cros: Show fingerprint on lock if user can authenticate in multi-user setups

If the lock screen was shown on the non-primary user, fingerprint auth would not
display because it only checked the primary user.

Bug: 882688
Change-Id: Ibbc479f4e393f587594b3915d8afe3492246c303
Reviewed-on: https://chromium-review.googlesource.com/c/1272026Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Reviewed-by: Sammie Quon <sammiequon@chromium.org>
Commit-Queue: Jacob Dufault <jdufault@chromium.org>
Cr-Commit-Position: refs/heads/master@{#599320}

chrome/browser/chromeos/login/quick_unlock/fingerprint_storage.cc

@@ -5,6 +5,7 @@
 #include "chrome/browser/chromeos/login/quick_unlock/fingerprint_storage.h"
 
 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h"
+#include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
 #include "components/prefs/pref_registry_simple.h"
 #include "components/prefs/pref_service.h"
@@ -17,17 +18,18 @@ void FingerprintStorage::RegisterProfilePrefs(PrefRegistrySimple* registry) {
   registry->RegisterIntegerPref(prefs::kQuickUnlockFingerprintRecord, 0);
 }
 
-FingerprintStorage::FingerprintStorage(PrefService* pref_service)
-    : pref_service_(pref_service) {}
+FingerprintStorage::FingerprintStorage(Profile* profile) : profile_(profile) {}
 
 FingerprintStorage::~FingerprintStorage() {}
 
 bool FingerprintStorage::IsFingerprintAvailable() const {
-  return !ExceededUnlockAttempts() && IsFingerprintEnabled() && HasRecord();
+  return !ExceededUnlockAttempts() && IsFingerprintEnabled(profile_) &&
+         HasRecord();
 }
 
 bool FingerprintStorage::HasRecord() const {
-  return pref_service_->GetInteger(prefs::kQuickUnlockFingerprintRecord) != 0;
+  return profile_->GetPrefs()->GetInteger(
+             prefs::kQuickUnlockFingerprintRecord) != 0;
 }
 
 void FingerprintStorage::AddUnlockAttempt() {

chrome/browser/chromeos/login/quick_unlock/fingerprint_storage.h

@@ -8,7 +8,7 @@
 #include "base/time/time.h"
 
 class PrefRegistrySimple;
-class PrefService;
+class Profile;
 
 namespace chromeos {
 
@@ -25,7 +25,7 @@ class FingerprintStorage {
   // Registers profile prefs.
   static void RegisterProfilePrefs(PrefRegistrySimple* registry);
 
-  explicit FingerprintStorage(PrefService* pref_service);
+  explicit FingerprintStorage(Profile* profile);
   ~FingerprintStorage();
 
   // Returns true if fingerprint unlock is currently available.
@@ -50,7 +50,7 @@ class FingerprintStorage {
   friend class chromeos::FingerprintStorageTestApi;
   friend class QuickUnlockStorage;
 
-  PrefService* pref_service_;
+  Profile* const profile_;
   // Number of fingerprint unlock attempt.
   int unlock_attempt_count_ = 0;
 

chrome/browser/chromeos/login/quick_unlock/quick_unlock_factory.cc

@@ -55,8 +55,7 @@ QuickUnlockFactory::~QuickUnlockFactory() {}
 
 KeyedService* QuickUnlockFactory::BuildServiceInstanceFor(
     content::BrowserContext* context) const {
-  return new QuickUnlockStorage(
-      Profile::FromBrowserContext(context)->GetPrefs());
+  return new QuickUnlockStorage(Profile::FromBrowserContext(context));
 }
 
 }  // namespace quick_unlock

chrome/browser/chromeos/login/quick_unlock/quick_unlock_storage.cc

@@ -8,6 +8,7 @@
 
 #include "base/time/time.h"
 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h"
+#include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
 #include "components/prefs/pref_service.h"
 
@@ -25,10 +26,9 @@ base::TimeDelta GetStrongAuthTimeout(PrefService* pref_service) {
 
 }  // namespace
 
-QuickUnlockStorage::QuickUnlockStorage(PrefService* pref_service)
-    : pref_service_(pref_service) {
-  fingerprint_storage_ = std::make_unique<FingerprintStorage>(pref_service);
-  pin_storage_prefs_ = std::make_unique<PinStoragePrefs>(pref_service);
+QuickUnlockStorage::QuickUnlockStorage(Profile* profile) : profile_(profile) {
+  fingerprint_storage_ = std::make_unique<FingerprintStorage>(profile);
+  pin_storage_prefs_ = std::make_unique<PinStoragePrefs>(profile->GetPrefs());
 }
 
