Commit Graph

120 Commits

Author SHA1 Message Date
Ray Strode
11401c13ed gdmUtil: Enable support for GDM's ChoiceList PAM extension
This commit hooks up support for GDM's ChoiceList PAM extension.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1978>
2022-01-13 15:31:32 -05:00
Ray Strode
a97c4b8945 authPrompt: Don't fail auth prompt until user is out of retries
At the moment we set the state of the auth prompt to failed any
time the user fails an attempt. But verification is still going
on until the user exhausts all attempts, so that's wrong.

This commit changes it to only set the state to failed when the
user is out of tries.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1821>
2021-04-28 17:23:01 +00:00
Ray Strode
a56d508d69 authPrompt: Don't clear querying service unless querying service fails
At the moment we treat a failure in any service as a signal to stop
tracking users responses to service questions.

This commit makes sure we don't stop waiting for answers if a background
service fails.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1821>
2021-04-28 17:23:01 +00:00
Ray Strode
1196532493 loginDialog: Allow timed login with disabled user list
At the moment the timed login feature is implemented in the user list.
If there's no user list, we don't show the indicator anywhere and
don't proceed with timed login.

This commit allows timed login to work when the user list is disabled.
It accomplishes this by putting the timed login indicator on the
auth prompt in that scenario.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1809>
2021-04-23 16:00:39 -04:00
Marco Trevisan (Treviño)
ed1ace1d99 authPrompt: Bump the user verifier timeout when wiggling the message
Wiggle may make the error message to be visible for less time so provide
the auth prompt an API to increase the timeout to be used for showing a
message in some cases.

This could be reworked when we'll have a proper asyn wiggle function so
that we could just make the user verifier to "freeze", then await for
the wiggle transition to complete and eventually release the verifier.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
75a1798e75 authPrompt: Wiggle error messages coming from the Fingerprint service
When error messages are coming from the fingerprint service they are actual
failures due to an user input in some device, in so in such case we
can highlight this by using a wiggle effect.

This mimics what has been done in gnome-control-center fingerprint panel
and part of [1].

[1] https://gitlab.gnome.org/Teams/Design/os-mockups/-/issues/56

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
19c4dce322 authPrompt: Only wiggle the entry on failures coming from the querying service
Currently whenever an authentication failure happens we wiggle the
entry, however this may not be related to the service which failed.

For example if the fingerprint authentication failed for whatever reason,
there's no point to wiggle the text input as it's something unrelated to it.

So, only apply the wiggle effect to the entry in case the failure is
coming from the querying service.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
526f0711f1 gdm: Expose the source serviceName for messages and verification failures
By giving to the AuthPrompt information regarding the source service
name (and so the ability to know whether it's a foreground service) can
give it the ability to behave differently.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
c8bb45b41c gdm: Limit verification cancellations to be conform to allowed-failures
As per previous commit the user can cancel an ongoing authentication via
Escape key and that will always send the user back to the clock view in
lockscreen or user-selection view in login prompt.

However, we can be a little more permissive and don't switch view to be
able to restart the authentication without further action.

To avoid this to be abused though, we consider the user verification
cancellation via escape key to be a "soft-failure", so once the
configured "allowed-failures" gsettings value has been reached, we'd
just act as before, ignoring any further request (until we don't get
back to the user auth view).

In this way we still make brute-force attacks harder to do, while still
giving the well-behaving user some ability to fix mistakes.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
7e77881717 authPrompt: Handle Escape key to cancel ongoing verification
Escape key is supposed to cancel a verification, however if the user
already hit Enter to begin the authentication the Escape key won't work
until the verification completed.

This may be quite inconvenient when an user did a typo while writing and
wants to cancel the already started auth.

So, while authenticating (or in general while the entry is unsensitive)
give the key focus to the authpromt itself so that we can still get the
input events and cancel an user action.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
3e96952fde authPrompt: Don't begin a new authentication session on lockscreen cancel event
When a cancel event in the user lockscreen happens we first emit a reset
signal and immediately a cancelled one.

