1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_USER_MANAGER_IMPL_H_ 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_USER_MANAGER_IMPL_H_ 7 8 #include <map> 9 #include <string> 10 #include <vector> 11 12 #include "base/basictypes.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/observer_list.h" 15 #include "base/synchronization/lock.h" 16 #include "base/time/time.h" 17 #include "chrome/browser/chromeos/login/login_utils.h" 18 #include "chrome/browser/chromeos/login/multi_profile_user_controller_delegate.h" 19 #include "chrome/browser/chromeos/login/user.h" 20 #include "chrome/browser/chromeos/login/user_image_manager_impl.h" 21 #include "chrome/browser/chromeos/login/user_manager.h" 22 #include "chrome/browser/chromeos/login/wallpaper_manager.h" 23 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" 24 #include "chrome/browser/chromeos/settings/cros_settings.h" 25 #include "chrome/browser/chromeos/settings/device_settings_service.h" 26 #include "chromeos/dbus/session_manager_client.h" 27 #include "content/public/browser/notification_observer.h" 28 #include "content/public/browser/notification_registrar.h" 29 30 class PrefService; 31 class ProfileSyncService; 32 33 namespace policy { 34 struct DeviceLocalAccount; 35 } 36 37 namespace chromeos { 38 39 class MultiProfileFirstRunNotification; 40 class MultiProfileUserController; 41 class RemoveUserDelegate; 42 class SupervisedUserManagerImpl; 43 class SessionLengthLimiter; 44 45 // Implementation of the UserManager. 46 class UserManagerImpl 47 : public UserManager, 48 public LoginUtils::Delegate, 49 public content::NotificationObserver, 50 public policy::DeviceLocalAccountPolicyService::Observer, 51 public MultiProfileUserControllerDelegate { 52 public: 53 virtual ~UserManagerImpl(); 54 55 // UserManager implementation: 56 virtual void Shutdown() OVERRIDE; 57 virtual UserImageManager* GetUserImageManager() OVERRIDE; 58 virtual SupervisedUserManager* GetSupervisedUserManager() OVERRIDE; 59 virtual const UserList& GetUsers() const OVERRIDE; 60 virtual UserList GetUsersAdmittedForMultiProfile() const OVERRIDE; 61 virtual const UserList& GetLoggedInUsers() const OVERRIDE; 62 virtual const UserList& GetLRULoggedInUsers() OVERRIDE; 63 virtual UserList GetUnlockUsers() const OVERRIDE; 64 virtual const std::string& GetOwnerEmail() OVERRIDE; 65 virtual void UserLoggedIn(const std::string& user_id, 66 const std::string& user_id_hash, 67 bool browser_restart) OVERRIDE; 68 virtual void SwitchActiveUser(const std::string& user_id) OVERRIDE; 69 virtual void RestoreActiveSessions() OVERRIDE; 70 virtual void SessionStarted() OVERRIDE; 71 virtual void RemoveUser(const std::string& user_id, 72 RemoveUserDelegate* delegate) OVERRIDE; 73 virtual void RemoveUserFromList(const std::string& user_id) OVERRIDE; 74 virtual bool IsKnownUser(const std::string& user_id) const OVERRIDE; 75 virtual const User* FindUser(const std::string& user_id) const OVERRIDE; 76 virtual User* FindUserAndModify(const std::string& user_id) OVERRIDE; 77 virtual const User* GetLoggedInUser() const OVERRIDE; 78 virtual User* GetLoggedInUser() OVERRIDE; 79 virtual const User* GetActiveUser() const OVERRIDE; 80 virtual User* GetActiveUser() OVERRIDE; 81 virtual const User* GetPrimaryUser() const OVERRIDE; 82 virtual User* GetUserByProfile(Profile* profile) const OVERRIDE; 83 virtual Profile* GetProfileByUser(const User* user) const OVERRIDE; 84 virtual void SaveUserOAuthStatus( 85 const std::string& user_id, 86 User::OAuthTokenStatus oauth_token_status) OVERRIDE; 87 virtual void SaveUserDisplayName(const std::string& user_id, 88 const base::string16& display_name) OVERRIDE; 89 virtual base::string16 GetUserDisplayName( 90 const std::string& user_id) const OVERRIDE; 91 virtual void SaveUserDisplayEmail(const std::string& user_id, 92 const