OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/login/parallel_authenticator.h" | 5 #include "chrome/browser/chromeos/login/parallel_authenticator.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 18 matching lines...) Expand all Loading... |
29 #include "crypto/sha2.h" | 29 #include "crypto/sha2.h" |
30 #include "google_apis/gaia/gaia_auth_util.h" | 30 #include "google_apis/gaia/gaia_auth_util.h" |
31 #include "third_party/cros_system_api/dbus/service_constants.h" | 31 #include "third_party/cros_system_api/dbus/service_constants.h" |
32 | 32 |
33 using content::BrowserThread; | 33 using content::BrowserThread; |
34 | 34 |
35 namespace chromeos { | 35 namespace chromeos { |
36 | 36 |
37 namespace { | 37 namespace { |
38 | 38 |
39 // Milliseconds until we timeout our attempt to hit ClientLogin. | |
40 const int kClientLoginTimeoutMs = 10000; | |
41 | |
42 // Length of password hashed with SHA-256. | 39 // Length of password hashed with SHA-256. |
43 const int kPasswordHashLength = 32; | 40 const int kPasswordHashLength = 32; |
44 | 41 |
45 // Records status and calls resolver->Resolve(). | 42 // Records status and calls resolver->Resolve(). |
46 void TriggerResolve(AuthAttemptState* attempt, | 43 void TriggerResolve(AuthAttemptState* attempt, |
47 scoped_refptr<ParallelAuthenticator> resolver, | 44 scoped_refptr<ParallelAuthenticator> resolver, |
48 bool success, | 45 bool success, |
49 cryptohome::MountError return_code) { | 46 cryptohome::MountError return_code) { |
50 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 47 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
51 attempt->RecordCryptohomeStatus(success, return_code); | 48 attempt->RecordCryptohomeStatus(success, return_code); |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
157 // Calls cryptohome's key check method. | 154 // Calls cryptohome's key check method. |
158 void CheckKey(AuthAttemptState* attempt, | 155 void CheckKey(AuthAttemptState* attempt, |
159 scoped_refptr<ParallelAuthenticator> resolver) { | 156 scoped_refptr<ParallelAuthenticator> resolver) { |
160 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 157 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
161 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( | 158 cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( |
162 attempt->user_context.username, | 159 attempt->user_context.username, |
163 attempt->ascii_hash, | 160 attempt->ascii_hash, |
164 base::Bind(&TriggerResolve, attempt, resolver)); | 161 base::Bind(&TriggerResolve, attempt, resolver)); |
165 } | 162 } |
166 | 163 |
167 // Returns whether the login failure was connection issue. | |
168 bool WasConnectionIssue(const LoginFailure& online_outcome) { | |
169 return ((online_outcome.reason() == LoginFailure::LOGIN_TIMED_OUT) || | |
170 (online_outcome.error().state() == | |
171 GoogleServiceAuthError::CONNECTION_FAILED) || | |
172 (online_outcome.error().state() == | |
173 GoogleServiceAuthError::REQUEST_CANCELED)); | |
174 } | |
175 | |
176 // Returns hash of |password|, salted with the system salt. | 164 // Returns hash of |password|, salted with the system salt. |
177 std::string HashPassword(const std::string& password) { | 165 std::string HashPassword(const std::string& password) { |
178 // Get salt, ascii encode, update sha with that, then update with ascii | 166 // Get salt, ascii encode, update sha with that, then update with ascii |
179 // of password, then end. | 167 // of password, then end. |
