Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 1 | // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "chrome/browser/chromeos/login/auth/login_performer.h" |
| 6 | |
| 7 | #include "base/bind.h" |
| 8 | #include "base/logging.h" |
| 9 | #include "base/message_loop/message_loop.h" |
| 10 | #include "base/metrics/histogram.h" |
| 11 | #include "base/prefs/pref_service.h" |
| 12 | #include "base/strings/utf_string_conversions.h" |
| 13 | #include "base/threading/thread_restrictions.h" |
| 14 | #include "chrome/browser/browser_process.h" |
| 15 | #include "chrome/browser/chrome_notification_types.h" |
| 16 | #include "chrome/browser/chromeos/boot_times_loader.h" |
| 17 | #include "chrome/browser/chromeos/login/login_utils.h" |
Torne (Richard Coles) | 5f1c943 | 2014-08-12 13:47:38 +0100 | [diff] [blame] | 18 | #include "chrome/browser/chromeos/login/supervised/supervised_user_authentication.h" |
| 19 | #include "chrome/browser/chromeos/login/supervised/supervised_user_constants.h" |
| 20 | #include "chrome/browser/chromeos/login/supervised/supervised_user_login_flow.h" |
Torne (Richard Coles) | 6e8cce6 | 2014-08-19 13:00:08 +0100 | [diff] [blame^] | 21 | #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 22 | #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 23 | #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
| 24 | #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" |
| 25 | #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 26 | #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 27 | #include "chrome/common/pref_names.h" |
| 28 | #include "chromeos/dbus/dbus_thread_manager.h" |
| 29 | #include "chromeos/dbus/session_manager_client.h" |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 30 | #include "chromeos/login/user_names.h" |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 31 | #include "chromeos/settings/cros_settings_names.h" |
Torne (Richard Coles) | 6e8cce6 | 2014-08-19 13:00:08 +0100 | [diff] [blame^] | 32 | #include "components/user_manager/user_manager.h" |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 33 | #include "content/public/browser/browser_thread.h" |
| 34 | #include "content/public/browser/notification_service.h" |
| 35 | #include "content/public/browser/notification_types.h" |
| 36 | #include "content/public/browser/user_metrics.h" |
| 37 | #include "google_apis/gaia/gaia_auth_util.h" |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 38 | #include "net/cookies/cookie_monster.h" |
| 39 | #include "net/cookies/cookie_store.h" |
| 40 | #include "net/url_request/url_request_context.h" |
| 41 | #include "net/url_request/url_request_context_getter.h" |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 42 | |
| 43 | using base::UserMetricsAction; |
| 44 | using content::BrowserThread; |
| 45 | |
| 46 | namespace chromeos { |
| 47 | |
| 48 | LoginPerformer::LoginPerformer(Delegate* delegate) |
| 49 | : online_attempt_host_(this), |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 50 | last_login_failure_(AuthFailure::AuthFailureNone()), |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 51 | delegate_(delegate), |
| 52 | password_changed_(false), |
| 53 | password_changed_callback_count_(0), |
| 54 | auth_mode_(AUTH_MODE_INTERNAL), |
| 55 | weak_factory_(this) { |
| 56 | } |
| 57 | |
| 58 | LoginPerformer::~LoginPerformer() { |
| 59 | DVLOG(1) << "Deleting LoginPerformer"; |
| 60 | if (authenticator_.get()) |
| 61 | authenticator_->SetConsumer(NULL); |
| 62 | if (extended_authenticator_.get()) |
| 63 | extended_authenticator_->SetConsumer(NULL); |
| 64 | } |
| 65 | |
