemoveUserInternal,
290 weak_factory_.GetWeakPtr(),
294 // Ensure the value of owner email has been fetched.
295 if (CrosSettingsProvider::TRUSTED !=
296 cros_settings->PrepareTrustedValues(callback)) {
297 // Value of owner email is not fetched yet. RemoveUserInternal will be
298 // called again after fetch completion.
302 cros_settings->GetString(kDeviceOwner, &owner);
303 if (user_email == owner) {
304 // Owner is not allowed to be removed from the device.
307 RemoveNonOwnerUserInternal(user_email, delegate);
310 void ChromeUserManagerImpl::SaveUserOAuthStatus(
311 const std::string& user_id,
312 user_manager::User::OAuthTokenStatus oauth_token_status) {
313 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
314 ChromeUserManager::SaveUserOAuthStatus(user_id, oauth_token_status);
316 GetUserFlow(user_id)->HandleOAuthTokenStatusChange(oauth_token_status);
319 void ChromeUserManagerImpl::SaveUserDisplayName(
320 const std::string& user_id,
321 const base::string16& display_name) {
322 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
323 ChromeUserManager::SaveUserDisplayName(user_id, display_name);
325 // Do not update local state if data stored or cached outside the user's
326 // cryptohome is to be treated as ephemeral.
327 if (!IsUserNonCryptohomeDataEphemeral(user_id))
328 supervised_user_manager_->UpdateManagerName(user_id, display_name);
331 void ChromeUserManagerImpl::StopPolicyObserverForTesting() {
332 avatar_policy_observer_.reset();
333 wallpaper_policy_observer_.reset();
336 void ChromeUserManagerImpl::Observe(
338 const content::NotificationSource& source,
339 const content::NotificationDetails& details) {
341 case chrome::NOTIFICATION_OWNERSHIP_STATUS_CHANGED:
342 if (!device_local_account_policy_service_) {
343 policy::BrowserPolicyConnectorChromeOS* connector =
344 g_browser_process->platform_part()
345 ->browser_policy_connector_chromeos();
346 device_local_account_policy_service_ =
347 connector->GetDeviceLocalAccountPolicyService();
348 if (device_local_account_policy_service_)
349 device_local_account_policy_service_->AddObserver(this);
351 RetrieveTrustedDevicePolicies();
354 case chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED: {
355 Profile* profile = content::Details<Profile>(details).ptr();
356 if (IsUserLoggedIn() && !IsLoggedInAsGuest() && !IsLoggedInAsKioskApp()) {
357 if (IsLoggedInAsSupervisedUser())
358 SupervisedUserPasswordServiceFactory::GetForProfile(profile);
359 if (IsLoggedInAsRegularUser())
360 ManagerPasswordServiceFactory::GetForProfile(profile);
362 if (!profile->IsOffTheRecord()) {
363 AuthSyncObserver* sync_observer =
364 AuthSyncObserverFactory::GetInstance()->GetForProfile(profile);
365 sync_observer->StartObserving();
366 multi_profile_user_controller_->StartObserving(profile);
371 case chrome::NOTIFICATION_PROFILE_CREATED: {
372 Profile* profile = content::Source<Profile>(source).ptr();
373 user_manager::User* user =
374 ProfileHelper::Get()->GetUserByProfile(profile);
376 user->set_profile_is_created();
378 // If there is pending user switch, do it now.
379 if (!GetPendingUserSwitchID().empty()) {
380 // Call SwitchActiveUser async because otherwise it may cause
381 // ProfileManager::GetProfile before the profile gets registered
382 // in ProfileManager. It happens in case of sync profile load when
383 // NOTIFICATION_PROFILE_CREATED is called synchronously.
