// -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*-
import Clutter from 'gi://Clutter';
import Gdm from 'gi://Gdm';
import Gio from 'gi://Gio';
import GLib from 'gi://GLib';
import * as Signals from '../misc/signals.js';
import * as Batch from './batch.js';
import * as OVirt from './oVirt.js';
import * as Vmware from './vmware.js';
import * as Main from '../ui/main.js';
import {loadInterfaceXML} from '../misc/fileUtils.js';
import * as Params from '../misc/params.js';
import * as SmartcardManager from '../misc/smartcardManager.js';
const FprintManagerInfo = Gio.DBusInterfaceInfo.new_for_xml(
loadInterfaceXML('net.reactivated.Fprint.Manager'));
const FprintDeviceInfo = Gio.DBusInterfaceInfo.new_for_xml(
loadInterfaceXML('net.reactivated.Fprint.Device'));
Gio._promisify(Gdm.Client.prototype, 'open_reauthentication_channel');
Gio._promisify(Gdm.Client.prototype, 'get_user_verifier');
Gio._promisify(Gdm.UserVerifierProxy.prototype,
'call_begin_verification_for_user');
Gio._promisify(Gdm.UserVerifierProxy.prototype, 'call_begin_verification');
export const PASSWORD_SERVICE_NAME = 'gdm-password';
export const FINGERPRINT_SERVICE_NAME = 'gdm-fingerprint';
export const SMARTCARD_SERVICE_NAME = 'gdm-smartcard';
const CLONE_FADE_ANIMATION_TIME = 250;
export const LOGIN_SCREEN_SCHEMA = 'org.gnome.login-screen';
export const PASSWORD_AUTHENTICATION_KEY = 'enable-password-authentication';
export const FINGERPRINT_AUTHENTICATION_KEY = 'enable-fingerprint-authentication';
export const SMARTCARD_AUTHENTICATION_KEY = 'enable-smartcard-authentication';
export const BANNER_MESSAGE_KEY = 'banner-message-enable';
export const BANNER_MESSAGE_TEXT_KEY = 'banner-message-text';
export const ALLOWED_FAILURES_KEY = 'allowed-failures';
export const LOGO_KEY = 'logo';
export const DISABLE_USER_LIST_KEY = 'disable-user-list';
// Give user 48ms to read each character of a PAM message
const USER_READ_TIME = 48;
const FINGERPRINT_SERVICE_PROXY_TIMEOUT = 5000;
const FINGERPRINT_ERROR_TIMEOUT_WAIT = 15;
/**
* Keep messages in order by priority
*
* @enum {number}
*/
export const MessageType = {
NONE: 0,
HINT: 1,
INFO: 2,
ERROR: 3,
};
const FingerprintReaderType = {
NONE: 0,
PRESS: 1,
SWIPE: 2,
};
/**
* @param {Clutter.Actor} actor
*/
export function cloneAndFadeOutActor(actor) {
// Immediately hide actor so its sibling can have its space
// and position, but leave a non-reactive clone on-screen,
// so from the user's point of view it smoothly fades away
// and reveals its sibling.
