OOBE: Extract Active Directory Password Change to a separate screen

Bug:1082271

Change-Id: Idfe501620c5a181143e9ba9467dbea686a2052a4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2257058
Commit-Queue: Yunke Zhou <yunkez@google.com>
Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#781745}

chrome/browser/chromeos/BUILD.gn

@@ -1570,6 +1570,8 @@ source_set("chromeos") {
     "login/saml/saml_profile_prefs.h",
     "login/screen_manager.cc",
     "login/screen_manager.h",
+    "login/screens/active_directory_password_change_screen.cc",
+    "login/screens/active_directory_password_change_screen.h",
     "login/screens/app_downloading_screen.cc",
     "login/screens/app_downloading_screen.h",
     "login/screens/arc_terms_of_service_screen.cc",

chrome/browser/chromeos/login/oobe_screen.cc

@@ -47,8 +47,6 @@ constexpr StaticOobeScreenId
     OobeScreen::SCREEN_CREATE_SUPERVISED_USER_FLOW_DEPRECATED;
 constexpr StaticOobeScreenId OobeScreen::SCREEN_CONFIRM_PASSWORD;
 constexpr StaticOobeScreenId OobeScreen::SCREEN_FATAL_ERROR;
-constexpr StaticOobeScreenId
-    OobeScreen::SCREEN_ACTIVE_DIRECTORY_PASSWORD_CHANGE;
 constexpr StaticOobeScreenId OobeScreen::SCREEN_UNKNOWN;
 
 }  // namespace chromeos

chrome/browser/chromeos/login/oobe_screen.h

@@ -59,8 +59,6 @@ struct OobeScreen {
   constexpr static StaticOobeScreenId SCREEN_CONFIRM_PASSWORD{
       "saml-confirm-password"};
   constexpr static StaticOobeScreenId SCREEN_FATAL_ERROR{"fatal-error"};
-  constexpr static StaticOobeScreenId SCREEN_ACTIVE_DIRECTORY_PASSWORD_CHANGE{
-      "ad-password-change"};
 
   constexpr static StaticOobeScreenId SCREEN_UNKNOWN{"unknown"};
 };

chrome/browser/chromeos/login/screens/active_directory_password_change_screen.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/login/screens/active_directory_password_change_screen.h"
+
+#include <memory>
+
+#include "base/bind.h"
+#include "chrome/browser/chromeos/authpolicy/authpolicy_helper.h"
+#include "chrome/browser/chromeos/login/ui/login_display_host.h"
+#include "chrome/browser/ui/webui/chromeos/login/active_directory_password_change_screen_handler.h"
+#include "chrome/browser/ui/webui/chromeos/login/signin_screen_handler.h"
+#include "chrome/grit/generated_resources.h"
+#include "chromeos/login/auth/key.h"
+#include "components/user_manager/known_user.h"
+#include "ui/base/l10n/l10n_util.h"
+
+namespace {
+constexpr char kUserActionCancel[] = "cancel";
+
+// Possible error states of the Active Directory password change screen. Must be
+// in the same order as ACTIVE_DIRECTORY_PASSWORD_CHANGE_ERROR_STATE enum
+// values.
+enum class ActiveDirectoryPasswordChangeErrorState {
+  NO_ERROR = 0,
+  WRONG_OLD_PASSWORD = 1,
+  NEW_PASSWORD_REJECTED = 2,
+};
+}  // namespace
+
+namespace chromeos {
+
+ActiveDirectoryPasswordChangeScreen::ActiveDirectoryPasswordChangeScreen(
+    ActiveDirectoryPasswordChangeView* view,
+    const base::RepeatingClosure& exit_callback)
+    : BaseScreen(ActiveDirectoryPasswordChangeView::kScreenId,
+                 OobeScreenPriority::DEFAULT),
+      authpolicy_login_helper_(std::make_unique<AuthPolicyHelper>()),
+      view_(view),
+      exit_callback_(exit_callback) {
+  if (view_)
+    view_->Bind(this);
+}
+
+ActiveDirectoryPasswordChangeScreen::~ActiveDirectoryPasswordChangeScreen() {
+  if (view_)
+    view_->Unbind();
+}
+
+ActiveDirectoryPasswordChangeScreen* ActiveDirectoryPasswordChangeScreen::Get(
+    ScreenManager* manager) {
+  return static_cast<ActiveDirectoryPasswordChangeScreen*>(
+      manager->GetScreen(ActiveDirectoryPasswordChangeView::kScreenId));
+}
+
+void ActiveDirectoryPasswordChangeScreen::OnViewDestroyed(
+    ActiveDirectoryPasswordChangeView* view) {
+  if (view_ == view)
+    view_ = nullptr;
+}
+
+void ActiveDirectoryPasswordChangeScreen::SetUsername(
+    const std::string& username) {
+  username_ = username;
+}
+
+void ActiveDirectoryPasswordChangeScreen::ShowImpl() {
+  if (view_)
+    view_->Show(
+        username_,
+        static_cast<int>(ActiveDirectoryPasswordChangeErrorState::NO_ERROR));
+}
+
+void ActiveDirectoryPasswordChangeScreen::HideImpl() {
+  username_.clear();
+}
+
+void ActiveDirectoryPasswordChangeScreen::OnUserAction(
+    const std::string& action_id) {
+  if (action_id == kUserActionCancel) {
+    HandleCancel();
+  } else {
+    BaseScreen::OnUserAction(action_id);
+  }
+}
+
+void ActiveDirectoryPasswordChangeScreen::HandleCancel() {
+  authpolicy_login_helper_->CancelRequestsAndRestart();
+  exit_callback_.Run();
+}
+
+void ActiveDirectoryPasswordChangeScreen::ChangePassword(
+    const std::string& old_password,
+    const std::string& new_password) {
+  authpolicy_login_helper_->AuthenticateUser(
+      username_, std::string() /* object_guid */,
+      old_password + "\n" + new_password + "\n" + new_password,
+      base::BindOnce(&ActiveDirectoryPasswordChangeScreen::OnAuthFinished,
+                     weak_factory_.GetWeakPtr(), username_, Key(new_password)));
+}
+
+void ActiveDirectoryPasswordChangeScreen::OnAuthFinished(
+    const std::string& username,
+    const Key& key,
+    authpolicy::ErrorType error,
+    const authpolicy::ActiveDirectoryAccountInfo& account_info) {
+  switch (error) {
+    case authpolicy::ERROR_NONE: {
+      DCHECK(account_info.has_account_id() &&
+             !account_info.account_id().empty());
+      const AccountId account_id = user_manager::known_user::GetAccountId(
+          username, account_info.account_id(), AccountType::ACTIVE_DIRECTORY);
+      DCHECK(LoginDisplayHost::default_host());
+      LoginDisplayHost::default_host()->SetDisplayAndGivenName(
+          account_info.display_name(), account_info.given_name());
+      UserContext user_context(
+          user_manager::UserType::USER_TYPE_ACTIVE_DIRECTORY, account_id);
+      user_context.SetKey(key);
+      user_context.SetAuthFlow(UserContext::AUTH_FLOW_ACTIVE_DIRECTORY);
+      user_context.SetIsUsingOAuth(false);
+      LoginDisplayHost::default_host()->CompleteLogin(user_context);
+      break;
+    }
+    case authpolicy::ERROR_BAD_PASSWORD:
+      view_->Show(
+          username_,
+          static_cast<int>(
+              ActiveDirectoryPasswordChangeErrorState::WRONG_OLD_PASSWORD));
+      break;
+    case authpolicy::ERROR_PASSWORD_REJECTED:
+      view_->Show(
+          username_,
+          static_cast<int>(
+              ActiveDirectoryPasswordChangeErrorState::NEW_PASSWORD_REJECTED));
+      view_->ShowSignInError(l10n_util::GetStringUTF8(
+          IDS_AD_PASSWORD_CHANGE_NEW_PASSWORD_REJECTED_LONG_ERROR));
+      break;
+    default:
+      NOTREACHED() << "Unhandled error: " << error;
+      view_->Show(
+          username_,
+          static_cast<int>(ActiveDirectoryPasswordChangeErrorState::NO_ERROR));
+      view_->ShowSignInError(
+          l10n_util::GetStringUTF8(IDS_AD_AUTH_UNKNOWN_ERROR));
+  }
+}
+
+}  // namespace chromeos

