Fingerprint unlock should only work with primary user.

In multi-user session, only the primary user can use fingerprint authentication. Fix code that was using Active user instead. Bug: 1043283 Change-Id: I2d5b796838def792e1ee85d9533f225cb1e9fe54 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2007634Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Commit-Queue: Denis Kuznetsov [CET] <antrim@chromium.org> Cr-Commit-Position: refs/heads/master@{#733314}

Fingerprint unlock should only work with primary user.
In multi-user session, only the primary user can use fingerprint authentication. Fix code that was using Active user instead. Bug: 1043283 Change-Id: I2d5b796838def792e1ee85d9533f225cb1e9fe54 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2007634Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Commit-Queue: Denis Kuznetsov [CET] <antrim@chromium.org> Cr-Commit-Position: refs/heads/master@{#733314}
aee5e212 · Denis Kuznetsov · Commit Bot · d4f52942 · aee5e212
Commit aee5e212 authored Jan 20, 2020 by Denis Kuznetsov Committed by Commit Bot Jan 20, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 10 deletions

chrome/browser/chromeos/login/lock/screen_locker.cc chrome/browser/chromeos/login/lock/screen_locker.cc +10 -10

No files found.
--- a/chrome/browser/chromeos/login/lock/screen_locker.cc
+++ b/chrome/browser/chromeos/login/lock/screen_locker.cc
@@ -788,13 +788,13 @@ void ScreenLocker::OnAuthScanDone(
  VLOG(1) << "Receive fingerprint auth scan result. scan_result="
          << scan_result;
  unlock_attempt_type_ = AUTH_FINGERPRINT;
-  user_manager::User* active_user =
-      user_manager::UserManager::Get()->GetActiveUser();
+  const user_manager::User* primary_user =
+      user_manager::UserManager::Get()->GetPrimaryUser();
  quick_unlock::QuickUnlockStorage* quick_unlock_storage =
-      quick_unlock::QuickUnlockFactory::GetForUser(active_user);
+      quick_unlock::QuickUnlockFactory::GetForUser(primary_user);
  if (!quick_unlock_storage ||
      !quick_unlock_storage->IsFingerprintAuthenticationAvailable() ||
-      base::Contains(users_with_disabled_auth_, active_user->GetAccountId())) {
+      base::Contains(users_with_disabled_auth_, primary_user->GetAccountId())) {
    return;
  }

@@ -804,19 +804,19 @@ void ScreenLocker::OnAuthScanDone(
  if (scan_result != device::mojom::ScanResult::SUCCESS) {
    LOG(ERROR) << "Fingerprint unlock failed because scan_result="
               << scan_result;
-    OnFingerprintAuthFailure(*active_user);
+    OnFingerprintAuthFailure(*primary_user);
    return;
  }

-  UserContext user_context(*active_user);
-  if (!base::Contains(matches, active_user->username_hash())) {
-    LOG(ERROR) << "Fingerprint unlock failed because it does not match active"
+  UserContext user_context(*primary_user);
+  if (!base::Contains(matches, primary_user->username_hash())) {
+    LOG(ERROR) << "Fingerprint unlock failed because it does not match primary"
               << " user's record";
-    OnFingerprintAuthFailure(*active_user);
+    OnFingerprintAuthFailure(*primary_user);
    return;
  }
  ash::LoginScreen::Get()->GetModel()->NotifyFingerprintAuthResult(
-      active_user->GetAccountId(), true /*success*/);
+      primary_user->GetAccountId(), true /*success*/);
  VLOG(1) << "Fingerprint unlock is successful.";
  LoginScreenClient::Get()->auth_recorder()->RecordFingerprintAuthSuccess(
      true /*success*/,