[EasyUnlock] Remove double reauth with setting up EasyUnlock.

With the new ChromeOS settings page, accessing the lock screen settings requires the user to reauth with their password. This obsoletes the previous behaviour of reauthing specifically for EasyUnlock. BUG=740290 Change-Id: I4788e81a750fb36217a4de3bff8e1e5505985bc2 Reviewed-on: https://chromium-review.googlesource.com/565778 Commit-Queue: Tim Song <tengs@chromium.org> Reviewed-by: Toni Barzic <tbarzic@chromium.org> Reviewed-by: Gustavo Sacomoto <sacomoto@chromium.org> Reviewed-by: Sammie Quon <sammiequon@chromium.org> Reviewed-by: Jacob Dufault <jdufault@chromium.org> Cr-Commit-Position: refs/heads/master@{#486225}

[EasyUnlock] Remove double reauth with setting up EasyUnlock.
With the new ChromeOS settings page, accessing the lock screen settings requires the user to reauth with their password. This obsoletes the previous behaviour of reauthing specifically for EasyUnlock. BUG=740290 Change-Id: I4788e81a750fb36217a4de3bff8e1e5505985bc2 Reviewed-on: https://chromium-review.googlesource.com/565778 Commit-Queue: Tim Song <tengs@chromium.org> Reviewed-by: Toni Barzic <tbarzic@chromium.org> Reviewed-by: Gustavo Sacomoto <sacomoto@chromium.org> Reviewed-by: Sammie Quon <sammiequon@chromium.org> Reviewed-by: Jacob Dufault <jdufault@chromium.org> Cr-Commit-Position: refs/heads/master@{#486225}
3bc90915 · Tim Song · Commit Bot · bd4a286c · 3bc90915 · 3bc90915
Commit 3bc90915 authored Jul 13, 2017 by Tim Song Committed by Commit Bot Jul 13, 2017
6 changed files
--- a/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc
+++ b/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc
@@ -12,6 +12,7 @@
 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/signin/easy_unlock_service.h"
 #include "chrome/common/pref_names.h"
 #include "chromeos/login/auth/extended_authenticator.h"
 #include "chromeos/login/auth/user_context.h"
@@ -385,6 +386,9 @@ void QuickUnlockPrivateSetModesFunction::OnAuthSuccess(
  if (!AreModesEqual(initial_modes, updated_modes))
    FireEvent(updated_modes);

+  EasyUnlockService::Get(chrome_details_.GetProfile())
+      ->HandleUserReauth(user_context);
+
  Respond(ArgumentList(SetModes::Results::Create(true)));
  Release();  // Balanced in Run().
 }

--- a/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api_unittest.cc
+++ b/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api_unittest.cc
@@ -15,6 +15,8 @@
 #include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h"
 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h"
 #include "chrome/browser/extensions/extension_api_unittest.h"
+#include "chrome/browser/signin/easy_unlock_service_factory.h"
+#include "chrome/browser/signin/easy_unlock_service_regular.h"
 #include "chrome/common/pref_names.h"
 #include "chromeos/login/auth/fake_extended_authenticator.h"
 #include "extensions/browser/api_test_utils.h"
@@ -37,6 +39,33 @@ const char* kTestUserEmailHash = "testuser@gmail.com-hash";
 const char* kValidPassword = "valid";
 const char* kInvalidPassword = "invalid";

+class FakeEasyUnlockService : public EasyUnlockServiceRegular {
+ public:
+  explicit FakeEasyUnlockService(Profile* profile)
+      : EasyUnlockServiceRegular(profile), reauth_count_(0) {}
+  ~FakeEasyUnlockService() override {}
+
+  // EasyUnlockServiceRegular:
+  void HandleUserReauth(const chromeos::UserContext& user_context) override {
+    ++reauth_count_;
+  }
+
+  void ResetReauthCount() { reauth_count_ = 0; }
+
+  int reauth_count() const { return reauth_count_; }
+
+ private:
+  int reauth_count_;
+
+  DISALLOW_COPY_AND_ASSIGN(FakeEasyUnlockService);
+};
+
+std::unique_ptr<KeyedService> CreateEasyUnlockServiceForTest(
+    content::BrowserContext* context) {
+  return base::MakeUnique<FakeEasyUnlockService>(
+      Profile::FromBrowserContext(context));
+}
+
 ExtendedAuthenticator* CreateFakeAuthenticator(
    AuthStatusConsumer* auth_status_consumer) {
  AccountId account_id = AccountId::FromUserEmail(kTestUserEmail);
@@ -88,6 +117,13 @@ class QuickUnlockPrivateUnitTest : public ExtensionApiUnittest {
    modes_changed_handler_ = base::Bind(&DoNothing);
  }

+  TestingProfile* CreateProfile() override {
+    TestingProfile::Builder builder;
+    builder.AddTestingFactory(EasyUnlockServiceFactory::GetInstance(),
+                              &CreateEasyUnlockServiceForTest);
+    return builder.Build().release();
+  }
+
  // If a mode change event is raised, fail the test.
  void FailIfModesChanged() {
    modes_changed_handler_ = base::Bind(&FailIfCalled);
@@ -296,8 +332,19 @@ class QuickUnlockPrivateUnitTest : public ExtensionApiUnittest {

