Forbid empty input in SAML smart card PIN dialog

Don't allow the user to submit the dialog (e.g., click "Next") before entering anything into the input field. Before the CL, the user could submit an empty field, which would lead to unexpected effect for the user, since an empty input is treated internally like a cancellation. This CL changes this to only allow cancelling the dialog in case there's no input yet. In the (rare) case the user's smart card is not protected by a PIN, it's the responsibility of the smart card middleware to not request the PIN input at all. Bug: 1024251 Test: start SAML login using a smart card, reach the PIN dialog, check that the "Next" button is disabled and pressing "Enter" has no effect, enter any digit, check that the "Next" button is enabled Change-Id: I07bc8e48ffe802aa0fcfeda45f0db489a95fad5f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2002510Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org> Commit-Queue: Maksim Ivanov <emaxx@chromium.org> Cr-Commit-Position: refs/heads/master@{#733456}

Forbid empty input in SAML smart card PIN dialog
Don't allow the user to submit the dialog (e.g., click "Next") before entering anything into the input field. Before the CL, the user could submit an empty field, which would lead to unexpected effect for the user, since an empty input is treated internally like a cancellation. This CL changes this to only allow cancelling the dialog in case there's no input yet. In the (rare) case the user's smart card is not protected by a PIN, it's the responsibility of the smart card middleware to not request the PIN input at all. Bug: 1024251 Test: start SAML login using a smart card, reach the PIN dialog, check that the "Next" button is disabled and pressing "Enter" has no effect, enter any digit, check that the "Next" button is enabled Change-Id: I07bc8e48ffe802aa0fcfeda45f0db489a95fad5f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2002510Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org> Commit-Queue: Maksim Ivanov <emaxx@chromium.org> Cr-Commit-Position: refs/heads/master@{#733456}
86ec50f5 · Maksim Ivanov · Commit Bot · 7a173b71 · 86ec50f5 · 86ec50f5
Commit 86ec50f5 authored Jan 20, 2020 by Maksim Ivanov Committed by Commit Bot Jan 20, 2020
2 changed files
--- a/chrome/browser/resources/chromeos/login/security_token_pin.html
+++ b/chrome/browser/resources/chromeos/login/security_token_pin.html
@@ -29,7 +29,7 @@
              has-error="[[isErrorLabelVisible_(errorLabelId_, userEdited_)]]"
              aria-invalid$="[[isAriaInvalid_(parameters, userEdited_)]]"
              on-pin-change="onPinChange_" on-submit="onSubmit_"
-              disabled="[[!canSubmit_]]">
+              disabled="[[!canEdit_]]">
            <div id="errorContainer" role="alert" problem
                invisible$="[[!isLabelVisible_(parameters, userEdited_)]]">
              <iron-icon id="errorIcon" icon="cr:error-outline"></iron-icon>

--- a/chrome/browser/resources/chromeos/login/security_token_pin.js
+++ b/chrome/browser/resources/chromeos/login/security_token_pin.js
@@ -46,6 +46,15 @@ Polymer({
      value: false,
    },

+    /**
+     * Whether the input is currently non-empty.
+     * @private
+     */
+    hasValue_: {
+      type: Boolean,
+      value: false,
+    },
+
    /**
     * Whether the user has made changes in the input field since the dialog
     * was initialized or reset.
@@ -56,14 +65,24 @@ Polymer({
      value: false,
    },

+    /**
+     * Whether the user can change the value in the input field.
+     * @private
+     */
+    canEdit_: {
+      type: Boolean,
+      computed:
+          'computeCanEdit_(parameters.attemptsLeft, processingCompletion_)',
+    },
+
    /**
     * Whether the user can submit a login request.
     * @private
     */
    canSubmit_: {
      type: Boolean,
-      computed:
-          'computeCanSubmit_(parameters.attemptsLeft, processingCompletion_)',
+      computed: 'computeCanSubmit_(parameters.attemptsLeft, ' +
+          'hasValue_, processingCompletion_)',
    },
  },

@@ -93,15 +112,28 @@ Polymer({
  },

  /**
-   * Returns whether the user can make more attempts to log in.
-   * @param {OobeTypes.SecurityTokenPinDialogParameters} parameters
+   * Computes the value of the canEdit_ property.
+   * @param {number} attemptsLeft
+   * @param {boolean} processingCompletion
   * @return {boolean}
   * @private
   */
-  computeCanSubmit_(attemptsLeft, processingCompletion) {
+  computeCanEdit_(attemptsLeft, processingCompletion) {
    return attemptsLeft != 0 && !processingCompletion;
  },

+  /**
+   * Computes the value of the canSubmit_ property.
+   * @param {number} attemptsLeft
+   * @param {boolean} hasValue
+   * @param {boolean} processingCompletion
+   * @return {boolean}
+   * @private
+   */
+  computeCanSubmit_(attemptsLeft, hasValue, processingCompletion) {
+    return attemptsLeft != 0 && hasValue && !processingCompletion;
+  },
+
  /**
   * Invoked when the "Back" button is clicked.
   * @private
@@ -115,10 +147,9 @@ Polymer({
   * @private
   */
  onSubmit_() {
-    if (this.processingCompletion_) {
-      // Race condition: This could happen if the previous request has not yet
-      // been completed before the next one is sent (for example by pressing
-      // Enter twice)
+    if (!this.canSubmit_) {
+      // Disallow submitting when it's not allowed or while proceeding the
+      // previous submission.
      return;
    }
    this.processingCompletion_ = true;
@@ -133,15 +164,18 @@ Polymer({
    // Reset the dialog to the initial state.
    this.$.pinKeyboard.value = '';
    this.processingCompletion_ = false;
+    this.hasValue_ = false;
    this.userEdited_ = false;
    this.$.pinKeyboard.focusInput();
  },

  /**
   * Observer that is called when the user changes the PIN input field.
+   * @param {!CustomEvent<{pin: string}>} e
   * @private
   */
-  onPinChange_() {
+  onPinChange_(e) {
+    this.hasValue_ = e.detail.pin.length > 0;
    this.userEdited_ = true;
  },