Add a lock to the managed user settings page and require authentication for unlocking.

chrome/browser/resources/options/managed_user_set_passphrase.js

Index: chrome/browser/resources/options/managed_user_set_passphrase.js
diff --git a/chrome/browser/resources/options/managed_user_set_passphrase.js b/chrome/browser/resources/options/managed_user_set_passphrase.js
new file mode 100644
index 0000000000000000000000000000000000000000..6d8bb7a46a625048ba51514d51ff51cf5620ff30
--- /dev/null
+++ b/chrome/browser/resources/options/managed_user_set_passphrase.js
@@ -0,0 +1,76 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+cr.define('options', function() {
+  /** @const */ var OptionsPage = options.OptionsPage;
+
+  //////////////////////////////////////////////////////////////////////////////
+  // ManagedUserSetPassphraseOverlay class:
+
+  /**
+   * Encapsulated handling of the Managed User Set Passphrase page.
+   * @constructor
+   */
+  function ManagedUserSetPassphraseOverlay() {
+    OptionsPage.call(
+      this,
+      'setPassphrase',
+      loadTimeData.getString('setPassphraseTitle'),
+      'managed-user-set-passphrase-overlay');
+  }
+
+  cr.addSingletonGetter(ManagedUserSetPassphraseOverlay);
+
+  ManagedUserSetPassphraseOverlay.prototype = {
+    __proto__: OptionsPage.prototype,
+
+    /** @override */
+    initializePage: function() {
+      OptionsPage.prototype.initializePage.call(this);
+      $('managed-user-passphrase').oninput = this.updateDisplay_;
+      $('passphrase-confirm').oninput = this.updateDisplay_;
+
+      $('save-passphrase').onclick = function() {
+        chrome.send('setPassphrase', [$('managed-user-passphrase').value]);
+        $('managed-user-passphrase').value = '';
+        $('passphrase-confirm').value = '';
+        OptionsPage.closeOverlay();
+      };
+    },
+    updateDisplay_: function() {
+      var valid =
+          $('passphrase-confirm').value == $('managed-user-passphrase').value;
+      $('passphrase-mismatch').hidden = valid;
+      $('passphrase-confirm').setCustomValidity(valid ? '' :

[Bernhard Bauer, 2013/02/05 13:34:44]

Move |valid| to a new line please.

[Adrian Kuegel, 2013/02/05 14:56:45]

Done.

+          $('passphrase-mismatch').textContent);
+      $('save-passphrase').disabled =
+          !$('passphrase-confirm').validity.valid ||
+          !$('managed-user-passphrase').validity.valid;
+    },
+    /** @override */
+    canShowPage: function() {
+      return ManagedUserSettings.getInstance().canShowPage();
+    },
+  };
+
+  // The following functions should only be called by WebUI tests.
+  ManagedUserSetPassphraseOverlay.getPassphraseInput = function() {

[Bernhard Bauer, 2013/02/05 13:34:44]

I'm wondering if we could stuff these into a separate object so it's clear
they're for testing purposes only.

[Adrian Kuegel, 2013/02/05 14:56:45]

Done.

+    return $('managed-user-passphrase');
+  };
+  ManagedUserSetPassphraseOverlay.getPassphraseConfirmInput = function() {
+    return $('passphrase-confirm');
+  };
+  ManagedUserSetPassphraseOverlay.getSavePassphraseButton = function() {
+    return $('save-passphrase');
+  };
+  ManagedUserSetPassphraseOverlay.updateDisplay = function() {
+    return ManagedUserSetPassphraseOverlay.getInstance().updateDisplay_();
+  };
+
+  // Export
+  return {
+    ManagedUserSetPassphraseOverlay: ManagedUserSetPassphraseOverlay
+  };
+
+});