 // Verify that password checking works.
 TEST_F(QuickUnlockPrivateUnitTest, CheckPassword) {
+  // A successful password validation should be fed into EasyUnlock in order to
+  // prepare the setup flow.
+  FakeEasyUnlockService* easy_unlock_service =
+      static_cast<FakeEasyUnlockService*>(EasyUnlockService::Get(profile()));
+  easy_unlock_service->ResetReauthCount();
+
+  EXPECT_EQ(0, easy_unlock_service->reauth_count());
  EXPECT_TRUE(CheckPassword(kValidPassword));
+  EXPECT_EQ(1, easy_unlock_service->reauth_count());
+
+  easy_unlock_service->ResetReauthCount();
  EXPECT_FALSE(CheckPassword(kInvalidPassword));
+  EXPECT_EQ(0, easy_unlock_service->reauth_count());
 }

 // Verifies that this returns PIN for GetAvailableModes.

--- a/chrome/browser/signin/easy_unlock_service.cc
+++ b/chrome/browser/signin/easy_unlock_service.cc
@@ -61,6 +61,7 @@
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/power_manager_client.h"
+#include "chromeos/login/auth/user_context.h"
 #include "components/session_manager/core/session_manager.h"
 #include "components/signin/core/account_id/account_id.h"
 #endif
@@ -844,6 +845,9 @@ void EasyUnlockService::OnCryptohomeKeysFetchedForChecking(
                        : EasyUnlockScreenlockStateHandler::PAIRING_CHANGED);
  }
 }
+
+void EasyUnlockService::HandleUserReauth(
+    const chromeos::UserContext& user_context) {}
 #endif

 void EasyUnlockService::PrepareForSuspend() {

--- a/chrome/browser/signin/easy_unlock_service.h
+++ b/chrome/browser/signin/easy_unlock_service.h
@@ -33,6 +33,12 @@ class DictionaryValue;
 class ListValue;
 }

+#if defined(OS_CHROMEOS)
+namespace chromeos {
+class UserContext;
+}
+#endif
+
 namespace user_manager {
 class User;
 }
@@ -206,6 +212,12 @@ class EasyUnlockService : public KeyedService {
  // initiated by the Easy Unlock app.
  void RecordClickOnLockIcon();

+#if defined(OS_CHROMEOS)
+  // Called when the user reauths (e.g. in chrome://settings) so we can cache
+  // the user context for the setup flow.
+  virtual void HandleUserReauth(const chromeos::UserContext& user_context);
+#endif
+
  void AddObserver(EasyUnlockServiceObserver* observer);
  void RemoveObserver(EasyUnlockServiceObserver* observer);


--- a/chrome/browser/signin/easy_unlock_service_regular.cc
+++ b/chrome/browser/signin/easy_unlock_service_regular.cc
@@ -198,7 +198,7 @@ void EasyUnlockServiceRegular::LaunchSetup() {
    OpenSetupApp();
  } else {
    bool reauth_success = chromeos::EasyUnlockReauth::ReauthForUserContext(
-        base::Bind(&EasyUnlockServiceRegular::OnUserContextFromReauth,
+        base::Bind(&EasyUnlockServiceRegular::OpenSetupAppAfterReauth,
                   weak_ptr_factory_.GetWeakPtr()));
    if (!reauth_success)
      OpenSetupApp();
@@ -209,13 +209,20 @@ void EasyUnlockServiceRegular::LaunchSetup() {
 }

 #if defined(OS_CHROMEOS)
-void EasyUnlockServiceRegular::OnUserContextFromReauth(
+void EasyUnlockServiceRegular::HandleUserReauth(
    const chromeos::UserContext& user_context) {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  // Cache the user context for the next X minutes, so the user doesn't have to
+  // reauth again.
  short_lived_user_context_.reset(new chromeos::ShortLivedUserContext(
      user_context,
      apps::AppLifetimeMonitorFactory::GetForBrowserContext(profile()),
      base::ThreadTaskRunnerHandle::Get().get()));
+}
+
+void EasyUnlockServiceRegular::OpenSetupAppAfterReauth(
+    const chromeos::UserContext& user_context) {
+  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  HandleUserReauth(user_context);

  OpenSetupApp();


--- a/chrome/browser/signin/easy_unlock_service_regular.h
+++ b/chrome/browser/signin/easy_unlock_service_regular.h
@@ -88,6 +88,9 @@ class EasyUnlockServiceRegular
  bool IsAllowedInternal() const override;
  void OnWillFinalizeUnlock(bool success) override;
  void OnSuspendDoneInternal() override;
+#if defined(OS_CHROMEOS)
+  void HandleUserReauth(const chromeos::UserContext& user_context) override;
+#endif

  // CryptAuthDeviceManager::Observer:
  void OnSyncFinished(
@@ -117,7 +120,7 @@ class EasyUnlockServiceRegular
 #if defined(OS_CHROMEOS)
  // Called with the user's credentials (e.g. username and password) after the
  // user reauthenticates to begin setup.
-  void OnUserContextFromReauth(const chromeos::UserContext& user_context);
+  void OpenSetupAppAfterReauth(const chromeos::UserContext& user_context);

  // Called after a cryptohome RemoveKey or RefreshKey operation to set the
  // proper hardlock state if the operation is successful.