xiaoyinh | 2bbdd10 | 2017-05-18 23:29:42 | [diff] [blame] | 1 | // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 5 | #include "ash/login/login_screen_controller.h" |
xiaoyinh | 2bbdd10 | 2017-05-18 23:29:42 | [diff] [blame] | 6 | |
Toni Barzic | f61c445 | 2017-10-05 03:57:48 | [diff] [blame] | 7 | #include "ash/login/lock_screen_apps_focus_observer.h" |
jdufault | eb4c9f1e | 2017-06-08 23:08:30 | [diff] [blame] | 8 | #include "ash/login/ui/lock_screen.h" |
Jacob Dufault | 40623d5 | 2017-09-15 17:22:53 | [diff] [blame] | 9 | #include "ash/login/ui/login_data_dispatcher.h" |
Sarah Hu | 069eea1 | 2017-09-08 01:28:40 | [diff] [blame] | 10 | #include "ash/public/cpp/ash_pref_names.h" |
Aga Wronska | 16abb43 | 2018-01-11 23:49:59 | [diff] [blame] | 11 | #include "ash/root_window_controller.h" |
Sarah Hu | 069eea1 | 2017-09-08 01:28:40 | [diff] [blame] | 12 | #include "ash/session/session_controller.h" |
| 13 | #include "ash/shell.h" |
Aga Wronska | 16abb43 | 2018-01-11 23:49:59 | [diff] [blame] | 14 | #include "ash/system/status_area_widget.h" |
Sarah Hu | 069eea1 | 2017-09-08 01:28:40 | [diff] [blame] | 15 | #include "base/strings/string_number_conversions.h" |
Jialiu Lin | f99b788b | 2018-01-17 23:01:21 | [diff] [blame] | 16 | #include "base/strings/utf_string_conversions.h" |
xiaoyinh | 2bbdd10 | 2017-05-18 23:29:42 | [diff] [blame] | 17 | #include "chromeos/cryptohome/system_salt_getter.h" |
Roman Sorokin | c559001 | 2017-09-28 00:48:29 | [diff] [blame] | 18 | #include "chromeos/login/auth/authpolicy_login_helper.h" |
xiaoyinh | 2bbdd10 | 2017-05-18 23:29:42 | [diff] [blame] | 19 | #include "chromeos/login/auth/user_context.h" |
Jialiu Lin | f99b788b | 2018-01-17 23:01:21 | [diff] [blame] | 20 | #include "components/password_manager/core/browser/hash_password_manager.h" |
Sarah Hu | 069eea1 | 2017-09-08 01:28:40 | [diff] [blame] | 21 | #include "components/prefs/pref_registry_simple.h" |
| 22 | #include "components/prefs/pref_service.h" |
Jacob Dufault | 957e092 | 2017-12-06 19:16:09 | [diff] [blame] | 23 | #include "components/session_manager/session_manager_types.h" |
xiaoyinh | 2bbdd10 | 2017-05-18 23:29:42 | [diff] [blame] | 24 | |
| 25 | namespace ash { |
| 26 | |
Sarah Hu | 069eea1 | 2017-09-08 01:28:40 | [diff] [blame] | 27 | namespace { |
xiaoyinh | 2bbdd10 | 2017-05-18 23:29:42 | [diff] [blame] | 28 | |
Sarah Hu | 069eea1 | 2017-09-08 01:28:40 | [diff] [blame] | 29 | std::string CalculateHash(const std::string& password, |
| 30 | const std::string& salt, |
| 31 | chromeos::Key::KeyType key_type) { |
| 32 | chromeos::Key key(password); |
| 33 | key.Transform(key_type, salt); |
| 34 | return key.GetSecret(); |
| 35 | } |
| 36 | |
Aga Wronska | a844cdcd1 | 2018-01-29 16:06:44 | [diff] [blame] | 37 | enum class SystemTrayVisibility { |
| 38 | kNone, // Tray not visible anywhere. |
| 39 | kPrimary, // Tray visible only on primary display. |
| 40 | kAll, // Tray visible on all displays. |
| 41 | }; |
| 42 | |
| 43 | void SetSystemTrayVisibility(SystemTrayVisibility visibility) { |
| 44 | RootWindowController* primary_window_controller = |
| 45 | Shell::GetPrimaryRootWindowController(); |
| 46 | for (RootWindowController* window_controller : |
| 47 | Shell::GetAllRootWindowControllers()) { |
| 48 | StatusAreaWidget* status_area = window_controller->GetStatusAreaWidget(); |
| 49 | if (!status_area) |
| 50 | continue; |
