Commit Graph

463 Commits

Author SHA1 Message Date
Marco Trevisan (Treviño)
1cc20ca6b6 gdm: Add ability to queue a message overriding ones with less priority
There are cases in which a service may want to override a message with
one coming with higher priority, for example an info or hint message
isn't useful anymore if we've already got an error message.

In the same way when a service has been stopped we don't care anymore
showing its info or hint messages, while it still may be relevant to show
errors.

An example is the fingerprint service that may emit errors quickly while
the hints messages should not be kept around when an error is already
queued or when the service has been stopped.

So, add function that allows to override queued messages based by their
type that follows this policy:
 - Messages coming from different services are always preserved in
   their original order.
 - Messages (from the same service) with a priority equal or higher than
   the last queued one are preserved.
 - Messages matching completely the last queued are dropped in favor of
   this one.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1683>
2021-02-16 18:00:10 +00:00
Marco Trevisan (Treviño)
ef10bb6229 gdm: Keep messages in queue until we've not fully processed them
It can be convenient to get the currently showing message in order to
replace or remove it in case it's not needed anymore.

So simplify the message queue handling by only depending on a single
local variable (_messageQueue) and redefining hasPendingMessages
depending on its content.

Now messages are kept in queue till they are not fully processed and the
first message is always the one currently shown.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1683>
2021-02-16 18:00:10 +00:00
Marco Trevisan (Treviño)
9ecc1a4cd7 gdm: Compress fingerprint failures events using a timeout
When a fingerprint failure event happens we may also soon receive a
conversation-stopped event with an error message (such as in the case
we hit the MAXRETRIES value), but this is going to be ignored in case we
are too quick in consider the first failure a verification-failed event
because that implies disconnecting from all the events and then ignoring
such signals.

To prevent this, add a small timeout before failing the verification so
that if we get a further event we will process it.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1683>
2021-02-16 18:00:10 +00:00
Marco Trevisan (Treviño)
1ee9278786 gdm: Don't try to retry authenticating when the service is unavailable
In the case a service is not available (as it can be in the fingereprint
case when a supported reader is available but has not enrolled prints)
we were trying indefinitely to restart it, however this can lead to
troubles since commit 7a2e629b as when the service conversation was
stopped we had no way to figure out this case and we'd end up to
eventually fail the whole authentication.

However, in such cases the PAM services are expected to return a
PAM_AUTHINFO_UNAVAIL and gdm to handle it, emitting service-unavailable
signal.

So connect to ::service-unavailable and keep track of the unavailable
services so that we can avoid retrying with them.
In case such service is not the foreground one, we can just silently
ignore the error as we did before commit 7a2e629b, without bothering
failing the whole verification.

In case we got a valid error message on service-unavailable, we also
show it, this is normally not happening unless GDM isn't redirecting
here other kind of problems (such as MAXTRIES) which are supposed to
stop the authentication stopping any further retry.

Closes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3734
Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1683>
2021-02-16 18:00:10 +00:00
Marco Trevisan (Treviño)
7a2e629bd0 gdm: Fail and restart verification on conversation stopped for all services
Currently when the foreground service conversation stops we increase the
verification failed count and try to start it again, while if a
background service has been stopped we just ignore it.

This is causing a various number of issues, for example in the case of
the fingerprint authentication service, it is normally configured to die
after a timeout, and we end up never restarting it (while the UI still
keeps showing to the user the message about swipe/touch the device).

So, in such case let's just consider it a "soft" verification failure
that doesn't increase the failures count but will cause us to reset the
UI and try to restart the authentication (and so the affected service).

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
ed1ace1d99 authPrompt: Bump the user verifier timeout when wiggling the message
Wiggle may make the error message to be visible for less time so provide
the auth prompt an API to increase the timeout to be used for showing a
message in some cases.

This could be reworked when we'll have a proper asyn wiggle function so
that we could just make the user verifier to "freeze", then await for
the wiggle transition to complete and eventually release the verifier.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
75a1798e75 authPrompt: Wiggle error messages coming from the Fingerprint service
When error messages are coming from the fingerprint service they are actual
failures due to an user input in some device, in so in such case we
can highlight this by using a wiggle effect.

This mimics what has been done in gnome-control-center fingerprint panel
and part of [1].

[1] https://gitlab.gnome.org/Teams/Design/os-mockups/-/issues/56

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
19c4dce322 authPrompt: Only wiggle the entry on failures coming from the querying service
Currently whenever an authentication failure happens we wiggle the
entry, however this may not be related to the service which failed.

