Add a lock to the managed user settings page and require authentication for unlocking.

chrome/browser/ui/webui/options/managed_user_passphrase_handler.cc

Index: chrome/browser/ui/webui/options/managed_user_passphrase_handler.cc
diff --git a/chrome/browser/ui/webui/options/managed_user_passphrase_handler.cc b/chrome/browser/ui/webui/options/managed_user_passphrase_handler.cc
new file mode 100644
index 0000000000000000000000000000000000000000..e6a59f79aaa752ad5ab24847165806d629754c5e
--- /dev/null
+++ b/chrome/browser/ui/webui/options/managed_user_passphrase_handler.cc
@@ -0,0 +1,92 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ui/webui/options/managed_user_passphrase_handler.h"
+
+#include "base/bind.h"
+#include "base/logging.h"
+#include "base/values.h"
+#include "chrome/browser/managed_mode/managed_user_passphrase.h"
+#include "chrome/browser/prefs/pref_service.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/ui/webui/managed_user_passphrase_dialog_webui.h"
+#include "chrome/common/pref_names.h"
+#include "content/public/browser/web_contents.h"
+#include "content/public/browser/web_ui.h"
+#include "grit/generated_resources.h"
+
+namespace options {
+
+ManagedUserPassphraseHandler::ManagedUserPassphraseHandler()
+    : weak_ptr_factory_(this) {
+}
+
+ManagedUserPassphraseHandler::~ManagedUserPassphraseHandler() {
+}
+
+void ManagedUserPassphraseHandler::InitializeHandler() {
+}
+
+void ManagedUserPassphraseHandler::RegisterMessages() {
+  web_ui()->RegisterMessageCallback("setPassphrase",
+      base::Bind(&ManagedUserPassphraseHandler::SetLocalPassphrase,
+      weak_ptr_factory_.GetWeakPtr()));
+    web_ui()->RegisterMessageCallback("displayPassphraseDialog",
+      base::Bind(&ManagedUserPassphraseHandler::DisplayPassphraseDialog,
+      weak_ptr_factory_.GetWeakPtr()));
+}
+
+void ManagedUserPassphraseHandler::GetLocalizedValues(
+    base::DictionaryValue* localized_strings) {
+  DCHECK(localized_strings);
+
+  static OptionsStringResource resources[] = {
+    { "confirmPassphrase", IDS_CONFIRM_PASSPHRASE_LABEL },
+    { "enterPassphrase", IDS_ENTER_PASSPHRASE_LABEL },
+    { "savePassphrase", IDS_SAVE_PASSPHRASE_BUTTON },
+    { "setPassphraseInstructions", IDS_SET_PASSPHRASE_INSTRUCTIONS },
+    { "passphraseMismatch", IDS_PASSPHRASE_MISMATCH },
+  };
+  RegisterStrings(localized_strings, resources, arraysize(resources));
+
+  RegisterTitle(localized_strings, "setPassphraseTitle",
+      IDS_SET_PASSPHRASE_TITLE);
+}
+
+void ManagedUserPassphraseHandler::PassphraseDialogCallback(bool success) {
+  if (success)

[Bernhard Bauer, 2013/01/08 17:43:14]

I think I would actually plumb the success through to the Web UI. You might want
to do different things in the UI if authentication fails.

[Adrian Kuegel, 2013/01/09 12:10:05]

Done.

+    web_ui()->CallJavascriptFunction(callback_function_name_);
+}
+
+void ManagedUserPassphraseHandler::DisplayPassphraseDialog(
+    const base::ListValue* args) {
+  // Store the name of the callback function.
+  const base::Value* callback_arg;
+  args->Get(0, &callback_arg);

[Bernhard Bauer, 2013/01/08 17:43:14]

Here you can use ListValue::GetString().

[Adrian Kuegel, 2013/01/09 12:10:05]

Done.

+  callback_arg->GetAsString(&callback_function_name_);
+  content::WebContents* web_contents = web_ui()->GetWebContents();

[Bernhard Bauer, 2013/01/08 17:43:14]

You could probably inline this.

[Adrian Kuegel, 2013/01/09 12:10:05]

Done.

+  ManagedUserPassphraseDialogWebUI::CreateManagedUserPassphraseDialog(
+      web_contents,
+      base::Bind(&ManagedUserPassphraseHandler::PassphraseDialogCallback,
+      base::Unretained(this)));
+}
+
+void ManagedUserPassphraseHandler::SetLocalPassphrase(
+    const base::ListValue* args) {
+  const base::Value *passphraseArg;
+  args->Get(0, &passphraseArg);
+  std::string passphrase;
+  passphraseArg->GetAsString(&passphrase);
+  ManagedUserPassphrase passphrase_key_generator((std::string()));
+  std::string encoded_passphrase_hash;
+  passphrase_key_generator.GenerateHashFromPassphrase(passphrase,

[Bernhard Bauer, 2013/01/08 17:43:14]

Align the parameters please (here and below).

[Adrian Kuegel, 2013/01/09 12:10:05]

Done.

+      &encoded_passphrase_hash);
+  PrefService* pref_service = Profile::FromWebUI(web_ui())->GetPrefs();
+  pref_service->SetString(prefs::kManagedModeLocalPassphrase,
+      encoded_passphrase_hash);
+  pref_service->SetString(prefs::kManagedModeLocalSalt,
+      passphrase_key_generator.GetSalt());
+}
+
+}  // namespace options