Enable "Let me choose what to sync" checkbox in gaia sign in page.

chrome/browser/ui/sync/one_click_signin_helper.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/sync/one_click_signin_helper.h"
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/metrics/histogram.h"
 #include "base/metrics/field_trial.h"
 #include "base/string_split.h"
+#include "base/string_util.h"
 #include "base/supports_user_data.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/api/infobars/one_click_signin_infobar_delegate.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/defaults.h"
+#include "chrome/browser/google/google_util.h"
 #include "chrome/browser/infobars/infobar_tab_helper.h"
 #include "chrome/browser/prefs/pref_service.h"
 #include "chrome/browser/prefs/scoped_user_pref_update.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_info_cache.h"
 #include "chrome/browser/profiles/profile_io_data.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/signin/signin_names_io_thread.h"
@@ skipping 16 matching lines @@
 #include "content/public/browser/web_contents_view.h"
 #include "content/public/common/frame_navigate_params.h"
 #include "content/public/common/page_transition_types.h"
 #include "content/public/common/password_form.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "googleurl/src/gurl.h"
 #include "grit/chromium_strings.h"
 #include "grit/generated_resources.h"
 #include "grit/theme_resources.h"
-#include "net/base/escape.h"
 #include "net/cookies/cookie_monster.h"
 #include "net/url_request/url_request.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/resource/resource_bundle.h"
 
 #include <functional>
 
 DEFINE_WEB_CONTENTS_USER_DATA_KEY(OneClickSigninHelper)
 
 namespace {
 
 // Set to true if this chrome instance is in the blue-button-on-white-bar
 // experimental group.
 bool use_blue_on_white = false;
 
+// Add a specific email to the list of emails rejected for one-click
+// sign-in, for this profile.
+void AddEmailToOneClickRejectedList(Profile* profile,
+                                    const std::string& email) {
+  PrefService* pref_service = profile->GetPrefs();
+  ListPrefUpdate updater(pref_service,
+                         prefs::kReverseAutologinRejectedEmailList);
+  updater->AppendIfNotPresent(new base::StringValue(email));
+}
+
 // Start syncing with the given user information.
 void StartSync(Browser* browser,
                OneClickSigninHelper::AutoAccept auto_accept,
                const std::string& session_index,
                const std::string& email,
                const std::string& password,
                OneClickSigninSyncStarter::StartSyncMode start_mode) {
   // The starter deletes itself once its done.
   new OneClickSigninSyncStarter(browser, session_index, email, password,
                                 start_mode);
 
   int action = one_click_signin::HISTOGRAM_MAX;
   switch (auto_accept) {
     case OneClickSigninHelper::AUTO_ACCEPT_EXPLICIT:
       action = one_click_signin::HISTOGRAM_AUTO_WITH_DEFAULTS;
       break;
-    case OneClickSigninHelper::AUTO_ACCEPT:
+    case OneClickSigninHelper::AUTO_ACCEPT_ACCEPTED:
       action =
           start_mode == OneClickSigninSyncStarter::SYNC_WITH_DEFAULT_SETTINGS ?
               one_click_signin::HISTOGRAM_AUTO_WITH_DEFAULTS :
               one_click_signin::HISTOGRAM_AUTO_WITH_ADVANCED;
       break;
-    case OneClickSigninHelper::NO_AUTO_ACCEPT:
+    case OneClickSigninHelper::AUTO_ACCEPT_NONE:
       action =
           start_mode == OneClickSigninSyncStarter::SYNC_WITH_DEFAULT_SETTINGS ?
               one_click_signin::HISTOGRAM_WITH_DEFAULTS :
               one_click_signin::HISTOGRAM_WITH_ADVANCED;
       break;
     case OneClickSigninHelper::AUTO_ACCEPT_CONFIGURE:
       DCHECK(start_mode == OneClickSigninSyncStarter::CONFIGURE_SYNC_FIRST);
       action = one_click_signin::HISTOGRAM_AUTO_WITH_ADVANCED;
       break;
     default:
       NOTREACHED() << "Invalid auto_accept: " << auto_accept;
       break;
   }
 
