| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/parallel_authenticator.h" | 5 #include "chrome/browser/chromeos/login/parallel_authenticator.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/file_util.h" | 9 #include "base/file_util.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 65 } | 65 } |
| 66 | 66 |
| 67 // Calls cryptohome's mount method. | 67 // Calls cryptohome's mount method. |
| 68 void Mount(AuthAttemptState* attempt, | 68 void Mount(AuthAttemptState* attempt, |
| 69 scoped_refptr<ParallelAuthenticator> resolver, | 69 scoped_refptr<ParallelAuthenticator> resolver, |
| 70 int flags) { | 70 int flags) { |
| 71 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 71 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 72 chromeos::BootTimesLoader::Get()->AddLoginTimeMarker( | 72 chromeos::BootTimesLoader::Get()->AddLoginTimeMarker( |
| 73 "CryptohomeMount-Start", false); | 73 "CryptohomeMount-Start", false); |
| 74 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMount( | 74 cryptohome::AsyncMethodCaller::GetInstance()->AsyncMount( |
| 75 attempt->username, | 75 attempt->credentials.username, |
| 76 attempt->ascii_hash, | 76 attempt->ascii_hash, |
| 77 flags, | 77 flags, |
| 78 base::Bind(&TriggerResolveWithLoginTimeMarker, | 78 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 79 "CryptohomeMount-End", | 79 "CryptohomeMount-End", |
| 80 attempt, | 80 attempt, |
| 81 resolver)); | 81 resolver)); |
| 82 } | 82 } |
| 83 | 83 |
| 84 // Calls cryptohome's mount method for guest. | 84 // Calls cryptohome's mount method for guest. |
| 85 void MountGuest(AuthAttemptState* attempt, | 85 void MountGuest(AuthAttemptState* attempt, |
| (...skipping 11 matching lines...) Expand all Loading... |
| 97 scoped_refptr<ParallelAuthenticator> resolver, | 97 scoped_refptr<ParallelAuthenticator> resolver, |
| 98 bool passing_old_hash, | 98 bool passing_old_hash, |
| 99 const std::string& hash) { | 99 const std::string& hash) { |
| 100 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 100 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 101 chromeos::BootTimesLoader::Get()->AddLoginTimeMarker( | 101 chromeos::BootTimesLoader::Get()->AddLoginTimeMarker( |
| 102 "CryptohomeMigrate-Start", false); | 102 "CryptohomeMigrate-Start", false); |
| 103 cryptohome::AsyncMethodCaller* caller = | 103 cryptohome::AsyncMethodCaller* caller = |
| 104 cryptohome::AsyncMethodCaller::GetInstance(); | 104 cryptohome::AsyncMethodCaller::GetInstance(); |
| 105 if (passing_old_hash) { | 105 if (passing_old_hash) { |
| 106 caller->AsyncMigrateKey( | 106 caller->AsyncMigrateKey( |
| 107 attempt->username, | 107 attempt->credentials.username, |
| 108 hash, | 108 hash, |
| 109 attempt->ascii_hash, | 109 attempt->ascii_hash, |
| 110 base::Bind(&TriggerResolveWithLoginTimeMarker, | 110 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 111 "CryptohomeMount-End", | 111 "CryptohomeMount-End", |
| 112 attempt, | 112 attempt, |
| 113 resolver)); | 113 resolver)); |
| 114 } else { | 114 } else { |
| 115 caller->AsyncMigrateKey( | 115 caller->AsyncMigrateKey( |
| 116 attempt->username, | 116 attempt->credentials.username, |
| 117 attempt->ascii_hash, | 117 attempt->ascii_hash, |
| 118 hash, | 118 hash, |
| 119 base::Bind(&TriggerResolveWithLoginTimeMarker, | 119 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 120 "CryptohomeMount-End", | 120 "CryptohomeMount-End", |
| 121 attempt, | 121 attempt, |
| 122 resolver)); | 122 resolver)); |
| 123 } | 123 } |
| 124 } | 124 } |
| 125 | 125 |
| 126 // Calls cryptohome's remove method. | 126 // Calls cryptohome's remove method. |