384 base::MessageLoop::current()->PostTask(
386 base::Bind(&ChromeUserManagerImpl::SwitchActiveUser,
387 weak_factory_.GetWeakPtr(),
388 GetPendingUserSwitchID()));
389 SetPendingUserSwitchID(std::string());
398 void ChromeUserManagerImpl::OnExternalDataSet(const std::string& policy,
399 const std::string& user_id) {
400 if (policy == policy::key::kUserAvatarImage)
401 GetUserImageManager(user_id)->OnExternalDataSet(policy);
402 else if (policy == policy::key::kWallpaperImage)
403 WallpaperManager::Get()->OnPolicySet(policy, user_id);
408 void ChromeUserManagerImpl::OnExternalDataCleared(const std::string& policy,
409 const std::string& user_id) {
410 if (policy == policy::key::kUserAvatarImage)
411 GetUserImageManager(user_id)->OnExternalDataCleared(policy);
412 else if (policy == policy::key::kWallpaperImage)
413 WallpaperManager::Get()->OnPolicyCleared(policy, user_id);
418 void ChromeUserManagerImpl::OnExternalDataFetched(
419 const std::string& policy,
420 const std::string& user_id,
421 scoped_ptr<std::string> data) {
422 if (policy == policy::key::kUserAvatarImage)
423 GetUserImageManager(user_id)->OnExternalDataFetched(policy, data.Pass());
424 else if (policy == policy::key::kWallpaperImage)
425 WallpaperManager::Get()->OnPolicyFetched(policy, user_id, data.Pass());
430 void ChromeUserManagerImpl::OnPolicyUpdated(const std::string& user_id) {
431 const user_manager::User* user = FindUser(user_id);
432 if (!user || user->GetType() != user_manager::USER_TYPE_PUBLIC_ACCOUNT)
434 UpdatePublicAccountDisplayName(user_id);
437 void ChromeUserManagerImpl::OnDeviceLocalAccountsChanged() {
438 // No action needed here, changes to the list of device-local accounts get
439 // handled via the kAccountsPrefDeviceLocalAccounts device setting observer.
442 bool ChromeUserManagerImpl::CanCurrentUserLock() const {
443 return ChromeUserManager::CanCurrentUserLock() &&
444 GetCurrentUserFlow()->CanLockScreen();
447 bool ChromeUserManagerImpl::IsUserNonCryptohomeDataEphemeral(
448 const std::string& user_id) const {
449 // Data belonging to the obsolete public accounts whose data has not been
450 // removed yet is not ephemeral.
451 bool is_obsolete_public_account = IsPublicAccountMarkedForRemoval(user_id);
453 return !is_obsolete_public_account &&
454 ChromeUserManager::IsUserNonCryptohomeDataEphemeral(user_id);
457 bool ChromeUserManagerImpl::AreEphemeralUsersEnabled() const {
458 policy::BrowserPolicyConnectorChromeOS* connector =
459 g_browser_process->platform_part()->browser_policy_connector_chromeos();
460 return GetEphemeralUsersEnabled() &&
461 (connector->IsEnterpriseManaged() || !GetOwnerEmail().empty());
464 const std::string& ChromeUserManagerImpl::GetApplicationLocale() const {
465 return g_browser_process->GetApplicationLocale();
468 PrefService* ChromeUserManagerImpl::GetLocalState() const {
469 return g_browser_process ? g_browser_process->local_state() : NULL;
472 void ChromeUserManagerImpl::HandleUserOAuthTokenStatusChange(
473 const std::string& user_id,
474 user_manager::User::OAuthTokenStatus status) const {
475 GetUserFlow(user_id)->HandleOAuthTokenStatusChange(status);
478 bool ChromeUserManagerImpl::IsEnterpriseManaged() const {
479 policy::BrowserPolicyConnectorChromeOS* connector =
480 g_browser_process->platform_part()->browser_policy_connector_chromeos();
481 return connector->IsEnterpriseManaged();
484 void ChromeUserManagerImpl::LoadPublicAccounts(
485 std::set<std::string>* public_sessions_set) {
486 const base::ListValue* prefs_public_sessions =
487 GetLocalState()->GetList(kPublicAccounts);
488 std::vector<std::string> public_sessions;
489 ParseUserList(*prefs_public_sessions,
490 std::set<std::string>(),
492 public_sessions_set);
493 for (std::vector<std::string>::const_iterator it = public_sessions.begin();
494 it != public_sessions.end();
496 users_.push_back(user_manager::User::CreatePublicAccountUser(*it));
497 UpdatePublicAccountDisplayName(*it);
501 void ChromeUserManagerImpl::PerformPreUserListLoadingActions() {
502 // Clean up user list first. All code down the path should be synchronous,
503 // so that local state after transaction rollback is in consistent state.