| 66 | //////////////////////////////////////////////////////////////////////////////// |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 67 | // LoginPerformer, AuthStatusConsumer implementation: |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 68 | |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 69 | void LoginPerformer::OnAuthFailure(const AuthFailure& failure) { |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 70 | content::RecordAction(UserMetricsAction("Login_Failure")); |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 71 | UMA_HISTOGRAM_ENUMERATION("Login.FailureReason", |
| 72 | failure.reason(), |
| 73 | AuthFailure::NUM_FAILURE_REASONS); |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 74 | |
| 75 | DVLOG(1) << "failure.reason " << failure.reason(); |
| 76 | DVLOG(1) << "failure.error.state " << failure.error().state(); |
| 77 | |
| 78 | last_login_failure_ = failure; |
| 79 | if (delegate_) { |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 80 | delegate_->OnAuthFailure(failure); |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 81 | return; |
| 82 | } else { |
| 83 | // COULD_NOT_MOUNT_CRYPTOHOME, COULD_NOT_MOUNT_TMPFS: |
| 84 | // happens during offline auth only. |
| 85 | NOTREACHED(); |
| 86 | } |
| 87 | } |
| 88 | |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 89 | void LoginPerformer::OnRetailModeAuthSuccess(const UserContext& user_context) { |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 90 | content::RecordAction( |
| 91 | UserMetricsAction("Login_DemoUserLoginSuccess")); |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 92 | AuthStatusConsumer::OnRetailModeAuthSuccess(user_context); |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 93 | } |
| 94 | |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 95 | void LoginPerformer::OnAuthSuccess(const UserContext& user_context) { |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 96 | content::RecordAction(UserMetricsAction("Login_Success")); |
| 97 | VLOG(1) << "LoginSuccess hash: " << user_context.GetUserIDHash(); |
| 98 | DCHECK(delegate_); |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 99 | // After delegate_->OnAuthSuccess(...) is called, delegate_ releases |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 100 | // LoginPerformer ownership. LP now manages it's lifetime on its own. |
| 101 | base::MessageLoop::current()->DeleteSoon(FROM_HERE, this); |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 102 | delegate_->OnAuthSuccess(user_context); |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 103 | } |
| 104 | |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 105 | void LoginPerformer::OnOffTheRecordAuthSuccess() { |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 106 | content::RecordAction( |
| 107 | UserMetricsAction("Login_GuestLoginSuccess")); |
| 108 | |
| 109 | if (delegate_) |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 110 | delegate_->OnOffTheRecordAuthSuccess(); |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 111 | else |
| 112 | NOTREACHED(); |
| 113 | } |
| 114 | |
| 115 | void LoginPerformer::OnPasswordChangeDetected() { |
| 116 | password_changed_ = true; |
| 117 | password_changed_callback_count_++; |
| 118 | if (delegate_) { |
| 119 | delegate_->OnPasswordChangeDetected(); |
| 120 | } else { |
| 121 | NOTREACHED(); |
| 122 | } |
| 123 | } |
| 124 | |
| 125 | void LoginPerformer::OnChecked(const std::string& username, bool success) { |
| 126 | if (!delegate_) { |
| 127 | // Delegate is reset in case of successful offline login. |
Ben Murdoch | 116680a | 2014-07-20 18:25:52 -0700 | [diff] [blame] | 128 | // See ExistingUserConstoller::OnAuthSuccess(). |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 129 | // Case when user has changed password and enters old password |
| 130 | // does not block user from sign in yet. |
| 131 | return; |
| 132 | } |