| 127 void Remove(AuthAttemptState* attempt, | 127 void Remove(AuthAttemptState* attempt, |
| 128 scoped_refptr<ParallelAuthenticator> resolver) { | 128 scoped_refptr<ParallelAuthenticator> resolver) { |
| 129 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 129 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 130 chromeos::BootTimesLoader::Get()->AddLoginTimeMarker( | 130 chromeos::BootTimesLoader::Get()->AddLoginTimeMarker( |
| 131 "CryptohomeRemove-Start", false); | 131 "CryptohomeRemove-Start", false); |
| 132 cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( | 132 cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( |
| 133 attempt->username, | 133 attempt->credentials.username, |
| 134 base::Bind(&TriggerResolveWithLoginTimeMarker, | 134 base::Bind(&TriggerResolveWithLoginTimeMarker, |
| 135 "CryptohomeRemove-End", | 135 "CryptohomeRemove-End", |
| 136 attempt, | 136 attempt, |
| 137 resolver)); | 137 resolver)); |
| 138 } | 138 } |
| 139 | 139 |
| 140 // Calls cryptohome's key check method. | 140 // Calls cryptohome's key check method. |
| 141 void CheckKey(AuthAttemptState* attempt, | 141 void CheckKey(AuthAttemptState* attempt, |
| 142 scoped_refptr<ParallelAuthenticator> resolver) { | 142 scoped_refptr<ParallelAuthenticator> resolver) { |
| 143 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 143 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 144 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( | 144 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( |
| 145 attempt->username, | 145 attempt->credentials.username, |
| 146 attempt->ascii_hash, | 146 attempt->ascii_hash, |
| 147 base::Bind(&TriggerResolve, attempt, resolver)); | 147 base::Bind(&TriggerResolve, attempt, resolver)); |
| 148 } | 148 } |
| 149 | 149 |
| 150 // Returns whether the login failure was connection issue. | 150 // Returns whether the login failure was connection issue. |
| 151 bool WasConnectionIssue(const LoginFailure& online_outcome) { | 151 bool WasConnectionIssue(const LoginFailure& online_outcome) { |
| 152 return ((online_outcome.reason() == LoginFailure::LOGIN_TIMED_OUT) || | 152 return ((online_outcome.reason() == LoginFailure::LOGIN_TIMED_OUT) || |
| 153 (online_outcome.error().state() == | 153 (online_outcome.error().state() == |
| 154 GoogleServiceAuthError::CONNECTION_FAILED) || | 154 GoogleServiceAuthError::CONNECTION_FAILED) || |
| 155 (online_outcome.error().state() == | 155 (online_outcome.error().state() == |
| (...skipping 29 matching lines...) Expand all Loading... |
| 185 ephemeral_mount_attempted_(false), | 185 ephemeral_mount_attempted_(false), |
| 186 check_key_attempted_(false), | 186 check_key_attempted_(false), |
| 187 already_reported_success_(false), | 187 already_reported_success_(false), |
| 188 owner_is_verified_(false), | 188 owner_is_verified_(false), |
| 189 user_can_login_(false), | 189 user_can_login_(false), |
| 190 using_oauth_(true) { | 190 using_oauth_(true) { |
| 191 } | 191 } |
| 192 | 192 |
| 193 void ParallelAuthenticator::AuthenticateToLogin( | 193 void ParallelAuthenticator::AuthenticateToLogin( |
| 194 Profile* profile, | 194 Profile* profile, |
| 195 const std::string& username, | 195 const UserCredentials& credentials, |
| 196 const std::string& password, | |
| 197 const std::string& login_token, | 196 const std::string& login_token, |
| 198 const std::string& login_captcha) { | 197 const std::string& login_captcha) { |
| 199 std::string canonicalized = gaia::CanonicalizeEmail(username); | 198 std::string canonicalized = gaia::CanonicalizeEmail(credentials.username); |
| 200 authentication_profile_ = profile; | 199 authentication_profile_ = profile; |
