440 Commits

Author SHA1 Message Date
Alessandro Bono
32248e8226 authPrompt: Don't propagate serviceName to setMessage
There isn't always a serviceName when we set a message. Furthermore we
are passing the serviceName only to decide if we want to wiggle or not.
Pass the wiggle parameters instead. If they are missing, we don't want
to wiggle.

This fixes the following error:
JS ERROR: Exception in callback for signal: login-format-changed: Error: Wrong type number; string expected
setMessage@resource:///org/gnome/shell/gdm/authPrompt.js:542:13
_showRealmLoginHint@resource:///org/gnome/shell/gdm/loginDialog.js:931:26
_emit@resource:///org/gnome/gjs/modules/core/_signals.js:114:47
_updateLoginFormat@resource:///org/gnome/shell/gdm/realmd.js:85:18
_reloadRealm@resource:///org/gnome/shell/gdm/realmd.js:57:14
_onRealmLoaded@resource:///org/gnome/shell/gdm/realmd.js:64:14
_makeProxyWrapper/</<@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:245:34

Fallout from 526f0711f1a7b7bd8e4913845b5a559f2c93be5c.

Closes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/5547
Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2404>
2022-08-06 23:30:55 +00:00
Florian Müllner
637ee7386e js: Use async D-Bus wrappers
After porting the more complex cases - in particular those that
affect a module's API - we are left with straight-forward D-Bus
method calls that can be moved to promise-based wrappers in one
go.

For consistency, this also switches from Remote to Async where
the call result is ignored.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2344>
2022-08-01 18:51:14 +00:00
Florian Müllner
a3db909383 loginManager: Make API promise-based
The LoginManager abstraction is still mostly callback-based, not
least because the methods are thin wrappers around logind D-Bus
calls.

However as gjs' dbus wrapper now generates promised-based wrappers
as well, we can implement a proper async API just as naturally.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2344>
2022-08-01 18:51:14 +00:00
Evan Welsh
a88e59c1a8 Adopt EventEmitter class instead of injecting Signal methods
Introduce a new class, EventEmitter, which implements signal
handling for pure JavaScript classes. EventEmitter still
utilizes GJS' addSignalMethods internally.

EventEmitter allows static typechecking to understand the
structure of event-emitting JS classes and makes creating
child classes simpler.

The name 'EventEmitter' mirrors a common name for this pattern
in Node and in JS libraries.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2043>
2022-07-04 18:30:49 -04:00
Florian Müllner
65831f783e Js: Use new :icon-name property
Now that we have the new convenience property, apply it to all
icon-only buttons.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2254>
2022-05-06 13:39:40 +00:00
Florian Müllner
26235bbe54 js: Use (dis)connectObject()
Start using the new methods to simplify signal cleanup. For now,
focus on replacing existing cleanups; in most cases this means
signals connected in the constructor and disconnected on destroy,
but also other cases with a similarly defined lifetime (say: from
show to hide).

This doesn't change signal connections that only exist for a short
time (say: once), handlers that are connected on-demand (say: the
first time a particular method is called), or connections that
aren't tracked (read: disconnected) at all.

We will eventually replace the latter with connectObject() as
well - especially from actor subclasses - but the changeset is
already big enough as-is :-)

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1953>
2022-03-04 14:14:37 +00:00
Florian Müllner
2b45a01517 cleanup: Use new indentation style for object literals
We have made good progress on object literals as well, although there
are still a lot that use the old style, given how ubiquitous object
literals are.

But the needed reindentation isn't overly intrusive, as changes are
limited to the object literals themselves (i.e. they don't affect
surrounding code).

