Unity 8
Greeter.qml
1 /*
2  * Copyright (C) 2013,2014,2015 Canonical, Ltd.
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; version 3.
7  *
8  * This program is distributed in the hope that it will be useful,
9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11  * GNU General Public License for more details.
12  *
13  * You should have received a copy of the GNU General Public License
14  * along with this program. If not, see <http://www.gnu.org/licenses/>.
15  */
16 
17 import QtQuick 2.4
18 import AccountsService 0.1
19 import GSettings 1.0
20 import Ubuntu.Components 1.3
21 import Ubuntu.SystemImage 0.1
22 import Unity.Launcher 0.1
23 import "../Components"
24 
25 Showable {
26  id: root
27  created: loader.status == Loader.Ready
28 
29  property real dragHandleLeftMargin: 0
30 
31  property url background
32 
33  // How far to offset the top greeter layer during a launcher left-drag
34  property real launcherOffset
35 
36  readonly property bool active: shown || hasLockedApp
37  readonly property bool fullyShown: loader.item ? loader.item.fullyShown : false
38 
39  // True when the greeter is waiting for PAM or other setup process
40  readonly property alias waiting: d.waiting
41 
42  property string lockedApp: ""
43  readonly property bool hasLockedApp: lockedApp !== ""
44 
45  property bool forcedUnlock
46  readonly property bool locked: lightDM.greeter.active && !lightDM.greeter.authenticated && !forcedUnlock
47 
48  property bool tabletMode
49  property url viewSource // only used for testing
50 
51  property int maxFailedLogins: -1 // disabled by default for now, will enable via settings in future
52  property int failedLoginsDelayAttempts: 7 // number of failed logins
53  property real failedLoginsDelayMinutes: 5 // minutes of forced waiting
54 
55  readonly property bool animating: loader.item ? loader.item.animating : false
56 
57  signal tease()
58  signal sessionStarted()
59  signal emergencyCall()
60 
61  function forceShow() {
62  showNow();
63  loader.item.reset();
64  }
65 
66  function notifyAppFocused(appId) {
67  if (!active) {
68  return;
69  }
70 
71  if (hasLockedApp) {
72  if (appId === lockedApp) {
73  hide(); // show locked app
74  } else {
75  show();
76  d.startUnlock(false /* toTheRight */);
77  }
78  } else if (appId !== "unity8-dash") { // dash isn't started by user
79  d.startUnlock(false /* toTheRight */);
80  }
81  }
82 
83  function notifyAboutToFocusApp(appId) {
84  if (!active) {
85  return;
86  }
87 
88  // A hint that we're about to focus an app. This way we can look
89  // a little more responsive, rather than waiting for the above
90  // notifyAppFocused call. We also need this in case we have a locked
91  // app, in order to show lockscreen instead of new app.
92  d.startUnlock(false /* toTheRight */);
93  }
94 
95  // This is a just a glorified notifyAboutToFocusApp(), but it does one
96  // other thing: it hides any cover pages to the RIGHT, because the user
97  // just came from a launcher drag starting on the left.
98  // It also returns a boolean value, indicating whether there was a visual
99  // change or not (the shell only wants to hide the launcher if there was
100  // a change).
101  function notifyShowingDashFromDrag() {
102  if (!active) {
103  return false;
104  }
105 
106  return d.startUnlock(true /* toTheRight */);
107  }
108 
109  LightDM{id:lightDM} // Provide backend access
110  QtObject {
111  id: d
112 
113  readonly property bool multiUser: lightDM.users.count > 1
114  property int currentIndex
115  property bool waiting
116 
117  // We want 'launcherOffset' to animate down to zero. But not to animate
118  // while being dragged. So ideally we change this only when the user
119  // lets go and launcherOffset drops to zero. But we need to wait for
120  // the behavior to be enabled first. So we cache the last known good
121  // launcherOffset value to cover us during that brief gap between
122  // release and the behavior turning on.
