| Index: chrome/browser/chromeos/login/login_performer.cc
|
| diff --git a/chrome/browser/chromeos/login/login_performer.cc b/chrome/browser/chromeos/login/login_performer.cc
|
| index 22255fa1dd68127c9b2ba91d4493f56c34db730b..4840116a00d667788ff3f1c4b08bb54eb6537023 100644
|
| --- a/chrome/browser/chromeos/login/login_performer.cc
|
| +++ b/chrome/browser/chromeos/login/login_performer.cc
|
| @@ -18,7 +18,6 @@
|
| #include "chrome/browser/chromeos/boot_times_loader.h"
|
| #include "chrome/browser/chromeos/login/login_utils.h"
|
| #include "chrome/browser/chromeos/login/managed/locally_managed_user_login_flow.h"
|
| -#include "chrome/browser/chromeos/login/screen_locker.h"
|
| #include "chrome/browser/chromeos/login/user_manager.h"
|
| #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
|
| #include "chrome/browser/chromeos/profiles/profile_helper.h"
|
| @@ -46,29 +45,18 @@ using content::UserMetricsAction;
|
|
|
| namespace chromeos {
|
|
|
| -// Initialize default LoginPerformer.
|
| -// static
|
| -LoginPerformer* LoginPerformer::default_performer_ = NULL;
|
| -
|
| LoginPerformer::LoginPerformer(Delegate* delegate)
|
| : online_attempt_host_(this),
|
| last_login_failure_(LoginFailure::LoginFailureNone()),
|
| delegate_(delegate),
|
| password_changed_(false),
|
| password_changed_callback_count_(0),
|
| - screen_lock_requested_(false),
|
| - initial_online_auth_pending_(false),
|
| auth_mode_(AUTH_MODE_INTERNAL),
|
| weak_factory_(this) {
|
| - DCHECK(default_performer_ == NULL)
|
| - << "LoginPerformer should have only one instance.";
|
| - default_performer_ = this;
|
| }
|
|
|
| LoginPerformer::~LoginPerformer() {
|
| DVLOG(1) << "Deleting LoginPerformer";
|
| - DCHECK(default_performer_ != NULL) << "Default instance should exist.";
|
| - default_performer_ = NULL;
|
| if (authenticator_.get())
|
| authenticator_->SetConsumer(NULL);
|
| }
|
| @@ -88,33 +76,9 @@ void LoginPerformer::OnLoginFailure(const LoginFailure& failure) {
|
| if (delegate_) {
|
| delegate_->OnLoginFailure(failure);
|
| return;
|
| - }
|
| -
|
| - // Consequent online login failure with blocking UI on.
|
| - // No difference between cases whether screen was locked by the user or
|
| - // by LoginPerformer except for the very first screen lock while waiting
|
| - // for online auth. Otherwise it will be SL active > timeout > screen unlock.
|
| - // Display recoverable error message using ScreenLocker,
|
| - // force sign out otherwise.
|
| - if (ScreenLocker::default_screen_locker() && !initial_online_auth_pending_) {
|
| - ResolveLockLoginFailure();
|
| - return;
|
| - }
|
| - initial_online_auth_pending_ = false;
|
| -
|
| - // Offline auth - OK, online auth - failed.
|
| - if (failure.reason() == LoginFailure::NETWORK_AUTH_FAILED) {
|
| - ResolveInitialNetworkAuthFailure();
|
| - } else if (failure.reason() == LoginFailure::LOGIN_TIMED_OUT) {
|
| - VLOG(1) << "Online login timed out. "
|
| - << "Granting user access based on offline auth only.";
|
| - // ScreenLock is not active, it's ok to delete itself.
|
| - base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
|
| } else {
|
| // COULD_NOT_MOUNT_CRYPTOHOME, COULD_NOT_MOUNT_TMPFS:
|
| // happens during offline auth only.
|
| - // UNLOCK_FAILED is used during normal screen lock case.
|
| - // TODO(nkostylev) DATA_REMOVAL_FAILED - ?
|
| NOTREACHED();
|
| }
|
| }
|
| @@ -146,13 +110,8 @@ void LoginPerformer::OnLoginSuccess(
|
| DCHECK(delegate_);
|
| // After delegate_->OnLoginSuccess(...) is called, delegate_ releases
|
| // LoginPerformer ownership. LP now manages it's lifetime on its own.
