Commit Graph

393 Commits

Author SHA1 Message Date
Marco Trevisan (Treviño)
c8bb45b41c gdm: Limit verification cancellations to be conform to allowed-failures
As per previous commit the user can cancel an ongoing authentication via
Escape key and that will always send the user back to the clock view in
lockscreen or user-selection view in login prompt.

However, we can be a little more permissive and don't switch view to be
able to restart the authentication without further action.

To avoid this to be abused though, we consider the user verification
cancellation via escape key to be a "soft-failure", so once the
configured "allowed-failures" gsettings value has been reached, we'd
just act as before, ignoring any further request (until we don't get
back to the user auth view).

In this way we still make brute-force attacks harder to do, while still
giving the well-behaving user some ability to fix mistakes.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
7e77881717 authPrompt: Handle Escape key to cancel ongoing verification
Escape key is supposed to cancel a verification, however if the user
already hit Enter to begin the authentication the Escape key won't work
until the verification completed.

This may be quite inconvenient when an user did a typo while writing and
wants to cancel the already started auth.

So, while authenticating (or in general while the entry is unsensitive)
give the key focus to the authpromt itself so that we can still get the
input events and cancel an user action.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
3e96952fde authPrompt: Don't begin a new authentication session on lockscreen cancel event
When a cancel event in the user lockscreen happens we first emit a reset
signal and immediately a cancelled one.

This lead to start a new gdm worker for each enabled authentication
method and then immediately to stop it.
As per the previous commit, we don't have anymore dangling gdm workers
around, but still we should not even start a new one in such case.

So, when the user explicitly cancelled the authentication session, first
emit a cancelled event and only emit a reset event with a begin request
if we are outside the lockscreen.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
b916df1110 gdm: Cancel user verification on UserVerifier destruction
When we cancel an user authentication via Escape key or cancel button on
AuthPrompt we reset the view and we emit a 'cancelled' signal that leads
to destroying the auth prompt and the user verifier.

However, the verifier may still have an operation in progress and its
completion may take some time (as in the case of gdm-fingerprint), but
we just leave the gdm worker running until its pam module completes
(potentially never) clearing and disposing its handle.

So, instead of just clearing the verify, actually cancel and clear it.
In case the user verifier is set, clearing the relevant data will happen
anyway as part of the cancel() call.

Ideally this would have been handled by gdm itself, but unfortunately we
can't fix it there because the verifier itself is a class generated by
gdbus-codegen, so we can't handle this automatically on disposal nor we
can automatically monitor when the caller proxy is stopped on our side.

Fixes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3654
Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1622>
2021-02-12 20:26:00 +00:00
Marco Trevisan (Treviño)
a19e6573e1 loginDialog: Fill UserListItem layout to show the timed login indicator
When the timed indicator is shown the UserListItem layout should fill
so that the timed indicator can expand to use the whole item space.

So, always use the default value for x-align that will make it to fill
the available space without causing any regression when the timed
indicator is hidden.

Closes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3675
Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1644>
2021-02-09 06:08:55 +00:00
Razze
aa392d45c9 fingerprint: Show different strings depending on type
Fprintd knows if the fingerprint reader is of the swipe or press type. We now show different labels depending on that.

Closes https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2011

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1572>
2021-02-08 19:19:14 +00:00
Razze
824cdc9177 fingerprint: Use makeProxyWrapper for fprintManager
The reason this wasn't using the Gio.DBus.makeProxyWrapper() convenience API is that it passes custom flags to the proxy, and that wasn't supported by the wrapper at the time.

As this is now possible, this commit migrates us to the new API.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1572>
2021-02-08 19:19:14 +00:00
Mike Gerow
7222bffdf8 loginDialog: Make notListedButton accessible
Without this a screen reader just calls the notListedButton a
"push button" instead of also including the "Not listed?" text.

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1567>
2021-01-13 22:10:03 +01:00
Florian Müllner
ef807619e9 credentialManager: Shut up a JS warning
Plain classes are private to their file, so accessing them from
another module results in the following warning:

    That property was defined with 'let' or 'const' inside the module.
    This was previously supported, but is not correct according to the
    ES6 standard.

Fix by assigning the class to a public variable instead.

(Eventually switching to ES6 modules with proper imports/exports will
fix this as well)

Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1512>
2020-11-26 14:17:26 +01:00
yun341
3fb321fd21 authPrompt: set value of beginRequestType to 'DONT_PROVIDE_USERNAME'
Commit 809f820c introduct vmware SSO service to gnome-shell, the value
beginRequestType should be set to 'DONT_PROVIDE_USERNAME', otherwise
vmware sso will fail. This patch will fix it.

