[sync] Automatic bootstrapping of Sync on Win 8 from cached credentials

chrome/browser/sync/profile_sync_service.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/profile_sync_service.h"
 
 #include <cstddef>
 #include <map>
 #include <set>
 #include <utility>
 
 #include "base/basictypes.h"
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/logging.h"
-#include "base/memory/ref_counted.h"
 #include "base/message_loop.h"
 #include "base/metrics/histogram.h"
 #include "base/string16.h"
 #include "base/stringprintf.h"
 #include "base/threading/thread_restrictions.h"
+#if defined(OS_WIN)
+#include "base/win/windows_version.h"
+#endif
 #include "chrome/browser/about_flags.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/defaults.h"
 #include "chrome/browser/net/chrome_cookie_notification_details.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/signin/token_service_factory.h"
 #include "chrome/browser/sync/backend_migrator.h"
+#if defined(OS_WIN)
+#include "chrome/browser/sync/credential_cache_win.h"
+#endif
 #include "chrome/browser/sync/glue/change_processor.h"
 #include "chrome/browser/sync/glue/chrome_encryptor.h"
 #include "chrome/browser/sync/glue/chrome_report_unrecoverable_error.h"
 #include "chrome/browser/sync/glue/data_type_controller.h"
 #include "chrome/browser/sync/glue/session_data_type_controller.h"
 #include "chrome/browser/sync/glue/session_model_associator.h"
 #include "chrome/browser/sync/glue/typed_url_data_type_controller.h"
 #include "chrome/browser/sync/profile_sync_components_factory_impl.h"
 #include "chrome/browser/sync/sync_global_error.h"
 #include "chrome/browser/sync/user_selectable_sync_type.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_list.h"
 #include "chrome/browser/ui/browser_window.h"
 #include "chrome/browser/ui/global_error_service.h"
 #include "chrome/browser/ui/global_error_service_factory.h"
 #include "chrome/common/chrome_notification_types.h"
+#include "chrome/common/chrome_paths_internal.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/chrome_version_info.h"
 #include "chrome/common/net/gaia/gaia_constants.h"
 #include "chrome/common/time_format.h"
 #include "chrome/common/url_constants.h"
+#include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_details.h"
 #include "content/public/browser/notification_source.h"
 #include "grit/generated_resources.h"
 #include "net/cookies/cookie_monster.h"
 #include "sync/api/sync_error.h"
 #include "sync/internal_api/public/configure_reason.h"
 #include "sync/internal_api/public/util/experiments.h"
 #include "sync/js/js_arg_list.h"
 #include "sync/js/js_event_details.h"
 #include "sync/util/cryptographer.h"
@@ skipping 62 matching lines @@
       signin_(signin_manager),
       unrecoverable_error_reason_(ERROR_REASON_UNSET),
       weak_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)),
       expect_sync_configuration_aborted_(false),
       encrypted_types_(csync::Cryptographer::SensitiveTypes()),
       encrypt_everything_(false),
       encryption_pending_(false),
       auto_start_enabled_(start_behavior == AUTO_START),
       failed_datatypes_handler_(ALLOW_THIS_IN_INITIALIZER_LIST(this)),
       configure_status_(DataTypeManager::UNKNOWN),
-      setup_in_progress_(false) {
+      setup_in_progress_(false),
+      setting_up_with_cached_credentials_(false) {
 #if defined(OS_ANDROID)
   chrome::VersionInfo version_info;
   if (version_info.IsOfficialBuild()) {
     sync_service_url_ = GURL(kSyncServerUrl);
   }
 #else
   // By default, dev, canary, and unbranded Chromium users will go to the
   // development servers. Development servers have more features than standard
   // sync servers. Users with officially-branded Chrome stable and beta builds
   // will go to the standard sync servers.
@@ skipping 15 matching lines @@
 
 bool ProfileSyncService::IsSyncEnabledAndLoggedIn() {
   // Exit if sync is disabled.
   if (IsManaged() || sync_prefs_.IsStartSuppressed())
     return false;
 
   // Sync is logged in if there is a non-empty authenticated username.
   return !signin_->GetAuthenticatedUsername().empty();
 }
 