|
| - // 2 things could make it exist longer:
|
| - // 1. ScreenLock active (pending correct new password input)
|
| - // 2. Pending online auth request.
|
| - if (!pending_requests)
|
| - base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
|
| - else
|
| - initial_online_auth_pending_ = true;
|
| + DCHECK(!pending_requests);
|
| + base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
|
|
|
| delegate_->OnLoginSuccess(user_context,
|
| pending_requests,
|
| @@ -175,11 +134,7 @@ void LoginPerformer::OnPasswordChangeDetected() {
|
| if (delegate_) {
|
| delegate_->OnPasswordChangeDetected();
|
| } else {
|
| - last_login_failure_ =
|
| - LoginFailure::FromNetworkAuthFailure(GoogleServiceAuthError(
|
| - GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
|
| - DVLOG(1) << "Password change detected - locking screen.";
|
| - RequestScreenLock();
|
| + NOTREACHED();
|
| }
|
| }
|
|
|
| @@ -195,27 +150,6 @@ void LoginPerformer::OnChecked(const std::string& username, bool success) {
|
| }
|
|
|
| ////////////////////////////////////////////////////////////////////////////////
|
| -// LoginPerformer, content::NotificationObserver implementation:
|
| -//
|
| -
|
| -void LoginPerformer::Observe(int type,
|
| - const content::NotificationSource& source,
|
| - const content::NotificationDetails& details) {
|
| - if (type != chrome::NOTIFICATION_SCREEN_LOCK_STATE_CHANGED)
|
| - return;
|
| -
|
| - bool is_screen_locked = *content::Details<bool>(details).ptr();
|
| - if (is_screen_locked) {
|
| - if (screen_lock_requested_) {
|
| - screen_lock_requested_ = false;
|
| - ResolveScreenLocked();
|
| - }
|
| - } else {
|
| - ResolveScreenUnlocked();
|
| - }
|
| -}
|
| -
|
| -////////////////////////////////////////////////////////////////////////////////
|
| // LoginPerformer, public:
|
|
|
| void LoginPerformer::PerformLogin(const UserContext& user_context,
|
| @@ -225,31 +159,28 @@ void LoginPerformer::PerformLogin(const UserContext& user_context,
|
|
|
| CrosSettings* cros_settings = CrosSettings::Get();
|
|
|
| - // Whitelist check is always performed during initial login and
|
| - // should not be performed when ScreenLock is active (pending online auth).
|
| - if (!ScreenLocker::default_screen_locker()) {
|
| - CrosSettingsProvider::TrustedStatus status =
|
| - cros_settings->PrepareTrustedValues(
|
| - base::Bind(&LoginPerformer::PerformLogin,
|
| - weak_factory_.GetWeakPtr(),
|
| - user_context_, auth_mode));
|
| - // Must not proceed without signature verification.
|
| - if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
|
| - if (delegate_)
|
| - delegate_->PolicyLoadFailed();
|
| - else
|
| - NOTREACHED();
|
| - return;
|
| - } else if (status != CrosSettingsProvider::TRUSTED) {
|
| - // Value of AllowNewUser setting is still not verified.
|
| - // Another attempt will be invoked after verification completion.
|
| - return;
|
| - }
|
| + // Whitelist check is always performed during initial login.
|
| + CrosSettingsProvider::TrustedStatus status =
|
| + cros_settings->PrepareTrustedValues(
|
| + base::Bind(&LoginPerformer::PerformLogin,
|
| + weak_factory_.GetWeakPtr(),
|
| + user_context_, auth_mode));
|
| + // Must not proceed without signature verification.
|
| + if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) {
|
| + if (delegate_)
|
| + delegate_->PolicyLoadFailed();
|
| + else
|
| + NOTREACHED();
|
| + return;
|
| + } else if (status != CrosSettingsProvider::TRUSTED) {
|
| + // Value of AllowNewUser setting is still not verified.
|
| + // Another attempt will be invoked after verification completion.
|
| + return;
|
| }
|
|
|
| bool is_whitelisted = LoginUtils::IsWhitelisted(
|
| gaia::CanonicalizeEmail(user_context.username));
|
| - if (ScreenLocker::default_screen_locker() || is_whitelisted) {
|
| + if (is_whitelisted) {
|
| switch (auth_mode_) {
|
| case AUTH_MODE_EXTENSION:
|
| StartLoginCompletion();
|
| @@ -333,149 +264,6 @@ void LoginPerformer::ResyncEncryptedData() {
|
| ////////////////////////////////////////////////////////////////////////////////
|
| // LoginPerformer, private:
|
|
|
| -void LoginPerformer::RequestScreenLock() {
|
| - DVLOG(1) << "Screen lock requested";
|
| - // Will receive notifications on screen unlock and delete itself.