actor.hide();
const clone = new Clutter.Clone({
source: actor,
reactive: false,
});
Main.uiGroup.add_child(clone);
let [x, y] = actor.get_transformed_position();
clone.set_position(x, y);
let hold = new Batch.Hold();
clone.ease({
opacity: 0,
duration: CLONE_FADE_ANIMATION_TIME,
mode: Clutter.AnimationMode.EASE_OUT_QUAD,
onComplete: () => {
clone.destroy();
hold.release();
},
});
return hold;
}
export class ShellUserVerifier extends Signals.EventEmitter {
constructor(client, params) {
super();
params = Params.parse(params, {reauthenticationOnly: false});
this._reauthOnly = params.reauthenticationOnly;
this._client = client;
this._cancellable = null;
this._defaultService = null;
this._preemptingService = null;
this._fingerprintReaderType = FingerprintReaderType.NONE;
this._messageQueue = [];
this._messageQueueTimeoutId = 0;
this._failCounter = 0;
this._activeServices = new Set();
this._unavailableServices = new Set();
this._credentialManagers = {};
this.reauthenticating = false;
this.smartcardDetected = false;
this._settings = new Gio.Settings({schema_id: LOGIN_SCREEN_SCHEMA});
this._settings.connect('changed', () => this._onSettingsChanged());
this._updateEnabledServices();
this._updateDefaultService();
this.addCredentialManager(OVirt.SERVICE_NAME, OVirt.getOVirtCredentialsManager());
this.addCredentialManager(Vmware.SERVICE_NAME, Vmware.getVmwareCredentialsManager());
}
addCredentialManager(serviceName, credentialManager) {
if (this._credentialManagers[serviceName])
return;
this._credentialManagers[serviceName] = credentialManager;
if (credentialManager.token) {
this._onCredentialManagerAuthenticated(credentialManager,
credentialManager.token);
}
credentialManager.connectObject('user-authenticated',
this._onCredentialManagerAuthenticated.bind(this), this);
}
removeCredentialManager(serviceName) {
let credentialManager = this._credentialManagers[serviceName];
if (!credentialManager)
return;
credentialManager.disconnectObject(this);
delete this._credentialManagers[serviceName];
}
get hasPendingMessages() {
return !!this._messageQueue.length;
}
get allowedFailures() {
return this._settings.get_int(ALLOWED_FAILURES_KEY);
}
get currentMessage() {
return this._messageQueue ? this._messageQueue[0] : null;
}
begin(userName, hold) {
this._cancellable = new Gio.Cancellable();
this._hold = hold;
this._userName = userName;
this.reauthenticating = false;
this._checkForFingerprintReader().catch(e =>
this._handleFingerprintError(e));
// If possible, reauthenticate an already running session,
// so any session specific credentials get updated appropriately
if (userName)
this._openReauthenticationChannel(userName);
else
this._getUserVerifier();
}
cancel() {
if (this._cancellable)
this._cancellable.cancel();
if (this._userVerifier) {
this._userVerifier.call_cancel_sync(null);
this.clear();
}
}
_clearUserVerifier() {
if (this._userVerifier) {
this._disconnectSignals();
this._userVerifier.run_dispose();
this._userVerifier = null;
if (this._userVerifierChoiceList) {
this._userVerifierChoiceList.run_dispose();
this._userVerifierChoiceList = null;
}
}
}
clear() {
if (this._cancellable) {
this._cancellable.cancel();
this._cancellable = null;
}
this._clearUserVerifier();
this._clearMessageQueue();
this._activeServices.clear();
}
destroy() {
this.cancel();
this._settings.run_dispose();
this._settings = null;
this._smartcardManager?.disconnectObject(this);
this._smartcardManager = null;
this._fingerprintManager = null;
for (let service in this._credentialManagers)
this.removeCredentialManager(service);
}
selectChoice(serviceName, key) {
this._userVerifierChoiceList.call_select_choice(serviceName, key, this._cancellable, null);
}
async answerQuery(serviceName, answer) {
try {
await this._handlePendingMessages();
this._userVerifier.call_answer_query(serviceName, answer, this._cancellable, null);
} catch (e) {
if (!e.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.CANCELLED))
logError(e);
}
}
_getIntervalForMessage(message) {
if (!message)
return 0;
// We probably could be smarter here
return message.length * USER_READ_TIME;
}
finishMessageQueue() {
if (!this.hasPendingMessages)
return;
this._messageQueue = [];
this.emit('no-more-messages');
}
increaseCurrentMessageTimeout(interval) {
if (!this._messageQueueTimeoutId && interval > 0)
this._currentMessageExtraInterval = interval;
}
_serviceHasPendingMessages(serviceName) {
return this._messageQueue.some(m => m.serviceName === serviceName);
}
_filterServiceMessages(serviceName, messageType) {
// This function allows to remove queued messages for the @serviceName
// whose type has lower priority than @messageType, replacing them
// with a null message that will lead to clearing the prompt once done.
