1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
|
// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_WEBAUTHN_AUTHENTICATOR_REQUEST_DIALOG_MODEL_H_
#define CHROME_BROWSER_WEBAUTHN_AUTHENTICATOR_REQUEST_DIALOG_MODEL_H_
#include <memory>
#include <optional>
#include <string>
#include <variant>
#include <vector>
#include "base/functional/callback_forward.h"
#include "base/memory/raw_ref.h"
#include "base/memory/ref_counted.h"
#include "base/observer_list.h"
#include "base/observer_list_types.h"
#include "base/time/time.h"
#include "base/types/strong_alias.h"
#include "build/build_config.h"
#include "chrome/browser/webauthn/authenticator_transport.h"
#include "chrome/browser/webauthn/gpm_enclave_transaction.h"
#include "chrome/browser/webauthn/local_authentication_token.h"
#include "content/public/browser/authenticator_request_client_delegate.h"
#include "content/public/browser/global_routing_id.h"
#include "device/fido/discoverable_credential_metadata.h"
#include "device/fido/fido_constants.h"
#include "device/fido/fido_request_handler_base.h"
#include "device/fido/fido_types.h"
#include "device/fido/pin.h"
#include "device/fido/public_key_credential_user_entity.h"
namespace content {
class RenderFrameHost;
} // namespace content
namespace gfx {
struct VectorIcon;
}
struct AccountInfo;
class AuthenticatorRequestDialogViewController;
class Profile;
using PasswordCredentialPair = std::pair<std::u16string, std::u16string>;
enum class EnclaveEnabledStatus {
kDisabled,
kEnabled,
kEnabledAndReauthNeeded,
};
using UIPresentation =
content::AuthenticatorRequestClientDelegate::UIPresentation;
// ┌───────┐
// │ View │
// └───────┘ Events are
// Views call ▲ broadcast to
// methods, │ │ Views, which
// which trigger │ │ also read
// broadcasts │ │ Model fields
// ▼
// ┌───────┐
// │ Model │
// └───────┘
// ▲ Controller sets
// Events are │ │ fields and calls
// also broadcast │ │ methods to
// to the │ │ broadcast events
// Controller ▼ to Views
// ┌──────────┐
// │Controller│
// └──────────┘
// ▲
// │ Calls from other
// │ components
// │
// This lists the events on the model. Each becomes:
// 1) A virtual method on AuthenticatorRequestDialogModel::Observer.
// 2) A method on the Model that broadcasts the event to all observers.
#define AUTHENTICATOR_EVENTS \
/* Cancels the flow as a result of the user clicking `Cancel` on the */ \
/* UI. Valid action at all steps. */ \
AUTHENTICATOR_REQUEST_EVENT_0(CancelAuthenticatorRequest) \
/* Continues with the BLE/caBLE flow now that the Bluetooth adapter is */ \
/* powered. Valid action when at step: kBlePowerOnManual, */ \
/* kBlePowerOnAutomatic. */ \
AUTHENTICATOR_REQUEST_EVENT_0(ContinueWithFlowAfterBleAdapterPowered) \
/* Called when the enclave authenticator is available for a request or */ \
/* the enclave authenticator needs a reauth before it is available for a */ \
/* request. */ \
AUTHENTICATOR_REQUEST_EVENT_1(EnclaveEnabledStatusChanged, \
EnclaveEnabledStatus) \
AUTHENTICATOR_REQUEST_EVENT_0(OnBioEnrollmentDone) \
/* Called when the power state of the Bluetooth adapter has changed. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnBluetoothPoweredStateChanged) \
/* Called when the UI should update the state of the buttons. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnButtonsStateChanged) \
/* Called when the user cancelled WebAuthn request by clicking the */ \
/* "cancel" button or the back arrow in the UI dialog. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnCancelRequest) \
/* Called when the user picks Google Password Manager from the */ \
/* mechanism selection sheet. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnGPMSelected) \
/* Called when the user accepts the create passkey sheet. */ \
/* (But not the GPM one.) */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnCreatePasskeyAccepted) \
/* Called when the user accepts passkey creation dialog. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnGPMCreatePasskey) \
/* Called when the user accepts the warning dialog for creating a GPM */ \
/* passkey in incognito mode.*/ \
AUTHENTICATOR_REQUEST_EVENT_0(OnGPMConfirmOffTheRecordCreate) \
/* Called when the user clicks "Forgot PIN" during UV. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnForgotGPMPinPressed) \
/* OnOffTheRecordInterstitialAccepted is called when the user accepts */ \
/* the interstitial that warns that platform/caBLE authenticators may */ \