|
| - registrar_.Add(this,
|
| - chrome::NOTIFICATION_SCREEN_LOCK_STATE_CHANGED,
|
| - content::NotificationService::AllSources());
|
| - if (ScreenLocker::default_screen_locker()) {
|
| - DVLOG(1) << "Screen already locked";
|
| - ResolveScreenLocked();
|
| - } else {
|
| - screen_lock_requested_ = true;
|
| - // TODO(antrim) : additional logging for crbug/173178
|
| - LOG(WARNING) << "Requesting screen lock from LoginPerformer";
|
| - DBusThreadManager::Get()->GetSessionManagerClient()->RequestLockScreen();
|
| - }
|
| -}
|
| -
|
| -void LoginPerformer::RequestScreenUnlock() {
|
| - DVLOG(1) << "Screen unlock requested";
|
| - if (ScreenLocker::default_screen_locker()) {
|
| - DBusThreadManager::Get()->GetSessionManagerClient()->RequestUnlockScreen();
|
| - // Will unsubscribe from notifications once unlock is successful.
|
| - } else {
|
| - LOG(ERROR) << "Screen is not locked";
|
| - NOTREACHED();
|
| - }
|
| -}
|
| -
|
| -void LoginPerformer::ResolveInitialNetworkAuthFailure() {
|
| - DVLOG(1) << "auth_error: " << last_login_failure_.error().state();
|
| -
|
| - switch (last_login_failure_.error().state()) {
|
| - case GoogleServiceAuthError::CONNECTION_FAILED:
|
| - case GoogleServiceAuthError::SERVICE_UNAVAILABLE:
|
| - case GoogleServiceAuthError::TWO_FACTOR:
|
| - case GoogleServiceAuthError::REQUEST_CANCELED:
|
| - // Offline auth already done. Online auth will be done next time
|
| - // or once user accesses web property.
|
| - VLOG(1) << "Granting user access based on offline auth only. "
|
| - << "Online login failed with "
|
| - << last_login_failure_.error().state();
|
| - // Resolving initial online auth failure, no ScreenLock is active.
|
| - base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
|
| - return;
|
| - case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS:
|
| - // Offline auth OK, so it might be the case of changed password.
|
| - password_changed_ = true;
|
| - case GoogleServiceAuthError::USER_NOT_SIGNED_UP:
|
| - case GoogleServiceAuthError::ACCOUNT_DELETED:
|
| - case GoogleServiceAuthError::ACCOUNT_DISABLED:
|
| - // Access not granted. User has to sign out.
|
| - // Request screen lock & show error message there.
|
| - case GoogleServiceAuthError::CAPTCHA_REQUIRED:
|
| - default:
|
| - // Unless there's new GoogleServiceAuthErrors state has been added.
|
| - NOTREACHED();
|
| - return;
|
| - }
|
| -}
|
| -
|
| -void LoginPerformer::ResolveLockLoginFailure() {
|
| - if (last_login_failure_.reason() == LoginFailure::LOGIN_TIMED_OUT) {
|
| - LOG(WARNING) << "Online login timed out - unlocking screen. "
|
| - << "Granting user access based on offline auth only.";
|
| - RequestScreenUnlock();
|
| - return;
|
| - } else if (last_login_failure_.reason() ==
|
| - LoginFailure::NETWORK_AUTH_FAILED) {
|
| - ResolveLockNetworkAuthFailure();
|
| - return;
|
| - } else if (last_login_failure_.reason() ==
|
| - LoginFailure::COULD_NOT_MOUNT_CRYPTOHOME ||
|
| - last_login_failure_.reason() ==
|
| - LoginFailure::DATA_REMOVAL_FAILED) {
|
| - LOG(ERROR) << "Cryptohome error, forcing sign out.";
|
| - } else {
|
| - // COULD_NOT_MOUNT_TMPFS, UNLOCK_FAILED should not happen here.