   UMA_HISTOGRAM_ENUMERATION("AutoLogin.Reverse", action,
                             one_click_signin::HISTOGRAM_MAX);
 }
 
-// Determines the source of the sign in.  Its either one of the known sign in
-// access point (first run, NTP, menu, settings) or its an implicit sign in
-// via another Google property.  In the former case, "service" is also
-// checked to make sure its "chromiumsync".
-SyncPromoUI::Source GetSigninSource(const GURL& url) {
+// Determines the source of the sign in and the continue URL.  Its either one
+// of the known sign in access point (first run, NTP, menu, settings) or its
+// an implicit sign in via another Google property.  In the former case,
+// "service" is also checked to make sure its "chromiumsync".
+SyncPromoUI::Source GetSigninSource(const GURL& url, GURL* continue_url) {
   std::string value;
   chrome_common_net::GetValueForKeyInQuery(url, "service", &value);
-  bool is_explicit_signin = value == "chromiumsync";
+  bool possibly_an_explicit_signin = value == "chromiumsync";
 
-  chrome_common_net::GetValueForKeyInQuery(url, "continue", &value);
-  SyncPromoUI::Source source =
-      SyncPromoUI::GetSourceForSyncPromoURL(GURL(
-          net::UnescapeURLComponent(value,
-                                    net::UnescapeRule::URL_SPECIAL_CHARS)));
+  // Find the final continue URL for this sign in.  In some cases, Gaia can
+  // continue to itself, with the original continue URL buried under a couple
+  // of layers of indirection.  Peel those layers away.
+  GURL local_continue_url = url;
+  do {
+    local_continue_url =
+        SyncPromoUI::GetNextPageURLForSyncPromoURL(local_continue_url);
+  } while (gaia::IsGaiaSignonRealm(local_continue_url.GetOrigin()));
 
-  if (!is_explicit_signin)
-    source = SyncPromoUI::SOURCE_UNKNOWN;
+  if (continue_url && local_continue_url.is_valid()) {
+    DCHECK(!continue_url->is_valid() || *continue_url == local_continue_url);
+    *continue_url = local_continue_url;
+  }
 
-  return source;
+  return possibly_an_explicit_signin ?
+      SyncPromoUI::GetSourceForSyncPromoURL(local_continue_url) :
+      SyncPromoUI::SOURCE_UNKNOWN;
+}
+
+// Returns true if |url| is a valid URL that can occur during the sign in
+// process.  Valid URLs are of the form:
+//
+//    https://accounts.google.{TLD}/...
+//    https://accounts.youtube.com/...
+//    https://accounts.blogger.com/...
+//
+// All special headers used by one click sign in occur on
+// https://accounts.google.com URLs.  However, the sign in process may redirect
+// to intermediate Gaia URLs that do not end with .com.  For example, an account
+// that uses SMS 2-factor outside the US may redirect to country specific URLs.
+//
+// The sign in process may also redirect to youtube and blogger account URLs
+// so that Gaia acts as a single signon service.
+bool IsValidGaiaSigninRedirectOrResponseURL(const GURL& url) {
+  std::string hostname = url.host();
+  if (google_util::IsGoogleHostname(hostname, google_util::ALLOW_SUBDOMAIN)) {
+    // Also using IsGaiaSignonRealm() to handle overriding with command line.
+    return gaia::IsGaiaSignonRealm(url.GetOrigin()) ||
+        StartsWithASCII(hostname, "accounts.", false);
+  }
+
+  GURL origin = url.GetOrigin();
+  if (origin == GURL("https://accounts.youtube.com") ||
+      origin == GURL("https://accounts.blogger.com"))
+    return true;
+
+  return false;
 }
 
 // This class is associated as user data with a given URLRequest object, in
 // order to pass information from one response to another during the process
 // of signing the user into their Gaia account.  This class is only meant
 // to be used from the IO thread.
 class OneClickSigninRequestUserData : public base::SupportsUserData::Data {
  public:
   const std::string& email() const { return email_; }
 
