New authorization framework for sync. ...

chrome/browser/sync/engine/syncapi.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/engine/syncapi.h"
 
 #include "build/build_config.h"
 
 #include <iomanip>
 #include <list>
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/base64.h"
 #include "base/lock.h"
 #include "base/logging.h"
 #include "base/message_loop.h"
 #include "base/platform_thread.h"
 #include "base/scoped_ptr.h"
 #include "base/sha1.h"
 #include "base/string_util.h"
 #include "base/task.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/sync/sync_constants.h"
 #include "chrome/browser/sync/engine/all_status.h"
-#include "chrome/browser/sync/engine/auth_watcher.h"
 #include "chrome/browser/sync/engine/change_reorder_buffer.h"
 #include "chrome/browser/sync/engine/model_safe_worker.h"
 #include "chrome/browser/sync/engine/net/server_connection_manager.h"
 #include "chrome/browser/sync/engine/net/syncapi_server_connection_manager.h"
 #include "chrome/browser/sync/engine/syncer.h"
 #include "chrome/browser/sync/engine/syncer_thread.h"
 #include "chrome/browser/sync/notifier/server_notifier_thread.h"
 #include "chrome/browser/sync/protocol/app_specifics.pb.h"
 #include "chrome/browser/sync/protocol/autofill_specifics.pb.h"
 #include "chrome/browser/sync/protocol/bookmark_specifics.pb.h"
 #include "chrome/browser/sync/protocol/extension_specifics.pb.h"
 #include "chrome/browser/sync/protocol/nigori_specifics.pb.h"
 #include "chrome/browser/sync/protocol/password_specifics.pb.h"
 #include "chrome/browser/sync/protocol/preference_specifics.pb.h"
 #include "chrome/browser/sync/protocol/session_specifics.pb.h"
 #include "chrome/browser/sync/protocol/service_constants.h"
 #include "chrome/browser/sync/protocol/sync.pb.h"
 #include "chrome/browser/sync/protocol/theme_specifics.pb.h"
 #include "chrome/browser/sync/protocol/typed_url_specifics.pb.h"
 #include "chrome/browser/sync/sessions/sync_session_context.h"
 #include "chrome/browser/sync/syncable/directory_manager.h"
 #include "chrome/browser/sync/syncable/syncable.h"
 #include "chrome/browser/sync/util/crypto_helpers.h"
-#include "chrome/browser/sync/util/user_settings.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/deprecated/event_sys.h"
 #include "chrome/common/net/gaia/gaia_authenticator.h"
 #include "jingle/notifier/listener/mediator_thread_impl.h"
 #include "jingle/notifier/listener/notification_constants.h"
 #include "jingle/notifier/listener/talk_mediator.h"
 #include "jingle/notifier/listener/talk_mediator_impl.h"
 #include "net/base/network_change_notifier.h"
 
 using browser_sync::AllStatus;
 using browser_sync::AllStatusEvent;
-using browser_sync::AuthWatcher;
-using browser_sync::AuthWatcherEvent;
 using browser_sync::Cryptographer;
 using browser_sync::KeyParams;
 using browser_sync::ModelSafeRoutingInfo;
 using browser_sync::ModelSafeWorker;
 using browser_sync::ModelSafeWorkerRegistrar;
+using browser_sync::ServerConnectionEvent;
 using browser_sync::Syncer;
 using browser_sync::SyncerEvent;
 using browser_sync::SyncerThread;
-using browser_sync::UserSettings;
 using browser_sync::kNigoriTag;
 using browser_sync::sessions::SyncSessionContext;
 using notifier::TalkMediator;
 using notifier::TalkMediatorImpl;
 using std::list;
 using std::hex;
 using std::string;
 using std::vector;
 using syncable::Directory;
 using syncable::DirectoryManager;
@@ skipping 818 matching lines @@
     : public net::NetworkChangeNotifier::Observer,
       public TalkMediator::Delegate,
       public browser_sync::ChannelEventHandler<syncable::DirectoryChangeEvent>,
       public browser_sync::ChannelEventHandler<SyncerEvent>{
   static const int kDefaultNudgeDelayMilliseconds;
   static const int kPreferencesNudgeDelayMilliseconds;
  public:
   explicit SyncInternal(SyncManager* sync_manager)
       : core_message_loop_(NULL),
         observer_(NULL),
-        auth_problem_(AuthError::NONE),
         sync_manager_(sync_manager),
         registrar_(NULL),
         notification_pending_(false),
         initialized_(false),
         use_chrome_async_socket_(false),
         notification_method_(browser_sync::kDefaultNotificationMethod),
         ALLOW_THIS_IN_INITIALIZER_LIST(method_factory_(this)) {
     DCHECK(ChromeThread::CurrentlyOn(ChromeThread::UI));
   }
 
   ~SyncInternal() {
     DCHECK(!core_message_loop_);
     DCHECK(ChromeThread::CurrentlyOn(ChromeThread::UI));
   }
 
   bool Init(const FilePath& database_location,
             const std::string& sync_server_and_path,
             int port,
-            const char* gaia_service_id,
-            const char* gaia_source,
             bool use_ssl,
             HttpPostProviderFactory* post_factory,
-            HttpPostProviderFactory* auth_post_factory,
             ModelSafeWorkerRegistrar* model_safe_worker_registrar,
-            bool attempt_last_user_authentication,
-            bool invalidate_last_user_auth_token,
-            bool invalidate_xmpp_auth_token,
             const char* user_agent,
-            const std::string& lsid,
+            const SyncCredentials& credentials,
             const bool use_chrome_async_socket,
             const bool try_ssltcp_first,
             browser_sync::NotificationMethod notification_method,
             const std::string& restored_key_for_bootstrapping);
 
