[devicelock] Add a permanent manager lockout state. Contributes to JB…

…#38705

This only affects feedback.  From a API sense lockout is either
due to excessive code entries or manager input.

src/nemo-devicelock/devicelock.h

@@ -43,8 +43,7 @@ class NEMODEVICELOCK_EXPORT DeviceLock : public QObject, private ConnectionClien
         Unlocked = 0,           /*!< Unlocked - The lock is unlocked */
         Locked,                 /*!< Locked - The lock is being used */
         ManagerLockout,         /*!< ManagerLockout - Access has been restricted by a device manager. */
-        TemporaryLockout,       /*!< TemporaryLockout - Access has been temporarily restricted because of excessive incorrect unlock attempts. */
-        PermanentLockout,       /*!< PermanentLockout - Access has been permanently restricted because of excessive incorrect unlock attempts. */
+        CodeEntryLockout,       /*!< CodeEntryLockout - Access has been restricted because of excessive incorrect unlock attempts. */
         Undefined               /*!< Undefined - The state of the lock is unknown */
     };
 

src/nemo-devicelock/host/cli/cliauthenticator.cpp

@@ -72,7 +72,7 @@ HostAuthenticationInput::Availability CliAuthenticator::availability() const
         const int attempts = currentAttempts();
 
         if (maximum > 0 && attempts >= maximum) {
-            return PermanentlyLocked;
+            return CodeEntryLockedPermanent;
         } else {
             return CanAuthenticate;
         }

src/nemo-devicelock/host/cli/clidevicelock.cpp

@@ -61,7 +61,7 @@ HostAuthenticationInput::Availability CliDeviceLock::availability() const
         const int attempts = currentAttempts();
 
         if (maximum > 0 && attempts >= maximum) {
-            return PermanentlyLocked;
+            return CodeEntryLockedPermanent;
         } else {
             return CanAuthenticate;
         }

src/nemo-devicelock/host/hostauthenticationinput.cpp

@@ -294,23 +294,34 @@ void HostAuthenticationInput::feedback(
 
 void HostAuthenticationInput::lockedOut()
 {
-    switch (availability()) {
-    case ManagerLocked:
-        abortAuthentication(AuthenticationInput::LockedByManager);
-        feedback(AuthenticationInput::ContactSupport, -1);
-        break;
-    case TemporarilyLocked:
-        abortAuthentication(AuthenticationInput::MaximumAttemptsExceeded);
+    lockedOut(availability(), &HostAuthenticationInput::abortAuthentication);
+}
+
+void HostAuthenticationInput::lockedOut(
+        Availability availability,
+        void (HostAuthenticationInput::*errorFunction)(AuthenticationInput::Error error))
+{
+    switch (availability) {
+    case CodeEntryLockedRecoverable:
+        (this->*errorFunction)(AuthenticationInput::MaximumAttemptsExceeded);
         feedback(AuthenticationInput::TemporarilyLocked, -1);
         break;
-    case PermanentlyLocked:
-        abortAuthentication(AuthenticationInput::MaximumAttemptsExceeded);
+    case CodeEntryLockedPermanent:
+        (this->*errorFunction)(AuthenticationInput::MaximumAttemptsExceeded);
+        feedback(AuthenticationInput::PermanentlyLocked, -1);
+        break;
+    case ManagerLockedRecoverable:
+        (this->*errorFunction)(AuthenticationInput::LockedByManager);
+        feedback(AuthenticationInput::ContactSupport, -1);
+        break;
+    case ManagerLockedPermanent:
+        (this->*errorFunction)(AuthenticationInput::LockedByManager);
         feedback(AuthenticationInput::PermanentlyLocked, -1);
         break;
     default:
         // Locked out but availability doesn't reflect this.  This shouldn't be reachable
         // under normal circumstances.
-        abortAuthentication(AuthenticationInput::SoftwareError);
+        (this->*errorFunction)(AuthenticationInput::SoftwareError);
     }
 }
 

src/nemo-devicelock/host/hostauthenticationinput.h

@@ -79,9 +79,10 @@ class HostAuthenticationInput : public HostObject
         CanAuthenticate,
         CanAuthenticateSecurityCode,
         SecurityCodeRequired,
-        ManagerLocked,
-        TemporarilyLocked,
-        PermanentlyLocked
+        CodeEntryLockedRecoverable,
+        CodeEntryLockedPermanent,
+        ManagerLockedRecoverable,
+        ManagerLockedPermanent
     };
 