180 std::string ascii_salt = CryptohomeLibrary::Get()->GetSystemSalt(); | 168 std::string ascii_salt = CryptohomeLibrary::Get()->GetSystemSalt(); |
181 char passhash_buf[kPasswordHashLength]; | 169 char passhash_buf[kPasswordHashLength]; |
182 | 170 |
183 // Hash salt and password | 171 // Hash salt and password |
184 crypto::SHA256HashString(ascii_salt + password, | 172 crypto::SHA256HashString(ascii_salt + password, |
185 &passhash_buf, sizeof(passhash_buf)); | 173 &passhash_buf, sizeof(passhash_buf)); |
(...skipping 15 matching lines...) Expand all Loading... |
201 ephemeral_mount_attempted_(false), | 189 ephemeral_mount_attempted_(false), |
202 check_key_attempted_(false), | 190 check_key_attempted_(false), |
203 already_reported_success_(false), | 191 already_reported_success_(false), |
204 owner_is_verified_(false), | 192 owner_is_verified_(false), |
205 user_can_login_(false), | 193 user_can_login_(false), |
206 using_oauth_(true) { | 194 using_oauth_(true) { |
207 } | 195 } |
208 | 196 |
209 void ParallelAuthenticator::AuthenticateToLogin( | 197 void ParallelAuthenticator::AuthenticateToLogin( |
210 Profile* profile, | 198 Profile* profile, |
211 const UserContext& user_context, | 199 const UserContext& user_context) { |
212 const std::string& login_token, | |
213 const std::string& login_captcha) { | |
214 std::string canonicalized = gaia::CanonicalizeEmail(user_context.username); | 200 std::string canonicalized = gaia::CanonicalizeEmail(user_context.username); |
215 authentication_profile_ = profile; | 201 authentication_profile_ = profile; |
216 current_state_.reset( | 202 current_state_.reset( |
217 new AuthAttemptState( | 203 new AuthAttemptState( |
218 UserContext(canonicalized, | 204 UserContext(canonicalized, |
219 user_context.password, | 205 user_context.password, |
220 user_context.auth_code), | 206 user_context.auth_code), |
221 HashPassword(user_context.password), | 207 HashPassword(user_context.password), |
222 login_token, | 208 std::string(), // login_token, not used. |
223 login_captcha, | 209 std::string(), // login_captcha, not used. |
224 User::USER_TYPE_REGULAR, | 210 User::USER_TYPE_REGULAR, |
225 !UserManager::Get()->IsKnownUser(canonicalized))); | 211 !UserManager::Get()->IsKnownUser(canonicalized))); |
226 // Reset the verified flag. | 212 // Reset the verified flag. |
227 owner_is_verified_ = false; | 213 owner_is_verified_ = false; |
228 | 214 |
229 BrowserThread::PostTask( | 215 BrowserThread::PostTask( |
230 BrowserThread::UI, FROM_HERE, | 216 BrowserThread::UI, FROM_HERE, |
231 base::Bind(&Mount, | 217 base::Bind(&Mount, |
232 current_state_.get(), | 218 current_state_.get(), |
233 scoped_refptr<ParallelAuthenticator>(this), | 219 scoped_refptr<ParallelAuthenticator>(this), |
(...skipping 28 matching lines...) Expand all Loading... |
262 base::Bind(&Mount, | 248 base::Bind(&Mount, |
263 current_state_.get(), | 249 current_state_.get(), |
264 scoped_refptr<ParallelAuthenticator>(this), | 250 scoped_refptr<ParallelAuthenticator>(this), |
265 cryptohome::MOUNT_FLAGS_NONE)); | 251 cryptohome::MOUNT_FLAGS_NONE)); |
266 | 252 |
267 if (!using_oauth_) { | 253 if (!using_oauth_) { |
268 // Test automation needs to disable oauth, but that leads to other | 254 // Test automation needs to disable oauth, but that leads to other |
269 // services not being able to fetch a token, leading to browser crashes. | 255 // services not being able to fetch a token, leading to browser crashes. |
270 // So initiate ClientLogin-based post authentication. | 256 // So initiate ClientLogin-based post authentication. |
