cros: Show fingerprint on lock if user can authenticate in multi-user setups

If the lock screen was shown on the non-primary user, fingerprint auth would not display because it only checked the primary user. Bug: 882688 Change-Id: Ibbc479f4e393f587594b3915d8afe3492246c303 Reviewed-on: https://chromium-review.googlesource.com/c/1272026Reviewed-by: Steven Bennetts <stevenjb@chromium.org> Reviewed-by: Sammie Quon <sammiequon@chromium.org> Commit-Queue: Jacob Dufault <jdufault@chromium.org> Cr-Commit-Position: refs/heads/master@{#599320}

cros: Show fingerprint on lock if user can authenticate in multi-user setups
If the lock screen was shown on the non-primary user, fingerprint auth would not display because it only checked the primary user. Bug: 882688 Change-Id: Ibbc479f4e393f587594b3915d8afe3492246c303 Reviewed-on: https://chromium-review.googlesource.com/c/1272026Reviewed-by: Steven Bennetts <stevenjb@chromium.org> Reviewed-by: Sammie Quon <sammiequon@chromium.org> Commit-Queue: Jacob Dufault <jdufault@chromium.org> Cr-Commit-Position: refs/heads/master@{#599320}
845a997f · Jacob Dufault · Commit Bot · 7e091c40 · 845a997f · 845a997f
Commit 845a997f authored Oct 12, 2018 by Jacob Dufault Committed by Commit Bot Oct 12, 2018
9 changed files
--- a/chrome/browser/chromeos/login/quick_unlock/fingerprint_storage.cc
+++ b/chrome/browser/chromeos/login/quick_unlock/fingerprint_storage.cc
@@ -5,6 +5,7 @@
 #include "chrome/browser/chromeos/login/quick_unlock/fingerprint_storage.h"
 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h"
+#include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
 #include "components/prefs/pref_registry_simple.h"
 #include "components/prefs/pref_service.h"
@@ -17,17 +18,18 @@ void FingerprintStorage::RegisterProfilePrefs(PrefRegistrySimple* registry) {
  registry->RegisterIntegerPref(prefs::kQuickUnlockFingerprintRecord, 0);
 }
-FingerprintStorage::FingerprintStorage(PrefService* pref_service)
+FingerprintStorage::FingerprintStorage(Profile* profile) : profile_(profile) {}
-    : pref_service_(pref_service) {}
 FingerprintStorage::~FingerprintStorage() {}
 bool FingerprintStorage::IsFingerprintAvailable() const {
-  return !ExceededUnlockAttempts() && IsFingerprintEnabled() && HasRecord();
+  return !ExceededUnlockAttempts() && IsFingerprintEnabled(profile_) &&
+         HasRecord();
 }
 bool FingerprintStorage::HasRecord() const {
-  return pref_service_->GetInteger(prefs::kQuickUnlockFingerprintRecord) != 0;
+  return profile_->GetPrefs()->GetInteger(
+             prefs::kQuickUnlockFingerprintRecord) != 0;
 }
 void FingerprintStorage::AddUnlockAttempt() {

--- a/chrome/browser/chromeos/login/quick_unlock/fingerprint_storage.h
+++ b/chrome/browser/chromeos/login/quick_unlock/fingerprint_storage.h
@@ -8,7 +8,7 @@
 #include "base/time/time.h"
 class PrefRegistrySimple;
-class PrefService;
+class Profile;
 namespace chromeos {
@@ -25,7 +25,7 @@ class FingerprintStorage {
  // Registers profile prefs.
  static void RegisterProfilePrefs(PrefRegistrySimple* registry);
-  explicit FingerprintStorage(PrefService* pref_service);
+  explicit FingerprintStorage(Profile* profile);
  ~FingerprintStorage();
  // Returns true if fingerprint unlock is currently available.
@@ -50,7 +50,7 @@ class FingerprintStorage {
  friend class chromeos::FingerprintStorageTestApi;
  friend class QuickUnlockStorage;
-  PrefService* pref_service_;
+  Profile* const profile_;
  // Number of fingerprint unlock attempt.
  int unlock_attempt_count_ = 0;