504 // This process also should not trigger EnsureUsersLoaded again.
505 if (supervised_user_manager_->HasFailedUserCreationTransaction())
506 supervised_user_manager_->RollbackUserCreationTransaction();
509 void ChromeUserManagerImpl::PerformPostUserListLoadingActions() {
510 for (user_manager::UserList::iterator ui = users_.begin(), ue = users_.end();
513 GetUserImageManager((*ui)->email())->LoadUserImage();
517 void ChromeUserManagerImpl::PerformPostUserLoggedInActions(
518 bool browser_restart) {
519 // Initialize the session length limiter and start it only if
520 // session limit is defined by the policy.
521 session_length_limiter_.reset(
522 new SessionLengthLimiter(NULL, browser_restart));
525 bool ChromeUserManagerImpl::IsDemoApp(const std::string& user_id) const {
526 return DemoAppLauncher::IsDemoAppSession(user_id);
529 bool ChromeUserManagerImpl::IsKioskApp(const std::string& user_id) const {
530 policy::DeviceLocalAccount::Type device_local_account_type;
531 return policy::IsDeviceLocalAccountUser(user_id,
532 &device_local_account_type) &&
533 device_local_account_type ==
534 policy::DeviceLocalAccount::TYPE_KIOSK_APP;
537 bool ChromeUserManagerImpl::IsPublicAccountMarkedForRemoval(
538 const std::string& user_id) const {
540 GetLocalState()->GetString(kPublicAccountPendingDataRemoval);
543 void ChromeUserManagerImpl::RetrieveTrustedDevicePolicies() {
544 // Local state may not be initialized in unit_tests.
545 if (!GetLocalState())
548 SetEphemeralUsersEnabled(false);
549 SetOwnerEmail(std::string());
551 // Schedule a callback if device policy has not yet been verified.
552 if (CrosSettingsProvider::TRUSTED !=
553 cros_settings_->PrepareTrustedValues(
554 base::Bind(&ChromeUserManagerImpl::RetrieveTrustedDevicePolicies,
555 weak_factory_.GetWeakPtr()))) {
559 bool ephemeral_users_enabled = false;
560 cros_settings_->GetBoolean(kAccountsPrefEphemeralUsersEnabled,
561 &ephemeral_users_enabled);
562 SetEphemeralUsersEnabled(ephemeral_users_enabled);
564 std::string owner_email;
565 cros_settings_->GetString(kDeviceOwner, &owner_email);
566 SetOwnerEmail(owner_email);
570 bool changed = UpdateAndCleanUpPublicAccounts(
571 policy::GetDeviceLocalAccounts(cros_settings_));
573 // If ephemeral users are enabled and we are on the login screen, take this
574 // opportunity to clean up by removing all regular users except the owner.
575 if (GetEphemeralUsersEnabled() && !IsUserLoggedIn()) {
576 ListPrefUpdate prefs_users_update(GetLocalState(), kRegularUsers);
577 prefs_users_update->Clear();
578 for (user_manager::UserList::iterator it = users_.begin();
579 it != users_.end();) {
580 const std::string user_email = (*it)->email();
581 if ((*it)->GetType() == user_manager::USER_TYPE_REGULAR &&
582 user_email != GetOwnerEmail()) {
583 RemoveNonCryptohomeData(user_email);
585 it = users_.erase(it);
588 if ((*it)->GetType() != user_manager::USER_TYPE_PUBLIC_ACCOUNT)
589 prefs_users_update->Append(new base::StringValue(user_email));
596 NotifyUserListChanged();
599 void ChromeUserManagerImpl::GuestUserLoggedIn() {
600 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
601 ChromeUserManager::GuestUserLoggedIn();
603 // TODO(nkostylev): Add support for passing guest session cryptohome
604 // mount point. Legacy (--login-profile) value will be used for now.
