1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "components/user_manager/user_directory_integrity_manager.h"
#include <optional>
#include <utility>
#include "base/logging.h"
#include "base/notreached.h"
#include "base/values.h"
#include "components/prefs/pref_service.h"
#include "components/user_manager/account_id_util.h"
#include "components/user_manager/known_user.h"
#include "components/user_manager/user_manager.h"
namespace user_manager {
namespace {
// Initial version of the preference, contained String value of user's e-mail.
// This value is not written by the code, but we need to read it in case when
// device restart also resulted in applying OS update.
const char kUserDirectoryIntegrityAccountPref[] =
"incomplete_login_user_account";
// Updated version of the preference, contains a Dict that is used to serialize
// AccountId, and might contain additional information.
const char kUserDirectoryIntegrityAccountPrefV2[] =
"incomplete_login_user_account_v2";
const char kCleanupStrategyKey[] = "cleanup_strategy";
} // namespace
using CleanupStrategy = UserDirectoryIntegrityManager::CleanupStrategy;
UserDirectoryIntegrityManager::UserDirectoryIntegrityManager(
PrefService* local_state)
: local_state_(local_state) {}
UserDirectoryIntegrityManager::~UserDirectoryIntegrityManager() = default;
// static
void UserDirectoryIntegrityManager::RegisterLocalStatePrefs(
PrefRegistrySimple* registry) {
registry->RegisterStringPref(kUserDirectoryIntegrityAccountPref, {});
registry->RegisterDictionaryPref(kUserDirectoryIntegrityAccountPrefV2, {});
}
void UserDirectoryIntegrityManager::RecordCreatingNewUser(
const AccountId& account_id,
CleanupStrategy strategy) {
LOG(WARNING) << "Creating new user, don't have credentials yet.";
base::Value::Dict serialized_account;
StoreAccountId(account_id, serialized_account);
serialized_account.Set(kCleanupStrategyKey, static_cast<int>(strategy));
local_state_->SetDict(kUserDirectoryIntegrityAccountPrefV2,
std::move(serialized_account));
local_state_->CommitPendingWrite();
}
void UserDirectoryIntegrityManager::RemoveUser(const AccountId& account_id) {
UserManager::Get()->RemoveUser(account_id,
UserRemovalReason::MISCONFIGURED_USER);
}
void UserDirectoryIntegrityManager::ClearPrefs() {
LOG(WARNING) << "Created user have credentials now.";
local_state_->ClearPref(kUserDirectoryIntegrityAccountPref);
local_state_->ClearPref(kUserDirectoryIntegrityAccountPrefV2);
local_state_->CommitPendingWrite();
}
std::optional<AccountId>
UserDirectoryIntegrityManager::GetMisconfiguredUserAccountId() {
const base::Value::Dict& account_dict =
local_state_->GetDict(kUserDirectoryIntegrityAccountPrefV2);
std::optional<AccountId> result = LoadAccountId(account_dict);
if (result) {
return result;
}
return GetMisconfiguredUserAccountIdLegacy();
}
CleanupStrategy
UserDirectoryIntegrityManager::GetMisconfiguredUserCleanupStrategy() {
const base::Value::Dict& account_dict =
local_state_->GetDict(kUserDirectoryIntegrityAccountPrefV2);
std::optional<int> raw_strategy = account_dict.FindInt(kCleanupStrategyKey);
if (raw_strategy) {
CHECK(0 <= *raw_strategy);
CHECK(*raw_strategy <= static_cast<int>(CleanupStrategy::kMaxValue));
return static_cast<CleanupStrategy>(*raw_strategy);
}
// Default value
return CleanupStrategy::kRemoveUser;
}
std::optional<AccountId>
UserDirectoryIntegrityManager::GetMisconfiguredUserAccountIdLegacy() {
std::optional<std::string> misconfigured_user_email =
GetMisconfiguredUserEmail();
if (!misconfigured_user_email.has_value()) {
return std::nullopt;
}
UserList users = UserManager::Get()->GetPersistedUsers();
auto misconfigured_user_it =
std::ranges::find_if(users, [&misconfigured_user_email](User* user) {
return user->GetAccountId().GetUserEmail() ==
misconfigured_user_email.value();
});
if (misconfigured_user_it == std::end(users)) {
// If the user was not found in the list, then it's a regular user and not a
// Kiosk user, since regular misconfigured users are skipped during the
// loading process in `UserManagerImpl::EnsureUsersLoaded`, to prevent
// showing them on the login screen
user_manager::KnownUser known_user(local_state_);
user_manager::CryptohomeId cryptohome_id(misconfigured_user_email.value());
return known_user.GetAccountIdByCryptohomeId(cryptohome_id);
}
if (User* misconfigured_user = *misconfigured_user_it;
misconfigured_user->IsDeviceLocalAccount() &&
misconfigured_user->IsKioskType()) {
return misconfigured_user->GetAccountId();
}
// Since we only record `incomplete_login_user_account` pref in
// `auth_session_authenticator` for regular and kiosk users, it should be
// impossible to reach here after checking for both types of users above.
NOTREACHED();
}
std::optional<std::string>
UserDirectoryIntegrityManager::GetMisconfiguredUserEmail() {
auto incomplete_user_email =
local_state_->GetString(kUserDirectoryIntegrityAccountPref);
return incomplete_user_email.empty()
? std::nullopt
: std::make_optional(incomplete_user_email);
}
bool UserDirectoryIntegrityManager::IsUserMisconfigured(
const AccountId& account_id) {
const base::Value::Dict& account_dict =
local_state_->GetDict(kUserDirectoryIntegrityAccountPrefV2);
if (!account_dict.empty()) {
return AccountIdMatches(account_id, account_dict);
}
// Legacy option.
std::optional<std::string> incomplete_user_email =
GetMisconfiguredUserEmail();
return incomplete_user_email.has_value() &&
incomplete_user_email == account_id.GetUserEmail();
}
} // namespace user_manager
|