-  // Tell sync engine to submit credentials to GAIA for verification.
-  // Successful GAIA authentication will kick off the following chain of events:
-  // 1. Cause sync engine to open the syncer database.
-  // 2. Trigger the AuthWatcher to create a Syncer for the directory and call
-  //    SyncerThread::SyncDirectory; the SyncerThread will block until (4).
-  // 3. Tell the ServerConnectionManager to pass the newly received GAIA auth
-  //    token to a sync server to obtain a sync token.
-  // 4. On receipt of this token, the ServerConnectionManager broadcasts
-  //    a server-reachable event, which will unblock the SyncerThread.
-  // 5. When StartSyncing is called, the Syncer will begin the sync process, by
-  //    downloading from or uploading to the server.
-  //
-  // If authentication fails, an event will be broadcast all the way up to
-  // the SyncManager::Observer. It may, in turn, decide to try again with new
-  // credentials. Calling this method again is the appropriate course of action
-  // to "retry".
-  void Authenticate(const std::string& username, const std::string& password,
-                    const std::string& captcha);
+
+  // Sign into sync with given credentials.
+  // We do not verify the tokens given. After this call, the tokens are set
+  // and the sync DB is open. True if successful, false if something
+  // went wrong.
+  bool SignIn(const SyncCredentials& credentials);
+
+  // Update tokens that we're using in Sync. Email must stay the same.
+  void UpdateCredentials(const SyncCredentials& credentials);
 
   // Tell the sync engine to start the syncing process.
   void StartSyncing();
 
   void SetPassphrase(const std::string& passphrase);
 
   // Call periodically from a database-safe thread to persist recent changes
   // to the syncapi model.
   void SaveChanges();
 
   // This listener is called upon completion of a syncable transaction, and
   // builds the list of sync-engine initiated changes that will be forwarded to
   // the SyncManager's Observers.
   virtual void HandleChannelEvent(const syncable::DirectoryChangeEvent& event);
   void HandleTransactionEndingChangeEvent(
       const syncable::DirectoryChangeEvent& event);
   void HandleCalculateChangesChangeEventFromSyncApi(
       const syncable::DirectoryChangeEvent& event);
   void HandleCalculateChangesChangeEventFromSyncer(
       const syncable::DirectoryChangeEvent& event);
 
   // This listener is called by the syncer channel for all syncer events.
   virtual void HandleChannelEvent(const SyncerEvent& event);
 
-  // We have a direct hookup to the authwatcher to be notified for auth failures
-  // on startup, to serve our UI needs.
-  void HandleAuthWatcherEvent(const AuthWatcherEvent& event);
+  // Listens for notifications from the ServerConnectionManager
+  void HandleServerConnectionEvent(const ServerConnectionEvent& event);
 
-  // Listen here for directory opened events.
-  void HandleDirectoryManagerEvent(
-      const syncable::DirectoryManagerEvent& event);
+  // Open the directory named with username_for_share
+  bool OpenDirectory();
 
   // Login to the talk mediator with the given credentials.
   void TalkMediatorLogin(
       const std::string& email, const std::string& token);
 
   // TalkMediator::Delegate implementation.
-
   virtual void OnNotificationStateChange(
       bool notifications_enabled);
 
   virtual void OnIncomingNotification(
       const IncomingNotificationData& notification_data);
 
   virtual void OnOutgoingNotification();
 
   // Accessors for the private members.
   DirectoryManager* dir_manager() { return share_.dir_manager.get(); }
   SyncAPIServerConnectionManager* connection_manager() {
     return connection_manager_.get();
   }
   SyncerThread* syncer_thread() { return syncer_thread_.get(); }
   TalkMediator* talk_mediator() { return talk_mediator_.get(); }
-  AuthWatcher* auth_watcher() { return auth_watcher_.get(); }
   void set_observer(SyncManager::Observer* observer) { observer_ = observer; }
   UserShare* GetUserShare() { return &share_; }
 
   // Return the currently active (validated) username for use with syncable
   // types.
   const std::string& username_for_share() const {
-    return share_.authenticated_name;
+    return share_.name;
   }
 
   // Note about SyncManager::Status implementation: Status is a trimmed
   // down AllStatus::Status, augmented with authentication failure information
   // gathered from the internal AuthWatcher. The sync UI itself hooks up to
   // various sources like the AuthWatcher individually, but with syncapi we try
   // to keep everything status-related in one place. This means we have to
   // privately manage state about authentication failures, and whenever the
   // status or status summary is requested we aggregate this state with
   // AllStatus::Status information.
@@ skipping 34 matching lines @@
     registrar_->GetModelSafeRoutingInfo(&enabled_types);
     for (ModelSafeRoutingInfo::const_iterator i = enabled_types.begin();
         i != enabled_types.end(); ++i) {
       if (!lookup->initial_sync_ended_for_type(i->first))
         return false;
     }
     return true;
   }
 
  private:
-  // Try to authenticate using a LSID cookie.
-  void AuthenticateWithLsid(const std::string& lsid);
-
-  // Try to authenticate using persisted credentials from a previous successful
-  // authentication. If no such credentials exist, calls OnAuthError on the
-  // client to collect credentials. Otherwise, there exist local credentials
-  // that were once used for a successful auth, so we'll try to re-use these.
-  // Failure of that attempt will be communicated as normal using OnAuthError.
-  // Since this entry point will bypass normal GAIA authentication and try to
-  // authenticate directly with the sync service using a cached token,
-  // authentication failure will generally occur due to expired credentials, or
-  // possibly because of a password change.
-  bool AuthenticateForUser(const std::string& username,
-                           const std::string& auth_token);
-
   // Helper to call OnAuthError when no authentication credentials are
   // available.
   void RaiseAuthNeededEvent();
 
