chrome/browser/ash/login/easy_unlock/easy_unlock_service.h

// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_ASH_LOGIN_EASY_UNLOCK_EASY_UNLOCK_SERVICE_H_
#define CHROME_BROWSER_ASH_LOGIN_EASY_UNLOCK_EASY_UNLOCK_SERVICE_H_

#include <memory>
#include <set>
#include <string>

#include "base/functional/callback_forward.h"
#include "base/memory/raw_ptr.h"
#include "base/memory/weak_ptr.h"
#include "build/build_config.h"
#include "chrome/browser/ash/login/easy_unlock/chrome_proximity_auth_client.h"
#include "chrome/browser/ash/login/easy_unlock/easy_unlock_auth_attempt.h"
#include "chrome/browser/ash/login/easy_unlock/easy_unlock_metrics.h"
#include "chrome/browser/ash/login/easy_unlock/smartlock_state_handler.h"
#include "chromeos/ash/components/multidevice/remote_device_ref.h"
#include "chromeos/ash/components/proximity_auth/smart_lock_metrics_recorder.h"
#include "components/keyed_service/core/keyed_service.h"

class AccountId;

namespace user_manager {
class User;
}

namespace user_prefs {
class PrefRegistrySyncable;
}

namespace proximity_auth {
class ProximityAuthPrefManager;
class ProximityAuthSystem;
}  // namespace proximity_auth

class Profile;

namespace ash {

enum class SmartLockState;

namespace secure_channel {
class SecureChannelClient;
}

class EasyUnlockService : public KeyedService,
                          public proximity_auth::ScreenlockBridge::Observer {
 public:
  // Gets EasyUnlockService instance.
  static EasyUnlockService* Get(Profile* profile);

  // Gets EasyUnlockService instance associated with a user if the user is
  // logged in and their profile is initialized.
  static EasyUnlockService* GetForUser(const user_manager::User& user);

  EasyUnlockService(const EasyUnlockService&) = delete;
  EasyUnlockService& operator=(const EasyUnlockService&) = delete;

  // Registers Easy Unlock profile preferences.
  static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);

  // Returns the ProximityAuthPrefManager, responsible for managing all
  // EasyUnlock preferences.
  virtual proximity_auth::ProximityAuthPrefManager*
  GetProximityAuthPrefManager();

  // Returns the user currently associated with the service.
  virtual AccountId GetAccountId() const = 0;

  // Sets the service up and schedules service initialization.
  void Initialize();

  // Whether easy unlock is allowed to be used. If the controlling preference
  // is set (from policy), this returns the preference value. Otherwise, it is
  // permitted if the flag is enabled. Virtual to allow override for testing.
  virtual bool IsAllowed() const;

  // Whether Easy Unlock is currently enabled for this user. Virtual to allow
  // override for testing.
  virtual bool IsEnabled() const;

  // To be called when EasyUnlockService is "warming up", for example, on screen
  // lock, after suspend, when the login screen is starting up, etc. During a
  // period like this, not all sub-systems are fully initialized, particularly
  // UnlockManager and the Bluetooth stack, so to avoid UI jank, callers can use
  // this method to fill in the UI with an approximation of what the UI will
  // look like in <1 second. The resulting initial state will be one of two
  // possibilities:
  //   * SmartLockState::kConnectingToPhone: if the feature is allowed, enabled,
  //     and has kicked off a scan/connection.
  //   * SmartLockState::kDisabled: if any values above can't be confirmed.
  virtual SmartLockState GetInitialSmartLockState() const;

  // Updates the user pod on the signin/lock screen for the user associated with
  // the service to reflect the provided Smart Lock state.
  void UpdateSmartLockState(SmartLockState state);

  // Starts an auth attempt for the user associated with the service. The
  // attempt type (unlock vs. signin) will depend on the service type. Returns
  // true if no other attempt is in progress and the attempt request can be
  // processed.
  bool AttemptAuth(const AccountId& account_id);

  // Finalizes the previously started auth attempt for easy unlock. If called on
  // signin profile service, it will cancel the current auth attempt if one
  // exists.
  void FinalizeUnlock(bool success);

  // Handles Easy Unlock auth failure for the user.
  void HandleAuthFailure(const AccountId& account_id);

  ChromeProximityAuthClient* proximity_auth_client() {
    return &proximity_auth_client_;
  }

  // The last value emitted to the SmartLock.GetRemoteStatus.Unlock(.Failure)
  // metrics. Helps to understand whether/why not Smart Lock was an available
  // choice for unlock. Returns the empty string if the ProximityAuthSystem or
  // the UnlockManager is uninitialized.
  std::string GetLastRemoteStatusUnlockForLogging();

  // Retrieves the remote device list stored for the account in
  // |proximity_auth_system_|.
  const multidevice::RemoteDeviceRefList GetRemoteDevicesForTesting() const;

 protected:
  EasyUnlockService(Profile* profile,
                    secure_channel::SecureChannelClient* secure_channel_client);
  ~EasyUnlockService() override;

