Commit Graph

22 Commits

Author SHA1 Message Date
Rubin Xu
397ee8b563 Do not reset incorrect password attempts after biometric authentication
For work challenges, do not reset incorrect password attempts if
challenge is resolved via biometric authentication. This is the
behaviour for personal keyguard and work challenge should be
consistent.

Bug: 139438785
Test: manual: enroll work challenge with fingerprint, set failed wipe
count (3) via TestDPC and attempt two failed attempts (via cmd
lock_settings). Resolve work challenge with fingerprint and attempt one
last failed attempt. Verify work profiel is wiped.

Change-Id: Ic64d3e44f3faa5adf8ac43db09e33c8403427990
2020-03-18 11:38:30 +00:00
Pavel Grafov
c4d9980a5d Fix NPE when there's no forgot password button.
Test: manual
Bug: 149887743
Change-Id: If2238aec2e618f617b7459b819303c03f009941a
2020-02-20 12:42:12 +00:00
Pavel Grafov
04f783c759 "Forgot my password" to start profile in locked state.
Currently if a work profile with a separate lock is turned off
(a.k.a. in quiet mode), and the user has forgotten the password,
profile owner app cannot use DPM.resetPasswordWithToken because
the profile user is not running.

In BYOD case the user can remove and re-provision the profile but
in the new COPE mode (a.k.a. on an organization owned device with
work profile) it is not possible to remove the profile. So full
factory reset is required.

This CL allows the user to start the profile in locked state
(a.k.a direct boot mode) so that the admin can reset the password.

This CL adds "Forgot my password" button to work profile credential prompt
if all of the following conditions are true:
 * Work profile is turned off
 * Profile owner app is capable of running in direct boot mode.
 * Profile owner app has an active password reset token.
 * The device is an FBE device (otherwise profile will be unlocked).

Clicking this button starts the profile in locked state and shows an
activity to the user that instruct them to go to their IT admin.

Bug: 143516540
Test: manual
Change-Id: I832f7121b43e39161c5afa816f44ce89584b66e2
2020-02-19 13:48:34 +00:00
Alex Johnston
28c6b577ad Update string displayed on work pin/password challenge
* The incorrect string was being displayed when the user
  was asked to enter their pin/password.
* Updated the string to include **work** instead of
  **device** when entering a work pin/password.

Bug: 148211118
Test: Manual testing
Change-Id: I2239a5011dec62fd63574bbf75495548ddd0d907
2020-01-28 17:49:33 +00:00
Alex Johnston
7868acfa74 Update work profile lock in Settings to latest spec
* Updated FrameLayout of work profile lock in Settings to use GlifLayout
* Removed old background image of work profile lock
* Updated text for PIN, password and pattern
* Added enterprise logo to work profile lock

Bug: 141290838
Test: Manual testing
      atest com.android.settings.password

Change-Id: Ie09974857b6c76a182a8075b9e1964a2e0af0de9
2020-01-07 14:15:28 +00:00
Rubin Xu
010116a173 Introduce LockscreenCredential
Bug: 65239740
Test: make RunSettingsRoboTests ROBOTEST_FILTER=com.android.settings.password
Change-Id: Icb73d639291d6d2eda8015e18e93d0906f916bb2
2019-10-13 21:20:02 +01:00
joshmccloskey
3786016993 Removed old settings device credential logic.
Bug: 140128468
Test: Verified with biometricpromptdemo that confirm device credential
still works correctly.
Change-Id: I0f608ba1256c696317402f56549452bf6933066b
2019-09-18 15:57:22 -07:00
pastychang
fa68ec4f56 Set suw description textview to fixed id
Heavy theme supports to costomize description text style. Modify it to fixed id
that can be customized by partner resource.

Heavy theme screenshot: https://screenshot.googleplex.com/TL4M7wmTaPg
Set fixed id screenshot: https://screenshot.googleplex.com/CA6QHoNTQBZ

Test: atest
Bug: 121988926
Change-Id: I8882acd49e7d57f24afa9dd6f3e9abfd06556053
2019-04-12 09:20:12 +00:00
Rich Cannings
b27c4308a2 Refactor passwords/pins/patterns to byte[]
Relating to packages/apps/Settings

Bug: 120484642
Test: manual - test setting and unlocking passwords/pins/patterns.
      automated - 20 of about 500 tests fail due to fragile synthetic
      password test code.

Change-Id: Idec8338d141c185bef67ade12035fdb2fa9d17ea
2019-02-26 14:46:12 -08:00
Kevin Chyn
e56df8877a CDCA is plumbed through BP
CDCA can be invoked with a bundle extra originating from BiometricService.
This allows us to add/forward new BP builder options to CDCA without having
duplicate API each time.

Bug: 111461540
Test: test app, receives correct callbacks
Test: CDC still works

Change-Id: Ia2080d161abba87949338176b34cdf440ed4ed53
2019-01-25 18:13:38 -08:00
Fan Zhang
31b210017b Migrate all MetricsProto enums to SettingsEnums
Bug: 122855168
Test: rebuild
Change-Id: I962d9a71179f86b7cae9dc5e9a00e0aa1557dc76
2019-01-17 14:55:42 -08:00
Kevin Chyn
127da9c73c Fix ConfirmDeviceCredentials for work profiles
1) Fixed the theme for CDCA$InternalActivity to be transparent
2) CDCA only cares about biometrics, which are tied to userId
3) Moved shared methods to a util class

Fixes: 119296586

Test: Followed the steps in comment#1 of the bug linked above


Change-Id: Ie47fc7c3a53dfb7780087937e1ca83287cc52d71
2018-11-14 11:03:57 -08:00
Kevin Chyn
e5a016e076 1/n: Prepare ConfirmDeviceCredentials to use BiometricPrompt
CDC is going to use BiometricPrompt instead. This change
removes FingerprintManager from CDC. BiometricPrompt
will show before pin/pattern/pass is shown.