   // Helper to set initialized_ to true and raise an event to clients to notify
   // that initialization is complete and it is safe to send us changes. If
   // already initialized, this is a no-op.
   void MarkAndNotifyInitializationComplete();
 
   // If there's a pending notification to be sent, either from the
@@ skipping 58 matching lines @@
     } else {
       NOTREACHED() << "Should be valid connection manager!";
     }
   }
 
   // We couple the DirectoryManager and username together in a UserShare member
   // so we can return a handle to share_ to clients of the API for use when
   // constructing any transaction type.
   UserShare share_;
 
-  // A wrapper around a sqlite store used for caching authentication data,
-  // last user information, current sync-related URLs, and more.
-  scoped_ptr<UserSettings> user_settings_;
-
   MessageLoop* core_message_loop_;
 
   // Observer registered via SetObserver/RemoveObserver.
   // WARNING: This can be NULL!
   SyncManager::Observer* observer_;
 
   // The ServerConnectionManager used to abstract communication between the
   // client (the Syncer) and the sync server.
   scoped_ptr<SyncAPIServerConnectionManager> connection_manager_;
 
   // The thread that runs the Syncer. Needs to be explicitly Start()ed.
   scoped_refptr<SyncerThread> syncer_thread_;
 
   // Notification (xmpp) handler.
   scoped_ptr<TalkMediator> talk_mediator_;
 
   // A multi-purpose status watch object that aggregates stats from various
   // sync components.
   AllStatus allstatus_;
 
-  // AuthWatcher kicks off the authentication process and follows it through
-  // phase 1 (GAIA) to phase 2 (sync engine). As part of this work it determines
-  // the initial connectivity and causes the server connection event to be
-  // broadcast, which signals the syncer thread to start syncing.
-  // It has a heavy duty constructor requiring boilerplate so we heap allocate.
-  scoped_refptr<AuthWatcher> auth_watcher_;
-
   // Each element of this array is a store of change records produced by
   // HandleChangeEvent during the CALCULATE_CHANGES step.  The changes are
   // segregated by model type, and are stored here to be processed and
   // forwarded to the observer slightly later, at the TRANSACTION_ENDING
   // step by HandleTransactionEndingChangeEvent.
   ChangeReorderBuffer change_buffers_[syncable::MODEL_TYPE_COUNT];
 
   // The event listener hookup that is registered for HandleChangeEvent.
   scoped_ptr<browser_sync::ChannelHookup<syncable::DirectoryChangeEvent> >
       dir_change_hookup_;
 
+  // Event listener hookup for the ServerConnectionManager.
+  scoped_ptr<EventListenerHookup> connection_manager_hookup_;
+
   // The event listener hookup registered for HandleSyncerEvent.
   scoped_ptr<browser_sync::ChannelHookup<SyncerEvent> > syncer_event_;
 
-  // The event listener hookup registered for HandleAuthWatcherEvent.
-  scoped_ptr<EventListenerHookup> authwatcher_hookup_;
-
-  // The event listener hookup registered for the DirectoryManager (OPENED).
-  scoped_ptr<EventListenerHookup> directory_manager_hookup_;
-
-  // Our cache of a recent authentication problem. If no authentication problem
-  // occurred, or if the last problem encountered has been cleared (by a
-  // subsequent AuthWatcherEvent), this is set to NONE.
-  AuthError::State auth_problem_;
-
   // The sync dir_manager to which we belong.
   SyncManager* const sync_manager_;
 
   // The entity that provides us with information about which types to sync.
   // The instance is shared between the SyncManager and the Syncer.
   ModelSafeWorkerRegistrar* registrar_;
 
   // True if the next SyncCycle should notify peers of an update.
   bool notification_pending_;
 
@@ skipping 14 matching lines @@
 const int SyncManager::SyncInternal::kDefaultNudgeDelayMilliseconds = 200;
 const int SyncManager::SyncInternal::kPreferencesNudgeDelayMilliseconds = 2000;
 
 SyncManager::SyncManager() {
   data_ = new SyncInternal(this);
 }
 
 bool SyncManager::Init(const FilePath& database_location,
                        const char* sync_server_and_path,
                        int sync_server_port,
-                       const char* gaia_service_id,
-                       const char* gaia_source,
                        bool use_ssl,
                        HttpPostProviderFactory* post_factory,
-                       HttpPostProviderFactory* auth_post_factory,
                        ModelSafeWorkerRegistrar* registrar,
-                       bool attempt_last_user_authentication,
-                       bool invalidate_last_user_auth_token,
-                       bool invalidate_xmpp_auth_token,
                        const char* user_agent,
-                       const char* lsid,
+                       const SyncCredentials& credentials,
                        bool use_chrome_async_socket,
                        bool try_ssltcp_first,
                        browser_sync::NotificationMethod notification_method,
                        const std::string& restored_key_for_bootstrapping) {
   DCHECK(post_factory);
   LOG(INFO) << "SyncManager starting Init...";
   string server_string(sync_server_and_path);
   return data_->Init(database_location,
                      server_string,
                      sync_server_port,
-                     gaia_service_id,
-                     gaia_source,
                      use_ssl,
                      post_factory,
-                     auth_post_factory,
                      registrar,
-                     attempt_last_user_authentication,
-                     invalidate_last_user_auth_token,
-                     invalidate_xmpp_auth_token,
                      user_agent,
-                     lsid,
+                     credentials,
                      use_chrome_async_socket,
                      try_ssltcp_first,
                      notification_method,
                      restored_key_for_bootstrapping);
 }
 