chrome/browser/chromeos/login/screens/active_directory_password_change_screen.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SCREENS_ACTIVE_DIRECTORY_PASSWORD_CHANGE_SCREEN_H_
+#define CHROME_BROWSER_CHROMEOS_LOGIN_SCREENS_ACTIVE_DIRECTORY_PASSWORD_CHANGE_SCREEN_H_
+
+#include <memory>
+#include <string>
+
+#include "chrome/browser/chromeos/authpolicy/authpolicy_helper.h"
+#include "chrome/browser/chromeos/login/screen_manager.h"
+#include "chrome/browser/chromeos/login/screens/base_screen.h"
+
+namespace authpolicy {
+class ActiveDirectoryAccountInfo;
+}
+
+namespace chromeos {
+
+class ActiveDirectoryPasswordChangeView;
+class Key;
+
+// Controller for the active directory password change screen.
+class ActiveDirectoryPasswordChangeScreen : public BaseScreen {
+ public:
+  explicit ActiveDirectoryPasswordChangeScreen(
+      ActiveDirectoryPasswordChangeView* view,
+      const base::RepeatingClosure& exit_callback);
+  ActiveDirectoryPasswordChangeScreen(
+      const ActiveDirectoryPasswordChangeScreen&) = delete;
+  ActiveDirectoryPasswordChangeScreen& operator=(
+      const ActiveDirectoryPasswordChangeScreen&) = delete;
+  ~ActiveDirectoryPasswordChangeScreen() override;
+
+  static ActiveDirectoryPasswordChangeScreen* Get(ScreenManager* manager);
+
+  // Called when the screen is being destroyed. This should call Unbind() on the
+  // associated View if this class is destroyed before that.
+  void OnViewDestroyed(ActiveDirectoryPasswordChangeView* view);
+
+  // Set username.
+  void SetUsername(const std::string& username);
+
+  // Handles password change request.
+  void ChangePassword(const std::string& old_password,
+                      const std::string& new_password);
+
+ private:
+  // BaseScreen:
+  void ShowImpl() override;
+  void HideImpl() override;
+  void OnUserAction(const std::string& action_id) override;
+
+  // Handles cancel password change request.
+  void HandleCancel();
+
+  // Callback called by AuthPolicyHelper::AuthenticateUser with results and
+  // error code. (see AuthPolicyHelper::AuthenticateUser)
+  void OnAuthFinished(
+      const std::string& username,
+      const Key& key,
+      authpolicy::ErrorType error,
+      const authpolicy::ActiveDirectoryAccountInfo& account_info);
+
+  std::string username_;
+
+  // Helper to call AuthPolicyClient and cancel calls if needed. Used to change
+  // password on the Active Directory server.
+  std::unique_ptr<AuthPolicyHelper> authpolicy_login_helper_;
+
+  ActiveDirectoryPasswordChangeView* view_ = nullptr;
+
+  base::RepeatingClosure exit_callback_;
+
+  base::WeakPtrFactory<ActiveDirectoryPasswordChangeScreen> weak_factory_{this};
+};
+
+}  // namespace chromeos
+
+#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_SCREENS_ACTIVE_DIRECTORY_PASSWORD_CHANGE_SCREEN_H_