| 133 | delegate_->OnOnlineChecked(username, success); |
| 134 | } |
| 135 | |
| 136 | //////////////////////////////////////////////////////////////////////////////// |
| 137 | // LoginPerformer, public: |
| 138 | |
| 139 | void LoginPerformer::PerformLogin(const UserContext& user_context, |
| 140 | AuthorizationMode auth_mode) { |
| 141 | auth_mode_ = auth_mode; |
| 142 | user_context_ = user_context; |
| 143 | |
| 144 | CrosSettings* cros_settings = CrosSettings::Get(); |
| 145 | |
| 146 | // Whitelist check is always performed during initial login. |
| 147 | CrosSettingsProvider::TrustedStatus status = |
| 148 | cros_settings->PrepareTrustedValues( |
| 149 | base::Bind(&LoginPerformer::PerformLogin, |
| 150 | weak_factory_.GetWeakPtr(), |
| 151 | user_context_, auth_mode)); |
| 152 | // Must not proceed without signature verification. |
| 153 | if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) { |
| 154 | if (delegate_) |
| 155 | delegate_->PolicyLoadFailed(); |
| 156 | else |
| 157 | NOTREACHED(); |
| 158 | return; |
| 159 | } else if (status != CrosSettingsProvider::TRUSTED) { |
| 160 | // Value of AllowNewUser setting is still not verified. |
| 161 | // Another attempt will be invoked after verification completion. |
| 162 | return; |
| 163 | } |
| 164 | |
| 165 | bool wildcard_match = false; |
| 166 | std::string email = gaia::CanonicalizeEmail(user_context.GetUserID()); |
| 167 | bool is_whitelisted = LoginUtils::IsWhitelisted(email, &wildcard_match); |
| 168 | if (is_whitelisted) { |
| 169 | switch (auth_mode_) { |
| 170 | case AUTH_MODE_EXTENSION: { |
| 171 | // On enterprise devices, reconfirm login permission with the server. |
| 172 | policy::BrowserPolicyConnectorChromeOS* connector = |
| 173 | g_browser_process->platform_part() |
| 174 | ->browser_policy_connector_chromeos(); |
| 175 | if (connector->IsEnterpriseManaged() && wildcard_match && |
| 176 | !connector->IsNonEnterpriseUser(email)) { |
| 177 | wildcard_login_checker_.reset(new policy::WildcardLoginChecker()); |
| 178 | wildcard_login_checker_->Start( |
| 179 | ProfileHelper::GetSigninProfile()->GetRequestContext(), |
| 180 | base::Bind(&LoginPerformer::OnlineWildcardLoginCheckCompleted, |
| 181 | weak_factory_.GetWeakPtr())); |
| 182 | } else { |
| 183 | StartLoginCompletion(); |
| 184 | } |
| 185 | break; |
| 186 | } |
| 187 | case AUTH_MODE_INTERNAL: |
| 188 | StartAuthentication(); |
| 189 | break; |
| 190 | } |
| 191 | } else { |
| 192 | if (delegate_) |
| 193 | delegate_->WhiteListCheckFailed(user_context.GetUserID()); |
| 194 | else |
| 195 | NOTREACHED(); |
| 196 | } |
| 197 | } |
| 198 | |
Torne (Richard Coles) | 5f1c943 | 2014-08-12 13:47:38 +0100 | [diff] [blame] | 199 | void LoginPerformer::LoginAsSupervisedUser( |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 200 | const UserContext& user_context) { |
Torne (Richard Coles) | 5f1c943 | 2014-08-12 13:47:38 +0100 | [diff] [blame] | 201 | DCHECK_EQ(chromeos::login::kSupervisedUserDomain, |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 202 | gaia::ExtractDomainName(user_context.GetUserID())); |
| 203 | |
| 204 | CrosSettings* cros_settings = CrosSettings::Get(); |
| 205 | CrosSettingsProvider::TrustedStatus status = |
| 206 | cros_settings->PrepareTrustedValues( |
Torne (Richard Coles) | 5f1c943 | 2014-08-12 13:47:38 +0100 | [diff] [blame] | 207 | base::Bind(&LoginPerformer::LoginAsSupervisedUser, |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 208 | weak_factory_.GetWeakPtr(), |
| 209 | user_context_)); |
| 210 | // Must not proceed without signature verification. |
| 211 | if (status == CrosSettingsProvider::PERMANENTLY_UNTRUSTED) { |
| 212 | if (delegate_) |
| 213 | delegate_->PolicyLoadFailed(); |
| 214 | else |
| 215 | NOTREACHED(); |
| 216 | return; |
