!2227 口令重注册需求

Merge pull request !2227 from luyifan/master

interfaces/innerkits/osaccount/native/include/os_account_constants.h

@@ -55,6 +55,7 @@ const char OPERATION_STOP[] = "stop";
 const char OPERATION_START[] = "start";
 const char OPERATION_UPDATE[] = "update";
 const char OPERATION_UNLOCK[] = "unlock";
+const char OPERATION_REENROLL[] = "re-enroll";
 
 // distributed database
 const char APP_ID[] = "os_account_mgr_service";
@@ -96,6 +97,7 @@ const int64_t TIME_WAIT_TIME_OUT = 5;
 const std::int32_t WAIT_ONE_TIME = 1000;
 const uint64_t DEFAULT_DISPALY_ID = 0;
 const uint64_t INVALID_DISPALY_ID = -1ull;
+const uint64_t REENROLL_WAIT_TIME = 3;
 
 // an error code of ipc which means peer end is dead
 const int32_t E_IPC_ERROR = 29189;

services/accountmgr/include/account_iam/account_iam_callback.h

@@ -16,6 +16,7 @@
 #ifndef OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_CALLBACK_H
 #define OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_CALLBACK_H
 
+#include <condition_variable>
 #include <map>
 #include <vector>
 #include "account_file_operator.h"
@@ -23,6 +24,7 @@
 #include "domain_account_callback.h"
 #include "iaccount_iam_callback.h"
 #include "iremote_object.h"
+#include "iremote_stub.h"
 
 namespace OHOS {
 namespace AccountSA {
@@ -51,9 +53,12 @@ public:
 
 private:
     ErrCode HandleAuthResult(const Attributes &extraInfo, int32_t accountId, bool &isUpdateVerifiedStatus);
+    void HandleReEnroll(const Attributes &extraInfo, int32_t accountId, const std::vector<uint8_t> &token);
+    ErrCode InnerHandleReEnroll(const std::vector<uint8_t> &token);
 
 private:
     uint32_t userId_;
+    uint32_t callerTokenId_;
     uint64_t credentialId_;
     AuthType authType_;
     bool isRemoteAuth_ = false;
@@ -155,6 +160,9 @@ struct UpdateCredInfo {
     std::vector<uint8_t> token;
     std::vector<uint8_t> newSecret;
     std::vector<uint8_t> oldSecret;
+
+    UpdateCredInfo() = default;
+    UpdateCredInfo(const Attributes &extraInfo);
 };
 
 class CommitCredUpdateCallback : public UserIdmClientCallback {
@@ -278,6 +286,18 @@ private:
     GetPropertyRequest request_;
     sptr<IGetSetPropCallback> innerCallback_;
 };
+
+class ReEnrollCallback final : public IRemoteStub<IIDMCallback> {
+public:
+    bool isCalled_ = false;
+    ErrCode result_ = ERR_ACCOUNT_COMMON_NOT_INIT_ERROR;
+    std::mutex mutex_;
+    std::condition_variable onResultCondition_;
+
+    ReEnrollCallback();
+    void OnResult(int32_t result, const Attributes &extraInfo) override;
+    void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) override;
+};
 }  // namespace AccountSA
 }  // namespace OHOS
 #endif  // OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_CALLBACK_H

services/accountmgr/src/account_iam/account_iam_callback.cpp

@@ -15,9 +15,11 @@
 
 #include "account_iam_callback.h"
 
+#include <mutex>
 #include <securec.h>
 #include <string>
 #include "access_token.h"
+#include "accesstoken_kit.h"
 #include "account_iam_info.h"
 #include "account_info_report.h"
 #include "account_log_wrapper.h"
@@ -55,14 +57,106 @@ void AuthCallbackDeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
 AuthCallback::AuthCallback(
     uint32_t userId, uint64_t credentialId, AuthType authType, const sptr<IIDMCallback> &callback)
     : userId_(userId), credentialId_(credentialId), authType_(authType), innerCallback_(callback)
-{}
+{
+    // save caller tokenId for pin re-enroll
+    if (authType == AuthType::PIN) {
+        callerTokenId_ = IPCSkeleton::GetCallingTokenID();
+    }
+}
 
 AuthCallback::AuthCallback(uint32_t userId, uint64_t credentialId, AuthType authType,
     bool isRemoteAuth, const sptr<IIDMCallback> &callback)
     : userId_(userId), credentialId_(credentialId), authType_(authType),
     isRemoteAuth_(isRemoteAuth), innerCallback_(callback)
+{
+    // save caller tokenId for pin re-enroll
+    if (authType == AuthType::PIN) {
+        callerTokenId_ = IPCSkeleton::GetCallingTokenID();
+    }
+}
+
+UpdateCredInfo::UpdateCredInfo(const Attributes &extraInfo)
+{
+    extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId);
+    extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
+    extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, token);
+    extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, newSecret);
+    extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, oldSecret);
+}
+
+ReEnrollCallback::ReEnrollCallback()
 {}
 