chrome/browser/chromeos/login/test/active_directory_login_mixin.cc

@@ -11,6 +11,7 @@
 #include "chrome/browser/chromeos/login/test/js_checker.h"
 #include "chrome/browser/chromeos/login/test/oobe_screen_waiter.h"
 #include "chrome/browser/chromeos/login/ui/login_display_host.h"
+#include "chrome/browser/ui/webui/chromeos/login/active_directory_password_change_screen_handler.h"
 #include "chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.h"
 #include "chrome/browser/ui/webui/chromeos/login/oobe_ui.h"
 #include "chrome/browser/ui/webui/chromeos/login/signin_screen_handler.h"
@@ -23,7 +24,7 @@ namespace {
 
 constexpr char kGaiaSigninId[] = "gaia-signin";
 constexpr char kAdOfflineAuthId[] = "offline-ad-auth";
-constexpr char kPasswordChangeId[] = "active-directory-password-change";
+constexpr char kPasswordChangeId[] = "ad-password-change";
 constexpr char kAdOldPasswordInput[] = "oldPassword";
 constexpr char kAdNewPassword1Input[] = "newPassword";
 constexpr char kAdNewPassword2Input[] = "newPasswordRepeat";
@@ -77,8 +78,7 @@ void ActiveDirectoryLoginMixin::SetUpOnMainThread() {
 }
 
 void ActiveDirectoryLoginMixin::TriggerPasswordChangeScreen() {
-  OobeScreenWaiter screen_waiter(
-      OobeScreen::SCREEN_ACTIVE_DIRECTORY_PASSWORD_CHANGE);
+  OobeScreenWaiter screen_waiter(ActiveDirectoryPasswordChangeView::kScreenId);
 
   FakeAuthPolicyClient::Get()->set_auth_error(
       authpolicy::ERROR_PASSWORD_EXPIRED);

chrome/browser/chromeos/login/wizard_controller.cc

@@ -49,6 +49,7 @@
 #include "chrome/browser/chromeos/login/hwid_checker.h"
 #include "chrome/browser/chromeos/login/login_wizard.h"
 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h"
+#include "chrome/browser/chromeos/login/screens/active_directory_password_change_screen.h"
 #include "chrome/browser/chromeos/login/screens/app_downloading_screen.h"
 #include "chrome/browser/chromeos/login/screens/arc_terms_of_service_screen.h"
 #include "chrome/browser/chromeos/login/screens/assistant_optin_flow_screen.h"
@@ -101,6 +102,7 @@
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/ui/ash/login_screen_client.h"
+#include "chrome/browser/ui/webui/chromeos/login/active_directory_password_change_screen_handler.h"
 #include "chrome/browser/ui/webui/chromeos/login/app_downloading_screen_handler.h"
 #include "chrome/browser/ui/webui/chromeos/login/app_launch_splash_screen_handler.h"
 #include "chrome/browser/ui/webui/chromeos/login/arc_terms_of_service_screen_handler.h"
@@ -595,6 +597,12 @@ std::vector<std::unique_ptr<BaseScreen>> WizardController::CreateScreens() {
   append(std::make_unique<GaiaPasswordChangedScreen>(
       oobe_ui->GetView<GaiaPasswordChangedScreenHandler>()));
 
+  append(std::make_unique<ActiveDirectoryPasswordChangeScreen>(
+      oobe_ui->GetView<ActiveDirectoryPasswordChangeScreenHandler>(),
+      base::BindRepeating(
+          &WizardController::OnActiveDirectoryPasswordChangeScreenExit,
+          weak_factory_.GetWeakPtr())));
+
   return result;
 }
 
@@ -772,6 +780,19 @@ void WizardController::ShowPackagedLicenseScreen() {
   SetCurrentScreen(GetScreen(PackagedLicenseView::kScreenId));
 }
 
+void WizardController::ShowActiveDirectoryPasswordChangeScreen(
+    const std::string& username) {
+  ActiveDirectoryPasswordChangeScreen::Get(screen_manager())
+      ->SetUsername(username);
+  AdvanceToScreen(ActiveDirectoryPasswordChangeView::kScreenId);
+}
+
+void WizardController::OnActiveDirectoryPasswordChangeScreenExit() {
+  OnScreenExit(ActiveDirectoryPasswordChangeView::kScreenId,
+               kDefaultExitReason);
+  ShowLoginScreen();
+}
+
 void WizardController::SkipToLoginForTesting() {
   VLOG(1) << "SkipToLoginForTesting.";
   StartupUtils::MarkEulaAccepted();
@@ -1567,7 +1588,8 @@ void WizardController::AdvanceToScreen(OobeScreenId screen_id) {
   } else if (screen_id == SupervisionTransitionScreenView::kScreenId) {
     ShowSupervisionTransitionScreen();
   } else if (screen_id == TpmErrorView::kScreenId ||
-             screen_id == GaiaPasswordChangedView::kScreenId) {
+             screen_id == GaiaPasswordChangedView::kScreenId ||
+             screen_id == ActiveDirectoryPasswordChangeView::kScreenId) {
     SetCurrentScreen(GetScreen(screen_id));
   } else {
     if (is_out_of_box_) {

chrome/browser/chromeos/login/wizard_controller.h

@@ -167,6 +167,8 @@ class WizardController {
   // Configure and show GAIA password changed screen.
   void ShowGaiaPasswordChangedScreen(const AccountId& account_id,
                                      bool has_error);
+  // Configure and show active directory password change screen.
+  void ShowActiveDirectoryPasswordChangeScreen(const std::string& username);
 
  private:
   // Create BaseScreen instances. These are owned by |screen_manager_|.
@@ -255,6 +257,7 @@ class WizardController {
   void OnSupervisionTransitionScreenExit();
   void OnOobeFlowFinished();
   void OnPackagedLicenseScreenExit(PackagedLicenseScreen::Result result);
+  void OnActiveDirectoryPasswordChangeScreenExit();
 