if (this._serviceHasPendingMessages(serviceName))
this._queuePriorityMessage(serviceName, null, messageType);
}
_queueMessageTimeout() {
if (this._messageQueueTimeoutId !== 0)
return;
const message = this.currentMessage;
delete this._currentMessageExtraInterval;
this.emit('show-message', message.serviceName, message.text, message.type);
this._messageQueueTimeoutId = GLib.timeout_add(GLib.PRIORITY_DEFAULT,
message.interval + (this._currentMessageExtraInterval | 0), () => {
this._messageQueueTimeoutId = 0;
if (this._messageQueue.length > 1) {
this._messageQueue.shift();
this._queueMessageTimeout();
} else {
this.finishMessageQueue();
}
return GLib.SOURCE_REMOVE;
});
GLib.Source.set_name_by_id(this._messageQueueTimeoutId, '[gnome-shell] this._queueMessageTimeout');
}
_queueMessage(serviceName, message, messageType) {
let interval = this._getIntervalForMessage(message);
this._messageQueue.push({serviceName, text: message, type: messageType, interval});
this._queueMessageTimeout();
}
_queuePriorityMessage(serviceName, message, messageType) {
const newQueue = this._messageQueue.filter(m => {
if (m.serviceName !== serviceName || m.type >= messageType)
return m.text !== message;
return false;
});
if (!newQueue.includes(this.currentMessage))
this._clearMessageQueue();
this._messageQueue = newQueue;
this._queueMessage(serviceName, message, messageType);
}
_clearMessageQueue() {
this.finishMessageQueue();
if (this._messageQueueTimeoutId !== 0) {
GLib.source_remove(this._messageQueueTimeoutId);
this._messageQueueTimeoutId = 0;
}
this.emit('show-message', null, null, MessageType.NONE);
}
async _initFingerprintManager() {
if (this._fprintManager)
return;
const fprintManager = new Gio.DBusProxy({
g_connection: Gio.DBus.system,
g_name: 'net.reactivated.Fprint',
g_object_path: '/net/reactivated/Fprint/Manager',
g_interface_name: FprintManagerInfo.name,
g_interface_info: FprintManagerInfo,
g_flags: Gio.DBusProxyFlags.DO_NOT_LOAD_PROPERTIES |
Gio.DBusProxyFlags.DO_NOT_AUTO_START_AT_CONSTRUCTION |
Gio.DBusProxyFlags.DO_NOT_CONNECT_SIGNALS,
});
try {
if (!this._getDetectedDefaultService()) {
// Other authentication methods would have already been detected by
// now as possibilities if they were available.
// If we're here it means that FINGERPRINT_AUTHENTICATION_KEY is
// true and so fingerprint authentication is our last potential
// option, so go ahead a synchronously look for a fingerprint device
// during startup or default service update.
