| Index: chrome/browser/chromeos/login/parallel_authenticator.cc
|
| diff --git a/chrome/browser/chromeos/login/parallel_authenticator.cc b/chrome/browser/chromeos/login/parallel_authenticator.cc
|
| index c5dbc8234b9dea66b1285f9b7a36b746537c3176..0ca35d13ce1ea25ab03ecc1b210b3674c07e3016 100644
|
| --- a/chrome/browser/chromeos/login/parallel_authenticator.cc
|
| +++ b/chrome/browser/chromeos/login/parallel_authenticator.cc
|
| @@ -36,9 +36,6 @@ namespace chromeos {
|
|
|
| namespace {
|
|
|
| -// Milliseconds until we timeout our attempt to hit ClientLogin.
|
| -const int kClientLoginTimeoutMs = 10000;
|
| -
|
| // Length of password hashed with SHA-256.
|
| const int kPasswordHashLength = 32;
|
|
|
| @@ -164,15 +161,6 @@ void CheckKey(AuthAttemptState* attempt,
|
| base::Bind(&TriggerResolve, attempt, resolver));
|
| }
|
|
|
| -// Returns whether the login failure was connection issue.
|
| -bool WasConnectionIssue(const LoginFailure& online_outcome) {
|
| - return ((online_outcome.reason() == LoginFailure::LOGIN_TIMED_OUT) ||
|
| - (online_outcome.error().state() ==
|
| - GoogleServiceAuthError::CONNECTION_FAILED) ||
|
| - (online_outcome.error().state() ==
|
| - GoogleServiceAuthError::REQUEST_CANCELED));
|
| -}
|
| -
|
| // Returns hash of |password|, salted with the system salt.
|
| std::string HashPassword(const std::string& password) {
|
| // Get salt, ascii encode, update sha with that, then update with ascii
|
| @@ -208,9 +196,7 @@ ParallelAuthenticator::ParallelAuthenticator(LoginStatusConsumer* consumer)
|
|
|
| void ParallelAuthenticator::AuthenticateToLogin(
|
| Profile* profile,
|
| - const UserContext& user_context,
|
| - const std::string& login_token,
|
| - const std::string& login_captcha) {
|
| + const UserContext& user_context) {
|
| std::string canonicalized = gaia::CanonicalizeEmail(user_context.username);
|
| authentication_profile_ = profile;
|
| current_state_.reset(
|
| @@ -219,8 +205,8 @@ void ParallelAuthenticator::AuthenticateToLogin(
|
| user_context.password,
|
| user_context.auth_code),
|
| HashPassword(user_context.password),
|
| - login_token,
|
| - login_captcha,
|
| + std::string(), // login_token, not used.
|
| + std::string(), // login_captcha, not used.
|
| User::USER_TYPE_REGULAR,
|
| !UserManager::Get()->IsKnownUser(canonicalized)));
|
| // Reset the verified flag.
|
| @@ -269,6 +255,7 @@ void ParallelAuthenticator::CompleteLogin(Profile* profile,
|
| // services not being able to fetch a token, leading to browser crashes.
|
| // So initiate ClientLogin-based post authentication.
|
| // TODO(xiyuan): This should not be required.
|
| + // Context: http://crbug.com/201374
|
| current_online_.reset(new OnlineAttempt(current_state_.get(),
|
| this));
|
| current_online_->Initiate(profile);
|
| @@ -426,16 +413,6 @@ void ParallelAuthenticator::OnLoginFailure(const LoginFailure& error) {
|
| consumer_->OnLoginFailure(error);
|
| }
|
|
|
| -void ParallelAuthenticator::RecordOAuthCheckFailure(
|
| - const std::string& user_name) {
|
| - DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
|
| - DCHECK(using_oauth_);
|
| - // Mark this account's OAuth token state as invalid in the local state.
