Commit Graph

270 Commits

Author SHA1 Message Date
Ray Strode
b474ea0b7c gdmUtil: enable support for GDM's ChoiceList PAM extension
This commit hooks up support for GDM's ChoiceList PAM extension.
2019-02-17 12:28:03 -05:00
Ray Strode
d4b211bd23 gdm: add AuthList control
Ultimately, we want to add support for GDM's new ChoiceList
PAM extension.  That extension allows PAM modules to present
a list of choices to the user. Before we can support that
extension, however, we need to have a list control in the
login-screen/unlock screen.  This commit adds that control.

For the most part, it's a copy-and-paste of the gdm userlist,
but with less features.  It lacks API specific to the users,
lacks the built in timed login indicator, etc. It does feature
a label heading.
2019-02-17 12:28:03 -05:00
Ray Strode
f7b47666b2 loginDialog: allow timed login with disabled user list
At the moment the timed login feature is implemented in the user list.
If there's no user list, we don't show the indicator anywhere and
don't proceed with timed login.

This commit allows timed login to work when the user list is disabled.
It accomplishes this by putting the timed login indicator on the
auth prompt, in that scenario.
2019-02-17 12:28:02 -05:00
Ray Strode
241585479b authPrompt: stop accepting preemptive answer if user stops typing
We only want to allow the user to type the preemptive password in
one smooth motion.  If they start to type, and then stop typing,
we should discard their preemptive password as expired.

Typing ahead the password is just a convenience for users who don't
want to manually lift the shift before typing their passwords, after
all.
2019-02-17 12:28:02 -05:00
Ray Strode
31612927b2 authPrompt: don't spin unless answering question 2019-02-17 12:28:02 -05:00
Ray Strode
65229b6299 authPrompt: don't fade out auth messages if user types password up front
Right now we fade out any stale auth messages as soon as the user starts
typing. This behavior doesn't really make sense if the user is typing up
front, before a password is asked.
2019-02-17 12:28:02 -05:00
Ray Strode
53f1d46fb5 gdm: update default service when smartcard inserted
Early on at start up we may not know if a smartcard is
available.  Make sure we reupdate the default service
after we get a smartcard insertion event.
2019-02-17 12:28:02 -05:00
Ray Strode
04d526e9f5 gdm: only unlock with smartcard, if smartcard used for login
If a smartcard is used for login, we need to make sure the smartcard
gets used for unlock, too.
2019-02-17 12:28:02 -05:00
Florian Müllner
3b1330880f cleanup: Use Function.prototype.bind()
When not using arrow notation with anonymous functions, we use Lang.bind()
to bind `this` to named callbacks. However since ES5, this functionality
is already provided by Function.prototype.bind() - in fact, Lang.bind()
itself uses it when no extra arguments are specified. Just use the built-in
function directly where possible, and use arrow notation in the few places
where we pass additional arguments.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/23
2018-02-21 13:55:02 +00:00
Florian Müllner
213e38c2ef cleanup: Use arrow notation for anonymous functions
Arrow notation is great, use it consistently through-out the code base
to bind `this` to anonymous functions, replacing the more overbose
Lang.bind(this, function() {}).

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/23
2018-02-21 13:55:00 +00:00
Florian Müllner
76f09b1e49 cleanup: Use method syntax
Modern javascript has a short-hand for function properties, embrace
it for better readability and to prepare for an eventual port to
ES6 classes.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/23
2018-02-21 13:54:58 +00:00
Ray Strode
e1d9bdbbd6 loginDialog: only emit session-activated on user action
Right now we emit session-activated any time the bullet
moves in the session menu. That includes at startup when
picking an item arbitrarily, and any time GDM reports the
session was read from the user's account settings.

session-activated informs GDM about the newly selected session,
so emitting it in response to GDM reporting a session is a
bad idea.

This commit changes the code to only emit session-activated when
the user explicitly activates a session item from the gear menu.

Note, we no longer set the active session explicitly at start up.
This is a good thing since the item we were picking wasn't
necessarily correct.  It does means if GDM fails to inform us
about the correct default session we'll now show no bullet instead
of a bullet on the wrong item.

https://bugzilla.gnome.org/show_bug.cgi?id=740142
2018-02-20 10:27:08 -05:00
Ray Strode
58827ba36d gdm: use password authentication if all schemes are disabled
This prevents a traceback, at least.
2018-02-20 10:21:23 -05:00
Ray Strode
9ef1bc7273 gdm: honor timed login delay even if animations disabled
gnome-shell currently initiates an automatic login attempt if
timed login is enabled and the timed login animation completes.