And given that object literals account for quite a bit of the remaining
differences between regular and legacy rules, doing the transition now
is still worthwhile.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2200>
2022-02-23 12:23:52 +00:00
Florian Müllner
ac9fbe92e5 cleanup: Use new indentation style for arrays
We've made some progress on transitioning to the modern indentation
style, and for arrays the legacy style is now rare enough to make
a bulk transition feasible.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2200>
2022-02-23 12:23:52 +00:00
Florian Müllner
696965c9f7 cleanup: Stop using string concatenation
It's unfortunate that we cannot fully embrace template strings, but
we aren't limited to "legacy" formatting either; replace the last
remaining places where we still use string concatenation to reduce
the difference between regular and legacy style a bit.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2200>
2022-02-23 12:23:52 +00:00
Florian Müllner
a1dd1b25d8 js: Use templates for non-translatable strings
This reverts commit 9d941f8202125fa and replaces all additional
instances of .format() that have been added since.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2160>
2022-02-12 12:29:52 +00:00
Florian Müllner
5442266f28 js: Simplify promisify() calls
If the finish function isn't specified, promisify will now try
to use the async name without '_async'/'_begin' suffix (if any)
and '_finish' appended.

Everything except IBus uses a variation of that pattern, so there's
quite a bit of boilerplate we get to remove…

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2174>
2022-02-11 16:24:01 +00:00
Carlos Garnacho
7419674bd3 js: Change main.pushModal to return the Clutter.Grab handle
All callers have been updated to keep this handle to identify their
own grab.

Also, optionally use the windowing state to determine whether
the grab is suitable for the specific uses. This removes the need
to trying to grab twice in the places where we settle for a keyboard
grab.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2045>
2022-01-29 01:16:30 +01:00
Carlos Garnacho
3a77d78b42 loginDialog: Perform grab on the stage actor
Despite this grab happening in the dialog, we are also interested in
things happening outside of it. Move this grab to happen in the stage
itself, so the changed grab semantics don't make it impossible to
interact with parts of the login screen.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2045>
2022-01-29 01:16:30 +01:00
Carlos Garnacho
81179bbf84 authPrompt: Make actor reactive
The actor is non-reactive, but has a key event handler to handle
the Esc key on the auth prompt. Mark this actor as reactive, so
it can handle the events.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2045>
2022-01-29 01:16:29 +01:00
Naïm Favier
3de418ea3b loginDialog: Fix timing issue
Fix the first task of the timed login batch not returning the hold on
`_waitForItemForUser`.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2116>
2022-01-20 20:40:40 +00:00
Ray Strode
11401c13ed gdmUtil: Enable support for GDM's ChoiceList PAM extension
This commit hooks up support for GDM's ChoiceList PAM extension.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1978>
2022-01-13 15:31:32 -05:00
Ray Strode
051a6be121 gdm: Add AuthList control
Ultimately, we want to add support for GDM's new ChoiceList
PAM extension.  That extension allows PAM modules to present
a list of choices to the user. Before we can support that
extension, however, we need to have a list control in the
login-screen/unlock screen.  This commit adds that control.

For the most part, it's a copy-and-paste of the gdm userlist,
but with less features.  It lacks API specific to the users,
lacks the built in timed login indicator, etc. It does feature
a label heading.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1978>
2022-01-13 15:03:02 -05:00
Evan Welsh
f04914ac15 js: Remove dead code in loginDialog and workspacesView
- this._scrolling no longer exists
- _getBannerAllocation takes a single argument

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2042>
2022-01-05 15:44:28 +00:00
Benjamin Berg
724291de7f gdm: Remove pending fingerprint verification failure
It can happen that we get a problem report and a verification failure at
the same time. For fingerprint, a problem report can result in an
internal verification failure to be queued.

Remove this queued failure again if we got a failure already from GDM
directly.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1821>
2021-04-28 17:23:01 +00:00
Ray Strode
588dd6d80a gdm: Only disconnect verification signals when not going to retry
At the moment a failure in a background service can lead to the
various verification signals getting disconnected, even though
we still need them for a foreground service.

This commit changes the code to only disconnect when we've run
out of tries.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1821>
2021-04-28 17:23:01 +00:00
Ray Strode
8cfd4c969b gdm: Flip canRetry boolean to doneTrying on verification failure
This commit flips a boolean in the verification failed handler
to make things easier to read.