| 51 | if (window_controller == primary_window_controller) { |
| 52 | status_area->SetSystemTrayVisibility( |
| 53 | visibility == SystemTrayVisibility::kPrimary || |
| 54 | visibility == SystemTrayVisibility::kAll); |
| 55 | } else { |
| 56 | status_area->SetSystemTrayVisibility(visibility == |
| 57 | SystemTrayVisibility::kAll); |
| 58 | } |
| 59 | } |
Aga Wronska | 16abb43 | 2018-01-11 23:49:59 | [diff] [blame] | 60 | } |
| 61 | |
Sarah Hu | 069eea1 | 2017-09-08 01:28:40 | [diff] [blame] | 62 | } // namespace |
| 63 | |
James Cook | ede316a | 2017-12-14 22:38:43 | [diff] [blame] | 64 | LoginScreenController::LoginScreenController() : weak_factory_(this) {} |
James Cook | 8f1e606 | 2017-11-13 23:40:59 | [diff] [blame] | 65 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 66 | LoginScreenController::~LoginScreenController() = default; |
xiaoyinh | 2bbdd10 | 2017-05-18 23:29:42 | [diff] [blame] | 67 | |
Sarah Hu | 069eea1 | 2017-09-08 01:28:40 | [diff] [blame] | 68 | // static |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 69 | void LoginScreenController::RegisterProfilePrefs(PrefRegistrySimple* registry, |
| 70 | bool for_test) { |
Sarah Hu | 069eea1 | 2017-09-08 01:28:40 | [diff] [blame] | 71 | if (for_test) { |
| 72 | // There is no remote pref service, so pretend that ash owns the pref. |
| 73 | registry->RegisterStringPref(prefs::kQuickUnlockPinSalt, ""); |
| 74 | return; |
| 75 | } |
| 76 | |
| 77 | // Pref is owned by chrome and flagged as PUBLIC. |
| 78 | registry->RegisterForeignPref(prefs::kQuickUnlockPinSalt); |
| 79 | } |
| 80 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 81 | void LoginScreenController::BindRequest(mojom::LoginScreenRequest request) { |
James Cook | ede316a | 2017-12-14 22:38:43 | [diff] [blame] | 82 | bindings_.AddBinding(this, std::move(request)); |
xiaoyinh | 2bbdd10 | 2017-05-18 23:29:42 | [diff] [blame] | 83 | } |
| 84 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 85 | void LoginScreenController::SetClient(mojom::LoginScreenClientPtr client) { |
| 86 | login_screen_client_ = std::move(client); |
xiaoyinh | 2bbdd10 | 2017-05-18 23:29:42 | [diff] [blame] | 87 | } |
| 88 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 89 | void LoginScreenController::ShowLockScreen(ShowLockScreenCallback on_shown) { |
Jacob Dufault | 957e092 | 2017-12-06 19:16:09 | [diff] [blame] | 90 | ash::LockScreen::Show(ash::LockScreen::ScreenType::kLock); |
| 91 | std::move(on_shown).Run(true); |
Aga Wronska | a844cdcd1 | 2018-01-29 16:06:44 | [diff] [blame] | 92 | SetSystemTrayVisibility(SystemTrayVisibility::kPrimary); |
Jacob Dufault | 957e092 | 2017-12-06 19:16:09 | [diff] [blame] | 93 | } |
| 94 | |
| 95 | void LoginScreenController::ShowLoginScreen(ShowLoginScreenCallback on_shown) { |
| 96 | // Login screen can only be used during login. |
| 97 | if (Shell::Get()->session_controller()->GetSessionState() != |
| 98 | session_manager::SessionState::LOGIN_PRIMARY) { |
| 99 | std::move(on_shown).Run(false); |
| 100 | return; |
| 101 | } |
| 102 | |
| 103 | // TODO(jdufault): rename ash::LockScreen to ash::LoginScreen. |
| 104 | ash::LockScreen::Show(ash::LockScreen::ScreenType::kLogin); |
jdufault | eb4c9f1e | 2017-06-08 23:08:30 | [diff] [blame] | 105 | std::move(on_shown).Run(true); |
Aga Wronska | a844cdcd1 | 2018-01-29 16:06:44 | [diff] [blame] | 106 | SetSystemTrayVisibility(SystemTrayVisibility::kPrimary); |