| 201 current_state_.reset( | 200 current_state_.reset( |
| 202 new AuthAttemptState( | 201 new AuthAttemptState( |
| 203 canonicalized, | 202 UserCredentials(canonicalized, |
| 204 password, | 203 credentials.password, |
| 205 HashPassword(password), | 204 credentials.auth_code), |
| 205 HashPassword(credentials.password), |
| 206 login_token, | 206 login_token, |
| 207 login_captcha, | 207 login_captcha, |
| 208 User::USER_TYPE_REGULAR, | 208 User::USER_TYPE_REGULAR, |
| 209 !UserManager::Get()->IsKnownUser(canonicalized))); | 209 !UserManager::Get()->IsKnownUser(canonicalized))); |
| 210 // Reset the verified flag. | 210 // Reset the verified flag. |
| 211 owner_is_verified_ = false; | 211 owner_is_verified_ = false; |
| 212 | 212 |
| 213 BrowserThread::PostTask( | 213 BrowserThread::PostTask( |
| 214 BrowserThread::UI, FROM_HERE, | 214 BrowserThread::UI, FROM_HERE, |
| 215 base::Bind(&Mount, | 215 base::Bind(&Mount, |
| 216 current_state_.get(), | 216 current_state_.get(), |
| 217 scoped_refptr<ParallelAuthenticator>(this), | 217 scoped_refptr<ParallelAuthenticator>(this), |
| 218 cryptohome::MOUNT_FLAGS_NONE)); | 218 cryptohome::MOUNT_FLAGS_NONE)); |
| 219 // ClientLogin authentication check should happen immediately here. | 219 // ClientLogin authentication check should happen immediately here. |
| 220 // We should not try OAuthLogin check until the profile loads. | 220 // We should not try OAuthLogin check until the profile loads. |
| 221 if (!using_oauth_) { | 221 if (!using_oauth_) { |
| 222 // Initiate ClientLogin-based post authentication. | 222 // Initiate ClientLogin-based post authentication. |
| 223 current_online_.reset(new OnlineAttempt(current_state_.get(), | 223 current_online_.reset(new OnlineAttempt(current_state_.get(), |
| 224 this)); | 224 this)); |
| 225 current_online_->Initiate(profile); | 225 current_online_->Initiate(profile); |
| 226 } | 226 } |
| 227 } | 227 } |
| 228 | 228 |
| 229 void ParallelAuthenticator::CompleteLogin(Profile* profile, | 229 void ParallelAuthenticator::CompleteLogin(Profile* profile, |
| 230 const std::string& username, | 230 const UserCredentials& credentials) { |
| 231 const std::string& password) { | 231 std::string canonicalized = gaia::CanonicalizeEmail(credentials.username); |
| 232 std::string canonicalized = gaia::CanonicalizeEmail(username); | |
| 233 authentication_profile_ = profile; | 232 authentication_profile_ = profile; |
| 234 current_state_.reset( | 233 current_state_.reset( |
| 235 new AuthAttemptState( | 234 new AuthAttemptState( |
| 236 canonicalized, | 235 UserCredentials(canonicalized, |
| 237 password, | 236 credentials.password, |
| 238 HashPassword(password), | 237 credentials.auth_code), |
| 238 HashPassword(credentials.password), |
| 239 !UserManager::Get()->IsKnownUser(canonicalized))); | 239 !UserManager::Get()->IsKnownUser(canonicalized))); |
| 240 | 240 |
| 241 // Reset the verified flag. | 241 // Reset the verified flag. |
| 242 owner_is_verified_ = false; | 242 owner_is_verified_ = false; |
| 243 | 243 |
| 244 BrowserThread::PostTask( | 244 BrowserThread::PostTask( |
| 245 BrowserThread::UI, FROM_HERE, | 245 BrowserThread::UI, FROM_HERE, |
| 246 base::Bind(&Mount, | 246 base::Bind(&Mount, |
| 247 current_state_.get(), | 247 current_state_.get(), |
| 248 scoped_refptr<ParallelAuthenticator>(this), | 248 scoped_refptr<ParallelAuthenticator>(this), |
| (...skipping 10 matching lines...) Expand all Loading... |
| 259 } else { | 259 } else { |
| 260 // For login completion from extension, we just need to resolve the current | 260 // For login completion from extension, we just need to resolve the current |