For example if the fingerprint authentication failed for whatever reason,
there's no point to wiggle the text input as it's something unrelated to it.

So, only apply the wiggle effect to the entry in case the failure is
coming from the querying service.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
526f0711f1 gdm: Expose the source serviceName for messages and verification failures
By giving to the AuthPrompt information regarding the source service
name (and so the ability to know whether it's a foreground service) can
give it the ability to behave differently.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
6ccd289691 gdm: Count fingerprint authentication failures in fail counter
Fingerprint PAM module can have multiple failures during a runtime
and we rely on the pam module configuration for the maximum allowed
retries.

However, while that setting should be always followed, we should never
ignore the login-screen's allowed-failures setting that can provide
a lower value.

So, once we have a fingerprint failure let's count it to increase our
internal fail counter, and when we've reached the limit we can emit a
verification-failed signal to our clients.

As per this we need also to ignore any further 'info' messages that we
could receive from the fingerprint service, as it may be configured to
handle more retries than us and they might arrive before we have
cancelled the verification session.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
1158e98913 gdm: Increase the verification failed counter once we've a failure
Decouple the verification failure count increase from
_verificationFailed as there are some cases in which we may want to
increase it without emitting a verification-failed signal.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
53db4b99b8 gdm: Always show fingerprint error messages
When the login/lock screen is shown the error messages for background
services are always ignored.

However, in case the service is the fingerprint authentication method
we still want to be able to show error messages to inform the user
about what failed, and eventually that the max retries (that may be
different from the login screen configuration) has been reached.

This handles partially the design issue [1] related to the login/lock
screen fingerprint authentication.

Eventually we want to use pam extensions to use clearer and parse-able
messages, however in the case of the fingerprint service we can be sure
that the fprint PAM module will only send errors on auth failures.

[1] https://gitlab.gnome.org/Teams/Design/os-mockups/-/issues/56

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
f7685dc224 ShellUserVerifier: Add method to check if the service name is fingerprint
We have multiple places where we check if we're handling a fingerprint
event, so let's add a common public function so that it can be used also
by the authPrompt.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1652>
2021-02-15 16:58:50 +00:00
Marco Trevisan (Treviño)
829a096ba1 gdm: Restart only the service that failed at verification-failure
When verification failed using a specific authentication service we're
currently restarting the whole user authentication system, which leads
to lots of unneeded operations (reinitializing a new user verifier proxy,
restarting all the gdm workers with the relative PAM modules and so on).
And this makes also debugging of login problems more complicated, given
we're cluttering the journal with repeated data.

However, at reauthentication failure GDM has already set up for us an
user verifier that we can use reuse to start only the service that had a
failure. So when possible, just start a new service instead of rebooting
the whole authorization process.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
85ad1157df gdm: Pass source serviceName to verification failures
Depending on the service name we got the failure from we could react
differently, so let's pass the value to the verification failure
handler.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
80a7a8ddb9 gdm: Ensure we cancel all the previously running services on auth retry
When retrying the authentication we should make sure that all the
previously initiated services are stopped in order to begin a new
authentication session with all the configured services.

Unfortunately at the current state we only dispose the currently used
user verifier, but we don't make it to stop all the relative gdm workers
and then they'll stay around potentially blocking any further usage of
them (as it happens with the fingerprint one, that has unique access to
the device).

So, cancel the currently running authentication before starting a new
one if we're explicitly retrying.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
ca912f55cc gdm: Include the failed service name when in reporting errors
Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
36fba1a184 gdm: Do not fail the whole authentication if a background service failed
In case a background service such as the fingerprint authentication
fails to start we'd just mark the whole authentication process as
failed.

Currently this may happen by just putting a wrong password when an user
has some fingerprints enrolled, the fingerprint gdm authentication
worker may take some time to restart leading to a failure and this is
currently also making the password authentication to fail:

    JS ERROR: Failed to start gdm-fingerprint for u: Gio.DBusError:
        GDBus.Error:org.freedesktop.DBus.Error.Spawn.Failed:
            Could not create authentication helper process
        _promisify/proto[asyncFunc]/</<@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:435:45
        ### Promise created here: ###
        _startService@resource:///org/gnome/shell/gdm/util.js:470:42
        _beginVerification@resource:///org/gnome/shell/gdm/util.js:495:18
        _getUserVerifier@resource:///org/gnome/shell/gdm/util.js:405:14
        async*_openReauthenticationChannel@resource:///org/gnome/shell/gdm/util.js:378:22
        async*begin@resource:///org/gnome/shell/gdm/util.js:194:18
        _retry@resource:///org/gnome/shell/gdm/util.js:561:14
        _verificationFailed/signalId<@resource:///org/gnome/shell/gdm/util.js:584:30
        _emit@resource:///org/gnome/gjs/modules/core/_signals.js:133:47
        finishMessageQueue@resource:///org/gnome/shell/gdm/util.js:268:14
        _queueMessageTimeout@resource:///org/gnome/shell/gdm/util.js:273:18
        _queueMessageTimeout/this._messageQueueTimeoutId<@resource:///org/gnome/shell/gdm/util.js:288:65