This lead to start a new gdm worker for each enabled authentication
method and then immediately to stop it.
As per the previous commit, we don't have anymore dangling gdm workers
around, but still we should not even start a new one in such case.

So, when the user explicitly cancelled the authentication session, first
emit a cancelled event and only emit a reset event with a begin request
if we are outside the lockscreen.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
yun341
3fb321fd21 authPrompt: set value of beginRequestType to 'DONT_PROVIDE_USERNAME'
Commit 809f820c introduct vmware SSO service to gnome-shell, the value
beginRequestType should be set to 'DONT_PROVIDE_USERNAME', otherwise
vmware sso will fail. This patch will fix it.

Closes: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1443
2020-09-23 15:42:51 +00:00
Florian Müllner
82da51d5a1 authPrompt: Hide password when insensitive
The purpose of password peeking is to spot and correct errors;
the latter isn't possible when the entry is non-editable, so
we can hide the password again while authentication is ongoing.

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3138
2020-09-21 22:51:48 +02:00
Andre Moreira Magalhaes
00437750ed authPrompt: Properly get oVirt service name
Commit 809f820cd moved the definition of OVIRT_SERVICE_NAME to
'js/gdm/oVirt.js' but missed updating one occurrence. This
commit fixes it.

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1414
2020-08-18 13:31:23 +00:00
yun341
809f820cd4 gdm: Refactor oVirt to a generic CredentialManager interface
Commit 4cda61a1 added support for pre-authenticated logins in
    oVirt environments. This feature prevents a user from having
    to type their password twice (once to the oVirt management machine,
    and then immediately again in the provisioned guest running gnome-shell).
    That feature is currently oVirt specific, but a similar feature would
    be useful in non-oVirt based virt farm environments.

    Toward that end, this commit generalizes the various aspects of the
    oVirt integration code, so that it can be reused in a subsequent
    commit for adding single sign on support in vmware deployments, too.

    Closes: https://gitlab.gnome.org/GNOME/gnome-shell/issues/1983
2020-07-04 08:11:49 +08:00
Jonas Dreßler
8d139bbd95 authPrompt: Grab key focus when making entry sensitive
We currently let the entry of the autoPrompt grab the key focus inside
setQuestion(), which is called from _onAskQuestion(), which is the
callback of the "ask-question" signal.

It seems that the "ask-question" signal isn't emitted again right after
the password-check failed, but a few seconds after that. Since we get
the "verification-failed" signal earlier than "ask-question" (right
after we know the check failed) and we also get a hint whether the entry
should be usable again with the canRetry argument, we can also grab key
focus to in the same step.

So do that by grabbing key focus when making the entry sensitive.

Fixes https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2655
2020-04-25 14:54:07 +00:00
Florian Müllner
b191e9ef91 authPrompt: Fix spinner alignment
We want the spinner to be centered with regard to the entry, but
constraining the height breaks that:

 1. clutter_actor_allocate() is called with the available size
 2. clutter_actor_update_constraints() then adjusts that according
    to the constraints
 3. clutter_actor_adjust_allocation() applies the margin/expand/align
    properties.

The issue there is that 2. reduces the allocation to the desired size,
so there is no more extra space to distribute in 3.

We can fix this by either constraining everything (and rely on the
cancel button's alignment) or limit the constraint to the width. The
latter seems more appropriate, given that the constraint is only used
to center the entry horizontally.

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2628
2020-04-17 22:35:31 +00:00
Florian Müllner
4f427f4e0d js: Do not set entries' ClutterText:editable property
The property influences the text's (and thus entry's) minimum width[0],
which is generally not what we want. And as we now prevent text from
being entered in non-reactive entries by other means, we can simply
drop it.

[0] https://gitlab.gnome.org/GNOME/mutter/-/blob/master/clutter/clutter/clutter-text.c#L2940

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2423
2020-03-29 22:12:57 +02:00
Florian Müllner
26ffeaae47 js: Add missing chain-ups in vfuncs
Commit 55b57421d changed signal handlers to the corresponding vfuncs,
but didn't always chain up as necessary. In most places this doesn't
matter, but at the very least the commit broke activating message list
items via the keyboard.

