| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // The signin manager encapsulates some functionality tracking | 5 // The signin manager encapsulates some functionality tracking |
| 6 // which user is signed in. When a user is signed in, a ClientLogin | 6 // which user is signed in. When a user is signed in, a ClientLogin |
| 7 // request is run on their behalf. Auth tokens are fetched from Google | 7 // request is run on their behalf. Auth tokens are fetched from Google |
| 8 // and the results are stored in the TokenService. | 8 // and the results are stored in the TokenService. |
| 9 // | 9 // |
| 10 // **NOTE** on semantics of SigninManager: | 10 // **NOTE** on semantics of SigninManager: |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 78 | 78 |
| 79 // Returns true if the cookie policy for the given profile allows cookies | 79 // Returns true if the cookie policy for the given profile allows cookies |
| 80 // for the Google signin domain. | 80 // for the Google signin domain. |
| 81 static bool AreSigninCookiesAllowed(Profile* profile); | 81 static bool AreSigninCookiesAllowed(Profile* profile); |
| 82 static bool AreSigninCookiesAllowed(CookieSettings* cookie_settings); | 82 static bool AreSigninCookiesAllowed(CookieSettings* cookie_settings); |
| 83 | 83 |
| 84 // Returns true if the username is allowed based on the policy string. | 84 // Returns true if the username is allowed based on the policy string. |
| 85 static bool IsAllowedUsername(const std::string& username, | 85 static bool IsAllowedUsername(const std::string& username, |
| 86 const std::string& policy); | 86 const std::string& policy); |
| 87 | 87 |
| 88 // Returns true if |url| is a web signin URL and should be hosted in an |
| 89 // isolated, privileged signin process. |
| 90 static bool IsWebBasedSigninFlowURL(const GURL& url); |
| 91 |
| 92 // This is used to distinguish URLs belonging to the special web signin flow |
| 93 // running in the special signin process from other URLs on the same domain. |
| 94 // We do not grant WebUI privilieges / bindings to this process or to URLs of |
| 95 // this scheme; enforcement of privileges is handled separately by |
| 96 // OneClickSigninHelper. |
| 97 static const char* kChromeSigninEffectiveSite; |
| 98 |
| 88 SigninManager(); | 99 SigninManager(); |
| 89 virtual ~SigninManager(); | 100 virtual ~SigninManager(); |
| 90 | 101 |
| 91 // If user was signed in, load tokens from DB if available. | 102 // If user was signed in, load tokens from DB if available. |
| 92 void Initialize(Profile* profile); | 103 void Initialize(Profile* profile); |
| 93 bool IsInitialized() const; | 104 bool IsInitialized() const; |
| 94 | 105 |
| 95 // Returns true if the passed username is allowed by policy. Virtual for | 106 // Returns true if the passed username is allowed by policy. Virtual for |
| 96 // mocking in tests. | 107 // mocking in tests. |
| 97 virtual bool IsAllowedUsername(const std::string& username) const; | 108 virtual bool IsAllowedUsername(const std::string& username) const; |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 198 // ProfileKeyedService implementation. | 209 // ProfileKeyedService implementation. |
| 199 virtual void Shutdown() OVERRIDE; | 210 virtual void Shutdown() OVERRIDE; |
| 200 | 211 |
| 201 // Tells the SigninManager to prohibit signout for this profile. | 212 // Tells the SigninManager to prohibit signout for this profile. |
| 202 void ProhibitSignout(); | 213 void ProhibitSignout(); |
| 203 | 214 |
| 204 // If true, signout is prohibited for this profile (calls to SignOut() are | 215 // If true, signout is prohibited for this profile (calls to SignOut() are |
| 205 // ignored). | 216 // ignored). |
| 206 bool IsSignoutProhibited() const; | 217 bool IsSignoutProhibited() const; |
| 207 | 218 |
| 219 // Allows the SigninManager to track the privileged signin process |
| 220 // identified by |process_id| so that we can later ask (via IsSigninProcess) |
| 221 // if it is safe to sign the user in from the current context (see |
| 222 // OneClickSigninHelper). All of this tracking state is reset once the |
| 223 // renderer process terminates. |
| 224 void SetSigninProcess(int process_id); |
| 225 bool IsSigninProcess(int process_id) const; |
| 226 bool HasSigninProcess() const; |
| 227 |
| 208 protected: | 228 protected: |
| 209 // Weak pointer to parent profile (protected so FakeSigninManager can access | 229 // Weak pointer to parent profile (protected so FakeSigninManager can access |
| 210 // it). | 230 // it). |
| 211 Profile* profile_; | 231 Profile* profile_; |
| 212 | 232 |
| 213 // Used to show auth errors in the wrench menu. The SigninGlobalError is | 233 // Used to show auth errors in the wrench menu. The SigninGlobalError is |
| 214 // different than most GlobalErrors in that its lifetime is controlled by | 234 // different than most GlobalErrors in that its lifetime is controlled by |
| 215 // SigninManager (so we can expose a reference for use in the wrench menu). | 235 // SigninManager (so we can expose a reference for use in the wrench menu). |
| 216 scoped_ptr<SigninGlobalError> signin_global_error_; | 236 scoped_ptr<SigninGlobalError> signin_global_error_; |
| 217 | 237 |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 339 // with credentials. These will be passed to TokenService so that it does | 359 // with credentials. These will be passed to TokenService so that it does |
| 340 // not need to mint new ones. | 360 // not need to mint new ones. |
| 341 ClientOAuthResult temp_oauth_login_tokens_; | 361 ClientOAuthResult temp_oauth_login_tokens_; |
| 342 | 362 |
| 343 // The list of SigninDiagnosticObservers. | 363 // The list of SigninDiagnosticObservers. |
| 344 ObserverList<signin_internals_util::SigninDiagnosticsObserver, true> | 364 ObserverList<signin_internals_util::SigninDiagnosticsObserver, true> |
| 345 signin_diagnostics_observers_; | 365 signin_diagnostics_observers_; |
| 346 | 366 |
| 347 base::WeakPtrFactory<SigninManager> weak_pointer_factory_; | 367 base::WeakPtrFactory<SigninManager> weak_pointer_factory_; |
| 348 | 368 |
| 369 // See SetSigninProcess. Tracks the currently active signin process |
| 370 // by ID, if there is one. |
| 371 int signin_process_id_; |
| 349 | 372 |
| 350 #if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS) | 373 #if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS) |
| 351 // CloudPolicyClient reference we keep while determining whether to create | 374 // CloudPolicyClient reference we keep while determining whether to create |
| 352 // a new profile for an enterprise user or not. | 375 // a new profile for an enterprise user or not. |
| 353 scoped_ptr<policy::CloudPolicyClient> policy_client_; | 376 scoped_ptr<policy::CloudPolicyClient> policy_client_; |
| 354 #endif | 377 #endif |
| 355 | 378 |
| 356 DISALLOW_COPY_AND_ASSIGN(SigninManager); | 379 DISALLOW_COPY_AND_ASSIGN(SigninManager); |
| 357 }; | 380 }; |
| 358 | 381 |
| 359 #endif // CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_ | 382 #endif // CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12374007:
signin: force web signin flow initiated visits to accounts.google.com to their own process. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src