@@ skipping 61 matching lines @@
   // ConfirmInfoBarDelegate overrides.
   virtual string16 GetButtonLabel(InfoBarButton button) const OVERRIDE;
   virtual bool Accept() OVERRIDE;
   virtual bool Cancel() OVERRIDE;
   virtual string16 GetLinkText() const OVERRIDE;
   virtual bool LinkClicked(WindowOpenDisposition disposition) OVERRIDE;
 
   // OneClickSigninInfoBarDelegate overrides.
   virtual void GetAlternateColors(AlternateColors* alt_colors) OVERRIDE;
 
-  // Add a specific email to the list of emails rejected for one-click
-  // sign-in, for this profile.
-  void AddEmailToOneClickRejectedList(const std::string& email);
-
   // Record the specified action in the histogram for one-click sign in.
   void RecordHistogramAction(int action);
 
   // Information about the account that has just logged in.
   std::string session_index_;
   std::string email_;
   std::string password_;
 
   // Whether any UI controls in the infobar were pressed or not.
   bool button_pressed_;
@@ skipping 43 matching lines @@
 }
 
 string16 OneClickInfoBarDelegateImpl::GetButtonLabel(
     InfoBarButton button) const {
   return l10n_util::GetStringUTF16(
       (button == BUTTON_OK) ? IDS_ONE_CLICK_SIGNIN_INFOBAR_OK_BUTTON
                             : IDS_ONE_CLICK_SIGNIN_INFOBAR_CANCEL_BUTTON);
 }
 
 bool OneClickInfoBarDelegateImpl::Accept() {
+  content::WebContents* web_contents = owner()->GetWebContents();
+  Browser* browser = chrome::FindBrowserWithWebContents(web_contents);
+  Profile* profile = Profile::FromBrowserContext(
+      web_contents->GetBrowserContext());
+
   // User has accepted one-click sign-in for this account. Never ask again for
   // this profile.
-  Profile* profile = Profile::FromBrowserContext(
-      owner()->GetWebContents()->GetBrowserContext());
   SigninManager::DisableOneClickSignIn(profile);
-
-  content::WebContents* web_contents = owner()->GetWebContents();
-  Browser* browser = chrome::FindBrowserWithWebContents(web_contents);
   RecordHistogramAction(one_click_signin::HISTOGRAM_ACCEPTED);
   chrome::FindBrowserWithWebContents(web_contents)->window()->
-      ShowOneClickSigninBubble(base::Bind(&StartSync, browser,
-                                          OneClickSigninHelper::NO_AUTO_ACCEPT,
-                                          session_index_, email_, password_));
+      ShowOneClickSigninBubble(
+          base::Bind(&StartSync, browser,
+                     OneClickSigninHelper::AUTO_ACCEPT_NONE, session_index_,
+                     email_, password_));
   button_pressed_ = true;
   return true;
 }
 
 bool OneClickInfoBarDelegateImpl::Cancel() {
-  AddEmailToOneClickRejectedList(email_);
+  AddEmailToOneClickRejectedList(Profile::FromBrowserContext(
+      owner()->GetWebContents()->GetBrowserContext()), email_);
   RecordHistogramAction(one_click_signin::HISTOGRAM_REJECTED);
   button_pressed_ = true;
   return true;
 }
 
 string16 OneClickInfoBarDelegateImpl::GetLinkText() const {
   return l10n_util::GetStringUTF16(IDS_LEARN_MORE);
 }
 
 bool OneClickInfoBarDelegateImpl::LinkClicked(
@@ skipping 14 matching lines @@
     alt_colors->infobar_top_color = SK_ColorWHITE;
     alt_colors->button_text_color = SK_ColorWHITE;
     alt_colors->button_background_color = SkColorSetRGB(71, 135, 237);
     alt_colors->button_border_color = SkColorSetRGB(48, 121, 237);
     return;
   }
 
   return OneClickSigninInfoBarDelegate::GetAlternateColors(alt_colors);
 }
 
-void OneClickInfoBarDelegateImpl::AddEmailToOneClickRejectedList(
-    const std::string& email) {
-  Profile* profile = Profile::FromBrowserContext(
-      owner()->GetWebContents()->GetBrowserContext());
-  PrefService* pref_service = profile->GetPrefs();
-  ListPrefUpdate updater(pref_service,
-                         prefs::kReverseAutologinRejectedEmailList);
-  updater->AppendIfNotPresent(new base::StringValue(email));
-}
-
 void OneClickInfoBarDelegateImpl::RecordHistogramAction(int action) {
   UMA_HISTOGRAM_ENUMERATION("AutoLogin.Reverse", action,
                             one_click_signin::HISTOGRAM_MAX);
 }
 