Add all (hopefully) the missing chain-ups to get the expected behavior
back.

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2319
2020-03-27 10:39:58 +01:00
Florian Müllner
d62391c8f1 unlockDialog: Set accessible name of icon-only buttons
We turned both the auth prompt's cancel button and the switch user
button into icon buttons now, which means they are completely cryptic
when using a screen reader.

Just use the previously used labels as accessible names, which has the
nice side effect of lowering the impact of the string freeze break.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2210
2020-02-24 12:29:44 +00:00
Florian Müllner
ab24ee7a7e authPrompt: Don't focus hidden cancelButton
The button is hidden on the lock screen, so it shouldn't be allowed to
activate it, be it via click or keyboard. The latter is still possible
by keynaving to the button and hitting space/enter. Fix that by making
the button unfocusable when we make it unreactive.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2210
2020-02-24 12:29:44 +00:00
Florian Müllner
ff39b3274b authPrompt: Initialize property in _init()
This avoid a "reference to undefined property" warning when using
it in a comparison.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/1035
2020-02-20 19:08:47 +00:00
Florian Müllner
24c8f5bb70 authPrompt: Fix cancel button visibility
Grrr, this slipped in in 5cad5c20e9, and we don't have a compiler
to catch those kinds of bugs :-(

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2228
2020-02-18 21:34:16 +00:00
Jonas Dreßler
bcc652632d authPrompt: Use the same hint text as the polkitDialog for the password
Be consistent and show the hint for the password entry that we already
show in the polkitDialog in the auth dialog.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/977
2020-02-17 11:03:07 +00:00
Florian Müllner
0d766dcf70 authPrompt: Use placeholder label to avoid layout changes
We don't want to show a caps-lock warning when showing a non-password
entry, but we also don't want the layout to jump when changing the
label's visibility.

Achieve that by inserting an empty placeholder label that we can
show whenever the caps-lock warning is hidden.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2215
2020-02-14 21:57:03 +01:00
Florian Müllner
41da4b0681 Revert "authPrompt: Don't hide the caps lock warning label"
Using the opacity to control the label's visibility doesn't work
correctly, as CapsLockWarning itself changes the opacity when
the caps-lock state changes.

This reverts commit 9f5f6aa9b2.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2215
2020-02-14 21:57:03 +01:00
Georges Basile Stavracas Neto
5cad5c20e9 authPrompt: Hide cancel button on unlock screen
As per the latest design review, hide the cancel button
on the unlock dialog.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/1006
2020-02-14 20:49:57 +00:00
Georges Basile Stavracas Neto
06565542e7 Revert "unlockDialog: Remove 'Login as another user' Label"
This reverts commit c6a79fafc. The back button doesn't really work
as a replacement for going back to the login screen.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/1006
2020-02-14 20:49:57 +00:00
Georges Basile Stavracas Neto
7e27a2db3d authPrompt: Keep password entry on reset
Usually, logging in or unlocking the session is made asynchronously,
and AuthPrompt properly manages which entry is currently visible.
External code don't rely on any specific entry to be set, since it
is AuthPrompt's responsibility to select the correct one to be shown.

However, there's one specific case where AuthPrompt must preserve
the password entry: on reset. The reset code preserved whatever
entry was currently displayed, but after fe69dacaf1, it always
changes to the username entry.

Make sure to show the password entry on reset.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/999
2020-02-13 18:11:16 -03:00
Georges Basile Stavracas Neto
9f5f6aa9b2 authPrompt: Don't hide the caps lock warning label
Hiding the Caps lock warning label changes the layout of
Auth Prompt. This is specially noticeable when logging in
with unlisted users, where we change the visibility of this
label after typing a username, and the whole user widget
moves a bit.

