diff options
Diffstat (limited to 'chromeos/login/auth')
| -rw-r--r-- | chromeos/login/auth/authenticator.h | 8 | ||||
| -rw-r--r-- | chromeos/login/auth/cryptohome_authenticator.cc | 41 | ||||
| -rw-r--r-- | chromeos/login/auth/cryptohome_authenticator.h | 4 | ||||
| -rw-r--r-- | chromeos/login/auth/extended_authenticator.h | 13 | ||||
| -rw-r--r-- | chromeos/login/auth/extended_authenticator_impl.cc | 27 | ||||
| -rw-r--r-- | chromeos/login/auth/extended_authenticator_impl.h | 4 | ||||
| -rw-r--r-- | chromeos/login/auth/fake_extended_authenticator.cc | 7 | ||||
| -rw-r--r-- | chromeos/login/auth/fake_extended_authenticator.h | 4 | ||||
| -rw-r--r-- | chromeos/login/auth/login_performer.cc | 11 | ||||
| -rw-r--r-- | chromeos/login/auth/login_performer.h | 4 | ||||
| -rw-r--r-- | chromeos/login/auth/stub_authenticator.cc | 2 | ||||
| -rw-r--r-- | chromeos/login/auth/stub_authenticator.h | 4 | ||||
| -rw-r--r-- | chromeos/login/auth/user_context.cc | 24 | ||||
| -rw-r--r-- | chromeos/login/auth/user_context.h | 6 |
14 files changed, 74 insertions, 85 deletions
diff --git a/chromeos/login/auth/authenticator.h b/chromeos/login/auth/authenticator.h index 1f05bce..422cccd 100644 --- a/chromeos/login/auth/authenticator.h +++ b/chromeos/login/auth/authenticator.h @@ -13,6 +13,8 @@ #include "chromeos/login/auth/auth_status_consumer.h" #include "google_apis/gaia/gaia_auth_consumer.h" +class AccountId; + namespace content { class BrowserContext; } @@ -56,11 +58,11 @@ class CHROMEOS_EXPORT Authenticator // Initiates login into the public account identified by |user_context|. virtual void LoginAsPublicSession(const UserContext& user_context) = 0; - // Initiates login into kiosk mode account identified by |app_user_id|. - // The |app_user_id| is a generated username for the account. + // Initiates login into kiosk mode account identified by |app_account_id|. + // The |app_account_id| is a generated account id for the account. // |use_guest_mount| specifies whether to force the session to use a // guest mount. If this is false, we use mount a public cryptohome. - virtual void LoginAsKioskAccount(const std::string& app_user_id, + virtual void LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount) = 0; // Notifies caller that login was successful. Must be called on the UI thread. diff --git a/chromeos/login/auth/cryptohome_authenticator.cc b/chromeos/login/auth/cryptohome_authenticator.cc index df430d0..913af5d 100644 --- a/chromeos/login/auth/cryptohome_authenticator.cc +++ b/chromeos/login/auth/cryptohome_authenticator.cc @@ -149,8 +149,7 @@ void DoMount(const base::WeakPtr<AuthAttemptState>& attempt, } cryptohome::HomedirMethods::GetInstance()->MountEx( - cryptohome::Identification( - attempt->user_context.GetAccountId().GetUserEmail()), + cryptohome::Identification(attempt->user_context.GetAccountId()), cryptohome::Authorization(auth_key), mount, base::Bind(&OnMount, attempt, resolver)); } @@ -267,8 +266,7 @@ void StartMount(const base::WeakPtr<AuthAttemptState>& attempt, } cryptohome::HomedirMethods::GetInstance()->GetKeyDataEx( - cryptohome::Identification( - attempt->user_context.GetAccountId().GetUserEmail()), + cryptohome::Identification(attempt->user_context.GetAccountId()), kCryptohomeGAIAKeyLabel, base::Bind(&OnGetKeyDataEx, attempt, resolver, ephemeral, create_if_nonexistent)); } @@ -284,7 +282,7 @@ void MountGuestAndGetHash(const base::WeakPtr<AuthAttemptState>& attempt, attempt, resolver)); cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), base::Bind(&TriggerResolveHash, attempt, resolver)); } @@ -293,11 +291,11 @@ void MountPublic(const base::WeakPtr<AuthAttemptState>& attempt, scoped_refptr<CryptohomeAuthenticator> resolver, int flags) { cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountPublic( - attempt->user_context.GetAccountId().GetUserEmail(), flags, + cryptohome::Identification(attempt->user_context.GetAccountId()), flags, base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMountPublic-End", attempt, resolver)); cryptohome::AsyncMethodCaller::GetInstance()->AsyncGetSanitizedUsername( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), base::Bind(&TriggerResolveHash, attempt, resolver)); } @@ -320,13 +318,13 @@ void Migrate(const base::WeakPtr<AuthAttemptState>& attempt, TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); if (passing_old_hash) { caller->AsyncMigrateKey( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), old_key->GetSecret(), new_key->GetSecret(), base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", attempt, resolver)); } else { caller->AsyncMigrateKey( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), new_key->GetSecret(), old_key->GetSecret(), base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeMount-End", attempt, resolver)); @@ -339,7 +337,7 @@ void Remove(const base::WeakPtr<AuthAttemptState>& attempt, chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker( "CryptohomeRemove-Start", false); cryptohome::AsyncMethodCaller::GetInstance()->AsyncRemove( - attempt->user_context.GetAccountId().GetUserEmail(), + cryptohome::Identification(attempt->user_context.GetAccountId()), base::Bind(&TriggerResolveWithLoginTimeMarker, "CryptohomeRemove-End", attempt, resolver)); } @@ -351,8 +349,8 @@ void CheckKey(const base::WeakPtr<AuthAttemptState>& attempt, scoped_ptr<Key> key = TransformKeyIfNeeded(*attempt->user_context.GetKey(), system_salt); cryptohome::AsyncMethodCaller::GetInstance()->AsyncCheckKey( - attempt->user_context.GetAccountId().GetUserEmail(), key->GetSecret(), - base::Bind(&TriggerResolve, attempt, resolver)); + cryptohome::Identification(attempt->user_context.GetAccountId()), + key->GetSecret(), base::Bind(&TriggerResolve, attempt, resolver)); } } // namespace @@ -447,12 +445,11 @@ void CryptohomeAuthenticator::LoginAsSupervisedUser( void CryptohomeAuthenticator::LoginOffTheRecord() { DCHECK(task_runner_->RunsTasksOnCurrentThread()); - current_state_.reset( - new AuthAttemptState(UserContext(user_manager::USER_TYPE_GUEST, - login::GuestAccountId().GetUserEmail()), - false, // unlock - false, // online_complete - false)); // user_is_new + current_state_.reset(new AuthAttemptState( + UserContext(user_manager::USER_TYPE_GUEST, login::GuestAccountId()), + false, // unlock + false, // online_complete + false)); // user_is_new remove_user_data_on_failure_ = false; ephemeral_mount_attempted_ = true; MountGuestAndGetHash(current_state_->AsWeakPtr(), @@ -477,14 +474,14 @@ void CryptohomeAuthenticator::LoginAsPublicSession( } void CryptohomeAuthenticator::LoginAsKioskAccount( - const std::string& app_user_id, + const AccountId& app_account_id, bool use_guest_mount) { DCHECK(task_runner_->RunsTasksOnCurrentThread()); - const std::string user_id = - use_guest_mount ? login::GuestAccountId().GetUserEmail() : app_user_id; + const AccountId& account_id = + use_guest_mount ? login::GuestAccountId() : app_account_id; current_state_.reset(new AuthAttemptState( - UserContext(user_manager::USER_TYPE_KIOSK_APP, user_id), + UserContext(user_manager::USER_TYPE_KIOSK_APP, account_id), false, // unlock false, // online_complete false)); // user_is_new diff --git a/chromeos/login/auth/cryptohome_authenticator.h b/chromeos/login/auth/cryptohome_authenticator.h index d767bd9..cfac3d3 100644 --- a/chromeos/login/auth/cryptohome_authenticator.h +++ b/chromeos/login/auth/cryptohome_authenticator.h @@ -129,12 +129,12 @@ class CHROMEOS_EXPORT CryptohomeAuthenticator // success/failure. void LoginAsPublicSession(const UserContext& user_context) override; - // Initiates login into the kiosk mode account identified by |app_user_id|. + // Initiates login into the kiosk mode account identified by |app_account_id|. // Mounts an ephemeral guest cryptohome if |use_guest_mount| is |true|. // Otherwise, mounts a public cryptohome, which will be ephemeral if the // |DeviceEphemeralUsersEnabled| policy is enabled and non-ephemeral // otherwise. - void LoginAsKioskAccount(const std::string& app_user_id, + void LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount) override; // These methods must be called on the UI thread, as they make DBus calls diff --git a/chromeos/login/auth/extended_authenticator.h b/chromeos/login/auth/extended_authenticator.h index deaa6c4..0a0a877 100644 --- a/chromeos/login/auth/extended_authenticator.h +++ b/chromeos/login/auth/extended_authenticator.h @@ -15,6 +15,8 @@ #include "chromeos/chromeos_export.h" #include "chromeos/cryptohome/cryptohome_parameters.h" +class AccountId; + namespace chromeos { class AuthStatusConsumer; @@ -68,12 +70,13 @@ class CHROMEOS_EXPORT ExtendedAuthenticator virtual void AuthenticateToCheck(const UserContext& context, const base::Closure& success_callback) = 0; - // This call will create and mount the home dir for |user_id| with the given - // |keys| if the home dir is missing. If the home dir exists already, a mount - // attempt will be performed using the first key in |keys| for authentication. - // Note that all |keys| should have been transformed from plain text already. + // This call will create and mount the home dir for |account_id| with the + // given |keys| if the home dir is missing. If the home dir exists already, a + // mount attempt will be performed using the first key in |keys| for + // authentication. Note that all |keys| should have been transformed from + // plain text already. // This method does not alter them. - virtual void CreateMount(const std::string& user_id, + virtual void CreateMount(const AccountId& account_id, const std::vector<cryptohome::KeyDefinition>& keys, const ResultCallback& success_callback) = 0; diff --git a/chromeos/login/auth/extended_authenticator_impl.cc b/chromeos/login/auth/extended_authenticator_impl.cc index 25d9520..98ec0b9 100644 --- a/chromeos/login/auth/extended_authenticator_impl.cc +++ b/chromeos/login/auth/extended_authenticator_impl.cc @@ -82,19 +82,18 @@ void ExtendedAuthenticatorImpl::AuthenticateToCheck( } void ExtendedAuthenticatorImpl::CreateMount( - const std::string& user_id, + const AccountId& account_id, const std::vector<cryptohome::KeyDefinition>& keys, const ResultCallback& success_callback) { RecordStartMarker("MountEx"); - std::string canonicalized = gaia::CanonicalizeEmail(user_id); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(account_id); cryptohome::Authorization auth(keys.front()); cryptohome::MountParameters mount(false); for (size_t i = 0; i < keys.size(); i++) { mount.create_keys.push_back(keys[i]); } - UserContext context(AccountId::FromUserEmail(user_id)); + UserContext context(account_id); Key key(keys.front().secret); key.SetLabel(keys.front().label); context.SetKey(key); @@ -189,9 +188,7 @@ void ExtendedAuthenticatorImpl::DoAuthenticateToMount( const