It also moves the retry logic to the bottom where it makes more
logical sense.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1821>
2021-04-28 17:23:01 +00:00
Ray Strode
a97c4b8945 authPrompt: Don't fail auth prompt until user is out of retries
At the moment we set the state of the auth prompt to failed any
time the user fails an attempt. But verification is still going
on until the user exhausts all attempts, so that's wrong.

This commit changes it to only set the state to failed when the
user is out of tries.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1821>
2021-04-28 17:23:01 +00:00
Ray Strode
a56d508d69 authPrompt: Don't clear querying service unless querying service fails
At the moment we treat a failure in any service as a signal to stop
tracking users responses to service questions.

This commit makes sure we don't stop waiting for answers if a background
service fails.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1821>
2021-04-28 17:23:01 +00:00
Ray Strode
1196532493 loginDialog: Allow timed login with disabled user list
At the moment the timed login feature is implemented in the user list.
If there's no user list, we don't show the indicator anywhere and
don't proceed with timed login.

This commit allows timed login to work when the user list is disabled.
It accomplishes this by putting the timed login indicator on the
auth prompt in that scenario.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1809>
2021-04-23 16:00:39 -04:00
Ray Strode
1410db2470 loginDialog: Realign list of batch tasks
The way the batch tasks are currently aligned doesn't jive with
with eslint likes.

This commit moves it over a bit.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1809>
2021-04-23 15:56:22 -04:00
Marco Trevisan (Treviño)
b74900b3a3 gdm: Override any other lower-priority service message on error
When we got an error, all the other HINT or INFO messages are not useful
anymore and delaying to show them is just a waste of time and may be
even wrong in scenarios with fast authentication devices.

An example are the fingerprint devices, where the user may touch the
sensor repeatedly while we may still show the "touch the sensor" hint
instead of notifying of possible errors.

So, in case we got an error override all the other errors coming from
the same service with lower priority.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1683>
2021-02-16 18:00:10 +00:00
Marco Trevisan (Treviño)
45a5171a95 gdm: Filter service non-error messages on verification stopped or failed
Once the verification has been stopped or has failed all the messages
that are not of error type are just not needed or wrong to show.
For example, in the fingerprint case we may still show the hint to swipe
or touch the device, while the fingerprint PAM service has already been
stopped.

So filter them by adding a new function that adds a null message to the
queue, overriding all the messages that have a lower priority.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1683>
2021-02-16 18:00:10 +00:00
Marco Trevisan (Treviño)
1cc20ca6b6 gdm: Add ability to queue a message overriding ones with less priority
There are cases in which a service may want to override a message with
one coming with higher priority, for example an info or hint message
isn't useful anymore if we've already got an error message.

In the same way when a service has been stopped we don't care anymore
showing its info or hint messages, while it still may be relevant to show
errors.

An example is the fingerprint service that may emit errors quickly while
the hints messages should not be kept around when an error is already
queued or when the service has been stopped.

So, add function that allows to override queued messages based by their
type that follows this policy:
 - Messages coming from different services are always preserved in
   their original order.
 - Messages (from the same service) with a priority equal or higher than
   the last queued one are preserved.
 - Messages matching completely the last queued are dropped in favor of
   this one.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1683>
2021-02-16 18:00:10 +00:00
Marco Trevisan (Treviño)
ef10bb6229 gdm: Keep messages in queue until we've not fully processed them
It can be convenient to get the currently showing message in order to
replace or remove it in case it's not needed anymore.

So simplify the message queue handling by only depending on a single
local variable (_messageQueue) and redefining hasPendingMessages
depending on its content.