/* record information even in incognito mode. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnOffTheRecordInterstitialAccepted) \
/* Sent by GPMEnclaveController when it's ready for the UI to be */ \
/* displayed. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnReadyForUI) \
/* Called when a user closes the MagicArch window. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnRecoverSecurityDomainClosed) \
/* To be called when the Web Authentication request is complete. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnRequestComplete) \
/* OnResidentCredentialConfirmed is called when a user accepts a dialog */ \
/* confirming that they're happy to create a resident credential. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnResidentCredentialConfirmed) \
/* Called when the model corresponding to the current sheet of the UX */ \
/* flow was updated, so UI should update. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnSheetModelChanged) \
AUTHENTICATOR_REQUEST_EVENT_0(OnStartOver) \
/* Called when the UX flow has navigated to a different step, so the UI */ \
/* should update. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnStepTransition) \
/* Called when the user accepts enrolling a device to use passkeys. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnTrustThisComputer) \
AUTHENTICATOR_REQUEST_EVENT_0(OnUserConfirmedPriorityMechanism) \
/* Open the system dialog to grant BLE permission to Chrome. Valid */ \
/* action when at step: kBlePermissionMac. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OpenBlePreferences) \
/* Turns on the BLE adapter automatically. Valid action when at step: */ \
/* kBlePowerOnAutomatic. */ \
AUTHENTICATOR_REQUEST_EVENT_0(PowerOnBleAdapter) \
/* Called when loading the enclave times out. */ \
AUTHENTICATOR_REQUEST_EVENT_0(OnLoadingEnclaveTimeout) \
/* Restarts the UX flow. */ \
AUTHENTICATOR_REQUEST_EVENT_0(StartOver) \
/* Like `OnAccountPreselected()`, but this takes an index into `creds()` */ \
/* instead of a credential ID. */ \
AUTHENTICATOR_REQUEST_EVENT_1(OnAccountPreselectedIndex, size_t) \
/* OnAccountSelected is called when one of the accounts from */ \
/* |SelectAccount| has been picked. The argument is the index of the */ \
/* selected account in |creds()|. */ \
AUTHENTICATOR_REQUEST_EVENT_1(OnAccountSelected, size_t) \
/* Called when the user selects a GPM passkey. */ \
AUTHENTICATOR_REQUEST_EVENT_1(OnGPMPasskeySelected, std::vector<uint8_t>) \
/* Called when the user enters the GPM pin in the UI (during initial */ \
/* setup or authentication). */ \
AUTHENTICATOR_REQUEST_EVENT_1(OnGPMPinEntered, const std::u16string&) \
/* Called when the user chooses an option of creating a GPM pin. The */ \
/* argument is true if the user chooses an arbitrary PIN, and false if */ \
/* the user chose to use a 6-digit PIN. */ \
AUTHENTICATOR_REQUEST_EVENT_1(OnGPMPinOptionChanged, bool) \
/* OnHavePIN is called when the user enters a PIN in the UI. */ \
AUTHENTICATOR_REQUEST_EVENT_1(OnHavePIN, std::u16string) \
/* Called when a local Touch ID prompt finishes. The first parameter is */ \
/* true for success, false for failure. */ \
/* On success, the emitter must set the model's `local_auth_token` to an */ \
/* authenticated one. In MacOS this is a ScopedLAContext. */ \
AUTHENTICATOR_REQUEST_EVENT_1(OnTouchIDComplete, bool) \
/* Called when GAIA reauth has completed. The argument is the reauth */ \
/* proof token. */ \
AUTHENTICATOR_REQUEST_EVENT_1(OnReauthComplete, std::string) \
/* Called just before the model is destructed. */ \
AUTHENTICATOR_REQUEST_EVENT_1(OnModelDestroyed, \
AuthenticatorRequestDialogModel*) \
/* Called when the GPM passkeys are reset successfully or not. */ \
AUTHENTICATOR_REQUEST_EVENT_1(OnGpmPasskeysReset, bool) \
/* Called when a password mechanism is selected */ \
AUTHENTICATOR_REQUEST_EVENT_1(OnPasswordCredentialSelected, \
PasswordCredentialPair)
// AuthenticatorRequestDialogModel holds the UI state for a WebAuthn request.
// This class is refcounted so that its ownership can be shared between the
// dialog view and the request delegate, which both depend on its state, and
// don't have coupled lifetimes.
struct AuthenticatorRequestDialogModel
: public base::RefCounted<AuthenticatorRequestDialogModel> {
// Each Step defines a unique UI state. Setting a Step causes the matching
// dialog or window to appear.
