Save plaintext password as a separate password key in UserContext.

This fixes an issue where an existing user's passwords are not saved in
the UserContext if views-based login is used. This in turn meant that
the user's password would not be saved in the kernel keyring in cases
where the ${PASSWORD} variable is used in the OpenNetworkConfiguration
policy.


BUG=chromium:866566
TEST=run unit tests, run autotests

Change-Id: I2d43ebfb6869d8d333e61505d1987081076fc3da
Reviewed-on: https://chromium-review.googlesource.com/1147207Reviewed-by: Jacob Dufault <jdufault@chromium.org>
Commit-Queue: May Lippert <maybelle@chromium.org>
Cr-Commit-Position: refs/heads/master@{#577318}

chrome/browser/chromeos/login/ui/login_display_host_mojo.cc

@@ -337,6 +337,19 @@ void LoginDisplayHostMojo::HandleAuthenticateUser(
   user_context.SetIsUsingPin(authenticated_by_pin);
   user_context.SetKey(
       Key(chromeos::Key::KEY_TYPE_PASSWORD_PLAIN, "" /*salt*/, password));
+  // Save the user's plaintext password for possible authentication to a
+  // network. If the user's OpenNetworkConfiguration policy contains a
+  // ${PASSWORD} variable, then the user's password will be used to authenticate
+  // to the specified network.
+  //
+  // The user's password needs to be saved in memory until the policy can be
+  // examined. When the policy comes in, if it does not contain the ${PASSWORD}
+  // variable, the user's password will be discarded. If it contains the
+  // password, it will be sent to the session manager, which will then save it
+  // in a keyring so it can be retrieved for authenticating to the network.
+  //
+  // More details can be found in https://crbug.com/386606
+  user_context.SetPasswordKey(Key(password));
   if (account_id.GetAccountType() == AccountType::ACTIVE_DIRECTORY &&
       (user_context.GetUserType() !=
        user_manager::UserType::USER_TYPE_ACTIVE_DIRECTORY)) {