   // Callback invoked once it has been determined whether the device is disabled
   // or not.

chrome/browser/resources/chromeos/login/active_directory_password_change.html

@@ -19,13 +19,6 @@
   Methods:
     'reset' - resets to the initial state.
     'setInvalid' - invalidates input depending on passed error.
-  Events:
-    'authCompleted' - Fired when user enters old password and confirms new one.
-                      Fires with an argument which contains:
-                      { 'username': <username>,
-                        'oldPassword': <typed old password>,
-                        'newPassword': <typed new password>,
-                      }
 -->
 <dom-module id="active-directory-password-change">
   <template>

chrome/browser/resources/chromeos/login/active_directory_password_change.js

@@ -6,20 +6,41 @@
  * @fileoverview Polymer element for Active Directory password change screen.
  */
 
+'use strict';
+
+(function() {
+
+/**
+ * Horizontal padding for the error bubble.
+ * @type {number}
+ * @const
+ */
+const BUBBLE_HORIZONTAL_PADDING = 65;
+
+/**
+ * Vertical padding for the error bubble.
+ * @type {number}
+ * @const
+ */
+const BUBBLE_VERTICAL_PADDING = -144;
+
 /**
  * Possible error states of the screen. Must be in the same order as
  * ActiveDirectoryPasswordChangeErrorState enum values.
  * @enum {number}
  */
-var ACTIVE_DIRECTORY_PASSWORD_CHANGE_ERROR_STATE = {
-  WRONG_OLD_PASSWORD: 0,
-  NEW_PASSWORD_REJECTED: 1,
+const ACTIVE_DIRECTORY_PASSWORD_CHANGE_ERROR_STATE = {
+  NO_ERROR: 0,
+  WRONG_OLD_PASSWORD: 1,
+  NEW_PASSWORD_REJECTED: 2,
 };
 
 Polymer({
   is: 'active-directory-password-change',
 
-  behaviors: [OobeI18nBehavior],
+  behaviors: [OobeI18nBehavior, LoginScreenBehavior],
+
+  EXTERNAL_API: [],
 
   properties: {
     /**
@@ -63,6 +84,47 @@ Polymer({
     },
   },
 
+  /** @override */
+  ready() {
+    this.initializeLoginScreen('ActiveDirectoryPasswordChangeScreen', {
+      resetAllowed: false,
+    });
+  },
+
+  /**
+   * Event handler that is invoked just before the frame is shown.
+   * @param {Object} data Screen init payload
+   */
+  onBeforeShow(data) {
+    // Active Directory password change screen is similar to Active
+    // Directory login screen. So we restore bottom bar controls.
+    this.reset();
+    if ('username' in data)
+      this.username = data.username;
+    if ('error' in data)
+      this.setInvalid(data.error);
+  },
+
+  /**
+   * Updates localized content of the screen that is not updated via
+   * template.
+   */
+  updateLocalizedContent() {
+    this.i18nUpdateLocale();
+  },
+
+  /**
+   * Shows sign-in error bubble.
+   * @param {number} loginAttempts Number of login attempts tried.
+   * @param {HTMLElement} error Content to show in bubble.
+   * @suppress {missingProperties}
+   */
+  showErrorBubble(loginAttempts, error) {
+    $('bubble').showContentForElement(
+        this, cr.ui.Bubble.Attachment.BOTTOM, error, BUBBLE_HORIZONTAL_PADDING,
+        BUBBLE_VERTICAL_PADDING);
+  },
+
   /** @public */
   reset() {
     this.$.animatedPages.selected = 0;
@@ -89,6 +151,8 @@ Polymer({
    */
   setInvalid(error) {
     switch (error) {
+      case ACTIVE_DIRECTORY_PASSWORD_CHANGE_ERROR_STATE.NO_ERROR:
+        break;
       case ACTIVE_DIRECTORY_PASSWORD_CHANGE_ERROR_STATE.WRONG_OLD_PASSWORD:
         this.oldPasswordWrong_ = true;
         break;
@@ -111,20 +175,20 @@ Polymer({
     }
     this.$.animatedPages.selected++;
     this.updateNavigation_();
-    var msg = {
-      'username': this.username,
-      'oldPassword': this.oldPassword,
-      'newPassword': this.newPassword,
-    };
     this.resetInputFields_();
-    this.fire('authCompleted', msg);
+    chrome.send(
+        'login.ActiveDirectoryPasswordChangeScreen.changePassword',
+        [this.oldPassword, this.newPassword]);
   },
 
-  /** @private */
+  /**
+   * @private
+   * Cancels password changing.
+   */
   onClose_() {
     if (!this.$.navigation.closeVisible)
       return;
-    this.fire('cancel');
+    this.userActed('cancel');
   },
 
   /** @private */
@@ -132,3 +196,4 @@ Polymer({
     this.$.navigation.closeVisible = (this.$.animatedPages.selected == 0);
   },
 });
+})();

chrome/browser/resources/chromeos/login/cr_ui.js

@@ -130,14 +130,6 @@ cr.define('cr.ui', function() {
     DisplayManager.showSignInError(loginAttempts, message, link, helpId);
   };
 
-  /**
-   * Shows Active Directory password change screen.
-   * @param {string} username Name of the user that should change the password.
-   */
-  Oobe.showActiveDirectoryPasswordChangeScreen = function(username) {
-    DisplayManager.showActiveDirectoryPasswordChangeScreen(username);
-  };
-
   /**
    * Show user-pods.
    */

chrome/browser/resources/chromeos/login/md_login.html

@@ -58,7 +58,6 @@
 <link rel="stylesheet" href="screen_app_launch_splash.css">
 <link rel="stylesheet" href="screen_error_message.css">
 <link rel="stylesheet" href="screen_fatal_error.css">
-<link rel="stylesheet" href="screen_active_directory_password_change.css">
 