std::string& display_email) OVERRIDE; 93 virtual std::string GetUserDisplayEmail( 94 const std::string& user_id) const OVERRIDE; 95 virtual void UpdateUserAccountData( 96 const std::string& user_id, 97 const UserAccountData& account_data) OVERRIDE; 98 virtual bool IsCurrentUserOwner() const OVERRIDE; 99 virtual bool IsCurrentUserNew() const OVERRIDE; 100 virtual bool IsCurrentUserNonCryptohomeDataEphemeral() const OVERRIDE; 101 virtual bool CanCurrentUserLock() const OVERRIDE; 102 virtual bool IsUserLoggedIn() const OVERRIDE; 103 virtual bool IsLoggedInAsRegularUser() const OVERRIDE; 104 virtual bool IsLoggedInAsDemoUser() const OVERRIDE; 105 virtual bool IsLoggedInAsPublicAccount() const OVERRIDE; 106 virtual bool IsLoggedInAsGuest() const OVERRIDE; 107 virtual bool IsLoggedInAsLocallyManagedUser() const OVERRIDE; 108 virtual bool IsLoggedInAsKioskApp() const OVERRIDE; 109 virtual bool IsLoggedInAsStub() const OVERRIDE; 110 virtual bool IsSessionStarted() const OVERRIDE; 111 virtual bool UserSessionsRestored() const OVERRIDE; 112 virtual bool HasBrowserRestarted() const OVERRIDE; 113 virtual bool IsUserNonCryptohomeDataEphemeral( 114 const std::string& user_id) const OVERRIDE; 115 virtual void AddObserver(UserManager::Observer* obs) OVERRIDE; 116 virtual void RemoveObserver(UserManager::Observer* obs) OVERRIDE; 117 virtual void AddSessionStateObserver( 118 UserManager::UserSessionStateObserver* obs) OVERRIDE; 119 virtual void RemoveSessionStateObserver( 120 UserManager::UserSessionStateObserver* obs) OVERRIDE; 121 virtual void NotifyLocalStateChanged() OVERRIDE; 122 123 virtual UserFlow* GetCurrentUserFlow() const OVERRIDE; 124 virtual UserFlow* GetUserFlow(const std::string& user_id) const OVERRIDE; 125 virtual void SetUserFlow(const std::string& user_id, UserFlow* flow) OVERRIDE; 126 virtual void ResetUserFlow(const std::string& user_id) OVERRIDE; 127 virtual bool GetAppModeChromeClientOAuthInfo( 128 std::string* chrome_client_id, 129 std::string* chrome_client_secret) OVERRIDE; 130 virtual void SetAppModeChromeClientOAuthInfo( 131 const std::string& chrome_client_id, 132 const std::string& chrome_client_secret) OVERRIDE; 133 virtual bool AreLocallyManagedUsersAllowed() const OVERRIDE; 134 virtual base::FilePath GetUserProfileDir( 135 const std::string& user_id) const OVERRIDE; 136 137 // content::NotificationObserver implementation. 138 virtual void Observe(int type, 139 const content::NotificationSource& source, 140 const content::NotificationDetails& details) OVERRIDE; 141 142 // policy::DeviceLocalAccountPolicyService::Observer implementation. 143 virtual void OnPolicyUpdated(const std::string& user_id) OVERRIDE; 144 virtual void OnDeviceLocalAccountsChanged() OVERRIDE; 145 146 virtual bool RespectLocalePreference( 147 Profile* profile, 148 const User* user, 149 scoped_ptr<locale_util::SwitchLanguageCallback> callback) const OVERRIDE; 150 151 private: 152 friend class SupervisedUserManagerImpl; 153 friend class UserManager; 154 friend class WallpaperManager; 155 friend class UserManagerTest; 156 friend class WallpaperManagerTest; 157 158 // Stages of loading user list from preferences. Some methods can have 159 // different behavior depending on stage. 160 enum UserLoadStage { 161 STAGE_NOT_LOADED = 0, 162 STAGE_LOADING, 163 STAGE_LOADED 164 }; 165 166 UserManagerImpl(); 167 168 // LoginUtils::Delegate implementation: 169 // Used when restoring user sessions after crash. 170 virtual void OnProfilePrepared(Profile* profile) OVERRIDE; 171 172 // Loads |users_| from Local State if the list has not been loaded yet. 173 // Subsequent calls have no effect. Must be called on the UI thread. 174 void EnsureUsersLoaded(); 175 176 // Retrieves trusted device policies and removes users from the persistent 177 // list if ephemeral users are enabled. Schedules a callback to itself if 178 // trusted device policies are not yet available. 