| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/lock/screen_locker.h" | 5 #include "chrome/browser/chromeos/login/lock/screen_locker.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "ash/common/wallpaper/wallpaper_controller.h" | 10 #include "ash/common/wallpaper/wallpaper_controller.h" |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 #include "base/memory/weak_ptr.h" | 23 #include "base/memory/weak_ptr.h" |
| 24 #include "base/message_loop/message_loop.h" | 24 #include "base/message_loop/message_loop.h" |
| 25 #include "base/metrics/histogram_macros.h" | 25 #include "base/metrics/histogram_macros.h" |
| 26 #include "base/single_thread_task_runner.h" | 26 #include "base/single_thread_task_runner.h" |
| 27 #include "base/strings/string_number_conversions.h" | 27 #include "base/strings/string_number_conversions.h" |
| 28 #include "base/strings/string_util.h" | 28 #include "base/strings/string_util.h" |
| 29 #include "base/threading/thread_task_runner_handle.h" | 29 #include "base/threading/thread_task_runner_handle.h" |
| 30 #include "chrome/browser/chrome_notification_types.h" | 30 #include "chrome/browser/chrome_notification_types.h" |
| 31 #include "chrome/browser/chromeos/accessibility/accessibility_manager.h" | 31 #include "chrome/browser/chromeos/accessibility/accessibility_manager.h" |
| 32 #include "chrome/browser/chromeos/login/lock/webui_screen_locker.h" | 32 #include "chrome/browser/chromeos/login/lock/webui_screen_locker.h" |
| 33 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" | 33 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_factory.h" |
| 34 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage_factory.h" | 34 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_storage.h" |
| 35 #include "chrome/browser/chromeos/login/session/user_session_manager.h" | 35 #include "chrome/browser/chromeos/login/session/user_session_manager.h" |
| 36 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticatio
n.h" | 36 #include "chrome/browser/chromeos/login/supervised/supervised_user_authenticatio
n.h" |
| 37 #include "chrome/browser/chromeos/login/ui/user_adding_screen.h" | 37 #include "chrome/browser/chromeos/login/ui/user_adding_screen.h" |
| 38 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" | 38 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" |
| 39 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" | 39 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" |
| 40 #include "chrome/browser/lifetime/application_lifetime.h" | 40 #include "chrome/browser/lifetime/application_lifetime.h" |
| 41 #include "chrome/browser/signin/easy_unlock_service.h" | 41 #include "chrome/browser/signin/easy_unlock_service.h" |
| 42 #include "chrome/browser/signin/signin_manager_factory.h" | 42 #include "chrome/browser/signin/signin_manager_factory.h" |
| 43 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_provider.h" | 43 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_provider.h" |
| 44 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_source.h" | 44 #include "chrome/browser/ui/webui/chromeos/login/screenlock_icon_source.h" |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 106 void Observe(int type, | 106 void Observe(int type, |
| 107 const content::NotificationSource& source, | 107 const content::NotificationSource& source, |
| 108 const content::NotificationDetails& details) override { | 108 const content::NotificationDetails& details) override { |
| 109 if (type == chrome::NOTIFICATION_SESSION_STARTED) { | 109 if (type == chrome::NOTIFICATION_SESSION_STARTED) { |
| 110 session_started_ = true; | 110 session_started_ = true; |
| 111 | 111 |
| 112 // The user session has just started, so the user has logged in. Mark a | 112 // The user session has just started, so the user has logged in. Mark a |
| 113 // strong authentication to allow them to use PIN to unlock the device. | 113 // strong authentication to allow them to use PIN to unlock the device. |
| 114 user_manager::User* user = | 114 user_manager::User* user = |
| 115 content::Details<user_manager::User>(details).ptr(); | 115 content::Details<user_manager::User>(details).ptr(); |