 OneClickSigninHelper::OneClickSigninHelper(content::WebContents* web_contents)
     : content::WebContentsObserver(web_contents),
-      auto_accept_(NO_AUTO_ACCEPT),
+      auto_accept_(AUTO_ACCEPT_NONE),
       source_(SyncPromoUI::SOURCE_UNKNOWN) {
 }
 
 OneClickSigninHelper::~OneClickSigninHelper() {
 }
 
 // static
 void OneClickSigninHelper::AssociateWithRequestForTesting(
     base::SupportsUserData* request,
     const std::string& email) {
   OneClickSigninRequestUserData::AssociateWithRequest(request, email);
 }
 
 // static
 bool OneClickSigninHelper::CanOffer(content::WebContents* web_contents,
                                     CanOfferFor can_offer_for,
                                     const std::string& email,
                                     int* error_message_id) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+    VLOG(1) << "OneClickSigninHelper::CanOffer";
 
   if (error_message_id)
     *error_message_id = 0;
 
   if (!web_contents)
     return false;
 
   if (web_contents->GetBrowserContext()->IsOffTheRecord())
     return false;
 
@@ skipping 72 matching lines @@
       ProfileSyncService* service =
           ProfileSyncServiceFactory::GetForProfile(profile);
       if (!service)
         return false;
 
       if (service->FirstSetupInProgress())
         return false;
     }
   }
 
+  VLOG(1) << "OneClickSigninHelper::CanOffer: yes we can";
   return true;
 }
 
 // static
 OneClickSigninHelper::Offer OneClickSigninHelper::CanOfferOnIOThread(
     net::URLRequest* request,
     ProfileIOData* io_data) {
   return CanOfferOnIOThreadImpl(request->url(), request->referrer(),
                                 request, io_data);
 }
 
 // static
 OneClickSigninHelper::Offer OneClickSigninHelper::CanOfferOnIOThreadImpl(
     const GURL& url,
     const std::string& referrer,
     base::SupportsUserData* request,
     ProfileIOData* io_data) {
   if (!gaia::IsGaiaSignonRealm(url.GetOrigin()))
     return IGNORE_REQUEST;
 
   if (!io_data)
     return DONT_OFFER;
 
   if (!SyncPromoUI::UseWebBasedSigninFlow())
     return DONT_OFFER;
 
-  // Don't offer if the source is known, as that means it's an explicit sign
-  // in request.
-  if (GetSigninSource(url) != SyncPromoUI::SOURCE_UNKNOWN ||
-      GetSigninSource(GURL(referrer)) != SyncPromoUI::SOURCE_UNKNOWN) {
-    return DONT_OFFER;
-  }
-
   if (!ProfileSyncService::IsSyncEnabled())
     return DONT_OFFER;
 
   // Check for incognito before other parts of the io_data, since those
   // members may not be initalized.
   if (io_data->is_incognito())
     return DONT_OFFER;
 
   if (!io_data->reverse_autologin_enabled()->GetValue())
     return DONT_OFFER;
@@ skipping 57 matching lines @@
 void OneClickSigninHelper::ShowInfoBarIfPossible(net::URLRequest* request,
                                                  int child_id,
                                                  int route_id) {
   std::string google_chrome_signin_value;
   std::string google_accounts_signin_value;
   request->GetResponseHeaderByName("Google-Chrome-SignIn",
                                    &google_chrome_signin_value);
   request->GetResponseHeaderByName("Google-Accounts-SignIn",
                                    &google_accounts_signin_value);
 
