ProximityAuth: Remove unused flag kEnableForcePasswordReauth.

R=hansberry@chromium.org

Bug: 724717
Test: none
Change-Id: I5ed5b564cf92b1fd95101a8614e1717c468b314a
Reviewed-on: https://chromium-review.googlesource.com/1109309Reviewed-by: Ryan Hansberry <hansberry@chromium.org>
Commit-Queue: James Hawkins <jhawkins@chromium.org>
Cr-Commit-Position: refs/heads/master@{#569336}

chrome/browser/chromeos/login/easy_unlock/easy_unlock_service_regular.cc

@@ -644,16 +644,6 @@ void EasyUnlockServiceRegular::OnScreenDidLock(
 
 void EasyUnlockServiceRegular::OnScreenDidUnlock(
     proximity_auth::ScreenlockBridge::LockHandler::ScreenType screen_type) {
-  if (!will_unlock_using_easy_unlock_ && pref_manager_ &&
-      base::CommandLine::ForCurrentProcess()->HasSwitch(
-          proximity_auth::switches::kEnableForcePasswordReauth)) {
-    // If a password was used, then record the current timestamp. This timestamp
-    // is used to enforce password reauths after a certain time has elapsed.
-    // Note: This code path is also triggered by the login flow.
-    pref_manager_->SetLastPasswordEntryTimestampMs(
-        base::Time::Now().ToJavaTime());
-  }
-
   // If we tried to load remote devices (e.g. after a sync or the
   // service was initialized) while the screen was locked, we can now
   // load the new remote devices.

chromeos/components/proximity_auth/proximity_auth_local_state_pref_manager.cc

@@ -45,17 +45,6 @@ void ProximityAuthLocalStatePrefManager::SetActiveUser(
   active_user_ = active_user;
 }
 
-void ProximityAuthLocalStatePrefManager::SetLastPasswordEntryTimestampMs(
-    int64_t timestamp_ms) {
-  NOTREACHED();
-}
-
-int64_t ProximityAuthLocalStatePrefManager::GetLastPasswordEntryTimestampMs()
-    const {
-  NOTREACHED();
-  return 0;
-}
-
 void ProximityAuthLocalStatePrefManager::SetLastPromotionCheckTimestampMs(
     int64_t timestamp_ms) {
   NOTREACHED();

chromeos/components/proximity_auth/proximity_auth_local_state_pref_manager.h

@@ -52,8 +52,6 @@ class ProximityAuthLocalStatePrefManager : public ProximityAuthPrefManager {
   // ProximityAuthPrefManager:
   void SetIsEasyUnlockEnabled(bool is_easy_unlock_enabled) const override;
   void SetEasyUnlockEnabledStateSet() const override;
-  void SetLastPasswordEntryTimestampMs(int64_t timestamp_ms) override;
-  int64_t GetLastPasswordEntryTimestampMs() const override;
   void SetLastPromotionCheckTimestampMs(int64_t timestamp_ms) override;
   int64_t GetLastPromotionCheckTimestampMs() const override;
   void SetPromotionShownCount(int count) override;

chromeos/components/proximity_auth/proximity_auth_pref_manager.h

@@ -38,12 +38,6 @@ class ProximityAuthPrefManager {
   virtual void SetEasyUnlockEnabledStateSet() const = 0;
   virtual bool IsEasyUnlockEnabledStateSet() const = 0;
 
-  // Setter and getter for the timestamp of the last password entry. This
-  // preference is used to enforce reauthing with the password after a given
-  // time period has elapsed.
-  virtual void SetLastPasswordEntryTimestampMs(int64_t timestamp_ms) = 0;
-  virtual int64_t GetLastPasswordEntryTimestampMs() const = 0;
-
   // Setter and getter for the timestamp of the last time the promotion was
   // shown to the user.
   virtual void SetLastPromotionCheckTimestampMs(int64_t timestamp_ms) = 0;

chromeos/components/proximity_auth/proximity_auth_pref_names.cc

@@ -34,11 +34,6 @@ const char kEasyUnlockLocalStateUserPrefs[] = "easy_unlock.user_prefs";
 const char kProximityAuthIsChromeOSLoginEnabled[] =
     "proximity_auth.is_chromeos_login_enabled";
 