UserContext& user_context) { RecordStartMarker("MountEx"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const key = user_context.GetKey(); cryptohome::Authorization auth(key->GetSecret(), key->GetLabel()); cryptohome::MountParameters mount(false); @@ -212,9 +209,7 @@ void ExtendedAuthenticatorImpl::DoAuthenticateToCheck( const UserContext& user_context) { RecordStartMarker("CheckKeyEx"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const key = user_context.GetKey(); cryptohome::Authorization auth(key->GetSecret(), key->GetLabel()); @@ -234,9 +229,7 @@ void ExtendedAuthenticatorImpl::DoAddKey(const cryptohome::KeyDefinition& key, const UserContext& user_context) { RecordStartMarker("AddKeyEx"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const auth_key = user_context.GetKey(); cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel()); @@ -259,9 +252,7 @@ void ExtendedAuthenticatorImpl::DoUpdateKeyAuthorized( const UserContext& user_context) { RecordStartMarker("UpdateKeyAuthorized"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const auth_key = user_context.GetKey(); cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel()); @@ -282,9 +273,7 @@ void ExtendedAuthenticatorImpl::DoRemoveKey(const std::string& key_to_remove, const UserContext& user_context) { RecordStartMarker("RemoveKeyEx"); - const std::string canonicalized = - gaia::CanonicalizeEmail(user_context.GetAccountId().GetUserEmail()); - cryptohome::Identification id(canonicalized); + cryptohome::Identification id(user_context.GetAccountId()); const Key* const auth_key = user_context.GetKey(); cryptohome::Authorization auth(auth_key->GetSecret(), auth_key->GetLabel()); diff --git a/chromeos/login/auth/extended_authenticator_impl.h b/chromeos/login/auth/extended_authenticator_impl.h index a292e9e..550ba3f 100644 --- a/chromeos/login/auth/extended_authenticator_impl.h +++ b/chromeos/login/auth/extended_authenticator_impl.h @@ -15,6 +15,8 @@ #include "chromeos/login/auth/extended_authenticator.h" #include "third_party/cros_system_api/dbus/service_constants.h" +class AccountId; + namespace chromeos { class AuthStatusConsumer; @@ -32,7 +34,7 @@ class CHROMEOS_EXPORT ExtendedAuthenticatorImpl : public ExtendedAuthenticator { const ResultCallback& success_callback) override; void AuthenticateToCheck(const UserContext& context, const base::Closure& success_callback) override; - void CreateMount(const std::string& user_id, + void CreateMount(const AccountId& account_id, const std::vector<cryptohome::KeyDefinition>& keys, const ResultCallback& success_callback) override; void AddKey(const UserContext& context, diff --git a/chromeos/login/auth/fake_extended_authenticator.cc b/chromeos/login/auth/fake_extended_authenticator.cc index e57755b..b44255b 100644 --- a/chromeos/login/auth/fake_extended_authenticator.cc +++ b/chromeos/login/auth/fake_extended_authenticator.cc @@ -65,9 +65,10 @@ void FakeExtendedAuthenticator::AuthenticateToCheck( AuthFailure(AuthFailure::UNLOCK_FAILED)); } -void FakeExtendedAuthenticator::CreateMount(const std::string& user_id, - const std::vector<cryptohome::KeyDefinition>& keys, - const ResultCallback& success_callback) { +void FakeExtendedAuthenticator::CreateMount( + const AccountId& account_id, + const std::vector<cryptohome::KeyDefinition>& keys, + const ResultCallback& success_callback) { NOTREACHED(); } diff --git a/chromeos/login/auth/fake_extended_authenticator.h b/chromeos/login/auth/fake_extended_authenticator.h index 96dc4f4..ee48944 100644 --- a/chromeos/login/auth/fake_extended_authenticator.h +++ b/chromeos/login/auth/fake_extended_authenticator.h @@ -10,6 +10,8 @@ #include "chromeos/login/auth/extended_authenticator.h" #include "chromeos/login/auth/user_context.h" +class AccountId; + namespace chromeos { class AuthFailure; @@ -27,7 +29,7 @@ class CHROMEOS_EXPORT FakeExtendedAuthenticator : public ExtendedAuthenticator { const ResultCallback& success_callback) override; void AuthenticateToCheck(const UserContext& context, const base::Closure& success_callback) override; - void CreateMount(const std::string& user_id, + void CreateMount(const AccountId& account_id, const std::vector<cryptohome::KeyDefinition>& keys, const ResultCallback& success_callback) override; void AddKey(const UserContext& context, diff --git a/chromeos/login/auth/login_performer.cc b/chromeos/login/auth/login_performer.cc index b358105..6d949f4 100644 --- a/chromeos/login/auth/login_performer.cc +++ b/chromeos/login/auth/login_performer.cc @@ -228,14 +228,13 @@ void LoginPerformer::LoginOffTheRecord() { base::Bind(&Authenticator::LoginOffTheRecord, authenticator_.get())); } -void LoginPerformer::LoginAsKioskAccount(const std::string& app_user_id, +void LoginPerformer::LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount) { EnsureAuthenticator(); - task_runner_->PostTask(FROM_HERE, - base::Bind(&Authenticator::LoginAsKioskAccount, - authenticator_.get(), - app_user_id, - use_guest_mount)); + task_runner_->PostTask( + FROM_HERE, + base::Bind(&Authenticator::LoginAsKioskAccount, authenticator_.get(), + app_account_id, use_guest_mount)); } void LoginPerformer::RecoverEncryptedData(const std::string& old_password) { diff --git a/chromeos/login/auth/login_performer.h b/chromeos/login/auth/login_performer.h index 915ee35..3eb2c4f6 100644 --- a/chromeos/login/auth/login_performer.h +++ b/chromeos/login/auth/login_performer.h @@ -79,8 +79,8 @@ class CHROMEOS_EXPORT LoginPerformer : public AuthStatusConsumer { // Performs public session login with a given |user_context|. void LoginAsPublicSession(const UserContext& user_context); - // Performs a login into the kiosk mode account with |app_user_id|. - void LoginAsKioskAccount(const std::string& app_user_id, + // Performs a login into the kiosk mode account with |app_account_id|. + void LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount); // AuthStatusConsumer implementation: diff --git a/chromeos/login/auth/stub_authenticator.cc b/chromeos/login/auth/stub_authenticator.cc index 371453d..d48d596 100644 --- a/chromeos/login/auth/stub_authenticator.cc +++ b/chromeos/login/auth/stub_authenticator.cc @@ -75,7 +75,7 @@ void StubAuthenticator::LoginAsPublicSession(const UserContext& user_context) { } void StubAuthenticator::LoginAsKioskAccount( - const std::string& /* app_user_id */, + const AccountId& /* app_account_id */, bool use_guest_mount) { UserContext user_context(expected_user_context_.GetAccountId()); user_context.SetIsUsingOAuth(false); diff --git a/chromeos/login/auth/stub_authenticator.h b/chromeos/login/auth/stub_authenticator.h index 8c67874..10f9775 100644 --- a/chromeos/login/auth/stub_authenticator.h +++ b/chromeos/login/auth/stub_authenticator.h @@ -13,6 +13,8 @@ #include "chromeos/login/auth/authenticator.h" #include "chromeos/login/auth/user_context.h" +class AccountId; + namespace content { class BrowserContext; } @@ -35,7 +37,7 @@ class CHROMEOS_EXPORT StubAuthenticator : public Authenticator { void LoginAsSupervisedUser(const UserContext& user_context) override; void LoginOffTheRecord() override; void LoginAsPublicSession(const