1 // Copyright 2019 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef ASH_PUBLIC_CPP_LOGIN_TYPES_H_
6 #define ASH_PUBLIC_CPP_LOGIN_TYPES_H_
7 
8 #include "ash/public/cpp/ash_public_export.h"
9 #include "ash/public/cpp/session/user_info.h"
10 #include "base/callback.h"
11 #include "base/time/time.h"
12 #include "base/token.h"
13 #include "chromeos/components/proximity_auth/public/mojom/auth_type.mojom-forward.h"
14 #include "chromeos/components/security_token_pin/constants.h"
15 #include "components/account_id/account_id.h"
16 
17 namespace ash {
18 
19 // State of the Oobe UI dialog, which is used to update the visibility of login
20 // shelf buttons.
21 // This comes from OOBE_UI_STATE defined in display_manager_types.js, with an
22 // additional value HIDDEN to indicate the visibility of the oobe ui dialog.
23 enum class OobeDialogState {
24   // Showing other screen, which does not impact the visibility of login shelf
25   // buttons.
26   NONE = 0,
27 
28   // Showing gaia signin screen.
29   GAIA_SIGNIN = 1,
30 
31   // 2 is unused to keep in sync with display_manager.js
32 
33   // Showing wrong hardware identification screen.
34   WRONG_HWID_WARNING = 3,
35 
36   // Showing supervised user creation screen.
37   SUPERVISED_USER_CREATION_FLOW = 4,
38 
39   // Showing SAML password confirmation screen.
40   SAML_PASSWORD_CONFIRM = 5,
41 
42   // Showing password changed screen.
43   PASSWORD_CHANGED = 6,
44 
45   // Showing device enrollment screen.
46   ENROLLMENT = 7,
47 
48   // Showing error screen.
49   ERROR = 8,
50 
51   // Showing any of post-login onboarding screens.
52   ONBOARDING = 9,
53 
54   // Screen that blocks device usage for some reason.
55   BLOCKING = 10,
56 
57   // Showing any of kiosk launch screens.
58   KIOSK_LAUNCH = 11,
59 
60   // Showing data migration screen.
61   MIGRATION = 12,
62 
63   // Oobe UI dialog is currently hidden.
64   HIDDEN = 13,
65 
66   // Showing login UI provided by a Chrome extension using chrome.loginScreenUi
67   // API.
68   EXTENSION_LOGIN = 14,
69 
70   // Showing user creation screen.
71   USER_CREATION = 15,
72 };
73 
74 // Supported multi-profile user behavior values.
75 // Keep in sync with the enum in chromeos_user_pod_row.js and user_pod_row.js
76 // TODO(estade): change all the enums to use kCamelCase.
77 enum class MultiProfileUserBehavior {
78   UNRESTRICTED = 0,
79   PRIMARY_ONLY = 1,
80   NOT_ALLOWED = 2,
81   OWNER_PRIMARY_ONLY = 3,
82 };
83 
84 // Easy unlock icon choices.
85 enum class EasyUnlockIconId {
86   // No icon shown.
87   NONE,
88   // The user has clicked the easy unlock icon and disabled easy unlock for this
89   // login/lock session.
90   HARDLOCKED,
91   // Phone could not be found.
92   LOCKED,
93   // Phone found, but it is not unlocked.
94   LOCKED_TO_BE_ACTIVATED,
95   // Phone found, but it is too far away.
96   LOCKED_WITH_PROXIMITY_HINT,
97   // Phone found and unlocked. The user can click to dismiss the login/lock
98   // screen.
99   UNLOCKED,
100   // Scanning for phone.
101   SPINNER,
102 };
103 
104 // The status of fingerprint availability.
105 enum class FingerprintState {
106   // The user cannot use fingerprint. This may be because:
107   //  - they are not the primary user
108   //  - they never registered fingerprint
109   //  - the device does not have a fingerprint sensor
110   UNAVAILABLE,
111   // Fingerprint can be used to unlock the device.
112   AVAILABLE_DEFAULT,
113   // Fingerprint can be used to unlock the device but the user touched the
114   // fingerprint icon instead of the fingerprint sensor. A warning message
115   // should be displayed for 3 seconds before getting back to AVAILABLE_DEFAULT
116   // state.
117   AVAILABLE_WITH_TOUCH_SENSOR_WARNING,
118   // There have been too many attempts, so now fingerprint is disabled.
119   DISABLED_FROM_ATTEMPTS,
120   // It has been too long since the device was last used.
121   DISABLED_FROM_TIMEOUT,
122   kMaxValue = DISABLED_FROM_TIMEOUT,
123 };
124 
125 // Information about the custom icon in the user pod.