-// The timestamp of the last password entry in milliseconds, used to enforce
-// reauthing with the password after a given time period has elapsed.
-const char kProximityAuthLastPasswordEntryTimestampMs[] =
-    "proximity_auth.last_password_entry_timestamp_ms";
-
 // The timestamp of the last promotion check in milliseconds.
 const char kProximityAuthLastPromotionCheckTimestampMs[] =
     "proximity_auth.last_promotion_check_timestamp_ms";

chromeos/components/proximity_auth/proximity_auth_pref_names.h

@@ -13,7 +13,6 @@ extern const char kEasyUnlockEnabled[];
 extern const char kEasyUnlockEnabledStateSet[];
 extern const char kEasyUnlockProximityThreshold[];
 extern const char kEasyUnlockLocalStateUserPrefs[];
-extern const char kProximityAuthLastPasswordEntryTimestampMs[];
 extern const char kProximityAuthLastPromotionCheckTimestampMs[];
 extern const char kProximityAuthPromotionShownCount[];
 extern const char kProximityAuthRemoteBleDevices[];

chromeos/components/proximity_auth/proximity_auth_profile_pref_manager.cc

@@ -32,8 +32,6 @@ void ProximityAuthProfilePrefManager::RegisterPrefs(
   registry->RegisterBooleanPref(prefs::kEasyUnlockAllowed, true);
   registry->RegisterBooleanPref(prefs::kEasyUnlockEnabled, false);
   registry->RegisterBooleanPref(prefs::kEasyUnlockEnabledStateSet, false);
-  registry->RegisterInt64Pref(prefs::kProximityAuthLastPasswordEntryTimestampMs,
-                              0L);
   registry->RegisterInt64Pref(
       prefs::kProximityAuthLastPromotionCheckTimestampMs, 0L);
   registry->RegisterIntegerPref(prefs::kProximityAuthPromotionShownCount, 0);
@@ -112,18 +110,6 @@ bool ProximityAuthProfilePrefManager::IsEasyUnlockEnabledStateSet() const {
   return pref_service_->GetBoolean(prefs::kEasyUnlockEnabledStateSet);
 }
 
-void ProximityAuthProfilePrefManager::SetLastPasswordEntryTimestampMs(
-    int64_t timestamp_ms) {
-  pref_service_->SetInt64(prefs::kProximityAuthLastPasswordEntryTimestampMs,
-                          timestamp_ms);
-}
-
-int64_t ProximityAuthProfilePrefManager::GetLastPasswordEntryTimestampMs()
-    const {
-  return pref_service_->GetInt64(
-      prefs::kProximityAuthLastPasswordEntryTimestampMs);
-}
-
 void ProximityAuthProfilePrefManager::SetLastPromotionCheckTimestampMs(
     int64_t timestamp_ms) {
   pref_service_->SetInt64(prefs::kProximityAuthLastPromotionCheckTimestampMs,

chromeos/components/proximity_auth/proximity_auth_profile_pref_manager.h

@@ -52,8 +52,6 @@ class ProximityAuthProfilePrefManager : public ProximityAuthPrefManager {
   bool IsEasyUnlockEnabled() const override;
   void SetEasyUnlockEnabledStateSet() const override;
   bool IsEasyUnlockEnabledStateSet() const override;
-  void SetLastPasswordEntryTimestampMs(int64_t timestamp_ms) override;
-  int64_t GetLastPasswordEntryTimestampMs() const override;
   void SetLastPromotionCheckTimestampMs(int64_t timestamp_ms) override;
   int64_t GetLastPromotionCheckTimestampMs() const override;
   void SetPromotionShownCount(int count) override;

chromeos/components/proximity_auth/proximity_auth_profile_pref_manager_unittest.cc

@@ -22,9 +22,6 @@ namespace {
 
 const char kUserEmail[] = "testuser@example.com";
 
-const int64_t kPasswordEntryTimestampMs1 = 123456789L;
-const int64_t kPasswordEntryTimestampMs2 = 987654321L;
-
 const int64_t kPromotionCheckTimestampMs1 = 1111111111L;
 const int64_t kPromotionCheckTimestampMs2 = 2222222222L;
 
@@ -69,17 +66,6 @@ TEST_F(ProximityAuthProfilePrefManagerTest, IsEasyUnlockEnabled) {
   EXPECT_FALSE(pref_manager.IsEasyUnlockEnabled());
 }
 
-TEST_F(ProximityAuthProfilePrefManagerTest, LastPasswordEntryTimestamp) {
-  ProximityAuthProfilePrefManager pref_manager(&pref_service_);
-  EXPECT_EQ(0L, pref_manager.GetLastPasswordEntryTimestampMs());
-  pref_manager.SetLastPasswordEntryTimestampMs(kPasswordEntryTimestampMs1);
-  EXPECT_EQ(kPasswordEntryTimestampMs1,
-            pref_manager.GetLastPasswordEntryTimestampMs());
-  pref_manager.SetLastPasswordEntryTimestampMs(kPasswordEntryTimestampMs2);
-  EXPECT_EQ(kPasswordEntryTimestampMs2,
-            pref_manager.GetLastPasswordEntryTimestampMs());
-}
-
 TEST_F(ProximityAuthProfilePrefManagerTest, LastPromotionCheckTimestamp) {
   ProximityAuthProfilePrefManager pref_manager(&pref_service_);
   EXPECT_EQ(0L, pref_manager.GetLastPromotionCheckTimestampMs());