+void ReEnrollCallback::OnResult(int32_t result, const Attributes &extraInfo)
+{
+    std::unique_lock<std::mutex> lock(mutex_);
+    ACCOUNT_LOGE("ReEnroll: UpdateCredential call to ReEnroll OnResult, result is %{public}d", result);
+    result_ = result;
+    isCalled_ = true;
+    onResultCondition_.notify_one();
+    return;
+}
+
+void ReEnrollCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const AccountSA::Attributes &extraInfo)
+{
+    std::unique_lock<std::mutex> lock(mutex_);
+    ACCOUNT_LOGE("ReEnroll: UpdateCredential unexpected call to OnAcquireInfo");
+    isCalled_ = true;
+    onResultCondition_.notify_one();
+    return;
+}
+
+ErrCode AuthCallback::InnerHandleReEnroll(const std::vector<uint8_t> &token)
+{
+    //set first caller to sceneboard
+    SetFirstCallerTokenID(callerTokenId_);
+    sptr<ReEnrollCallback> callback = new (std::nothrow) ReEnrollCallback();
+    if (callback == nullptr) {
+        ACCOUNT_LOGE("ReEnroll: failed to allocate callback");
+        return ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR;
+    }
+    CredentialParameters credInfo = {
+        .authType = AuthType::PIN,
+        // `pinType` is unused in iam
+        .pinType = PinSubType::PIN_SIX,
+        .token = token
+    };
+    InnerAccountIAMManager::GetInstance().UpdateCredential(userId_, credInfo, callback);
+    std::unique_lock<std::mutex> lock(callback->mutex_);
+    bool done = callback->onResultCondition_.wait_for(lock, std::chrono::seconds(Constants::REENROLL_WAIT_TIME),
+        [cb = callback]() { return cb->isCalled_; });
+    ErrCode result = callback->result_;
+    if (!done) {
+        ACCOUNT_LOGE("ReEnroll: UpdateCredential failed, timeout");
+        return ERR_ACCOUNT_COMMON_OPERATION_TIMEOUT;
+    }
+    return result;
+}
+
+void AuthCallback::HandleReEnroll(const Attributes &extraInfo, int32_t accountId, const std::vector<uint8_t> &token)
+{
+    bool needReEnroll = false;
+    extraInfo.GetBoolValue(Attributes::ATTR_RE_ENROLL_FLAG, needReEnroll);
+    if (!needReEnroll) {
+        return;
+    }
+    if (authType_ == AuthType::PIN) {
+        ACCOUNT_LOGI("ReEnroll: need re-enroll for accountId %{public}d", accountId);
+        ErrCode result = InnerHandleReEnroll(token);
+        if (result != ERR_OK) {
+            ACCOUNT_LOGE("ReEnroll: UpdateCredential failed, result is %{public}d", result);
+            ReportOsAccountOperationFail(accountId, "ReEnroll", result, "UpdateCredential failed");
+        } else {
+            ACCOUNT_LOGI("ReEnroll: UpdateCredential successful");
+            ReportOsAccountLifeCycle(accountId, Constants::OPERATION_REENROLL);
+        }
+    } else {
+        ACCOUNT_LOGW("ReEnroll: re-enroll flag exist but authType:%{public}d is not pin", authType_);
+    }
+    // ATTR_RE_ENROLL_FLAG is true means iam opened a session, remeber to close it
+    InnerAccountIAMManager::GetInstance().CloseSession(userId_);
+}
+
 ErrCode AuthCallback::HandleAuthResult(const Attributes &extraInfo, int32_t accountId, bool &isUpdateVerifiedStatus)
 {
     std::vector<uint8_t> token;
@@ -106,6 +200,7 @@ ErrCode AuthCallback::HandleAuthResult(const Attributes &extraInfo, int32_t acco
         return ERR_OK;
     }
     InnerDomainAccountManager::GetInstance().AuthWithToken(accountId, token);
+    HandleReEnroll(extraInfo, accountId, token);
     return ret;
 }
 
