blob: 06df112610678f5f654809375aa95fb575c923aa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SAML_SAML_OFFLINE_SIGNIN_LIMITER_H_
#define CHROME_BROWSER_CHROMEOS_LOGIN_SAML_SAML_OFFLINE_SIGNIN_LIMITER_H_
#include "base/basictypes.h"
#include "base/memory/scoped_ptr.h"
#include "base/prefs/pref_change_registrar.h"
#include "base/time/default_clock.h"
#include "base/time/time.h"
#include "base/timer/timer.h"
#include "chromeos/login/auth/user_context.h"
#include "components/keyed_service/core/keyed_service.h"
class Profile;
namespace base {
class Clock;
}
namespace user_prefs {
class PrefRegistrySyncable;
}
namespace chromeos {
// Enforces a limit on the length of time for which a user authenticated via
// SAML can use offline authentication against a cached password before being
// forced to go through online authentication against GAIA again.
class SAMLOfflineSigninLimiter : public KeyedService {
public:
// Registers preferences.
static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
// Called when the user successfully authenticates. |auth_flow| indicates
// the type of authentication flow that the user went through.
void SignedIn(UserContext::AuthFlow auth_flow);
// KeyedService:
virtual void Shutdown() override;
private:
friend class SAMLOfflineSigninLimiterFactory;
friend class SAMLOfflineSigninLimiterTest;
// |profile| and |clock| must remain valid until Shutdown() is called. If
// |clock| is NULL, the |default_clock_| will be used.
SAMLOfflineSigninLimiter(Profile* profile, base::Clock* clock);
virtual ~SAMLOfflineSigninLimiter();
// Recalculates the amount of time remaining until online login should be
// forced and sets the |offline_signin_limit_timer_| accordingly. If the limit
// has expired already, sets the flag enforcing online login immediately.
void UpdateLimit();
// Sets the flag enforcing online login. This will cause the user's next login
// to use online authentication against GAIA.
void ForceOnlineLogin();
base::DefaultClock default_clock_;
Profile* profile_;
base::Clock* clock_;
PrefChangeRegistrar pref_change_registrar_;
scoped_ptr<base::OneShotTimer<SAMLOfflineSigninLimiter> >
offline_signin_limit_timer_;
DISALLOW_COPY_AND_ASSIGN(SAMLOfflineSigninLimiter);
};
} // namespace chromeos
#endif // CHROME_BROWSER_CHROMEOS_LOGIN_SAML_SAML_OFFLINE_SIGNIN_LIMITER_H_
|