| 116 quick_unlock::PinStorage* pin_storage = | 116 quick_unlock::QuickUnlockStorage* quick_unlock_storage = |
| 117 quick_unlock::PinStorageFactory::GetForUser(user); | 117 quick_unlock::QuickUnlockFactory::GetForUser(user); |
| 118 if (pin_storage) | 118 if (quick_unlock_storage) |
| 119 pin_storage->MarkStrongAuth(); | 119 quick_unlock_storage->MarkStrongAuth(); |
| 120 } else { | 120 } else { |
| 121 NOTREACHED() << "Unexpected notification " << type; | 121 NOTREACHED() << "Unexpected notification " << type; |
| 122 } | 122 } |
| 123 } | 123 } |
| 124 | 124 |
| 125 // UserAddingScreen::Observer overrides: | 125 // UserAddingScreen::Observer overrides: |
| 126 void OnUserAddingFinished() override { | 126 void OnUserAddingFinished() override { |
| 127 UserAddingScreen::Get()->RemoveObserver(this); | 127 UserAddingScreen::Get()->RemoveObserver(this); |
| 128 ScreenLocker::HandleLockScreenRequest(); | 128 ScreenLocker::HandleLockScreenRequest(); |
| 129 } | 129 } |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 238 user_context.GetAccountId()); | 238 user_context.GetAccountId()); |
| 239 } | 239 } |
| 240 | 240 |
| 241 // Reset the number of PIN attempts available to the user. We always do this | 241 // Reset the number of PIN attempts available to the user. We always do this |
| 242 // because: | 242 // because: |
| 243 // 1. If the user signed in with a PIN, that means they should be able to | 243 // 1. If the user signed in with a PIN, that means they should be able to |
| 244 // continue signing in with a PIN. | 244 // continue signing in with a PIN. |
| 245 // 2. If the user signed in with cryptohome keys, then the PIN timeout is | 245 // 2. If the user signed in with cryptohome keys, then the PIN timeout is |
| 246 // going to be reset as well, so it is safe to reset the unlock attempt | 246 // going to be reset as well, so it is safe to reset the unlock attempt |
| 247 // count. | 247 // count. |
| 248 quick_unlock::PinStorage* pin_storage = | 248 quick_unlock::QuickUnlockStorage* quick_unlock_storage = |
| 249 quick_unlock::PinStorageFactory::GetForUser(user); | 249 quick_unlock::QuickUnlockFactory::GetForUser(user); |
| 250 if (pin_storage) | 250 if (quick_unlock_storage) { |
| 251 pin_storage->ResetUnlockAttemptCount(); | 251 quick_unlock_storage->pin_storage()->ResetUnlockAttemptCount(); |
| 252 quick_unlock_storage->fingerprint_storage()->ResetUnlockAttemptCount(); |
| 253 } |
| 252 | 254 |
| 253 UserSessionManager::GetInstance()->UpdateEasyUnlockKeys(user_context); | 255 UserSessionManager::GetInstance()->UpdateEasyUnlockKeys(user_context); |
| 254 } else { | 256 } else { |
| 255 NOTREACHED() << "Logged in user not found."; | 257 NOTREACHED() << "Logged in user not found."; |
| 256 } | 258 } |
| 257 | 259 |
| 258 authentication_capture_.reset(new AuthenticationParametersCapture()); | 260 authentication_capture_.reset(new AuthenticationParametersCapture()); |
| 259 authentication_capture_->user_context = user_context; | 261 authentication_capture_->user_context = user_context; |
| 260 | 262 |
| 261 // Add guard for case when something get broken in call chain to unlock | 263 // Add guard for case when something get broken in call chain to unlock |
| 262 // for sure. | 264 // for sure. |
| 263 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( | 265 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( |
| 264 FROM_HERE, base::Bind(&ScreenLocker::UnlockOnLoginSuccess, | 266 FROM_HERE, base::Bind(&ScreenLocker::UnlockOnLoginSuccess, |
| 265 weak_factory_.GetWeakPtr()), | 267 weak_factory_.GetWeakPtr()), |
| 266 base::TimeDelta::FromMilliseconds(kUnlockGuardTimeoutMs)); | 268 base::TimeDelta::FromMilliseconds(kUnlockGuardTimeoutMs)); |
| 267 web_ui()->AnimateAuthenticationSuccess(); | 269 web_ui()->AnimateAuthenticationSuccess(); |
| 268 } | 270 } |
| 269 | 271 |
| 270 void ScreenLocker::OnPasswordAuthSuccess(const UserContext& user_context) { | 272 void ScreenLocker::OnPasswordAuthSuccess(const UserContext& user_context) { |