179 void RetrieveTrustedDevicePolicies(); 180 181 // Returns true if trusted device policies have successfully been retrieved 182 // and ephemeral users are enabled. 183 bool AreEphemeralUsersEnabled() const; 184 185 // Returns a list of users who have logged into this device previously. 186 // Same as GetUsers but used if you need to modify User from that list. 187 UserList& GetUsersAndModify(); 188 189 // Returns the user with the given email address if found in the persistent 190 // list. Returns |NULL| otherwise. 191 const User* FindUserInList(const std::string& user_id) const; 192 193 // Returns |true| if user with the given id is found in the persistent list. 194 // Returns |false| otherwise. Does not trigger user loading. 195 const bool UserExistsInList(const std::string& user_id) const; 196 197 // Same as FindUserInList but returns non-const pointer to User object. 198 User* FindUserInListAndModify(const std::string& user_id); 199 200 // Indicates that a user just logged in as guest. 201 void GuestUserLoggedIn(); 202 203 // Indicates that a regular user just logged in. 204 void RegularUserLoggedIn(const std::string& user_id); 205 206 // Indicates that a regular user just logged in as ephemeral. 207 void RegularUserLoggedInAsEphemeral(const std::string& user_id); 208 209 // Indicates that a locally managed user just logged in. 210 void LocallyManagedUserLoggedIn(const std::string& user_id); 211 212 // Indicates that a user just logged into a public session. 213 void PublicAccountUserLoggedIn(User* user); 214 215 // Indicates that a kiosk app robot just logged in. 216 void KioskAppLoggedIn(const std::string& app_id); 217 218 // Indicates that a user just logged into a retail mode session. 219 void RetailModeUserLoggedIn(); 220 221 // Notifies that user has logged in. 222 // Sends NOTIFICATION_LOGIN_USER_CHANGED notification. 223 void NotifyOnLogin(); 224 225 // Reads user's oauth token status from local state preferences. 226 User::OAuthTokenStatus LoadUserOAuthStatus(const std::string& user_id) const; 227 228 void SetCurrentUserIsOwner(bool is_current_user_owner); 229 230 // Updates current user ownership on UI thread. 231 void UpdateOwnership(); 232 233 // Removes data stored or cached outside the user's cryptohome (wallpaper, 234 // avatar, OAuth token status, display name, display email). 235 void RemoveNonCryptohomeData(const std::string& user_id); 236 237 // Removes a regular or locally managed user from the user list. 238 // Returns the user if found or NULL otherwise. 239 // Also removes the user from the persistent user list. 240 User* RemoveRegularOrLocallyManagedUserFromList(const std::string& user_id); 241 242 // If data for a public account is marked as pending removal and the user is 243 // no longer logged into that account, removes the data. 244 void CleanUpPublicAccountNonCryptohomeDataPendingRemoval(); 245 246 // Removes data belonging to public accounts that are no longer found on the 247 // user list. If the user is currently logged into one of these accounts, the 248 // data for that account is not removed immediately but marked as pending 249 // removal after logout. 250 void CleanUpPublicAccountNonCryptohomeData( 251 const std::vector<std::string>& old_public_accounts); 252 253 // Replaces the list of public accounts with those found in 254 // |device_local_accounts|. Ensures that data belonging to accounts no longer 255 // on the list is removed. Returns |true| if the list has changed. 256 // Public accounts are defined by policy. This method is called whenever an 257 // updated list of public accounts is received from policy. 258 bool UpdateAndCleanUpPublicAccounts( 259 const std::vector<policy::DeviceLocalAccount>& device_local_accounts); 260 261 // Updates the display name for public account |username| from policy settings 262 // associated with that username. 