chromeos/components/proximity_auth/proximity_auth_system.cc

@@ -6,7 +6,6 @@
 
 #include "base/command_line.h"
 #include "base/threading/thread_task_runner_handle.h"
-#include "base/time/default_clock.h"
 #include "chromeos/components/proximity_auth/logging/logging.h"
 #include "chromeos/components/proximity_auth/proximity_auth_client.h"
 #include "chromeos/components/proximity_auth/proximity_auth_profile_pref_manager.h"
@@ -16,20 +15,11 @@
 
 namespace proximity_auth {
 
-namespace {
-
-// The maximum number of hours permitted before the user is forced is use their
-// password to authenticate.
-const int64_t kPasswordReauthPeriodHours = 20;
-
-}  // namespace
-
 ProximityAuthSystem::ProximityAuthSystem(
     ScreenlockType screenlock_type,
     ProximityAuthClient* proximity_auth_client)
     : screenlock_type_(screenlock_type),
       proximity_auth_client_(proximity_auth_client),
-      clock_(base::DefaultClock::GetInstance()),
       pref_manager_(proximity_auth_client->GetPrefManager()),
       unlock_manager_(new UnlockManagerImpl(screenlock_type,
                                             proximity_auth_client_,
@@ -42,11 +32,9 @@ ProximityAuthSystem::ProximityAuthSystem(
     ScreenlockType screenlock_type,
     ProximityAuthClient* proximity_auth_client,
     std::unique_ptr<UnlockManager> unlock_manager,
-    base::Clock* clock,
     ProximityAuthPrefManager* pref_manager)
     : screenlock_type_(screenlock_type),
       proximity_auth_client_(proximity_auth_client),
-      clock_(clock),
       pref_manager_(pref_manager),
       unlock_manager_(std::move(unlock_manager)),
       suspended_(false),
@@ -172,13 +160,6 @@ void ProximityAuthSystem::OnFocusedUserChanged(const AccountId& account_id) {
     return;
   }
 
-  if (ShouldForcePassword()) {
-    PA_LOG(INFO) << "Forcing password reauth.";
-    proximity_auth_client_->UpdateScreenlockState(
-        ScreenlockState::PASSWORD_REAUTH);
-    return;
-  }
-
   // TODO(tengs): We currently assume each user has only one RemoteDevice, so we
   // can simply take the first item in the list.
   cryptauth::RemoteDeviceRef remote_device = remote_devices_map_[account_id][0];
@@ -192,29 +173,4 @@ void ProximityAuthSystem::OnFocusedUserChanged(const AccountId& account_id) {
   }
 }
 
-bool ProximityAuthSystem::ShouldForcePassword() {
-  if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
-          proximity_auth::switches::kEnableForcePasswordReauth))
-    return false;
-
-  // TODO(tengs): We need to properly propagate the last login time to the login
-  // screen.
-  if (screenlock_type_ == ScreenlockType::SIGN_IN)
-    return false;
-
-  // TODO(tengs): Put this force password reauth logic behind an enterprise
-  // policy. See https://crbug.com/724717.
-  int64_t now_ms = clock_->Now().ToJavaTime();
-  int64_t last_password_ms = pref_manager_->GetLastPasswordEntryTimestampMs();
-
-  if (now_ms < last_password_ms) {
-    PA_LOG(ERROR) << "Invalid last password timestamp: now=" << now_ms
-                  << ", last_password=" << last_password_ms;
-    return true;
-  }
-
-  return base::TimeDelta::FromMilliseconds(now_ms - last_password_ms) >
-         base::TimeDelta::FromHours(kPasswordReauthPeriodHours);
-}
-
 }  // namespace proximity_auth

chromeos/components/proximity_auth/proximity_auth_system.h

@@ -72,7 +72,6 @@ class ProximityAuthSystem : public RemoteDeviceLifeCycle::Observer,
   ProximityAuthSystem(ScreenlockType screenlock_type,
                       ProximityAuthClient* proximity_auth_client,
                       std::unique_ptr<UnlockManager> unlock_manager,
-                      base::Clock* clock,
                       ProximityAuthPrefManager* pref_manager);
 
   // Creates the RemoteDeviceLifeCycle for |remote_device|.
@@ -96,10 +95,6 @@ class ProximityAuthSystem : public RemoteDeviceLifeCycle::Observer,
   // timeout.
   void ResumeAfterWakeUpTimeout();
 
-  // Returns true if the user should be forced to use a password to authenticate
-  // rather than EasyUnlock.
-  bool ShouldForcePassword();
-
   // The type of the screenlock (i.e. login or unlock).
   ScreenlockType screenlock_type_;
 