jdufault | eb4c9f1e | 2017-06-08 23:08:30 | [diff] [blame] | 107 | } |
| 108 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 109 | void LoginScreenController::ShowErrorMessage(int32_t login_attempts, |
| 110 | const std::string& error_text, |
| 111 | const std::string& help_link_text, |
| 112 | int32_t help_topic_id) { |
xiaoyinh | 2bbdd10 | 2017-05-18 23:29:42 | [diff] [blame] | 113 | NOTIMPLEMENTED(); |
| 114 | } |
| 115 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 116 | void LoginScreenController::ClearErrors() { |
xiaoyinh | 2bbdd10 | 2017-05-18 23:29:42 | [diff] [blame] | 117 | NOTIMPLEMENTED(); |
| 118 | } |
| 119 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 120 | void LoginScreenController::ShowUserPodCustomIcon( |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 121 | const AccountId& account_id, |
Jacob Dufault | c5738ca | 2017-10-16 23:18:16 | [diff] [blame] | 122 | mojom::EasyUnlockIconOptionsPtr icon) { |
Jacob Dufault | a022559 | 2017-10-17 21:53:38 | [diff] [blame] | 123 | DataDispatcher()->ShowEasyUnlockIcon(account_id, icon); |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 124 | } |
| 125 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 126 | void LoginScreenController::HideUserPodCustomIcon(const AccountId& account_id) { |
Jacob Dufault | a022559 | 2017-10-17 21:53:38 | [diff] [blame] | 127 | auto icon_options = mojom::EasyUnlockIconOptions::New(); |
| 128 | icon_options->icon = mojom::EasyUnlockIconId::NONE; |
| 129 | DataDispatcher()->ShowEasyUnlockIcon(account_id, icon_options); |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 130 | } |
| 131 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 132 | void LoginScreenController::SetAuthType( |
xiaoyinh | 820778c5 | 2017-06-21 01:42:51 | [diff] [blame] | 133 | const AccountId& account_id, |
| 134 | proximity_auth::mojom::AuthType auth_type, |
| 135 | const base::string16& initial_value) { |
Jacob Dufault | a022559 | 2017-10-17 21:53:38 | [diff] [blame] | 136 | if (auth_type == proximity_auth::mojom::AuthType::USER_CLICK) { |
| 137 | DataDispatcher()->SetClickToUnlockEnabledForUser(account_id, |
| 138 | true /*enabled*/); |
| 139 | } else { |
| 140 | NOTIMPLEMENTED(); |
| 141 | } |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 142 | } |
| 143 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 144 | void LoginScreenController::LoadUsers( |
| 145 | std::vector<mojom::LoginUserInfoPtr> users, |
| 146 | bool show_guest) { |
Jacob Dufault | 40623d5 | 2017-09-15 17:22:53 | [diff] [blame] | 147 | DCHECK(DataDispatcher()); |
| 148 | |
Sarah Hu | f3a99dd0 | 2017-10-03 22:04:11 | [diff] [blame] | 149 | DataDispatcher()->NotifyUsers(users); |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 150 | } |
| 151 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 152 | void LoginScreenController::SetPinEnabledForUser(const AccountId& account_id, |
| 153 | bool is_enabled) { |
Sarah Hu | 069eea1 | 2017-09-08 01:28:40 | [diff] [blame] | 154 | // Chrome will update pin pod state every time user tries to authenticate. |
| 155 | // LockScreen is destroyed in the case of authentication success. |
Jacob Dufault | 40623d5 | 2017-09-15 17:22:53 | [diff] [blame] | 156 | if (DataDispatcher()) |
| 157 | DataDispatcher()->SetPinEnabledForUser(account_id, is_enabled); |
xiaoyinh | f534c4f | 2017-06-13 20:50:27 | [diff] [blame] | 158 | } |
| 159 | |