263 void UpdatePublicAccountDisplayName(const std::string& user_id); 264 265 // Notifies the UI about a change to the user list. 266 void NotifyUserListChanged(); 267 268 // Notifies observers that merge session state had changed. 269 void NotifyMergeSessionStateChanged(); 270 271 // Notifies observers that active user has changed. 272 void NotifyActiveUserChanged(const User* active_user); 273 274 // Notifies observers that another user was added to the session. 275 void NotifyUserAddedToSession(const User* added_user); 276 277 // Notifies observers that active user_id hash has changed. 278 void NotifyActiveUserHashChanged(const std::string& hash); 279 280 // Notifies observers that user pending sessions restore has finished. 281 void NotifyPendingUserSessionsRestoreFinished(); 282 283 // Lazily creates default user flow. 284 UserFlow* GetDefaultUserFlow() const; 285 286 // Update the global LoginState. 287 void UpdateLoginState(); 288 289 // Insert |user| at the front of the LRU user list.. 290 void SetLRUUser(User* user); 291 292 // Adds |user| to users list, and adds it to front of LRU list. It is assumed 293 // that there is no user with same id. 294 void AddUserRecord(User* user); 295 296 // Callback to process RetrieveActiveSessions() request results. 297 void OnRestoreActiveSessions( 298 const SessionManagerClient::ActiveSessionsMap& sessions, 299 bool success); 300 301 // Called by OnRestoreActiveSessions() when there're user sessions in 302 // |pending_user_sessions_| that has to be restored one by one. 303 // Also called after first user session from that list is restored and so on. 304 // Process continues till |pending_user_sessions_| map is not empty. 305 void RestorePendingUserSessions(); 306 307 // Sends metrics in response to a regular user logging in. 308 void SendRegularUserLoginMetrics(const std::string& user_id); 309 310 // Implementation for RemoveUser method. This is an asynchronous part of the 311 // method, that verifies that owner will not get deleted, and calls 312 // |RemoveNonOwnerUserInternal|. 313 void RemoveUserInternal(const std::string& user_email, 314 RemoveUserDelegate* delegate); 315 316 // Implementation for RemoveUser method. It is synchronous. It is called from 317 // RemoveUserInternal after owner check. 318 void RemoveNonOwnerUserInternal(const std::string& user_email, 319 RemoveUserDelegate* delegate); 320 321 // MultiProfileUserControllerDelegate implementation: 322 virtual void OnUserNotAllowed() OVERRIDE; 323 324 // Sets account locale for user with id |user_id|. 325 virtual void UpdateUserAccountLocale(const std::string& user_id, 326 const std::string& locale); 327 328 // Updates user account after locale was resolved. 329 void DoUpdateAccountLocale(const std::string& user_id, 330 const std::string& resolved_locale); 331 332 // Interface to the signed settings store. 333 CrosSettings* cros_settings_; 334 335 // Interface to device-local account definitions and associated policy. 336 policy::DeviceLocalAccountPolicyService* device_local_account_policy_service_; 337 338 // Indicates stage of loading user from prefs. 339 UserLoadStage user_loading_stage_; 340 341 // List of all known users. User instances are owned by |this|. Regular users 342 // are removed by |RemoveUserFromList|, public accounts by 343 // |UpdateAndCleanUpPublicAccounts|. 344 UserList users_; 345 346 // List of all users that are logged in current session. These point to User 347 // instances in |users_|. Only one of them could be marked as active. 