Add a lock to the managed user settings page and require authentication for unlocking.

chrome/browser/resources/managed_user_passphrase_dialog.js

Index: chrome/browser/resources/managed_user_passphrase_dialog.js
diff --git a/chrome/browser/resources/managed_user_passphrase_dialog.js b/chrome/browser/resources/managed_user_passphrase_dialog.js
new file mode 100644
index 0000000000000000000000000000000000000000..4450773561d6d447035688d1b8f199d81107ae9e
--- /dev/null
+++ b/chrome/browser/resources/managed_user_passphrase_dialog.js
@@ -0,0 +1,27 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+function load() {
+  $('unlock_passphrase_button').onclick = function(event) {
+    if ($('passphrase_entry').value == '') {

[Bernhard Bauer, 2013/01/07 14:20:22]

Braces around one-line statements are unnecessary.

[Pam (message me for reviews), 2013/01/07 14:51:49]

Should we support an empty password, if I decide not to set one? Or will we
require *something* there, even one character?

+      return;

[Bernhard Bauer, 2013/01/07 14:20:22]

Hm, does that mean that we don't allow empty passwords? Do we need to check that
here?

+    }
+    chrome.send('checkPassphrase', [$('passphrase_entry').value]);
+    $('passphrase_entry').value = '';

[Pam (message me for reviews), 2013/01/07 14:51:49]

Is this necessary? I always find it a little odd-looking when what I've typed
disappears, even if I got the passphrase wrong and need to retype it anyway. If
we could have the field auto-select when clicked, would that be sufficient?

+  }

[Bernhard Bauer, 2013/01/07 14:20:22]

Needs a semicolon.

+  $('cancel_passphrase_button').onclick = function(event) {
+    chrome.send('DialogClose');
+  }

[Bernhard Bauer, 2013/01/07 14:20:22]

Semicolon.

+}
+
+function passphraseCorrect() {
+  chrome.send('DialogClose', ['correct']);

[Bernhard Bauer, 2013/01/07 14:20:22]

Do you need to pass a string constant? Could you pass a boolean instead?

+}
+
+function passphraseIncorrect() {
+  $('incorrect_passphrase_warning').style.visibility = 'visible';

[Bernhard Bauer, 2013/01/07 14:20:22]

Modifying style attributes directly kinda violates the MVC separation. Instead,
set the |.hidden| attribute to true or false. Also, are you resetting it when
the user checks the password again? That might look better (especially if we add
something like a backoff later).

+}
+
+// Add handlers to HTML elements.

[Bernhard Bauer, 2013/01/07 14:20:22]

This comment isn't really necessary :-D

+window.addEventListener('DOMContentLoaded', load);