1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/login/auth/chrome_login_performer.h"
8 #include "base/thread_task_runner_handle.h"
9 #include "chrome/browser/browser_process.h"
10 #include "chrome/browser/chromeos/login/login_utils.h"
11 #include "chrome/browser/chromeos/login/supervised/supervised_user_authentication.h"
12 #include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h"
13 #include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h"
14 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
15 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
16 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
17 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
18 #include "chrome/browser/chromeos/profiles/profile_helper.h"
19 #include "chrome/browser/chromeos/settings/cros_settings.h"
23 ChromeLoginPerformer::ChromeLoginPerformer(Delegate
* delegate
)
24 : LoginPerformer(base::ThreadTaskRunnerHandle::Get(), delegate
),
28 ChromeLoginPerformer::~ChromeLoginPerformer() {
31 ////////////////////////////////////////////////////////////////////////////////
32 // ChromeLoginPerformer, public:
34 bool ChromeLoginPerformer::RunTrustedCheck(const base::Closure
& callback
) {
35 CrosSettings
* cros_settings
= CrosSettings::Get();
37 CrosSettingsProvider::TrustedStatus status
=
38 cros_settings
->PrepareTrustedValues(
39 base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck
,
40 weak_factory_
.GetWeakPtr(),
42 // Must not proceed without signature verification.
43 if (status
== CrosSettingsProvider::PERMANENTLY_UNTRUSTED
) {
45 delegate_
->PolicyLoadFailed();
48 return true; // Some callback was called.
49 } else if (status
== CrosSettingsProvider::TEMPORARILY_UNTRUSTED
) {
50 // Value of AllowNewUser setting is still not verified.
51 // Another attempt will be invoked after verification completion.
54 DCHECK(status
== CrosSettingsProvider::TRUSTED
);
55 // CrosSettingsProvider::TRUSTED
57 return true; // Some callback was called.
61 void ChromeLoginPerformer::DidRunTrustedCheck(const base::Closure
& callback
) {
62 CrosSettings
* cros_settings
= CrosSettings::Get();
64 CrosSettingsProvider::TrustedStatus status
=
65 cros_settings
->PrepareTrustedValues(
66 base::Bind(&ChromeLoginPerformer::DidRunTrustedCheck
,
67 weak_factory_
.GetWeakPtr(),
69 // Must not proceed without signature verification.
70 if (status
== CrosSettingsProvider::PERMANENTLY_UNTRUSTED
) {
72 delegate_
->PolicyLoadFailed();
75 } else if (status
== CrosSettingsProvider::TEMPORARILY_UNTRUSTED
) {
76 // Value of AllowNewUser setting is still not verified.
77 // Another attempt will be invoked after verification completion.
80 DCHECK(status
== CrosSettingsProvider::TRUSTED
);
85 bool ChromeLoginPerformer::IsUserWhitelisted(const std::string
& user_id
,
86 bool* wildcard_match
) {
87 return LoginUtils::IsWhitelisted(user_id
, wildcard_match
);
90 void ChromeLoginPerformer::RunOnlineWhitelistCheck(
91 const std::string
& user_id
,
93 const base::Closure
& success_callback
,
94 const base::Closure
& failure_callback
) {
95 // On enterprise devices, reconfirm login permission with the server.
96 policy::BrowserPolicyConnectorChromeOS
* connector
=
97 g_browser_process
->platform_part()->browser_policy_connector_chromeos();
98 if (connector
->IsEnterpriseManaged() && wildcard_match
&&
99 !connector
->IsNonEnterpriseUser(user_id
)) {
100 wildcard_login_checker_
.reset(new policy::WildcardLoginChecker());
101 wildcard_login_checker_
->Start(
102 ProfileHelper::GetSigninProfile()->GetRequestContext(),
103 base::Bind(&ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted
,
104 weak_factory_
.GetWeakPtr(),
108 success_callback
.Run();
112 scoped_refptr
<Authenticator
> ChromeLoginPerformer::CreateAuthenticator() {
113 return LoginUtils::Get()->CreateAuthenticator(this);
116 bool ChromeLoginPerformer::AreSupervisedUsersAllowed() {
117 return user_manager::UserManager::Get()->AreSupervisedUsersAllowed();
120 bool ChromeLoginPerformer::UseExtendedAuthenticatorForSupervisedUser(
121 const UserContext
& user_context
) {
122 SupervisedUserAuthentication
* authentication
=
123 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
124 return authentication
->GetPasswordSchema(user_context
.GetUserID()) ==
125 SupervisedUserAuthentication::SCHEMA_SALT_HASHED
;
128 UserContext
ChromeLoginPerformer::TransformSupervisedKey(
129 const UserContext
& context
) {
130 SupervisedUserAuthentication
* authentication
=
131 ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication();
132 return authentication
->TransformKey(context
);
135 void ChromeLoginPerformer::SetupSupervisedUserFlow(const std::string
& user_id
) {
136 SupervisedUserLoginFlow
* new_flow
= new SupervisedUserLoginFlow(user_id
);
137 new_flow
->set_host(ChromeUserManager::Get()->GetUserFlow(user_id
)->host());
138 ChromeUserManager::Get()->SetUserFlow(user_id
, new_flow
);
141 bool ChromeLoginPerformer::CheckPolicyForUser(const std::string
& user_id
) {
142 // Login is not allowed if policy could not be loaded for the account.
143 policy::BrowserPolicyConnectorChromeOS
* connector
=
144 g_browser_process
->platform_part()->browser_policy_connector_chromeos();
145 policy::DeviceLocalAccountPolicyService
* policy_service
=
146 connector
->GetDeviceLocalAccountPolicyService();
147 return policy_service
&& policy_service
->IsPolicyAvailableForUser(user_id
);
149 ////////////////////////////////////////////////////////////////////////////////
150 // ChromeLoginPerformer, private:
152 content::BrowserContext
* ChromeLoginPerformer::GetSigninContext() {
153 return ProfileHelper::GetSigninProfile();
156 net::URLRequestContextGetter
* ChromeLoginPerformer::GetSigninRequestContext() {
157 return ProfileHelper::GetSigninProfile()->GetRequestContext();
160 void ChromeLoginPerformer::OnlineWildcardLoginCheckCompleted(
161 const base::Closure
& success_callback
,
162 const base::Closure
& failure_callback
,
163 policy::WildcardLoginChecker::Result result
) {
164 if (result
== policy::WildcardLoginChecker::RESULT_ALLOWED
) {
165 success_callback
.Run();
167 failure_callback
.Run();
171 } // namespace chromeos