summaryrefslogtreecommitdiffstats
path: root/chrome/browser/chromeos/login/saml/saml_offline_signin_limiter.h
blob: 06df112610678f5f654809375aa95fb575c923aa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SAML_SAML_OFFLINE_SIGNIN_LIMITER_H_
#define CHROME_BROWSER_CHROMEOS_LOGIN_SAML_SAML_OFFLINE_SIGNIN_LIMITER_H_

#include "base/basictypes.h"
#include "base/memory/scoped_ptr.h"
#include "base/prefs/pref_change_registrar.h"
#include "base/time/default_clock.h"
#include "base/time/time.h"
#include "base/timer/timer.h"
#include "chromeos/login/auth/user_context.h"
#include "components/keyed_service/core/keyed_service.h"

class Profile;

namespace base {
class Clock;
}

namespace user_prefs {
class PrefRegistrySyncable;
}

namespace chromeos {

// Enforces a limit on the length of time for which a user authenticated via
// SAML can use offline authentication against a cached password before being
// forced to go through online authentication against GAIA again.
class SAMLOfflineSigninLimiter : public KeyedService {
 public:
  // Registers preferences.
  static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);

  // Called when the user successfully authenticates. |auth_flow| indicates
  // the type of authentication flow that the user went through.
  void SignedIn(UserContext::AuthFlow auth_flow);

  // KeyedService:
  virtual void Shutdown() override;

 private:
  friend class SAMLOfflineSigninLimiterFactory;
  friend class SAMLOfflineSigninLimiterTest;

  // |profile| and |clock| must remain valid until Shutdown() is called. If
  // |clock| is NULL, the |default_clock_| will be used.
  SAMLOfflineSigninLimiter(Profile* profile, base::Clock* clock);
  virtual ~SAMLOfflineSigninLimiter();

  // Recalculates the amount of time remaining until online login should be
  // forced and sets the |offline_signin_limit_timer_| accordingly. If the limit
  // has expired already, sets the flag enforcing online login immediately.
  void UpdateLimit();

  // Sets the flag enforcing online login. This will cause the user's next login
  // to use online authentication against GAIA.
  void ForceOnlineLogin();

  base::DefaultClock default_clock_;

  Profile* profile_;
  base::Clock* clock_;

  PrefChangeRegistrar pref_change_registrar_;

  scoped_ptr<base::OneShotTimer<SAMLOfflineSigninLimiter> >
      offline_signin_limit_timer_;

  DISALLOW_COPY_AND_ASSIGN(SAMLOfflineSigninLimiter);
};

}  // namespace chromeos

#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_SAML_SAML_OFFLINE_SIGNIN_LIMITER_H_