1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // The signin manager encapsulates some functionality tracking
6 // which user is signed in. See SigninManagerBase for full description of
7 // responsibilities. The class defined in this file provides functionality
8 // required by all platforms except Chrome OS.
10 // When a user is signed in, a ClientLogin request is run on their behalf.
11 // Auth tokens are fetched from Google and the results are stored in the
13 // TODO(tim): Bug 92948, 226464. ClientLogin is all but gone from use.
15 #ifndef CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_
16 #define CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_
18 #if defined(OS_CHROMEOS)
19 // On Chrome OS, SigninManagerBase is all that exists.
20 #include "components/signin/core/browser/signin_manager_base.h"
27 #include "base/compiler_specific.h"
28 #include "base/gtest_prod_util.h"
29 #include "base/logging.h"
30 #include "base/memory/scoped_ptr.h"
31 #include "base/observer_list.h"
32 #include "base/prefs/pref_change_registrar.h"
33 #include "base/prefs/pref_member.h"
34 #include "chrome/browser/profiles/profile.h"
35 #include "components/keyed_service/core/keyed_service.h"
36 #include "components/signin/core/browser/signin_internals_util.h"
37 #include "components/signin/core/browser/signin_manager_base.h"
38 #include "google_apis/gaia/google_service_auth_error.h"
39 #include "google_apis/gaia/merge_session_helper.h"
40 #include "net/cookies/canonical_cookie.h"
43 class SigninAccountIdHelper;
46 class SigninManager : public SigninManagerBase {
48 // The callback invoked once the OAuth token has been fetched during signin,
49 // but before the profile transitions to the "signed-in" state. This allows
50 // callers to load policy and prompt the user appropriately before completing
51 // signin. The callback is passed the just-fetched OAuth login refresh token.
52 typedef base::Callback<void(const std::string&)> OAuthTokenFetchedCallback;
54 // Returns true if |url| is a web signin URL and should be hosted in an
55 // isolated, privileged signin process.
56 static bool IsWebBasedSigninFlowURL(const GURL& url);
58 // This is used to distinguish URLs belonging to the special web signin flow
59 // running in the special signin process from other URLs on the same domain.
60 // We do not grant WebUI privilieges / bindings to this process or to URLs of
61 // this scheme; enforcement of privileges is handled separately by
62 // OneClickSigninHelper.
63 static const char kChromeSigninEffectiveSite[];
65 explicit SigninManager(SigninClient* client);
66 virtual ~SigninManager();
68 // Returns true if the username is allowed based on the policy string.
69 static bool IsUsernameAllowedByPolicy(const std::string& username,
70 const std::string& policy);
72 // Attempt to sign in this user with a refresh token.
73 // If non-null, the passed |oauth_fetched_callback| callback is invoked once
74 // signin has been completed.
75 // The callback should invoke SignOut() or CompletePendingSignin() to either
76 // continue or cancel the in-process signin.
77 virtual void StartSignInWithRefreshToken(
78 const std::string& refresh_token,
79 const std::string& username,
80 const std::string& password,
81 const OAuthTokenFetchedCallback& oauth_fetched_callback);
83 // Copies auth credentials from one SigninManager to this one. This is used
84 // when creating a new profile during the signin process to transfer the
85 // in-progress credentials to the new profile.
86 virtual void CopyCredentialsFrom(const SigninManager& source);
88 // Sign a user out, removing the preference, erasing all keys
89 // associated with the user, and canceling all auth in progress.
90 virtual void SignOut();
92 // On platforms where SigninManager is responsible for dealing with
93 // invalid username policy updates, we need to check this during
94 // initialization and sign the user out.
95 virtual void Initialize(Profile* profile, PrefService* local_state) OVERRIDE;
96 virtual void Shutdown() OVERRIDE;
98 // Invoked from an OAuthTokenFetchedCallback to complete user signin.
99 virtual void CompletePendingSignin();
101 // Invoked from SigninManagerAndroid to indicate that the sign-in process
102 // has completed for |username|.
103 void OnExternalSigninCompleted(const std::string& username);
105 // Returns true if there's a signin in progress.