| 261 // auth attempt state, the rest of OAuth related tasks will be done in | 261 // auth attempt state, the rest of OAuth related tasks will be done in |
| 262 // parallel. | 262 // parallel. |
| 263 BrowserThread::PostTask( | 263 BrowserThread::PostTask( |
| 264 BrowserThread::UI, FROM_HERE, | 264 BrowserThread::UI, FROM_HERE, |
| 265 base::Bind(&ParallelAuthenticator::ResolveLoginCompletionStatus, this)); | 265 base::Bind(&ParallelAuthenticator::ResolveLoginCompletionStatus, this)); |
| 266 } | 266 } |
| 267 } | 267 } |
| 268 | 268 |
| 269 void ParallelAuthenticator::AuthenticateToUnlock(const std::string& username, | 269 void ParallelAuthenticator::AuthenticateToUnlock( |
| 270 const std::string& password) { | 270 const UserCredentials& credentials) { |
| 271 current_state_.reset( | 271 current_state_.reset( |
| 272 new AuthAttemptState( | 272 new AuthAttemptState( |
| 273 gaia::CanonicalizeEmail(username), | 273 gaia::CanonicalizeEmail(credentials.username), |
| 274 HashPassword(password))); | 274 HashPassword(credentials.password))); |
| 275 check_key_attempted_ = true; | 275 check_key_attempted_ = true; |
| 276 BrowserThread::PostTask( | 276 BrowserThread::PostTask( |
| 277 BrowserThread::UI, FROM_HERE, | 277 BrowserThread::UI, FROM_HERE, |
| 278 base::Bind(&CheckKey, | 278 base::Bind(&CheckKey, |
| 279 current_state_.get(), | 279 current_state_.get(), |
| 280 scoped_refptr<ParallelAuthenticator>(this))); | 280 scoped_refptr<ParallelAuthenticator>(this))); |
| 281 } | 281 } |
| 282 | 282 |
| 283 void ParallelAuthenticator::LoginAsLocallyManagedUser( | 283 void ParallelAuthenticator::LoginAsLocallyManagedUser( |
| 284 const std::string& username, | 284 const UserCredentials& credentials) { |
| 285 const std::string& password) { | |
| 286 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 285 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 287 // TODO(nkostylev): Pass proper value for |user_is_new| or remove (not used). | 286 // TODO(nkostylev): Pass proper value for |user_is_new| or remove (not used). |
| 288 current_state_.reset( | 287 current_state_.reset( |
| 289 new AuthAttemptState(username, password, | 288 new AuthAttemptState(credentials, |
| 290 HashPassword(password), | 289 HashPassword(credentials.password), |
| 291 "", "", | 290 "", // login_token |
| 291 "", // login_captcha |
| 292 User::USER_TYPE_LOCALLY_MANAGED, | 292 User::USER_TYPE_LOCALLY_MANAGED, |
| 293 false)); | 293 false)); |
| 294 Mount(current_state_.get(), | 294 Mount(current_state_.get(), |
| 295 scoped_refptr<ParallelAuthenticator>(this), | 295 scoped_refptr<ParallelAuthenticator>(this), |
| 296 cryptohome::CREATE_IF_MISSING); | 296 cryptohome::CREATE_IF_MISSING); |
| 297 } | 297 } |
| 298 | 298 |
| 299 void ParallelAuthenticator::LoginRetailMode() { | 299 void ParallelAuthenticator::LoginRetailMode() { |
| 300 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 300 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 301 // Note: |kRetailModeUserEMail| is used in other places to identify a retail | 301 // Note: |kRetailModeUserEMail| is used in other places to identify a retail |
| 302 // mode session. | 302 // mode session. |
| 303 current_state_.reset(new AuthAttemptState(kRetailModeUserEMail, | 303 current_state_.reset(new AuthAttemptState( |
| 304 "", "", "", "", | 304 UserCredentials(kRetailModeUserEMail, |
| 305 User::USER_TYPE_RETAIL_MODE, | 305 "", // password |
| 306 false)); | 306 ""), // auth_code |
| 307 "", // ascii_hash |
| 308 "", // login_token |
| 309 "", // login_captcha |
| 310 User::USER_TYPE_RETAIL_MODE, |