271 // TODO(xiyuan): This should not be required. | 257 // TODO(xiyuan): This should not be required. |
| 258 // Context: http://crbug.com/201374 |
272 current_online_.reset(new OnlineAttempt(current_state_.get(), | 259 current_online_.reset(new OnlineAttempt(current_state_.get(), |
273 this)); | 260 this)); |
274 current_online_->Initiate(profile); | 261 current_online_->Initiate(profile); |
275 } else { | 262 } else { |
276 // For login completion from extension, we just need to resolve the current | 263 // For login completion from extension, we just need to resolve the current |
277 // auth attempt state, the rest of OAuth related tasks will be done in | 264 // auth attempt state, the rest of OAuth related tasks will be done in |
278 // parallel. | 265 // parallel. |
279 BrowserThread::PostTask( | 266 BrowserThread::PostTask( |
280 BrowserThread::UI, FROM_HERE, | 267 BrowserThread::UI, FROM_HERE, |
281 base::Bind(&ParallelAuthenticator::ResolveLoginCompletionStatus, this)); | 268 base::Bind(&ParallelAuthenticator::ResolveLoginCompletionStatus, this)); |
(...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
419 AuthenticationNotificationDetails details(false); | 406 AuthenticationNotificationDetails details(false); |
420 content::NotificationService::current()->Notify( | 407 content::NotificationService::current()->Notify( |
421 chrome::NOTIFICATION_LOGIN_AUTHENTICATION, | 408 chrome::NOTIFICATION_LOGIN_AUTHENTICATION, |
422 content::NotificationService::AllSources(), | 409 content::NotificationService::AllSources(), |
423 content::Details<AuthenticationNotificationDetails>(&details)); | 410 content::Details<AuthenticationNotificationDetails>(&details)); |
424 LOG(WARNING) << "Login failed: " << error.GetErrorString(); | 411 LOG(WARNING) << "Login failed: " << error.GetErrorString(); |
425 if (consumer_) | 412 if (consumer_) |
426 consumer_->OnLoginFailure(error); | 413 consumer_->OnLoginFailure(error); |
427 } | 414 } |
428 | 415 |
429 void ParallelAuthenticator::RecordOAuthCheckFailure( | |
430 const std::string& user_name) { | |
431 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
432 DCHECK(using_oauth_); | |
433 // Mark this account's OAuth token state as invalid in the local state. | |
434 UserManager::Get()->SaveUserOAuthStatus( | |
435 user_name, | |
436 User::OAUTH2_TOKEN_STATUS_INVALID); | |
437 } | |
438 | |
439 void ParallelAuthenticator::RecoverEncryptedData( | 416 void ParallelAuthenticator::RecoverEncryptedData( |
440 const std::string& old_password) { | 417 const std::string& old_password) { |
441 std::string old_hash = HashPassword(old_password); | 418 std::string old_hash = HashPassword(old_password); |
442 migrate_attempted_ = true; | 419 migrate_attempted_ = true; |
443 current_state_->ResetCryptohomeStatus(); | 420 current_state_->ResetCryptohomeStatus(); |
444 BrowserThread::PostTask( | 421 BrowserThread::PostTask( |
445 BrowserThread::UI, FROM_HERE, | 422 BrowserThread::UI, FROM_HERE, |
446 base::Bind(&Migrate, | 423 base::Bind(&Migrate, |
447 current_state_.get(), | 424 current_state_.get(), |
448 scoped_refptr<ParallelAuthenticator>(this), | 425 scoped_refptr<ParallelAuthenticator>(this), |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
482 | 459 |
483 void ParallelAuthenticator::OnOwnershipChecked( | 460 void ParallelAuthenticator::OnOwnershipChecked( |
484 DeviceSettingsService::OwnershipStatus status, | 461 DeviceSettingsService::OwnershipStatus status, |
485 bool is_owner) { | 462 bool is_owner) { |