Given that background services are ignored even for queries or any kind
of message, we should not fail the authentication request unless the
default service fails.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
0ccb8e27d4 gdm: Disconnect user verifier signals on destruction and verification failed
When a verification session has failed we may want to wait for the user
to have completed all the waiting queries and to have read all the
incoming messages, however during such time an user verifier should
not be allowed to queue further messages to the UI, as we're about to
completely stop the identification or start a new one.

Unfortunately this is not true because we're still connected to the
identifier signals, and so we may still show messages.
This is particularly true when using the fingerprint PAM module as it
may restart the authentication while we're in the process of stopping
it.

So, keep track of all the signals we've connected to, and disconnect on
verification failed and during cancel/clear operations.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
c936ca3ea0 gdm: Don't try answering query if the user verifier has been deleted
Answering a query may be delayed to the moment in which we've not any
more messages in the queue, however this case can also happen just after
we've cleared the UserVerifier and in such case we'd have nothing to
answer, but we currently throw an error:

    JS ERROR: Exception in callback for signal: no-more-messages:
      TypeError: this._userVerifier is null
    answerQuery/signalId<@resource:///org/gnome/shell/gdm/util.js:249:17
    _emit@resource:///org/gnome/gjs/modules/core/_signals.js:133:47
    finishMessageQueue@resource:///org/gnome/shell/gdm/util.js:266:14
    _clearMessageQueue@resource:///org/gnome/shell/gdm/util.js:301:14
    clear@resource:///org/gnome/shell/gdm/util.js:223:14
    cancel@resource:///org/gnome/shell/gdm/util.js:205:18
    reset@resource:///org/gnome/shell/gdm/authPrompt.js:482:32
    cancel@resource:///org/gnome/shell/gdm/authPrompt.js:569:14
    vfunc_key_press_event@resource:///org/gnome/shell/gdm/authPrompt.js:128

So handle this case more gracefully keeping track of the current
cancellable and checking whether it is still valid before trying to answer
a query or do a delayed action.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
c8bb45b41c gdm: Limit verification cancellations to be conform to allowed-failures
As per previous commit the user can cancel an ongoing authentication via
Escape key and that will always send the user back to the clock view in
lockscreen or user-selection view in login prompt.

However, we can be a little more permissive and don't switch view to be
able to restart the authentication without further action.

To avoid this to be abused though, we consider the user verification
cancellation via escape key to be a "soft-failure", so once the
configured "allowed-failures" gsettings value has been reached, we'd
just act as before, ignoring any further request (until we don't get
back to the user auth view).

In this way we still make brute-force attacks harder to do, while still
giving the well-behaving user some ability to fix mistakes.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
7e77881717 authPrompt: Handle Escape key to cancel ongoing verification
Escape key is supposed to cancel a verification, however if the user
already hit Enter to begin the authentication the Escape key won't work
until the verification completed.

This may be quite inconvenient when an user did a typo while writing and
wants to cancel the already started auth.

So, while authenticating (or in general while the entry is unsensitive)
give the key focus to the authpromt itself so that we can still get the
input events and cancel an user action.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
3e96952fde authPrompt: Don't begin a new authentication session on lockscreen cancel event
When a cancel event in the user lockscreen happens we first emit a reset
signal and immediately a cancelled one.

This lead to start a new gdm worker for each enabled authentication
method and then immediately to stop it.
As per the previous commit, we don't have anymore dangling gdm workers
around, but still we should not even start a new one in such case.

So, when the user explicitly cancelled the authentication session, first
emit a cancelled event and only emit a reset event with a begin request
if we are outside the lockscreen.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
b916df1110 gdm: Cancel user verification on UserVerifier destruction
When we cancel an user authentication via Escape key or cancel button on
AuthPrompt we reset the view and we emit a 'cancelled' signal that leads
to destroying the auth prompt and the user verifier.

However, the verifier may still have an operation in progress and its
completion may take some time (as in the case of gdm-fingerprint), but
we just leave the gdm worker running until its pam module completes
(potentially never) clearing and disposing its handle.