-void SyncManager::Authenticate(const char* username, const char* password,
-    const char* captcha) {
-  data_->Authenticate(std::string(username), std::string(password),
-                      std::string(captcha));
+void SyncManager::UpdateCredentials(const SyncCredentials& credentials) {
+  data_->UpdateCredentials(credentials);
 }
 
+
 bool SyncManager::InitialSyncEndedForAllEnabledTypes() {
   return data_->InitialSyncEndedForAllEnabledTypes();
 }
 
 void SyncManager::StartSyncing() {
   data_->StartSyncing();
 }
 
 void SyncManager::SetPassphrase(const std::string& passphrase) {
   data_->SetPassphrase(passphrase);
 }
 
 bool SyncManager::RequestPause() {
   return data_->syncer_thread()->RequestPause();
 }
 
 bool SyncManager::RequestResume() {
   return data_->syncer_thread()->RequestResume();
 }
 
 void SyncManager::RequestNudge() {
   data_->syncer_thread()->NudgeSyncer(0, SyncerThread::kLocal);
 }
 
+// TODO(chron): Don't need to plumb this so deep.
 const std::string& SyncManager::GetAuthenticatedUsername() {
   DCHECK(data_);
   return data_->username_for_share();
 }
 
 bool SyncManager::SyncInternal::Init(
     const FilePath& database_location,
     const std::string& sync_server_and_path,
     int port,
-    const char* gaia_service_id,
-    const char* gaia_source,
     bool use_ssl,
     HttpPostProviderFactory* post_factory,
-    HttpPostProviderFactory* auth_post_factory,
     ModelSafeWorkerRegistrar* model_safe_worker_registrar,
-    bool attempt_last_user_authentication,
-    bool invalidate_last_user_auth_token,
-    bool invalidate_xmpp_auth_token,
     const char* user_agent,
-    const std::string& lsid,
+    const SyncCredentials& credentials,
     bool use_chrome_async_socket,
     bool try_ssltcp_first,
     browser_sync::NotificationMethod notification_method,
     const std::string& restored_key_for_bootstrapping) {
 
   LOG(INFO) << "Starting SyncInternal initialization.";
 
   core_message_loop_ = MessageLoop::current();
   DCHECK(core_message_loop_);
   notification_method_ = notification_method;
-  // Set up UserSettings, creating the db if necessary. We need this to
-  // instantiate a URLFactory to give to the Syncer.
-  FilePath settings_db_file =
-      database_location.Append(FilePath(kBookmarkSyncUserSettingsDatabase));
-  user_settings_.reset(new UserSettings());
-  if (!user_settings_->Init(settings_db_file))
-    return false;
-
   registrar_ = model_safe_worker_registrar;
 
-  LOG(INFO) << "Initialized sync user settings. Starting DirectoryManager.";
+  share_.dir_manager.reset(new DirectoryManager(database_location));
 
-  share_.dir_manager.reset(new DirectoryManager(database_location));
-  directory_manager_hookup_.reset(NewEventListenerHookup(
-      share_.dir_manager->channel(), this,
-          &SyncInternal::HandleDirectoryManagerEvent));
-  share_.dir_manager->cryptographer()->Bootstrap(
-      restored_key_for_bootstrapping);
+  connection_manager_.reset(new SyncAPIServerConnectionManager(
+      sync_server_and_path, port, use_ssl, user_agent, post_factory));
 
-  string client_id = user_settings_->GetClientId();
-  connection_manager_.reset(new SyncAPIServerConnectionManager(
-      sync_server_and_path, port, use_ssl, user_agent, client_id,
-      post_factory));
-
-  // Watch various objects for aggregated status.
-  allstatus_.WatchConnectionManager(connection_manager());
+  connection_manager_hookup_.reset(
+      NewEventListenerHookup(connection_manager()->channel(), this,
+          &SyncManager::SyncInternal::HandleServerConnectionEvent));
 
   net::NetworkChangeNotifier::AddObserver(this);
   // TODO(akalin): CheckServerReachable() can block, which may cause jank if we
   // try to shut down sync.  Fix this.
   core_message_loop_->PostTask(FROM_HERE,
       method_factory_.NewRunnableMethod(&SyncInternal::CheckServerReachable));
 
   // NOTIFICATION_SERVER uses a substantially different notification method, so
   // it has its own MediatorThread implementation.  Everything else just uses
   // MediatorThreadImpl.
   notifier::MediatorThread* mediator_thread =
       (notification_method == browser_sync::NOTIFICATION_SERVER) ?
       new sync_notifier::ServerNotifierThread(use_chrome_async_socket,
                                               try_ssltcp_first) :
       new notifier::MediatorThreadImpl(use_chrome_async_socket,
                                        try_ssltcp_first);
   const bool kInitializeSsl = true;
   const bool kConnectImmediately = false;
   talk_mediator_.reset(new TalkMediatorImpl(mediator_thread, kInitializeSsl,
-      kConnectImmediately, invalidate_xmpp_auth_token));
+      kConnectImmediately, false));
   if (notification_method != browser_sync::NOTIFICATION_LEGACY &&
       notification_method != browser_sync::NOTIFICATION_SERVER) {
     if (notification_method == browser_sync::NOTIFICATION_TRANSITIONAL) {
       talk_mediator_->AddSubscribedServiceUrl(
           browser_sync::kSyncLegacyServiceUrl);
     }
     talk_mediator_->AddSubscribedServiceUrl(browser_sync::kSyncServiceUrl);
   }
 
   // Listen to TalkMediator events ourselves
   talk_mediator_->SetDelegate(this);
 
