Fallback to on-line password check if local fails.

chrome/browser/ui/webui/signin/user_manager_screen_handler.cc

Index: chrome/browser/ui/webui/signin/user_manager_screen_handler.cc
diff --git a/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc b/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc
index 37c3e9fcb0a7f52ef26acf11460c46e12ab424c9..6717a0a302e8369b222cba6cd27b78474be9005b 100644
--- a/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc
+++ b/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc
@@ -23,6 +23,8 @@
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_contents_view.h"
 #include "content/public/browser/web_ui.h"
+#include "google_apis/gaia/gaia_auth_fetcher.h"
+#include "google_apis/gaia/gaia_constants.h"
 #include "grit/browser_resources.h"
 #include "grit/chromium_strings.h"
 #include "grit/generated_resources.h"
@@ -210,21 +212,30 @@ void UserManagerScreenHandler::HandleAuthenticatedLaunchUser(
     NOTREACHED();
     return;
   }
+
+  authenticating_profile_index_ = profile_index;
   if (!chrome::ValidateLocalAuthCredentials(profile_index, password)) {
-    web_ui()->CallJavascriptFunction(
-        "cr.ui.Oobe.showSignInError",
-        base::FundamentalValue(0),
-        base::StringValue(
-            l10n_util::GetStringUTF8(IDS_LOGIN_ERROR_AUTHENTICATING)),
-        base::StringValue(""),
-        base::FundamentalValue(0));
+    // Make a second attempt via an on-line authentication call.  This handles
+    // profiles that are missing sign-in credentials and also cases where the
+    // password has been changed externally.
+    client_login_.reset(new GaiaAuthFetcher(
+        this,
+        GaiaConstants::kChromeSource,
+        web_ui()->GetWebContents()->GetBrowserContext()->GetRequestContext()));
+    std::string email_string;
+    args->GetString(0, &email_string);
+    client_login_->StartClientLogin(
+        email_string,
+        password,
+        GaiaConstants::kSyncService,
+        std::string(),
+        std::string(),
+        GaiaAuthFetcher::HostedAccountsAllowed);
+    password_attempt_ = password;
     return;
   }
 
-  info_cache.SetProfileSigninRequiredAtIndex(profile_index, false);
-  base::FilePath path = info_cache.GetPathOfProfileAtIndex(profile_index);
-  profiles::SwitchToProfile(path, desktop_type_, true,
-                            base::Bind(&chrome::HideUserManager));
+  ReportAuthenticationResult(true);
 }
 
 void UserManagerScreenHandler::HandleRemoveUser(const base::ListValue* args) {
@@ -288,6 +299,16 @@ void UserManagerScreenHandler::HandleLaunchUser(const base::ListValue* args) {
       path, desktop_type_, true, base::Bind(&chrome::HideUserManager));
 }
 
+void UserManagerScreenHandler::OnClientLoginSuccess(
+    const ClientLoginResult& result) {
+  ReportAuthenticationResult(true);
+}
+
+void UserManagerScreenHandler::OnClientLoginFailure(
+    const GoogleServiceAuthError& error) {
+  ReportAuthenticationResult(false);
+}
+
 void UserManagerScreenHandler::RegisterMessages() {
   web_ui()->RegisterMessageCallback(kJsApiUserManagerInitialize,
       base::Bind(&UserManagerScreenHandler::HandleInitialize,
@@ -372,7 +393,7 @@ void UserManagerScreenHandler::GetLocalizedValues(
                                base::string16());
   localized_strings->SetString("multiple-signin-banner-text",
                                base::string16());
- }
+}
 
 void UserManagerScreenHandler::SendUserList() {
   base::ListValue users_list;
@@ -418,3 +439,28 @@ void UserManagerScreenHandler::SendUserList() {
   web_ui()->CallJavascriptFunction("login.AccountPickerScreen.loadUsers",
     users_list, base::FundamentalValue(false), base::FundamentalValue(true));
 }
+
+void UserManagerScreenHandler::ReportAuthenticationResult(bool success) {
+  if (success) {
+    ProfileInfoCache& info_cache =
+        g_browser_process->profile_manager()->GetProfileInfoCache();
+    info_cache.SetProfileSigninRequiredAtIndex(
+        authenticating_profile_index_, false);
+    base::FilePath path = info_cache.GetPathOfProfileAtIndex(
+        authenticating_profile_index_);
+    profiles::SwitchToProfile(path, desktop_type_, true,
+                              base::Bind(&chrome::HideUserManager));
+    chrome::SetLocalAuthCredentials(authenticating_profile_index_,
+                                    password_attempt_);

[Roger Tawa OOO till Jul 10th, 2014/01/07 21:09:19]

Since ReportAuthenticationResult() is also called when local auth succeeds,
maybe better to put this call at line 304 above.  Yes/no?

[bcwhite, 2014/01/07 21:16:48]

Done.

+  } else {
+    web_ui()->CallJavascriptFunction(
+        "cr.ui.Oobe.showSignInError",
+        base::FundamentalValue(0),
+        base::StringValue(
+            l10n_util::GetStringUTF8(IDS_LOGIN_ERROR_AUTHENTICATING)),
+        base::StringValue(""),
+        base::FundamentalValue(0));
+  }
+
+  password_attempt_.clear();
+}