 <script src="chrome://oobe/keyboard_utils.js"></script>
 <script src="chrome://oobe/login.js"></script>

chrome/browser/resources/chromeos/login/md_login.js

@@ -28,7 +28,6 @@
 // <include src="screen_arc_terms_of_service.js">
 // <include src="screen_error_message.js">
 // <include src="screen_fatal_error.js">
-// <include src="screen_active_directory_password_change.js">
 // <include src="screen_encryption_migration.js">
 // <include src="screen_update_required.js">
 // <include src="screen_sync_consent.js">
@@ -65,7 +64,6 @@ cr.define('cr.ui.Oobe', function() {
       login.AppDownloadingScreen.register();
       login.AppLaunchSplashScreen.register();
       login.FatalErrorScreen.register();
-      login.ActiveDirectoryPasswordChangeScreen.register(/* lazyInit= */ true);
       login.EncryptionMigrationScreen.register();
       login.SupervisionTransitionScreen.register();
       login.UpdateRequiredScreen.register();

chrome/browser/resources/chromeos/login/screen_active_directory_password_change.css

-/* Copyright 2016 The Chromium Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-#ad-password-change {
-  bottom: 0;
-  display: block;
-  height: 528px; /* Should be the same as #gaia-signin. */
-  left: 0;
-  position: absolute;
-  right: 0;
-  top: 0;
-  width: 448px; /* Should be the same as #gaia-signin. */
-}

chrome/browser/resources/chromeos/login/screen_active_directory_password_change.html

-<link rel="import" href="chrome://oobe/custom_elements.html">
-
-<div id="ad-password-change" class="step faded hidden migrate"
-    hidden>
-  <active-directory-password-change id="active-directory-password-change"
-      class="fit">
-  </active-directory-password-change>
-</div>

chrome/browser/resources/chromeos/login/screen_active_directory_password_change.js

-// Copyright 2016 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-/**
- * @fileoverview Active Directory password change screen implementation.
- */
-login.createScreen(
-    'ActiveDirectoryPasswordChangeScreen', 'ad-password-change', function() {
-      /**
-       * Horizontal padding for the error bubble.
-       * @type {number}
-       * @const
-       */
-      var BUBBLE_HORIZONTAL_PADDING = 65;
-
-      /**
-       * Vertical padding for the error bubble.
-       * @type {number}
-       * @const
-       */
-      var BUBBLE_VERTICAL_PADDING = -144;
-
-      return {
-        EXTERNAL_API: [],
-
-        adPasswordChanged_: null,
-
-        /** @override */
-        decorate() {
-          this.adPasswordChanged_ = $('active-directory-password-change');
-          this.adPasswordChanged_.addEventListener(
-              'cancel', this.cancel.bind(this));
-
-          this.adPasswordChanged_.addEventListener(
-              'authCompleted', function(e) {
-                chrome.send('completeActiveDirectoryPasswordChange', [
-                  e.detail.username, e.detail.oldPassword, e.detail.newPassword
-                ]);
-              });
-        },
-
-        /**
-         * Returns default event target element.
-         * @type {Object}
-         */
-        get defaultControl() {
-          return this.adPasswordChanged_;
-        },
-
-        /**
-         * Cancels password changing and drops the user back to the login
-         * screen.
-         */
-        cancel() {
-          chrome.send('cancelActiveDirectoryPasswordChange');
-          Oobe.showUserPods();
-        },
-
-        /**
-         * @override
-         * Event handler that is invoked just before the frame is shown.
-         * @param {Object} data Screen init payload
-         */
-        onBeforeShow(data) {
-          // Active Directory password change screen is similar to Active
-          // Directory login screen. So we restore bottom bar controls.
-          this.adPasswordChanged_.reset();
-          if ('username' in data)
-            this.adPasswordChanged_.username = data.username;
-          if ('error' in data)
-            this.adPasswordChanged_.setInvalid(data.error);
-        },
-
-        /**
-         * Shows sign-in error bubble.
-         * @param {number} loginAttempts Number of login attemps tried.
-         * @param {HTMLElement} content Content to show in bubble.
-         */
-        showErrorBubble(loginAttempts, error) {
-          $('bubble').showContentForElement(
-              $('ad-password-change'), cr.ui.Bubble.Attachment.BOTTOM, error,
-              BUBBLE_HORIZONTAL_PADDING, BUBBLE_VERTICAL_PADDING);
-        },
-
-        /**
-         * Updates localized content of the screen that is not updated via
-         * template.
-         */
-        updateLocalizedContent() {
-          $('active-directory-password-change').i18nUpdateLocale();
-        },
-
-      };
-    });

chrome/browser/resources/chromeos/login/structure/screens_login.html

@@ -9,7 +9,8 @@
 <gaia-password-changed id="gaia-password-changed"
     class="step faded hidden" hidden>
 </gaia-password-changed>
-<include src="../screen_active_directory_password_change.html">
+<active-directory-password-change id="ad-password-change"
+    class="step faded hidden migrate" hidden>
+</active-directory-password-change>
 <include src="../screen_encryption_migration.html">
 <include src="../screen_update_required.html">
-

chrome/browser/ui/webui/chromeos/login/active_directory_password_change_screen_handler.cc

@@ -4,19 +4,9 @@
 
 #include "chrome/browser/ui/webui/chromeos/login/active_directory_password_change_screen_handler.h"
 