//
// Append new values to the end and update `kMaxValue`.
enum class Step {
// The UX flow has not started yet, the dialog should still be hidden.
kNotStarted,
// Passkey autofill (i.e. WebAuthn get() with conditional mediation). No
// dialog is shown, instead credentials are offered to the user on the
// password autofill prompt.
kPasskeyAutofill,
// During passkey upgrade (i.e. WebAuthn create() with conditional
// mediation), the WebAuthn tab-modal dialog is not used. A separate dialog
// controller implements its own UI.
kPasskeyUpgrade,
kMechanismSelection,
// The request errored out before completing. Error will only be sent
// after user interaction.
kErrorNoAvailableTransports,
kErrorNoPasskeys,
kErrorInternalUnrecognized,
kErrorWindowsHelloNotEnabled,
// The request is already complete, but the error dialog should wait
// until user acknowledgement.
kTimedOut,
kKeyNotRegistered,
kKeyAlreadyRegistered,
kMissingCapability,
kStorageFull,
// The request is completed, and the dialog should be closed.
kClosed,
// Universal Serial Bus (USB).
kUsbInsertAndActivate,
// Bluetooth Low Energy (BLE).
kBlePowerOnAutomatic,
kBlePowerOnManual,
kBlePermissionMac,
// Let the user confirm that they want to create a credential in an
// off-the-record browsing context. Used for platform and caBLE
// credential, where we feel that it's perhaps not obvious that something
// will be recorded.
kOffTheRecordInterstitial,
// Phone as a security key.
kCableActivate,
kCableV2QRCode,
kCableV2Connecting,
kCableV2Connected,
kCableV2Error,
// Authenticator Client PIN.
kClientPinChange,
kClientPinEntry,
kClientPinSetup,
kClientPinTapAgain,
kClientPinErrorSoftBlock,
kClientPinErrorHardBlock,
kClientPinErrorAuthenticatorRemoved,
// Authenticator Internal User Verification
kInlineBioEnrollment,
kRetryInternalUserVerification,
// Confirm user consent to create a resident credential. Used prior to
// triggering Windows-native APIs when Windows itself won't show any
// notice about resident credentials.
kResidentCredentialConfirmation,
// Account selection. This occurs prior to performing user verification
// for platform authenticators ("pre-select"), or afterwards for USB
// security keys. In each mode, there are different sheets for confirming
// a single available credential and choosing one from a list of multiple
// options.
kSelectAccount,
kPreSelectAccount,
// kSelectPriorityMechanism lets the user confirm a single "priority"
// mechanism.
kSelectPriorityMechanism,
// GPM Pin (6-digit).
kGPMChangePin,
kGPMCreatePin,
kGPMEnterPin,
// GPM Pin (alphanumeric).
kGPMChangeArbitraryPin,
kGPMCreateArbitraryPin,
kGPMEnterArbitraryPin,
// User verification prompt for GPM.
kGPMTouchID,
// GPM passkey creation.
kGPMCreatePasskey,
kGPMConfirmOffTheRecordCreate,
kCreatePasskey,
kGPMError,
kGPMConnecting,
// Device bootstrap to use GPM passkeys.
kRecoverSecurityDomain,
kTrustThisComputerAssertion,
kTrustThisComputerCreation,
// Changing GPM PIN.
kGPMReauthForPinReset,
kGPMLockedPin,
// ChallengeUrl failure.
kErrorFetchingChallenge,
// OS authentication after selecting a password.
kPasswordOsAuth,
kMaxValue = kPasswordOsAuth,
};
// Views and controllers implement this interface to receive events, which
// flow both from controllers to the views, and from the views to the
// controllers.
class Observer : public base::CheckedObserver {
public:
#define AUTHENTICATOR_REQUEST_EVENT_0(name) virtual void name();
#define AUTHENTICATOR_REQUEST_EVENT_1(name, arg1type) \
virtual void name(arg1type arg1);
AUTHENTICATOR_EVENTS
#undef AUTHENTICATOR_REQUEST_EVENT_0
#undef AUTHENTICATOR_REQUEST_EVENT_1
};
// A Mechanism is a user-visible method of authenticating. It might be a
// transport (such as USB), a platform authenticator, or even a delegation to
// a platform API. Selecting a mechanism starts the flow for the user to
// authenticate with it (e.g. by showing a QR code or dispatching to a
// platform authenticator).