UserContext& user_context) override; - void LoginAsKioskAccount(const std::string& app_user_id, + void LoginAsKioskAccount(const AccountId& app_account_id, bool use_guest_mount) override; void OnAuthSuccess() override; void OnAuthFailure(const AuthFailure& failure) override; diff --git a/chromeos/login/auth/user_context.cc b/chromeos/login/auth/user_context.cc index 0060e3c..7eed5e0 100644 --- a/chromeos/login/auth/user_context.cc +++ b/chromeos/login/auth/user_context.cc @@ -11,7 +11,6 @@ UserContext::UserContext() : account_id_(EmptyAccountId()) {} UserContext::UserContext(const UserContext& other) : account_id_(other.account_id_), - gaia_id_(other.gaia_id_), key_(other.key_), auth_code_(other.auth_code_), refresh_token_(other.refresh_token_), @@ -32,20 +31,19 @@ UserContext::UserContext(const AccountId& account_id) } UserContext::UserContext(user_manager::UserType user_type, - const std::string& user_id) - : account_id_(EmptyAccountId()), user_type_(user_type) { + const AccountId& account_id) + : account_id_(account_id), user_type_(user_type) { if (user_type_ == user_manager::USER_TYPE_REGULAR) - account_id_ = AccountId::FromUserEmail(login::CanonicalizeUserID(user_id)); - else - account_id_ = AccountId::FromUserEmail(user_id); + account_id_.SetUserEmail( + login::CanonicalizeUserID(account_id_.GetUserEmail())); } UserContext::~UserContext() { } bool UserContext::operator==(const UserContext& context) const { - return context.account_id_ == account_id_ && context.gaia_id_ == gaia_id_ && - context.key_ == key_ && context.auth_code_ == auth_code_ && + return context.account_id_ == account_id_ && context.key_ == key_ && + context.auth_code_ == auth_code_ && context.refresh_token_ == refresh_token_ && context.access_token_ == access_token_ && context.user_id_hash_ == user_id_hash_ && @@ -64,7 +62,7 @@ const AccountId& UserContext::GetAccountId() const { } const std::string& UserContext::GetGaiaID() const { - return gaia_id_; + return account_id_.GetGaiaId(); } const Key* UserContext::GetKey() const { @@ -124,12 +122,8 @@ bool UserContext::HasCredentials() const { !auth_code_.empty(); } -void UserContext::SetUserID(const std::string& user_id) { - account_id_ = AccountId::FromUserEmail(login::CanonicalizeUserID(user_id)); -} - -void UserContext::SetGaiaID(const std::string& gaia_id) { - gaia_id_ = gaia_id; +void UserContext::SetAccountId(const AccountId& account_id) { + account_id_ = account_id; } void UserContext::SetKey(const Key& key) { diff --git a/chromeos/login/auth/user_context.h b/chromeos/login/auth/user_context.h index a4440cc..6f29645 100644 --- a/chromeos/login/auth/user_context.h +++ b/chromeos/login/auth/user_context.h @@ -40,7 +40,7 @@ class CHROMEOS_EXPORT UserContext { UserContext(); UserContext(const UserContext& other); explicit UserContext(const AccountId& account_id); - UserContext(user_manager::UserType user_type, const std::string& user_id); + UserContext(user_manager::UserType user_type, const AccountId& account_id); ~UserContext(); bool operator==(const UserContext& context) const; @@ -64,8 +64,7 @@ class CHROMEOS_EXPORT UserContext { bool HasCredentials() const; - void SetUserID(const std::string& user_id); - void SetGaiaID(const std::string& gaia_id); + void SetAccountId(const AccountId& account_id); void SetKey(const Key& key); void SetAuthCode(const std::string& auth_code); void SetRefreshToken(const std::string& refresh_token); @@ -83,7 +82,6 @@ class CHROMEOS_EXPORT UserContext { private: AccountId account_id_; - std::string gaia_id_; Key key_; std::string auth_code_; std::string refresh_token_; |