Hide pwd textbox when pwd change fails for specific reasons

Bug: 1052634 Change-Id: Ibcc0f04b6105a7651309e08cf8433828bf80a715 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2058695 Commit-Queue: Yusuf Sengul <yusufsn@google.com> Reviewed-by: Tien Mai <tienmai@chromium.org> Cr-Commit-Position: refs/heads/master@{#742176}

Hide pwd textbox when pwd change fails for specific reasons
Bug: 1052634 Change-Id: Ibcc0f04b6105a7651309e08cf8433828bf80a715 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2058695 Commit-Queue: Yusuf Sengul <yusufsn@google.com> Reviewed-by: Tien Mai <tienmai@chromium.org> Cr-Commit-Position: refs/heads/master@{#742176}
654c270f · Yusuf Sengul · Commit Bot · a25723f9 · 654c270f · 654c270f
Commit 654c270f authored Feb 18, 2020 by Yusuf Sengul Committed by Commit Bot Feb 18, 2020
3 changed files
--- a/chrome/credential_provider/gaiacp/gaia_credential_base.cc
+++ b/chrome/credential_provider/gaiacp/gaia_credential_base.cc
@@ -88,6 +88,12 @@ constexpr char kKeyEnhancedDesktopSecurity[] = "Enhanced_desktop_security";
 constexpr char kKeyADAccounts[] = "AD_accounts";
 constexpr char kKeyLocalWindowsAccounts[] = "Local_Windows_accounts";
+// List of errors where Windows returns during password change that can't be
+// worked out with manual user input during forgot password flow.
+constexpr UINT kPasswordErrors[] = {IDS_PASSWORD_COMPLEXITY_ERROR_BASE,
+                                    IDS_USER_NOT_FOUND_PASSWORD_ERROR_BASE,
+                                    IDS_AD_PASSWORD_CHANGE_DENIED_BASE};
 base::string16 GetEmailDomains() {
  std::vector<wchar_t> email_domains(16);
  ULONG length = email_domains.size();
@@ -1278,6 +1284,14 @@ void CGaiaCredentialBase::SetErrorMessageInPasswordField(HRESULT hr) {
  DisplayPasswordField(password_message_id);
 }
+bool CGaiaCredentialBase::BlockingPasswordError(UINT message_id) {
+  for (auto e : kPasswordErrors) {
+    if (e == message_id)
+      return true;
+  }
+  return false;
+}
 // static
 void CGaiaCredentialBase::TellOmahaDidRun() {
 #if BUILDFLAG(GOOGLE_CHROME_BRANDING)
@@ -2489,22 +2503,24 @@ void CGaiaCredentialBase::DisplayPasswordField(int password_message) {
    } else {
      events_->SetFieldString(this, FID_DESCRIPTION,
                              GetStringResource(password_message).c_str());
-      events_->SetFieldState(this, FID_CURRENT_PASSWORD_FIELD,
+      if (!BlockingPasswordError(password_message)) {
-                             CPFS_DISPLAY_IN_SELECTED_TILE);
+        events_->SetFieldState(this, FID_CURRENT_PASSWORD_FIELD,
-      // Force password link won't be displayed if the machine is domain joined
-      // or force reset password is disabled through registry.
-      if (!OSUserManager::Get()->IsUserDomainJoined(get_sid().m_str) &&
-          GetGlobalFlagOrDefault(kRegMdmEnableForcePasswordReset, 1)) {
-        events_->SetFieldState(this, FID_FORGOT_PASSWORD_LINK,
                               CPFS_DISPLAY_IN_SELECTED_TILE);
-        events_->SetFieldString(
+        // Force password link won't be displayed if the machine is domain
-            this, FID_FORGOT_PASSWORD_LINK,
+        // joined or force reset password is disabled through registry.
-            GetStringResource(IDS_FORGOT_PASSWORD_LINK_BASE).c_str());
+        if (!OSUserManager::Get()->IsUserDomainJoined(get_sid().m_str) &&
+            GetGlobalFlagOrDefault(kRegMdmEnableForcePasswordReset, 1)) {
+          events_->SetFieldState(this, FID_FORGOT_PASSWORD_LINK,
+                                 CPFS_DISPLAY_IN_SELECTED_TILE);
+          events_->SetFieldString(
+              this, FID_FORGOT_PASSWORD_LINK,
+              GetStringResource(IDS_FORGOT_PASSWORD_LINK_BASE).c_str());
+        }
+        events_->SetFieldInteractiveState(this, FID_CURRENT_PASSWORD_FIELD,
+                                          CPFIS_FOCUSED);
+        events_->SetFieldSubmitButton(this, FID_SUBMIT,
+                                      FID_CURRENT_PASSWORD_FIELD);
      }
-      events_->SetFieldInteractiveState(this, FID_CURRENT_PASSWORD_FIELD,
-                                        CPFIS_FOCUSED);
-      events_->SetFieldSubmitButton(this, FID_SUBMIT,
-                                    FID_CURRENT_PASSWORD_FIELD);
    }
  }
 }