-  std::string gaia_url = gaia::kGaiaUrl;
-  const char* service_id = gaia_service_id ?
-      gaia_service_id : SYNC_SERVICE_NAME;
-
-  BridgedGaiaAuthenticator* gaia_auth = new BridgedGaiaAuthenticator(
-      gaia_source, service_id, gaia_url, auth_post_factory);
-
-  LOG(INFO) << "Sync is bringing up authwatcher and SyncSessionContext.";
-
-  auth_watcher_ = new AuthWatcher(dir_manager(),
-                                  connection_manager(),
-                                  gaia_source,
-                                  service_id,
-                                  gaia_url,
-                                  user_settings_.get(),
-                                  gaia_auth);
-
-  authwatcher_hookup_.reset(NewEventListenerHookup(auth_watcher_->channel(),
-      this, &SyncInternal::HandleAuthWatcherEvent));
+  LOG(INFO) << "Sync is bringing up SyncSessionContext.";
 
   // Build a SyncSessionContext and store the worker in it.
   SyncSessionContext* context = new SyncSessionContext(
-      connection_manager_.get(), auth_watcher(),
-          dir_manager(), model_safe_worker_registrar);
+      connection_manager_.get(), dir_manager(), model_safe_worker_registrar);
 
   // The SyncerThread takes ownership of |context|.
   syncer_thread_ = new SyncerThread(context);
   allstatus_.WatchSyncerThread(syncer_thread());
 
   // Subscribe to the syncer thread's channel.
   syncer_event_.reset(syncer_thread()->relay_channel()->AddObserver(this));
 
-  bool attempting_auth = false;
-  std::string username, auth_token;
-  if (attempt_last_user_authentication &&
-      auth_watcher()->settings()->GetLastUserAndServiceToken(
-          SYNC_SERVICE_NAME, &username, &auth_token)) {
-    if (invalidate_last_user_auth_token) {
-      auth_token += "bogus";
-    }
-    attempting_auth = AuthenticateForUser(username, auth_token);
-  } else if (!lsid.empty()) {
-    attempting_auth = true;
-    AuthenticateWithLsid(lsid);
-  }
-  if (attempt_last_user_authentication && !attempting_auth)
-    RaiseAuthNeededEvent();
-  return true;
+  return SignIn(credentials);
 }
 
 void SyncManager::SyncInternal::StartSyncing() {
   if (syncer_thread())  // NULL during certain unittests.
     syncer_thread()->Start();  // Start the syncer thread. This won't actually
                                // result in any syncing until at least the
                                // DirectoryManager broadcasts the OPENED event,
                                // and a valid server connection is detected.
 }
 
@@ skipping 51 matching lines @@
   }
   bool success = talk_mediator_->SendNotification(notification_data);
   if (success) {
     notification_pending_ = false;
     LOG(INFO) << "Sent XMPP notification";
   } else {
     LOG(INFO) << "Could not send XMPP notification";
   }
 }
 
-void SyncManager::SyncInternal::Authenticate(const std::string& username,
-                                             const std::string& password,
-                                             const std::string& captcha) {
-  DCHECK(username_for_share().empty() || username == username_for_share())
-        << "Username change from valid username detected";
-  if (allstatus_.status().authenticated)
-    return;
-  if (password.empty()) {
-    // TODO(timsteele): Seems like this shouldn't be needed, but auth_watcher
-    // currently drops blank password attempts on the floor and doesn't update
-    // state; it only LOGs an error in this case. We want to make sure we set
-    // our GoogleServiceAuthError state to denote an error.
-    RaiseAuthNeededEvent();
-  }
-  auth_watcher()->Authenticate(username, password, std::string(),
-                               captcha);
-}
+bool SyncManager::SyncInternal::OpenDirectory() {
+  DCHECK(!initialized()) << "Should only happen once";
 
-void SyncManager::SyncInternal::AuthenticateWithLsid(const string& lsid) {
-  DCHECK(!lsid.empty());
-  auth_watcher()->AuthenticateWithLsid(lsid);
-}
+  bool share_opened = dir_manager()->Open(username_for_share());
+  DCHECK(share_opened);
+  if (!share_opened) {
+    if (observer_) {
+      observer_->OnStopSyncingPermanently();
+    }
 
-bool SyncManager::SyncInternal::AuthenticateForUser(
-    const std::string& username, const std::string& auth_token) {
-  share_.authenticated_name = username;
-
-  // We optimize by opening the directory before the "fresh" authentication
-  // attempt completes so that we can immediately begin processing changes.
-  if (!dir_manager()->Open(username_for_share())) {
-    if (observer_)
-      observer_->OnStopSyncingPermanently();
+    LOG(ERROR) << "Could not open share for:" << username_for_share();
     return false;
   }
 
-  // Load the last-known good auth token into the connection manager and send
-  // it off to the AuthWatcher for validation.  The result of the validation
-  // will update the connection manager if necessary.
-  connection_manager()->set_auth_token(auth_token);
-  auth_watcher()->AuthenticateWithToken(username, auth_token);
+  // Database has to be initialized for the guid to be available.
+  syncable::ScopedDirLookup lookup(dir_manager(), username_for_share());
+  if (!lookup.good()) {
+    NOTREACHED();
+    return false;
+  }
+
+  connection_manager()->set_client_id(lookup->cache_guid());
+  syncer_thread()->CreateSyncer(username_for_share());
+  MarkAndNotifyInitializationComplete();
+  dir_change_hookup_.reset(lookup->AddChangeObserver(this));
   return true;
 }
 