+#if defined (OS_WIN)
+
+bool ProfileSyncService::ShouldSigninUsingCachedCredentials() {
+  // Makes sure that we are running on Windows 8, that the current profile is
+  // the default profile directory, that sync is not disabled by policy, that
+  // startup is not suppressed, that setup is not already in progress, that no
+  // user is already signed in, and that we are not already trying to auto-start
+  // sync.
+  return
+      base::win::GetVersion() >= base::win::VERSION_WIN8 &&
+      csync::CredentialCache::IsDefaultProfileDir(profile()->GetPath()) &&
+      !IsManaged() &&
+      !sync_prefs_.IsStartSuppressed() &&
+      !setup_in_progress_ &&
+      signin_->GetAuthenticatedUsername().empty() &&
+      !setting_up_with_cached_credentials_;
+}
+
+#endif  // OS_WIN
+
 bool ProfileSyncService::IsSyncTokenAvailable() {
   TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
   if (!token_service)
     return false;
   return token_service->HasTokenForService(GaiaConstants::kSyncService);
 }
 
 void ProfileSyncService::Initialize() {
   InitSettings();
 
@@ skipping 14 matching lines @@
 
   if (!HasSyncSetupCompleted() || signin_->GetAuthenticatedUsername().empty()) {
     // Clean up in case of previous crash / setup abort / signout.
     DisableForUser();
   }
 
   TryStart();
 }
 
 void ProfileSyncService::TryStart() {
+#if defined(OS_WIN)
+  if (ShouldSigninUsingCachedCredentials()) {

[Andrew T Wilson (Slow), 2012/06/26 23:26:13]

What happens if the user is already logged in to a different acct? This seems
like it'd log them out or something.

[Raghu Simha, 2012/06/27 00:17:04]

No. In such cases, signin_->GetAuthenticatedUsername().empty() will be
non-empty, and ShouldSigninUsingCachedCredentials() will return false.

+    TryLoadingCachedCredentials();
+    return;
+  }
+#endif  // OS_WIN
   if (!IsSyncEnabledAndLoggedIn())
     return;
   TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
   if (!token_service)
     return;
   // Don't start the backend if the token service hasn't finished loading tokens
   // yet (if the backend is started before the sync token has been loaded,
   // GetCredentials() will return bogus credentials). On auto_start platforms
   // (like ChromeOS) we don't start sync until tokens are loaded, because the
   // user can be "signed in" on those platforms long before the tokens get
   // loaded, and we don't want to generate spurious auth errors.
   if (IsSyncTokenAvailable() ||
       (!auto_start_enabled_ && token_service->TokensLoadedFromDB())) {
     if (HasSyncSetupCompleted() || auto_start_enabled_) {
       // If sync setup has completed we always start the backend.
       // If autostart is enabled, but we haven't completed sync setup, we try to
       // start sync anyway, since it's possible we crashed/shutdown after
       // logging in but before the backend finished initializing the last time.
       // Note that if we haven't finished setting up sync, backend bring up will
       // be done by the wizard.
       StartUp();
     }
   }
 }
 
+#if defined(OS_WIN)
+
+void ProfileSyncService::TryLoadingCachedCredentials() {
+  scoped_refptr<csync::CredentialCache> credentials =
+      new csync::CredentialCache(profile_->GetPath());
+  content::BrowserThread::PostTaskAndReply(
+      content::BrowserThread::FILE,
+      FROM_HERE,
+      base::Bind(&csync::CredentialCache::LoadCredentialsFromAlternateProfile,
+                 credentials),
+      base::Bind(&ProfileSyncService::OnLoadedCachedCredentials,
+                 weak_factory_.GetWeakPtr(),
+                 credentials));

[Roger Tawa OOO till Jul 10th, 2012/06/27 21:23:28]

why not bind the path directly instead of creating a csync::CredentialCache?

[Raghu Simha, 2012/07/19 06:57:07]

We now use a CredentialCacheService to do this.