     explicit HostAuthenticationInput(
@@ -132,6 +133,9 @@ class HostAuthenticationInput : public HostObject
 
 protected:
     void lockedOut();
+    void lockedOut(
+            Availability availability,
+            void (HostAuthenticationInput::*errorFunction)(AuthenticationInput::Error error));
 
 private:
     friend class HostAuthenticationInputAdaptor;

src/nemo-devicelock/host/hostauthenticator.cpp

@@ -130,7 +130,8 @@ void HostAuthenticator::authenticate(
     m_state = Authenticating;
     m_challengeCode = challengeCode;
 
-    switch (availability()) {
+    const auto availability = this->availability();
+    switch (availability) {
     case AuthenticationNotRequired:
         qCDebug(daemon, "Authentication requested. Unsecured, authenticating immediately.");
         confirmAuthentication();
@@ -146,20 +147,12 @@ void HostAuthenticator::authenticate(
         m_challengeCode.clear();
         authenticationUnavailable(AuthenticationInput::FunctionUnavailable);
         break;
-    case ManagerLocked:
-        m_challengeCode.clear();
-        authenticationUnavailable(AuthenticationInput::LockedByManager);
-        feedback(AuthenticationInput::ContactSupport, -1);
-        break;
-    case TemporarilyLocked:
-        m_challengeCode.clear();
-        authenticationUnavailable(AuthenticationInput::MaximumAttemptsExceeded);
-        feedback(AuthenticationInput::TemporarilyLocked, -1);
-        break;
-    case PermanentlyLocked:
+    case CodeEntryLockedRecoverable:
+    case CodeEntryLockedPermanent:
+    case ManagerLockedRecoverable:
+    case ManagerLockedPermanent:
         m_challengeCode.clear();
-        authenticationUnavailable(AuthenticationInput::MaximumAttemptsExceeded);
-        feedback(AuthenticationInput::PermanentlyLocked, -1);
+        lockedOut(availability, &HostAuthenticationInput::authenticationUnavailable);
         break;
     }
 }
@@ -188,9 +181,10 @@ void HostAuthenticator::handleChangeSecurityCode(const QString &client, const QV
     case CanAuthenticate:
         authenticationStarted(Authenticator::SecurityCode, AuthenticationInput::EnterSecurityCode);
         break;
-    case ManagerLocked:
-    case TemporarilyLocked:
-    case PermanentlyLocked:
+    case CodeEntryLockedRecoverable:
+    case CodeEntryLockedPermanent:
+    case ManagerLockedRecoverable:
+    case ManagerLockedPermanent:
         m_challengeCode.clear();
         authenticationUnavailable(AuthenticationInput::FunctionUnavailable);
         break;
@@ -220,9 +214,10 @@ void HostAuthenticator::handleClearSecurityCode(const QString &client)
         authenticationStarted(Authenticator::SecurityCode, AuthenticationInput::EnterSecurityCode);
         break;
     case SecurityCodeRequired:
-    case ManagerLocked:
-    case TemporarilyLocked:
-    case PermanentlyLocked:
+    case CodeEntryLockedRecoverable:
+    case CodeEntryLockedPermanent:
+    case ManagerLockedRecoverable:
+    case ManagerLockedPermanent:
         authenticationUnavailable(AuthenticationInput::FunctionUnavailable);
         break;
     }

src/nemo-devicelock/host/hostdevicelock.cpp

@@ -111,7 +111,7 @@ void HostDeviceLock::unlock()
 
     m_state = Authenticating;
 
