blob: 422cccd30d418ea7d0d1400927837e9e2eb3f5a8 [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROMEOS_LOGIN_AUTH_AUTHENTICATOR_H_
#define CHROMEOS_LOGIN_AUTH_AUTHENTICATOR_H_
#include <string>
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "chromeos/chromeos_export.h"
#include "chromeos/login/auth/auth_status_consumer.h"
#include "google_apis/gaia/gaia_auth_consumer.h"
class AccountId;
namespace content {
class BrowserContext;
}
namespace chromeos {
class UserContext;
// An interface for objects that will authenticate a Chromium OS user.
// Callbacks will be called on the UI thread:
// 1. On successful authentication, will call consumer_->OnAuthSuccess().
// 2. On failure, will call consumer_->OnAuthFailure().
// 3. On password change, will call consumer_->OnPasswordChangeDetected().
class CHROMEOS_EXPORT Authenticator
: public base::RefCountedThreadSafe<Authenticator> {
public:
explicit Authenticator(AuthStatusConsumer* consumer);
// Given externally authenticated username and password (part of
// |user_context|), this method attempts to complete authentication process.
virtual void CompleteLogin(content::BrowserContext* browser_context,
const UserContext& user_context) = 0;
// Given a user credentials in |user_context|,
// this method attempts to authenticate to login.
// Must be called on the UI thread.
virtual void AuthenticateToLogin(content::BrowserContext* browser_context,
const UserContext& user_context) = 0;
// Given a user credentials in |user_context|, this method attempts to
// authenticate to unlock the computer.
// Must be called on the UI thread.
virtual void AuthenticateToUnlock(const UserContext& user_context) = 0;
// Initiates supervised user login.
virtual void LoginAsSupervisedUser(const UserContext& user_context) = 0;
// Initiates incognito ("browse without signing in") login.
virtual void LoginOffTheRecord() = 0;
// Initiates login into the public account identified by |user_context|.
virtual void LoginAsPublicSession(const UserContext& user_context) = 0;
// Initiates login into kiosk mode account identified by |app_account_id|.
// The |app_account_id| is a generated account id for the account.
// |use_guest_mount| specifies whether to force the session to use a
// guest mount. If this is false, we use mount a public cryptohome.
virtual void LoginAsKioskAccount(const AccountId& app_account_id,
bool use_guest_mount) = 0;
// Notifies caller that login was successful. Must be called on the UI thread.
virtual void OnAuthSuccess() = 0;
// Must be called on the UI thread.
virtual void OnAuthFailure(const AuthFailure& error) = 0;
// Call these methods on the UI thread.
// If a password logs the user in online, but cannot be used to
// mount his cryptohome, we expect that a password change has
// occurred.
// Call this method to migrate the user's encrypted data
// forward to use his new password. |old_password| is the password
// his data was last encrypted with.
virtual void RecoverEncryptedData(const std::string& old_password) = 0;
// Call this method to erase the user's encrypted data
// and create a new cryptohome.
virtual void ResyncEncryptedData() = 0;
// BrowserContext (usually off the record) that was used to perform the last
// authentication process.
content::BrowserContext* authentication_context() {
return authentication_context_;
}
// Sets consumer explicitly.
void SetConsumer(AuthStatusConsumer* consumer);
protected:
virtual ~Authenticator();
AuthStatusConsumer* consumer_;
content::BrowserContext* authentication_context_;
private:
friend class base::RefCountedThreadSafe<Authenticator>;
DISALLOW_COPY_AND_ASSIGN(Authenticator);
};
} // namespace chromeos
#endif // CHROMEOS_LOGIN_AUTH_AUTHENTICATOR_H_