Wenzhao Zang | a05dcefc | 2017-11-30 05:50:03 | [diff] [blame] | 160 | void LoginScreenController::SetDevChannelInfo( |
| 161 | const std::string& os_version_label_text, |
| 162 | const std::string& enterprise_info_text, |
| 163 | const std::string& bluetooth_name) { |
| 164 | if (DataDispatcher()) { |
| 165 | DataDispatcher()->SetDevChannelInfo(os_version_label_text, |
| 166 | enterprise_info_text, bluetooth_name); |
| 167 | } |
| 168 | } |
| 169 | |
Sarah Hu | 0bfd187 | 2017-12-12 18:00:05 | [diff] [blame] | 170 | void LoginScreenController::IsReadyForPassword( |
| 171 | IsReadyForPasswordCallback callback) { |
| 172 | std::move(callback).Run(LockScreen::IsShown() && !is_authenticating_); |
| 173 | } |
| 174 | |
Jacob Dufault | b7a2d84 | 2017-12-01 23:21:15 | [diff] [blame] | 175 | void LoginScreenController::AuthenticateUser(const AccountId& account_id, |
| 176 | const std::string& password, |
| 177 | bool authenticated_by_pin, |
| 178 | OnAuthenticateCallback callback) { |
| 179 | // Ignore concurrent auth attempts. This can happen if the user quickly enters |
| 180 | // two separate passwords and hits enter. |
| 181 | if (!login_screen_client_ || is_authenticating_) { |
| 182 | LOG_IF(ERROR, is_authenticating_) << "Ignoring concurrent auth attempt"; |
| 183 | std::move(callback).Run(base::nullopt); |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 184 | return; |
Jacob Dufault | b7a2d84 | 2017-12-01 23:21:15 | [diff] [blame] | 185 | } |
| 186 | is_authenticating_ = true; |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 187 | |
Jacob Dufault | eafc6fe | 2017-10-11 21:16:52 | [diff] [blame] | 188 | // If auth is disabled by the debug overlay bypass the mojo call entirely, as |
| 189 | // it will dismiss the lock screen if the password is correct. |
Jacob Dufault | 0fbed9c0 | 2017-11-14 19:22:24 | [diff] [blame] | 190 | switch (force_fail_auth_for_debug_overlay_) { |
| 191 | case ForceFailAuth::kOff: |
| 192 | break; |
| 193 | case ForceFailAuth::kImmediate: |
Jacob Dufault | b7a2d84 | 2017-12-01 23:21:15 | [diff] [blame] | 194 | OnAuthenticateComplete(std::move(callback), false /*success*/); |
Jacob Dufault | 0fbed9c0 | 2017-11-14 19:22:24 | [diff] [blame] | 195 | return; |
| 196 | case ForceFailAuth::kDelayed: |
| 197 | base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( |
Jacob Dufault | b7a2d84 | 2017-12-01 23:21:15 | [diff] [blame] | 198 | FROM_HERE, |
| 199 | base::BindOnce(&LoginScreenController::OnAuthenticateComplete, |
| 200 | weak_factory_.GetWeakPtr(), base::Passed(&callback), |
| 201 | false), |
Jacob Dufault | 0fbed9c0 | 2017-11-14 19:22:24 | [diff] [blame] | 202 | base::TimeDelta::FromSeconds(1)); |
| 203 | return; |
Jacob Dufault | eafc6fe | 2017-10-11 21:16:52 | [diff] [blame] | 204 | } |
| 205 | |
Jacob Dufault | b7a2d84 | 2017-12-01 23:21:15 | [diff] [blame] | 206 | // |DoAuthenticateUser| requires the system salt, so we fetch it first, and |
| 207 | // then run |DoAuthenticateUser| as a continuation. |
| 208 | auto do_authenticate = base::BindOnce( |
| 209 | &LoginScreenController::DoAuthenticateUser, weak_factory_.GetWeakPtr(), |
jdufault | eb4c9f1e | 2017-06-08 23:08:30 | [diff] [blame] | 210 | account_id, password, authenticated_by_pin, std::move(callback)); |
Jacob Dufault | b7a2d84 | 2017-12-01 23:21:15 | [diff] [blame] | 211 | chromeos::SystemSaltGetter::Get()->GetSystemSalt(base::BindRepeating( |