fprintManager.init(null);
// Do not wait too much for fprintd to reply, as in case it hangs
// we should fail early without having the shell to misbehave
fprintManager.set_default_timeout(FINGERPRINT_SERVICE_PROXY_TIMEOUT);
const [devicePath] = fprintManager.GetDefaultDeviceSync();
this._fprintManager = fprintManager;
const fprintDeviceProxy = this._getFingerprintDeviceProxy(devicePath);
fprintDeviceProxy.init(null);
this._setFingerprintReaderType(fprintDeviceProxy['scan-type']);
} else {
// Ensure fingerprint service starts, but do not wait for it
const cancellable = this._cancellable;
await fprintManager.init_async(GLib.PRIORITY_DEFAULT, cancellable);
await this._updateFingerprintReaderType(fprintManager, cancellable);
this._fprintManager = fprintManager;
}
} catch (e) {
this._handleFingerprintError(e);
}
}
_getFingerprintDeviceProxy(devicePath) {
return new Gio.DBusProxy({
g_connection: Gio.DBus.system,
g_name: 'net.reactivated.Fprint',
g_object_path: devicePath,
g_interface_name: FprintDeviceInfo.name,
g_interface_info: FprintDeviceInfo,
g_flags: Gio.DBusProxyFlags.DO_NOT_CONNECT_SIGNALS,
});
}
_handleFingerprintError(e) {
this._fingerprintReaderType = FingerprintReaderType.NONE;
if (e.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.CANCELLED))
return;
if (e.matches(Gio.DBusError, Gio.DBusError.SERVICE_UNKNOWN))
return;
if (Gio.DBusError.is_remote_error(e) &&
Gio.DBusError.get_remote_error(e) ===
'net.reactivated.Fprint.Error.NoSuchDevice')
return;
logError(e, 'Failed to interact with fprintd service');
}
async _checkForFingerprintReader() {
if (!this._fprintManager) {
this._updateDefaultService();
return;
}
if (this._fingerprintReaderType !== FingerprintReaderType.NONE)
return;
await this._updateFingerprintReaderType(this._fprintManager, this._cancellable);
}
async _updateFingerprintReaderType(fprintManager, cancellable) {
// Wrappers don't support null cancellable, so let's ignore it in case
const args = cancellable ? [cancellable] : [];
const [devicePath] = await fprintManager.GetDefaultDeviceAsync(...args);
const fprintDeviceProxy = this._getFingerprintDeviceProxy(devicePath);
await fprintDeviceProxy.init_async(GLib.PRIORITY_DEFAULT, cancellable);
this._setFingerprintReaderType(fprintDeviceProxy['scan-type']);
this._updateDefaultService();
if (this._userVerifier &&
!this._activeServices.has(FINGERPRINT_SERVICE_NAME)) {
if (!this._hold?.isAcquired())
this._hold = new Batch.Hold();
await this._maybeStartFingerprintVerification();
}
}
_setFingerprintReaderType(fprintDeviceType) {
this._fingerprintReaderType =
FingerprintReaderType[fprintDeviceType.toUpperCase()];
if (this._fingerprintReaderType === undefined)
throw new Error(`Unexpected fingerprint device type '${fprintDeviceType}'`);
}
_onCredentialManagerAuthenticated(credentialManager, _token) {
this._preemptingService = credentialManager.service;
this.emit('credential-manager-authenticated');
}
_initSmartcardManager() {
if (this._smartcardManager)
return;
this._smartcardManager = SmartcardManager.getSmartcardManager();
// We check for smartcards right away, since an inserted smartcard
// at startup should result in immediately initiating authentication.
// This is different than fingerprint readers, where we only check them
// after a user has been picked.
this.smartcardDetected = false;
this._checkForSmartcard();
this._smartcardManager.connectObject(
'smartcard-inserted', () => this._checkForSmartcard(),
'smartcard-removed', () => this._checkForSmartcard(), this);
}
_checkForSmartcard() {
let smartcardDetected;
if (!this._settings.get_boolean(SMARTCARD_AUTHENTICATION_KEY))
smartcardDetected = false;
else if (this._reauthOnly)
smartcardDetected = this._smartcardManager.hasInsertedLoginToken();
else
smartcardDetected = this._smartcardManager.hasInsertedTokens();
if (smartcardDetected !== this.smartcardDetected) {