| 311 false)); |
| 307 ephemeral_mount_attempted_ = true; | 312 ephemeral_mount_attempted_ = true; |
| 308 MountGuest(current_state_.get(), | 313 MountGuest(current_state_.get(), |
| 309 scoped_refptr<ParallelAuthenticator>(this)); | 314 scoped_refptr<ParallelAuthenticator>(this)); |
| 310 } | 315 } |
| 311 | 316 |
| 312 void ParallelAuthenticator::LoginOffTheRecord() { | 317 void ParallelAuthenticator::LoginOffTheRecord() { |
| 313 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 318 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 314 current_state_.reset(new AuthAttemptState("", "", "", "", "", | 319 current_state_.reset(new AuthAttemptState( |
| 315 User::USER_TYPE_GUEST, | 320 UserCredentials("", // username |
| 316 false)); | 321 "", // password |
| 322 ""), // auth_code |
| 323 "", // ascii_hash |
| 324 "", // login_token |
| 325 "", // login_captcha |
| 326 User::USER_TYPE_GUEST, |
| 327 false)); |
| 317 ephemeral_mount_attempted_ = true; | 328 ephemeral_mount_attempted_ = true; |
| 318 MountGuest(current_state_.get(), | 329 MountGuest(current_state_.get(), |
| 319 scoped_refptr<ParallelAuthenticator>(this)); | 330 scoped_refptr<ParallelAuthenticator>(this)); |
| 320 } | 331 } |
| 321 | 332 |
| 322 void ParallelAuthenticator::LoginAsPublicAccount(const std::string& username) { | 333 void ParallelAuthenticator::LoginAsPublicAccount(const std::string& username) { |
| 323 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 334 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 324 current_state_.reset(new AuthAttemptState(username, "", "", "", "", | 335 current_state_.reset(new AuthAttemptState( |
| 325 User::USER_TYPE_PUBLIC_ACCOUNT, | 336 UserCredentials(username, |
| 326 false)); | 337 "", // password |
| 338 ""), // auth_code |
| 339 "", // ascii_hash |
| 340 "", // login_token |
| 341 "", // login_captcha |
| 342 User::USER_TYPE_PUBLIC_ACCOUNT, |
| 343 false)); |
| 327 ephemeral_mount_attempted_ = true; | 344 ephemeral_mount_attempted_ = true; |
| 328 Mount(current_state_.get(), | 345 Mount(current_state_.get(), |
| 329 scoped_refptr<ParallelAuthenticator>(this), | 346 scoped_refptr<ParallelAuthenticator>(this), |
| 330 cryptohome::CREATE_IF_MISSING | cryptohome::ENSURE_EPHEMERAL); | 347 cryptohome::CREATE_IF_MISSING | cryptohome::ENSURE_EPHEMERAL); |
| 331 } | 348 } |
| 332 | 349 |
| 333 void ParallelAuthenticator::OnRetailModeLoginSuccess() { | 350 void ParallelAuthenticator::OnRetailModeLoginSuccess() { |
| 334 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 351 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 335 VLOG(1) << "Retail mode login success"; | 352 VLOG(1) << "Retail mode login success"; |
| 336 // Send notification of success | 353 // Send notification of success |
| (...skipping 13 matching lines...) Expand all Loading... |
| 350 AuthenticationNotificationDetails details(true); | 367 AuthenticationNotificationDetails details(true); |
| 351 content::NotificationService::current()->Notify( | 368 content::NotificationService::current()->Notify( |
| 352 chrome::NOTIFICATION_LOGIN_AUTHENTICATION, | 369 chrome::NOTIFICATION_LOGIN_AUTHENTICATION, |
| 353 content::NotificationService::AllSources(), | 370 content::NotificationService::AllSources(), |
| 354 content::Details<AuthenticationNotificationDetails>(&details)); | 371 content::Details<AuthenticationNotificationDetails>(&details)); |
| 355 { | 372 { |
| 356 base::AutoLock for_this_block(success_lock_); | 373 base::AutoLock for_this_block(success_lock_); |
| 357 already_reported_success_ = true; | 374 already_reported_success_ = true; |
| 358 } | 375 } |
| 359 if (consumer_) | 376 if (consumer_) |
