Index: chrome/browser/ui/webui/options/password_manager_handler.cc |
diff --git a/chrome/browser/ui/webui/options/password_manager_handler.cc b/chrome/browser/ui/webui/options/password_manager_handler.cc |
index d1ef29a03bed018dc1194fb82b43d030aceec026..4c3a8965d35ba358e257ace4fe63ed48810ab4b1 100644 |
--- a/chrome/browser/ui/webui/options/password_manager_handler.cc |
+++ b/chrome/browser/ui/webui/options/password_manager_handler.cc |
@@ -5,13 +5,16 @@ |
#include "chrome/browser/ui/webui/options/password_manager_handler.h" |
#include "base/bind.h" |
+#include "base/command_line.h" |
#include "base/prefs/pref_service.h" |
#include "base/strings/string_number_conversions.h" |
#include "base/strings/utf_string_conversions.h" |
#include "base/values.h" |
#include "chrome/browser/chrome_notification_types.h" |
+#include "chrome/browser/password_manager/password_manager_util.h" |
#include "chrome/browser/password_manager/password_store_factory.h" |
#include "chrome/browser/profiles/profile.h" |
+#include "chrome/common/chrome_switches.h" |
#include "chrome/common/pref_names.h" |
#include "chrome/common/url_constants.h" |
#include "components/autofill/core/common/password_form.h" |
@@ -30,6 +33,10 @@ PasswordManagerHandler::PasswordManagerHandler() |
: populater_(this), |
exception_populater_(this), |
is_user_authenticated_(false) { |
+ CommandLine* cl = CommandLine::ForCurrentProcess(); |
+ require_reauthentication_ = |
+ cl->HasSwitch(switches::kEnablePasswordManagerReauthentication) && |
+ !(cl->HasSwitch(switches::kDisablePasswordManagerReauthentication)); |
} |
PasswordManagerHandler::~PasswordManagerHandler() { |
@@ -157,9 +164,10 @@ void PasswordManagerHandler::RequestShowPassword(const ListValue* args) { |
return; |
} |
- if (!is_user_authenticated_) { |
- // TODO(dubroy): Insert actual authentication code here. |
- is_user_authenticated_ = true; |
+ if (require_reauthentication_ && !is_user_authenticated_) { |
Will Harris
2013/10/18 11:56:52
for users who leave their browser open for several
Patrick Dubroy
2013/10/18 13:15:54
Yeah. For some reason I was thinking I'd leave tha
|
+ // If reauthentication fails, do nothing. |
+ if (!(is_user_authenticated_ = password_manager_util::AuthenticateUser())) |
+ return; |
} |
// Call back the front end to reveal the password. |