106 virtual bool AuthInProgress() const OVERRIDE;
108 virtual bool IsSigninAllowed() const OVERRIDE;
110 // Returns true if the passed username is allowed by policy. Virtual for
112 virtual bool IsAllowedUsername(const std::string& username) const;
114 // If an authentication is in progress, return the username being
115 // authenticated. Returns an empty string if no auth is in progress.
116 const std::string& GetUsernameForAuthInProgress() const;
118 // Set the profile preference to turn off one-click sign-in so that it won't
119 // ever show it again in this profile (even if the user tries a new account).
120 static void DisableOneClickSignIn(Profile* profile);
122 // Tells the SigninManager whether to prohibit signout for this profile.
123 // If |prohibit_signout| is true, then signout will be prohibited.
124 void ProhibitSignout(bool prohibit_signout);
126 // If true, signout is prohibited for this profile (calls to SignOut() are
128 bool IsSignoutProhibited() const;
130 // Add or remove observers for the merge session notification.
131 void AddMergeSessionObserver(MergeSessionHelper::Observer* observer);
132 void RemoveMergeSessionObserver(MergeSessionHelper::Observer* observer);
135 // Pointer to parent profile (protected so FakeSigninManager can access
139 // Flag saying whether signing out is allowed.
140 bool prohibit_signout_;
145 SIGNIN_TYPE_WITH_REFRESH_TOKEN
148 std::string SigninTypeToString(SigninType type);
149 friend class FakeSigninManager;
150 FRIEND_TEST_ALL_PREFIXES(SigninManagerTest, ClearTransientSigninData);
151 FRIEND_TEST_ALL_PREFIXES(SigninManagerTest, ProvideSecondFactorSuccess);
152 FRIEND_TEST_ALL_PREFIXES(SigninManagerTest, ProvideSecondFactorFailure);
154 // If user was signed in, load tokens from DB if available.
155 void InitTokenService();
157 // Called to setup the transient signin data during one of the
158 // StartSigninXXX methods. |type| indicates which of the methods is being
159 // used to perform the signin while |username| and |password| identify the
160 // account to be signed in. Returns false and generates an auth error if the
161 // passed |username| is not allowed by policy.
162 bool PrepareForSignin(SigninType type,
163 const std::string& username,
164 const std::string& password);
166 // Persists |username| as the currently signed-in account, and triggers
167 // a sign-in success notification.
168 void OnSignedIn(const std::string& username);
170 // Called when a new request to re-authenticate a user is in progress.
171 // Will clear in memory data but leaves the db as such so when the browser
172 // restarts we can use the old token(which might throw a password error).
173 void ClearTransientSigninData();
175 // Called to handle an error from a GAIA auth fetch. Sets the last error
176 // to |error|, sends out a notification of login failure and clears the
177 // transient signin data.
178 void HandleAuthError(const GoogleServiceAuthError& error);
180 void OnSigninAllowedPrefChanged();
181 void OnGoogleServicesUsernamePatternChanged();
183 // ClientLogin identity.
184 std::string possibly_invalid_username_;
185 std::string password_; // This is kept empty whenever possible.
187 // Fetcher for the obfuscated user id.
188 scoped_ptr<SigninAccountIdHelper> account_id_helper_;
190 // The type of sign being performed. This value is valid only between a call
191 // to one of the StartSigninXXX methods and when the sign in is either
192 // successful or not.
195 // Temporarily saves the oauth2 refresh token. It will be passed to the
196 // token service so that it does not need to mint new ones.
197 std::string temp_refresh_token_;
199 base::WeakPtrFactory<SigninManager> weak_pointer_factory_;
201 // The SigninClient object associated with this object. Must outlive this
203 SigninClient* client_;
205 // Helper object to listen for changes to signin preferences stored in non-
206 // profile-specific local prefs (like kGoogleServicesUsernamePattern).
207 PrefChangeRegistrar local_state_pref_registrar_;
209 // Helper object to listen for changes to the signin allowed preference.
210 BooleanPrefMember signin_allowed_;
212 // Helper to merge signed in account into the content area.
213 scoped_ptr<MergeSessionHelper> merge_session_helper_;
215 DISALLOW_COPY_AND_ASSIGN(SigninManager);
218 #endif // !defined(OS_CHROMEOS)
220 #endif // CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_