Add a lock to the managed user settings page and require authentication for unlocking.

chrome/browser/resources/options/managed_user_set_passphrase.js

Index: chrome/browser/resources/options/managed_user_set_passphrase.js
diff --git a/chrome/browser/resources/options/managed_user_set_passphrase.js b/chrome/browser/resources/options/managed_user_set_passphrase.js
new file mode 100644
index 0000000000000000000000000000000000000000..5c9fd5a46757858690256678af9a7577f5f39b71
--- /dev/null
+++ b/chrome/browser/resources/options/managed_user_set_passphrase.js
@@ -0,0 +1,90 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+cr.define('options', function() {
+  /** @const */ var OptionsPage = options.OptionsPage;
+
+  //////////////////////////////////////////////////////////////////////////////
+  // ManagedUserSetPassphraseOverlay class:
+
+  /**
+   * Encapsulated handling of the Managed User Set Passphrase page.
+   * @constructor
+   */
+  function ManagedUserSetPassphraseOverlay() {
+    OptionsPage.call(
+      this,
+      'setPassphrase',
+      loadTimeData.getString('setPassphraseTitle'),
+      'managed-user-set-passphrase-overlay');
+  }
+
+  cr.addSingletonGetter(ManagedUserSetPassphraseOverlay);
+
+  ManagedUserSetPassphraseOverlay.prototype = {
+    __proto__: OptionsPage.prototype,
+
+    /** @override */
+    initializePage: function() {
+      OptionsPage.prototype.initializePage.call(this);
+      $('managed-user-passphrase').oninput = this.updateDisplay_;
+      $('passphrase-confirm').oninput = this.updateDisplay_;
+
+      $('save-passphrase').onclick = function() {
+        chrome.send('setPassphrase', [$('managed-user-passphrase').value]);
+        $('managed-user-passphrase').value = '';
+        $('passphrase-confirm').value = '';
+        OptionsPage.closeOverlay();
+      };
+    },
+    updateDisplay_: function() {
+      if ($('passphrase-confirm').value != $('managed-user-passphrase').value) {

[Bernhard Bauer, 2013/02/05 12:52:23]

I think it would be nicer to pull the result of this check into a local variable
and then set the other properties based on that variable.

+        $('passphrase-mismatch').hidden = false;
+        $('passphrase-confirm').setCustomValidity(
+            $('passphrase-mismatch').textContent);
+        $('save-passphrase').disabled = true;
+      }
+      else {

[Bernhard Bauer, 2013/02/05 12:52:23]

On the same line as the closing brace, please :)

+        $('save-passphrase').disabled = $('passphrase-confirm').value == '';

[Bernhard Bauer, 2013/02/05 12:52:23]

Instead of directly checking the value of #passphrase-confirm, you could check
its validity.valid attribute. That way you're not coupled to the fact that we
require a value (instead, the logic is: the save button is enabled iff all input
fields are valid).

Also, I think it would be clearer to check #passphrase instead of
passphrase-confirm (the values have to be equal for us to be in that branch, but
it seems a bit clearer to me that we require the *passphrase* to be non-empty).

[Adrian Kuegel, 2013/02/05 13:21:05]

I restructured the code accordingly. Now I also don't need the if/else blocks,
so the comment above is addressed automatically :)

+        $('passphrase-confirm').setCustomValidity('');
+        $('passphrase-mismatch').hidden = true;
+      }
+    },
+    getPassphraseInput_: function() {

[Bernhard Bauer, 2013/02/05 12:52:23]

Are these actually used?

[Adrian Kuegel, 2013/02/05 13:21:05]

Not really, just by the test functions. But they can return the elements
directly, so I simplified it.

+      return $('managed-user-passphrase');
+    },
+    getPassphraseConfirmInput_: function() {
+      return $('passphrase-confirm');
+    },
+    getSavePassphraseButton_: function() {
+      return $('save-passphrase');
+    },
+    /** @override */
+    canShowPage: function() {
+      return ManagedUserSettings.getInstance().canShowPage();
+    },
+  };
+
+  // The following functions should only be called by WebUI tests.
+  ManagedUserSetPassphraseOverlay.getPassphraseInput = function() {
+    return ManagedUserSetPassphraseOverlay.getInstance().getPassphraseInput_();
+  };
+  ManagedUserSetPassphraseOverlay.getPassphraseConfirmInput = function() {
+    var instance = ManagedUserSetPassphraseOverlay.getInstance();
+    return instance.getPassphraseConfirmInput_();
+  };
+  ManagedUserSetPassphraseOverlay.getSavePassphraseButton = function() {
+    var instance = ManagedUserSetPassphraseOverlay.getInstance();
+    return instance.getSavePassphraseButton_();
+  };
+  ManagedUserSetPassphraseOverlay.updateDisplay = function() {
+    return ManagedUserSetPassphraseOverlay.getInstance().updateDisplay_();
+  };
+
+  // Export
+  return {
+    ManagedUserSetPassphraseOverlay: ManagedUserSetPassphraseOverlay
+  };
+
+});