605 // http://crosbug.com/230859
606 active_user_->SetStubImage(
607 user_manager::UserImage(
608 *ResourceBundle::GetSharedInstance().GetImageSkiaNamed(
609 IDR_PROFILE_PICTURE_LOADING)),
610 user_manager::User::USER_IMAGE_INVALID,
613 // Initializes wallpaper after active_user_ is set.
614 WallpaperManager::Get()->SetUserWallpaperNow(chromeos::login::kGuestUserName);
617 void ChromeUserManagerImpl::RegularUserLoggedIn(const std::string& user_id) {
618 ChromeUserManager::RegularUserLoggedIn(user_id);
620 if (IsCurrentUserNew())
621 WallpaperManager::Get()->SetUserWallpaperNow(user_id);
623 GetUserImageManager(user_id)->UserLoggedIn(IsCurrentUserNew(), false);
625 WallpaperManager::Get()->EnsureLoggedInUserWallpaperLoaded();
627 // Make sure that new data is persisted to Local State.
628 GetLocalState()->CommitPendingWrite();
631 void ChromeUserManagerImpl::RegularUserLoggedInAsEphemeral(
632 const std::string& user_id) {
633 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
634 ChromeUserManager::RegularUserLoggedInAsEphemeral(user_id);
636 GetUserImageManager(user_id)->UserLoggedIn(IsCurrentUserNew(), false);
637 WallpaperManager::Get()->SetUserWallpaperNow(user_id);
640 void ChromeUserManagerImpl::SupervisedUserLoggedIn(const std::string& user_id) {
641 // TODO(nkostylev): Refactor, share code with RegularUserLoggedIn().
643 // Remove the user from the user list.
644 active_user_ = RemoveRegularOrSupervisedUserFromList(user_id);
646 // If the user was not found on the user list, create a new user.
647 if (!GetActiveUser()) {
648 SetIsCurrentUserNew(true);
649 active_user_ = user_manager::User::CreateSupervisedUser(user_id);
650 // Leaving OAuth token status at the default state = unknown.
651 WallpaperManager::Get()->SetUserWallpaperNow(user_id);
653 if (supervised_user_manager_->CheckForFirstRun(user_id)) {
654 SetIsCurrentUserNew(true);
655 WallpaperManager::Get()->SetUserWallpaperNow(user_id);
657 SetIsCurrentUserNew(false);
661 // Add the user to the front of the user list.
662 ListPrefUpdate prefs_users_update(GetLocalState(), kRegularUsers);
663 prefs_users_update->Insert(0, new base::StringValue(user_id));
664 users_.insert(users_.begin(), active_user_);
666 // Now that user is in the list, save display name.
667 if (IsCurrentUserNew()) {
668 SaveUserDisplayName(GetActiveUser()->email(),
669 GetActiveUser()->GetDisplayName());
672 GetUserImageManager(user_id)->UserLoggedIn(IsCurrentUserNew(), true);
673 WallpaperManager::Get()->EnsureLoggedInUserWallpaperLoaded();
675 // Make sure that new data is persisted to Local State.
676 GetLocalState()->CommitPendingWrite();
679 void ChromeUserManagerImpl::PublicAccountUserLoggedIn(
680 user_manager::User* user) {
681 SetIsCurrentUserNew(true);
684 // The UserImageManager chooses a random avatar picture when a user logs in
685 // for the first time. Tell the UserImageManager that this user is not new to
686 // prevent the avatar from getting changed.
687 GetUserImageManager(user->email())->UserLoggedIn(false, true);
688 WallpaperManager::Get()->EnsureLoggedInUserWallpaperLoaded();
691 void ChromeUserManagerImpl::KioskAppLoggedIn(const std::string& app_id) {
692 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
693 policy::DeviceLocalAccount::Type device_local_account_type;
694 DCHECK(policy::IsDeviceLocalAccountUser(app_id, &device_local_account_type));
695 DCHECK_EQ(policy::DeviceLocalAccount::TYPE_KIOSK_APP,
696 device_local_account_type);
698 active_user_ = user_manager::User::CreateKioskAppUser(app_id);
699 active_user_->SetStubImage(
700 user_manager::UserImage(
701 *ResourceBundle::GetSharedInstance().GetImageSkiaNamed(
702 IDR_PROFILE_PICTURE_LOADING)),
703 user_manager::User::USER_IMAGE_INVALID,
706 WallpaperManager::Get()->SetUserWallpaperNow(app_id);
708 // TODO(bartfab): Add KioskAppUsers to the users_ list and keep metadata like
709 // the kiosk_app_id in these objects, removing the need to re-parse the
710 // device-local account list here to extract the kiosk_app_id.