126 struct ASH_PUBLIC_EXPORT EasyUnlockIconOptions {
127   EasyUnlockIconOptions();
128   EasyUnlockIconOptions(const EasyUnlockIconOptions& other);
129   EasyUnlockIconOptions(EasyUnlockIconOptions&& other);
130   ~EasyUnlockIconOptions();
131 
132   EasyUnlockIconOptions& operator=(const EasyUnlockIconOptions& other);
133   EasyUnlockIconOptions& operator=(EasyUnlockIconOptions&& other);
134 
135   // Icon that should be displayed.
136   EasyUnlockIconId icon = EasyUnlockIconId::NONE;
137   // Tooltip that is associated with the icon. This is shown automatically if
138   // |autoshow_tooltip| is true. The user can always see the tooltip if they
139   // hover over the icon. The tooltip should be used for the accessibility label
140   // if it is present.
141   base::string16 tooltip;
142   // If true, the tooltip should be displayed (even if the user is not currently
143   // hovering over the icon, ie, this makes |tooltip| act like a little like a
144   // notification).
145   bool autoshow_tooltip = false;
146   // Accessibility label. Only used if |tooltip| is empty.
147   // TODO(jdufault): Always populate and use |aria_label|, even if |tooltip| is
148   // non-empty.
149   base::string16 aria_label;
150   // If true, clicking the easy unlock icon should fire a hardlock event which
151   // will disable easy unlock. The hardlock event will request a new icon
152   // display via a separate EasyUnlockIconsOption update. See
153   // LoginScreenClient::HardlockPod.
154   bool hardlock_on_click = false;
155 };
156 
157 // Information of each input method. This is used to populate keyboard layouts
158 // for public account user.
159 struct ASH_PUBLIC_EXPORT InputMethodItem {
160   InputMethodItem();
161   InputMethodItem(const InputMethodItem& other);
162   InputMethodItem(InputMethodItem&& other);
163   ~InputMethodItem();
164 
165   InputMethodItem& operator=(const InputMethodItem& other);
166   InputMethodItem& operator=(InputMethodItem&& other);
167 
168   // An id that identifies an input method engine (e.g., "t:latn-post",
169   // "pinyin", "hangul").
170   std::string ime_id;
171 
172   // Title of the input method.
173   std::string title;
174 
175   // Whether this input method is been selected.
176   bool selected = false;
177 };
178 
179 // Information of each available locale. This is used to populate language
180 // locales for public account user.
181 struct ASH_PUBLIC_EXPORT LocaleItem {
182   LocaleItem();
183   LocaleItem(const LocaleItem& other);
184   LocaleItem(LocaleItem&& other);
185   ~LocaleItem();
186 
187   LocaleItem& operator=(const LocaleItem& other);
188   LocaleItem& operator=(LocaleItem&& other);
189 
190   bool operator==(const LocaleItem& other) const;
191 
192   // Language code of the locale.
193   std::string language_code;
194 
195   // Title of the locale.
196   std::string title;
197 
198   // Group name of the locale.
199   base::Optional<std::string> group_name;
200 };
201 
202 // Information about a public account user.
203 struct ASH_PUBLIC_EXPORT PublicAccountInfo {
204   PublicAccountInfo();
205   PublicAccountInfo(const PublicAccountInfo& other);
206   PublicAccountInfo(PublicAccountInfo&& other);
207   ~PublicAccountInfo();
208 
209   PublicAccountInfo& operator=(const PublicAccountInfo& other);
210   PublicAccountInfo& operator=(PublicAccountInfo&& other);
211 
212   // The name of the device manager displayed in the login screen UI for
213   // device-level management. May be either a domain (foo.com) or an email
214   // address (user@foo.com).
215   base::Optional<std::string> device_enterprise_manager;
216 
217   // A list of available user locales.
218   std::vector<LocaleItem> available_locales;
219 
220   // Default locale for this user.
221   std::string default_locale;
222 
223   // Show expanded user view that contains session information/warnings and
224   // locale selection.
225   bool show_expanded_view = false;
226 
227   // Show the advanced expanded user view if there are at least two recommended
228   // locales. This will be the case in multilingual environments where users
229   // are likely to want to choose among locales.
230   bool show_advanced_view = false;
231 
232   // A list of available keyboard layouts.
233   std::vector<InputMethodItem> keyboard_layouts;
234 
235   // Whether public account uses SAML authentication.
236   bool using_saml = false;
237 };
238 
239 // Info about a user in login/lock screen.
240 struct ASH_PUBLIC_EXPORT LoginUserInfo {
241   LoginUserInfo();
242   LoginUserInfo(const LoginUserInfo& other);
243   LoginUserInfo(LoginUserInfo&& other);
244   ~LoginUserInfo();
245 
246   LoginUserInfo& operator=(const LoginUserInfo& other);
247   LoginUserInfo& operator=(LoginUserInfo&& other);
248 
249   // User's basic information including account id, email, avatar etc.
250   UserInfo basic_user_info;
251 
252   // What method the user can use to sign in.
253   // Initialized in .cc file because the mojom header is huge.
