Google Git
Sign in
chromium / chromium / src / a564f9a8f42dab296627853806ff4b04ae347250 / . / ios / chrome / browser / signin / authentication_service.h
blob: d6b4535623e9724137a0dba3b48f35ed97262f68 [file] [log] [blame]
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef IOS_CHROME_BROWSER_SIGNIN_AUTHENTICATION_SERVICE_H_
#define IOS_CHROME_BROWSER_SIGNIN_AUTHENTICATION_SERVICE_H_
#include <string>
#include <vector>
#import "base/ios/block_types.h"
#include "base/memory/weak_ptr.h"
#include "base/scoped_observation.h"
#include "components/keyed_service/core/keyed_service.h"
#include "components/pref_registry/pref_registry_syncable.h"
#include "components/signin/public/base/signin_metrics.h"
#include "components/signin/public/identity_manager/consent_level.h"
#include "components/signin/public/identity_manager/identity_manager.h"
#import "ios/chrome/browser/signin/user_approved_account_list_manager.h"
#include "ios/public/provider/chrome/browser/signin/chrome_identity_service.h"
namespace syncer {
class SyncService;
}
class AuthenticationServiceDelegate;
class AuthenticationServiceFake;
class ChromeAccountManagerService;
@class ChromeIdentity;
class PrefService;
class SyncSetupService;
// AuthenticationService is the Chrome interface to the iOS shared
// authentication library.
class AuthenticationService : public KeyedService,
public signin::IdentityManager::Observer,
public ios::ChromeIdentityService::Observer {
public:
AuthenticationService(PrefService* pref_service,
SyncSetupService* sync_setup_service,
ChromeAccountManagerService* account_manager_service,
signin::IdentityManager* identity_manager,
syncer::SyncService* sync_service);
~AuthenticationService() override;
// Registers the preferences used by AuthenticationService;
static void RegisterPrefs(user_prefs::PrefRegistrySyncable* registry);
// Returns whether the AuthenticationService has been initialized. It is
// a fatal error to invoke any method on this object except Initialize()
// if this method returns false.
bool initialized() const { return initialized_; }
// Initializes the AuthenticationService.
void Initialize(std::unique_ptr<AuthenticationServiceDelegate> delegate);
// KeyedService
void Shutdown() override;
// Reminds user to Sign in and sync to Chrome when a new tab is opened.
void SetReauthPromptForSignInAndSync();
// Clears the reminder to Sign in and sync to Chrome when a new tab is opened.
void ResetReauthPromptForSignInAndSync();
// Returns whether user should be prompted to Sign in and sync to Chrome.
bool ShouldReauthPromptForSignInAndSync() const;
// Returns whether the current account list has been approved by the user.
// This method should only be called when there is a primary account.
//
// TODO(crbug.com/1084491): To make sure IsAccountListApprovedByUser()
// a non-stale value, an notification need to be implemented when the SSO
// keychain is reloaded. The user can add/remove an account while Chrome
// is in foreground (with split screen on iPad).
bool IsAccountListApprovedByUser() const;
// Saves the current account list in Chrome as being approved by the user.
// This method should only be called when there is a primary account.
void ApproveAccountList();
// ChromeIdentity management
// Returns true if the user is signed in.
// While the AuthenticationService is in background, this will reload the
// credentials to ensure the value is up to date.
bool HasPrimaryIdentity(signin::ConsentLevel consent_level) const;
// Returns true if the user is signed in.
// While the AuthenticationService is in background, this will reload the
// credentials to ensure the value is up to date.
// DEPRECATED, use HasPrimaryIdentity().
virtual bool IsAuthenticated() const;
// Returns true if the user is signed in and the identity is considered
// managed.
// Virtual for testing.
virtual bool HasPrimaryIdentityManaged(
signin::ConsentLevel consent_level) const;
// Returns true if the user is signed in and the identity is considered
// managed.
// DEPRECATED, use HasPrimaryIdentityManaged().
virtual bool IsAuthenticatedIdentityManaged() const;
// Retrieves the identity of the currently authenticated user or |nil| if
// either the user is not authenticated, or is authenticated through
// ClientLogin.
// Virtual for testing.
virtual ChromeIdentity* GetPrimaryIdentity(
signin::ConsentLevel consent_level) const;
// Retrieves the identity of the currently authenticated user or |nil| if
// either the user is not authenticated, or is authenticated through
// ClientLogin.
// Virtual for testing.
// DEPRECATED, use HasPrimaryIdentityManaged().
virtual ChromeIdentity* GetAuthenticatedIdentity() const;
// Grants signin::ConsentLevel::kSignin to |identity|.
// This method does not set up Sync-the-feature for the identity.
// Virtual for testing.
virtual void SignIn(ChromeIdentity* identity);
// Grants signin::ConsentLevel::kSync to |identity|.