| 360 consumer_->OnLoginSuccess(current_state_->username, | 377 consumer_->OnLoginSuccess(current_state_->credentials, |
| 361 current_state_->password, | |
| 362 request_pending, | 378 request_pending, |
| 363 using_oauth_); | 379 using_oauth_); |
| 364 } | 380 } |
| 365 | 381 |
| 366 void ParallelAuthenticator::OnOffTheRecordLoginSuccess() { | 382 void ParallelAuthenticator::OnOffTheRecordLoginSuccess() { |
| 367 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 383 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 368 // Send notification of success | 384 // Send notification of success |
| 369 AuthenticationNotificationDetails details(true); | 385 AuthenticationNotificationDetails details(true); |
| 370 content::NotificationService::current()->Notify( | 386 content::NotificationService::current()->Notify( |
| 371 chrome::NOTIFICATION_LOGIN_AUTHENTICATION, | 387 chrome::NOTIFICATION_LOGIN_AUTHENTICATION, |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 436 CrosSettings::Get()->GetBoolean(kPolicyMissingMitigationMode, &is_safe_mode); | 452 CrosSettings::Get()->GetBoolean(kPolicyMissingMitigationMode, &is_safe_mode); |
| 437 if (!is_safe_mode) { | 453 if (!is_safe_mode) { |
| 438 // Now we can continue with the login and report mount success. | 454 // Now we can continue with the login and report mount success. |
| 439 user_can_login_ = true; | 455 user_can_login_ = true; |
| 440 owner_is_verified_ = true; | 456 owner_is_verified_ = true; |
| 441 return true; | 457 return true; |
| 442 } | 458 } |
| 443 // First we have to make sure the current user's cert store is available. | 459 // First we have to make sure the current user's cert store is available. |
| 444 CrosLibrary::Get()->GetCertLibrary()->LoadKeyStore(); | 460 CrosLibrary::Get()->GetCertLibrary()->LoadKeyStore(); |
| 445 // Now we can continue reading the private key. | 461 // Now we can continue reading the private key. |
| 446 DeviceSettingsService::Get()->SetUsername(current_state_->username); | 462 DeviceSettingsService::Get()->SetUsername( |
| 463 current_state_->credentials.username); |
| 447 DeviceSettingsService::Get()->GetOwnershipStatusAsync( | 464 DeviceSettingsService::Get()->GetOwnershipStatusAsync( |
| 448 base::Bind(&ParallelAuthenticator::OnOwnershipChecked, this)); | 465 base::Bind(&ParallelAuthenticator::OnOwnershipChecked, this)); |
| 449 return false; | 466 return false; |
| 450 } | 467 } |
| 451 | 468 |
| 452 void ParallelAuthenticator::OnOwnershipChecked( | 469 void ParallelAuthenticator::OnOwnershipChecked( |
| 453 DeviceSettingsService::OwnershipStatus status, | 470 DeviceSettingsService::OwnershipStatus status, |
| 454 bool is_owner) { | 471 bool is_owner) { |
| 455 // Now we can check if this user is the owner. | 472 // Now we can check if this user is the owner. |
| 456 user_can_login_ = is_owner; | 473 user_can_login_ = is_owner; |
| 457 owner_is_verified_ = true; | 474 owner_is_verified_ = true; |
| 458 Resolve(); | 475 Resolve(); |
| 459 } | 476 } |
| 460 | 477 |
| 461 void ParallelAuthenticator::RetryAuth(Profile* profile, | 478 void ParallelAuthenticator::RetryAuth(Profile* profile, |
| 462 const std::string& username, | 479 const UserCredentials& credentials, |
| 463 const std::string& password, | |
| 464 const std::string& login_token, | 480 const std::string& login_token, |
| 465 const std::string& login_captcha) { | 481 const std::string& login_captcha) { |
| 466 reauth_state_.reset( | 482 reauth_state_.reset( |
| 467 new AuthAttemptState( | 483 new AuthAttemptState( |
| 468 gaia::CanonicalizeEmail(username), | 484 UserCredentials(gaia::CanonicalizeEmail(credentials.username), |