this.smartcardDetected = smartcardDetected;
if (this.smartcardDetected)
this._preemptingService = SMARTCARD_SERVICE_NAME;
else if (this._preemptingService === SMARTCARD_SERVICE_NAME)
this._preemptingService = null;
this.emit('smartcard-status-changed');
}
}
_reportInitError(where, error, serviceName) {
logError(error, where);
this._hold.release();
this._queueMessage(serviceName, _('Authentication error'), MessageType.ERROR);
this._failCounter++;
this._verificationFailed(serviceName, false);
}
async _openReauthenticationChannel(userName) {
try {
this._clearUserVerifier();
this._userVerifier = await this._client.open_reauthentication_channel(
userName, this._cancellable);
} catch (e) {
if (e.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.CANCELLED))
return;
if (e.matches(Gio.DBusError, Gio.DBusError.ACCESS_DENIED) &&
!this._reauthOnly) {
// Gdm emits org.freedesktop.DBus.Error.AccessDenied when there
// is no session to reauthenticate. Fall back to performing
// verification from this login session
this._getUserVerifier();
return;
}
this._reportInitError('Failed to open reauthentication channel', e);
return;
}
if (this._client.get_user_verifier_choice_list)
this._userVerifierChoiceList = this._client.get_user_verifier_choice_list();
else
this._userVerifierChoiceList = null;
this.reauthenticating = true;
this._connectSignals();
this._beginVerification();
this._hold.release();
}
async _getUserVerifier() {
try {
this._clearUserVerifier();
this._userVerifier =
await this._client.get_user_verifier(this._cancellable);
} catch (e) {
if (e.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.CANCELLED))
return;
this._reportInitError('Failed to obtain user verifier', e);
return;
}
if (this._client.get_user_verifier_choice_list)
this._userVerifierChoiceList = this._client.get_user_verifier_choice_list();
else
this._userVerifierChoiceList = null;
this._connectSignals();
this._beginVerification();
this._hold.release();
}
_connectSignals() {
this._disconnectSignals();
this._userVerifier.connectObject(
'info', this._onInfo.bind(this),
'problem', this._onProblem.bind(this),
'info-query', this._onInfoQuery.bind(this),
'secret-info-query', this._onSecretInfoQuery.bind(this),
'conversation-started', this._onConversationStarted.bind(this),
'conversation-stopped', this._onConversationStopped.bind(this),
'service-unavailable', this._onServiceUnavailable.bind(this),
'reset', this._onReset.bind(this),
'verification-complete', this._onVerificationComplete.bind(this),
this);
if (this._userVerifierChoiceList) {
this._userVerifierChoiceList.connectObject('choice-query',
this._onChoiceListQuery.bind(this), this);
}
}
_disconnectSignals() {
this._userVerifier?.disconnectObject(this);
this._userVerifierChoiceList?.disconnectObject(this);
}
_getForegroundService() {
if (this._preemptingService)
return this._preemptingService;
return this._defaultService;
}
serviceIsForeground(serviceName) {
return serviceName === this._getForegroundService();
}
foregroundServiceDeterminesUsername() {
for (let serviceName in this._credentialManagers) {
if (this.serviceIsForeground(serviceName))
return true;
}
return this.serviceIsForeground(SMARTCARD_SERVICE_NAME);
}
serviceIsDefault(serviceName) {
return serviceName === this._defaultService;
}
serviceIsFingerprint(serviceName) {
return this._fingerprintReaderType !== FingerprintReaderType.NONE &&
serviceName === FINGERPRINT_SERVICE_NAME;
}
_onSettingsChanged() {
this._updateEnabledServices();
this._updateDefaultService();
}
_updateEnabledServices() {
let needsReset = false;
if (this._settings.get_boolean(FINGERPRINT_AUTHENTICATION_KEY)) {
this._initFingerprintManager().catch(logError);
} else if (this._fingerprintManager) {
this._fingerprintManager = null;
this._fingerprintReaderType = FingerprintReaderType.NONE;
if (this._activeServices.has(FINGERPRINT_SERVICE_NAME))
needsReset = true;
}