Unfortunately, if animations are disabled (as is the case for
virtual machines) then the timed login animation will complete
instantly, and timed login will proceed immediately after gnome-shell
has noticed the user is idle for 5 seconds.

This commit addresses that problem by initiating timed login and the
animation from a main loop timeout, instead of using the tweener api.
2018-02-20 10:18:18 -05:00
Florian Müllner
e39f4ec0d6 gdmUtils: Define constants with 'var'
Most of those are accessed outside the module itself, but commit
033277b6 missed them ...

https://bugzilla.gnome.org/show_bug.cgi?id=785556
2017-08-10 20:16:06 +02:00
Florian Müllner
033277b68f Define externally accessible contants with 'var' instead of 'const'
Just as we did with classes, define other constants that are (or
may be) used from other modules with 'var' to cut down on warnings.

https://bugzilla.gnome.org/show_bug.cgi?id=785084
2017-07-18 21:52:06 +02:00
Florian Müllner
2582d16ca7 Define classes with 'var' instead of 'const'
Any symbols (including class properties) that should be visible
outside the module it's defined in need to be defined as global.
For now gjs still allows the access for 'const', but get rid of
the warnings spill now by changing it.

https://bugzilla.gnome.org/show_bug.cgi?id=785084
2017-07-18 21:52:06 +02:00
Florian Müllner
358133e82f Initialize properties in _init()
While we've always considered it good style to initialize JS properties,
some code that relies on uninitialized properties having an implicit
value of 'undefined' has slipped in over time. The updated SpiderMonkey
version used by gjs now warns when accessing those properties, so we
should make sure that they are properly initialized to avoid log spam,
even though all warnings addressed here occur in conditionals that
produce the correct result with 'undefined'.

https://bugzilla.gnome.org/show_bug.cgi?id=781471
2017-07-13 17:23:54 +02:00
Florian Müllner
526f2c8bcf loginDialog: Only highlight a single item at any time
The user list uses the same indication for hover and focus, so it
is possible for two items to be highlighted at the same time. Using
different styling would improve the situation, but only to some
extent - the user would still need to figure out which highlight
corresponds to which activation method. So instead, copy the
approach we use in popup menus and use a single property for
highlights that is updated by both focus- and hover changes.

https://bugzilla.gnome.org/show_bug.cgi?id=772284
2017-07-13 14:57:07 +02:00
Ray Strode
a782de6e06 authPrompt: allow empty response to PAM messages
Some PAM modules say "Press enter to continue" or
whatever.  We need to support them.

This commit allows empty responses to PAM questions,
but still requires a non-empty response for username.

https://bugzilla.gnome.org/show_bug.cgi?id=784360
2017-07-10 09:23:11 -04:00
Ray Strode
0f8718287a gdmUtil: Fix auth prompt drawing over user list
If the user fails to enter their password then hits escape, we
jump back to the user list, then ask again for a password in a
garbled screen. this commit fixes that by skipping a retry if
the operation is cancelled.

https://bugzilla.gnome.org/show_bug.cgi?id=784361
2017-07-10 09:22:32 -04:00
Xiaoguang Wang
fbc5e3709e loginDialog: Disable user list when no user
https://bugzilla.gnome.org/show_bug.cgi?id=731320
2017-07-07 11:21:09 -05:00
Michael Catanzaro
a00a186772 authPrompt: Remove stray tab character 2017-06-29 18:16:32 -05:00
Ray Strode
e3330b638a Revert "gdmUtil: Fix auth prompt drawing over user list"
This reverts commit 875a1d6159.

(this was pushed accidentally, isn't the right patch, and lacks
 a bug reference)
2017-06-28 13:16:22 -04:00
Michael Catanzaro
82e20f94f4 authPrompt: Reorder import
5b339c8371 put this in the wrong place.
2017-06-28 02:35:46 -05:00
Michael Catanzaro
293d1697fe Fix a typo 2017-06-26 13:47:19 -05:00
Ray Strode
875a1d6159 gdmUtil: Fix auth prompt drawing over user list
If the user fails to enter their password then hits escape, we
jump back to the user list, then ask again for a password in a
garbled screen. this commit fixes that by guarding against the retry
if the fail counter is reset.
2017-06-22 14:31:19 -04:00
Xiaoguang Wang
fcbb942e24 loginDialog: Fix session button can be clicked
When session menu button is hidden, button can be clicked and show popup
menu.

https://bugzilla.gnome.org/show_bug.cgi?id=781482
2017-04-19 10:27:41 -04:00
Florian Müllner
c0861b1227 gdm: Handle absence of Fprint.Manager service
We rely on the service to detect whether a fingerprint reader is
present. It is fine to not support fingerprint authentication
when the service is missing, but currently we don't handle this
case at all and end up with a non-functional login screen.

https://bugzilla.gnome.org/show_bug.cgi?id=780063
2017-03-20 19:02:07 +01:00
Ray Strode
93071d9167 loginDialog: don't allow type ahead at the login screen
It's weird if after you select a username from the user list, there's
a password already filled in.