--- a/chrome/browser/chromeos/login/quick_unlock/quick_unlock_factory.cc
+++ b/chrome/browser/chromeos/login/quick_unlock/quick_unlock_factory.cc
@@ -55,8 +55,7 @@ QuickUnlockFactory::~QuickUnlockFactory() {}
 KeyedService* QuickUnlockFactory::BuildServiceInstanceFor(
    content::BrowserContext* context) const {
-  return new QuickUnlockStorage(
+  return new QuickUnlockStorage(Profile::FromBrowserContext(context));
-      Profile::FromBrowserContext(context)->GetPrefs());
 }
 }  // namespace quick_unlock

--- a/chrome/browser/chromeos/login/quick_unlock/quick_unlock_storage.cc
+++ b/chrome/browser/chromeos/login/quick_unlock/quick_unlock_storage.cc
@@ -8,6 +8,7 @@
 #include "base/time/time.h"
 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h"
+#include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
 #include "components/prefs/pref_service.h"
@@ -25,10 +26,9 @@ base::TimeDelta GetStrongAuthTimeout(PrefService* pref_service) {
 }  // namespace
-QuickUnlockStorage::QuickUnlockStorage(PrefService* pref_service)
+QuickUnlockStorage::QuickUnlockStorage(Profile* profile) : profile_(profile) {
-    : pref_service_(pref_service) {
+  fingerprint_storage_ = std::make_unique<FingerprintStorage>(profile);
-  fingerprint_storage_ = std::make_unique<FingerprintStorage>(pref_service);
+  pin_storage_prefs_ = std::make_unique<PinStoragePrefs>(profile->GetPrefs());
-  pin_storage_prefs_ = std::make_unique<PinStoragePrefs>(pref_service);
 }
 QuickUnlockStorage::~QuickUnlockStorage() {}
@@ -42,7 +42,7 @@ void QuickUnlockStorage::MarkStrongAuth() {
 bool QuickUnlockStorage::HasStrongAuth() const {
  if (last_strong_auth_.is_null())
    return false;
-  return TimeSinceLastStrongAuth() < GetStrongAuthTimeout(pref_service_);
+  return TimeSinceLastStrongAuth() < GetStrongAuthTimeout(profile_->GetPrefs());
 }
 base::TimeDelta QuickUnlockStorage::TimeSinceLastStrongAuth() const {
@@ -52,7 +52,7 @@ base::TimeDelta QuickUnlockStorage::TimeSinceLastStrongAuth() const {
 base::TimeDelta QuickUnlockStorage::TimeUntilNextStrongAuth() const {
  DCHECK(!last_strong_auth_.is_null());
-  return GetStrongAuthTimeout(pref_service_) - TimeSinceLastStrongAuth();
+  return GetStrongAuthTimeout(profile_->GetPrefs()) - TimeSinceLastStrongAuth();
 }
 bool QuickUnlockStorage::IsFingerprintAuthenticationAvailable() const {

--- a/chrome/browser/chromeos/login/quick_unlock/quick_unlock_storage.h
+++ b/chrome/browser/chromeos/login/quick_unlock/quick_unlock_storage.h
@@ -11,7 +11,7 @@
 #include "chromeos/login/auth/user_context.h"
 #include "components/keyed_service/core/keyed_service.h"
-class PrefService;
+class Profile;
 namespace base {
 class Time;
@@ -29,7 +29,7 @@ namespace quick_unlock {
 // authentication used by Settings).
 class QuickUnlockStorage : public KeyedService {
 public:
-  explicit QuickUnlockStorage(PrefService* pref_service);
+  explicit QuickUnlockStorage(Profile* profile);
  ~QuickUnlockStorage() override;
  // Mark that the user has had a strong authentication. This means
@@ -89,7 +89,7 @@ class QuickUnlockStorage : public KeyedService {
  // KeyedService:
  void Shutdown() override;
-  PrefService* pref_service_;
+  Profile* const profile_;
  base::TimeTicks last_strong_auth_;
  std::unique_ptr<FingerprintStorage> fingerprint_storage_;
  std::unique_ptr<PinStoragePrefs> pin_storage_prefs_;

