Add the authenticate screen for the quick unlock settings.

chrome/browser/resources/settings/people_page/quick_unlock_authenticate.js

Index: chrome/browser/resources/settings/people_page/quick_unlock_authenticate.js
diff --git a/chrome/browser/resources/settings/people_page/quick_unlock_authenticate.js b/chrome/browser/resources/settings/people_page/quick_unlock_authenticate.js
new file mode 100644
index 0000000000000000000000000000000000000000..72c662feb3fec0f7ef8a8de505ae700866286c4a
--- /dev/null
+++ b/chrome/browser/resources/settings/people_page/quick_unlock_authenticate.js
@@ -0,0 +1,158 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+/**
+ * @fileoverview
+ *
+ * 'settings-quick-unlock-authenticate' shows a password input prompt to the
+ * user. It validates the password is correct. Once the user has entered their
+ * account password, the page navigates to the quick unlock setup methods page.
+ *
+ * This element provides a wrapper around chrome.quickUnlockPrivate.setModes
+ * which has a prebound account password (the |set-modes| property). The account
+ * password by itself is not avaialble for other elements to access.

[tommycli, 2016/06/29 21:04:23]

typo on "available"

[jdufault, 2016/06/29 22:02:04]

Done.

+ *
+ * Example:
+ *
+ * <settings-quick-unlock-authenticate
+ *   set-modes="[[setModes]]"
+ *   current-route="{{currentRoute}}"
+ *   profile-name="[[profileName_]]">
+ * </settings-quick-unlock-authenticate>
+ */
+
+(function() {
+'use strict';
+
+/** @const */ var PASSWORD_ACTIVE_DURATION_MS = 10 * 60 * 1000; // Ten minutes.
+/** @const */ var AUTOSUBMIT_DELAY_MS = 500; // .5 seconds
+
+Polymer({
+  is: 'settings-quick-unlock-authenticate',
+
+  behaviors: [
+    QuickUnlockRoutingBehavior,
+  ],
+
+  properties: {
+    /**
+     * A partially applied chrome.quickUnlockPrivate.setModes function, where
+     * the password has already been provided. If this is null, then the
+     * authentication screen needs to be redispalyed to recapture the user's

[tommycli, 2016/06/29 21:04:23]

"redisplayed" typo

[jdufault, 2016/06/29 22:02:04]

Done.

+     * password. The value stored here will reset after
+     * PASSWORD_ACTIVE_DURATION_MS milliseconds.
+     */

[tommycli, 2016/06/29 21:04:23]

How about revise the comment to similar to:

If the user has entered a password, this method will be a partially-applied
chrome.quickUnlockPrivate.setModes method call (with the password parameter
applied). Otherwise, this is null, and the authentication screen needs to be
redisplayed. The value stored here will be reset after
PASSWORD_ACTIVE_DURATION_MS milliseconds.

It doesn't have the be the exact above text, just reword a bit.

[jdufault, 2016/06/29 22:02:04]

Done.

+    setModes: {
+      type: Object,
+      notify: true
+    },
+
+    /**
+     * Name of the profile.
+     */
+    profileName: String,
+
+    /**
+     * The actual value of the password field. This is cleared whenever the
+     * authentication screen is not displayed so that the user's password is not
+     * easily available to an attacker. The actual password is stored as an
+     * captured closure variable inside of setModes.
+     * @private
+     */
+    password_: String,
+
+    /**
+     * Helper property which marks password as valid/invalid.
+     * @private
+     */
+    passwordInvalid_: Boolean
+  },
+
+  observers: [
+    'onRouteChanged_(currentRoute)'
+  ],
+
+  /** @private */
+  onRouteChanged_: function(currentRoute) {
+    // Clear local state if this screen is not active so if this screen shows
+    // up again the user will get a fresh UI.
+    if (!this.isScreenActive(QuickUnlockScreen.AUTHENTICATE)) {
+      this.password_ = '';
+      this.passwordInvalid_ = false;
+    }
+  },
+
+  /**
+   * Start or restart a timer to check the account password and move past the
+   * authentication screen.
+   * @private
+   */
+  startDelayedPasswordCheck_: function() {
+    clearTimeout(this.delayedPasswordCheckTimeout_);
+    this.delayedPasswordCheckTimeout_ =
+        setTimeout(this.checkPasswordNow_.bind(this), AUTOSUBMIT_DELAY_MS);
+  },
+
+  /**
+   * Run the account password check right now. This will cancel any delayed
+   * check.
+   * @private
+   */
+  checkPasswordNow_: function() {
+    clearTimeout(this.delayedPasswordCheckTimeout_);
+    clearTimeout(this.clearAccountPasswordTimeout_);
+
+    // The user might have started entering a password and then deleted it all.
+    // Do not submit/show an error in this case.
+    if (!this.password_) {
+      this.passwordInvalid_ = false;
+      return;
+    }
+
+    // We check the account password by trying to update the active set of quick
+    // unlock modes without changing any credentials.
+    chrome.quickUnlockPrivate.getActiveModes(function(modes) {
+      var credentials =
+          /** @type {!Array<string>} */ (Array(modes.length).fill(''));
+      chrome.quickUnlockPrivate.setModes(this.password_, modes, credentials,
+                                         onPasswordChecked.bind(this));
+    }.bind(this));

[tommycli, 2016/06/29 21:04:23]

Here i'd recommend something instead like this:

var onPasswordChecked = function(valid) { ... }.bind(this);
chrome.quickUnlockPrivate.getActiveModes ...

That way you can eliminate one of the bind(this) calls.

[jdufault, 2016/06/29 22:02:04]

I've pulled the chrome.quickUnlockPrivate calls out into a helper function;
hopefully that is a bit better.

+
+    function onPasswordChecked(valid) {
+      // Note that the password might have been cleared during the duration of
+      // the getActiveModes call.
+      this.passwordInvalid_ = !valid && !!this.password_;
+
+      if (valid) {
+        // Create the |this.setModes| closure and automatically clear it after
+        // |PASSWORD_ACTIVE_DURATION_MS|.
+        var password = this.password_;
+        this.password_ = '';
+
+        this.setModes = function(modes, credentials, onComplete) {
+          chrome.quickUnlockPrivate.setModes(
+              password, modes, credentials, onComplete);
+        };
+
+        function clearSetModes() {
+          // Reset the password so that any cached references to this.setModes
+          // will fail.
+          password = '';
+          this.setModes = null;
+        }
+
+        this.clearAccountPasswordTimeout_ = setTimeout(
+            clearSetModes.bind(this), PASSWORD_ACTIVE_DURATION_MS);
+
+        this.currentRoute = {
+          page: 'basic',
+          section: 'people',
+          subpage: [QuickUnlockScreen.CHOOSE_METHOD]
+        };
+      }
+    }
+  }
+});
+
+})();