blob: 9d2bcc89565e1dbac7a145752d29b779898cd49f [file] [log] [blame]
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module ash.mojom;
import "ash/public/interfaces/user_info.mojom";
import "ash/public/interfaces/login_user_info.mojom";
import "ash/public/interfaces/kiosk_app_info.mojom";
import "chromeos/components/proximity_auth/public/interfaces/auth_type.mojom";
import "components/account_id/interfaces/account_id.mojom";
import "mojo/public/mojom/base/string16.mojom";
import "mojo/public/mojom/base/time.mojom";
// State of the Oobe UI dialog, which is used to update the visibility of login
// shelf buttons.
// This comes from SIGNIN_UI_STATE defined in display_manager.js, with an
// additional value HIDDEN to indicate the visibility of the oobe ui dialog.
enum OobeDialogState {
// Showing other screen, which does not impact the visibility of login shelf
// buttons.
NONE = 0,
// Showing gaia signin screen.
GAIA_SIGNIN = 1,
// 2 is unused to keep in sync with display_manager.js
// Showing wrong hardware identification screen.
WRONG_HWID_WARNING = 3,
// Showing supervised user creation screen.
SUPERVISED_USER_CREATION_FLOW = 4,
// Showing SAML password confirmation screen.
SAML_PASSWORD_CONFIRM = 5,
// Showing password changed screen.
PASSWORD_CHANGED = 6,
// Showing device enrollment screen.
ENROLLMENT = 7,
// Showing error screen.
ERROR = 8,
// Showing sync consent screen.
SYNC_CONSENT = 9,
// Oobe UI dialog is currently hidden.
HIDDEN = 10,
};
// Reason why the auth is disabled. This is used to personalize the UI.
enum AuthDisabledReason {
// Auth is disabled because the device is locked by a time limit override.
TIME_LIMIT_OVERRIDE,
// Auth is disabled because the user has reached their daily usage limit on
// the device.
TIME_USAGE_LIMIT,
// Auth is disabled because the device is within a locked time window.
TIME_WINDOW_LIMIT,
};
// The data needed to customize the lock screen when auth is disabled.
struct AuthDisabledData {
// Reason why auth is disabled.
AuthDisabledReason reason;
// A future time when auth will be enabled. This value is for display purpose
// only, auth won't be automatically enabled when this time is reached.
mojo_base.mojom.Time auth_reenabled_time;
// The amount of time that the user used this device.
mojo_base.mojom.TimeDelta device_used_time;
};
// Allows clients (e.g. the browser process) to send messages to the ash
// login/lock/user-add screens.
interface LoginScreen {
// Sets the client interface.
SetClient(LoginScreenClient client);
// Displays the lock screen. |did_show| is true iff the lock UI was
// successfully displayed.
ShowLockScreen() => (bool did_show);
// Displays the login screen. |did_show| is true iff the login UI was
// successfully displayed.
ShowLoginScreen() => (bool did_show);
// Requests to show error message in the ash lock screen.
// TODO(xiaoyinh): login_attempts is probably not needed from chrome,
// remove it when we start to count the login attempts in ash lock screen.
// |login_attempts|: The number of the login authentication attempts.
// |error_text|: The error text to be shown in lock screen.
// |help_link_text|: The help link to be shown in lock screen.
// |help_topic_id|: The id of the help app topic regarding this error.
ShowErrorMessage(int32 login_attempts,
string error_text,
string help_link_text,
int32 help_topic_id);
// Shows a warning banner message on the login screen. A warning banner is
// used to notify users of important messages before they log in to their
// session. (e.g. Tell the user that an update of the user data will start
// on login)
// |message|: The message to show.
ShowWarningBanner(mojo_base.mojom.String16 message);
// Hide a warning banner if it is displayed.
// TODO(fukino): Ideally chrome-side should not have this level of UI
// control. Make the API simpler and let ash determine the UI behavior.
HideWarningBanner();
// Requests to close any displayed error messages in ash lock screen.
ClearErrors();
// Requests to show the custom icon in the user pod.
// |account_id|: The account id of the user in the user pod.
// |icon|: Information regarding the icon.
ShowUserPodCustomIcon(signin.mojom.AccountId account_id,
EasyUnlockIconOptions icon);
// Requests to hide the custom icon in the user pod.
// |account_id|: The account id of the user in the user pod.
HideUserPodCustomIcon(signin.mojom.AccountId account_id);
// Requests to set the authentication type.
// |account_id|: The account id of the user in the user pod.
// |auth_type|: Authentication type.
// |initial_value|: A message shown in the password field of the user pod.