| 271 // The user has signed in using their password, so reset the PIN timeout. | 273 // The user has signed in using their password, so reset the PIN timeout. |
| 272 quick_unlock::PinStorage* pin_storage = | 274 quick_unlock::QuickUnlockStorage* quick_unlock_storage = |
| 273 quick_unlock::PinStorageFactory::GetForAccountId( | 275 quick_unlock::QuickUnlockFactory::GetForAccountId( |
| 274 user_context.GetAccountId()); | 276 user_context.GetAccountId()); |
| 275 if (pin_storage) | 277 if (quick_unlock_storage) |
| 276 pin_storage->MarkStrongAuth(); | 278 quick_unlock_storage->MarkStrongAuth(); |
| 277 } | 279 } |
| 278 | 280 |
| 279 void ScreenLocker::UnlockOnLoginSuccess() { | 281 void ScreenLocker::UnlockOnLoginSuccess() { |
| 280 DCHECK(base::MessageLoopForUI::IsCurrent()); | 282 DCHECK(base::MessageLoopForUI::IsCurrent()); |
| 281 if (!authentication_capture_.get()) { | 283 if (!authentication_capture_.get()) { |
| 282 LOG(WARNING) << "Call to UnlockOnLoginSuccess without previous " << | 284 LOG(WARNING) << "Call to UnlockOnLoginSuccess without previous " << |
| 283 "authentication success."; | 285 "authentication success."; |
| 284 return; | 286 return; |
| 285 } | 287 } |
| 286 | 288 |
| (...skipping 18 matching lines...) Expand all Loading... |
| 305 const user_manager::User* user = FindUnlockUser(user_context.GetAccountId()); | 307 const user_manager::User* user = FindUnlockUser(user_context.GetAccountId()); |
| 306 if (user) { | 308 if (user) { |
| 307 // Check to see if the user submitted a PIN and it is valid. | 309 // Check to see if the user submitted a PIN and it is valid. |
| 308 const std::string pin = user_context.GetKey()->GetSecret(); | 310 const std::string pin = user_context.GetKey()->GetSecret(); |
| 309 | 311 |
| 310 // We only want to try authenticating the pin if it is a number, | 312 // We only want to try authenticating the pin if it is a number, |
| 311 // otherwise we will timeout PIN if the user enters their account password | 313 // otherwise we will timeout PIN if the user enters their account password |
| 312 // incorrectly more than a few times. | 314 // incorrectly more than a few times. |
| 313 int dummy_value; | 315 int dummy_value; |
| 314 if (is_pin_attempt_ && base::StringToInt(pin, &dummy_value)) { | 316 if (is_pin_attempt_ && base::StringToInt(pin, &dummy_value)) { |
| 315 quick_unlock::PinStorage* pin_storage = | 317 quick_unlock::QuickUnlockStorage* quick_unlock_storage = |
| 316 quick_unlock::PinStorageFactory::GetForUser(user); | 318 quick_unlock::QuickUnlockFactory::GetForUser(user); |
| 317 if (pin_storage && pin_storage->TryAuthenticatePin(pin)) { | 319 if (quick_unlock_storage && |
| 320 quick_unlock_storage->TryAuthenticatePin(pin)) { |
| 318 OnAuthSuccess(user_context); | 321 OnAuthSuccess(user_context); |
| 319 return; | 322 return; |
| 320 } | 323 } |
| 321 } | 324 } |
| 322 | 325 |
| 323 // Special case: supervised users. Use special authenticator. | 326 // Special case: supervised users. Use special authenticator. |
| 324 if (user->GetType() == user_manager::USER_TYPE_SUPERVISED) { | 327 if (user->GetType() == user_manager::USER_TYPE_SUPERVISED) { |
| 325 UserContext updated_context = ChromeUserManager::Get() | 328 UserContext updated_context = ChromeUserManager::Get() |
| 326 ->GetSupervisedUserManager() | 329 ->GetSupervisedUserManager() |
| 327 ->GetAuthentication() | 330 ->GetAuthentication() |
| (...skipping 228 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 556 | 559 |
| 557 bool ScreenLocker::IsUserLoggedIn(const AccountId& account_id) const { | 560 bool ScreenLocker::IsUserLoggedIn(const AccountId& account_id) const { |
| 558 for (user_manager::User* user : users_) { | 561 for (user_manager::User* user : users_) { |
| 559 if (user->GetAccountId() == account_id) | 562 if (user->GetAccountId() == account_id) |
| 560 return true; | 563 return true; |
| 561 } | 564 } |
| 562 return false; | 565 return false; |
| 563 } | 566 } |
| 564 | 567 |
| 565 } // namespace chromeos | 568 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2715823004:
Add FingerprintUnlock KeyedService for each profile (Closed)