Now messages are kept in queue till they are not fully processed and the
first message is always the one currently shown.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1683>
2021-02-16 18:00:10 +00:00
Marco Trevisan (Treviño)
9ecc1a4cd7 gdm: Compress fingerprint failures events using a timeout
When a fingerprint failure event happens we may also soon receive a
conversation-stopped event with an error message (such as in the case
we hit the MAXRETRIES value), but this is going to be ignored in case we
are too quick in consider the first failure a verification-failed event
because that implies disconnecting from all the events and then ignoring
such signals.

To prevent this, add a small timeout before failing the verification so
that if we get a further event we will process it.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1683>
2021-02-16 18:00:10 +00:00
Marco Trevisan (Treviño)
1ee9278786 gdm: Don't try to retry authenticating when the service is unavailable
In the case a service is not available (as it can be in the fingereprint
case when a supported reader is available but has not enrolled prints)
we were trying indefinitely to restart it, however this can lead to
troubles since commit 7a2e629b as when the service conversation was
stopped we had no way to figure out this case and we'd end up to
eventually fail the whole authentication.

However, in such cases the PAM services are expected to return a
PAM_AUTHINFO_UNAVAIL and gdm to handle it, emitting service-unavailable
signal.

So connect to ::service-unavailable and keep track of the unavailable
services so that we can avoid retrying with them.
In case such service is not the foreground one, we can just silently
ignore the error as we did before commit 7a2e629b, without bothering
failing the whole verification.

In case we got a valid error message on service-unavailable, we also
show it, this is normally not happening unless GDM isn't redirecting
here other kind of problems (such as MAXTRIES) which are supposed to
stop the authentication stopping any further retry.

Closes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3734
Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1683>
2021-02-16 18:00:10 +00:00
Marco Trevisan (Treviño)
7a2e629bd0 gdm: Fail and restart verification on conversation stopped for all services
Currently when the foreground service conversation stops we increase the
verification failed count and try to start it again, while if a
background service has been stopped we just ignore it.

This is causing a various number of issues, for example in the case of
the fingerprint authentication service, it is normally configured to die
after a timeout, and we end up never restarting it (while the UI still
keeps showing to the user the message about swipe/touch the device).

So, in such case let's just consider it a "soft" verification failure
that doesn't increase the failures count but will cause us to reset the
UI and try to restart the authentication (and so the affected service).

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
ed1ace1d99 authPrompt: Bump the user verifier timeout when wiggling the message
Wiggle may make the error message to be visible for less time so provide
the auth prompt an API to increase the timeout to be used for showing a
message in some cases.

This could be reworked when we'll have a proper asyn wiggle function so
that we could just make the user verifier to "freeze", then await for
the wiggle transition to complete and eventually release the verifier.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
75a1798e75 authPrompt: Wiggle error messages coming from the Fingerprint service
When error messages are coming from the fingerprint service they are actual
failures due to an user input in some device, in so in such case we
can highlight this by using a wiggle effect.

This mimics what has been done in gnome-control-center fingerprint panel
and part of [1].

[1] https://gitlab.gnome.org/Teams/Design/os-mockups/-/issues/56

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
19c4dce322 authPrompt: Only wiggle the entry on failures coming from the querying service
Currently whenever an authentication failure happens we wiggle the
entry, however this may not be related to the service which failed.

For example if the fingerprint authentication failed for whatever reason,
there's no point to wiggle the text input as it's something unrelated to it.

So, only apply the wiggle effect to the entry in case the failure is
coming from the querying service.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
526f0711f1 gdm: Expose the source serviceName for messages and verification failures
By giving to the AuthPrompt information regarding the source service
name (and so the ability to know whether it's a foreground service) can
give it the ability to behave differently.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
6ccd289691 gdm: Count fingerprint authentication failures in fail counter
Fingerprint PAM module can have multiple failures during a runtime
and we rely on the pam module configuration for the maximum allowed
retries.

However, while that setting should be always followed, we should never
ignore the login-screen's allowed-failures setting that can provide
a lower value.

So, once we have a fingerprint failure let's count it to increase our
internal fail counter, and when we've reached the limit we can emit a
verification-failed signal to our clients.