 QuickUnlockStorage::~QuickUnlockStorage() {}
@@ -42,7 +42,7 @@ void QuickUnlockStorage::MarkStrongAuth() {
 bool QuickUnlockStorage::HasStrongAuth() const {
   if (last_strong_auth_.is_null())
     return false;
-  return TimeSinceLastStrongAuth() < GetStrongAuthTimeout(pref_service_);
+  return TimeSinceLastStrongAuth() < GetStrongAuthTimeout(profile_->GetPrefs());
 }
 
 base::TimeDelta QuickUnlockStorage::TimeSinceLastStrongAuth() const {
@@ -52,7 +52,7 @@ base::TimeDelta QuickUnlockStorage::TimeSinceLastStrongAuth() const {
 
 base::TimeDelta QuickUnlockStorage::TimeUntilNextStrongAuth() const {
   DCHECK(!last_strong_auth_.is_null());
-  return GetStrongAuthTimeout(pref_service_) - TimeSinceLastStrongAuth();
+  return GetStrongAuthTimeout(profile_->GetPrefs()) - TimeSinceLastStrongAuth();
 }
 
 bool QuickUnlockStorage::IsFingerprintAuthenticationAvailable() const {

chrome/browser/chromeos/login/quick_unlock/quick_unlock_storage.h

@@ -11,7 +11,7 @@
 #include "chromeos/login/auth/user_context.h"
 #include "components/keyed_service/core/keyed_service.h"
 
-class PrefService;
+class Profile;
 
 namespace base {
 class Time;
@@ -29,7 +29,7 @@ namespace quick_unlock {
 // authentication used by Settings).
 class QuickUnlockStorage : public KeyedService {
  public:
-  explicit QuickUnlockStorage(PrefService* pref_service);
+  explicit QuickUnlockStorage(Profile* profile);
   ~QuickUnlockStorage() override;
 
   // Mark that the user has had a strong authentication. This means
@@ -89,7 +89,7 @@ class QuickUnlockStorage : public KeyedService {
   // KeyedService:
   void Shutdown() override;
 
-  PrefService* pref_service_;
+  Profile* const profile_;
   base::TimeTicks last_strong_auth_;
   std::unique_ptr<FingerprintStorage> fingerprint_storage_;
   std::unique_ptr<PinStoragePrefs> pin_storage_prefs_;

chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.cc

@@ -108,17 +108,15 @@ bool IsPinEnabled(PrefService* pref_service) {
   return base::FeatureList::IsEnabled(features::kQuickUnlockPin);
 }
 
-bool IsFingerprintEnabled() {
+bool IsFingerprintEnabled(Profile* profile) {
   if (enable_for_testing_)
     return true;
 
-  // Disable fingerprint for secondary user.
-  user_manager::UserManager* user_manager = user_manager::UserManager::Get();
-  if (user_manager->GetActiveUser() != user_manager->GetPrimaryUser())
+  // Disable fingerprint if the profile does not belong to the primary user.
+  if (profile != ProfileManager::GetPrimaryUserProfile())
     return false;
 
-  // Disable fingerprint if forbidden by policy.
-  const Profile* profile = ProfileManager::GetPrimaryUserProfile();
+  // Disable fingerprint if disallowed by policy.
   if (IsFingerprintDisabledByPolicy(profile->GetPrefs()))
     return false;
 

chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h

@@ -11,6 +11,7 @@ class TimeDelta;
 
 class PrefRegistrySimple;
 class PrefService;
+class Profile;
 
 namespace chromeos {
 namespace quick_unlock {
@@ -38,8 +39,8 @@ bool IsPinDisabledByPolicy(PrefService* pref_service);
 // Returns true if the quick unlock feature flag is present.
 bool IsPinEnabled(PrefService* pref_service);
 
-// Returns true if the fingerprint is allowed for the current active user.
-bool IsFingerprintEnabled();
+// Returns true if the fingerprint is allowed for specified profile.
+bool IsFingerprintEnabled(Profile* profile);
 
 // Forcibly enable all quick-unlock modes for testing.
 void EnableForTesting();

chrome/browser/chromeos/login/wizard_controller.cc

@@ -1013,7 +1013,7 @@ void WizardController::OnEulaAccepted() {
 }
 
 void WizardController::OnEulaBack() {
-    ShowNetworkScreen();
+  ShowNetworkScreen();
 }
 
 void WizardController::OnChangedMetricsReportingState(bool enabled) {
@@ -1132,10 +1132,12 @@ void WizardController::OnDiscoverScreenFinished() {
 }
 
 void WizardController::OnMarketingOptInFinished() {
-  if (chromeos::quick_unlock::IsFingerprintEnabled())
+  if (chromeos::quick_unlock::IsFingerprintEnabled(
+          ProfileManager::GetActiveUserProfile())) {
     ShowFingerprintSetupScreen();
-  else
+  } else {
     ShowArcTermsOfServiceScreen();
+  }
 }
 
 void WizardController::OnFingerprintSetupFinished() {

chrome/browser/ui/webui/settings/md_settings_ui.cc

@@ -313,8 +313,9 @@ MdSettingsUI::MdSettingsUI(content::WebUI* web_ui)
   html_source->AddBoolean(
       "quickUnlockDisabledByPolicy",
       chromeos::quick_unlock::IsPinDisabledByPolicy(profile->GetPrefs()));
-  html_source->AddBoolean("fingerprintUnlockEnabled",
-                          chromeos::quick_unlock::IsFingerprintEnabled());
+  html_source->AddBoolean(
+      "fingerprintUnlockEnabled",
+      chromeos::quick_unlock::IsFingerprintEnabled(profile));
   html_source->AddBoolean("lockScreenNotificationsEnabled",
                           ash::features::IsLockScreenNotificationsEnabled());
   html_source->AddBoolean(