-  VLOG(1) << "OneClickSigninHelper::ShowInfoBarIfPossible:"
-          << " g-a-s='" << google_accounts_signin_value << "'"
-          << " g-c-s='" << google_chrome_signin_value << "'";
+  if (!google_accounts_signin_value.empty() ||
+      !google_chrome_signin_value.empty()) {
+    VLOG(1) << "OneClickSigninHelper::ShowInfoBarIfPossible:"
+            << " g-a-s='" << google_accounts_signin_value << "'"
+            << " g-c-s='" << google_chrome_signin_value << "'";
+  }
 
   if (!SyncPromoUI::UseWebBasedSigninFlow() &&
       google_accounts_signin_value.empty()) {
     return;
   }
 
   if (!gaia::IsGaiaSignonRealm(request->original_url().GetOrigin()))
     return;
 
   // Parse Google-Accounts-SignIn.
@@ skipping 12 matching lines @@
       session_index = value;
     }
   }
 
   // Later in the chain of this request, we'll need to check the email address
   // in the IO thread (see CanOfferOnIOThread).  So save the email address as
   // user data on the request (only for web-based flow).
   if (SyncPromoUI::UseWebBasedSigninFlow() && !email.empty())
     OneClickSigninRequestUserData::AssociateWithRequest(request, email);
 
-  VLOG(1) << "OneClickSigninHelper::ShowInfoBarIfPossible:"
-          << " email=" << email
-          << " sessionindex=" << session_index;
+  if (!email.empty() || !session_index.empty()) {
+    VLOG(1) << "OneClickSigninHelper::ShowInfoBarIfPossible:"
+            << " email=" << email
+            << " sessionindex=" << session_index;
+  }
 
   // Parse Google-Chrome-SignIn.
-  AutoAccept auto_accept = NO_AUTO_ACCEPT;
+  AutoAccept auto_accept = AUTO_ACCEPT_NONE;
   SyncPromoUI::Source source = SyncPromoUI::SOURCE_UNKNOWN;
+  GURL continue_url;
   if (SyncPromoUI::UseWebBasedSigninFlow()) {
     std::vector<std::string> tokens;
     base::SplitString(google_chrome_signin_value, ',', &tokens);
     for (size_t i = 0; i < tokens.size(); ++i) {
       const std::string& token = tokens[i];
       if (token == "accepted") {
-        auto_accept = AUTO_ACCEPT;
+        auto_accept = AUTO_ACCEPT_ACCEPTED;
       } else if (token == "configure") {
         auto_accept = AUTO_ACCEPT_CONFIGURE;
       } else if (token == "rejected-for-profile") {
-        auto_accept = REJECTED_FOR_PROFILE;
+        auto_accept = AUTO_ACCEPT_REJECTED_FOR_PROFILE;
       }
     }
 
     // If this is an explicit sign in (i.e., first run, NTP, menu,settings)
     // then force the auto accept type to explicit.
-    source = GetSigninSource(request->original_url());
-    if (source == SyncPromoUI::SOURCE_UNKNOWN)
-      source = GetSigninSource(GURL(request->referrer()));
-
+    source = GetSigninSource(request->original_url(), &continue_url);
     if (source != SyncPromoUI::SOURCE_UNKNOWN)
       auto_accept = AUTO_ACCEPT_EXPLICIT;
   }
 
-  VLOG(1) << "OneClickSigninHelper::ShowInfoBarIfPossible:"
-          << " auto_accept=" << auto_accept;
+  if (auto_accept != AUTO_ACCEPT_NONE) {
+    VLOG(1) << "OneClickSigninHelper::ShowInfoBarIfPossible:"
+            << " auto_accept=" << auto_accept;
+  }
 
