Add a lock to the managed user settings page and require authentication for unlocking.

chrome/browser/ui/webui/managed_user_passphrase_dialog_webui.cc

+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ui/webui/managed_user_passphrase_dialog_webui.h"
+
+#include <string>
+#include <vector>
+
+#include "base/bind.h"
+#include "base/values.h"
+#include "chrome/browser/managed_mode/managed_user_passphrase.h"
+#include "chrome/browser/prefs/pref_service.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/ui/webui/chrome_url_data_manager.h"
+#include "chrome/browser/ui/webui/chrome_web_ui_data_source.h"
+#include "chrome/browser/ui/webui/constrained_web_dialog_ui.h"
+#include "chrome/common/pref_names.h"
+#include "chrome/common/url_constants.h"
+#include "content/public/browser/web_contents.h"
+#include "content/public/browser/web_ui_message_handler.h"
+#include "grit/browser_resources.h"
+#include "grit/generated_resources.h"
+#include "ui/gfx/size.h"
+
+namespace {
+
+class ManagedUserPassphraseDialogMessageHandler
+    : public content::WebUIMessageHandler {
+ public:
+  ManagedUserPassphraseDialogMessageHandler() {}
+  virtual ~ManagedUserPassphraseDialogMessageHandler() {}

[Bernhard Bauer, 2013/01/07 14:20:22]

Moar newlines plz :)

+  virtual void RegisterMessages() OVERRIDE;
+ private:
+  void CheckPassphrase(const base::ListValue* args);
+  DISALLOW_COPY_AND_ASSIGN(ManagedUserPassphraseDialogMessageHandler);
+};
+
+void ManagedUserPassphraseDialogMessageHandler::RegisterMessages() {
+  web_ui()->RegisterMessageCallback("checkPassphrase",
+      base::Bind(&ManagedUserPassphraseDialogMessageHandler::CheckPassphrase,
+      base::Unretained(this)));

[Bernhard Bauer, 2013/01/07 14:20:22]

base::Unretained makes me queasy. How do you know that this object will still be
around?

I think you want to use weak pointers (base::WeakPtr(Factory)) here.

+}
+
+void ManagedUserPassphraseDialogMessageHandler::CheckPassphrase(
+    const base::ListValue* args) {
+  const base::Value* passphrase_arg;

[Bernhard Bauer, 2013/01/07 14:20:22]

Can you initialize this to null?

+  args->Get(0, &passphrase_arg);
+  std::string passphrase;
+  passphrase_arg->GetAsString(&passphrase);
+  std::string stored_passphrase_hash, encoded_passphrase_hash;
+  ManagedUserPassphrase::GenerateHashFromPassphrase(passphrase,
+      &encoded_passphrase_hash);
+  const PrefService* pref_service = Profile::FromWebUI(web_ui())->GetPrefs();
+  const PrefService::Preference* pref =
+      pref_service->FindPreference(prefs::kManagedModeLocalPassphrase);
+  if (!pref) {
+    NOTREACHED();

[Bernhard Bauer, 2013/01/07 14:20:22]

DCHECK(pref);

+  }
+  if (!pref->GetValue()->GetAsString(&stored_passphrase_hash)) {

[Bernhard Bauer, 2013/01/07 14:20:22]

bool success = ...; DCHECK(success);

+    NOTREACHED();
+  }
+  if (stored_passphrase_hash == encoded_passphrase_hash) {
+    web_ui()->CallJavascriptFunction("passphraseCorrect");
+  } else {
+    web_ui()->CallJavascriptFunction("passphraseIncorrect");
+  }
+}
+
+const int kDialogWidth = 400;
+const int kDialogHeight = 310;
+
+}  // namespace
+
+void ManagedUserPassphraseDialogWebUI::CreateManagedUserPassphraseDialog(

[Bernhard Bauer, 2013/01/07 14:20:22]

I think you could get rid of the static factory method and make the constructor
public instead. For TabModalConfirmationDialog it was different, because the
static method was in a different class (to allow platform-dependent
implementations).

+    content::WebContents* web_contents,
+    const base::Callback<void(void)>& callback) {
+  // this is deleted automatically when the user closes the dialog

[Bernhard Bauer, 2013/01/07 14:20:22]

Capitalize please (also below).