So, instead of just clearing the verify, actually cancel and clear it.
In case the user verifier is set, clearing the relevant data will happen
anyway as part of the cancel() call.

Ideally this would have been handled by gdm itself, but unfortunately we
can't fix it there because the verifier itself is a class generated by
gdbus-codegen, so we can't handle this automatically on disposal nor we
can automatically monitor when the caller proxy is stopped on our side.

Fixes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3654
Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
a19e6573e1 loginDialog: Fill UserListItem layout to show the timed login indicator
When the timed indicator is shown the UserListItem layout should fill
so that the timed indicator can expand to use the whole item space.

So, always use the default value for x-align that will make it to fill
the available space without causing any regression when the timed
indicator is hidden.

Closes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3675
Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1644>
2021-02-09 06:08:55 +00:00
Razze
aa392d45c9 fingerprint: Show different strings depending on type
Fprintd knows if the fingerprint reader is of the swipe or press type. We now show different labels depending on that.

Closes https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2011

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1572>
2021-02-08 19:19:14 +00:00
Razze
824cdc9177 fingerprint: Use makeProxyWrapper for fprintManager
The reason this wasn't using the Gio.DBus.makeProxyWrapper() convenience API is that it passes custom flags to the proxy, and that wasn't supported by the wrapper at the time.

As this is now possible, this commit migrates us to the new API.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1572>
2021-02-08 19:19:14 +00:00
Mike Gerow
7222bffdf8 loginDialog: Make notListedButton accessible
Without this a screen reader just calls the notListedButton a
"push button" instead of also including the "Not listed?" text.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1567>
2021-01-13 22:10:03 +01:00
Florian Müllner
ef807619e9 credentialManager: Shut up a JS warning
Plain classes are private to their file, so accessing them from
another module results in the following warning:

    That property was defined with 'let' or 'const' inside the module.
    This was previously supported, but is not correct according to the
    ES6 standard.

Fix by assigning the class to a public variable instead.

(Eventually switching to ES6 modules with proper imports/exports will
fix this as well)

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1512>
2020-11-26 14:17:26 +01:00
yun341
3fb321fd21 authPrompt: set value of beginRequestType to 'DONT_PROVIDE_USERNAME'
Commit 809f820c introduct vmware SSO service to gnome-shell, the value
beginRequestType should be set to 'DONT_PROVIDE_USERNAME', otherwise
vmware sso will fail. This patch will fix it.

Closes: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1443
2020-09-23 15:42:51 +00:00
Florian Müllner
82da51d5a1 authPrompt: Hide password when insensitive
The purpose of password peeking is to spot and correct errors;
the latter isn't possible when the entry is non-editable, so
we can hide the password again while authentication is ongoing.

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3138
2020-09-21 22:51:48 +02:00
Andre Moreira Magalhaes
00437750ed authPrompt: Properly get oVirt service name
Commit 809f820cd moved the definition of OVIRT_SERVICE_NAME to
'js/gdm/oVirt.js' but missed updating one occurrence. This
commit fixes it.

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1414
2020-08-18 13:31:23 +00:00
Ray Strode
13137aad9d loginDialog: Reset auth prompt on vt switch before fade in
At the moment, if a user switches to the login screen vt,
the login screen fades in whatever was on screen prior, and
then does a reset.

It makes more sense to reset first, so we fade in what the
user is going to interact with instead of what they interacted
with before.

Fixes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
2020-07-27 16:18:44 -04:00
yun341
4ea0fca4fc gdm: Introduce vmware credential manager for pre-authenticated logins
The previous commit implemented a new CredentialManager interface to
    facilitate adding additional providers for pre-authenticating the user
    at the login screen.

    This commit implements a new credential manager using that interface
    for vmware deployments.

    Closes: https://gitlab.gnome.org/GNOME/gnome-shell/issues/1983
2020-07-04 08:11:49 +08:00
yun341
809f820cd4 gdm: Refactor oVirt to a generic CredentialManager interface
Commit 4cda61a1 added support for pre-authenticated logins in
    oVirt environments. This feature prevents a user from having
    to type their password twice (once to the oVirt management machine,
    and then immediately again in the provisioned guest running gnome-shell).
    That feature is currently oVirt specific, but a similar feature would
    be useful in non-oVirt based virt farm environments.

    Toward that end, this commit generalizes the various aspects of the
    oVirt integration code, so that it can be reused in a subsequent
    commit for adding single sign on support in vmware deployments, too.