Closes: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1443
2020-09-23 15:42:51 +00:00
Florian Müllner
82da51d5a1 authPrompt: Hide password when insensitive
The purpose of password peeking is to spot and correct errors;
the latter isn't possible when the entry is non-editable, so
we can hide the password again while authentication is ongoing.

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3138
2020-09-21 22:51:48 +02:00
Andre Moreira Magalhaes
00437750ed authPrompt: Properly get oVirt service name
Commit 809f820cd moved the definition of OVIRT_SERVICE_NAME to
'js/gdm/oVirt.js' but missed updating one occurrence. This
commit fixes it.

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1414
2020-08-18 13:31:23 +00:00
Ray Strode
13137aad9d loginDialog: Reset auth prompt on vt switch before fade in
At the moment, if a user switches to the login screen vt,
the login screen fades in whatever was on screen prior, and
then does a reset.

It makes more sense to reset first, so we fade in what the
user is going to interact with instead of what they interacted
with before.

Fixes: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
2020-07-27 16:18:44 -04:00
yun341
4ea0fca4fc gdm: Introduce vmware credential manager for pre-authenticated logins
The previous commit implemented a new CredentialManager interface to
    facilitate adding additional providers for pre-authenticating the user
    at the login screen.

    This commit implements a new credential manager using that interface
    for vmware deployments.

    Closes: https://gitlab.gnome.org/GNOME/gnome-shell/issues/1983
2020-07-04 08:11:49 +08:00
yun341
809f820cd4 gdm: Refactor oVirt to a generic CredentialManager interface
Commit 4cda61a1 added support for pre-authenticated logins in
    oVirt environments. This feature prevents a user from having
    to type their password twice (once to the oVirt management machine,
    and then immediately again in the provisioned guest running gnome-shell).
    That feature is currently oVirt specific, but a similar feature would
    be useful in non-oVirt based virt farm environments.

    Toward that end, this commit generalizes the various aspects of the
    oVirt integration code, so that it can be reused in a subsequent
    commit for adding single sign on support in vmware deployments, too.

    Closes: https://gitlab.gnome.org/GNOME/gnome-shell/issues/1983
2020-07-04 08:11:49 +08:00
Jonas Dreßler
d885486397 st/widget: Remove get_resource_scale function
ClutterActor provides the same function, but with a different return
value. So since we already switched to the ClutterActor implementation
in our C code, we can now safely remove st_widget_get_resource_scale()
and update the JS code that's still using the old API.

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1287
2020-06-30 13:42:18 +00:00
Jonas Dreßler
9b99b67fea Remove ClutterAllocationFlags
Those flags were removed from Clutter since they're pretty much unused,
so remove them here, too.

See https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1245

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1245
2020-05-20 15:12:03 +02:00
Jonas Dreßler
8d139bbd95 authPrompt: Grab key focus when making entry sensitive
We currently let the entry of the autoPrompt grab the key focus inside
setQuestion(), which is called from _onAskQuestion(), which is the
callback of the "ask-question" signal.

It seems that the "ask-question" signal isn't emitted again right after
the password-check failed, but a few seconds after that. Since we get
the "verification-failed" signal earlier than "ask-question" (right
after we know the check failed) and we also get a hint whether the entry
should be usable again with the canRetry argument, we can also grab key
focus to in the same step.

So do that by grabbing key focus when making the entry sensitive.

Fixes https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2655
2020-04-25 14:54:07 +00:00
Xiaoguang Wang
be12c71534 loginDialog: Get resource scale by get_resource_scale
To shut up 'Getting invalid resource scale property' warnings in the log.

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1206
2020-04-21 13:48:56 +02:00
Florian Müllner
b191e9ef91 authPrompt: Fix spinner alignment
We want the spinner to be centered with regard to the entry, but
constraining the height breaks that:

 1. clutter_actor_allocate() is called with the available size
 2. clutter_actor_update_constraints() then adjusts that according
    to the constraints
 3. clutter_actor_adjust_allocation() applies the margin/expand/align
    properties.

The issue there is that 2. reduces the allocation to the desired size,
so there is no more extra space to distribute in 3.

We can fix this by either constraining everything (and rely on the
cancel button's alignment) or limit the constraint to the width. The
latter seems more appropriate, given that the constraint is only used
to center the entry horizontally.