SetAuthType(signin.mojom.AccountId account_id,
proximity_auth.mojom.AuthType auth_type,
mojo_base.mojom.String16 initial_value);
// Set the users who are displayed on the login UI. |users| is filtered
// and does not correspond to every user on the device.
SetUserList(array<LoginUserInfo> users);
// Notification if pin is enabled or disabled for the given user.
// |account_id|: The account id of the user in the user pod.
// |is_enabled|: True if pin unlock is enabled.
SetPinEnabledForUser(signin.mojom.AccountId account_id, bool is_enabled);
// Update the status of fingerprint for |account_id|.
SetFingerprintState(signin.mojom.AccountId account_id,
FingerprintState state);
// Called after a fingerprint authentication attempt has been made. If
// |successful| is true, then the fingerprint authentication attempt was
// successful and the device should be unlocked. If false, an error message
// should be shown to the user.
NotifyFingerprintAuthResult(signin.mojom.AccountId account_id,
bool successful);
// Change the user's avatar. Some avatars may take a long time to load and the
// login screen may already be visible.
SetAvatarForUser(signin.mojom.AccountId account_id, UserAvatar avatar);
// Called when auth should be enabled for the given user. When auth is
// disabled, the user cannot unlock the device. Auth is enabled by default.
// |account_id|: The account id of the user in the user pod.
EnableAuthForUser(signin.mojom.AccountId account_id);
// Called when auth should be disabled for the given user. When auth is
// disabled, the user cannot unlock the device. Auth is enabled by default.
// |account_id|: The account id of the user in the user pod.
// |auth_disabled_data|: The data needed to customize the lock screen UI.
DisableAuthForUser(signin.mojom.AccountId account_id,
AuthDisabledData auth_disabled_data);
// Called when focus is reported to be leaving a lock screen app window.
// Requests focus to be handed off to the next suitable widget.
// |reverse|: Whether the tab order is reversed.
HandleFocusLeavingLockScreenApps(bool reverse);
// Called when new system information is available.
// |show_if_hidden|: If true, the system information should be displayed to
// the user if it is currently hidden. If false, the system
// information should remain hidden if not already shown.
// Hidden system information can be shown by pressing alt-v.
// |os_version_label_text|: The OS version.
// |enterprise_info_text|: The enterprise info.
// |bluetooth_name|: The name of the bluetooth adapter.
SetSystemInfo(bool show_if_hidden,
string os_version_label_text,
string enterprise_info_text,
string bluetooth_name);
// Check if the login/lock screen is ready for a password.
IsReadyForPassword() => (bool is_ready);
// Set the public session display name for user with |account_id|.
SetPublicSessionDisplayName(signin.mojom.AccountId account_id,
string display_name);
// Set the public session locales for user with |account_id|.
// |locales|: Available locales for this user.
// |default_locale|: Default locale for this user.
// |show_advanced_view|: True if we should show the advanced expanded user
// view for the public session.
SetPublicSessionLocales(signin.mojom.AccountId account_id,
array<LocaleItem> locales,
string default_locale,
bool show_advanced_view);
// Set the public session keyboard layouts for user with |account_id|.
// |locale|: The locale that |keyboard_layouts| can be used for.
SetPublicSessionKeyboardLayouts(signin.mojom.AccountId account_id,
string locale,
array<InputMethodItem> keyboard_layouts);
// Sets whether full management disclosure is needed for the public/managed
// session login screen.
SetPublicSessionShowFullManagementDisclosure(
bool show_full_management_disclosure);
// Update the kiosk app data for the login screen.
// Returns true on success.
SetKioskApps(array<KioskAppInfo> kiosk_apps) => (bool success);
// Display a toast describing the latest kiosk app launch error.
ShowKioskAppError(string message);
// Called when the dialog hosting oobe has changed state. The oobe dialog
// provides support for any part of login that is implemented in JS/HTML, such
// as add user or powerwash.
NotifyOobeDialogState(OobeDialogState state);
// Sets whether users can be added from the login screen.
SetAddUserButtonEnabled(bool enable);
// Sets whether shutdown button is enabled in the login screen.
SetShutdownButtonEnabled(bool enable);
// Sets if the guest button on the login shelf can be shown. Even if set to
// true the button may still not be visible.
SetAllowLoginAsGuest(bool allow_guest);
// Sets if the guest button on the login shelf can be shown during OOBE.
SetShowGuestButtonInOobe(bool show);
// Sets whether parent access button can be shown on the login shelf.
SetShowParentAccessButton(bool show);
// Sets whether parent access code input dialog is shown on the lock screen.
SetShowParentAccessDialog(bool show);
// Transitions focus to the shelf area. If |reverse|, focuses the status area.