-#include <memory>
-
-#include "base/bind.h"
-#include "chrome/browser/chromeos/authpolicy/authpolicy_helper.h"
-#include "chrome/browser/chromeos/login/oobe_screen.h"
-#include "chrome/browser/chromeos/login/ui/login_display_host.h"
 #include "chrome/browser/ui/webui/chromeos/login/core_oobe_handler.h"
-#include "chrome/browser/ui/webui/chromeos/login/signin_screen_handler.h"
 #include "chrome/grit/generated_resources.h"
-#include "chromeos/login/auth/key.h"
 #include "components/login/localized_values_builder.h"
-#include "components/user_manager/known_user.h"
-#include "ui/base/l10n/l10n_util.h"
 
 namespace chromeos {
 
@@ -25,24 +15,19 @@ namespace {
 constexpr char kUsernameKey[] = "username";
 constexpr char kErrorKey[] = "error";
 
-// Possible error states of the Active Directory password change screen. Must be
-// in the same order as ACTIVE_DIRECTORY_PASSWORD_CHANGE_ERROR_STATE enum
-// values.
-enum class ActiveDirectoryPasswordChangeErrorState {
-  WRONG_OLD_PASSWORD = 0,
-  NEW_PASSWORD_REJECTED = 1,
-};
-
 }  // namespace
 
+constexpr StaticOobeScreenId ActiveDirectoryPasswordChangeView::kScreenId;
+
 ActiveDirectoryPasswordChangeScreenHandler::
     ActiveDirectoryPasswordChangeScreenHandler(
         JSCallsContainer* js_calls_container,
         CoreOobeView* core_oobe_view)
-    : BaseScreenHandler(OobeScreen::SCREEN_ACTIVE_DIRECTORY_PASSWORD_CHANGE,
-                        js_calls_container),
-      authpolicy_login_helper_(std::make_unique<AuthPolicyHelper>()),
-      core_oobe_view_(core_oobe_view) {}
+    : BaseScreenHandler(kScreenId, js_calls_container),
+      core_oobe_view_(core_oobe_view) {
+  set_user_acted_method_path(
+      "login.ActiveDirectoryPasswordChangeScreen.userActed");
+}
 
 ActiveDirectoryPasswordChangeScreenHandler::
     ~ActiveDirectoryPasswordChangeScreenHandler() {}
@@ -55,86 +40,41 @@ void ActiveDirectoryPasswordChangeScreenHandler::DeclareLocalizedValues(
 void ActiveDirectoryPasswordChangeScreenHandler::Initialize() {}
 
 void ActiveDirectoryPasswordChangeScreenHandler::RegisterMessages() {
-  AddCallback("completeActiveDirectoryPasswordChange",
+  BaseScreenHandler::RegisterMessages();
+  AddCallback("login.ActiveDirectoryPasswordChangeScreen.changePassword",
               &ActiveDirectoryPasswordChangeScreenHandler::HandleComplete);
-  AddCallback("cancelActiveDirectoryPasswordChange",
-              &ActiveDirectoryPasswordChangeScreenHandler::HandleCancel);
 }
 
-void ActiveDirectoryPasswordChangeScreenHandler::HandleComplete(
+void ActiveDirectoryPasswordChangeScreenHandler::Show(
     const std::string& username,
-    const std::string& old_password,
-    const std::string& new_password) {
-  authpolicy_login_helper_->AuthenticateUser(
-      username, std::string() /* object_guid */,
-      old_password + "\n" + new_password + "\n" + new_password,
-      base::BindOnce(
-          &ActiveDirectoryPasswordChangeScreenHandler::OnAuthFinished,
-          weak_factory_.GetWeakPtr(), username, Key(new_password)));
+    int error) {
+  base::DictionaryValue data;
+  data.SetString(kUsernameKey, username);
+  data.SetInteger(kErrorKey, error);
+  ShowScreenWithData(kScreenId, &data);
 }
 
-void ActiveDirectoryPasswordChangeScreenHandler::HandleCancel() {
-  authpolicy_login_helper_->CancelRequestsAndRestart();
+void ActiveDirectoryPasswordChangeScreenHandler::Bind(
+    ActiveDirectoryPasswordChangeScreen* screen) {
+  screen_ = screen;
+  BaseScreenHandler::SetBaseScreen(screen_);
 }
 
-void ActiveDirectoryPasswordChangeScreenHandler::ShowScreen(
-    const std::string& username) {
-  base::DictionaryValue data;
-  data.SetString(kUsernameKey, username);
-  ShowScreenWithData(OobeScreen::SCREEN_ACTIVE_DIRECTORY_PASSWORD_CHANGE,
-                     &data);
+void ActiveDirectoryPasswordChangeScreenHandler::Unbind() {
+  screen_ = nullptr;
+  BaseScreenHandler::SetBaseScreen(nullptr);
 }
 
-void ActiveDirectoryPasswordChangeScreenHandler::ShowScreenWithError(
-    int error) {
-  base::DictionaryValue data;
-  data.SetInteger(kErrorKey, error);
-  ShowScreenWithData(OobeScreen::SCREEN_ACTIVE_DIRECTORY_PASSWORD_CHANGE,
-                     &data);
+void ActiveDirectoryPasswordChangeScreenHandler::ShowSignInError(
+    const std::string& error_text) {
+  core_oobe_view_->ShowSignInError(0, error_text, std::string(),
+                                   HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT);
 }
 