|
| - UserManager::Get()->SaveUserOAuthStatus(
|
| - user_name,
|
| - User::OAUTH2_TOKEN_STATUS_INVALID);
|
| -}
|
| -
|
| void ParallelAuthenticator::RecoverEncryptedData(
|
| const std::string& old_password) {
|
| std::string old_hash = HashPassword(old_password);
|
| @@ -489,30 +466,6 @@ void ParallelAuthenticator::OnOwnershipChecked(
|
| Resolve();
|
| }
|
|
|
| -void ParallelAuthenticator::RetryAuth(Profile* profile,
|
| - const UserContext& user_context,
|
| - const std::string& login_token,
|
| - const std::string& login_captcha) {
|
| - reauth_state_.reset(
|
| - new AuthAttemptState(
|
| - UserContext(gaia::CanonicalizeEmail(user_context.username),
|
| - user_context.password,
|
| - user_context.auth_code),
|
| - HashPassword(user_context.password),
|
| - login_token,
|
| - login_captcha,
|
| - User::USER_TYPE_REGULAR,
|
| - false /* not a new user */));
|
| - // Always use ClientLogin regardless of using_oauth flag. This is because
|
| - // we are unable to renew oauth token on lock screen currently and will
|
| - // stuck with lock screen if we use OAuthLogin here.
|
| - // TODO(xiyuan): Revisit this after we support Gaia in lock screen.
|
| - current_online_.reset(new OnlineAttempt(reauth_state_.get(),
|
| - this));
|
| - current_online_->Initiate(profile);
|
| -}
|
| -
|
| -
|
| void ParallelAuthenticator::Resolve() {
|
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
|
| bool request_pending = false;
|
| @@ -576,57 +529,9 @@ void ParallelAuthenticator::Resolve() {
|
| base::Bind(&ParallelAuthenticator::OnPasswordChangeDetected, this));
|
| break;
|
| case ONLINE_FAILED:
|
| - // In this case, we know online login was rejected because the account
|
| - // is disabled or something similarly fatal. Sending the user through
|
| - // the same path they get when their password is rejected is cleaner
|
| - // for now.
|
| - // TODO(cmasone): optimize this so that we don't send the user through
|
| - // the 'changed password' path when we know doing so won't succeed.
|
| - case NEED_NEW_PW: {
|
| - {
|
| - base::AutoLock for_this_block(success_lock_);
|
| - if (!already_reported_success_) {
|
| - // This allows us to present the same behavior for "online:
|
| - // fail, offline: ok", regardless of the order in which we
|
| - // receive the results. There will be cases in which we get
|
| - // the online failure some time after the offline success,
|
| - // so we just force all cases in this category to present like this:
|
| - // OnLoginSuccess(..., ..., true) -> OnLoginFailure().
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI, FROM_HERE,
|
| - base::Bind(&ParallelAuthenticator::OnLoginSuccess,
|
| - this,
|
| - true));
|
| - }
|
| - }
|
| - const LoginFailure& login_failure =
|
| - reauth_state_.get() ? reauth_state_->online_outcome() :
|
| - current_state_->online_outcome();
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI, FROM_HERE,
|
| - base::Bind(&ParallelAuthenticator::OnLoginFailure, this,
|
| - login_failure));
|
| - // Check if we couldn't verify OAuth token here.
|
| - if (using_oauth_ &&
|
| - login_failure.reason() == LoginFailure::NETWORK_AUTH_FAILED) {
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI, FROM_HERE,
|
| - base::Bind(&ParallelAuthenticator::RecordOAuthCheckFailure, this,
|
| - (reauth_state_.get() ?