@@ -346,12 +441,7 @@ void UpdateCredCallback::InnerOnResult(int32_t result, const Attributes &extraIn
         ACCOUNT_LOGE("UpdateCredCallback fail code=%{public}d, authType=%{public}d", result, credInfo_.authType);
         return innerCallback_->OnResult(result, extraInfo);
     }
-    UpdateCredInfo updateCredInfo;
-    extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, updateCredInfo.credentialId);
-    extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, updateCredInfo.secureUid);
-    extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, updateCredInfo.token);
-    extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, updateCredInfo.newSecret);
-    extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, updateCredInfo.oldSecret);
+    UpdateCredInfo updateCredInfo(extraInfo);
     if (updateCredInfo.oldSecret.empty()) {
         ErrCode code = innerIamMgr.UpdateUserAuthWithRecoveryKey(credInfo_.token,
             updateCredInfo.newSecret, updateCredInfo.secureUid, userId_);
@@ -407,7 +497,7 @@ void DelUserInputer::OnGetData(int32_t authSubType, std::vector<uint8_t> challen
         ACCOUNT_LOGE("InputerData is nullptr");
         return;
     }
-    inputerData->OnSetData(authSubType, TEMP_PIN);
+    inputerData->OnSetData(PinSubType::PIN_SIX, TEMP_PIN);
 }
 
 DelUserCallback::DelUserCallback(uint32_t userId, const sptr<IIDMCallback> &callback)

services/accountmgr/src/account_iam/inner_account_iam_manager.cpp

@@ -152,8 +152,9 @@ void InnerAccountIAMManager::UpdateCredential(
 
     std::lock_guard<std::mutex> userLock(*GetOperatingUserLock(userId));
     sptr<IDMCallbackDeathRecipient> deathRecipient = new (std::nothrow) IDMCallbackDeathRecipient(userId);
-    if ((deathRecipient == nullptr) || (callback->AsObject() == nullptr) ||
-        (!callback->AsObject()->AddDeathRecipient(deathRecipient))) {
+    sptr<IRemoteObject> object = callback->AsObject();
+    if ((deathRecipient == nullptr) || object == nullptr ||
+        ((object->IsProxyObject()) && (!object->AddDeathRecipient(deathRecipient)))) {
         ACCOUNT_LOGE("Failed to add death recipient for UpdateCred");
         return;
     }

services/accountmgr/test/unittest/account_iam/account_iam_callback_test.cpp

@@ -193,6 +193,30 @@ HWTEST_F(AccountIamCallbackTest, AuthCallback_OnResult_0300, TestSize.Level0)
     EXPECT_EQ(errCode, callback->result_);
 }
 
+/**
+ * @tc.name: AuthCallback_OnResult_0400
+ * @tc.desc: OnResult test with ReEnroll flag.
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(AccountIamCallbackTest, AuthCallback_OnResult_0400, TestSize.Level0)
+{
+    AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(DEFAULT_USER_ID, "com.ohos.settings", 0);
+    SetSelfTokenID(tokenId);
+    sptr<MockIIDMCallback> callback = new (std::nothrow) MockIIDMCallback();
+    auto userAuthCallback = std::make_shared<AuthCallback>(TEST_USER_ID, TEST_CREDENTIAL_ID, AuthType::PIN, callback);
+    EXPECT_TRUE(userAuthCallback->innerCallback_ != nullptr);
+    Attributes extraInfo;
+    EXPECT_EQ(extraInfo.SetBoolValue(Attributes::ATTR_RE_ENROLL_FLAG, true), true);
+    int32_t errCode = 0;
+    userAuthCallback->OnResult(errCode, extraInfo);
+    EXPECT_EQ(ResultCode::FAIL, callback->result_);
+    errCode = 10; // result != 0
+    userAuthCallback->OnResult(errCode, extraInfo);
+    EXPECT_EQ(errCode, callback->result_);
+    SetSelfTokenID(g_accountMgrTokenID);
+}
+
 /**
  * @tc.name: AuthCallback_OnAcquireInfo_0100
  * @tc.desc: OnAcquireInfo with nullptr.

services/accountmgr/test/unittest/account_iam/account_iam_manager_test.cpp

@@ -597,7 +597,7 @@ HWTEST_F(AccountIamManagerTest, UpdateCredential001, TestSize.Level0)
     EXPECT_NE(callback, nullptr);
     sptr<TestIIDMCallback> testCallback = new(std::nothrow) TestIIDMCallback(callback);
     EXPECT_NE(testCallback, nullptr);
-    EXPECT_CALL(*callback, OnResult(_, _)).Times(Exactly(1));
+    EXPECT_CALL(*callback, OnResult(_, _)).Times(Exactly(2));
     InnerAccountIAMManager::GetInstance().UpdateCredential(TEST_USER_ID, testPara, nullptr);
     InnerAccountIAMManager::GetInstance().UpdateCredential(TEST_USER_ID, testPara, testCallback);
     {