-void ActiveDirectoryPasswordChangeScreenHandler::OnAuthFinished(
-    const std::string& username,
-    const Key& key,
-    authpolicy::ErrorType error,
-    const authpolicy::ActiveDirectoryAccountInfo& account_info) {
-  switch (error) {
-    case authpolicy::ERROR_NONE: {
-      DCHECK(account_info.has_account_id() &&
-             !account_info.account_id().empty());
-      const AccountId account_id = user_manager::known_user::GetAccountId(
-          username, account_info.account_id(), AccountType::ACTIVE_DIRECTORY);
-      DCHECK(LoginDisplayHost::default_host());
-      LoginDisplayHost::default_host()->SetDisplayAndGivenName(
-          account_info.display_name(), account_info.given_name());
-      UserContext user_context(
-          user_manager::UserType::USER_TYPE_ACTIVE_DIRECTORY, account_id);
-      user_context.SetKey(key);
-      user_context.SetAuthFlow(UserContext::AUTH_FLOW_ACTIVE_DIRECTORY);
-      user_context.SetIsUsingOAuth(false);
-      LoginDisplayHost::default_host()->CompleteLogin(user_context);
-      break;
-    }
-    case authpolicy::ERROR_BAD_PASSWORD:
-      ShowScreenWithError(static_cast<int>(
-          ActiveDirectoryPasswordChangeErrorState::WRONG_OLD_PASSWORD));
-      break;
-    case authpolicy::ERROR_PASSWORD_REJECTED:
-      ShowScreenWithError(static_cast<int>(
-          ActiveDirectoryPasswordChangeErrorState::NEW_PASSWORD_REJECTED));
-      core_oobe_view_->ShowSignInError(
-          0,
-          l10n_util::GetStringUTF8(
-              IDS_AD_PASSWORD_CHANGE_NEW_PASSWORD_REJECTED_LONG_ERROR),
-          std::string(), HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT);
-      break;
-    default:
-      NOTREACHED() << "Unhandled error: " << error;
-      ShowScreen(username);
-      core_oobe_view_->ShowSignInError(
-          0, l10n_util::GetStringUTF8(IDS_AD_AUTH_UNKNOWN_ERROR), std::string(),
-          HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT);
-  }
+void ActiveDirectoryPasswordChangeScreenHandler::HandleComplete(
+    const std::string& old_password,
+    const std::string& new_password) {
+  screen_->ChangePassword(old_password, new_password);
 }
 
 }  // namespace chromeos

chrome/browser/ui/webui/chromeos/login/active_directory_password_change_screen_handler.h

@@ -8,21 +8,42 @@
 #include <string>
 
 #include "base/macros.h"
-#include "chrome/browser/chromeos/authpolicy/authpolicy_helper.h"
+#include "chrome/browser/chromeos/login/screens/active_directory_password_change_screen.h"
 #include "chrome/browser/ui/webui/chromeos/login/base_screen_handler.h"
 
-namespace authpolicy {
-class ActiveDirectoryAccountInfo;
-}
-
 namespace chromeos {
 
+class ActiveDirectoryPasswordChangeScreen;
 class CoreOobeView;
-class Key;
 
-// A class that handles WebUI hooks in Active Directory password change  screen.
-class ActiveDirectoryPasswordChangeScreenHandler : public BaseScreenHandler {
+// Interface for dependency injection between
+// ActiveDirectoryPasswordChangeScreen and its WebUI representation.
+class ActiveDirectoryPasswordChangeView {
+ public:
+  constexpr static StaticOobeScreenId kScreenId{"ad-password-change"};
+
+  virtual ~ActiveDirectoryPasswordChangeView() {}
+
+  // Shows the contents of the screen.
+  virtual void Show(const std::string& username, int error) = 0;
+
+  // Binds |screen| to the view.
+  virtual void Bind(ActiveDirectoryPasswordChangeScreen* screen) = 0;
+
+  // Unbinds the screen from the view.
+  virtual void Unbind() = 0;
+
+  // Shows sign-in error bubble.
+  virtual void ShowSignInError(const std::string& error_text) = 0;
+};
+
+// A class that handles WebUI hooks in Active Directory password change screen.
+class ActiveDirectoryPasswordChangeScreenHandler
+    : public ActiveDirectoryPasswordChangeView,
+      public BaseScreenHandler {
  public:
+  using TView = ActiveDirectoryPasswordChangeView;
+
   ActiveDirectoryPasswordChangeScreenHandler(
       JSCallsContainer* js_calls_container,
       CoreOobeView* core_oobe_view);
@@ -36,37 +57,22 @@ class ActiveDirectoryPasswordChangeScreenHandler : public BaseScreenHandler {
   // WebUIMessageHandler implementation:
   void RegisterMessages() override;
 
-  // WebUI message handlers.
-  void HandleComplete(const std::string& username,
-                      const std::string& old_password,
-                      const std::string& new_password);
-  void HandleCancel();
-
-  // Shows the password change screen for |username|.
-  void ShowScreen(const std::string& username);
+  // ActiveDirectoryPasswordChangeView:
+  void Show(const std::string& username, int error) override;
+  void Bind(ActiveDirectoryPasswordChangeScreen* screen) override;
+  void Unbind() override;
+  void ShowSignInError(const std::string& error_text) override;
 
  private:
-  // Shows the screen with the error message corresponding to |error|.
-  void ShowScreenWithError(int error);
-
-  // Callback called by AuthPolicyHelper::AuthenticateUser with results and
-  // error code. (see AuthPolicyHelper::AuthenticateUser)
-  void OnAuthFinished(
-      const std::string& username,
-      const Key& key,
-      authpolicy::ErrorType error,
-      const authpolicy::ActiveDirectoryAccountInfo& account_info);
+  // WebUI message handlers.
+  void HandleComplete(const std::string& old_password,
+                      const std::string& new_password);
 
-  // Helper to call AuthPolicyClient and cancel calls if needed. Used to change
-  // password on the Active Directory server.
-  std::unique_ptr<AuthPolicyHelper> authpolicy_login_helper_;
+  ActiveDirectoryPasswordChangeScreen* screen_ = nullptr;
 
   // Non-owned. Used to display signin error.
   CoreOobeView* core_oobe_view_ = nullptr;
 