| 212 | &LoginScreenController::OnGetSystemSalt, weak_factory_.GetWeakPtr(), |
| 213 | base::Passed(&do_authenticate))); |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 214 | } |
| 215 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 216 | void LoginScreenController::HandleFocusLeavingLockScreenApps(bool reverse) { |
Toni Barzic | f61c445 | 2017-10-05 03:57:48 | [diff] [blame] | 217 | for (auto& observer : lock_screen_apps_focus_observers_) |
| 218 | observer.OnFocusLeavingLockScreenApps(reverse); |
| 219 | } |
| 220 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 221 | void LoginScreenController::AttemptUnlock(const AccountId& account_id) { |
| 222 | if (!login_screen_client_) |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 223 | return; |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 224 | login_screen_client_->AttemptUnlock(account_id); |
Sarah Hu | e0e01a5 | 2017-10-25 20:29:30 | [diff] [blame] | 225 | |
| 226 | Shell::Get()->metrics()->login_metrics_recorder()->SetAuthMethod( |
| 227 | LoginMetricsRecorder::AuthMethod::kSmartlock); |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 228 | } |
| 229 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 230 | void LoginScreenController::HardlockPod(const AccountId& account_id) { |
| 231 | if (!login_screen_client_) |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 232 | return; |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 233 | login_screen_client_->HardlockPod(account_id); |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 234 | } |
| 235 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 236 | void LoginScreenController::RecordClickOnLockIcon(const AccountId& account_id) { |
| 237 | if (!login_screen_client_) |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 238 | return; |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 239 | login_screen_client_->RecordClickOnLockIcon(account_id); |
xiaoyinh | 9f6fa0e | 2017-06-07 19:22:32 | [diff] [blame] | 240 | } |
| 241 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 242 | void LoginScreenController::OnFocusPod(const AccountId& account_id) { |
| 243 | if (!login_screen_client_) |
xiaoyinh | f534c4f | 2017-06-13 20:50:27 | [diff] [blame] | 244 | return; |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 245 | login_screen_client_->OnFocusPod(account_id); |
xiaoyinh | f534c4f | 2017-06-13 20:50:27 | [diff] [blame] | 246 | } |
| 247 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 248 | void LoginScreenController::OnNoPodFocused() { |
| 249 | if (!login_screen_client_) |
xiaoyinh | f534c4f | 2017-06-13 20:50:27 | [diff] [blame] | 250 | return; |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 251 | login_screen_client_->OnNoPodFocused(); |
xiaoyinh | f534c4f | 2017-06-13 20:50:27 | [diff] [blame] | 252 | } |
| 253 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 254 | void LoginScreenController::LoadWallpaper(const AccountId& account_id) { |
| 255 | if (!login_screen_client_) |
xiaoyinh | f534c4f | 2017-06-13 20:50:27 | [diff] [blame] | 256 | return; |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 257 | login_screen_client_->LoadWallpaper(account_id); |
xiaoyinh | f534c4f | 2017-06-13 20:50:27 | [diff] [blame] | 258 | } |
| 259 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 260 | void LoginScreenController::SignOutUser() { |
| 261 | if (!login_screen_client_) |