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2628
2020-04-17 22:35:31 +00:00
Florian Müllner
764527c8c9 js: Promisify async operations
Promises make asynchronous operations easier to manage, in particular
when used through the async/await syntax that allows for asynchronous
code to closely resemble synchronous one.

gjs has included a Gio._promisify() helper for a while now, which
monkey-patches methods that follow GIO's async pattern to return a
Promise when called without a callback argument.

Use that to get rid of all those GAsyncReadyCallbacks!

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1126
2020-03-31 05:43:40 +00:00
Florian Müllner
4f427f4e0d js: Do not set entries' ClutterText:editable property
The property influences the text's (and thus entry's) minimum width[0],
which is generally not what we want. And as we now prevent text from
being entered in non-reactive entries by other means, we can simply
drop it.

[0] https://gitlab.gnome.org/GNOME/mutter/-/blob/master/clutter/clutter/clutter-text.c#L2940

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2423
2020-03-29 22:12:57 +02:00
Florian Müllner
26ffeaae47 js: Add missing chain-ups in vfuncs
Commit 55b57421d changed signal handlers to the corresponding vfuncs,
but didn't always chain up as necessary. In most places this doesn't
matter, but at the very least the commit broke activating message list
items via the keyboard.

Add all (hopefully) the missing chain-ups to get the expected behavior
back.

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2319
2020-03-27 10:39:58 +01:00
Daniel van Vugt
ffb8bd5fa7 loginDialog: Retain native logo dimensions
So that the same logo may be used during boot and keeps its
dimensions on the login screen, appearing to never move.

Related to: https://bugs.launchpad.net/bugs/1867133

https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1101
2020-03-22 15:06:36 +00:00
Florian Müllner
19fc7c4d31 loginDialog: Do not expand "Not listed" button
Visually the button is just an interactive label, so having the
interactive area extend to the empty space next to the label
is surprising.

Instead, left-align the whole button rather than just the label
inside, so the clickable area corresponds to the visible one.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/1046
2020-02-26 19:46:50 +00:00
Florian Müllner
d62391c8f1 unlockDialog: Set accessible name of icon-only buttons
We turned both the auth prompt's cancel button and the switch user
button into icon buttons now, which means they are completely cryptic
when using a screen reader.

Just use the previously used labels as accessible names, which has the
nice side effect of lowering the impact of the string freeze break.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2210
2020-02-24 12:29:44 +00:00
Florian Müllner
ab24ee7a7e authPrompt: Don't focus hidden cancelButton
The button is hidden on the lock screen, so it shouldn't be allowed to
activate it, be it via click or keyboard. The latter is still possible
by keynaving to the button and hitting space/enter. Fix that by making
the button unfocusable when we make it unreactive.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2210
2020-02-24 12:29:44 +00:00
Florian Müllner
ff39b3274b authPrompt: Initialize property in _init()
This avoid a "reference to undefined property" warning when using
it in a comparison.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/1035
2020-02-20 19:08:47 +00:00
Florian Müllner
24c8f5bb70 authPrompt: Fix cancel button visibility
Grrr, this slipped in in 5cad5c20e9, and we don't have a compiler
to catch those kinds of bugs :-(

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2228
2020-02-18 21:34:16 +00:00
Florian Müllner
9d941f8202 js: Don't use templates in files with translations
xgettext gained some support for template strings, and no longer
fails when encountering '/' somewhere between backticks.

Unfortunately its support is still buggy as hell, and it is now
silently dropping translatable strings, yay. I hate making the
code worse, but until xgettext really gets its shit together,
the only viable way forward seems to be to not use template
strings in any files listed in POTFILES.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/1014
2020-02-17 23:20:40 +01:00
Jonas Dreßler
bcc652632d authPrompt: Use the same hint text as the polkitDialog for the password
Be consistent and show the hint for the password entry that we already
show in the polkitDialog in the auth dialog.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/977
2020-02-17 11:03:07 +00:00
Jonas Dreßler
95ebbb9360 Update hint texts of all entries
The design team discussed the ellipses at the end of the hint text of
our entries and, even though they are present in most mockups, it turned
out they don't like them, so remove them.

It also turned out they don't like the prefixes like "Enter" before it,
so remove those, too.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/977
2020-02-17 11:03:07 +00:00
Florian Müllner
0d766dcf70 authPrompt: Use placeholder label to avoid layout changes
We don't want to show a caps-lock warning when showing a non-password
entry, but we also don't want the layout to jump when changing the
label's visibility.