    Closes: https://gitlab.gnome.org/GNOME/gnome-shell/issues/1983
2020-07-04 08:11:49 +08:00
Jonas Dreßler
d885486397 st/widget: Remove get_resource_scale function
ClutterActor provides the same function, but with a different return
value. So since we already switched to the ClutterActor implementation
in our C code, we can now safely remove st_widget_get_resource_scale()
and update the JS code that's still using the old API.

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1287
2020-06-30 13:42:18 +00:00
Jonas Dreßler
9b99b67fea Remove ClutterAllocationFlags
Those flags were removed from Clutter since they're pretty much unused,
so remove them here, too.

See https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1245

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1245
2020-05-20 15:12:03 +02:00
Jonas Dreßler
8d139bbd95 authPrompt: Grab key focus when making entry sensitive
We currently let the entry of the autoPrompt grab the key focus inside
setQuestion(), which is called from _onAskQuestion(), which is the
callback of the "ask-question" signal.

It seems that the "ask-question" signal isn't emitted again right after
the password-check failed, but a few seconds after that. Since we get
the "verification-failed" signal earlier than "ask-question" (right
after we know the check failed) and we also get a hint whether the entry
should be usable again with the canRetry argument, we can also grab key
focus to in the same step.

So do that by grabbing key focus when making the entry sensitive.

Fixes https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2655
2020-04-25 14:54:07 +00:00
Xiaoguang Wang
be12c71534 loginDialog: Get resource scale by get_resource_scale
To shut up 'Getting invalid resource scale property' warnings in the log.

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1206
2020-04-21 13:48:56 +02:00
Florian Müllner
b191e9ef91 authPrompt: Fix spinner alignment
We want the spinner to be centered with regard to the entry, but
constraining the height breaks that:

 1. clutter_actor_allocate() is called with the available size
 2. clutter_actor_update_constraints() then adjusts that according
    to the constraints
 3. clutter_actor_adjust_allocation() applies the margin/expand/align
    properties.

The issue there is that 2. reduces the allocation to the desired size,
so there is no more extra space to distribute in 3.

We can fix this by either constraining everything (and rely on the
cancel button's alignment) or limit the constraint to the width. The
latter seems more appropriate, given that the constraint is only used
to center the entry horizontally.

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2628
2020-04-17 22:35:31 +00:00
Florian Müllner
764527c8c9 js: Promisify async operations
Promises make asynchronous operations easier to manage, in particular
when used through the async/await syntax that allows for asynchronous
code to closely resemble synchronous one.

gjs has included a Gio._promisify() helper for a while now, which
monkey-patches methods that follow GIO's async pattern to return a
Promise when called without a callback argument.

Use that to get rid of all those GAsyncReadyCallbacks!

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1126
2020-03-31 05:43:40 +00:00
Florian Müllner
4f427f4e0d js: Do not set entries' ClutterText:editable property
The property influences the text's (and thus entry's) minimum width[0],
which is generally not what we want. And as we now prevent text from
being entered in non-reactive entries by other means, we can simply
drop it.

[0] https://gitlab.gnome.org/GNOME/mutter/-/blob/master/clutter/clutter/clutter-text.c#L2940

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2423
2020-03-29 22:12:57 +02:00
Florian Müllner
26ffeaae47 js: Add missing chain-ups in vfuncs
Commit 55b57421d changed signal handlers to the corresponding vfuncs,
but didn't always chain up as necessary. In most places this doesn't
matter, but at the very least the commit broke activating message list
items via the keyboard.

Add all (hopefully) the missing chain-ups to get the expected behavior
back.

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2319
2020-03-27 10:39:58 +01:00
Daniel van Vugt
ffb8bd5fa7 loginDialog: Retain native logo dimensions
So that the same logo may be used during boot and keeps its
dimensions on the login screen, appearing to never move.

Related to: https://bugs.launchpad.net/bugs/1867133

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1101
2020-03-22 15:06:36 +00:00
Florian Müllner
19fc7c4d31 loginDialog: Do not expand "Not listed" button
Visually the button is just an interactive label, so having the
interactive area extend to the empty space next to the label
is surprising.

Instead, left-align the whole button rather than just the label
inside, so the clickable area corresponds to the visible one.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/1046
2020-02-26 19:46:50 +00:00
Florian Müllner
d62391c8f1 unlockDialog: Set accessible name of icon-only buttons
We turned both the auth prompt's cancel button and the switch user
button into icon buttons now, which means they are completely cryptic
when using a screen reader.