|
| - NOTREACHED();
|
| - }
|
| - ScreenLocker::default_screen_locker()->Signout();
|
| -}
|
| -
|
| -void LoginPerformer::ResolveLockNetworkAuthFailure() {
|
| - DCHECK(ScreenLocker::default_screen_locker())
|
| - << "ScreenLocker instance doesn't exist.";
|
| - DCHECK(last_login_failure_.reason() == LoginFailure::NETWORK_AUTH_FAILED);
|
| -
|
| - int msg_id = IDS_LOGIN_ERROR_AUTHENTICATING;
|
| - HelpAppLauncher::HelpTopic help_topic =
|
| - HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT;
|
| - bool sign_out_only = false;
|
| -
|
| - DVLOG(1) << "auth_error: " << last_login_failure_.error().state();
|
| -
|
| - switch (last_login_failure_.error().state()) {
|
| - case GoogleServiceAuthError::CONNECTION_FAILED:
|
| - case GoogleServiceAuthError::SERVICE_UNAVAILABLE:
|
| - case GoogleServiceAuthError::TWO_FACTOR:
|
| - case GoogleServiceAuthError::REQUEST_CANCELED:
|
| - // Offline auth already done. Online auth will be done next time
|
| - // or once user accesses web property.
|
| - LOG(WARNING) << "Granting user access based on offline auth only. "
|
| - << "Online login failed with "
|
| - << last_login_failure_.error().state();
|
| - RequestScreenUnlock();
|
| - return;
|
| - case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS:
|
| - // Password change detected.
|
| - msg_id = IDS_LOGIN_ERROR_PASSWORD_CHANGED;
|
| - break;
|
| - case GoogleServiceAuthError::USER_NOT_SIGNED_UP:
|
| - case GoogleServiceAuthError::ACCOUNT_DELETED:
|
| - case GoogleServiceAuthError::ACCOUNT_DISABLED:
|
| - // Access not granted. User has to sign out.
|
| - // Show error message using existing screen lock.
|
| - msg_id = IDS_LOGIN_ERROR_RESTRICTED;
|
| - help_topic = HelpAppLauncher::HELP_ACCOUNT_DISABLED;
|
| - sign_out_only = true;
|
| - break;
|
| - case GoogleServiceAuthError::CAPTCHA_REQUIRED:
|
| - default:
|
| - // Unless there's new GoogleServiceAuthError state has been added.
|
| - NOTREACHED();
|
| - break;
|
| - }
|
| -
|
| - ScreenLocker::default_screen_locker()->ShowErrorMessage(msg_id,
|
| - help_topic,
|
| - sign_out_only);
|
| -}
|
| -
|
| -void LoginPerformer::ResolveScreenLocked() {
|
| - DVLOG(1) << "Screen locked";
|
| - ResolveLockNetworkAuthFailure();
|
| -}
|
| -
|
| -void LoginPerformer::ResolveScreenUnlocked() {
|
| - DVLOG(1) << "Screen unlocked";
|
| - registrar_.RemoveAll();
|
| - // If screen was unlocked that was for a reason, should delete itself now.
|
| - base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
|
| -}
|
| -
|
| void LoginPerformer::StartLoginCompletion() {
|
| DVLOG(1) << "Login completion started";
|
| BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false);
|
| @@ -502,24 +290,12 @@ void LoginPerformer::StartAuthentication() {
|
| BrowserThread::UI, FROM_HERE,
|
| base::Bind(&Authenticator::AuthenticateToLogin, authenticator_.get(),
|
| profile,
|
| - user_context_,
|
| - std::string(),
|
| - std::string()));
|
| + user_context_));
|
| // Make unobtrusive online check. It helps to determine password change
|
| // state in the case when offline login fails.
|
| online_attempt_host_.Check(profile, user_context_);
|
| } else {
|
| - DCHECK(authenticator_.get())
|
| - << "Authenticator instance doesn't exist for login attempt retry.";
|
| - // At this point offline auth has been successful,
|
| - // retry online auth, using existing Authenticator instance.
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI, FROM_HERE,
|
| - base::Bind(&Authenticator::RetryAuth, authenticator_.get(),
|
| - profile,
|
| - user_context_,
|
| - std::string(),
|
| - std::string()));
|
| + NOTREACHED();
|
| }
|
| user_context_.password.clear();
|
| user_context_.auth_code.clear();
|
|
|
Chromium Code Reviews
Issue 18686006:
[cros] Cleanup login auth stack: remove ClientLogin legacy code (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src