Perform online reauth when password is changed for a locked profile.

chrome/browser/ui/webui/signin/user_manager_screen_handler.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/signin/user_manager_screen_handler.h"
 
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/prefs/pref_service.h"
 #include "base/profiler/scoped_tracker.h"
@@ skipping 435 matching lines @@
   email_address_ = email_address;
   password_attempt_ = password;
 
   // This could be a mis-typed password or typing a new password while we
   // still have a hash of the old one.  The new way of checking a password
   // change makes use of a token so we do that... if it's available.
   if (!oauth_client_) {
     oauth_client_.reset(new gaia::GaiaOAuthClient(
         web_ui()->GetWebContents()->GetBrowserContext()->GetRequestContext()));
   }
+
   std::string token = info_cache.GetPasswordChangeDetectionTokenAtIndex(
-      profile_index);
+      authenticating_profile_index_);
   if (!token.empty()) {
     oauth_client_->GetTokenHandleInfo(token, kMaxOAuthRetries, this);
     return;
   }
 
   // In order to support the upgrade case where we have a local hash but no
-  // password token, we fall back on (deprecated) ClientLogin.  This will
-  // have to be removed in future versions as the service gets turned down
-  // but by then we'll have seamlessly updated the majority of users.
-  client_login_.reset(new GaiaAuthFetcher(
-      this,
-      GaiaConstants::kChromeSource,
-      web_ui()->GetWebContents()->GetBrowserContext()->GetRequestContext()));
-
-  client_login_->StartClientLogin(
-      base::UTF16ToUTF8(email_address),
-      password,
-      GaiaConstants::kSyncService,
-      std::string(),
-      std::string(),
-      GaiaAuthFetcher::HostedAccountsAllowed);
+  // password token, the user perform a full online reauth.
+  UserManager::ShowReauthDialog(web_ui()->GetWebContents()->GetBrowserContext(),
+      base::UTF16ToUTF8(email_address_), authenticating_profile_index_);
 }
 
 void UserManagerScreenHandler::HandleRemoveUser(const base::ListValue* args) {
   DCHECK(args);
   const base::Value* profile_path_value;
   if (!args->Get(0, &profile_path_value)) {
     NOTREACHED();
     return;
   }
 
@@ skipping 83 matching lines @@
 }
 
 void UserManagerScreenHandler::OnGetTokenInfoResponse(
     scoped_ptr<base::DictionaryValue> token_info) {
   // Password is unchanged so user just mistyped it.  Ask again.
   ReportAuthenticationResult(false, ProfileMetrics::AUTH_FAILED);
 }
 
 void UserManagerScreenHandler::OnOAuthError() {
   // Password has changed.  Go through online signin flow.
-  // ... if we had it.  Until then, use deprecated ClientLogin to validate
-  // the password.  This will have to be changed soon.  (TODO: bcwhite)
-    oauth_client_.reset();
-    client_login_.reset(new GaiaAuthFetcher(
-      this,
-      GaiaConstants::kChromeSource,
-      web_ui()->GetWebContents()->GetBrowserContext()->GetRequestContext()));
-
   DCHECK(!email_address_.empty());
-  DCHECK(!password_attempt_.empty());
-  client_login_->StartClientLogin(
-      base::UTF16ToUTF8(email_address_),
-      password_attempt_,
-      GaiaConstants::kSyncService,
-      std::string(),
-      std::string(),
-      GaiaAuthFetcher::HostedAccountsAllowed);
+  DCHECK_NE(std::string::npos, authenticating_profile_index_);
+  oauth_client_.reset();
+  UserManager::ShowReauthDialog(web_ui()->GetWebContents()->GetBrowserContext(),
+      base::UTF16ToUTF8(email_address_), authenticating_profile_index_);
 }
 
 void UserManagerScreenHandler::OnNetworkError(int response_code) {
   // Inconclusive but can't do real signin without being online anyway.
     oauth_client_.reset();
     ReportAuthenticationResult(false, ProfileMetrics::AUTH_FAILED_OFFLINE);
 }
 
-void UserManagerScreenHandler::OnClientLoginSuccess(
-    const ClientLoginResult& result) {
-  oauth_client_.reset();
-  LocalAuth::SetLocalAuthCredentials(authenticating_profile_index_,
-                                     password_attempt_);
-  ReportAuthenticationResult(true, ProfileMetrics::AUTH_ONLINE);
-}
-
-void UserManagerScreenHandler::OnClientLoginFailure(
-    const GoogleServiceAuthError& error) {
-  const GoogleServiceAuthError::State state = error.state();
-  // Some "error" results mean the password was correct but some other action
-  // should be taken.  For our purposes, we only care that the password was
-  // correct so count those as a success.
-  bool success = (state == GoogleServiceAuthError::NONE ||
-                  state == GoogleServiceAuthError::CAPTCHA_REQUIRED ||
-                  state == GoogleServiceAuthError::TWO_FACTOR ||
-                  state == GoogleServiceAuthError::ACCOUNT_DELETED ||
-                  state == GoogleServiceAuthError::ACCOUNT_DISABLED ||
-                  state == GoogleServiceAuthError::WEB_LOGIN_REQUIRED);
-
-  // If the password was correct, the user must have changed it since the
-  // profile was locked.  Save the password to streamline future unlocks.
-  if (success) {
-    DCHECK(!password_attempt_.empty());
-    LocalAuth::SetLocalAuthCredentials(authenticating_profile_index_,
-                                       password_attempt_);
-  }
-
-  bool offline = error.IsTransientError();
-  ProfileMetrics::ProfileAuth failure_metric =
-      offline ? ProfileMetrics::AUTH_FAILED_OFFLINE :
-                ProfileMetrics::AUTH_FAILED;
-  ReportAuthenticationResult(
-      success, success ? ProfileMetrics::AUTH_ONLINE : failure_metric);
-}
-
 void UserManagerScreenHandler::RegisterMessages() {
   web_ui()->RegisterMessageCallback(kJsApiUserManagerInitialize,
       base::Bind(&UserManagerScreenHandler::HandleInitialize,
                  base::Unretained(this)));
   web_ui()->RegisterMessageCallback(kJsApiUserManagerAddUser,
       base::Bind(&UserManagerScreenHandler::HandleAddUser,
                  base::Unretained(this)));
   web_ui()->RegisterMessageCallback(kJsApiUserManagerAuthLaunchUser,
       base::Bind(&UserManagerScreenHandler::HandleAuthenticatedLaunchUser,
                  base::Unretained(this)));
@@ skipping 262 matching lines @@
     Profile* profile, Profile::CreateStatus profile_create_status) {
   Browser* browser = chrome::FindAnyBrowser(profile, false, desktop_type_);
   if (browser && browser->window()) {
     OnBrowserWindowReady(browser);
   } else {
     registrar_.Add(this,
                    chrome::NOTIFICATION_BROWSER_WINDOW_READY,
                    content::NotificationService::AllSources());
   }
 }