486 // Now we can check if this user is the owner. | 463 // Now we can check if this user is the owner. |
487 user_can_login_ = is_owner; | 464 user_can_login_ = is_owner; |
488 owner_is_verified_ = true; | 465 owner_is_verified_ = true; |
489 Resolve(); | 466 Resolve(); |
490 } | 467 } |
491 | 468 |
492 void ParallelAuthenticator::RetryAuth(Profile* profile, | |
493 const UserContext& user_context, | |
494 const std::string& login_token, | |
495 const std::string& login_captcha) { | |
496 reauth_state_.reset( | |
497 new AuthAttemptState( | |
498 UserContext(gaia::CanonicalizeEmail(user_context.username), | |
499 user_context.password, | |
500 user_context.auth_code), | |
501 HashPassword(user_context.password), | |
502 login_token, | |
503 login_captcha, | |
504 User::USER_TYPE_REGULAR, | |
505 false /* not a new user */)); | |
506 // Always use ClientLogin regardless of using_oauth flag. This is because | |
507 // we are unable to renew oauth token on lock screen currently and will | |
508 // stuck with lock screen if we use OAuthLogin here. | |
509 // TODO(xiyuan): Revisit this after we support Gaia in lock screen. | |
510 current_online_.reset(new OnlineAttempt(reauth_state_.get(), | |
511 this)); | |
512 current_online_->Initiate(profile); | |
513 } | |
514 | |
515 | |
516 void ParallelAuthenticator::Resolve() { | 469 void ParallelAuthenticator::Resolve() { |
517 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 470 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
518 bool request_pending = false; | 471 bool request_pending = false; |
519 int mount_flags = cryptohome::MOUNT_FLAGS_NONE; | 472 int mount_flags = cryptohome::MOUNT_FLAGS_NONE; |
520 ParallelAuthenticator::AuthState state = ResolveState(); | 473 ParallelAuthenticator::AuthState state = ResolveState(); |
521 VLOG(1) << "Resolved state to: " << state; | 474 VLOG(1) << "Resolved state to: " << state; |
522 switch (state) { | 475 switch (state) { |
523 case CONTINUE: | 476 case CONTINUE: |
524 case POSSIBLE_PW_CHANGE: | 477 case POSSIBLE_PW_CHANGE: |
525 case NO_MOUNT: | 478 case NO_MOUNT: |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
569 current_state_.get(), | 522 current_state_.get(), |
570 scoped_refptr<ParallelAuthenticator>(this), | 523 scoped_refptr<ParallelAuthenticator>(this), |
571 mount_flags)); | 524 mount_flags)); |
572 break; | 525 break; |
573 case NEED_OLD_PW: | 526 case NEED_OLD_PW: |
574 BrowserThread::PostTask( | 527 BrowserThread::PostTask( |
575 BrowserThread::UI, FROM_HERE, | 528 BrowserThread::UI, FROM_HERE, |
576 base::Bind(&ParallelAuthenticator::OnPasswordChangeDetected, this)); | 529 base::Bind(&ParallelAuthenticator::OnPasswordChangeDetected, this)); |
577 break; | 530 break; |
578 case ONLINE_FAILED: | 531 case ONLINE_FAILED: |
579 // In this case, we know online login was rejected because the account | 532 case NEED_NEW_PW: |
580 // is disabled or something similarly fatal. Sending the user through | |
581 // the same path they get when their password is rejected is cleaner | |
582 // for now. | |
583 // TODO(cmasone): optimize this so that we don't send the user through | |
584 // the 'changed password' path when we know doing so won't succeed. | |
585 case NEED_NEW_PW: { | |
586 { | |
587 base::AutoLock for_this_block(success_lock_); | |
588 if (!already_reported_success_) { | |
589 // This allows us to present the same behavior for "online: | |
590 // fail, offline: ok", regardless of the order in which we | |
591 // receive the results. There will be cases in which we get | |