Just use the previously used labels as accessible names, which has the
nice side effect of lowering the impact of the string freeze break.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2210
2020-02-24 12:29:44 +00:00
Florian Müllner
ab24ee7a7e authPrompt: Don't focus hidden cancelButton
The button is hidden on the lock screen, so it shouldn't be allowed to
activate it, be it via click or keyboard. The latter is still possible
by keynaving to the button and hitting space/enter. Fix that by making
the button unfocusable when we make it unreactive.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2210
2020-02-24 12:29:44 +00:00
Florian Müllner
ff39b3274b authPrompt: Initialize property in _init()
This avoid a "reference to undefined property" warning when using
it in a comparison.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/1035
2020-02-20 19:08:47 +00:00
Florian Müllner
24c8f5bb70 authPrompt: Fix cancel button visibility
Grrr, this slipped in in 5cad5c20e9, and we don't have a compiler
to catch those kinds of bugs :-(

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2228
2020-02-18 21:34:16 +00:00
Florian Müllner
9d941f8202 js: Don't use templates in files with translations
xgettext gained some support for template strings, and no longer
fails when encountering '/' somewhere between backticks.

Unfortunately its support is still buggy as hell, and it is now
silently dropping translatable strings, yay. I hate making the
code worse, but until xgettext really gets its shit together,
the only viable way forward seems to be to not use template
strings in any files listed in POTFILES.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/1014
2020-02-17 23:20:40 +01:00
Jonas Dreßler
bcc652632d authPrompt: Use the same hint text as the polkitDialog for the password
Be consistent and show the hint for the password entry that we already
show in the polkitDialog in the auth dialog.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/977
2020-02-17 11:03:07 +00:00
Jonas Dreßler
95ebbb9360 Update hint texts of all entries
The design team discussed the ellipses at the end of the hint text of
our entries and, even though they are present in most mockups, it turned
out they don't like them, so remove them.

It also turned out they don't like the prefixes like "Enter" before it,
so remove those, too.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/977
2020-02-17 11:03:07 +00:00
Florian Müllner
0d766dcf70 authPrompt: Use placeholder label to avoid layout changes
We don't want to show a caps-lock warning when showing a non-password
entry, but we also don't want the layout to jump when changing the
label's visibility.

Achieve that by inserting an empty placeholder label that we can
show whenever the caps-lock warning is hidden.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2215
2020-02-14 21:57:03 +01:00
Florian Müllner
41da4b0681 Revert "authPrompt: Don't hide the caps lock warning label"
Using the opacity to control the label's visibility doesn't work
correctly, as CapsLockWarning itself changes the opacity when
the caps-lock state changes.

This reverts commit 9f5f6aa9b2.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2215
2020-02-14 21:57:03 +01:00
Georges Basile Stavracas Neto
5cad5c20e9 authPrompt: Hide cancel button on unlock screen
As per the latest design review, hide the cancel button
on the unlock dialog.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/1006
2020-02-14 20:49:57 +00:00
Georges Basile Stavracas Neto
06565542e7 Revert "unlockDialog: Remove 'Login as another user' Label"
This reverts commit c6a79fafc. The back button doesn't really work
as a replacement for going back to the login screen.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/1006
2020-02-14 20:49:57 +00:00
Georges Basile Stavracas Neto
7e27a2db3d authPrompt: Keep password entry on reset
Usually, logging in or unlocking the session is made asynchronously,
and AuthPrompt properly manages which entry is currently visible.
External code don't rely on any specific entry to be set, since it
is AuthPrompt's responsibility to select the correct one to be shown.

However, there's one specific case where AuthPrompt must preserve
the password entry: on reset. The reset code preserved whatever
entry was currently displayed, but after fe69dacaf1, it always
changes to the username entry.

Make sure to show the password entry on reset.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/999
2020-02-13 18:11:16 -03:00
Georges Basile Stavracas Neto
77890c6000 loginDialog: Hide session menu button when showing the user list
In the past, the session menu button was part of the auth prompt widgetry,
so we didn't have to manually hide it when showing the user list. However,
now it is part of the login screen itself.

Hide the session menu button when the user list is shown.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/999
2020-02-13 18:11:05 -03:00
Georges Basile Stavracas Neto
9f5f6aa9b2 authPrompt: Don't hide the caps lock warning label
Hiding the Caps lock warning label changes the layout of
Auth Prompt. This is specially noticeable when logging in
with unlisted users, where we change the visibility of this
label after typing a username, and the whole user widget
moves a bit.

Change the Cap lock label's opacity instead of hiding it.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
0f34cbb658 authPrompt: Only spin on password entries
Spinning while typing the password is a bit off-putting, and
inconsistent with how regular authentication behaves.

