Fallback to on-line password check if local fails.

chrome/browser/ui/webui/signin/user_manager_screen_handler.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/signin/user_manager_screen_handler.h"
 
 #include "base/bind.h"
 #include "base/value_conversions.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/profiles/avatar_menu.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_info_cache.h"
 #include "chrome/browser/profiles/profile_info_cache_observer.h"
 #include "chrome/browser/profiles/profile_info_util.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/profiles/profile_window.h"
 #include "chrome/browser/profiles/profiles_state.h"
 #include "chrome/browser/signin/local_auth.h"
 #include "chrome/browser/ui/browser_dialogs.h"
 #include "chrome/browser/ui/browser_finder.h"
 #include "chrome/browser/ui/singleton_tabs.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_contents_view.h"
 #include "content/public/browser/web_ui.h"
+#include "google_apis/gaia/gaia_auth_fetcher.h"
+#include "google_apis/gaia/gaia_constants.h"
 #include "grit/browser_resources.h"
 #include "grit/chromium_strings.h"
 #include "grit/generated_resources.h"
 #include "third_party/skia/include/core/SkBitmap.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/webui/web_ui_util.h"
 #include "ui/gfx/image/image_util.h"
 
 #if defined(ENABLE_MANAGED_USERS)
 #include "chrome/browser/managed_mode/managed_user_service.h"
@@ skipping 167 matching lines @@
     return;
 
   ProfileInfoCache& info_cache =
       g_browser_process->profile_manager()->GetProfileInfoCache();
   size_t profile_index = GetIndexOfProfileWithEmailAndName(
       info_cache, email_address, display_name);
   if (profile_index >= info_cache.GetNumberOfProfiles()) {
     NOTREACHED();
     return;
   }
+
+  authenticating_profile_index_ = profile_index;
   if (!chrome::ValidateLocalAuthCredentials(profile_index, password)) {
-    web_ui()->CallJavascriptFunction(
-        "cr.ui.Oobe.showSignInError",
-        base::FundamentalValue(0),
-        base::StringValue(
-            l10n_util::GetStringUTF8(IDS_LOGIN_ERROR_AUTHENTICATING)),
-        base::StringValue(""),
-        base::FundamentalValue(0));
+    // Make a second attempt via an on-line authentication call.  This handles
+    // profiles that are missing sign-in credentials and also cases where the
+    // password has been changed externally.
+    client_login_.reset(new GaiaAuthFetcher(
+        this,
+        GaiaConstants::kChromeSource,
+        web_ui()->GetWebContents()->GetBrowserContext()->GetRequestContext()));
+    std::string email_string;
+    args->GetString(0, &email_string);
+    client_login_->StartClientLogin(
+        email_string,
+        password,
+        GaiaConstants::kSyncService,
+        std::string(),
+        std::string(),
+        GaiaAuthFetcher::HostedAccountsAllowed);
+    password_attempt_ = password;
     return;
   }
 
-  info_cache.SetProfileSigninRequiredAtIndex(profile_index, false);
-  base::FilePath path = info_cache.GetPathOfProfileAtIndex(profile_index);
-  profiles::SwitchToProfile(path, desktop_type_, true,
-                            base::Bind(&chrome::HideUserManager));
+  ReportAuthenticationResult(true);
 }
 
 void UserManagerScreenHandler::HandleRemoveUser(const base::ListValue* args) {
   DCHECK(args);
   const base::Value* profile_path_value;
   if (!args->Get(0, &profile_path_value))
     return;
 
   base::FilePath profile_path;
   if (!base::GetValueAsFilePath(*profile_path_value, &profile_path))
@@ skipping 43 matching lines @@
   // we have to validate in (secure) C++ code that it really is a profile
   // not needing authentication.  If it is, just ignore the "launch" request.
   if (info_cache.ProfileIsSigninRequiredAtIndex(profile_index))
     return;
 
   base::FilePath path = info_cache.GetPathOfProfileAtIndex(profile_index);
   profiles::SwitchToProfile(
       path, desktop_type_, true, base::Bind(&chrome::HideUserManager));
 }
 