592 // the online failure some time after the offline success, | |
593 // so we just force all cases in this category to present like this: | |
594 // OnLoginSuccess(..., ..., true) -> OnLoginFailure(). | |
595 BrowserThread::PostTask( | |
596 BrowserThread::UI, FROM_HERE, | |
597 base::Bind(&ParallelAuthenticator::OnLoginSuccess, | |
598 this, | |
599 true)); | |
600 } | |
601 } | |
602 const LoginFailure& login_failure = | |
603 reauth_state_.get() ? reauth_state_->online_outcome() : | |
604 current_state_->online_outcome(); | |
605 BrowserThread::PostTask( | |
606 BrowserThread::UI, FROM_HERE, | |
607 base::Bind(&ParallelAuthenticator::OnLoginFailure, this, | |
608 login_failure)); | |
609 // Check if we couldn't verify OAuth token here. | |
610 if (using_oauth_ && | |
611 login_failure.reason() == LoginFailure::NETWORK_AUTH_FAILED) { | |
612 BrowserThread::PostTask( | |
613 BrowserThread::UI, FROM_HERE, | |
614 base::Bind(&ParallelAuthenticator::RecordOAuthCheckFailure, this, | |
615 (reauth_state_.get() ? | |
616 reauth_state_->user_context.username : | |
617 current_state_->user_context.username))); | |
618 } | |
619 break; | |
620 } | |
621 case HAVE_NEW_PW: | 533 case HAVE_NEW_PW: |
622 migrate_attempted_ = true; | 534 NOTREACHED() << "Using obsolete ClientLogin code path."; |
623 BrowserThread::PostTask( | |
624 BrowserThread::UI, FROM_HERE, | |
625 base::Bind(&Migrate, | |
626 reauth_state_.get(), | |
627 scoped_refptr<ParallelAuthenticator>(this), | |
628 true, | |
629 current_state_->ascii_hash)); | |
630 break; | 535 break; |
631 case OFFLINE_LOGIN: | 536 case OFFLINE_LOGIN: |
632 VLOG(2) << "Offline login"; | 537 VLOG(2) << "Offline login"; |
633 // Marking request_pending to false when using OAuth because OAuth related | 538 // Marking request_pending to false when using OAuth because OAuth related |
634 // tasks are performed after user profile is mounted and are not performed | 539 // tasks are performed after user profile is mounted and are not performed |
635 // by ParallelAuthenticator. | 540 // by ParallelAuthenticator. |
636 // TODO(xiyuan): Revert this when we support Gaia in lock screen and | 541 // TODO(xiyuan): Revert this when we support Gaia in lock screen and |
637 // start to use ParallelAuthenticator's VerifyOAuth1AccessToken again. | 542 // start to use ParallelAuthenticator's VerifyOAuth1AccessToken again. |
638 request_pending = using_oauth_ ? | 543 request_pending = using_oauth_ ? |
639 false : | 544 false : |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
712 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 617 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
713 // If we haven't mounted the user's home dir yet or | 618 // If we haven't mounted the user's home dir yet or |
714 // haven't got sanitized username value, we can't be done. | 619 // haven't got sanitized username value, we can't be done. |
715 // We never get past here if any of these two cryptohome ops is still pending. | 620 // We never get past here if any of these two cryptohome ops is still pending. |
716 // This is an important invariant. | 621 // This is an important invariant. |
717 if (!current_state_->cryptohome_complete() || | 622 if (!current_state_->cryptohome_complete() || |
718 !current_state_->username_hash_obtained()) { | 623 !current_state_->username_hash_obtained()) { |
719 return CONTINUE; | 624 return CONTINUE; |
720 } | 625 } |
721 | 626 |
722 AuthState state = (reauth_state_.get() ? ResolveReauthState() : CONTINUE); | 627 AuthState state = CONTINUE; |