123  property real lastKnownPositiveOffset // set in a launcherOffsetChanged below
124  property real launcherOffsetProxy: (shown && !launcherOffsetProxyBehavior.enabled) ? lastKnownPositiveOffset : 0
125  Behavior on launcherOffsetProxy {
126  id: launcherOffsetProxyBehavior
127  enabled: launcherOffset === 0
128  UbuntuNumberAnimation {}
129  }
130 
131  function selectUser(uid, reset) {
132  d.waiting = true;
133  if (reset) {
134  loader.item.reset();
135  }
136  currentIndex = uid;
137  var user = lightDM.users.data(uid, lightDM.userRoles.NameRole);
138  AccountsService.user = user;
139  LauncherModel.setUser(user);
140  lightDM.greeter.authenticate(user); // always resets auth state
141  }
142 
143  function login() {
144  enabled = false;
145  if (lightDM.greeter.startSessionSync()) {
146  sessionStarted();
147  if (loader.item) {
148  loader.item.notifyAuthenticationSucceeded();
149  }
150  } else if (loader.item) {
151  loader.item.notifyAuthenticationFailed();
152  }
153  enabled = true;
154  }
155 
156  function startUnlock(toTheRight) {
157  if (loader.item) {
158  return loader.item.tryToUnlock(toTheRight);
159  } else {
160  return false;
161  }
162  }
163  }
164 
165  onLauncherOffsetChanged: {
166  if (launcherOffset > 0) {
167  d.lastKnownPositiveOffset = launcherOffset;
168  }
169  }
170 
171  onForcedUnlockChanged: {
172  if (forcedUnlock && shown) {
173  // pretend we were just authenticated
174  loader.item.notifyAuthenticationSucceeded();
175  }
176  }
177 
178  onRequiredChanged: {
179  if (required) {
180  d.waiting = true;
181  lockedApp = "";
182  }
183  }
184 
185  GSettings {
186  id: greeterSettings
187  schema.id: "com.canonical.Unity8.Greeter"
188  }
189 
190  Timer {
191  id: forcedDelayTimer
192 
193  // We use a short interval and check against the system wall clock
194  // because we have to consider the case that the system is suspended
195  // for a few minutes. When we wake up, we want to quickly be correct.
196  interval: 500
197 
198  property var delayTarget
199  property int delayMinutes
200 
201  function forceDelay() {
202  // Store the beginning time for a lockout in GSettings, so that
203  // we still lock the user out if they reboot. And we store
204  // starting time rather than end-time or how-long because:
205  // - If storing end-time and on boot we have a problem with NTP,
206  // we might get locked out for a lot longer than we thought.
207  // - If storing how-long, and user turns their phone off for an
208  // hour rather than wait, they wouldn't expect to still be locked
209  // out.
210  // - A malicious actor could manipulate either of the above
211  // settings to keep the user out longer. But by storing
212  // start-time, we never make the user wait longer than the full
213  // lock out time.
214  greeterSettings.lockedOutTime = new Date().getTime();
215  checkForForcedDelay();
216  }
217 
218  onTriggered: {
219  var diff = delayTarget - new Date();
220  if (diff > 0) {
221  delayMinutes = Math.ceil(diff / 60000);
222  start(); // go again
223  } else {
224  delayMinutes = 0;
225  }
226  }
227 
228  function checkForForcedDelay() {
229  var now = new Date();
230  delayTarget = now;
231  delayTarget.setTime(greeterSettings.lockedOutTime + failedLoginsDelayMinutes * 60000);
232 
233  // If tooEarly is true, something went very wrong. Bug or NTP
234  // misconfiguration maybe?
235  var tooEarly = now.getTime() < greeterSettings.lockedOutTime;
236  var tooLate = now > delayTarget;
237 
238  // Compare stored time to system time. If a malicious actor is
239  // able to manipulate time to avoid our lockout, they already have
240  // enough access to cause damage. So we choose to trust this check.