+bool SyncManager::SyncInternal::SignIn(const SyncCredentials& credentials) {
+  DCHECK_EQ(MessageLoop::current(), core_message_loop_);
+  DCHECK(share_.name.empty());
+  share_.name = credentials.email;
+
+  LOG(INFO) << "Signing in user: " << username_for_share();
+  if (!OpenDirectory()) {
+    return false;
+  }
+
+  UpdateCredentials(credentials);
+  return true;
+}
+
+void SyncManager::SyncInternal::UpdateCredentials(
+    const SyncCredentials& credentials) {
+  DCHECK_EQ(MessageLoop::current(), core_message_loop_);
+  DCHECK(share_.name == credentials.email);
+  connection_manager()->set_auth_token(credentials.sync_token);
+  TalkMediatorLogin(credentials.email, credentials.sync_token);
+  CheckServerReachable();
+  sync_manager_->RequestNudge();
+}
+
 void SyncManager::SyncInternal::RaiseAuthNeededEvent() {
-  auth_problem_ = AuthError::INVALID_GAIA_CREDENTIALS;
-  if (observer_)
-    observer_->OnAuthError(AuthError(auth_problem_));
+  if (observer_) {
+    observer_->OnAuthError(AuthError(AuthError::INVALID_GAIA_CREDENTIALS));
+  }
 }
 
 void SyncManager::SyncInternal::SetPassphrase(
     const std::string& passphrase) {
   Cryptographer* cryptographer = dir_manager()->cryptographer();
   KeyParams params = {"localhost", "dummy", passphrase};
   if (cryptographer->has_pending_keys()) {
     if (!cryptographer->DecryptPendingKeys(params)) {
       observer_->OnPassphraseRequired();
       return;
@@ skipping 39 matching lines @@
 
 void SyncManager::SyncInternal::Shutdown() {
   method_factory_.RevokeAll();
 
   // We NULL out talk_mediator_ so that any tasks pumped below do not
   // trigger further XMPP actions.
   //
   // TODO(akalin): NULL the other member variables defensively, too.
   scoped_ptr<TalkMediator> talk_mediator(talk_mediator_.release());
 
-  // First reset the AuthWatcher in case an auth attempt is in progress so that
-  // it terminates gracefully before we shutdown and close other components.
-  // Otherwise the attempt can complete after we've closed the directory, for
-  // example, and cause initialization to continue, which is bad.
-  if (auth_watcher_) {
-    auth_watcher_->Shutdown();
-    authwatcher_hookup_.reset();
-  }
-
   if (syncer_thread()) {
     if (!syncer_thread()->Stop(kThreadExitTimeoutMsec)) {
       LOG(FATAL) << "Unable to stop the syncer, it won't be happy...";
     }
     syncer_event_.reset();
     syncer_thread_ = NULL;
   }
 
-  // TODO(chron): Since the auth_watcher_ is held by the sync session state,
-  //              we release the ref here after the syncer is deallocated.
-  //              In reality the SyncerSessionState's pointer to the
-  //              authwatcher should be ref counted, but for M6 we use this
-  //              lower risk fix so it's deallocated on the original thread.
-  if (auth_watcher_) {
-    auth_watcher_ = NULL;
-  }
-
   // Shutdown the xmpp buzz connection.
   if (talk_mediator.get()) {
     LOG(INFO) << "P2P: Mediator logout started.";
     talk_mediator->Logout();
     LOG(INFO) << "P2P: Mediator logout completed.";
     talk_mediator.reset();
     LOG(INFO) << "P2P: Mediator destroyed.";
   }
 
   // Pump any messages the auth watcher, syncer thread, or talk
   // mediator posted before they shut down. (See HandleSyncerEvent(),
-  // HandleAuthWatcherEvent(), and HandleTalkMediatorEvent() for the
+  // and HandleTalkMediatorEvent() for the
   // events that may be posted.)
   {
     CHECK(core_message_loop_);
     bool old_state = core_message_loop_->NestableTasksAllowed();
     core_message_loop_->SetNestableTasksAllowed(true);
     core_message_loop_->RunAllPending();
     core_message_loop_->SetNestableTasksAllowed(old_state);
   }
 
   net::NetworkChangeNotifier::RemoveObserver(this);
 
+  connection_manager_hookup_.reset();
+
   if (dir_manager()) {
     dir_manager()->FinalSaveChangesForAll();
     dir_manager()->Close(username_for_share());
   }
 
   // Reset the DirectoryManager and UserSettings so they relinquish sqlite
   // handles to backing files.
   share_.dir_manager.reset();
-  user_settings_.reset();
 
   // We don't want to process any more events.
   dir_change_hookup_.reset();
 
   core_message_loop_ = NULL;
 }
 
 void SyncManager::SyncInternal::OnIPAddressChanged() {
   LOG(INFO) << "IP address change detected";
   // TODO(akalin): CheckServerReachable() can block, which may cause
   // jank if we try to shut down sync.  Fix this.
   connection_manager()->CheckServerReachable();
-}
-
-void SyncManager::SyncInternal::HandleDirectoryManagerEvent(
-    const syncable::DirectoryManagerEvent& event) {
-  LOG(INFO) << "Sync internal handling a directory manager event";
-  if (syncable::DirectoryManagerEvent::OPENED == event.what_happened) {
-     DCHECK(!initialized()) << "Should only happen once";
-     if (username_for_share().empty()) {
-       share_.authenticated_name = event.dirname;
-     }
-     DCHECK(LowerCaseEqualsASCII(username_for_share(),
-         StringToLowerASCII(event.dirname).c_str()))
-         << "username_for_share= " << username_for_share()
-         << ", event.dirname= " << event.dirname;
-     MarkAndNotifyInitializationComplete();
-  }
+  sync_manager_->RequestNudge();
 }
 
