diff options
| author | tim@chromium.org <tim@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-09-09 02:05:55 +0000 |
|---|---|---|
| committer | tim@chromium.org <tim@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-09-09 02:05:55 +0000 |
| commit | 68a8cf706667a484e5205c02db0f7ee687c341e1 (patch) | |
| tree | bba03193fb133f4e42e035285e6b58d3383c9d03 | |
| parent | 33e150fdd6ad9788dfaf12e1b99f01341fbecb47 (diff) | |
| download | chromium_src-68a8cf706667a484e5205c02db0f7ee687c341e1.zip chromium_src-68a8cf706667a484e5205c02db0f7ee687c341e1.tar.gz chromium_src-68a8cf706667a484e5205c02db0f7ee687c341e1.tar.bz2 | |
sync: pass the gaia password through a rough ASP regex
If the text entered into the password field has 16 lowercase alphabetical characters, or is 4 clusters of 4 lowercase alphabetical characters separated by spaces, add a second confirmation step to reduce the chance users encrypt their data with an ASP.
BUG=none
TEST=enter an ASP into the password field on sync signin, notice warning message.
Review URL: http://codereview.chromium.org/7859011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@100327 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/app/generated_resources.grd | 15 | ||||
| -rw-r--r-- | chrome/browser/resources/sync_setup_overlay.html | 14 | ||||
| -rw-r--r-- | chrome/browser/resources/sync_setup_overlay.js | 20 | ||||
| -rw-r--r-- | chrome/browser/ui/webui/sync_setup_handler.cc | 3 |
4 files changed, 52 insertions, 0 deletions
diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd index 066098d..11f2f98 100644 --- a/chrome/app/generated_resources.grd +++ b/chrome/app/generated_resources.grd @@ -9888,6 +9888,21 @@ Keep your key file in a safe place. You will need it to create new versions of y <message name="IDS_SYNC_ENCRYPT_ALL_DATA" desc="Text of the radio that when selected causes sync to encrypt all data."> Encrypt all synced data </message> + <message name="IDS_SYNC_ASP_PASSWORD_WARNING_TEXT" desc="Warning shown if the + user enters a gaia password resembling an application specific + password."> + Did you enter an application specific password? + </message> + <message name="IDS_SYNC_ASP_PASSWORD_WARNING_HINT" desc="Text + shown if the user entered a gaia password resembling an application + specific password suggesting they enter their Google Account password."> + Enter your Google Account password here. + </message> + <message name="IDS_SYNC_ASP_PASSWORD_CONFIRM_TEXT" desc="Text shown on the + Signin button if the user entered a gaia password resembling an + application specific password, asking them to confirm their choice."> + Confirm password + </message> <if expr="not pp_ifdef('use_titlecase')"> <message name="IDS_SYNC_PASSPHRASE_SECTION_TITLE" desc="Title of the section containing sync passphrase preferences."> Encryption passphrase diff --git a/chrome/browser/resources/sync_setup_overlay.html b/chrome/browser/resources/sync_setup_overlay.html index 3421061..3591aee 100644 --- a/chrome/browser/resources/sync_setup_overlay.html +++ b/chrome/browser/resources/sync_setup_overlay.html @@ -103,6 +103,20 @@ </td> </tr> <tr> + <td colspan="2"> + <div id="asp-warning-div" class="reset-hidden" hidden> + <div id="asp-warning-text" + i18n-content="aspWarningText" + class="bottom-padded-cell"> + </div> + <div id="asp-instruction" + i18n-content="aspWarningHint" + class="bottom-padded-cell"> + </div> + </div> + </td> + </tr> + <tr> <td></td> <td> <div class="error-msg-spacer"> diff --git a/chrome/browser/resources/sync_setup_overlay.js b/chrome/browser/resources/sync_setup_overlay.js index 254ae8e..0a9c3b5 100644 --- a/chrome/browser/resources/sync_setup_overlay.js +++ b/chrome/browser/resources/sync_setup_overlay.js @@ -699,6 +699,14 @@ cr.define('options', function() { $('gaia-passwd').disabled = false; }, + matchesASPRegex_: function(toMatch) { + var noSpaces = /[a-z]{16}/; + var withSpaces = /([a-z]{4}\s){3}[a-z]{4}/; + if (toMatch.match(noSpaces) || toMatch.match(withSpaces)) + return true; + return false; + }, + setErrorVisibility_: function() { this.resetErrorVisibility_(); var f = $('gaia-login-form'); @@ -722,6 +730,18 @@ cr.define('options', function() { $('errormsg-0-password').hidden = false; return false; } + + if (f.accessCode.disabled && this.matchesASPRegex_(passwd.value)) { + var localStrings = new LocalStrings(); + if (!$('asp-warning-div').hidden) { + $('sign-in').value = localStrings.getString('signin'); + } else { + $('asp-warning-div').hidden = false; + $('sign-in').value = localStrings.getString('confirmASPPassword'); + return false; + } + } + return true; }, diff --git a/chrome/browser/ui/webui/sync_setup_handler.cc b/chrome/browser/ui/webui/sync_setup_handler.cc index 6d3f9a3..8468e50 100644 --- a/chrome/browser/ui/webui/sync_setup_handler.cc +++ b/chrome/browser/ui/webui/sync_setup_handler.cc @@ -275,6 +275,9 @@ void SyncSetupHandler::GetStaticLocalizedValues( { "encryptSensitiveOption", IDS_SYNC_ENCRYPT_SENSITIVE_DATA }, { "encryptAllOption", IDS_SYNC_ENCRYPT_ALL_DATA }, { "encryptAllOption", IDS_SYNC_ENCRYPT_ALL_DATA }, + { "aspWarningText", IDS_SYNC_ASP_PASSWORD_WARNING_TEXT }, + { "aspWarningHint", IDS_SYNC_ASP_PASSWORD_WARNING_HINT }, + { "confirmASPPassword", IDS_SYNC_ASP_PASSWORD_CONFIRM_TEXT }, }; RegisterStrings(localized_strings, resources, arraysize(resources)); |