Change the Cap lock label's opacity instead of hiding it.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
0f34cbb658 authPrompt: Only spin on password entries
Spinning while typing the password is a bit off-putting, and
inconsistent with how regular authentication behaves.

Only spin the spinner after typing the password.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
077a1d2309 authPrompt: Refactor 'next' signal
Currently, AuthPrompt is connecting to its own 'next' signal
signal to react to any of the entries being activated, and do
some actions like starting the spinner and answering the PAM
question.

Refactor this code into another method, and don't connect to
our own signal.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
66835c6e15 authPrompt: Remove colons from questions
Unfortunately, the question that is displayed comes directly
from PAM. It usually is just "Password:", which comes from
pam-unix, but other questions can be set, usually with the
colons, since they are crafted with a CLI workflow in mind.

Manually drop the colons from questions asked by PAM. This
is also done by the PolKit agent, which shows how the stack
is fragile, but it's what we have for now.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
99e81b32f4 authPrompt: Keep buttonWell and cancel button sizes in sync
So that the entry is horizontally centralized at all times.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
fe69dacaf1 loginDialog: Use text entry for username
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
6daeb048af authPrompt: Connect signals to both text and password entries
This is a regression from the transition to password entry. Both
entries need to be connected to the relevant signals, otherwise
username-based login won't ever work.

Connect both the text and the password entries.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
db4dfd8fa5 authPrompt: Trivial style cleanup
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
43a45c091d authPrompt: Use entry to show question texts
Currently, there is a dedicated label above the entry to
display the question text. According to the new mockups
for the lock screen, this label doesn't exist; instead,
the question is set inside the entry itself, as a hint
text.

Set the questions as hint texts of the entry, and remove
the now unused label.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
cc5adcbeef loginDialog: Center align Caps Lock and authentication messages
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
654093dc40 userWidget: Adapt if user is not mentioned for username login
If username-based login flow is followed, we need a default avatar
for the userWidget. Hence, check if the user passed to userWidget
is (null) which implies a username-based login flow.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
aebea82474 loginDialog: Move and relayout sessionMenuButton to bottom right
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
c6a79fafc9 unlockDialog: Remove 'Login as another user' Label
According to the new mockups, logging in as another user
should be handled by the (<) button present on the lock-screen.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
7fc4fe9a97 authPrompt: Iconize the cancel button
Replace the "Cancel" label in the cancel button
by an arrow icon, and adjust the theme to make
it circular.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
ee0a36e6a3 authPrompt: Move cancel button, entry and spinner to a single row
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
a5972d2882 authPrompt: Remove Next button and its references
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
2fdc627257 userWidget: Allow vertical orientation for user avatars
Allow vertical orientation for the userWidget so that the user-avatar
can be centered and user's name can be placed below it. The plan
for 3.36 is to use this vertical userWidget layout for both lock
and login screen.

The userWidget is also used while creating the user-selection list
at the login, hence we still need to keep the horizontal layout
for userWidget in place.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Jonas Dreßler
2b184a10d6 util: Move wiggle parameters to a common place
Since the wiggle effect will be used by the redesigned prompt-dialogs
and we always want to use the same parameters, move those as defaults
for the wiggle function to the util.js file.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/942
2020-02-01 08:06:31 +01:00
Umang Jain
474dda7ffe js: Add caps-lock Warning to the dialogs
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/619
2019-12-17 23:08:43 +01:00
Umang Jain
684b918915 js: Use StPasswordEntry for password entry fields
Use the new StPasswordEntry for password entry fields
and remove all direct handling of clutter text of the entry
 via clutter_text_set_password_char to show/hide the password
text. StPasswordEntry will provides a peek-password-icon which
will allow to show/hide the password present in the field to
the user in subsequent commits.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/619
2019-12-17 23:08:43 +01:00
Florian Müllner
ebf77748a8 cleanup: Require "dangling" commas
Since ES5, trailing commas in arrays and object literals are valid.
We generally haven't used them so far, but they are actually a good
idea, as they make additions and removals in diffs much cleaner.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/805
2019-11-11 19:25:14 +00:00