cros: Make sure views-based lock screen is destroyed after it is dismissed.

Add a CHECK to verify we only ever display one lock screen.

BUG=719015

Review-Url: https://codereview.chromium.org/2896093003
Cr-Commit-Position: refs/heads/master@{#478117}

diff --git a/ash/login/lock_screen_controller.cc b/ash/login/lock_screen_controller.cc
index 8b99e6f..dd5a085 100644
--- a/ash/login/lock_screen_controller.cc
+++ b/ash/login/lock_screen_controller.cc

@@ -4,6 +4,7 @@
 
 #include "ash/login/lock_screen_controller.h"
 
+#include "ash/login/ui/lock_screen.h"
 #include "chromeos/cryptohome/system_salt_getter.h"
 #include "chromeos/login/auth/user_context.h"
 
@@ -21,6 +22,11 @@
   lock_screen_client_ = std::move(client);
 }
 
+void LockScreenController::ShowLockScreen(ShowLockScreenCallback on_shown) {
+  ::ash::ShowLockScreen();
+  std::move(on_shown).Run(true);
+}
+
 void LockScreenController::ShowErrorMessage(int32_t login_attempts,
                                             const std::string& error_text,
                                             const std::string& help_link_text,
@@ -53,15 +59,24 @@
   NOTIMPLEMENTED();
 }
 
-void LockScreenController::AuthenticateUser(const AccountId& account_id,
-                                            const std::string& password,
-                                            bool authenticated_by_pin) {
+void LockScreenController::AuthenticateUser(
+    const AccountId& account_id,
+    const std::string& password,
+    bool authenticated_by_pin,
+    mojom::LockScreenClient::AuthenticateUserCallback callback) {
   if (!lock_screen_client_)
     return;
 
-  chromeos::SystemSaltGetter::Get()->GetSystemSalt(base::Bind(
+  // We cannot execute auth requests directly via GetSystemSalt because it
+  // expects a base::Callback instance, but |callback| is a base::OnceCallback.
+  // Instead, we store |callback| on this object and invoke it locally once we
+  // have the system salt.
+  DCHECK(!pending_user_auth_) << "More than one concurrent auth attempt";
+  pending_user_auth_ = base::BindOnce(
       &LockScreenController::DoAuthenticateUser, base::Unretained(this),
-      account_id, password, authenticated_by_pin));
+      account_id, password, authenticated_by_pin, std::move(callback));
+  chromeos::SystemSaltGetter::Get()->GetSystemSalt(base::Bind(
+      &LockScreenController::OnGetSystemSalt, base::Unretained(this)));
 }
 
 void LockScreenController::AttemptUnlock(const AccountId& account_id) {
@@ -82,17 +97,23 @@
   lock_screen_client_->RecordClickOnLockIcon(account_id);
 }
 
-void LockScreenController::DoAuthenticateUser(const AccountId& account_id,
-                                              const std::string& password,
-                                              bool authenticated_by_pin,
-                                              const std::string& system_salt) {
+void LockScreenController::DoAuthenticateUser(
+    const AccountId& account_id,
+    const std::string& password,
+    bool authenticated_by_pin,
+    mojom::LockScreenClient::AuthenticateUserCallback callback,
+    const std::string& system_salt) {
   // Hash password before sending through mojo.
   // TODO(xiaoyinh): Pin is hashed differently by using a different salt and
   // a different hash algorithm. Update this part in PinStorage.
   chromeos::Key key(password);
   key.Transform(chromeos::Key::KEY_TYPE_SALTED_SHA256_TOP_HALF, system_salt);
-  lock_screen_client_->AuthenticateUser(account_id, key.GetSecret(),
-                                        authenticated_by_pin);
+  lock_screen_client_->AuthenticateUser(
+      account_id, key.GetSecret(), authenticated_by_pin, std::move(callback));
+}
+
+void LockScreenController::OnGetSystemSalt(const std::string& system_salt) {
+  std::move(pending_user_auth_).Run(system_salt);
 }
 
 }  // namespace ash