--- a/chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.cc
+++ b/chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.cc
@@ -108,17 +108,15 @@ bool IsPinEnabled(PrefService* pref_service) {
  return base::FeatureList::IsEnabled(features::kQuickUnlockPin);
 }
-bool IsFingerprintEnabled() {
+bool IsFingerprintEnabled(Profile* profile) {
  if (enable_for_testing_)
    return true;
-  // Disable fingerprint for secondary user.
+  // Disable fingerprint if the profile does not belong to the primary user.
-  user_manager::UserManager* user_manager = user_manager::UserManager::Get();
+  if (profile != ProfileManager::GetPrimaryUserProfile())
-  if (user_manager->GetActiveUser() != user_manager->GetPrimaryUser())
    return false;
-  // Disable fingerprint if forbidden by policy.
+  // Disable fingerprint if disallowed by policy.
-  const Profile* profile = ProfileManager::GetPrimaryUserProfile();
  if (IsFingerprintDisabledByPolicy(profile->GetPrefs()))
    return false;

--- a/chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h
+++ b/chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h
@@ -11,6 +11,7 @@ class TimeDelta;
 class PrefRegistrySimple;
 class PrefService;
+class Profile;
 namespace chromeos {
 namespace quick_unlock {
@@ -38,8 +39,8 @@ bool IsPinDisabledByPolicy(PrefService* pref_service);
 // Returns true if the quick unlock feature flag is present.
 bool IsPinEnabled(PrefService* pref_service);
-// Returns true if the fingerprint is allowed for the current active user.
+// Returns true if the fingerprint is allowed for specified profile.
-bool IsFingerprintEnabled();
+bool IsFingerprintEnabled(Profile* profile);
 // Forcibly enable all quick-unlock modes for testing.
 void EnableForTesting();

--- a/chrome/browser/chromeos/login/wizard_controller.cc
+++ b/chrome/browser/chromeos/login/wizard_controller.cc
@@ -1132,10 +1132,12 @@ void WizardController::OnDiscoverScreenFinished() {
 }
 void WizardController::OnMarketingOptInFinished() {
-  if (chromeos::quick_unlock::IsFingerprintEnabled())
+  if (chromeos::quick_unlock::IsFingerprintEnabled(
+          ProfileManager::GetActiveUserProfile())) {
    ShowFingerprintSetupScreen();
-  else
+  } else {
    ShowArcTermsOfServiceScreen();
+  }
 }
 void WizardController::OnFingerprintSetupFinished() {

--- a/chrome/browser/ui/webui/settings/md_settings_ui.cc
+++ b/chrome/browser/ui/webui/settings/md_settings_ui.cc
@@ -313,8 +313,9 @@ MdSettingsUI::MdSettingsUI(content::WebUI* web_ui)
  html_source->AddBoolean(
      "quickUnlockDisabledByPolicy",
      chromeos::quick_unlock::IsPinDisabledByPolicy(profile->GetPrefs()));
-  html_source->AddBoolean("fingerprintUnlockEnabled",
+  html_source->AddBoolean(
-                          chromeos::quick_unlock::IsFingerprintEnabled());
+      "fingerprintUnlockEnabled",
+      chromeos::quick_unlock::IsFingerprintEnabled(profile));
  html_source->AddBoolean("lockScreenNotificationsEnabled",
                          ash::features::IsLockScreenNotificationsEnabled());
  html_source->AddBoolean(