chromeos: Support PIN auth for in-session auth dialog

If the submitted password looks like PIN, try authenticate the user with PIN. On failure, submit the password as normal password. This fallback to password auth is because the user may type the PIN into the password textfield (though admittedly this is a less valid use case). This behavior is consistent with ScreenLocker. Bug: b:156258540 Change-Id: I23bf097a35c6458e8f341ae105679d6d42a83c59 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2364756Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Commit-Queue: Yicheng Li <yichengli@chromium.org> Cr-Commit-Position: refs/heads/master@{#799846}

chromeos: Support PIN auth for in-session auth dialog
If the submitted password looks like PIN, try authenticate the user with PIN. On failure, submit the password as normal password. This fallback to password auth is because the user may type the PIN into the password textfield (though admittedly this is a less valid use case). This behavior is consistent with ScreenLocker. Bug: b:156258540 Change-Id: I23bf097a35c6458e8f341ae105679d6d42a83c59 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2364756Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Commit-Queue: Yicheng Li <yichengli@chromium.org> Cr-Commit-Position: refs/heads/master@{#799846}
294759b3 · Yicheng Li · Commit Bot · 2ae54e32 · 294759b3 · 294759b3
Commit 294759b3 authored Aug 19, 2020 by Yicheng Li Committed by Commit Bot Aug 19, 2020
2 changed files
--- a/chrome/browser/ui/ash/in_session_auth_dialog_client.cc
+++ b/chrome/browser/ui/ash/in_session_auth_dialog_client.cc
@@ -97,13 +97,40 @@ void InSessionAuthDialogClient::AuthenticateUserWithPasswordOrPin(
  DCHECK(!pending_auth_state_);
  pending_auth_state_.emplace(std::move(callback));

-  // TODO(yichengli): If it can be PIN, use quick unlock to attempt PIN auth.
+  if (authenticated_by_pin) {
+    chromeos::quick_unlock::PinBackend::GetInstance()->TryAuthenticate(
+        user_context.GetAccountId(), *user_context.GetKey(),
+        base::BindOnce(&InSessionAuthDialogClient::OnPinAttemptDone,
+                       weak_factory_.GetWeakPtr(), user_context));
+    // OnPinAttemptDone will call AuthenticateWithPassword if attempt fails.
+    return;
+  }

  // TODO(yichengli): If user type is SUPERVISED, use supervised authenticator?

  AuthenticateWithPassword(user_context);
 }

+void InSessionAuthDialogClient::OnPinAttemptDone(
+    const UserContext& user_context,
+    bool success) {
+  if (success) {
+    // Mark strong auth if this is cryptohome based pin.
+    if (chromeos::quick_unlock::PinBackend::GetInstance()->ShouldUseCryptohome(
+            user_context.GetAccountId())) {
+      chromeos::quick_unlock::QuickUnlockStorage* quick_unlock_storage =
+          chromeos::quick_unlock::QuickUnlockFactory::GetForAccountId(
+              user_context.GetAccountId());
+      if (quick_unlock_storage)
+        quick_unlock_storage->MarkStrongAuth();
+    }
+    OnAuthSuccess(user_context);
+  } else {
+    // PIN authentication has failed; try submitting as a normal password.
+    AuthenticateWithPassword(user_context);
+  }
+}
+
 void InSessionAuthDialogClient::AuthenticateWithPassword(
    const UserContext& user_context) {
  // TODO(crbug.com/1115120): Don't post to UI thread if it turns out to be

--- a/chrome/browser/ui/ash/in_session_auth_dialog_client.h
+++ b/chrome/browser/ui/ash/in_session_auth_dialog_client.h
@@ -63,6 +63,9 @@ class InSessionAuthDialogClient : public ash::InSessionAuthDialogClient,

  void AuthenticateWithPassword(const chromeos::UserContext& user_context);

+  void OnPinAttemptDone(const chromeos::UserContext& user_context,
+                        bool success);
+
  void OnPasswordAuthSuccess(const chromeos::UserContext& user_context);

  // Used to authenticate the user to unlock supervised users.