As per this we need also to ignore any further 'info' messages that we
could receive from the fingerprint service, as it may be configured to
handle more retries than us and they might arrive before we have
cancelled the verification session.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
1158e98913 gdm: Increase the verification failed counter once we've a failure
Decouple the verification failure count increase from
_verificationFailed as there are some cases in which we may want to
increase it without emitting a verification-failed signal.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
53db4b99b8 gdm: Always show fingerprint error messages
When the login/lock screen is shown the error messages for background
services are always ignored.

However, in case the service is the fingerprint authentication method
we still want to be able to show error messages to inform the user
about what failed, and eventually that the max retries (that may be
different from the login screen configuration) has been reached.

This handles partially the design issue [1] related to the login/lock
screen fingerprint authentication.

Eventually we want to use pam extensions to use clearer and parse-able
messages, however in the case of the fingerprint service we can be sure
that the fprint PAM module will only send errors on auth failures.

[1] https://gitlab.gnome.org/Teams/Design/os-mockups/-/issues/56

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
f7685dc224 ShellUserVerifier: Add method to check if the service name is fingerprint
We have multiple places where we check if we're handling a fingerprint
event, so let's add a common public function so that it can be used also
by the authPrompt.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
829a096ba1 gdm: Restart only the service that failed at verification-failure
When verification failed using a specific authentication service we're
currently restarting the whole user authentication system, which leads
to lots of unneeded operations (reinitializing a new user verifier proxy,
restarting all the gdm workers with the relative PAM modules and so on).
And this makes also debugging of login problems more complicated, given
we're cluttering the journal with repeated data.

However, at reauthentication failure GDM has already set up for us an
user verifier that we can use reuse to start only the service that had a
failure. So when possible, just start a new service instead of rebooting
the whole authorization process.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
85ad1157df gdm: Pass source serviceName to verification failures
Depending on the service name we got the failure from we could react
differently, so let's pass the value to the verification failure
handler.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
80a7a8ddb9 gdm: Ensure we cancel all the previously running services on auth retry
When retrying the authentication we should make sure that all the
previously initiated services are stopped in order to begin a new
authentication session with all the configured services.

Unfortunately at the current state we only dispose the currently used
user verifier, but we don't make it to stop all the relative gdm workers
and then they'll stay around potentially blocking any further usage of
them (as it happens with the fingerprint one, that has unique access to
the device).

So, cancel the currently running authentication before starting a new
one if we're explicitly retrying.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
ca912f55cc gdm: Include the failed service name when in reporting errors
Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
36fba1a184 gdm: Do not fail the whole authentication if a background service failed
In case a background service such as the fingerprint authentication
fails to start we'd just mark the whole authentication process as
failed.

Currently this may happen by just putting a wrong password when an user
has some fingerprints enrolled, the fingerprint gdm authentication
worker may take some time to restart leading to a failure and this is
currently also making the password authentication to fail:

    JS ERROR: Failed to start gdm-fingerprint for u: Gio.DBusError:
        GDBus.Error:org.freedesktop.DBus.Error.Spawn.Failed:
            Could not create authentication helper process
        _promisify/proto[asyncFunc]/</<@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:435:45
        ### Promise created here: ###
        _startService@resource:///org/gnome/shell/gdm/util.js:470:42
        _beginVerification@resource:///org/gnome/shell/gdm/util.js:495:18
        _getUserVerifier@resource:///org/gnome/shell/gdm/util.js:405:14
        async*_openReauthenticationChannel@resource:///org/gnome/shell/gdm/util.js:378:22
        async*begin@resource:///org/gnome/shell/gdm/util.js:194:18
        _retry@resource:///org/gnome/shell/gdm/util.js:561:14
        _verificationFailed/signalId<@resource:///org/gnome/shell/gdm/util.js:584:30
        _emit@resource:///org/gnome/gjs/modules/core/_signals.js:133:47
        finishMessageQueue@resource:///org/gnome/shell/gdm/util.js:268:14
        _queueMessageTimeout@resource:///org/gnome/shell/gdm/util.js:273:18
        _queueMessageTimeout/this._messageQueueTimeoutId<@resource:///org/gnome/shell/gdm/util.js:288:65