Only spin the spinner after typing the password.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
077a1d2309 authPrompt: Refactor 'next' signal
Currently, AuthPrompt is connecting to its own 'next' signal
signal to react to any of the entries being activated, and do
some actions like starting the spinner and answering the PAM
question.

Refactor this code into another method, and don't connect to
our own signal.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
66835c6e15 authPrompt: Remove colons from questions
Unfortunately, the question that is displayed comes directly
from PAM. It usually is just "Password:", which comes from
pam-unix, but other questions can be set, usually with the
colons, since they are crafted with a CLI workflow in mind.

Manually drop the colons from questions asked by PAM. This
is also done by the PolKit agent, which shows how the stack
is fragile, but it's what we have for now.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
99e81b32f4 authPrompt: Keep buttonWell and cancel button sizes in sync
So that the entry is horizontally centralized at all times.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
fe69dacaf1 loginDialog: Use text entry for username
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
6daeb048af authPrompt: Connect signals to both text and password entries
This is a regression from the transition to password entry. Both
entries need to be connected to the relevant signals, otherwise
username-based login won't ever work.

Connect both the text and the password entries.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
db4dfd8fa5 authPrompt: Trivial style cleanup
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
0b150a17c5 loginDialog: Replace colon by ellipsis on username question
So it plays better as a hint text.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
43a45c091d authPrompt: Use entry to show question texts
Currently, there is a dedicated label above the entry to
display the question text. According to the new mockups
for the lock screen, this label doesn't exist; instead,
the question is set inside the entry itself, as a hint
text.

Set the questions as hint texts of the entry, and remove
the now unused label.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
cc5adcbeef loginDialog: Center align Caps Lock and authentication messages
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
848cc1bb19 loginDialog: Set null user when asking for username
When going through the username + password login flow, set
the username to 'null' to update the user avatar.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
654093dc40 userWidget: Adapt if user is not mentioned for username login
If username-based login flow is followed, we need a default avatar
for the userWidget. Hence, check if the user passed to userWidget
is (null) which implies a username-based login flow.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
aebea82474 loginDialog: Move and relayout sessionMenuButton to bottom right
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
a6b29d6501 loginDialog: Apply CSS to sessionMenuButton according to mockups
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
c6a79fafc9 unlockDialog: Remove 'Login as another user' Label
According to the new mockups, logging in as another user
should be handled by the (<) button present on the lock-screen.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
7fc4fe9a97 authPrompt: Iconize the cancel button
Replace the "Cancel" label in the cancel button
by an arrow icon, and adjust the theme to make
it circular.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
ee0a36e6a3 authPrompt: Move cancel button, entry and spinner to a single row
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
a5972d2882 authPrompt: Remove Next button and its references
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Umang Jain
2fdc627257 userWidget: Allow vertical orientation for user avatars
Allow vertical orientation for the userWidget so that the user-avatar
can be centered and user's name can be placed below it. The plan
for 3.36 is to use this vertical userWidget layout for both lock
and login screen.

The userWidget is also used while creating the user-selection list
at the login, hence we still need to keep the horizontal layout
for userWidget in place.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
7851069d9c screenShield: Activate dialog when necessary
Activating a dialog is slightly different from opening it; the
former is about showing the user authentication widgetry, while
the latter is about creating it and pre-allocating the necessary
resources.

Activate the screen shield dialog when necessary.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/872
2020-02-10 22:30:52 +00:00
Georges Basile Stavracas Neto
54e2d3ceb7 unlockDialog, loginDialog: Add a 'wake-up-screen' signal
The signal is currently present in the notifications box, but next
commits will move the notifications box to the unlock dialog.