//
// On get assertion requests, mechanisms can also represent credentials for
// authenticators that support silent discovery. In this case, the |type| is
// |Credential| and it is annotated with the source of the credential (icloud,
// etc). Selecting such a mechanism dispatches a request narrowed down to the
// specific credential to an authenticator that can fulfill it.
struct Mechanism {
// These types describe the type of Mechanism.
struct CredentialInfo {
CredentialInfo(device::AuthenticatorType source_in,
std::vector<uint8_t> user_id_in,
std::optional<base::Time> last_used_time_in);
CredentialInfo(const CredentialInfo&);
~CredentialInfo();
bool operator==(const CredentialInfo&) const;
const device::AuthenticatorType source;
const std::vector<uint8_t> user_id;
const std::optional<base::Time> last_used_time;
};
using Credential = base::StrongAlias<class CredentialTag, CredentialInfo>;
struct PasswordInfo {
explicit PasswordInfo(std::optional<base::Time> last_used_time_in);
PasswordInfo(const PasswordInfo&);
~PasswordInfo();
bool operator==(const PasswordInfo& other) const;
const std::optional<base::Time> last_used_time;
};
using Password = base::StrongAlias<class PasswordTag, PasswordInfo>;
using Transport =
base::StrongAlias<class TransportTag, AuthenticatorTransport>;
using WindowsAPI = base::StrongAlias<class WindowsAPITag, std::monostate>;
using ICloudKeychain =
base::StrongAlias<class iCloudKeychainTag, std::monostate>;
using AddPhone = base::StrongAlias<class AddPhoneTag, std::monostate>;
using Enclave = base::StrongAlias<class EnclaveTag, std::monostate>;
using SignInAgain = base::StrongAlias<class SignInAgainTag, std::monostate>;
using Type = std::variant<Credential,
Password,
Transport,
WindowsAPI,
AddPhone,
ICloudKeychain,
Enclave,
SignInAgain>;
Mechanism(Type type,
std::u16string name,
std::u16string short_name,
const gfx::VectorIcon& icon,
base::RepeatingClosure callback,
std::u16string display_name = std::u16string());
~Mechanism();
Mechanism(Mechanism&&);
Mechanism(const Mechanism&) = delete;
Mechanism& operator=(const Mechanism&) = delete;
const Type type;
const std::u16string name;
// TODO(crbug.com/422394117): This is not used anywhere. Remove it.
const std::u16string short_name;
const std::u16string display_name;
std::u16string description;
const raw_ref<const gfx::VectorIcon> icon;
const base::RepeatingClosure callback;
};
// CableUIType enumerates the different types of caBLE UI that we've ended
// up with.
enum class CableUIType {
CABLE_V1,
CABLE_V2_SERVER_LINK,
CABLE_V2_2ND_FACTOR,
};
// Returns a user-friendly description for a |type|.
static std::u16string GetMechanismDescription(
const device::DiscoverableCredentialMetadata& cred,
UIPresentation ui_presentation = UIPresentation::kModal);
explicit AuthenticatorRequestDialogModel(
content::RenderFrameHost* render_frame_host);
AuthenticatorRequestDialogModel(AuthenticatorRequestDialogModel&) = delete;
AuthenticatorRequestDialogModel(const AuthenticatorRequestDialogModel&&) =
delete;
AuthenticatorRequestDialogModel& operator=(
AuthenticatorRequestDialogModel&&) = delete;
AuthenticatorRequestDialogModel& operator=(
const AuthenticatorRequestDialogModel&) = delete;
// This causes the events to become methods on the Model. Views and
// Controllers call these methods to broadcast events to all observers.
#define AUTHENTICATOR_REQUEST_EVENT_0(name) void name();
#define AUTHENTICATOR_REQUEST_EVENT_1(name, arg1type) void name(arg1type arg1);
AUTHENTICATOR_EVENTS
#undef AUTHENTICATOR_REQUEST_EVENT_0
#undef AUTHENTICATOR_REQUEST_EVENT_1
// Below methods are used for base::ScopedObserver:
void AddObserver(AuthenticatorRequestDialogModel::Observer* observer);
void RemoveObserver(AuthenticatorRequestDialogModel::Observer* observer);
// Views and controllers add themselves as observers here to receive events.
base::ObserverList<Observer> observers;
// The primary state of the model is the current `Step`. It's important that
// this always be changed via `SetStep` so the field isn't exposed directly.
Step step() const { return step_; }
void SetStep(Step step);
void DisableUiOrShowLoadingDialog();
void set_ui_presentation(UIPresentation presentation) {
ui_presentation = presentation;
}
// generation is incremented each time the request is restarted so that events
// from different request generations can be distinguished.
int generation = 0;
// The following methods and fields are read by views and both read and
// written by controllers. Views use these values to determine what
// information to show.