 // Listen to model changes, filter out ones initiated by the sync API, and
 // saves the rest (hopefully just backend Syncer changes resulting from
 // ApplyUpdates) to data_->changelist.
 void SyncManager::SyncInternal::HandleChannelEvent(
     const syncable::DirectoryChangeEvent& event) {
   if (event.todo == syncable::DirectoryChangeEvent::TRANSACTION_ENDING) {
     HandleTransactionEndingChangeEvent(event);
     return;
   } else if (event.todo == syncable::DirectoryChangeEvent::CALCULATE_CHANGES) {
     if (event.writer == syncable::SYNCAPI) {
       HandleCalculateChangesChangeEventFromSyncApi(event);
       return;
     }
     HandleCalculateChangesChangeEventFromSyncer(event);
     return;
   } else if (event.todo == syncable::DirectoryChangeEvent::SHUTDOWN) {
     dir_change_hookup_.reset();
   }
 }
 
+void SyncManager::SyncInternal::HandleServerConnectionEvent(
+    const ServerConnectionEvent& event) {
+  allstatus_.HandleServerConnectionEvent(event);
+  if (event.what_happened == ServerConnectionEvent::STATUS_CHANGED) {
+    if (event.connection_code ==
+        browser_sync::HttpResponse::SERVER_CONNECTION_OK) {
+      if (observer_) {
+        observer_->OnAuthError(AuthError(AuthError::None()));
+      }
+    }
+
+    if (event.connection_code == browser_sync::HttpResponse::SYNC_AUTH_ERROR) {
+      if (observer_) {
+        observer_->OnAuthError(AuthError(AuthError::INVALID_GAIA_CREDENTIALS));
+      }
+    }
+  }
+}
+
 void SyncManager::SyncInternal::HandleTransactionEndingChangeEvent(
     const syncable::DirectoryChangeEvent& event) {
   // This notification happens immediately before a syncable WriteTransaction
   // falls out of scope. It happens while the channel mutex is still held,
   // and while the transaction mutex is held, so it cannot be re-entrant.
   DCHECK_EQ(event.todo, syncable::DirectoryChangeEvent::TRANSACTION_ENDING);
   if (!observer_ || ChangeBuffersAreEmpty())
     return;
 
   // This will continue the WriteTransaction using a read only wrapper.
@@ skipping 211 matching lines @@
 
   if (event.what_happened == SyncerEvent::RESUMED) {
     observer_->OnResumed();
     return;
   }
 
   if (event.what_happened == SyncerEvent::STOP_SYNCING_PERMANENTLY) {
     observer_->OnStopSyncingPermanently();
     return;
   }
+
+  if (event.what_happened == SyncerEvent::UPDATED_TOKEN) {
+    observer_->OnUpdatedToken(event.updated_token);
+    return;
+  }
 }
 
-void SyncManager::SyncInternal::HandleAuthWatcherEvent(
-    const AuthWatcherEvent& event) {
-  allstatus_.HandleAuthWatcherEvent(event);
-  // We don't care about an authentication attempt starting event, and we
-  // don't want to reset our state to GoogleServiceAuthError::NONE because the
-  // fact that an _attempt_ is starting doesn't change the fact that we have an
-  // auth problem.
-  if (event.what_happened == AuthWatcherEvent::AUTHENTICATION_ATTEMPT_START)
-    return;
-  // We clear our last auth problem cache on new auth watcher events, and only
-  // set it to indicate a problem state for certain AuthWatcherEvent types.
-  auth_problem_ = AuthError::NONE;
-  switch (event.what_happened) {
-    case AuthWatcherEvent::AUTH_SUCCEEDED:
-      DCHECK(!event.user_email.empty());
-      // We now know the supplied username and password were valid. If this
-      // wasn't the first sync, authenticated_name should already be assigned.
-      if (username_for_share().empty()) {
-        share_.authenticated_name = event.user_email;
-      }
-
-      DCHECK(LowerCaseEqualsASCII(username_for_share(),
-          StringToLowerASCII(event.user_email).c_str()))
-          << "username_for_share= " << username_for_share()
-          << ", event.user_email= " << event.user_email;
-
-      if (observer_)
-        observer_->OnAuthError(AuthError::None());
-
-      // Hook up the DirectoryChangeEvent listener, HandleChangeEvent.
-      {
-        syncable::ScopedDirLookup lookup(dir_manager(), username_for_share());
-        if (!lookup.good()) {
-          DCHECK(false) << "ScopedDirLookup creation failed; unable to hook "
-                        << "up directory change event listener!";
-          return;
-        }
-
-        // Note that we can end up here multiple times, for example if the
-        // user had to re-login and we got a second AUTH_SUCCEEDED event. Take
-        // care not to add ourselves as an observer a second time.
-        if (!dir_change_hookup_.get())
-          dir_change_hookup_.reset(lookup->AddChangeObserver(this));
-      }
-
-      if (!event.auth_token.empty()) {
-        core_message_loop_->PostTask(
-            FROM_HERE,
-            NewRunnableMethod(
-                this, &SyncManager::SyncInternal::TalkMediatorLogin,
-                event.user_email, event.auth_token));
-      }
-      return;
-    case AuthWatcherEvent::AUTH_RENEWED:
-      DCHECK(!event.user_email.empty());
-      DCHECK(!event.auth_token.empty());
-      core_message_loop_->PostTask(
-          FROM_HERE,
-            NewRunnableMethod(
-                this, &SyncManager::SyncInternal::TalkMediatorLogin,
-                event.user_email, event.auth_token));
-      return;
-    // Authentication failures translate to GoogleServiceAuthError events.
-    case AuthWatcherEvent::GAIA_AUTH_FAILED:     // Invalid GAIA credentials.
-      if (event.auth_results->auth_error == gaia::CaptchaRequired) {
-        auth_problem_ = AuthError::CAPTCHA_REQUIRED;
-        std::string url_string("https://www.google.com/accounts/");
-        url_string += event.auth_results->captcha_url;
-        GURL captcha(url_string);
-        observer_->OnAuthError(AuthError::FromCaptchaChallenge(
-            event.auth_results->captcha_token, captcha,
-            GURL(event.auth_results->auth_error_url)));
-        return;
-      } else if (event.auth_results->auth_error ==
-                 gaia::ConnectionUnavailable) {
-        auth_problem_ = AuthError::CONNECTION_FAILED;
-      } else {
-        auth_problem_ = AuthError::INVALID_GAIA_CREDENTIALS;
-      }
-      break;
-    case AuthWatcherEvent::SERVICE_AUTH_FAILED:  // Expired GAIA credentials.
-      auth_problem_ = AuthError::INVALID_GAIA_CREDENTIALS;
-      break;
-    case AuthWatcherEvent::SERVICE_USER_NOT_SIGNED_UP:
-      auth_problem_ = AuthError::USER_NOT_SIGNED_UP;
-      break;
-    case AuthWatcherEvent::SERVICE_CONNECTION_FAILED:
-      auth_problem_ = AuthError::CONNECTION_FAILED;
-      break;
-    default:  // We don't care about the many other AuthWatcherEvent types.
-      return;
-  }
-
-
-  // Fire notification that the status changed due to an authentication error.
-  if (observer_)
-    observer_->OnAuthError(AuthError(auth_problem_));
-}
-
 void SyncManager::SyncInternal::OnNotificationStateChange(
     bool notifications_enabled) {
   LOG(INFO) << "P2P: Notifications enabled = "
             << (notifications_enabled ? "true" : "false");
   allstatus_.SetNotificationsEnabled(notifications_enabled);
   if (syncer_thread()) {
     syncer_thread()->SetNotificationsEnabled(notifications_enabled);
   }
   if ((notification_method_ != browser_sync::NOTIFICATION_SERVER) &&
       notifications_enabled) {
@@ skipping 19 matching lines @@
 void SyncManager::SyncInternal::TalkMediatorLogin(
     const std::string& email, const std::string& token) {
   DCHECK_EQ(MessageLoop::current(), core_message_loop_);
   DCHECK(!email.empty());
   DCHECK(!token.empty());
   if (!talk_mediator_.get()) {
     LOG(INFO) << "Not logging in: shutting down "
               << "(talk_mediator_ is NULL)";
     return;
   }
-  // TODO(akalin): Make talk_mediator automatically login on
-  // auth token change.
+  LOG(INFO) << "P2P: Trying talk mediator login.";
+
   talk_mediator_->SetAuthToken(email, token, SYNC_SERVICE_NAME);
   talk_mediator_->Login();
 }
 