Bug: 111461540

Test: modified BiometricPromptDemo to use
      KeyguardManager#createConfirmDeviceCredentialIntent,
Test: Fingerprint is gone from CDC, rotation works
Test: atest SettingsRoboTests

Change-Id: I9ce2aad71961af8a0d5ee636600e2fbdb6154e47
2018-11-01 14:11:57 -07:00
Maurice Lam
3e3b8a9618 Make GLIF theme default for confirm lock screen
Use GLIF theme as the default for confirm lock screen, even for
"external" launches of the screen. Renamed the theme from "internal"
to "normal" to reflect this change.
Dark theme code will be cleaned up later.

Test: Existing tests pass
Bug: 62573742
Change-Id: I86958eb3a440d7274807f1cf453c3e53c16c23e7
2018-03-21 18:21:04 -07:00
Doris Ling
72489725c6 Change superclass to InstrumentedFragment.
- for fragments that do not implement the preference screen, change them
to inherit from InstrumentedFragment instead.

Change-Id: I791c2634024bd2c248efea955be5c680180d735c
Fixes: 68277111
Test: make RunSettingsRoboTests
2018-02-02 13:41:16 -08:00
Charles He
caf9510923 Clear "Wrong pattern" prompt automatically.
When the user enters a wrong pattern/pin/password, a "Wrong
pattern/pin/password" text shows up on ConfirmLockPattern or
ConfirmLockPassword screen. In ConfirmLockPassword, it disappears
automatically after 3 seconds, whereas it doesn't in ConfirmLockPattern.

In this change, we make the prompt in ConfirmLockPattern disappear
automatically as well.

Bug: 64781905
Test: manual
Test: make RunSettingsRoboTests
Change-Id: I53a25576413671ced4197064d51fbcc397733265
2017-08-18 17:35:27 +01:00
Adrian Roos
6600ddec73 FRP: Add dedicated explanation strings for ConfirmCredential
Change-Id: I1bf63898509032560cd302fde9dfe05473336e49
Fixes: 63958816
Test: adb shell settings put global device_provisioned 1 && adb shell am start -a android.app.action.CONFIRM_FRP_CREDENTIAL; verify strings
2017-08-09 11:08:13 +00:00
Charles He
4c96d9b203 Add special lock screen prompt strings for strong auth.
Due to incorrect strings, we temporarily disabled the prompt strings for
strong auth and instead used the generic ones as a short-term fix. In
this CL, we correct the strong auth prompt strings and add them back to
the lock screen UI. The new strings are in line with those in keyguard.

Bug: 36511626
Test: manual
Test: make RunSettingsRoboTests
Change-Id: Ifba689db37cc7d331eb1a774814f6b6235977ff9
2017-07-11 10:49:59 +01:00
Charles He
701ac5cbee Disable incorrect strong auth prompt strings.
The prompt strings on the confirm credentials screen (pin, password,
pattern) are incorrect. They currently say strong auth is "required
after device restarts". But instead they should be "required for
additional security" because strong auth can be enforced not only after
device or profile restarts, but also after profile key eviction, for
example.

Unfortunately, we've already missed the window for string changes.
Therefore, as an alternative, we use generic prompt strings in this CL,
to avoid conveying the incorrect (and misleading) information. We'll
follow up with another CL in master with a proper string change to fix
the issue.

Bug: 36511626
Test: manual
Test: make SettingsRoboTests
Change-Id: I44f84420b88bb4933ad0afa6e8032af465de0cd3
2017-07-03 09:42:20 +01:00
Adrian Roos
5a9a3cde62 Credential FRP: Add ACTION_CONFIRM_FRP_CREDENTIAL to ConfirmCredential
Bug: 36814845
Test: adb shell settings put global device_provisioned 0 && adb shell am start -a android.app.action.CONFIRM_FRP_CREDENTIAL
Change-Id: Id6ce6bc5ebd9c9e2a88790cc800678aff50e580f
2017-05-30 18:25:18 -07:00
Charles He
641c9fc23a Make failed ConfirmCredential attempts count towards wipe
Previously, failed ConfirmDeviceCredential attempts only counted towards the
wipe limit if it is used as a separate work challenge.

In this CL, we additionally make these failed attempts count towards the total
failures in the following scenarios:
  1) when unified work challenge is enabled
  2) for the primary user (e.g. when a wipe limit is set by a DO)
  3) for secondary users

Bug: 27238008
Test: manual, by entering wrong credentials multiple times
Test: make SettingsRoboTests
Change-Id: Ie5a099bb3fd46245c13ccf4c8f91c4d935412a4e
2017-05-23 18:04:52 +01:00
Maurice Lam
2eb170cd6f Clean up choose lock intent creation
Consolidated the many variants of ChooseLock*.createIntent, so that
it will take the same set of arguments.

Also modified SetupChooseLock*.createIntent to modifyIntentForSetup,
which will take the intent created by ChooseLock* and modify it for
use with setup.

Test: cd tests/robotests && mma
Change-Id: I5ff033f459c33ec9980872a536b3996d89f2bbbb
2017-05-12 15:35:20 -07:00