723 if (state != CONTINUE) | |
724 return state; | |
725 | 628 |
726 if (current_state_->cryptohome_outcome()) | 629 if (current_state_->cryptohome_outcome()) |
727 state = ResolveCryptohomeSuccessState(); | 630 state = ResolveCryptohomeSuccessState(); |
728 else | 631 else |
729 state = ResolveCryptohomeFailureState(); | 632 state = ResolveCryptohomeFailureState(); |
730 | 633 |
731 DCHECK(current_state_->cryptohome_complete()); // Ensure invariant holds. | 634 DCHECK(current_state_->cryptohome_complete()); // Ensure invariant holds. |
732 migrate_attempted_ = false; | 635 migrate_attempted_ = false; |
733 remove_attempted_ = false; | 636 remove_attempted_ = false; |
734 ephemeral_mount_attempted_ = false; | 637 ephemeral_mount_attempted_ = false; |
735 check_key_attempted_ = false; | 638 check_key_attempted_ = false; |
736 | 639 |
737 if (state != POSSIBLE_PW_CHANGE && | 640 if (state != POSSIBLE_PW_CHANGE && |
738 state != NO_MOUNT && | 641 state != NO_MOUNT && |
739 state != OFFLINE_LOGIN) | 642 state != OFFLINE_LOGIN) |
740 return state; | 643 return state; |
741 | 644 |
742 if (current_state_->online_complete()) { | 645 if (current_state_->online_complete()) { |
743 if (current_state_->online_outcome().reason() == LoginFailure::NONE) { | 646 if (current_state_->online_outcome().reason() == LoginFailure::NONE) { |
744 // Online attempt succeeded as well, so combine the results. | 647 // Online attempt succeeded as well, so combine the results. |
745 return ResolveOnlineSuccessState(state); | 648 return ResolveOnlineSuccessState(state); |
746 } | 649 } |
747 // Online login attempt was rejected or failed to occur. | 650 NOTREACHED() << "Using obsolete ClientLogin code path."; |
748 return ResolveOnlineFailureState(state); | |
749 } | 651 } |
750 // if online isn't complete yet, just return the offline result. | 652 // if online isn't complete yet, just return the offline result. |
751 return state; | 653 return state; |
752 } | 654 } |
753 | 655 |
754 ParallelAuthenticator::AuthState | 656 ParallelAuthenticator::AuthState |
755 ParallelAuthenticator::ResolveReauthState() { | |
756 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
757 if (reauth_state_->cryptohome_complete()) { | |
758 if (!reauth_state_->cryptohome_outcome()) { | |
759 // If we've tried to migrate and failed, log the error and just wait | |
760 // til next time the user logs in to migrate their cryptohome key. | |
761 LOG(ERROR) << "Failed to migrate cryptohome key: " | |
762 << reauth_state_->cryptohome_code(); | |
763 } | |
764 reauth_state_.reset(NULL); | |
765 return ONLINE_LOGIN; | |
766 } | |
767 // Haven't tried the migrate yet, must be processing the online auth attempt. | |
768 if (!reauth_state_->online_complete()) { | |
769 NOTREACHED(); // Shouldn't be here at all, if online reauth isn't done! | |
770 return CONTINUE; | |
771 } | |
772 return (reauth_state_->online_outcome().reason() == LoginFailure::NONE) ? | |
773 HAVE_NEW_PW : NEED_NEW_PW; | |
774 } | |
775 | |
776 ParallelAuthenticator::AuthState | |
777 ParallelAuthenticator::ResolveCryptohomeFailureState() { | 657 ParallelAuthenticator::ResolveCryptohomeFailureState() { |
778 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 658 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
779 if (remove_attempted_) | 659 if (remove_attempted_) |
780 return FAILED_REMOVE; | 660 return FAILED_REMOVE; |
781 if (ephemeral_mount_attempted_) | 661 if (ephemeral_mount_attempted_) |
