chromium/chromeos/ash/components/osauth/impl/auth_factor_presence_cache.cc

// Copyright 2023 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chromeos/ash/components/osauth/impl/auth_factor_presence_cache.h"

#include <memory>
#include <optional>
#include <string>
#include <utility>

#include "base/strings/string_number_conversions.h"
#include "base/values.h"
#include "chromeos/ash/components/osauth/public/common_types.h"
#include "components/user_manager/known_user.h"
#include "components/user_manager/user_manager.h"

namespace ash {

namespace {
std::string GetAuthPurposeKey(AuthPurpose purpose) {
  return base::NumberToString(static_cast<int>(purpose));
}

std::optional<AuthFactorsSet> GetForPurpose(const base::Value::Dict& cache,
                                            AuthPurpose purpose) {
  std::string purpose_key = GetAuthPurposeKey(purpose);
  const base::Value::List* factor_list = cache.FindList(purpose_key);
  if (!factor_list) {
    return std::nullopt;
  }
  AuthFactorsSet result;
  for (const base::Value& element : *factor_list) {
    if (!element.is_int()) {
      continue;
    }
    result.Put(static_cast<AshAuthFactor>(element.GetInt()));
  }
  return result;
}

AuthFactorsSet GetWithFallback(const base::Value::Dict& cache,
                               AuthPurpose purpose) {
  {
    std::optional<AuthFactorsSet> result = GetForPurpose(cache, purpose);
    if (result.has_value()) {
      return *result;
    }
  }
  // Fallback logic:
  switch (purpose) {
    case AuthPurpose::kLogin:
      // Just assume that users have GAIA password.
      return AuthFactorsSet({AshAuthFactor::kGaiaPassword});
    case AuthPurpose::kAuthSettings:
      // Use same factors as login.
      return GetWithFallback(cache, AuthPurpose::kLogin);
    case AuthPurpose::kScreenUnlock:
      // Use same factors as login.
      return GetWithFallback(cache, AuthPurpose::kLogin);
    case AuthPurpose::kUserVerification:
      // Use same factors as lock screen.
      return GetWithFallback(cache, AuthPurpose::kScreenUnlock);
    case AuthPurpose::kWebAuthN:
      // Use same factors as screen unlock, but exclude non-cryptohome factors.
      {
        AuthFactorsSet result =
            GetWithFallback(cache, AuthPurpose::kScreenUnlock);
        result.Remove(AshAuthFactor::kLegacyPin);
        result.Remove(AshAuthFactor::kSmartUnlock);
        return result;
      }
  }
}

}  // namespace

AuthFactorPresenceCache::AuthFactorPresenceCache(PrefService* local_state) {
  known_user_ = std::make_unique<user_manager::KnownUser>(local_state);
}

AuthFactorPresenceCache::~AuthFactorPresenceCache() = default;

void AuthFactorPresenceCache::StoreFactorPresenceCache(AuthAttemptVector vector,
                                                       AuthFactorsSet factors) {
  if (user_manager::UserManager::Get()->IsEphemeralAccountId(vector.account)) {
    if (factors.empty()) {
      return;
    }
  }
  base::Value::Dict cache = known_user_->GetAuthFactorCache(vector.account);
  base::Value::List factor_list;
  for (AshAuthFactor f : factors) {
    factor_list.Append(static_cast<int>(f));
  }
  cache.Set(GetAuthPurposeKey(vector.purpose), std::move(factor_list));
  known_user_->SetAuthFactorCache(vector.account, std::move(cache));
}

AuthFactorsSet AuthFactorPresenceCache::GetExpectedFactorsPresence(
    AuthAttemptVector vector) {
  if (user_manager::UserManager::Get()->IsEphemeralAccountId(vector.account)) {
    // Assume that ephemeral users do not have any auth factors associated:
    return AuthFactorsSet();
  }
  base::Value::Dict cache = known_user_->GetAuthFactorCache(vector.account);
  return GetWithFallback(cache, vector.purpose);
}

}  // namespace ash