Given that background services are ignored even for queries or any kind
of message, we should not fail the authentication request unless the
default service fails.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
0ccb8e27d4 gdm: Disconnect user verifier signals on destruction and verification failed
When a verification session has failed we may want to wait for the user
to have completed all the waiting queries and to have read all the
incoming messages, however during such time an user verifier should
not be allowed to queue further messages to the UI, as we're about to
completely stop the identification or start a new one.

Unfortunately this is not true because we're still connected to the
identifier signals, and so we may still show messages.
This is particularly true when using the fingerprint PAM module as it
may restart the authentication while we're in the process of stopping
it.

So, keep track of all the signals we've connected to, and disconnect on
verification failed and during cancel/clear operations.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
c936ca3ea0 gdm: Don't try answering query if the user verifier has been deleted
Answering a query may be delayed to the moment in which we've not any
more messages in the queue, however this case can also happen just after
we've cleared the UserVerifier and in such case we'd have nothing to
answer, but we currently throw an error:

    JS ERROR: Exception in callback for signal: no-more-messages:
      TypeError: this._userVerifier is null
    answerQuery/signalId<@resource:///org/gnome/shell/gdm/util.js:249:17
    _emit@resource:///org/gnome/gjs/modules/core/_signals.js:133:47
    finishMessageQueue@resource:///org/gnome/shell/gdm/util.js:266:14
    _clearMessageQueue@resource:///org/gnome/shell/gdm/util.js:301:14
    clear@resource:///org/gnome/shell/gdm/util.js:223:14
    cancel@resource:///org/gnome/shell/gdm/util.js:205:18
    reset@resource:///org/gnome/shell/gdm/authPrompt.js:482:32
    cancel@resource:///org/gnome/shell/gdm/authPrompt.js:569:14
    vfunc_key_press_event@resource:///org/gnome/shell/gdm/authPrompt.js:128

So handle this case more gracefully keeping track of the current
cancellable and checking whether it is still valid before trying to answer
a query or do a delayed action.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
c8bb45b41c gdm: Limit verification cancellations to be conform to allowed-failures
As per previous commit the user can cancel an ongoing authentication via
Escape key and that will always send the user back to the clock view in
lockscreen or user-selection view in login prompt.

However, we can be a little more permissive and don't switch view to be
able to restart the authentication without further action.

To avoid this to be abused though, we consider the user verification
cancellation via escape key to be a "soft-failure", so once the
configured "allowed-failures" gsettings value has been reached, we'd
just act as before, ignoring any further request (until we don't get
back to the user auth view).

In this way we still make brute-force attacks harder to do, while still
giving the well-behaving user some ability to fix mistakes.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
7e77881717 authPrompt: Handle Escape key to cancel ongoing verification
Escape key is supposed to cancel a verification, however if the user
already hit Enter to begin the authentication the Escape key won't work
until the verification completed.

This may be quite inconvenient when an user did a typo while writing and
wants to cancel the already started auth.

So, while authenticating (or in general while the entry is unsensitive)
give the key focus to the authpromt itself so that we can still get the
input events and cancel an user action.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
3e96952fde authPrompt: Don't begin a new authentication session on lockscreen cancel event
When a cancel event in the user lockscreen happens we first emit a reset
signal and immediately a cancelled one.

This lead to start a new gdm worker for each enabled authentication
method and then immediately to stop it.
As per the previous commit, we don't have anymore dangling gdm workers
around, but still we should not even start a new one in such case.

So, when the user explicitly cancelled the authentication session, first
emit a cancelled event and only emit a reset event with a begin request
if we are outside the lockscreen.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00