This commit disables at that feature for the login screen
(but keeps it in tact for the unlock screen)

https://bugzilla.gnome.org/show_bug.cgi?id=766139
2017-02-14 03:05:33 +01:00
victoryang
5b339c8371 authPrompt.js: turn off the ellipsization of pam messages
When the user gets long failure messages from pam, the authPrompt
message label will clip the message and ellipsize with '…'.

This commit turns off ellipsization from the label, so it will
properly wrap.

https://bugzilla.gnome.org/show_bug.cgi?id=764445
2016-10-14 09:28:34 -04:00
Michael Catanzaro
cae4d92191 loginDialog: fix cancel button in ask for username mode
If the user clicks Not Listed? to enter ask for username mode, clicks
cancel, and then attempts to log in via the user list, the user will see
"Authentication failed" after correctly typing the password, and then
will become stuck in an empty screen with just the gray noise background.

The problem is, we forgot to disconnect from the signal that's waiting
for the next button to be pressed on the username entry screen. Since
the signal handler that executes here is expecting the username to be
input, and isn't prepared for us to have switched back to user list,
various bad things happen. We try to start two gdm-password
conversations at once, for instance, one using the user's password as
the username. I stopped investigating here, because it's easy to fix by
disconnecting from the signal at the right time.

https://bugzilla.gnome.org/show_bug.cgi?id=770328
2016-09-10 16:50:53 -05:00
Michael Catanzaro
c65a9c4d2e authPrompt: Do not allow bypassing disabled Sign In button
The Next and Sign In buttons are disabled when the username/password
field is empty. However, the user can still bypass this button by
pressing the enter key, leading to some odd glitches with the log in
for 'Not Listed?' users.

This is easy to fix by simply not progressing to the next screen when
the button is disabled.

https://bugzilla.gnome.org/show_bug.cgi?id=746180
2016-01-07 17:19:04 -06:00
Michael Catanzaro
3803a880e8 loginDialog: Reconsider user for user list when user changes
Generally a user-changed operation will be uninteresting, but if the
user is currently in the user list and the account changes to locked, we
want to remove it from the list, or if the user is not in the list and
the account changed to unlocked, we want to add it to the list. This
fixes the case where a new user account created in gnome-control-center
does not appear in the user list. The password mode is set in the new
account immediately after it is created, but the operations are not
atomic, so the login dialog considers the new user account when it is
still locked and rejects it from being displayed, then immediately
afterwards the account is unlocked. This commit causes the login dialog
to show the account when this occurs.

The containsUser() check here is not strictly necessary, but reduces
spurious calls to addUser() and removeUser(), since there's no easy way
to check if the locked status of the account has changed (as it's much
easier to connect to one signal on the UserManager than to
notify::locked on each User object).

https://bugzilla.gnome.org/show_bug.cgi?id=758568
2015-12-02 18:23:36 +01:00
Michael Catanzaro
e1e08f0a68 loginDialog: Fix TypeError when user is deleted
LoginDialog has a private _user, but UserListItem has a public user.
Easy to get wrong since _user would be the right thing to type in 90% of
this file.
2015-11-23 17:44:49 -06:00
Ray Strode
489b96a310 gdm: don't emit start-session-when-ready from idle function
There's no point in delaying the emission.  We should do it
right away.

https://bugzilla.gnome.org/show_bug.cgi?id=754814
2015-10-20 17:10:06 -04:00
Michael Catanzaro
50b59e0ca6 batch: Add old commit message as comment at top of file
This is a lightly-edited version of Ray's commit message in
4902a600d5.
2015-10-13 14:43:39 -05:00
Florian Müllner
09dbe17da0 loginDialog: Limit user list to the available height
We currently will always allocate the user list's preferred size, so it
will grow indefinitely and never scroll; limit the height instead to
get the desired scrolling behavior when necessary.

https://bugzilla.gnome.org/show_bug.cgi?id=754525
2015-09-03 15:45:39 +02:00
Rui Matos
f2d4aa0822 authPrompt: hide/stop spinner after verfiication completes
When the user successfully types their password, we should hide
the spinner from the button well right away, so it doesn't
consume resources until reset (which may happen significantly later
if the user is vt switched away)

https://bugzilla.gnome.org/show_bug.cgi?id=753891
2015-08-31 15:24:27 -04:00
Ray Strode
030a22d795 authPrompt: stop spinner after its hidden
The code previously tried to stop spinner after it was hidden, but
due to an incorrect check was only stoppig it after it was shown.