241  if (tooEarly || tooLate) {
242  stop();
243  delayMinutes = 0;
244  } else {
245  triggered();
246  }
247  }
248 
249  Component.onCompleted: checkForForcedDelay()
250  }
251 
252  // event eater
253  // Nothing should leak to items behind the greeter
254  MouseArea { anchors.fill: parent; hoverEnabled: true }
255 
256  Loader {
257  id: loader
258  objectName: "loader"
259 
260  anchors.fill: parent
261 
262  active: root.required
263  source: root.viewSource.toString() ? root.viewSource :
264  (d.multiUser || root.tabletMode) ? "WideView.qml" : "NarrowView.qml"
265 
266  onLoaded: {
267  root.lockedApp = "";
268  root.forceActiveFocus();
269  d.selectUser(d.currentIndex, true);
270  lightDM.infographic.readyForDataChange();
271  }
272 
273  Connections {
274  target: loader.item
275  onSelected: {
276  d.selectUser(index, true);
277  }
278  onResponded: {
279  if (root.locked) {
280  lightDM.greeter.respond(response);
281  } else {
282  if (lightDM.greeter.active && !lightDM.greeter.authenticated) { // could happen if forcedUnlock
283  d.login();
284  }
285  loader.item.hide();
286  }
287  }
288  onTease: root.tease()
289  onEmergencyCall: root.emergencyCall()
290  onRequiredChanged: {
291  if (!loader.item.required) {
292  root.hide();
293  }
294  }
295  }
296 
297  Binding {
298  target: loader.item
299  property: "backgroundTopMargin"
300  value: -root.y
301  }
302 
303  Binding {
304  target: loader.item
305  property: "launcherOffset"
306  value: d.launcherOffsetProxy
307  }
308 
309  Binding {
310  target: loader.item
311  property: "dragHandleLeftMargin"
312  value: root.dragHandleLeftMargin
313  }
314 
315  Binding {
316  target: loader.item
317  property: "delayMinutes"
318  value: forcedDelayTimer.delayMinutes
319  }
320 
321  Binding {
322  target: loader.item
323  property: "background"
324  value: root.background
325  }
326 
327  Binding {
328  target: loader.item
329  property: "locked"
330  value: root.locked
331  }
332 
333  Binding {
334  target: loader.item
335  property: "alphanumeric"
336  value: AccountsService.passwordDisplayHint === AccountsService.Keyboard
337  }
338 
339  Binding {
340  target: loader.item
341  property: "currentIndex"
342  value: d.currentIndex
343  }
344 
345  Binding {
346  target: loader.item
347  property: "userModel"
348  value: lightDM.users
349  }
350 
351  Binding {
352  target: loader.item
353  property: "infographicModel"
354  value: lightDM.infographic
355  }
356  }
357 
358  Connections {
359  target: lightDM.greeter
360 
361  onShowGreeter: root.forceShow()
362 
363  onHideGreeter: {
364  d.login();
365  loader.item.hide();
366  }
367 
368  onShowMessage: {
369  if (!lightDM.greeter.active) {
370  return; // could happen if hideGreeter() comes in before we prompt
371  }
372 
373  // inefficient, but we only rarely deal with messages
374  var html = text.replace(/&/g, "&amp;")
375  .replace(/</g, "&lt;")
376  .replace(/>/g, "&gt;")
377  .replace(/\n/g, "<br>");
378  if (isError) {
379  html = "<font color=\"#df382c\">" + html + "</font>";
380  }
381 
382  loader.item.showMessage(html);
383  }
384 
385  onShowPrompt: {
386  d.waiting = false;
387 
388  if (!lightDM.greeter.active) {
389  return; // could happen if hideGreeter() comes in before we prompt
390  }
391 
392  loader.item.showPrompt(text, isSecret, isDefaultPrompt);
393  }
394 
395  onAuthenticationComplete: {
396  d.waiting = false;
397 
398  if (lightDM.greeter.authenticated) {
399  AccountsService.failedLogins = 0;
400  d.login();
401  if (!lightDM.greeter.promptless) {
402  loader.item.hide();
403  }
404  } else {
405  if (!lightDM.greeter.promptless) {
406  AccountsService.failedLogins++;
407  }
408 
409  // Check if we should initiate a factory reset
410  if (maxFailedLogins >= 2) { // require at least a warning
411  if (AccountsService.failedLogins === maxFailedLogins - 1) {
412  loader.item.showLastChance();
413  } else if (AccountsService.failedLogins >= maxFailedLogins) {
414  SystemImage.factoryReset(); // Ouch!
415  }
416  }
417 
418  // Check if we should initiate a forced login delay
419  if (failedLoginsDelayAttempts > 0
420  && AccountsService.failedLogins > 0
421  && AccountsService.failedLogins % failedLoginsDelayAttempts == 0) {
422  forcedDelayTimer.forceDelay();
423  }
424 
425  loader.item.notifyAuthenticationFailed();
426  if (!lightDM.greeter.promptless) {
427  d.selectUser(d.currentIndex, false);
428  }
429  }
430  }
431 
432  onRequestAuthenticationUser: {
433  // Find index for requested user, if it exists
434  for (var i = 0; i < lightDM.users.count; i++) {
435  if (user === lightDM.users.data(i, lightDM.userRoles.NameRole)) {
436  d.selectUser(i, true);
437  return;
438  }
439  }
440  }
441  }
442 
443  Binding {
444  target: lightDM.greeter
445  property: "active"
446  value: root.active
447  }
448 
449  Binding {
450  target: lightDM.infographic
451  property: "username"
452  value: AccountsService.statsWelcomeScreen ? lightDM.users.data(d.currentIndex, lightDM.userRoles.NameRole) : ""
453  }
454 
455  Connections {
456  target: i18n
457  onLanguageChanged: lightDM.infographic.readyForDataChange()
458  }
459 }