// Returns whether the visible dialog should be closed. This means
// that either the request has finished, or that the current step
// has no UI, or a different style of UI.
bool should_dialog_be_closed() const;
device::FidoRequestType request_type = device::FidoRequestType::kGetAssertion;
device::ResidentKeyRequirement resident_key_requirement =
device::ResidentKeyRequirement::kDiscouraged;
// This value is present if, and only if, `request_type` is `kMakeCredential`.
std::optional<device::AttestationConveyancePreference>
attestation_conveyance_preference;
std::string relying_party_id;
// mechanisms contains the entries that appear in the "transport" selection
// sheet and the drop-down menu.
std::vector<Mechanism> mechanisms;
std::optional<size_t> priority_mechanism_index;
// For MakeCredential requests, the PublicKeyCredentialUserEntity associated
// with the request.
device::PublicKeyCredentialUserEntity user_entity;
// creds contains possible credentials to select between before or after an
// authenticator has responded to a request.
std::vector<device::DiscoverableCredentialMetadata> creds;
// preselected_cred contains a credential preselected by the user.
std::optional<device::DiscoverableCredentialMetadata> preselected_cred;
// Whether the platform can check biometrics and has biometrics configured.
std::optional<bool> platform_has_biometrics;
UIPresentation ui_presentation = UIPresentation::kModal;
// Stores the pre-calculated GPM UV method for `getAssertion`.
// This is set by `ChromeAuthenticatorRequestDelegate` before `StartFlow` is
// called on the controller. This is used for immediate mode requests.
std::optional<EnclaveUserVerificationMethod> gpm_uv_method;
// offer_try_again_in_ui indicates whether a button to retry the request
// should be included on the dialog sheet shown when encountering certain
// errors.
bool offer_try_again_in_ui = true;
bool ble_adapter_is_powered = false;
// show_security_key_on_qr_sheet is true if the security key option should be
// offered on the QR sheet.
bool show_security_key_on_qr_sheet = false;
bool is_off_the_record = false;
// Tracks whether the model is in the GPM onboarding state.
// This value is set/reset only in GPMEnclaveController::OnGPMSelected and
// read only to record metrics (WebAuthentication.OnboardingEvents) during the
// onboarding flow.
bool in_onboarding_flow = false;
std::optional<int> max_bio_samples;
std::optional<int> bio_samples_remaining;
uint32_t min_pin_length = device::kMinPinLength;
std::optional<int> pin_attempts;
std::optional<int> uv_attempts;
device::pin::PINEntryError pin_error = device::pin::PINEntryError::kNoError;
// cable_ui_type contains the type of UI to display for a caBLE transaction.
std::optional<CableUIType> cable_ui_type;
std::optional<std::string> cable_qr_string;
// Number of remaining GPM pin entry attempts before getting locked out or
// `std::nullopt` if there was no failed attempts during that request.
std::optional<int> gpm_pin_remaining_attempts_;
// Whether the UI is currently in a disabled state, which is required for some
// transitions (e.g. when waiting for the response from the enclave). When
// true, the sheets will by default display an activity indicator at the top
// and disable all the usual buttons (e.g. accept or "other mechanisms")
// except for the cancel button.
bool ui_disabled_ = false;
// local_auth_token contains an authentication token after a successful local
// authentication. In MacOS this is a wrapped LAContext and it is after a
// successful Touch ID prompt.
std::optional<webauthn::LocalAuthenticationToken> local_auth_token;
// Returns the AccountInfo for the profile associated with the request.
std::optional<AccountInfo> GetGpmAccountInfo();
// Returns the account email for the profile associated with the request,
// which may be empty.
std::string GetGpmAccountEmail();
private:
friend class base::RefCounted<AuthenticatorRequestDialogModel>;
~AuthenticatorRequestDialogModel();
// The Profile for the request, which may be an off-the-record profile.
//
// Returns nullptr if the RenderFrameHost for the request doesn't exist
// anymore.
Profile* GetProfile();
Step step_ = Step::kNotStarted;
const std::optional<content::GlobalRenderFrameHostId> frame_host_id;
std::unique_ptr<AuthenticatorRequestDialogViewController> view_controller_;
};
std::ostream& operator<<(std::ostream& os,
const AuthenticatorRequestDialogModel::Step& step);
#endif // CHROME_BROWSER_WEBAUTHN_AUTHENTICATOR_REQUEST_DIALOG_MODEL_H_
|