Achieve that by inserting an empty placeholder label that we can
show whenever the caps-lock warning is hidden.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2215
2020-02-14 21:57:03 +01:00
Florian Müllner
41da4b0681 Revert "authPrompt: Don't hide the caps lock warning label"
Using the opacity to control the label's visibility doesn't work
correctly, as CapsLockWarning itself changes the opacity when
the caps-lock state changes.

This reverts commit 9f5f6aa9b2.

https://gitlab.gnome.org/GNOME/gnome-shell/issues/2215
2020-02-14 21:57:03 +01:00
Georges Basile Stavracas Neto
5cad5c20e9 authPrompt: Hide cancel button on unlock screen
As per the latest design review, hide the cancel button
on the unlock dialog.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/1006
2020-02-14 20:49:57 +00:00
Georges Basile Stavracas Neto
06565542e7 Revert "unlockDialog: Remove 'Login as another user' Label"
This reverts commit c6a79fafc. The back button doesn't really work
as a replacement for going back to the login screen.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/1006
2020-02-14 20:49:57 +00:00
Georges Basile Stavracas Neto
7e27a2db3d authPrompt: Keep password entry on reset
Usually, logging in or unlocking the session is made asynchronously,
and AuthPrompt properly manages which entry is currently visible.
External code don't rely on any specific entry to be set, since it
is AuthPrompt's responsibility to select the correct one to be shown.

However, there's one specific case where AuthPrompt must preserve
the password entry: on reset. The reset code preserved whatever
entry was currently displayed, but after fe69dacaf1, it always
changes to the username entry.

Make sure to show the password entry on reset.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/999
2020-02-13 18:11:16 -03:00
Georges Basile Stavracas Neto
77890c6000 loginDialog: Hide session menu button when showing the user list
In the past, the session menu button was part of the auth prompt widgetry,
so we didn't have to manually hide it when showing the user list. However,
now it is part of the login screen itself.

Hide the session menu button when the user list is shown.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/999
2020-02-13 18:11:05 -03:00
Georges Basile Stavracas Neto
9f5f6aa9b2 authPrompt: Don't hide the caps lock warning label
Hiding the Caps lock warning label changes the layout of
Auth Prompt. This is specially noticeable when logging in
with unlisted users, where we change the visibility of this
label after typing a username, and the whole user widget
moves a bit.

Change the Cap lock label's opacity instead of hiding it.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
0f34cbb658 authPrompt: Only spin on password entries
Spinning while typing the password is a bit off-putting, and
inconsistent with how regular authentication behaves.

Only spin the spinner after typing the password.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
077a1d2309 authPrompt: Refactor 'next' signal
Currently, AuthPrompt is connecting to its own 'next' signal
signal to react to any of the entries being activated, and do
some actions like starting the spinner and answering the PAM
question.

Refactor this code into another method, and don't connect to
our own signal.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
66835c6e15 authPrompt: Remove colons from questions
Unfortunately, the question that is displayed comes directly
from PAM. It usually is just "Password:", which comes from
pam-unix, but other questions can be set, usually with the
colons, since they are crafted with a CLI workflow in mind.

Manually drop the colons from questions asked by PAM. This
is also done by the PolKit agent, which shows how the stack
is fragile, but it's what we have for now.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
99e81b32f4 authPrompt: Keep buttonWell and cancel button sizes in sync
So that the entry is horizontally centralized at all times.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
fe69dacaf1 loginDialog: Use text entry for username
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
6daeb048af authPrompt: Connect signals to both text and password entries
This is a regression from the transition to password entry. Both
entries need to be connected to the relevant signals, otherwise
username-based login won't ever work.

Connect both the text and the password entries.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
db4dfd8fa5 authPrompt: Trivial style cleanup
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
0b150a17c5 loginDialog: Replace colon by ellipsis on username question
So it plays better as a hint text.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
43a45c091d authPrompt: Use entry to show question texts
Currently, there is a dedicated label above the entry to
display the question text. According to the new mockups
for the lock screen, this label doesn't exist; instead,
the question is set inside the entry itself, as a hint
text.

Set the questions as hint texts of the entry, and remove
the now unused label.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
cc5adcbeef loginDialog: Center align Caps Lock and authentication messages
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00
Georges Basile Stavracas Neto
848cc1bb19 loginDialog: Set null user when asking for username
When going through the username + password login flow, set
the username to 'null' to update the user avatar.

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/922
2020-02-12 19:29:48 +00:00