if (this._settings.get_boolean(SMARTCARD_AUTHENTICATION_KEY)) {
this._initSmartcardManager();
} else if (this._smartcardManager) {
this._smartcardManager.disconnectObject(this);
this._smartcardManager = null;
if (this._activeServices.has(SMARTCARD_SERVICE_NAME))
needsReset = true;
}
if (needsReset)
this._cancelAndReset();
}
_getDetectedDefaultService() {
if (this._settings.get_boolean(PASSWORD_AUTHENTICATION_KEY))
return PASSWORD_SERVICE_NAME;
else if (this._smartcardManager)
return SMARTCARD_SERVICE_NAME;
else if (this._fingerprintReaderType !== FingerprintReaderType.NONE)
return FINGERPRINT_SERVICE_NAME;
return null;
}
_updateDefaultService() {
const oldDefaultService = this._defaultService;
this._defaultService = this._getDetectedDefaultService();
if (!this._defaultService) {
log('no authentication service is enabled, using password authentication');
this._defaultService = PASSWORD_SERVICE_NAME;
}
if (oldDefaultService &&
oldDefaultService !== this._defaultService &&
this._activeServices.has(oldDefaultService))
this._cancelAndReset();
}
async _startService(serviceName) {
this._hold.acquire();
try {
this._activeServices.add(serviceName);
if (this._userName) {
await this._userVerifier.call_begin_verification_for_user(
serviceName, this._userName, this._cancellable);
} else {
await this._userVerifier.call_begin_verification(
serviceName, this._cancellable);
}
} catch (e) {
this._activeServices.delete(serviceName);
if (e.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.CANCELLED))
return;
if (!this.serviceIsForeground(serviceName)) {
logError(e,
`Failed to start ${serviceName} for ${this._userName}`);
this._hold.release();
return;
}
this._reportInitError(
this._userName
? `Failed to start ${serviceName} verification for user`
: `Failed to start ${serviceName} verification`,
e, serviceName);
return;
}
this._hold.release();
}
_beginVerification() {
this._startService(this._getForegroundService());
this._maybeStartFingerprintVerification().catch(logError);
}
async _maybeStartFingerprintVerification() {
if (this._userName &&
this._fingerprintReaderType !== FingerprintReaderType.NONE &&
!this.serviceIsForeground(FINGERPRINT_SERVICE_NAME))
await this._startService(FINGERPRINT_SERVICE_NAME);
}
_onChoiceListQuery(client, serviceName, promptMessage, list) {
if (!this.serviceIsForeground(serviceName))
return;
this.emit('show-choice-list', serviceName, promptMessage, list.deepUnpack());
}
_onInfo(client, serviceName, info) {
if (this.serviceIsForeground(serviceName)) {
this._queueMessage(serviceName, info, MessageType.INFO);
} else if (this.serviceIsFingerprint(serviceName)) {
// We don't show fingerprint messages directly since it's
// not the main auth service. Instead we use the messages
// as a cue to display our own message.
if (this._fingerprintReaderType === FingerprintReaderType.SWIPE) {
// Translators: this message is shown below the password entry field
// to indicate the user can swipe their finger on the fingerprint reader
this._queueMessage(serviceName, _('(or swipe finger across reader)'),
MessageType.HINT);
} else {
// Translators: this message is shown below the password entry field
// to indicate the user can place their finger on the fingerprint reader instead
this._queueMessage(serviceName, _('(or place finger on reader)'),
MessageType.HINT);
}
}
}
_onProblem(client, serviceName, problem) {
const isFingerprint = this.serviceIsFingerprint(serviceName);
if (!this.serviceIsForeground(serviceName) && !isFingerprint)
return;
this._queuePriorityMessage(serviceName, problem, MessageType.ERROR);
if (isFingerprint) {
// pam_fprintd allows the user to retry multiple (maybe even infinite!
// times before failing the authentication conversation.
// We don't want this behavior to bypass the max-tries setting the user has set,
// so we count the problem messages to know how many times the user has failed.