-  base::WeakPtrFactory<ActiveDirectoryPasswordChangeScreenHandler>
-      weak_factory_{this};
-
   DISALLOW_COPY_AND_ASSIGN(ActiveDirectoryPasswordChangeScreenHandler);
 };
 

chrome/browser/ui/webui/chromeos/login/core_oobe_handler.cc

@@ -203,11 +203,6 @@ void CoreOobeHandler::ShowEnableAdbSideloadingScreen() {
       EnableAdbSideloadingScreenView::kScreenId);
 }
 
-void CoreOobeHandler::ShowActiveDirectoryPasswordChangeScreen(
-    const std::string& username) {
-  CallJS("cr.ui.Oobe.showActiveDirectoryPasswordChangeScreen", username);
-}
-
 void CoreOobeHandler::ShowSignInUI(const std::string& email) {
   CallJS("cr.ui.Oobe.showSigninUI", email);
 }

chrome/browser/ui/webui/chromeos/login/core_oobe_handler.h

@@ -72,8 +72,6 @@ class CoreOobeView {
   virtual void InitDemoModeDetection() = 0;
   virtual void StopDemoModeDetection() = 0;
   virtual void UpdateKeyboardState() = 0;
-  virtual void ShowActiveDirectoryPasswordChangeScreen(
-      const std::string& username) = 0;
 };
 
 // The core handler for Javascript messages related to the "oobe" view.
@@ -147,8 +145,6 @@ class CoreOobeHandler : public BaseWebUIHandler,
   void ShowDeviceResetScreen() override;
   void ShowEnableAdbSideloadingScreen() override;
   void ShowEnableDebuggingScreen() override;
-  void ShowActiveDirectoryPasswordChangeScreen(
-      const std::string& username) override;
 
   void InitDemoModeDetection() override;
   void StopDemoModeDetection() override;

chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc

@@ -54,7 +54,6 @@
 #include "chrome/browser/net/system_network_context_manager.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/ash/login_screen_client.h"
-#include "chrome/browser/ui/webui/chromeos/login/active_directory_password_change_screen_handler.h"
 #include "chrome/browser/ui/webui/chromeos/login/enrollment_screen_handler.h"
 #include "chrome/browser/ui/webui/chromeos/login/signin_screen_handler.h"
 #include "chrome/browser/ui/webui/metrics_handler.h"
@@ -340,14 +339,10 @@ GaiaScreenHandler::GaiaContext::GaiaContext() {}
 GaiaScreenHandler::GaiaScreenHandler(
     JSCallsContainer* js_calls_container,
     CoreOobeView* core_oobe_view,
-    const scoped_refptr<NetworkStateInformer>& network_state_informer,
-    ActiveDirectoryPasswordChangeScreenHandler*
-        active_directory_password_change_screen_handler)
+    const scoped_refptr<NetworkStateInformer>& network_state_informer)
     : BaseScreenHandler(kScreenId, js_calls_container),
       network_state_informer_(network_state_informer),
-      core_oobe_view_(core_oobe_view),
-      active_directory_password_change_screen_handler_(
-          active_directory_password_change_screen_handler) {
+      core_oobe_view_(core_oobe_view) {
   DCHECK(network_state_informer_.get());
 }
 
@@ -858,7 +853,9 @@ void GaiaScreenHandler::DoAdAuth(
       break;
     }
     case authpolicy::ERROR_PASSWORD_EXPIRED:
-      active_directory_password_change_screen_handler_->ShowScreen(username);
+      LoginDisplayHost::default_host()
+          ->GetWizardController()
+          ->ShowActiveDirectoryPasswordChangeScreen(username);
       break;
     case authpolicy::ERROR_PARSE_UPN_FAILED:
     case authpolicy::ERROR_BAD_USER_NAME:

chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.h

@@ -39,7 +39,6 @@ class NSSTempCertsCacheChromeOS;
 
 namespace chromeos {
 
-class ActiveDirectoryPasswordChangeScreenHandler;
 class Key;
 class SamlPasswordAttributes;
 class SigninScreenHandler;
@@ -110,9 +109,7 @@ class GaiaScreenHandler : public BaseScreenHandler,
   GaiaScreenHandler(
       JSCallsContainer* js_calls_container,
       CoreOobeView* core_oobe_view,
-      const scoped_refptr<NetworkStateInformer>& network_state_informer,
-      ActiveDirectoryPasswordChangeScreenHandler*
-          active_directory_password_change_screen_handler);
+      const scoped_refptr<NetworkStateInformer>& network_state_informer);
   ~GaiaScreenHandler() override;
 
   // GaiaView:
@@ -356,9 +353,6 @@ class GaiaScreenHandler : public BaseScreenHandler,
 
   CoreOobeView* core_oobe_view_ = nullptr;
 
-  ActiveDirectoryPasswordChangeScreenHandler*
-      active_directory_password_change_screen_handler_ = nullptr;
-
   // Account to pre-populate with.
   AccountId populated_account_id_;
 

chrome/browser/ui/webui/chromeos/login/oobe_ui.cc

@@ -465,8 +465,7 @@ void OobeUI::ConfigureOobeDisplay() {
           js_calls_container_.get(), core_handler_);
 
   AddScreenHandler(std::make_unique<GaiaScreenHandler>(
-      js_calls_container_.get(), core_handler_, network_state_informer_,
-      password_change_handler.get()));
+      js_calls_container_.get(), core_handler_, network_state_informer_));
 
   AddScreenHandler(std::move(password_change_handler));
 

ui/login/display_manager.js

@@ -1201,15 +1201,6 @@ cr.define('cr.ui.login', function() {
     }
   };
 
-  /**
-   * Shows password change screen for Active Directory users.
-   * @param {string} username Display name of the user whose password is being
-   * changed.
-   */
-  DisplayManager.showActiveDirectoryPasswordChangeScreen = function(username) {
-    login.ActiveDirectoryPasswordChangeScreen.show(username);
-  };
-
   /**
    * Clears error bubble.
    */