xiaoyinh | f534c4f | 2017-06-13 20:50:27 | [diff] [blame] | 262 | return; |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 263 | login_screen_client_->SignOutUser(); |
xiaoyinh | f534c4f | 2017-06-13 20:50:27 | [diff] [blame] | 264 | } |
| 265 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 266 | void LoginScreenController::CancelAddUser() { |
| 267 | if (!login_screen_client_) |
Wenzhao Zang | 16e7ea72 | 2017-09-16 01:27:30 | [diff] [blame] | 268 | return; |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 269 | login_screen_client_->CancelAddUser(); |
Wenzhao Zang | 16e7ea72 | 2017-09-16 01:27:30 | [diff] [blame] | 270 | } |
| 271 | |
Aga Wronska | 6a32f987 | 2018-01-06 00:16:10 | [diff] [blame] | 272 | void LoginScreenController::LoginAsGuest() { |
| 273 | if (!login_screen_client_) |
| 274 | return; |
| 275 | login_screen_client_->LoginAsGuest(); |
| 276 | } |
| 277 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 278 | void LoginScreenController::OnMaxIncorrectPasswordAttempted( |
xiaoyinh | f534c4f | 2017-06-13 20:50:27 | [diff] [blame] | 279 | const AccountId& account_id) { |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 280 | if (!login_screen_client_) |
xiaoyinh | f534c4f | 2017-06-13 20:50:27 | [diff] [blame] | 281 | return; |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 282 | login_screen_client_->OnMaxIncorrectPasswordAttempted(account_id); |
xiaoyinh | f534c4f | 2017-06-13 20:50:27 | [diff] [blame] | 283 | } |
| 284 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 285 | void LoginScreenController::FocusLockScreenApps(bool reverse) { |
| 286 | if (!login_screen_client_) |
Toni Barzic | f61c445 | 2017-10-05 03:57:48 | [diff] [blame] | 287 | return; |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 288 | login_screen_client_->FocusLockScreenApps(reverse); |
Toni Barzic | f61c445 | 2017-10-05 03:57:48 | [diff] [blame] | 289 | } |
| 290 | |
Sarah Hu | 9fba0e75 | 2018-02-07 01:41:09 | [diff] [blame^] | 291 | void LoginScreenController::ShowGaiaSignin() { |
| 292 | if (!login_screen_client_) |
| 293 | return; |
| 294 | login_screen_client_->ShowGaiaSignin(); |
| 295 | } |
| 296 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 297 | void LoginScreenController::AddLockScreenAppsFocusObserver( |
Toni Barzic | f61c445 | 2017-10-05 03:57:48 | [diff] [blame] | 298 | LockScreenAppsFocusObserver* observer) { |
| 299 | lock_screen_apps_focus_observers_.AddObserver(observer); |
| 300 | } |
| 301 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 302 | void LoginScreenController::RemoveLockScreenAppsFocusObserver( |
Toni Barzic | f61c445 | 2017-10-05 03:57:48 | [diff] [blame] | 303 | LockScreenAppsFocusObserver* observer) { |
| 304 | lock_screen_apps_focus_observers_.RemoveObserver(observer); |
| 305 | } |
| 306 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 307 | void LoginScreenController::FlushForTesting() { |
| 308 | login_screen_client_.FlushForTesting(); |
Toni Barzic | f61c445 | 2017-10-05 03:57:48 | [diff] [blame] | 309 | } |
| 310 | |
Jacob Dufault | b7a2d84 | 2017-12-01 23:21:15 | [diff] [blame] | 311 | void LoginScreenController::DoAuthenticateUser(const AccountId& account_id, |
| 312 | const std::string& password, |
| 313 | bool authenticated_by_pin, |
| 314 | OnAuthenticateCallback callback, |
| 315 | const std::string& system_salt) { |