+  new ManagedUserPassphraseDialogWebUI(web_contents, callback);
+}
+
+ui::ModalType ManagedUserPassphraseDialogWebUI::GetDialogModalType() const {
+  return ui::MODAL_TYPE_WINDOW;
+}
+
+string16 ManagedUserPassphraseDialogWebUI::GetDialogTitle() const {
+  return string16();
+}
+
+GURL ManagedUserPassphraseDialogWebUI::GetDialogContentURL() const {
+  return GURL(chrome::kChromeUIManagedUserPassphrasePageURL);
+}
+
+// this function is called by the constrained window delegate
+void ManagedUserPassphraseDialogWebUI::GetWebUIMessageHandlers(
+    std::vector<content::WebUIMessageHandler*>* handlers) const {
+  DCHECK(handlers);
+  // the constrained window delegate takes care of registering the handler
+  // the handler is also deleted automatically
+  handlers->push_back(new ManagedUserPassphraseDialogMessageHandler());
+}
+
+void ManagedUserPassphraseDialogWebUI::GetDialogSize(gfx::Size* size) const {
+  size->SetSize(kDialogWidth, kDialogHeight);
+}
+
+std::string ManagedUserPassphraseDialogWebUI::GetDialogArgs() const {
+  return std::string();
+}
+
+void ManagedUserPassphraseDialogWebUI::OnDialogClosed(
+    const std::string& json_retval) {
+  if (closing_) {

[Bernhard Bauer, 2013/01/07 14:20:22]

Single-line statements don't need braces.

An empty line afterwards instead would be nice though.

+    return;
+  }
+  closing_ = true;
+  if (!json_retval.empty()) {
+    callback_.Run();

[Bernhard Bauer, 2013/01/07 14:20:22]

Hm, never running the callback when the user cancels might make things difficult
later. Can you call it with a success value?

+  }
+}
+
+void ManagedUserPassphraseDialogWebUI::OnCloseContents(
+    content::WebContents* source, bool* out_close_dialog) {}
+
+bool ManagedUserPassphraseDialogWebUI::ShouldShowDialogTitle() const {
+  return false;
+}
+
+ManagedUserPassphraseDialogWebUI::ManagedUserPassphraseDialogWebUI(
+    content::WebContents* web_contents,
+    const base::Callback<void(void)>& callback) {
+  closing_ = false;

[Bernhard Bauer, 2013/01/07 14:20:22]

You can initialize members directly.

+  callback_ = callback;
+  Profile* profile =
+      Profile::FromBrowserContext(web_contents->GetBrowserContext());
+  CreateDataSource(profile);
+  CreateConstrainedWebDialog(profile, this, NULL, web_contents);
+}
+
+ManagedUserPassphraseDialogWebUI::~ManagedUserPassphraseDialogWebUI() {}
+
+void ManagedUserPassphraseDialogWebUI::CreateDataSource(Profile* profile) {
+  ChromeWebUIDataSource* data_source =
+      new ChromeWebUIDataSource(chrome::kChromeUIManagedUserPassphrasePageHost);
+  data_source->set_default_resource(IDR_MANAGED_USER_PASSPHRASE_DIALOG_HTML);
+  data_source->add_resource_path("managed_user_passphrase_dialog.js",
+      IDR_MANAGED_USER_PASSPHRASE_DIALOG_JS);
+  data_source->add_resource_path("managed_user_passphrase_dialog.css",
+      IDR_MANAGED_USER_PASSPHRASE_DIALOG_CSS);
+  data_source->add_resource_path("chrome_kid.png",
+      IDR_MANAGED_USER_PASSPHRASE_DIALOG_IMG);
+  data_source->AddLocalizedString("familyControlPassphrasePage",
+      IDS_PASSPHRASE_TITLE);
+  data_source->AddLocalizedString("forgot_passphrase", IDS_FORGOT_PASSPHRASE);
+  data_source->AddLocalizedString("unlock_passphrase_button",
+      IDS_UNLOCK_PASSPHRASE_BUTTON);
+  data_source->AddLocalizedString("passphrase_instruction",
+      IDS_PASSPHRASE_INSTRUCTION);
+  data_source->AddLocalizedString("incorrect_passphrase_warning",
+      IDS_INCORRECT_PASSPHRASE_WARNING);
+  data_source->AddLocalizedString("cancel_passphrase_button", IDS_CANCEL);
+  data_source->set_json_path("strings.js");
+  data_source->set_use_json_js_format_v2();
+  ChromeURLDataManager::AddDataSource(profile, data_source);
+}