Fallback to on-line password check if local fails.

Fallback to on-line password check if local fails.

Relying on local-auth is not sufficient because locking can be enabled when no local credentials are present.  Also, changing the password outside of this instance of Chrome would require using the old password to unlock, now no longer the case.

This affects only new-profile-management.

BUG=328017
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=243575

[bcwhite, 2014-01-06 21:31:17]

added missing OVERRIDE directives

[bcwhite, 2014-01-07 16:17:18]

added 'virtual' keyword required for Mac

[Roger Tawa OOO till Jul 10th, 2014-01-07 19:20:03]

lgtm, with one question below.

https://codereview.chromium.org/99373008/diff/190001/chrome/browser/ui/webui/...
File chrome/browser/ui/webui/signin/user_manager_screen_handler.cc (right):

https://codereview.chromium.org/99373008/diff/190001/chrome/browser/ui/webui/...
chrome/browser/ui/webui/signin/user_manager_screen_handler.cc:303:
ReportAuthenticationResult(true);
Should the code save the new password here so that local auth will succeed next
time?

[bcwhite, 2014-01-07 19:36:14]

save verified on-line auth password for later off-line use

[bcwhite, 2014-01-07 19:36:41]

https://codereview.chromium.org/99373008/diff/190001/chrome/browser/ui/webui/...
File chrome/browser/ui/webui/signin/user_manager_screen_handler.cc (right):

https://codereview.chromium.org/99373008/diff/190001/chrome/browser/ui/webui/...
chrome/browser/ui/webui/signin/user_manager_screen_handler.cc:303:
ReportAuthenticationResult(true);
> Should the code save the new password here so that local auth will succeed
next
> time?

Good idea.  Done.

[Roger Tawa OOO till Jul 10th, 2014-01-07 21:09:19]

https://codereview.chromium.org/99373008/diff/290001/chrome/browser/ui/webui/...
File chrome/browser/ui/webui/signin/user_manager_screen_handler.cc (right):

https://codereview.chromium.org/99373008/diff/290001/chrome/browser/ui/webui/...
chrome/browser/ui/webui/signin/user_manager_screen_handler.cc:454:
password_attempt_);
Since ReportAuthenticationResult() is also called when local auth succeeds,
maybe better to put this call at line 304 above.  Yes/no?

[bcwhite, 2014-01-07 21:16:16]

move credential update to be only called after on-line auth

[bcwhite, 2014-01-07 21:16:48]

https://codereview.chromium.org/99373008/diff/290001/chrome/browser/ui/webui/...
File chrome/browser/ui/webui/signin/user_manager_screen_handler.cc (right):

https://codereview.chromium.org/99373008/diff/290001/chrome/browser/ui/webui/...
chrome/browser/ui/webui/signin/user_manager_screen_handler.cc:454:
password_attempt_);
On 2014/01/07 21:09:19, Roger Tawa wrote:
> Since ReportAuthenticationResult() is also called when local auth succeeds,
> maybe better to put this call at line 304 above.  Yes/no?

Done.

[commit-bot: I haz the power, 2014-01-08 13:44:00]

CQ is trying da patch. Follow status at
https://chromium-status.appspot.com/cq/bcwhite@chromium.org/99373008/390001

[commit-bot: I haz the power, 2014-01-08 16:04:29]

Change committed as 243575