782 return FAILED_TMPFS; | 662 return FAILED_TMPFS; |
783 if (migrate_attempted_) | 663 if (migrate_attempted_) |
784 return NEED_OLD_PW; | 664 return NEED_OLD_PW; |
785 if (check_key_attempted_) | 665 if (check_key_attempted_) |
786 return LOGIN_FAILED; | 666 return LOGIN_FAILED; |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
833 return PUBLIC_ACCOUNT_LOGIN; | 713 return PUBLIC_ACCOUNT_LOGIN; |
834 if (current_state_->user_type == User::USER_TYPE_LOCALLY_MANAGED) | 714 if (current_state_->user_type == User::USER_TYPE_LOCALLY_MANAGED) |
835 return LOCALLY_MANAGED_USER_LOGIN; | 715 return LOCALLY_MANAGED_USER_LOGIN; |
836 | 716 |
837 if (!VerifyOwner()) | 717 if (!VerifyOwner()) |
838 return CONTINUE; | 718 return CONTINUE; |
839 return user_can_login_ ? OFFLINE_LOGIN : OWNER_REQUIRED; | 719 return user_can_login_ ? OFFLINE_LOGIN : OWNER_REQUIRED; |
840 } | 720 } |
841 | 721 |
842 ParallelAuthenticator::AuthState | 722 ParallelAuthenticator::AuthState |
843 ParallelAuthenticator::ResolveOnlineFailureState( | |
844 ParallelAuthenticator::AuthState offline_state) { | |
845 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | |
846 if (offline_state == OFFLINE_LOGIN) { | |
847 if (WasConnectionIssue(current_state_->online_outcome())) { | |
848 // Couldn't do an online check, so just go with the offline result. | |
849 return OFFLINE_LOGIN; | |
850 } | |
851 // Otherwise, online login was rejected! | |
852 if (current_state_->online_outcome().error().state() == | |
853 GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS) { | |
854 return NEED_NEW_PW; | |
855 } | |
856 return ONLINE_FAILED; | |
857 } | |
858 return LOGIN_FAILED; | |
859 } | |
860 | |
861 ParallelAuthenticator::AuthState | |
862 ParallelAuthenticator::ResolveOnlineSuccessState( | 723 ParallelAuthenticator::ResolveOnlineSuccessState( |
863 ParallelAuthenticator::AuthState offline_state) { | 724 ParallelAuthenticator::AuthState offline_state) { |
864 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 725 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
865 switch (offline_state) { | 726 switch (offline_state) { |
866 case POSSIBLE_PW_CHANGE: | 727 case POSSIBLE_PW_CHANGE: |
867 return NEED_OLD_PW; | 728 return NEED_OLD_PW; |
868 case NO_MOUNT: | 729 case NO_MOUNT: |
869 return CREATE_NEW; | 730 return CREATE_NEW; |
870 case OFFLINE_LOGIN: | 731 case OFFLINE_LOGIN: |
871 return ONLINE_LOGIN; | 732 return ONLINE_LOGIN; |
872 default: | 733 default: |
873 NOTREACHED(); | 734 NOTREACHED(); |
874 return offline_state; | 735 return offline_state; |
875 } | 736 } |
876 } | 737 } |
877 | 738 |
878 void ParallelAuthenticator::ResolveLoginCompletionStatus() { | 739 void ParallelAuthenticator::ResolveLoginCompletionStatus() { |
879 // Shortcut online state resolution process. | 740 // Shortcut online state resolution process. |
880 current_state_->RecordOnlineLoginStatus(LoginFailure::LoginFailureNone()); | 741 current_state_->RecordOnlineLoginStatus(LoginFailure::LoginFailureNone()); |
881 Resolve(); | 742 Resolve(); |
882 } | 743 } |
883 | 744 |
884 void ParallelAuthenticator::SetOwnerState(bool owner_check_finished, | 745 void ParallelAuthenticator::SetOwnerState(bool owner_check_finished, |
885 bool check_result) { | 746 bool check_result) { |
886 owner_is_verified_ = owner_check_finished; | 747 owner_is_verified_ = owner_check_finished; |
887 user_can_login_ = check_result; | 748 user_can_login_ = check_result; |
888 } | 749 } |
889 | 750 |
890 } // namespace chromeos | 751 } // namespace chromeos |
OLD | NEW |