Do not restrict PIN length to integer length
ChromeOS Login Screen - Aura Shell
Change the way how a PIN gets checked if its composed of only numbers.
PINs were checked with base::StringToInt which returns false when their
value would overflow an Int. Replace it with base::ContainsOnlyChars().
Bug: 998930
Change-Id: I44fdee46413f82cdfe24d18d66af0ec00ed3d95b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1783146
Commit-Queue: Renato Silva <rrsilva@google.com>
Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#695587}
diff --git a/ash/login/login_screen_controller.cc b/ash/login/login_screen_controller.cc
index 4e4981a..3572029 100644
--- a/ash/login/login_screen_controller.cc
+++ b/ash/login/login_screen_controller.cc
@@ -25,7 +25,7 @@
#include "base/bind.h"
#include "base/callback.h"
#include "base/debug/alias.h"
-#include "base/strings/string_number_conversions.h"
+#include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h"
#include "components/prefs/pref_registry_simple.h"
#include "components/session_manager/session_manager_types.h"
@@ -124,9 +124,10 @@
authentication_stage_ = AuthenticationStage::kDoAuthenticate;
- int dummy_value;
- bool is_pin =
- authenticated_by_pin && base::StringToInt(password, &dummy_value);
+ // Checking if the password is only formed of numbers with base::StringToInt
+ // will easily fail due to numeric limits. ContainsOnlyChars is used instead.
+ const bool is_pin =
+ authenticated_by_pin && base::ContainsOnlyChars(password, "0123456789");
client_->AuthenticateUserWithPasswordOrPin(
account_id, password, is_pin,
base::BindOnce(&LoginScreenController::OnAuthenticateComplete,
diff --git a/ash/login/login_screen_controller_unittest.cc b/ash/login/login_screen_controller_unittest.cc
index 3d1f2e5..e60beff 100644
--- a/ash/login/login_screen_controller_unittest.cc
+++ b/ash/login/login_screen_controller_unittest.cc
@@ -70,7 +70,8 @@
Shell::Get()->session_controller()->GetLastActiveUserPrefService();
EXPECT_TRUE(prefs->FindPreference(prefs::kQuickUnlockPinSalt));
- std::string pin = "123456";
+ // Use a long PIN (N > 2^64) for the test to ensure that there is no overflow.
+ std::string pin = "12345678901234567890";
EXPECT_CALL(*client, AuthenticateUserWithPasswordOrPin_(id, pin, true, _));
base::RunLoop run_loop2;
controller->AuthenticateUserWithPasswordOrPin(