348 UserList logged_in_users_; 349 350 // A list of all users that are logged in the current session. In contrast to 351 // |logged_in_users|, the order of this list is least recently used so that 352 // the active user should always be the first one in the list. 353 UserList lru_logged_in_users_; 354 355 // The list which gets reported when the |lru_logged_in_users_| list is empty. 356 UserList temp_single_logged_in_users_; 357 358 // The logged-in user that is currently active in current session. 359 // NULL until a user has logged in, then points to one 360 // of the User instances in |users_|, the |guest_user_| instance or an 361 // ephemeral user instance. 362 User* active_user_; 363 364 // The primary user of the current session. It is recorded for the first 365 // signed-in user and does not change thereafter. 366 User* primary_user_; 367 368 // True if SessionStarted() has been called. 369 bool session_started_; 370 371 // True is user sessions has been restored after crash. 372 // On a normal boot then login into user sessions this will be false. 373 bool user_sessions_restored_; 374 375 // Cached flag of whether currently logged-in user is owner or not. 376 // May be accessed on different threads, requires locking. 377 bool is_current_user_owner_; 378 mutable base::Lock is_current_user_owner_lock_; 379 380 // Cached flag of whether the currently logged-in user existed before this 381 // login. 382 bool is_current_user_new_; 383 384 // Cached flag of whether the currently logged-in user is a regular user who 385 // logged in as ephemeral. Storage of persistent information is avoided for 386 // such users by not adding them to the persistent user list, not downloading 387 // their custom avatars and mounting their cryptohomes using tmpfs. Defaults 388 // to |false|. 389 bool is_current_user_ephemeral_regular_user_; 390 391 // Cached flag indicating whether the ephemeral user policy is enabled. 392 // Defaults to |false| if the value has not been read from trusted device 393 // policy yet. 394 bool ephemeral_users_enabled_; 395 396 // Cached name of device owner. Defaults to empty string if the value has not 397 // been read from trusted device policy yet. 398 std::string owner_email_; 399 400 // Chrome oauth client id and secret - override values for kiosk mode. 401 std::string chrome_client_id_; 402 std::string chrome_client_secret_; 403 404 content::NotificationRegistrar registrar_; 405 406 ObserverList<UserManager::Observer> observer_list_; 407 408 // TODO(nkostylev): Merge with session state refactoring CL. 409 ObserverList<UserManager::UserSessionStateObserver> 410 session_state_observer_list_; 411 412 // User avatar manager. 413 scoped_ptr<UserImageManagerImpl> user_image_manager_; 414 415 // Supervised user manager. 416 scoped_ptr<SupervisedUserManagerImpl> supervised_user_manager_; 417 418 // Session length limiter. 419 scoped_ptr<SessionLengthLimiter> session_length_limiter_; 420 421 typedef std::map<std::string, UserFlow*> FlowMap; 422 423 // Lazy-initialized default flow. 424 mutable scoped_ptr<UserFlow> default_flow_; 425 426 // Specific flows by user e-mail. Keys should be canonicalized before 427 // access. 428 FlowMap specific_flows_; 429 430 // User sessions that have to be restored after browser crash. 431 // [user_id] > [user_id_hash] 432 SessionManagerClient::ActiveSessionsMap pending_user_sessions_; 433 434 // Time at which this object was created. 435 base::TimeTicks manager_creation_time_; 436 437 scoped_ptr<CrosSettings::ObserverSubscription> 438 local_accounts_subscription_; 439 scoped_ptr<CrosSettings::ObserverSubscription> 440 supervised_users_subscription_; 441 442 scoped_ptr<MultiProfileUserController> multi_profile_user_controller_; 443 scoped_ptr<MultiProfileFirstRunNotification> 444 multi_profile_first_run_notification_; 445 446 DISALLOW_COPY_AND_ASSIGN(UserManagerImpl); 447 }; 448 449 } // namespace chromeos 450 451 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_USER_MANAGER_IMPL_H_ 452