 void SyncManager::SyncInternal::OnIncomingNotification(
     const IncomingNotificationData& notification_data) {
   // Check if the service url is a sync URL.  An empty service URL is
   // treated as a legacy sync notification.  If we're listening to
   // server-issued notifications, no need to check the service_url.
   if ((notification_method_ == browser_sync::NOTIFICATION_SERVER) ||
@@ skipping 41 matching lines @@
   lookup->SaveChanges();
 }
 
 void SyncManager::SetupForTestMode(const std::wstring& test_username) {
   DCHECK(data_) << "SetupForTestMode requires initialization";
   data_->SetupForTestMode(test_username);
 }
 
 void SyncManager::SyncInternal::SetupForTestMode(
     const std::wstring& test_username) {
-  share_.authenticated_name = WideToUTF8(test_username);
+  share_.name = WideToUTF8(test_username);
 
   // Some tests are targeting only local db operations & integrity, and don't
   // want syncer thread interference.
   syncer_event_.reset();
   allstatus_.WatchSyncerThread(NULL);
   syncer_thread_ = NULL;
 
-  if (!dir_manager()->Open(username_for_share()))
+  if (!dir_manager()->Open(username_for_share())) {
     DCHECK(false) << "Could not open directory when running in test mode";
-
-  // Hook up the DirectoryChangeEvent listener, HandleChangeEvent.
-  {
-    syncable::ScopedDirLookup lookup(dir_manager(), username_for_share());
-    if (!lookup.good()) {
-      DCHECK(false) << "ScopedDirLookup creation failed; unable to hook "
-                    << "up directory change event listener!";
-      return;
-    }
-    dir_change_hookup_.reset(lookup->AddChangeObserver(this));
   }
 }
 
 //////////////////////////////////////////////////////////////////////////
 // BaseTransaction member definitions
 BaseTransaction::BaseTransaction(UserShare* share)
     : lookup_(NULL) {
   DCHECK(share && share->dir_manager.get());
   lookup_ = new syncable::ScopedDirLookup(share->dir_manager.get(),
-                                          share->authenticated_name);
+                                          share->name);
   cryptographer_ = share->dir_manager->cryptographer();
   if (!(lookup_->good()))
     DCHECK(false) << "ScopedDirLookup failed on valid DirManager.";
 }
 BaseTransaction::~BaseTransaction() {
   delete lookup_;
 }
 
 UserShare* SyncManager::GetUserShare() const {
   DCHECK(data_->initialized()) << "GetUserShare requires initialization!";
   return data_->GetUserShare();
 }
 
 bool SyncManager::HasUnsyncedItems() const {
   sync_api::ReadTransaction trans(GetUserShare());
   return (trans.GetWrappedTrans()->directory()->unsynced_entity_count() != 0);
 }
 
 }  // namespace sync_api