711 const std::vector<policy::DeviceLocalAccount> device_local_accounts =
712 policy::GetDeviceLocalAccounts(cros_settings_);
713 const policy::DeviceLocalAccount* account = NULL;
714 for (std::vector<policy::DeviceLocalAccount>::const_iterator it =
715 device_local_accounts.begin();
716 it != device_local_accounts.end();
718 if (it->user_id == app_id) {
723 std::string kiosk_app_id;
725 kiosk_app_id = account->kiosk_app_id;
727 LOG(ERROR) << "Logged into nonexistent kiosk-app account: " << app_id;
731 CommandLine* command_line = CommandLine::ForCurrentProcess();
732 command_line->AppendSwitch(::switches::kForceAppMode);
733 command_line->AppendSwitchASCII(::switches::kAppId, kiosk_app_id);
735 // Disable window animation since kiosk app runs in a single full screen
736 // window and window animation causes start-up janks.
737 command_line->AppendSwitch(wm::switches::kWindowAnimationsDisabled);
740 void ChromeUserManagerImpl::DemoAccountLoggedIn() {
741 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
743 user_manager::User::CreateKioskAppUser(DemoAppLauncher::kDemoUserName);
744 active_user_->SetStubImage(
745 user_manager::UserImage(
746 *ResourceBundle::GetSharedInstance().GetImageSkiaNamed(
747 IDR_PROFILE_PICTURE_LOADING)),
748 user_manager::User::USER_IMAGE_INVALID,
750 WallpaperManager::Get()->SetUserWallpaperNow(DemoAppLauncher::kDemoUserName);
752 CommandLine* command_line = CommandLine::ForCurrentProcess();
753 command_line->AppendSwitch(::switches::kForceAppMode);
754 command_line->AppendSwitchASCII(::switches::kAppId,
755 DemoAppLauncher::kDemoAppId);
757 // Disable window animation since the demo app runs in a single full screen
758 // window and window animation causes start-up janks.
759 CommandLine::ForCurrentProcess()->AppendSwitch(
760 wm::switches::kWindowAnimationsDisabled);
763 void ChromeUserManagerImpl::RetailModeUserLoggedIn() {
764 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
765 SetIsCurrentUserNew(true);
766 active_user_ = user_manager::User::CreateRetailModeUser();
767 GetUserImageManager(chromeos::login::kRetailModeUserName)
768 ->UserLoggedIn(IsCurrentUserNew(), true);
769 WallpaperManager::Get()->SetUserWallpaperNow(
770 chromeos::login::kRetailModeUserName);
773 void ChromeUserManagerImpl::NotifyOnLogin() {
774 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
776 UserSessionManager::OverrideHomedir();
777 UpdateNumberOfUsers();
779 ChromeUserManager::NotifyOnLogin();
781 // TODO(nkostylev): Deprecate this notification in favor of
782 // ActiveUserChanged() observer call.