-    switch (availability()) {
+    switch (const auto availability = this->availability()) {
     case AuthenticationNotRequired:
         m_state = Idle;
         setLocked(false);
@@ -128,20 +128,12 @@ void HostDeviceLock::unlock()
         m_state = EnteringNewSecurityCode;
         authenticationStarted(Authenticator::SecurityCode, AuthenticationInput::EnterNewSecurityCode);
         break;
-    case ManagerLocked:
-        m_state = AuthenticationError;
-        authenticationUnavailable(AuthenticationInput::LockedByManager);
-        feedback(AuthenticationInput::ContactSupport, -1);
-        break;
-    case TemporarilyLocked:
-        m_state = AuthenticationError;
-        authenticationUnavailable(AuthenticationInput::MaximumAttemptsExceeded);
-        feedback(AuthenticationInput::TemporarilyLocked, -1);
-        break;
-    case PermanentlyLocked:
+    case CodeEntryLockedRecoverable:
+    case CodeEntryLockedPermanent:
+    case ManagerLockedRecoverable:
+    case ManagerLockedPermanent:
         m_state = AuthenticationError;
-        authenticationUnavailable(AuthenticationInput::MaximumAttemptsExceeded);
-        feedback(AuthenticationInput::PermanentlyLocked, -1);
+        lockedOut(availability, &HostAuthenticationInput::authenticationUnavailable);
         break;
     }
 
@@ -327,9 +319,10 @@ void HostDeviceLock::confirmAuthentication()
 
         authenticationEnded(true);
         break;
-    case ManagerLocked:
-    case TemporarilyLocked:
-    case PermanentlyLocked:
+    case CodeEntryLockedRecoverable:
+    case CodeEntryLockedPermanent:
+    case ManagerLockedRecoverable:
+    case ManagerLockedPermanent:
         authenticationEnded(false);
         break;
     }
@@ -362,14 +355,13 @@ void HostDeviceLock::stateChanged()
     const auto previousState = m_lockState;
 
     switch (availability()) {
-    case ManagerLocked:
-        m_lockState = DeviceLock::ManagerLockout;
+    case CodeEntryLockedRecoverable:
+    case CodeEntryLockedPermanent:
+        m_lockState = DeviceLock::CodeEntryLockout;
         break;
-    case TemporarilyLocked:
-        m_lockState = DeviceLock::TemporaryLockout;
-        break;
-    case PermanentlyLocked:
-        m_lockState = DeviceLock::PermanentLockout;
+    case ManagerLockedRecoverable:
+    case ManagerLockedPermanent:
+        m_lockState = DeviceLock::ManagerLockout;
         break;
     case SecurityCodeRequired:
         m_lockState = DeviceLock::Locked;
@@ -395,14 +387,14 @@ void HostDeviceLock::lockedChanged()
 
 void HostDeviceLock::availabilityChanged()
 {
-    const auto available = availability();
+    const auto availability = this->availability();
 
     propertyChanged(
                 QStringLiteral("org.nemomobile.devicelock.DeviceLock"),
                 QStringLiteral("Enabled"),
-                available != AuthenticationNotRequired);
+                availability != AuthenticationNotRequired);
 
-    switch (available) {
+    switch (availability) {
     case AuthenticationNotRequired:
         switch (m_state) {
         case Authenticating:
@@ -451,46 +443,18 @@ void HostDeviceLock::availabilityChanged()
             break;
         }
         break;
-    case ManagerLocked:
-        setLocked(true);
-
-        switch (m_state) {
-        case Authenticating:
-        case EnteringNewSecurityCode:
-        case RepeatingNewSecurityCode:
-        case AuthenticationError:
-            abortAuthentication(AuthenticationInput::LockedByManager);
-            feedback(AuthenticationInput::ContactSupport, -1);
-            break;
-        default:
-            break;
-        }
-        break;
-    case TemporarilyLocked:
-        setLocked(true);
-
-        switch (m_state) {
-        case Authenticating:
-        case EnteringNewSecurityCode:
-        case RepeatingNewSecurityCode:
-        case AuthenticationError:
-            abortAuthentication(AuthenticationInput::MaximumAttemptsExceeded);
-            feedback(AuthenticationInput::TemporarilyLocked, -1);
-            break;
-        default:
-            break;
-        }
-        break;
-    case PermanentlyLocked:
+    case CodeEntryLockedRecoverable:
+    case CodeEntryLockedPermanent:
+    case ManagerLockedRecoverable:
+    case ManagerLockedPermanent:
         setLocked(true);
 
         switch (m_state) {
         case Authenticating:
         case EnteringNewSecurityCode:
         case RepeatingNewSecurityCode:
         case AuthenticationError:
-            abortAuthentication(AuthenticationInput::MaximumAttemptsExceeded);
-            feedback(AuthenticationInput::PermanentlyLocked, -1);
+            lockedOut(availability, &HostAuthenticationInput::abortAuthentication);
             break;
         default:
             break;