--- a/chrome/credential_provider/gaiacp/gaia_credential_base.h
+++ b/chrome/credential_provider/gaiacp/gaia_credential_base.h
@@ -285,6 +285,11 @@ class ATL_NO_VTABLE CGaiaCredentialBase
  // by NetUserChangePassword win32 function.
  void SetErrorMessageInPasswordField(HRESULT hr);
+  // Determines whether given message id corresponds to a password change error
+  // which can't be worked out with manual user input in the forgot password
+  // flow.
+  bool BlockingPasswordError(UINT message_id);
  Microsoft::WRL::ComPtr<ICredentialProviderCredentialEvents> events_;
  Microsoft::WRL::ComPtr<IGaiaCredentialProvider> provider_;

--- a/chrome/credential_provider/gaiacp/gaia_credential_base_unittests.cc
+++ b/chrome/credential_provider/gaiacp/gaia_credential_base_unittests.cc
@@ -2433,38 +2433,36 @@ TEST_P(GcpGaiaCredentialBasePasswordChangeFailureTest, Fail) {
  // automatically.
  {
    HRESULT net_api_status;
-    base::string16 expected_error_msg;
+    UINT message_id;
    switch (failure_reason) {
      case 0:
        net_api_status = HRESULT_FROM_WIN32(ERROR_INVALID_PASSWORD);
-        expected_error_msg = GetStringResource(IDS_INVALID_PASSWORD_BASE);
+        message_id = IDS_INVALID_PASSWORD_BASE;
        break;
      case 1:
        net_api_status = HRESULT_FROM_WIN32(NERR_InvalidComputer);
-        expected_error_msg =
+        message_id = IDS_INVALID_COMPUTER_NAME_ERROR_BASE;
-            GetStringResource(IDS_INVALID_COMPUTER_NAME_ERROR_BASE);
        break;
      case 2:
        net_api_status = HRESULT_FROM_WIN32(NERR_NotPrimary);
-        expected_error_msg =
+        message_id = IDS_AD_PASSWORD_CHANGE_DENIED_BASE;
-            GetStringResource(IDS_AD_PASSWORD_CHANGE_DENIED_BASE);
        break;
      case 3:
        net_api_status = HRESULT_FROM_WIN32(NERR_UserNotFound);
-        expected_error_msg =
+        message_id = IDS_USER_NOT_FOUND_PASSWORD_ERROR_BASE;
-            GetStringResource(IDS_USER_NOT_FOUND_PASSWORD_ERROR_BASE);
        break;
      case 4:
        net_api_status = HRESULT_FROM_WIN32(NERR_PasswordTooShort);
-        expected_error_msg =
+        message_id = IDS_PASSWORD_COMPLEXITY_ERROR_BASE;
-            GetStringResource(IDS_PASSWORD_COMPLEXITY_ERROR_BASE);
        break;
      default:
        net_api_status = E_FAIL;
-        expected_error_msg = GetStringResource(IDS_UNKNOWN_PASSWORD_ERROR_BASE);
+        message_id = IDS_UNKNOWN_PASSWORD_ERROR_BASE;
        break;
    }
+    base::string16 expected_error_msg = GetStringResource(message_id);
    // Set reason for failing the password change attempt.
    fake_os_user_manager()->ShouldFailChangePassword(true, net_api_status);
@@ -2490,12 +2488,17 @@ TEST_P(GcpGaiaCredentialBasePasswordChangeFailureTest, Fail) {
    ASSERT_EQ(net_api_status, FinishLogonProcess(true, true, 0));
+    CREDENTIAL_PROVIDER_FIELD_STATE cpfs = CPFS_DISPLAY_IN_SELECTED_TILE;
+    if (message_id == IDS_PASSWORD_COMPLEXITY_ERROR_BASE ||
+        message_id == IDS_USER_NOT_FOUND_PASSWORD_ERROR_BASE ||
+        message_id == IDS_AD_PASSWORD_CHANGE_DENIED_BASE) {
+      cpfs = CPFS_HIDDEN;
+    }
    // Make sure password textbox is shown due to password change failure.
-    ASSERT_EQ(CPFS_DISPLAY_IN_SELECTED_TILE,
+    ASSERT_EQ(cpfs, fake_credential_provider_credential_events()->GetFieldState(
-              fake_credential_provider_credential_events()->GetFieldState(
+                        cred.Get(), FID_CURRENT_PASSWORD_FIELD));
-                  cred.Get(), FID_CURRENT_PASSWORD_FIELD));
-    // Make sure password textbox is shown due to passwor change failure.
    EXPECT_STREQ(expected_error_msg.c_str(),
                 fake_credential_provider_credential_events()->GetFieldString(
                     cred.Get(), FID_DESCRIPTION));