Sarah Hu | 069eea1 | 2017-09-08 01:28:40 | [diff] [blame] | 316 | int dummy_value; |
| 317 | bool is_pin = |
| 318 | authenticated_by_pin && base::StringToInt(password, &dummy_value); |
| 319 | std::string hashed_password = CalculateHash( |
| 320 | password, system_salt, chromeos::Key::KEY_TYPE_SALTED_SHA256_TOP_HALF); |
| 321 | |
Jialiu Lin | f99b788b | 2018-01-17 23:01:21 | [diff] [blame] | 322 | // Used for GAIA password reuse detection. |
| 323 | password_manager::SyncPasswordData sync_password_data( |
| 324 | base::UTF8ToUTF16(password), /*force_update=*/false); |
| 325 | |
Sarah Hu | 069eea1 | 2017-09-08 01:28:40 | [diff] [blame] | 326 | PrefService* prefs = |
| 327 | Shell::Get()->session_controller()->GetLastActiveUserPrefService(); |
| 328 | if (is_pin && prefs) { |
| 329 | hashed_password = |
| 330 | CalculateHash(password, prefs->GetString(prefs::kQuickUnlockPinSalt), |
| 331 | chromeos::Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234); |
| 332 | } |
| 333 | |
Roman Sorokin | c559001 | 2017-09-28 00:48:29 | [diff] [blame] | 334 | if (account_id.GetAccountType() == AccountType::ACTIVE_DIRECTORY && !is_pin) { |
| 335 | // Try to get kerberos TGT while we have user's password typed on the lock |
| 336 | // screen. Using invalid/bad password is fine. Failure to get TGT here is OK |
| 337 | // - that could mean e.g. Active Directory server is not reachable. |
| 338 | // AuthPolicyCredentialsManager regularly checks TGT status inside the user |
| 339 | // session. |
| 340 | chromeos::AuthPolicyLoginHelper::TryAuthenticateUser( |
| 341 | account_id.GetUserEmail(), account_id.GetObjGuid(), password); |
| 342 | } |
| 343 | |
Sarah Hu | e0e01a5 | 2017-10-25 20:29:30 | [diff] [blame] | 344 | Shell::Get()->metrics()->login_metrics_recorder()->SetAuthMethod( |
| 345 | is_pin ? LoginMetricsRecorder::AuthMethod::kPin |
| 346 | : LoginMetricsRecorder::AuthMethod::kPassword); |
Jacob Dufault | b7a2d84 | 2017-12-01 23:21:15 | [diff] [blame] | 347 | login_screen_client_->AuthenticateUser( |
Jialiu Lin | f99b788b | 2018-01-17 23:01:21 | [diff] [blame] | 348 | account_id, hashed_password, sync_password_data, is_pin, |
Jacob Dufault | b7a2d84 | 2017-12-01 23:21:15 | [diff] [blame] | 349 | base::BindOnce(&LoginScreenController::OnAuthenticateComplete, |
| 350 | weak_factory_.GetWeakPtr(), base::Passed(&callback))); |
jdufault | eb4c9f1e | 2017-06-08 23:08:30 | [diff] [blame] | 351 | } |
| 352 | |
Jacob Dufault | b7a2d84 | 2017-12-01 23:21:15 | [diff] [blame] | 353 | void LoginScreenController::OnAuthenticateComplete( |
| 354 | OnAuthenticateCallback callback, |
| 355 | bool success) { |
| 356 | is_authenticating_ = false; |
| 357 | std::move(callback).Run(success); |
| 358 | } |
| 359 | |
| 360 | void LoginScreenController::OnGetSystemSalt(PendingDoAuthenticateUser then, |
| 361 | const std::string& system_salt) { |
| 362 | std::move(then).Run(system_salt); |
xiaoyinh | 2bbdd10 | 2017-05-18 23:29:42 | [diff] [blame] | 363 | } |
| 364 | |
Jacob Dufault | ffd9b0d | 2017-11-15 23:07:16 | [diff] [blame] | 365 | LoginDataDispatcher* LoginScreenController::DataDispatcher() const { |
Jacob Dufault | 40623d5 | 2017-09-15 17:22:53 | [diff] [blame] | 366 | if (!ash::LockScreen::IsShown()) |
| 367 | return nullptr; |
| 368 | return ash::LockScreen::Get()->data_dispatcher(); |
| 369 | } |
| 370 | |
xiaoyinh | 2bbdd10 | 2017-05-18 23:29:42 | [diff] [blame] | 371 | } // namespace ash |