• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_AUTHENTICATOR_H_
6 #define CHROME_BROWSER_CHROMEOS_LOGIN_AUTHENTICATOR_H_
7 #pragma once
8 
9 #include "base/basictypes.h"
10 #include "base/memory/ref_counted.h"
11 #include "chrome/browser/chromeos/login/login_status_consumer.h"
12 #include "chrome/common/net/gaia/gaia_auth_consumer.h"
13 
14 class Profile;
15 
16 namespace chromeos {
17 
18 // An interface for objects that will authenticate a Chromium OS user.
19 // When authentication successfully completes, will call
20 // consumer_->OnLoginSuccess() on the UI thread.
21 // On failure, will call consumer_->OnLoginFailure() on the UI thread.
22 // On password change detected, will call
23 // consumer_->OnPasswordChangeDetected() on the UI thread.
24 class Authenticator : public base::RefCountedThreadSafe<Authenticator> {
25  public:
26   // A domain which requires special-case parsing in canonicalization.
27   static const char kSpecialCaseDomain[];
28 
29   explicit Authenticator(LoginStatusConsumer* consumer);
30   virtual ~Authenticator();
31 
32   // Given a |username| and |password|, this method attempts to authenticate
33   // to login.
34   // Optionally |login_token| and |login_captcha| could be provided.
35   // Returns true if we kick off the attempt successfully and false if we can't.
36   // Must be called on the UI thread.
37   virtual bool AuthenticateToLogin(Profile* profile,
38                                    const std::string& username,
39                                    const std::string& password,
40                                    const std::string& login_token,
41                                    const std::string& login_captcha) = 0;
42 
43   // Given a |username| and |password|, this method attempts to
44   // authenticate to unlock the computer.
45   // Returns true if we kick off the attempt successfully and false if
46   // we can't. Must be called on the UI thread.
47   virtual bool AuthenticateToUnlock(const std::string& username,
48                                     const std::string& password) = 0;
49 
50   // Initiates incognito ("browse without signing in") login.
51   virtual void LoginOffTheRecord() = 0;
52 
53   // |credentials| are the tokens that we get back from the ClientLogin API.
54   // |request_pending| is true if we still plan to call consumer_ with the
55   // results of more requests.
56   // Must be called on the UI thread.
57   virtual void OnLoginSuccess(
58       const GaiaAuthConsumer::ClientLoginResult& credentials,
59       bool request_pending) = 0;
60 
61   // Must be called on the UI thread.
62   virtual void OnLoginFailure(const LoginFailure& error) = 0;
63 
64   // Call these methods on the UI thread.
65   // If a password logs the user in online, but cannot be used to
66   // mount his cryptohome, we expect that a password change has
67   // occurred.
68   // Call this method to migrate the user's encrypted data
69   // forward to use his new password.  |old_password| is the password
70   // his data was last encrypted with, |result| is the blob of auth
71   // data passed back through OnPasswordChangeDetected().
72   virtual void RecoverEncryptedData(
73       const std::string& old_password,
74       const GaiaAuthConsumer::ClientLoginResult& credentials) = 0;
75 
76   // Call this method to erase the user's encrypted data
77   // and create a new cryptohome.  |result| is the blob of auth
78   // data passed back through OnPasswordChangeDetected().
79   virtual void ResyncEncryptedData(
80       const GaiaAuthConsumer::ClientLoginResult& credentials) = 0;
81 
82   // Attempt to authenticate online again.
83   virtual void RetryAuth(Profile* profile,
84                          const std::string& username,
85                          const std::string& password,
86                          const std::string& login_token,
87                          const std::string& login_captcha) = 0;
88 
89   // Perform basic canonicalization of |email_address|, taking into account
90   // that gmail does not consider '.' or caps inside a username to matter.
91   // It also ignores everything after a '+'.
92   // For example, c.masone+abc@gmail.com == cMaSone@gmail.com, per
93   // http://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=10313#
94   static std::string Canonicalize(const std::string& email_address);
95 
96  protected:
97   LoginStatusConsumer* consumer_;
98 
99  private:
100   DISALLOW_COPY_AND_ASSIGN(Authenticator);
101 };
102 
103 }  // namespace chromeos
104 
105 #endif  // CHROME_BROWSER_CHROMEOS_LOGIN_AUTHENTICATOR_H_
106