|
| - reauth_state_->user_context.username :
|
| - current_state_->user_context.username)));
|
| - }
|
| - break;
|
| - }
|
| + case NEED_NEW_PW:
|
| case HAVE_NEW_PW:
|
| - migrate_attempted_ = true;
|
| - BrowserThread::PostTask(
|
| - BrowserThread::UI, FROM_HERE,
|
| - base::Bind(&Migrate,
|
| - reauth_state_.get(),
|
| - scoped_refptr<ParallelAuthenticator>(this),
|
| - true,
|
| - current_state_->ascii_hash));
|
| + NOTREACHED() << "Using obsolete ClientLogin code path.";
|
| break;
|
| case OFFLINE_LOGIN:
|
| VLOG(2) << "Offline login";
|
| @@ -719,9 +624,7 @@ ParallelAuthenticator::AuthState ParallelAuthenticator::ResolveState() {
|
| return CONTINUE;
|
| }
|
|
|
| - AuthState state = (reauth_state_.get() ? ResolveReauthState() : CONTINUE);
|
| - if (state != CONTINUE)
|
| - return state;
|
| + AuthState state = CONTINUE;
|
|
|
| if (current_state_->cryptohome_outcome())
|
| state = ResolveCryptohomeSuccessState();
|
| @@ -744,36 +647,13 @@ ParallelAuthenticator::AuthState ParallelAuthenticator::ResolveState() {
|
| // Online attempt succeeded as well, so combine the results.
|
| return ResolveOnlineSuccessState(state);
|
| }
|
| - // Online login attempt was rejected or failed to occur.
|
| - return ResolveOnlineFailureState(state);
|
| + NOTREACHED() << "Using obsolete ClientLogin code path.";
|
| }
|
| // if online isn't complete yet, just return the offline result.
|
| return state;
|
| }
|
|
|
| ParallelAuthenticator::AuthState
|
| -ParallelAuthenticator::ResolveReauthState() {
|
| - DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
|
| - if (reauth_state_->cryptohome_complete()) {
|
| - if (!reauth_state_->cryptohome_outcome()) {
|
| - // If we've tried to migrate and failed, log the error and just wait
|
| - // til next time the user logs in to migrate their cryptohome key.
|
| - LOG(ERROR) << "Failed to migrate cryptohome key: "
|
| - << reauth_state_->cryptohome_code();
|
| - }
|
| - reauth_state_.reset(NULL);
|
| - return ONLINE_LOGIN;
|
| - }
|
| - // Haven't tried the migrate yet, must be processing the online auth attempt.
|
| - if (!reauth_state_->online_complete()) {
|
| - NOTREACHED(); // Shouldn't be here at all, if online reauth isn't done!
|
| - return CONTINUE;
|
| - }
|
| - return (reauth_state_->online_outcome().reason() == LoginFailure::NONE) ?
|
| - HAVE_NEW_PW : NEED_NEW_PW;
|
| -}
|
| -
|
| -ParallelAuthenticator::AuthState
|
| ParallelAuthenticator::ResolveCryptohomeFailureState() {
|
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
|
| if (remove_attempted_)
|
| @@ -840,25 +720,6 @@ ParallelAuthenticator::ResolveCryptohomeSuccessState() {
|
| }
|
|
|
| ParallelAuthenticator::AuthState
|
| -ParallelAuthenticator::ResolveOnlineFailureState(
|
| - ParallelAuthenticator::AuthState offline_state) {
|
| - DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
|
| - if (offline_state == OFFLINE_LOGIN) {
|
| - if (WasConnectionIssue(current_state_->online_outcome())) {
|
| - // Couldn't do an online check, so just go with the offline result.
|
| - return OFFLINE_LOGIN;
|
| - }
|
| - // Otherwise, online login was rejected!
|
| - if (current_state_->online_outcome().error().state() ==
|
| - GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS) {
|
| - return NEED_NEW_PW;
|
| - }
|
| - return ONLINE_FAILED;
|
| - }
|
| - return LOGIN_FAILED;
|
| -}
|
| -
|
| -ParallelAuthenticator::AuthState
|
| ParallelAuthenticator::ResolveOnlineSuccessState(
|
| ParallelAuthenticator::AuthState offline_state) {
|
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
|
|
|
Chromium Code Reviews
Issue 18686006:
[cros] Cleanup login auth stack: remove ClientLogin legacy code (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src