+void UserManagerScreenHandler::OnClientLoginSuccess(
+    const ClientLoginResult& result) {
+  ReportAuthenticationResult(true);
+}
+
+void UserManagerScreenHandler::OnClientLoginFailure(
+    const GoogleServiceAuthError& error) {
+  ReportAuthenticationResult(false);
+}
+
 void UserManagerScreenHandler::RegisterMessages() {
   web_ui()->RegisterMessageCallback(kJsApiUserManagerInitialize,
       base::Bind(&UserManagerScreenHandler::HandleInitialize,
                  base::Unretained(this)));
   web_ui()->RegisterMessageCallback(kJsApiUserManagerAddUser,
       base::Bind(&UserManagerScreenHandler::HandleAddUser,
                  base::Unretained(this)));
   web_ui()->RegisterMessageCallback(kJsApiUserManagerAuthLaunchUser,
       base::Bind(&UserManagerScreenHandler::HandleAuthenticatedLaunchUser,
                  base::Unretained(this)));
@@ skipping 64 matching lines @@
            IDS_LOGIN_POD_USER_REMOVE_WARNING));
 
   // Strings needed for the user_pod_template public account div, but not ever
   // actually displayed for desktop users.
   localized_strings->SetString("publicAccountReminder", base::string16());
   localized_strings->SetString("publicAccountEnter", base::string16());
   localized_strings->SetString("publicAccountEnterAccessibleName",
                                base::string16());
   localized_strings->SetString("multiple-signin-banner-text",
                                base::string16());
- }
+}
 
 void UserManagerScreenHandler::SendUserList() {
   base::ListValue users_list;
   base::FilePath active_profile_path =
       web_ui()->GetWebContents()->GetBrowserContext()->GetPath();
   const ProfileInfoCache& info_cache =
       g_browser_process->profile_manager()->GetProfileInfoCache();
 
   // If the active user is a managed user, then they may not perform
   // certain actions (i.e. delete another user).
@@ skipping 25 matching lines @@
     // The row of user pods should display the active user first.
     if (is_active_user)
       users_list.Insert(0, profile_value);
     else
       users_list.Append(profile_value);
   }
 
   web_ui()->CallJavascriptFunction("login.AccountPickerScreen.loadUsers",
     users_list, base::FundamentalValue(false), base::FundamentalValue(true));
 }
+
+void UserManagerScreenHandler::ReportAuthenticationResult(bool success) {
+  if (success) {
+    ProfileInfoCache& info_cache =
+        g_browser_process->profile_manager()->GetProfileInfoCache();
+    info_cache.SetProfileSigninRequiredAtIndex(
+        authenticating_profile_index_, false);
+    base::FilePath path = info_cache.GetPathOfProfileAtIndex(
+        authenticating_profile_index_);
+    profiles::SwitchToProfile(path, desktop_type_, true,
+                              base::Bind(&chrome::HideUserManager));
+    chrome::SetLocalAuthCredentials(authenticating_profile_index_,
+                                    password_attempt_);

[Roger Tawa OOO till Jul 10th, 2014/01/07 21:09:19]

Since ReportAuthenticationResult() is also called when local auth succeeds,
maybe better to put this call at line 304 above.  Yes/no?

[bcwhite, 2014/01/07 21:16:48]

Done.

+  } else {
+    web_ui()->CallJavascriptFunction(
+        "cr.ui.Oobe.showSignInError",
+        base::FundamentalValue(0),
+        base::StringValue(
+            l10n_util::GetStringUTF8(IDS_LOGIN_ERROR_AUTHENTICATING)),
+        base::StringValue(""),
+        base::FundamentalValue(0));
+  }
+
+  password_attempt_.clear();
+}