Also, it was only stopping after hiding due to an animation, and
failing to stop it in the non-animated case.

This left the spinner hidden and running while VT switched away
from the login screen, only stopping when the auth prompt was
reset when switching back.

https://bugzilla.gnome.org/show_bug.cgi?id=753891
2015-08-31 15:19:26 -04:00
Ray Strode
08506eac2d gdm: clear user verifier when finished with it
We only need the user verifier for the purpose of user verification.
Once it's complete we should clear it so it doesn't get in the way
later.

This fixes a bug introduced in commit 3c8c5a5570 that leads to the
user session crashing when the login screen is reactivated.

https://bugzilla.gnome.org/show_bug.cgi?id=753181
2015-08-05 09:40:17 -04:00
Ray Strode
02c6b0374d gdm: make user list fade-in on vt switch more reliable
We fade out the authentication prompt when a user successfully
logs into a user session. We reset it and fade it back in when
the user switches back to the login screen VT.

The problem is, we only fade it back in if the auth prompt status is
VERIFICATION_SUCCEEDED.  It's possible for it to be NOT_VERIFYING
if the authprompt gets reset for some other reason in the interim.

This commit changes the check to be more precise. We now only skip
the fade-in, if we're already faded in, and we only skip the reset if
we're already reset.

https://bugzilla.gnome.org/show_bug.cgi?id=753181
2015-08-05 09:40:15 -04:00
Jakub Steiner
27a7194634 spinner: use a 60fps spinner
- sync with gtk+ and provide a fluid spinner

https://bugzilla.gnome.org/show_bug.cgi?id=753064
2015-08-05 13:44:32 +02:00
Ray Strode
778ad49ab4 authPrompt: allow cancellation before verification starts
The user should be allowed to cancel if verification hasn't
started yet and they're typing in their username. This
commit changes the authPrompt cancel function to not
ignore such requests.

https://bugzilla.gnome.org/show_bug.cgi?id=752739
2015-07-24 09:44:24 -04:00
Ray Strode
fe7dd1305f authPrompt: don't allow next if entry is empty
Normally the user isn't allowed to proceed passed
the username question until they've filled it in.
To ensure this, the authprompt code desensitizes
the next button when the number of characters change to
zero.

Unfortunately it fails to desensitize the next button
up front when the entry starts out empty.

This commit addresses that bug.

https://bugzilla.gnome.org/show_bug.cgi?id=752739
2015-07-24 09:44:23 -04:00
Ray Strode
378a3df5ea authPrompt: set next button to next when asking for username
If the next button ever gets set to Sign In, it won't
get reset to next until the next question asked by pam.

This commit ensures it gets reset to Next when asking
for the username.

https://bugzilla.gnome.org/show_bug.cgi?id=752739
2015-07-24 09:44:21 -04:00
Ray Strode
fd3f03580d gdm: unconditionally cancel auth user verifier on reset
We currently only cancel the user verifier on reset if
verifying, but that means we don't properly cancel it when
asking for a username at the Not Listed screen.

The object already handles getting called when there is
nothing to cancel, so just cancel it unconditionally.

https://bugzilla.gnome.org/show_bug.cgi?id=752438
2015-07-16 09:41:39 -04:00
Ray Strode
0003760fd9 gdm: fix banner allocation computation
The code to figure how how much room that banner had was wrong.
This commit fixes it.

https://bugzilla.gnome.org/show_bug.cgi?id=751517
2015-06-25 16:04:14 -04:00
Shivam Mishra
6660342d2f authPrompt: Fix hang if user types password really fast
It's possible for a user to type their password so quickly
that GDM hasn't even had time to ask for the password yet,
much less have time to process the answer.
In that situation, we tuck the user response away as
_preemptiveAnswer, and pass it along to GDM when GDM is finally
ready for it.
The problem is, there's a bug in the code, where we send
null for the service name in the answer, instead of the right
service name (say "gdm-password").
This commit addresses the bug by making sure we don't pass the
answer along, until the service name is properly set in
_queryingService. To ensure that, answering query (answerQuery)
based on _preemptiveAnswer has been shifted right below
this._queryingService = serviceName;

https://bugzilla.gnome.org/show_bug.cgi?id=737586
2015-04-07 16:02:21 -04:00
Clément Guérin
8e802fd32f gdm: use integer coordinates for login dialog actors
If the login screen actors aren't placed at pixel
boundaries then they will show up blurred with fuzzy
text.

This commit ensures all actor allocations are floored
to integer coordinates.

https://bugzilla.gnome.org/show_bug.cgi?id=746912
2015-03-27 17:25:06 -04:00