+}
+
+void ProfileSyncService::OnLoadedCachedCredentials(
+    scoped_refptr<csync::CredentialCache> credentials) {
+  DCHECK(credentials.get() != NULL);
+  if (!credentials->authenticated_username().empty() &&
+      !credentials->sid().empty() &&
+      !credentials->lsid().empty() &&
+      !credentials->encryption_bootstrap_token().empty()) {
+    setting_up_with_cached_credentials_ = true;
+    SetSetupInProgress(true);
+    sync_prefs_.SetEncryptionBootstrapToken(
+        credentials->encryption_bootstrap_token());
+    signin_->StartSignInWithCachedCredentials(credentials);
+  }
+  credentials.release();
+}
+
+#endif  // OS_WIN
+
 void ProfileSyncService::StartSyncingWithServer() {
   if (backend_.get())
     backend_->StartSyncingWithServer();
 }
 
 void ProfileSyncService::RegisterAuthNotifications() {
   TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
   registrar_.Add(this,
                  chrome::NOTIFICATION_TOKEN_AVAILABLE,
                  content::Source<TokenService>(token_service));
@@ skipping 126 matching lines @@
   DCHECK(encrypted_types.Has(syncable::PASSWORDS));
   return !Intersection(preferred_types, encrypted_types).Empty();
 }
 
 void ProfileSyncService::OnSyncConfigureDone(
     DataTypeManager::ConfigureResult result) {
   if (failed_datatypes_handler_.UpdateFailedDatatypes(result.failed_data_types,
           FailedDatatypesHandler::STARTUP)) {
     ReconfigureDatatypeManager();
   }
+
+  // If we were trying to bootstrap sync using cached credentials, this
+  // signifies the end of a successful auto-start. Set the flag to false and
+  // mark sync setup as complete.
+  if (setting_up_with_cached_credentials_) {
+    setting_up_with_cached_credentials_ = false;
+    SetSyncSetupCompleted();
+    NotifyObservers();
+  }
 }
 
 void ProfileSyncService::OnSyncConfigureRetry() {
   // In platforms with auto start we would just wait for the
   // configure to finish. In other platforms we would throw
   // an unrecoverable error. The reason we do this is so that
   // the login dialog would show an error and the user would have
   // to relogin.
   // Also if backend has been initialized(the user is authenticated
   // and nigori is downloaded) we would simply wait rather than going into
   // unrecoverable error, even if the platform has auto start disabled.
   // Note: In those scenarios the UI does not wait for the configuration
   // to finish.
   if (!auto_start_enabled_ && !backend_initialized_) {
     OnInternalUnrecoverableError(FROM_HERE,
                                  "Configure failed to download.",
                                  true,
                                  ERROR_REASON_CONFIGURATION_RETRY);
   }
 
   NotifyObservers();
 }
 
-
 void ProfileSyncService::StartUp() {
   // Don't start up multiple times.
   if (backend_.get()) {
     DVLOG(1) << "Skipping bringing up backend host.";
     return;
   }
 
   DCHECK(IsSyncEnabledAndLoggedIn());
 
   last_synced_time_ = sync_prefs_.GetLastSyncedTime();
@@ skipping 245 matching lines @@
     return;
   }
 
   backend_initialized_ = true;
 
   sync_js_controller_.AttachJsBackend(js_backend);
 
   // If we have a cached passphrase use it to decrypt/encrypt data now that the
   // backend is initialized. We want to call this before notifying observers in
   // case this operation affects the "passphrase required" status.
-  ConsumeCachedPassphraseIfPossible();
+  // Note: On Windows 8, if we are signing in using sync credentials cached by
+  // the alternate Metro / Desktop profile, there is no passphrase to consume,
+  // since we only store the encryption bootstrap token for sync.
+  if (!setting_up_with_cached_credentials_)

[Andrew T Wilson (Slow), 2012/06/26 23:26:13]

Don't need this check since ConsumeCachedPassphraseIfPossible() does nothing if
there's no cached passphrase.

[Raghu Simha, 2012/07/19 06:57:07]

Removed.