Add a 'wake-up-screen' signal to the dialogs.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/872
2020-02-10 22:30:51 +00:00
Jonas Dreßler
2b184a10d6 util: Move wiggle parameters to a common place
Since the wiggle effect will be used by the redesigned prompt-dialogs
and we always want to use the same parameters, move those as defaults
for the wiggle function to the util.js file.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/942
2020-02-01 08:06:31 +01:00
Umang Jain
474dda7ffe js: Add caps-lock Warning to the dialogs
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/619
2019-12-17 23:08:43 +01:00
Umang Jain
684b918915 js: Use StPasswordEntry for password entry fields
Use the new StPasswordEntry for password entry fields
and remove all direct handling of clutter text of the entry
 via clutter_text_set_password_char to show/hide the password
text. StPasswordEntry will provides a peek-password-icon which
will allow to show/hide the password present in the field to
the user in subsequent commits.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/619
2019-12-17 23:08:43 +01:00
Florian Müllner
a32c4f30d1 style: Allow lonely ifs where appropriate
We now have a lint rule to disallow lonely ifs, however there are
cases where the "lonely" part mirrors code from the preceding if
clause. Opt out of the lint rule in those cases.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/818
2019-11-11 23:51:17 +00:00
Florian Müllner
e44adb92cf cleanup: Avoid unnecessary parentheses
Extra parentheses usually add noise rather than clarity, so avoid
them.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/805
2019-11-11 19:25:14 +00:00
Florian Müllner
ebf77748a8 cleanup: Require "dangling" commas
Since ES5, trailing commas in arrays and object literals are valid.
We generally haven't used them so far, but they are actually a good
idea, as they make additions and removals in diffs much cleaner.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/805
2019-11-11 19:25:14 +00:00
Florian Müllner
07cc84f632 cleanup: Only omit braces for single-line blocks
Braces can be avoided when a block consists of a single statement,
but readability suffers when the statement spans more than a single
line.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/805
2019-11-11 19:25:14 +00:00
Florian Müllner
c860409da5 cleanup: Use object shorthand where possible
ES6 allows to omit property names where they match the name of the
assigned variable, which makes code less redunant and thus cleaner.
We will soon enforce that in our eslint rules, so make sure we use
the shorthand wherever possible.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/805
2019-11-11 19:25:14 +00:00
Florian Müllner
9eaa0089d0 cleanup: Fix missing/stray spaces
Those are wrong according to our style guidelines, but the previous
eslint ruleset didn't catch them.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/805
2019-11-11 19:25:14 +00:00
Florian Müllner
682bd7e97c cleanup: Don't shadow variables
Having variables that share the same name in overlapping scopes is
confusing and error-prone, and is best avoided.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/805
2019-11-11 19:25:14 +00:00
Florian Müllner
67ea424525 cleanup: Avoid unnecessary braces
Our coding style has always been to avoid braces when all blocks
are single-lines.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/805
2019-11-11 19:25:14 +00:00
Florian Müllner
2c62e45168 st: Remove StBin's align properties
They are now completely unused, so remove them and stop the confusing
shadowing of ClutterActor's own x/y-align properties.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/803
2019-11-04 21:27:56 +01:00
Florian Müllner
f2bd39b20c js: Use generic actor properties to align StBin children
StBin's fill/align properties are now no-ops; get back the intended
child allocation by setting the corresponding x/y-align on the child.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/803
2019-11-04 21:27:56 +01:00
Florian Müllner
104071acbd js: Replace child properties
Every since commit aa394754, StBoxLayout has supported ClutterActor's
expand/align properties in addition to the container-specific child
properties. Given that that's the only container left with a special
child meta, it's time to fully embrace the generic properties (and
eventually remove the child meta).

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/780
2019-11-01 19:42:01 +00:00
Marco Trevisan (Treviño)
39e6fc9e9d js: Use Gjs GTypeName computation for all classes
As per previous commit we can remove the explicit GTypeName definitions
and use gjs auto computation for all the GObject registered classes.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/790
2019-10-29 18:38:35 +00:00
Georges Basile Stavracas Neto
b25a73c243 authPrompt: Wiggle on failure
Add a wiggle effect to the password entry on failure. The
parameters are set as per design review during GNOME Shell
Hackfest 2019.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/768
2019-10-18 11:25:45 +00:00
Marco Trevisan (Treviño)
55b57421dc cleanup: Replace signal connections with virtual functions
Inheriting from actors allows to use virtual functions instead of signal
connections for multiple cases, so just use them when possible.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/559
2019-10-16 15:26:13 +00:00
Marco Trevisan (Treviño)
c4c5c4fd5c cleanup: Use inheritance for Actor classes instead of composition
Remove the `this.actor = ...` and `this.actor._delegate = this` patterns in most
of classes, by inheriting all the actor container classes.

Uses interfaces when needed for making sure that multiple classes will implement
some required methods or to avoid redefining the same code multiple times.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/559
2019-10-16 15:26:13 +00:00
Florian Müllner
7b45ffa511 loginDialog: Stop using deprecated actor property
Commit 0c0d76f7d6 made the class an actor subclass, so the actor
property is just a deprecated synonym of the object itself.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/736
2019-09-20 16:58:00 +00:00
Florian Müllner
a77377efe7 cleanup: Avoid useless return statements
Return statements are only useful if they return a value or break
the regular function flow (i.e. early returns). Remove all returns
that do neither.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/731
2019-09-15 16:02:45 +02:00