// Once we hit the max number of failures we allow, it's time to failure the
// conversation from our side. We can't do that right away, however, because
// we may drop pending messages coming from pam_fprintd. In order to make sure
// the user sees everything, we queue the failure up to get handled in the
// near future, after we've finished up the current round of messages.
this._failCounter++;
if (!this._canRetry()) {
if (this._fingerprintFailedId)
GLib.source_remove(this._fingerprintFailedId);
const cancellable = this._cancellable;
this._fingerprintFailedId = GLib.timeout_add(GLib.PRIORITY_DEFAULT,
FINGERPRINT_ERROR_TIMEOUT_WAIT, () => {
this._fingerprintFailedId = 0;
if (!cancellable.is_cancelled())
this._verificationFailed(serviceName, false);
return GLib.SOURCE_REMOVE;
});
}
}
}
_onInfoQuery(client, serviceName, question) {
if (!this.serviceIsForeground(serviceName))
return;
this.emit('ask-question', serviceName, question, false);
}
_onSecretInfoQuery(client, serviceName, secretQuestion) {
if (!this.serviceIsForeground(serviceName))
return;
let token = null;
if (this._credentialManagers[serviceName])
token = this._credentialManagers[serviceName].token;
if (token) {
this.answerQuery(serviceName, token);
return;
}
this.emit('ask-question', serviceName, secretQuestion, true);
}
_onReset() {
// Clear previous attempts to authenticate
this._failCounter = 0;
this._activeServices.clear();
this._unavailableServices.clear();
this._updateDefaultService();
this.emit('reset');
}
_onVerificationComplete() {
this.emit('verification-complete');
}
_cancelAndReset() {
this.cancel();
this._onReset();
}
_retry(serviceName) {
this._hold = new Batch.Hold();
this._connectSignals();
this._startService(serviceName);
}
_canRetry() {
return this._userName &&
(this._reauthOnly || this._failCounter < this.allowedFailures);
}
async _verificationFailed(serviceName, shouldRetry) {
if (serviceName === FINGERPRINT_SERVICE_NAME) {
if (this._fingerprintFailedId)
GLib.source_remove(this._fingerprintFailedId);
}
// For Not Listed / enterprise logins, immediately reset
// the dialog
// Otherwise, when in login mode we allow ALLOWED_FAILURES attempts.
// After that, we go back to the welcome screen.
this._filterServiceMessages(serviceName, MessageType.ERROR);
const doneTrying = !shouldRetry || !this._canRetry();
this.emit('verification-failed', serviceName, !doneTrying);
try {
if (doneTrying) {
this._disconnectSignals();
await this._handlePendingMessages();
this._cancelAndReset();
} else {
await this._handlePendingMessages();
this._retry(serviceName);
}
} catch (e) {
if (!e.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.CANCELLED))
logError(e);
}
}
_handlePendingMessages() {
if (!this.hasPendingMessage)
return Promise.resolve();
const cancellable = this._cancellable;
return new Promise((resolve, reject) => {
let signalId = this.connect('no-more-messages', () => {
this.disconnect(signalId);
if (cancellable.is_cancelled())
reject(new GLib.Error(Gio.IOErrorEnum, Gio.IOErrorEnum.CANCELLED, 'Operation was cancelled'));
else
resolve();
});
});
}
_onServiceUnavailable(_client, serviceName, errorMessage) {
this._unavailableServices.add(serviceName);
if (!errorMessage)
return;
if (this.serviceIsForeground(serviceName) || this.serviceIsFingerprint(serviceName))
this._queueMessage(serviceName, errorMessage, MessageType.ERROR);
}
_onConversationStarted(client, serviceName) {
this._activeServices.add(serviceName);
}
_onConversationStopped(client, serviceName) {
this._activeServices.delete(serviceName);
// If the login failed with the preauthenticated oVirt credentials
// then discard the credentials and revert to default authentication
// mechanism.
let foregroundService = Object.keys(this._credentialManagers).find(service =>
this.serviceIsForeground(service));
if (foregroundService) {
this._credentialManagers[foregroundService].token = null;
this._preemptingService = null;
this._verificationFailed(serviceName, false);
return;
}
this._filterServiceMessages(serviceName, MessageType.ERROR);
if (this._unavailableServices.has(serviceName))
return;
// if the password service fails, then cancel everything.
// But if, e.g., fingerprint fails, still give
// password authentication a chance to succeed
if (this.serviceIsForeground(serviceName))
this._failCounter++;
this._verificationFailed(serviceName, true);
}
}