  // Does a service type specific initialization.
  virtual void InitializeInternal() = 0;

  // Does a service type specific shutdown. Called from `Shutdown`.
  virtual void ShutdownInternal() = 0;

  // Service type specific tests for whether the service is allowed. Returns
  // false if service is not allowed. If true is returned, the service may still
  // not be allowed if common tests fail (e.g. if Bluetooth is not available).
  virtual bool IsAllowedInternal() const = 0;

  // Called when the local device resumes after a suspend.
  virtual void OnSuspendDoneInternal() = 0;

  // Called when the user enters password before easy unlock succeeds or fails
  // definitively.
  virtual void OnUserEnteredPassword();

  // KeyedService:
  void Shutdown() override;

  // proximity_auth::ScreenlockBridge::Observer:
  void OnScreenDidLock(proximity_auth::ScreenlockBridge::LockHandler::ScreenType
                           screen_type) override;
  void OnScreenDidUnlock(
      proximity_auth::ScreenlockBridge::LockHandler::ScreenType screen_type)
      override = 0;
  void OnFocusedUserChanged(const AccountId& account_id) override = 0;

  // Exposes the profile to which the service is attached to subclasses.
  Profile* profile() const { return profile_; }

  // Checks whether Easy unlock should be running and updates app state.
  void UpdateAppState();

  // Fill in the UI with the state returned by GetInitialSmartLockState().
  void ShowInitialSmartLockState();

  // Resets the Smart Lock state set by this service.
  void ResetSmartLockState();

  const SmartLockStateHandler* smartlock_state_handler() const {
    return smartlock_state_handler_.get();
  }

  // Returns the authentication event for a recent password sign-in or unlock,
  // according to the current state of the service.
  EasyUnlockAuthEvent GetPasswordAuthEvent() const;

  // Returns the authentication event for a recent password sign-in or unlock,
  // according to the current state of the service.
  SmartLockMetricsRecorder::SmartLockAuthEventPasswordState
  GetSmartUnlockPasswordAuthEvent() const;

  // Called by subclasses when remote devices allowed to unlock the screen
  // are loaded for `account_id`.
  void SetProximityAuthDevices(
      const AccountId& account_id,
      const multidevice::RemoteDeviceRefList& remote_devices,
      absl::optional<multidevice::RemoteDeviceRef> local_device);

  bool will_authenticate_using_easy_unlock() const {
    return will_authenticate_using_easy_unlock_;
  }

  void set_will_authenticate_using_easy_unlock(
      bool will_authenticate_using_easy_unlock) {
    will_authenticate_using_easy_unlock_ = will_authenticate_using_easy_unlock;
  }

 private:
  // True if the user just authenticated using Easy Unlock. Reset once
  // the screen signs in/unlocks. Used to distinguish Easy Unlock-powered
  // signins/unlocks from password-based unlocks for metrics.
  bool will_authenticate_using_easy_unlock_ = false;

  // Gets `smartlock_state_handler_`. Returns NULL if Easy Unlock is not
  // allowed. Otherwise, if `smartlock_state_handler_` is not set, an instance
  // is created. Do not cache the returned value, as it may go away if Easy
  // Unlock gets disabled.
  SmartLockStateHandler* GetSmartLockStateHandler();

  // Updates the service to state for handling system suspend.
  void PrepareForSuspend();

  // Called when the system resumes from a suspended state.
  void OnSuspendDone();

  // Determines whether failure to unlock with phone should be handled as an
  // authentication failure.
  bool IsSmartLockStateValidOnRemoteAuthFailure() const;

  void NotifySmartLockAuthResult(bool success);

  const raw_ptr<Profile, ExperimentalAsh> profile_;
  raw_ptr<secure_channel::SecureChannelClient, ExperimentalAsh>
      secure_channel_client_;

  ChromeProximityAuthClient proximity_auth_client_;

  // Created lazily in `GetSmartLockStateHandler`.
  std::unique_ptr<SmartLockStateHandler> smartlock_state_handler_;

  absl::optional<SmartLockState> smart_lock_state_;

  // The handler for the current auth attempt. Set iff an auth attempt is in
  // progress.
  std::unique_ptr<EasyUnlockAuthAttempt> auth_attempt_;

  // Handles connecting, authenticating, and updating the UI on the lock/sign-in
  // screen. After a `RemoteDeviceRef` instance is provided, this object will
  // handle the rest.
  std::unique_ptr<proximity_auth::ProximityAuthSystem> proximity_auth_system_;

  // Monitors suspend and wake state of ChromeOS.
  class PowerMonitor;
  std::unique_ptr<PowerMonitor> power_monitor_;

  // Whether the service has been shut down.
  bool shut_down_;

  base::WeakPtrFactory<EasyUnlockService> weak_ptr_factory_{this};
};

}  // namespace ash

#endif  // CHROME_BROWSER_ASH_LOGIN_EASY_UNLOCK_EASY_UNLOCK_SERVICE_H_