+    ConsumeCachedPassphraseIfPossible();
 
   // The very first time the backend initializes is effectively the first time
   // we can say we successfully "synced".  last_synced_time_ will only be null
   // in this case, because the pref wasn't restored on StartUp.
   if (last_synced_time_.is_null()) {
     UpdateLastSyncedTime();
   }
   NotifyObservers();
 
   if (auto_start_enabled_ && !FirstSetupInProgress()) {
     // Backend is initialized but we're not in sync setup, so this must be an
     // autostart - mark our sync setup as completed and we'll start syncing
     // below.
     SetSyncSetupCompleted();
     NotifyObservers();
   }
 
-  if (HasSyncSetupCompleted()) {
+  // Configure the DTM if we are in the middle of an auto-start, or if we are
+  // bootstrapping sync using cached sync credentials on Windows 8.
+  if (HasSyncSetupCompleted() || setting_up_with_cached_credentials_) {

[Andrew T Wilson (Slow), 2012/06/26 23:26:13]

Seems like it'd be better to just set HasSyncSetupCompleted() above.

Also, are we concerned that we aren't carrying over the user's data types (i.e.
if I setup sync on desktop for just bookmarks, it'll automatically start syncing
everything else on the other side - passwords, tabs, etc). Seems like a privacy
violation.

[Raghu Simha, 2012/06/27 00:17:04]

This is an excellent point. I believe I'm going to have to persist not only the
credentials, but also a list of synced types. Which means I'm going to have to
use a better class name than CredentialCache.

     ConfigureDataTypeManager();
   } else {
     DCHECK(FirstSetupInProgress());
   }
 }
 
 void ProfileSyncService::OnSyncCycleCompleted() {
   UpdateLastSyncedTime();
   if (GetSessionModelAssociator()) {
     // Trigger garbage collection of old sessions now that we've downloaded
@@ skipping 763 matching lines @@
       } else {
         StartSyncingWithServer();
       }
 
       break;
     }
     case chrome::NOTIFICATION_GOOGLE_SIGNIN_SUCCESSFUL: {
       const GoogleServiceSigninSuccessDetails* successful =
           content::Details<const GoogleServiceSigninSuccessDetails>(
               details).ptr();
-      DCHECK(!successful->password.empty());
-      if (!sync_prefs_.IsStartSuppressed()) {
+      // The only time the password field is allowed to be empty is when we are
+      // bootstrapping sync from cached credentials.
+      DCHECK(setting_up_with_cached_credentials_ ||
+             !successful->password.empty());

[Andrew T Wilson (Slow), 2012/06/26 23:26:13]

This is kind of ugly, as it means that people outside of sync can't rely on the
password field in this notification.

I'd rather have the signin manager code not send out SIGNIN_SUCCESSFUL at all if
signing in from cached credentials, or else send out some other kind of signin
notification (SIGNIN_SUCCESSFUL_FROM_CACHED_CREDENTIALS) that doesn't have a
password field.

[Raghu Simha, 2012/06/27 00:17:04]

Agreed. Coming up.

[Raghu Simha, 2012/07/19 06:57:07]

Concerns addressed in new design, I hope :)

+
+      // Do not use the password as a cached passphrase if sync is suppressed.
+      // Also, if we are starting up sync using cached credentials, do not try
+      // to use the gaia password as an implicit passphrase, since passwords are
+      // not persisted in the sync cache, and the password field will be empty.
+      if (!sync_prefs_.IsStartSuppressed() &&
+          !setting_up_with_cached_credentials_) {
         cached_passphrase_ = successful->password;
         // Try to consume the passphrase we just cached. If the sync backend
         // is not running yet, the passphrase will remain cached until the
         // backend starts up.
         ConsumeCachedPassphraseIfPossible();
       }
 #if defined(OS_CHROMEOS)
       RefreshSpareBootstrapToken(successful->password);
 #endif
       if (!sync_initialized() ||
@@ skipping 171 matching lines @@
   // See http://stackoverflow.com/questions/6224121/is-new-this-myclass-undefined-behaviour-after-directly-calling-the-destru.
   ProfileSyncService* old_this = this;
   this->~ProfileSyncService();
   new(old_this) ProfileSyncService(
       new ProfileSyncComponentsFactoryImpl(profile,
                                            CommandLine::ForCurrentProcess()),
       profile,
       signin,
       behavior);
 }