783 content::NotificationService::current()->Notify(
784 chrome::NOTIFICATION_LOGIN_USER_CHANGED,
785 content::Source<UserManager>(this),
786 content::Details<const user_manager::User>(GetActiveUser()));
788 UserSessionManager::GetInstance()->PerformPostUserLoggedInActions();
791 void ChromeUserManagerImpl::UpdateOwnership() {
792 bool is_owner = DeviceSettingsService::Get()->HasPrivateOwnerKey();
793 VLOG(1) << "Current user " << (is_owner ? "is owner" : "is not owner");
795 SetCurrentUserIsOwner(is_owner);
798 void ChromeUserManagerImpl::RemoveNonCryptohomeData(
799 const std::string& user_id) {
800 ChromeUserManager::RemoveNonCryptohomeData(user_id);
802 WallpaperManager::Get()->RemoveUserWallpaperInfo(user_id);
803 GetUserImageManager(user_id)->DeleteUserImage();
805 supervised_user_manager_->RemoveNonCryptohomeData(user_id);
807 multi_profile_user_controller_->RemoveCachedValues(user_id);
811 ChromeUserManagerImpl::CleanUpPublicAccountNonCryptohomeDataPendingRemoval() {
812 PrefService* local_state = GetLocalState();
813 const std::string public_account_pending_data_removal =
814 local_state->GetString(kPublicAccountPendingDataRemoval);
815 if (public_account_pending_data_removal.empty() ||
817 public_account_pending_data_removal == GetActiveUser()->email())) {
821 RemoveNonCryptohomeData(public_account_pending_data_removal);
822 local_state->ClearPref(kPublicAccountPendingDataRemoval);
825 void ChromeUserManagerImpl::CleanUpPublicAccountNonCryptohomeData(
826 const std::vector<std::string>& old_public_accounts) {
827 std::set<std::string> users;
828 for (user_manager::UserList::const_iterator it = users_.begin();
831 users.insert((*it)->email());
833 // If the user is logged into a public account that has been removed from the
834 // user list, mark the account's data as pending removal after logout.
835 if (IsLoggedInAsPublicAccount()) {
836 const std::string active_user_id = GetActiveUser()->email();
837 if (users.find(active_user_id) == users.end()) {
838 GetLocalState()->SetString(kPublicAccountPendingDataRemoval,
840 users.insert(active_user_id);
844 // Remove the data belonging to any other public accounts that are no longer
845 // found on the user list.
846 for (std::vector<std::string>::const_iterator it =
847 old_public_accounts.begin();
848 it != old_public_accounts.end();
850 if (users.find(*it) == users.end())
851 RemoveNonCryptohomeData(*it);
855 bool ChromeUserManagerImpl::UpdateAndCleanUpPublicAccounts(
856 const std::vector<policy::DeviceLocalAccount>& device_local_accounts) {
857 // Try to remove any public account data marked as pending removal.
858 CleanUpPublicAccountNonCryptohomeDataPendingRemoval();
860 // Get the current list of public accounts.
861 std::vector<std::string> old_public_accounts;
862 for (user_manager::UserList::const_iterator it = users_.begin();
865 if ((*it)->GetType() == user_manager::USER_TYPE_PUBLIC_ACCOUNT)
866 old_public_accounts.push_back((*it)->email());
869 // Get the new list of public accounts from policy.
870 std::vector<std::string> new_public_accounts;
871 for (std::vector<policy::DeviceLocalAccount>::const_iterator it =
872 device_local_accounts.begin();
873 it != device_local_accounts.end();
875 // TODO(mnissler, nkostylev, bartfab): Process Kiosk Apps within the
876 // standard login framework: http://crbug.com/234694
877 if (it->type == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION)
878 new_public_accounts.push_back(it->user_id);
881 // If the list of public accounts has not changed, return.
882 if (new_public_accounts.size() == old_public_accounts.size()) {
883 bool changed = false;
884 for (size_t i = 0; i < new_public_accounts.size(); ++i) {
885 if (new_public_accounts[i] != old_public_accounts[i]) {
894 // Persist the new list of public accounts in a pref.
895 ListPrefUpdate prefs_public_accounts_update(GetLocalState(), kPublicAccounts);
896 prefs_public_accounts_update->Clear();
897 for (std::vector<std::string>::const_iterator it =
898 new_public_accounts.begin();
899 it != new_public_accounts.end();
901 prefs_public_accounts_update->AppendString(*it);
904 // Remove the old public accounts from the user list.
905 for (user_manager::UserList::iterator it = users_.begin();
906 it != users_.end();) {
907 if ((*it)->GetType() == user_manager::USER_TYPE_PUBLIC_ACCOUNT) {
908 if (*it != GetLoggedInUser())
910 it = users_.erase(it);
916 // Add the new public accounts to the front of the user list.
