blob: d1848f42aa4b43749a2bc97e9866fb04e1b8dac8 [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <string>
#include "base/component_export.h"
#include "base/optional.h"
#include "chromeos/login/auth/challenge_response_key.h"
#include "chromeos/login/auth/key.h"
#include "components/account_id/account_id.h"
#include "components/password_manager/core/browser/password_hash_data.h"
#include "components/user_manager/user_type.h"
class AccountId;
namespace user_manager {
class User;
namespace chromeos {
// Information that is passed around while authentication is in progress. The
// credentials may consist of a |account_id_|, |key_| pair or a GAIA
// |auth_code_|.
// The |user_id_hash_| is used to locate the user's home directory
// mount point for the user. It is set when the mount has been completed.
// The authentication flow used during sign-in.
enum AuthFlow {
// Online authentication against GAIA. GAIA did not redirect to a SAML IdP.
// Online authentication against GAIA. GAIA redirected to a SAML IdP.
// Offline authentication against a cached key.
// Offline authentication using and Easy unlock device (e.g. a phone).
// Authentication against Active Directory server.
UserContext(const UserContext& other);
explicit UserContext(const user_manager::User& user);
UserContext(user_manager::UserType user_type, const AccountId& account_id);
bool operator==(const UserContext& context) const;
bool operator!=(const UserContext& context) const;
const AccountId& GetAccountId() const;
const std::string& GetGaiaID() const;
// Information about the user password - either a plain-text password or a
// its hashed/transformed representation.
const Key* GetKey() const;
Key* GetKey();
// The plain-text user password. Initialized only on enterprise enrolled
// devices. See
const Key* GetPasswordKey() const;
Key* GetMutablePasswordKey();
// The challenge-response keys for user authentication. Currently, such keys
// can't be used simultaneously with the plain-text password keys, so when the
// list stored here is non-empty, both GetKey() and GetPasswordKey() should
// contain empty keys.
const std::vector<ChallengeResponseKey>& GetChallengeResponseKeys() const;
std::vector<ChallengeResponseKey>* GetMutableChallengeResponseKeys();
const std::string& GetAuthCode() const;
const std::string& GetRefreshToken() const;
const std::string& GetAccessToken() const;
const std::string& GetUserIDHash() const;
bool IsUsingOAuth() const;
bool IsUsingPin() const;
bool IsForcingDircrypto() const;
AuthFlow GetAuthFlow() const;
user_manager::UserType GetUserType() const;
const std::string& GetPublicSessionLocale() const;
const std::string& GetPublicSessionInputMethod() const;
const std::string& GetDeviceId() const;
const std::string& GetGAPSCookie() const;
const base::Optional<password_manager::PasswordHashData>&
GetSyncPasswordData() const;
bool HasCredentials() const;
// If this user is under advanced protection.
bool IsUnderAdvancedProtection() const;
void SetAccountId(const AccountId& account_id);
void SetKey(const Key& key);
void SetPasswordKey(const Key& key);
void SetAuthCode(const std::string& auth_code);
void SetRefreshToken(const std::string& refresh_token);
void SetAccessToken(const std::string& access_token);
void SetUserIDHash(const std::string& user_id_hash);
void SetIsUsingOAuth(bool is_using_oauth);
void SetIsUsingPin(bool is_using_pin);
void SetIsForcingDircrypto(bool is_forcing_dircrypto);
void SetAuthFlow(AuthFlow auth_flow);
void SetPublicSessionLocale(const std::string& locale);
void SetPublicSessionInputMethod(const std::string& input_method);
void SetDeviceId(const std::string& device_id);
void SetGAPSCookie(const std::string& gaps_cookie);
void SetSyncPasswordData(
const password_manager::PasswordHashData& sync_password_data);
void SetIsUnderAdvancedProtection(bool is_under_advanced_protection);
void ClearSecrets();
AccountId account_id_;
Key key_;
Key password_key_;
std::vector<ChallengeResponseKey> challenge_response_keys_;
std::string auth_code_;
std::string refresh_token_;
std::string access_token_; // OAuthLogin scoped access token.
std::string user_id_hash_;
bool is_using_oauth_ = true;
bool is_using_pin_ = false;
bool is_forcing_dircrypto_ = false;
AuthFlow auth_flow_ = AUTH_FLOW_OFFLINE;
user_manager::UserType user_type_ = user_manager::USER_TYPE_REGULAR;
std::string public_session_locale_;
std::string public_session_input_method_;
std::string device_id_;
std::string gaps_cookie_;
bool is_under_advanced_protection_ = false;
// For password reuse detection use.
base::Optional<password_manager::PasswordHashData> sync_password_data_;
} // namespace chromeos