| 217 | } else if (status != CrosSettingsProvider::TRUSTED) { |
| 218 | // Value of kAccountsPrefSupervisedUsersEnabled setting is still not |
| 219 | // verified. Another attempt will be invoked after verification completion. |
| 220 | return; |
| 221 | } |
| 222 | |
Torne (Richard Coles) | 6e8cce6 | 2014-08-19 13:00:08 +0100 | [diff] [blame^] | 223 | if (!user_manager::UserManager::Get()->AreSupervisedUsersAllowed()) { |
Torne (Richard Coles) | 5f1c943 | 2014-08-12 13:47:38 +0100 | [diff] [blame] | 224 | LOG(ERROR) << "Login attempt of supervised user detected."; |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 225 | delegate_->WhiteListCheckFailed(user_context.GetUserID()); |
| 226 | return; |
| 227 | } |
| 228 | |
| 229 | SupervisedUserLoginFlow* new_flow = |
| 230 | new SupervisedUserLoginFlow(user_context.GetUserID()); |
| 231 | new_flow->set_host( |
Torne (Richard Coles) | 6e8cce6 | 2014-08-19 13:00:08 +0100 | [diff] [blame^] | 232 | ChromeUserManager::Get()->GetUserFlow(user_context.GetUserID())->host()); |
| 233 | ChromeUserManager::Get()->SetUserFlow(user_context.GetUserID(), new_flow); |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 234 | |
Torne (Richard Coles) | 6e8cce6 | 2014-08-19 13:00:08 +0100 | [diff] [blame^] | 235 | SupervisedUserAuthentication* authentication = |
| 236 | ChromeUserManager::Get()->GetSupervisedUserManager()->GetAuthentication(); |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 237 | |
| 238 | UserContext user_context_copy = authentication->TransformKey(user_context); |
| 239 | |
| 240 | if (authentication->GetPasswordSchema(user_context.GetUserID()) == |
| 241 | SupervisedUserAuthentication::SCHEMA_SALT_HASHED) { |
| 242 | if (extended_authenticator_.get()) { |
| 243 | extended_authenticator_->SetConsumer(NULL); |
| 244 | } |
| 245 | extended_authenticator_ = new ExtendedAuthenticator(this); |
| 246 | // TODO(antrim) : Replace empty callback with explicit method. |
| 247 | // http://crbug.com/351268 |
| 248 | BrowserThread::PostTask( |
| 249 | BrowserThread::UI, |
| 250 | FROM_HERE, |
| 251 | base::Bind(&ExtendedAuthenticator::AuthenticateToMount, |
| 252 | extended_authenticator_.get(), |
| 253 | user_context_copy, |
| 254 | ExtendedAuthenticator::ResultCallback())); |
| 255 | |
| 256 | } else { |
| 257 | authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| 258 | BrowserThread::PostTask( |
| 259 | BrowserThread::UI, |
| 260 | FROM_HERE, |
Torne (Richard Coles) | 5f1c943 | 2014-08-12 13:47:38 +0100 | [diff] [blame] | 261 | base::Bind(&Authenticator::LoginAsSupervisedUser, |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 262 | authenticator_.get(), |
| 263 | user_context_copy)); |
| 264 | } |
| 265 | } |
| 266 | |
| 267 | void LoginPerformer::LoginRetailMode() { |
| 268 | authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| 269 | BrowserThread::PostTask( |
| 270 | BrowserThread::UI, FROM_HERE, |
| 271 | base::Bind(&Authenticator::LoginRetailMode, authenticator_.get())); |
| 272 | } |
| 273 | |
| 274 | void LoginPerformer::LoginOffTheRecord() { |
| 275 | authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| 276 | BrowserThread::PostTask( |
| 277 | BrowserThread::UI, FROM_HERE, |
| 278 | base::Bind(&Authenticator::LoginOffTheRecord, authenticator_.get())); |
| 279 | } |
| 280 | |
Torne (Richard Coles) | 5f1c943 | 2014-08-12 13:47:38 +0100 | [diff] [blame] | 281 | void LoginPerformer::LoginAsPublicSession(const UserContext& user_context) { |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 282 | // Login is not allowed if policy could not be loaded for the account. |
| 283 | policy::BrowserPolicyConnectorChromeOS* connector = |
| 284 | g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| 285 | policy::DeviceLocalAccountPolicyService* policy_service = |