| 469 password, | 485 credentials.password, |
| 470 HashPassword(password), | 486 credentials.auth_code), |
| 487 HashPassword(credentials.password), |
| 471 login_token, | 488 login_token, |
| 472 login_captcha, | 489 login_captcha, |
| 473 User::USER_TYPE_REGULAR, | 490 User::USER_TYPE_REGULAR, |
| 474 false /* not a new user */)); | 491 false /* not a new user */)); |
| 475 // Always use ClientLogin regardless of using_oauth flag. This is because | 492 // Always use ClientLogin regardless of using_oauth flag. This is because |
| 476 // we are unable to renew oauth token on lock screen currently and will | 493 // we are unable to renew oauth token on lock screen currently and will |
| 477 // stuck with lock screen if we use OAuthLogin here. | 494 // stuck with lock screen if we use OAuthLogin here. |
| 478 // TODO(xiyuan): Revisit this after we support Gaia in lock screen. | 495 // TODO(xiyuan): Revisit this after we support Gaia in lock screen. |
| 479 current_online_.reset(new OnlineAttempt(reauth_state_.get(), | 496 current_online_.reset(new OnlineAttempt(reauth_state_.get(), |
| 480 this)); | 497 this)); |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 572 BrowserThread::PostTask( | 589 BrowserThread::PostTask( |
| 573 BrowserThread::UI, FROM_HERE, | 590 BrowserThread::UI, FROM_HERE, |
| 574 base::Bind(&ParallelAuthenticator::OnLoginFailure, this, | 591 base::Bind(&ParallelAuthenticator::OnLoginFailure, this, |
| 575 login_failure)); | 592 login_failure)); |
| 576 // Check if we couldn't verify OAuth token here. | 593 // Check if we couldn't verify OAuth token here. |
| 577 if (using_oauth_ && | 594 if (using_oauth_ && |
| 578 login_failure.reason() == LoginFailure::NETWORK_AUTH_FAILED) { | 595 login_failure.reason() == LoginFailure::NETWORK_AUTH_FAILED) { |
| 579 BrowserThread::PostTask( | 596 BrowserThread::PostTask( |
| 580 BrowserThread::UI, FROM_HERE, | 597 BrowserThread::UI, FROM_HERE, |
| 581 base::Bind(&ParallelAuthenticator::RecordOAuthCheckFailure, this, | 598 base::Bind(&ParallelAuthenticator::RecordOAuthCheckFailure, this, |
| 582 (reauth_state_.get() ? reauth_state_->username : | 599 (reauth_state_.get() ? |
| 583 current_state_->username))); | 600 reauth_state_->credentials.username : |
| 601 current_state_->credentials.username))); |
| 584 } | 602 } |
| 585 break; | 603 break; |
| 586 } | 604 } |
| 587 case HAVE_NEW_PW: | 605 case HAVE_NEW_PW: |
| 588 migrate_attempted_ = true; | 606 migrate_attempted_ = true; |
| 589 BrowserThread::PostTask( | 607 BrowserThread::PostTask( |
| 590 BrowserThread::UI, FROM_HERE, | 608 BrowserThread::UI, FROM_HERE, |
| 591 base::Bind(&Migrate, | 609 base::Bind(&Migrate, |
| 592 reauth_state_.get(), | 610 reauth_state_.get(), |
| 593 scoped_refptr<ParallelAuthenticator>(this), | 611 scoped_refptr<ParallelAuthenticator>(this), |
| (...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 844 Resolve(); | 862 Resolve(); |
| 845 } | 863 } |
| 846 | 864 |
| 847 void ParallelAuthenticator::SetOwnerState(bool owner_check_finished, | 865 void ParallelAuthenticator::SetOwnerState(bool owner_check_finished, |
| 848 bool check_result) { | 866 bool check_result) { |
| 849 owner_is_verified_ = owner_check_finished; | 867 owner_is_verified_ = owner_check_finished; |
| 850 user_can_login_ = check_result; | 868 user_can_login_ = check_result; |
| 851 } | 869 } |
| 852 | 870 |
| 853 } // namespace chromeos | 871 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12704002:
Support for auth code based authentication flow for both app and web UI driven flow. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src