// This starts setting up Sync-the-feature, but the setup will only complete
// once SyncUserSettings::SetFirstSetupComplete() is called.
// Virtual for testing.
virtual void GrantSyncConsent(ChromeIdentity* identity);
// Signs the authenticated user out of Chrome and clears the browsing
// data if the account is managed. If force_clear_browsing_data is true,
// clears the browsing data unconditionally.
// Sync consent is automatically removed from all signed-out accounts.
// Virtual for testing.
virtual void SignOut(signin_metrics::ProfileSignout signout_source,
bool force_clear_browsing_data,
ProceduralBlock completion);
// Returns whether there is a cached associated MDM error for |identity|.
bool HasCachedMDMErrorForIdentity(ChromeIdentity* identity) const;
// Shows the MDM Error dialog for |identity| if it has an associated MDM
// error. Returns true if |identity| had an associated error, false otherwise.
bool ShowMDMErrorDialogForIdentity(ChromeIdentity* identity);
// Resets the ChromeIdentityService observer to the one available in the
// ChromeBrowserProvider. Used for testing when changing the
// ChromeIdentityService to or from a fake one.
void ResetChromeIdentityServiceObserverForTesting();
// Returns a weak pointer of this.
base::WeakPtr<AuthenticationService> GetWeakPtr();
// This needs to be invoked when the application enters foreground to
// sync the accounts between the IdentityManager and the SSO library.
void OnApplicationWillEnterForeground();
private:
friend class AuthenticationServiceTest;
friend class AuthenticationServiceFake;
// Migrates the token service accounts stored in prefs from emails to account
// ids.
void MigrateAccountsStoredInPrefsIfNeeded();
// Returns the cached MDM infos associated with |identity|. If the cache
// is stale for |identity|, the entry might be removed.
NSDictionary* GetCachedMDMInfo(ChromeIdentity* identity) const;
// Handles an MDM notification |user_info| associated with |identity|.
// Returns whether the notification associated with |user_info| was fully
// handled.
bool HandleMDMNotification(ChromeIdentity* identity, NSDictionary* user_info);
// Verifies that the authenticated user is still associated with a valid
// ChromeIdentity. This method must only be called when the user is
// authenticated with the shared authentication library. If there is no valid
// ChromeIdentity associated with the currently authenticated user, or the
// identity is |invalid_identity|, this method will sign the user out.
//
// |invalid_identity| is an additional identity to consider invalid. It can be
// nil if there is no such additional identity to ignore.
//
// |should_prompt| indicates whether the user should be prompted with the
// resign-in infobar if the method signs out.
void HandleForgottenIdentity(ChromeIdentity* invalid_identity,
bool should_prompt);
// Checks if the authenticated identity was removed by calling
// |HandleForgottenIdentity|. Reloads the OAuth2 token service accounts if the
// authenticated identity is still present.
// |keychain_reload| indicates if the identity list has to be reloaded because
// the keychain has changed.
void ReloadCredentialsFromIdentities(bool keychain_reload);
// signin::IdentityManager::Observer implementation.
void OnPrimaryAccountChanged(
const signin::PrimaryAccountChangeEvent& event_details) override;
// ChromeIdentityServiceObserver implementation.
void OnIdentityListChanged(bool keychainReload) override;
void OnAccessTokenRefreshFailed(ChromeIdentity* identity,
NSDictionary* user_info) override;
void OnChromeIdentityServiceWillBeDestroyed() override;
// The delegate for this AuthenticationService. It is invalid to call any
// method on this object except Initialize() or Shutdown() if this pointer
// is null.
std::unique_ptr<AuthenticationServiceDelegate> delegate_;
// Pointer to the KeyedServices used by AuthenticationService.
PrefService* pref_service_ = nullptr;
SyncSetupService* sync_setup_service_ = nullptr;
ChromeAccountManagerService* account_manager_service_ = nullptr;
signin::IdentityManager* identity_manager_ = nullptr;
syncer::SyncService* sync_service_ = nullptr;
// Whether Initialized has been called.
bool initialized_ = false;
// Manager for the approved account list.
UserApprovedAccountListManager user_approved_account_list_manager_;
// Whether the AuthenticationService is currently reloading credentials, used
// to avoid an infinite reloading loop.
bool is_reloading_credentials_ = false;
// Map between account IDs and their associated MDM error.
mutable std::map<CoreAccountId, NSDictionary*> cached_mdm_infos_;
base::ScopedObservation<ios::ChromeIdentityService,
ios::ChromeIdentityService::Observer>
identity_service_observation_{this};
base::ScopedObservation<signin::IdentityManager,
signin::IdentityManager::Observer>
identity_manager_observation_{this};
base::WeakPtrFactory<AuthenticationService> weak_pointer_factory_;
DISALLOW_COPY_AND_ASSIGN(AuthenticationService);
};
#endif // IOS_CHROME_BROWSER_SIGNIN_AUTHENTICATION_SERVICE_H_