| 286 | connector->GetDeviceLocalAccountPolicyService(); |
Torne (Richard Coles) | 5f1c943 | 2014-08-12 13:47:38 +0100 | [diff] [blame] | 287 | if (!policy_service || |
| 288 | !policy_service->IsPolicyAvailableForUser(user_context.GetUserID())) { |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 289 | DCHECK(delegate_); |
| 290 | if (delegate_) |
| 291 | delegate_->PolicyLoadFailed(); |
| 292 | return; |
| 293 | } |
| 294 | |
| 295 | authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| 296 | BrowserThread::PostTask( |
| 297 | BrowserThread::UI, FROM_HERE, |
Torne (Richard Coles) | 5f1c943 | 2014-08-12 13:47:38 +0100 | [diff] [blame] | 298 | base::Bind(&Authenticator::LoginAsPublicSession, |
| 299 | authenticator_.get(), |
| 300 | user_context)); |
Torne (Richard Coles) | cedac22 | 2014-06-03 10:58:34 +0100 | [diff] [blame] | 301 | } |
| 302 | |
| 303 | void LoginPerformer::LoginAsKioskAccount(const std::string& app_user_id, |
| 304 | bool use_guest_mount) { |
| 305 | authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| 306 | BrowserThread::PostTask( |
| 307 | BrowserThread::UI, FROM_HERE, |
| 308 | base::Bind(&Authenticator::LoginAsKioskAccount, authenticator_.get(), |
| 309 | app_user_id, use_guest_mount)); |
| 310 | } |
| 311 | |
| 312 | void LoginPerformer::RecoverEncryptedData(const std::string& old_password) { |
| 313 | BrowserThread::PostTask( |
| 314 | BrowserThread::UI, FROM_HERE, |
| 315 | base::Bind(&Authenticator::RecoverEncryptedData, authenticator_.get(), |
| 316 | old_password)); |
| 317 | } |
| 318 | |
| 319 | void LoginPerformer::ResyncEncryptedData() { |
| 320 | BrowserThread::PostTask( |
| 321 | BrowserThread::UI, FROM_HERE, |
| 322 | base::Bind(&Authenticator::ResyncEncryptedData, authenticator_.get())); |
| 323 | } |
| 324 | |
| 325 | //////////////////////////////////////////////////////////////////////////////// |
| 326 | // LoginPerformer, private: |
| 327 | |
| 328 | void LoginPerformer::StartLoginCompletion() { |
| 329 | DVLOG(1) << "Login completion started"; |
| 330 | BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false); |
| 331 | Profile* profile = ProfileHelper::GetSigninProfile(); |
| 332 | |
| 333 | authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| 334 | BrowserThread::PostTask( |
| 335 | BrowserThread::UI, FROM_HERE, |
| 336 | base::Bind(&Authenticator::CompleteLogin, authenticator_.get(), |
| 337 | profile, |
| 338 | user_context_)); |
| 339 | user_context_.ClearSecrets(); |
| 340 | } |
| 341 | |
| 342 | void LoginPerformer::StartAuthentication() { |
| 343 | DVLOG(1) << "Auth started"; |
| 344 | BootTimesLoader::Get()->AddLoginTimeMarker("AuthStarted", false); |
| 345 | Profile* profile = ProfileHelper::GetSigninProfile(); |
| 346 | if (delegate_) { |
| 347 | authenticator_ = LoginUtils::Get()->CreateAuthenticator(this); |
| 348 | BrowserThread::PostTask( |
| 349 | BrowserThread::UI, FROM_HERE, |
| 350 | base::Bind(&Authenticator::AuthenticateToLogin, authenticator_.get(), |
| 351 | profile, |
| 352 | user_context_)); |
| 353 | // Make unobtrusive online check. It helps to determine password change |
| 354 | // state in the case when offline login fails. |
| 355 | online_attempt_host_.Check(profile, user_context_); |
| 356 | } else { |
| 357 | NOTREACHED(); |
| 358 | } |
| 359 | user_context_.ClearSecrets(); |
| 360 | } |
| 361 | |
| 362 | void LoginPerformer::OnlineWildcardLoginCheckCompleted( |
| 363 | policy::WildcardLoginChecker::Result result) { |
| 364 | if (result == policy::WildcardLoginChecker::RESULT_ALLOWED) { |
| 365 | StartLoginCompletion(); |
| 366 | } else { |
| 367 | if (delegate_) |
| 368 | delegate_->WhiteListCheckFailed(user_context_.GetUserID()); |
| 369 | } |
| 370 | } |
| 371 | |
| 372 | } // namespace chromeos |