@@ -113,9 +108,6 @@ class ProximityAuthSystem : public RemoteDeviceLifeCycle::Observer,
   // the RemoteDevice of the currently focused user.
   std::unique_ptr<RemoteDeviceLifeCycle> remote_device_life_cycle_;
 
-  // Used to get the current timestamp.
-  base::Clock* clock_;
-
   // Fetches EasyUnlock preferences. Must outlive this instance.
   ProximityAuthPrefManager* pref_manager_;
 

chromeos/components/proximity_auth/proximity_auth_system_unittest.cc

@@ -5,7 +5,6 @@
 #include "chromeos/components/proximity_auth/proximity_auth_system.h"
 
 #include "base/command_line.h"
-#include "base/test/simple_test_clock.h"
 #include "base/test/test_simple_task_runner.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "chromeos/components/proximity_auth/fake_lock_handler.h"
@@ -39,10 +38,6 @@ namespace {
 const char kUser1[] = "user1";
 const char kUser2[] = "user2";
 
-const int64_t kLastPasswordEntryTimestampMs = 123456L;
-const int64_t kTimestampBeforeReauthMs = 123457L;
-const int64_t kTimestampAfterReauthMs = 123457890123L;
-
 void CompareRemoteDeviceRefLists(const RemoteDeviceRefList& list1,
                                  const RemoteDeviceRefList& list2) {
   ASSERT_EQ(list1.size(), list2.size());
@@ -93,12 +88,10 @@ class TestableProximityAuthSystem : public ProximityAuthSystem {
   TestableProximityAuthSystem(ScreenlockType screenlock_type,
                               ProximityAuthClient* proximity_auth_client,
                               std::unique_ptr<UnlockManager> unlock_manager,
-                              base::Clock* clock,
                               ProximityAuthPrefManager* pref_manager)
       : ProximityAuthSystem(screenlock_type,
                             proximity_auth_client,
                             std::move(unlock_manager),
-                            clock,
                             pref_manager),
         life_cycle_(nullptr) {}
   ~TestableProximityAuthSystem() override {}
@@ -155,12 +148,8 @@ class ProximityAuthSystemTest : public testing::Test {
         new NiceMock<MockUnlockManager>());
     unlock_manager_ = unlock_manager.get();
 
-    clock_.SetNow(base::Time::FromJavaTime(kTimestampBeforeReauthMs));
-    ON_CALL(*pref_manager_, GetLastPasswordEntryTimestampMs())
-        .WillByDefault(Return(kLastPasswordEntryTimestampMs));
-
     proximity_auth_system_.reset(new TestableProximityAuthSystem(
-        type, &proximity_auth_client_, std::move(unlock_manager), &clock_,
+        type, &proximity_auth_client_, std::move(unlock_manager),
         pref_manager_.get()));
   }
 
@@ -189,7 +178,6 @@ class ProximityAuthSystemTest : public testing::Test {
   NiceMock<MockProximityAuthClient> proximity_auth_client_;
   std::unique_ptr<TestableProximityAuthSystem> proximity_auth_system_;
   MockUnlockManager* unlock_manager_;
-  base::SimpleTestClock clock_;
   std::unique_ptr<MockProximityAuthPrefManager> pref_manager_;
 
   RemoteDeviceRefList user1_remote_devices_;
@@ -427,15 +415,4 @@ TEST_F(ProximityAuthSystemTest, Suspend_RegisteredUserFocused) {
       .Times(AtLeast(1));
 }
 
-TEST_F(ProximityAuthSystemTest, ForcePasswordReauth) {
-  base::CommandLine::ForCurrentProcess()->AppendSwitch(
-      proximity_auth::switches::kEnableForcePasswordReauth);
-  ON_CALL(*pref_manager_, GetLastPasswordEntryTimestampMs())
-      .WillByDefault(Return(kTimestampAfterReauthMs));
-  EXPECT_CALL(proximity_auth_client_,
-              UpdateScreenlockState(ScreenlockState::PASSWORD_REAUTH));
-  FocusUser(kUser1);
-  EXPECT_FALSE(life_cycle());
-}
-
 }  // namespace proximity_auth

chromeos/components/proximity_auth/switches.cc

@@ -7,10 +7,6 @@
 namespace proximity_auth {
 namespace switches {
 
-// Enables forcing the user to reauth with their password after X hours (e.g.
-// 20) without password entry.
-const char kEnableForcePasswordReauth[] = "force-password-reauth";
-
 // Force easy unlock app loading in test.
 // TODO(xiyuan): Remove this when app could be bundled with Chrome.
 const char kForceLoadEasyUnlockAppInTests[] =

chromeos/components/proximity_auth/switches.h

@@ -8,7 +8,6 @@
 namespace proximity_auth {
 namespace switches {
 
-extern const char kEnableForcePasswordReauth[];
 extern const char kForceLoadEasyUnlockAppInTests[];
 
 }  // namespace switches