Save plaintext password when user logs in using new ash login UI

BUG=chromium:848017
TEST=run unit tests, manual test on kevin, autotest on kevin

Change-Id: I713940fc7e0f76e09385cf0691c536a0ff9227ea
Reviewed-on: https://chromium-review.googlesource.com/1079800
Commit-Queue: May Lippert <maybelle@chromium.org>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Cr-Commit-Position: refs/heads/master@{#563162}

chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc

@@ -853,6 +853,19 @@ void GaiaScreenHandler::DoCompleteLogin(const std::string& gaia_id,
       user ? UserContext(*user)
            : UserContext(CalculateUserType(account_id), account_id);
   user_context.SetKey(Key(password));
+  // Save the user's plaintext password for possible authentication to a
+  // network. If the user's OpenNetworkConfiguration policy contains a
+  // ${PASSWORD} variable, then the user's password will be used to authenticate
+  // to the specified network.
+  //
+  // The user's password needs to be saved in memory until the policy can be
+  // examined. When the policy comes in, if it does not contain the ${PASSWORD}
+  // variable, the user's password will be discarded. If it contains the
+  // password, it will be sent to the session manager, which will then save it
+  // in a keyring so it can be retrieved for authenticating to the network.
+  //
+  // More details can be found in https://crbug.com/386606
+  user_context.SetPasswordKey(Key(password));
   user_context.SetAuthFlow(using_saml
                                ? UserContext::AUTH_FLOW_GAIA_WITH_SAML
                                : UserContext::AUTH_FLOW_GAIA_WITHOUT_SAML);