254   proximity_auth::mojom::AuthType auth_type;
255 
256   // True if this user has already signed in.
257   bool is_signed_in = false;
258 
259   // True if this user is the device owner.
260   bool is_device_owner = false;
261 
262   // The initial fingerprint state. There are other methods (ie,
263   // LoginScreenModel::SetFingerprintState) which update the current state.
264   FingerprintState fingerprint_state = FingerprintState::UNAVAILABLE;
265 
266   // True if multi-profiles sign in is allowed for this user.
267   bool is_multiprofile_allowed = false;
268 
269   // Enforced policy for multi-profiles sign in.
270   MultiProfileUserBehavior multiprofile_policy =
271       MultiProfileUserBehavior::UNRESTRICTED;
272 
273   // True if this user can be removed.
274   bool can_remove = false;
275 
276   // Show pin pad for password for this user or not.
277   bool show_pin_pad_for_password = false;
278 
279   // True if the display password button should be visible on the login/lock
280   // screen for this user.
281   bool show_display_password_button = false;
282 
283   // The name of the entity that manages this user's account displayed in the
284   // login screen UI for user-level management. Will be either a domain name
285   // (foo.com) or the email address of the admin (some_user@foo.com).
286   // This is only set if the relevant user is managed.
287   base::Optional<std::string> user_account_manager;
288 
289   // Contains the public account information if user type is PUBLIC_ACCOUNT.
290   base::Optional<PublicAccountInfo> public_account_info;
291 
292   // True if this user chooses to use 24 hour clock in preference.
293   bool use_24hour_clock = false;
294 };
295 
296 enum class AuthDisabledReason {
297   // Auth is disabled because the device is locked by a time limit override.
298   kTimeLimitOverride,
299 
300   // Auth is disabled because the user has reached their daily usage limit on
301   // the device.
302   kTimeUsageLimit,
303 
304   // Auth is disabled because the device is within a locked time window.
305   kTimeWindowLimit,
306 };
307 
308 // The data needed to customize the lock screen when auth is disabled.
309 struct ASH_PUBLIC_EXPORT AuthDisabledData {
310   AuthDisabledData();
311   AuthDisabledData(AuthDisabledReason reason,
312                    const base::Time& auth_reenabled_time,
313                    const base::TimeDelta& device_used_time,
314                    bool disable_lock_screen_media);
315   AuthDisabledData(const AuthDisabledData& other);
316   AuthDisabledData(AuthDisabledData&& other);
317   ~AuthDisabledData();
318 
319   AuthDisabledData& operator=(const AuthDisabledData& other);
320   AuthDisabledData& operator=(AuthDisabledData&& other);
321 
322   // Reason why auth is disabled.
323   AuthDisabledReason reason = AuthDisabledReason::kTimeLimitOverride;
324 
325   // A future time when auth will be enabled. This value is for display purpose
326   // only, auth won't be automatically enabled when this time is reached.
327   base::Time auth_reenabled_time;
328 
329   // The amount of time that the user used this device.
330   base::TimeDelta device_used_time;
331 
332   // If true media will be suspended and media controls will be unavailable on
333   // lock screen.
334   bool disable_lock_screen_media = false;
335 };
336 
337 // Parameters and callbacks for a security token PIN request that is to be shown
338 // to the user.
339 struct ASH_PUBLIC_EXPORT SecurityTokenPinRequest {
340   SecurityTokenPinRequest();
341   SecurityTokenPinRequest(SecurityTokenPinRequest&&);
342   SecurityTokenPinRequest& operator=(SecurityTokenPinRequest&&);
343   ~SecurityTokenPinRequest();
344 
345   // The user whose authentication triggered this PIN request.
346   AccountId account_id;
347 
348   // Type of the code requested from the user.
349   chromeos::security_token_pin::CodeType code_type =
350       chromeos::security_token_pin::CodeType::kPin;
351 
352   // Whether the UI controls that allow user to enter the value should be
353   // enabled. MUST be |false| when |attempts_left| is zero.
354   bool enable_user_input = true;
355 
356   // An optional error to be displayed to the user.
357   chromeos::security_token_pin::ErrorLabel error_label =
358       chromeos::security_token_pin::ErrorLabel::kNone;
359 
360   // When non-negative, the UI should indicate this number to the user;
361   // otherwise must be equal to -1.
362   int attempts_left = -1;
363 
364   // Called when the user submits the input. Will not be called if the UI is
365   // closed before that happens.
366   using OnPinEntered = base::OnceCallback<void(const std::string& user_input)>;
367   OnPinEntered pin_entered_callback;
368 
369   // Called when the PIN request UI gets closed. Will not be called when the
370   // browser itself requests the UI to be closed.
371   using OnUiClosed = base::OnceClosure;
372   OnUiClosed pin_ui_closed_callback;
373 };
374 
375 }  // namespace ash
376 
377 #endif  // ASH_PUBLIC_CPP_LOGIN_TYPES_H_
378