FocusLoginShelf(bool reverse);
};
// Allows ash lock screen to control a client (e.g. Chrome browser). Requests
// often involve preferences or talk to cryptohome that is not available to ash.
interface LoginScreenClient {
// Attempt to authenticate a user with a password or PIN.
//
// If auth succeeds:
// chrome will hide the lock screen and clear any displayed error messages.
// If auth fails:
// chrome will request lock screen to show error messages.
// |account_id|: The AccountId to authenticate against.
// |password|: The submitted password.
// |authenticated_by_pin|: True if we are using pin to authenticate.
//
// The result will be set to true if auth was successful, false if not.
//
// TODO(jdufault): Extract authenticated_by_pin into a separate mojom method,
// similar to the other Authenticate* methods
AuthenticateUserWithPasswordOrPin(
signin.mojom.AccountId account_id,
string password,
bool authenticated_by_pin) => (bool auth_success);
// Attempt to authenticate the user with with an external binary.
AuthenticateUserWithExternalBinary(signin.mojom.AccountId account_id)
=> (bool auth_success);
// Attempt to enroll a user in the external binary authentication system.
EnrollUserWithExternalBinary() => (bool enrollment_success);
// Try to authenticate |account_id| using easy unlock. This can be used on the
// login or lock screen.
// |account_id|: The account id of the user we are authenticating.
//
// TODO(jdufault): Refactor this method to return an auth_success, similar to
// the other auth methods above.
AuthenticateUserWithEasyUnlock(signin.mojom.AccountId account_id);
// Validates parent access code for the user identified by |account_id|.
// Passes validation result in the callback.
// Note: This should only be used for child user.
ValidateParentAccessCode(
signin.mojom.AccountId account_id,
string access_code) => (bool access_code_valid);
// Request to hard lock the user pod.
// |account_id|: The account id of the user in the user pod.
HardlockPod(signin.mojom.AccountId account_id);
// Focus user pod of user with |account_id|.
OnFocusPod(signin.mojom.AccountId account_id);
// Notify that no user pod is focused.
OnNoPodFocused();
// Load wallpaper of user with |account_id|.
LoadWallpaper(signin.mojom.AccountId account_id);
// Sign out current user.
SignOutUser();
// Close add user screen.
CancelAddUser();
// Launches guest mode.
LoginAsGuest();
// User with |account_id| has reached maximum incorrect password attempts.
OnMaxIncorrectPasswordAttempted(signin.mojom.AccountId account_id);
// Should pass the focus to the active lock screen app window, if there is
// one. This is called when a lock screen app is reported to be active (using
// tray_action mojo interface), and is next in the tab order.
// |HandleFocusLeavingLockScreenApps| should be called to return focus to the
// lock screen.
// |reverse|: Whether the tab order is reversed.
FocusLockScreenApps(bool reverse);
// Passes focus to the OOBE dialog if it is showing. No-op otherwise.
FocusOobeDialog();
// Show the gaia sign-in dialog. If |can_close| is true, the dialog can be
// closed. The value in |prefilled_account| will be used to prefill the
// sign-in dialog so the user does not need to type the account email.
ShowGaiaSignin(bool can_close, signin.mojom.AccountId? prefilled_account);
// Notification that the remove user warning was shown.
OnRemoveUserWarningShown();
// Try to remove |account_id|.
RemoveUser(signin.mojom.AccountId account_id);
// Launch a public session for user with |account_id|.
// |locale|: Locale for this user.
// The value is language code like "en-US", "zh-CN"
// |input_method|: Input method for this user.
// This is the id of InputMethodDescriptor like
// "t:latn-post", "pinyin".
LaunchPublicSession(signin.mojom.AccountId account_id,
string locale,
string input_method);
// Request public session keyboard layouts for user with |account_id|.
// This function send a request to chrome and the result will be returned by
// SetPublicSessionKeyboardLayouts.
// |locale|: Request a list of keyboard layouts that can be used by this
// locale.
RequestPublicSessionKeyboardLayouts(signin.mojom.AccountId account_id,
string locale);
// Request to show a feedback report dialog in chrome.
ShowFeedback();
// Launch the specific kiosk app.
LaunchKioskApp(string app_id);
// Launch the specific ARC++ kiosk app.
LaunchArcKioskApp(signin.mojom.AccountId account_id);
// Show the powerwash (device reset) dialog.
ShowResetScreen();
// Show the help app for when users have trouble signing in to their account.
ShowAccountAccessHelpApp();
// Called when the keyboard focus is about to leave from the sytem tray in
// the login screen / OOBE. |reverse| is true when the focus moves in the
// reversed direction.
OnFocusLeavingSystemTray(bool reverse);
// Used by Ash to signal that user activity occurred on the login screen.
OnUserActivity();
};