blob: 23ae871a6e7d80e24ce349eb7050af064ad6bce2 [file] [log] [blame]
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <memory>
#include "base/callback.h"
#include "base/macros.h"
#include "base/optional.h"
#include "base/time/clock.h"
#include "base/time/time.h"
#include "chrome/browser/password_manager/reauth_purpose.h"
// This class takes care of reauthentication used for accessing passwords
// through the settings page. It is used on all platforms but iOS and Android
// (see //ios/chrome/browser/ui/settings/reauthentication_module.* for iOS and
// and in
// chrome/android/java/src/org/chromium/chrome/browser/preferences/password/
// for Android).
class PasswordAccessAuthenticator {
using ReauthCallback =
// For how long after the last successful authentication a user is considered
// authenticated without repeating the challenge.
constexpr static int kAuthValidityPeriodSeconds = 60;
// |os_reauth_call| is passed to |os_reauth_call_|, see the latter for
// explanation.
explicit PasswordAccessAuthenticator(ReauthCallback os_reauth_call);
// Returns whether the user is able to pass the authentication challenge,
// which is represented by |os_reauth_call_| returning true. A successful
// result of |os_reauth_call_| is cached for |kAuthValidityPeriodSeconds|
// seconds.
bool EnsureUserIsAuthenticated(password_manager::ReauthPurpose purpose);
// Presents the reauthentication challenge to the user and returns whether
// the user passed the challenge. This call is guaranteed to present the
// challenge to the user.
bool ForceUserReauthentication(password_manager::ReauthPurpose purpose);
// Use this in tests to mock the OS-level reauthentication.
void SetOsReauthCallForTesting(ReauthCallback os_reauth_call);
// Use this to manipulate time in tests.
void SetClockForTesting(base::Clock* clock);
// The last time the user was successfully authenticated.
base::Optional<base::Time> last_authentication_time_;
// Used to measure the time since the last authentication.
base::Clock* clock_;
// Used to directly present the authentication challenge (such as the login
// prompt) to the user.
ReauthCallback os_reauth_call_;