917 for (std::vector<std::string>::const_reverse_iterator it =
918 new_public_accounts.rbegin();
919 it != new_public_accounts.rend();
921 if (IsLoggedInAsPublicAccount() && *it == GetActiveUser()->email())
922 users_.insert(users_.begin(), GetLoggedInUser());
924 users_.insert(users_.begin(),
925 user_manager::User::CreatePublicAccountUser(*it));
926 UpdatePublicAccountDisplayName(*it);
929 for (user_manager::UserList::iterator
931 ue = users_.begin() + new_public_accounts.size();
934 GetUserImageManager((*ui)->email())->LoadUserImage();
937 // Remove data belonging to public accounts that are no longer found on the
939 CleanUpPublicAccountNonCryptohomeData(old_public_accounts);
944 void ChromeUserManagerImpl::UpdatePublicAccountDisplayName(
945 const std::string& user_id) {
946 std::string display_name;
948 if (device_local_account_policy_service_) {
949 policy::DeviceLocalAccountPolicyBroker* broker =
950 device_local_account_policy_service_->GetBrokerForUser(user_id);
952 display_name = broker->GetDisplayName();
955 // Set or clear the display name.
956 SaveUserDisplayName(user_id, base::UTF8ToUTF16(display_name));
959 UserFlow* ChromeUserManagerImpl::GetCurrentUserFlow() const {
960 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
961 if (!IsUserLoggedIn())
962 return GetDefaultUserFlow();
963 return GetUserFlow(GetLoggedInUser()->email());
966 UserFlow* ChromeUserManagerImpl::GetUserFlow(const std::string& user_id) const {
967 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
968 FlowMap::const_iterator it = specific_flows_.find(user_id);
969 if (it != specific_flows_.end())
971 return GetDefaultUserFlow();
974 void ChromeUserManagerImpl::SetUserFlow(const std::string& user_id,
976 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
977 ResetUserFlow(user_id);
978 specific_flows_[user_id] = flow;
981 void ChromeUserManagerImpl::ResetUserFlow(const std::string& user_id) {
982 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
983 FlowMap::iterator it = specific_flows_.find(user_id);
984 if (it != specific_flows_.end()) {
986 specific_flows_.erase(it);
990 bool ChromeUserManagerImpl::AreSupervisedUsersAllowed() const {
991 bool supervised_users_allowed = false;
992 cros_settings_->GetBoolean(kAccountsPrefSupervisedUsersEnabled,
993 &supervised_users_allowed);
994 return supervised_users_allowed;
997 UserFlow* ChromeUserManagerImpl::GetDefaultUserFlow() const {
998 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
999 if (!default_flow_.get())
1000 default_flow_.reset(new DefaultUserFlow());
1001 return default_flow_.get();
1004 void ChromeUserManagerImpl::NotifyUserListChanged() {
1005 content::NotificationService::current()->Notify(
1006 chrome::NOTIFICATION_USER_LIST_CHANGED,
1007 content::Source<UserManager>(this),
1008 content::NotificationService::NoDetails());
1011 void ChromeUserManagerImpl::NotifyUserAddedToSession(
1012 const user_manager::User* added_user,
1013 bool user_switch_pending) {
1014 if (user_switch_pending)
1015 SetPendingUserSwitchID(added_user->email());
1017 UpdateNumberOfUsers();
1018 ChromeUserManager::NotifyUserAddedToSession(added_user, user_switch_pending);
1021 void ChromeUserManagerImpl::OnUserNotAllowed(const std::string& user_email) {
1022 LOG(ERROR) << "Shutdown session because a user is not allowed to be in the "
1024 chromeos::ShowMultiprofilesSessionAbortedDialog(user_email);
1027 void ChromeUserManagerImpl::UpdateNumberOfUsers() {
1028 size_t users = GetLoggedInUsers().size();
1030 // Write the user number as UMA stat when a multi user session is possible.
1031 if ((users + GetUsersAdmittedForMultiProfile().size()) > 1)
1032 ash::MultiProfileUMA::RecordUserCount(users);
1035 base::debug::SetCrashKeyValue(
1036 crash_keys::kNumberOfUsers,
1037 base::StringPrintf("%" PRIuS, GetLoggedInUsers().size()));
1040 } // namespace chromeos