-  // If |session_index|, |email|, and |auto_accept| all have their default
-  // value, don't bother posting a task to the UI thread.  It will be a noop
-  // anyway.
+  // If |session_index|, |email|, |auto_accept|, and |continue_url| all have
+  // their default value, don't bother posting a task to the UI thread.
+  // It will be a noop anyway.
   //
   // The two headers above may (but not always) come in different http requests
   // so a post to the UI thread is still needed if |auto_accept| is not its
   // default value, but |email| and |session_index| are.
-  if (session_index.empty() && email.empty() && auto_accept == NO_AUTO_ACCEPT)
+  if (session_index.empty() && email.empty() &&
+      auto_accept == AUTO_ACCEPT_NONE && !continue_url.is_valid()) {
     return;
+  }
 
   content::BrowserThread::PostTask(
       content::BrowserThread::UI, FROM_HERE,
       base::Bind(&OneClickSigninHelper::ShowInfoBarUIThread, session_index,
-                 email, auto_accept, source, child_id, route_id));
+                 email, auto_accept, source, continue_url, child_id, route_id));
 }
 
 // static
 void OneClickSigninHelper::ShowInfoBarUIThread(
     const std::string& session_index,
     const std::string& email,
     AutoAccept auto_accept,
     SyncPromoUI::Source source,
+    const GURL& continue_url,
     int child_id,
     int route_id) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
 
   content::WebContents* web_contents = tab_util::GetWebContentsByID(child_id,
                                                                     route_id);
 
   // TODO(mathp): The appearance of this infobar should be tested using a
   // browser_test.
   OneClickSigninHelper* helper =
@@ skipping 19 matching lines @@
 
   // Save the email in the one-click signin manager.  The manager may
   // not exist if the contents is incognito or if the profile is already
   // connected to a Google account.
   if (!session_index.empty())
     helper->session_index_ = session_index;
 
   if (!email.empty())
     helper->email_ = email;
 
-  if (auto_accept != NO_AUTO_ACCEPT) {
+  if (auto_accept != AUTO_ACCEPT_NONE) {
     helper->auto_accept_ = auto_accept;
     helper->source_ = source;
   }
+
+  if (continue_url.is_valid()) {
+    // When Gaia finally redirects to the continue URL, Gaia will add some
+    // extra query parameters.  So ignore the parameters when checking to see
+    // if the user has continued.
+    GURL::Replacements replacements;
+    replacements.ClearQuery();
+    helper->continue_url_ = continue_url.ReplaceComponents(replacements);
+  }
 }
 
 void OneClickSigninHelper::RedirectToNTP() {
+  VLOG(1) << "OneClickSigninHelper::RedirectToNTP";
+
   // Redirect to NTP with sign in bubble visible.
   content::WebContents* contents = web_contents();
   Profile* profile =
       Profile::FromBrowserContext(contents->GetBrowserContext());
   PrefService* pref_service = profile->GetPrefs();
   pref_service->SetBoolean(prefs::kSyncPromoShowNTPBubble, true);
   pref_service->SetString(prefs::kSyncPromoErrorMessage, error_message_);
 
   contents->GetController().LoadURL(GURL(chrome::kChromeUINewTabURL),
                                     content::Referrer(),
                                     content::PAGE_TRANSITION_AUTO_TOPLEVEL,
                                     std::string());
 
   error_message_.clear();
   signin_tracker_.reset();
 }
 
 void OneClickSigninHelper::CleanTransientState() {
+  VLOG(1) << "OneClickSigninHelper::CleanTransientState";
   email_.clear();
   password_.clear();
-  auto_accept_ = NO_AUTO_ACCEPT;
+  auto_accept_ = AUTO_ACCEPT_NONE;
   source_ = SyncPromoUI::SOURCE_UNKNOWN;
+  continue_url_ = GURL();
 }
 
 void OneClickSigninHelper::DidNavigateAnyFrame(
     const content::LoadCommittedDetails& details,
     const content::FrameNavigateParams& params) {
   // We only need to scrape the password for Gaia logins.
   const content::PasswordForm& form = params.password_form;
   if (form.origin.is_valid() &&
       gaia::IsGaiaSignonRealm(GURL(form.signon_realm))) {
     VLOG(1) << "OneClickSigninHelper::DidNavigateAnyFrame: got password";
     password_ = UTF16ToUTF8(params.password_form.password_value);
   }
 }
 
 void OneClickSigninHelper::DidStopLoading(
     content::RenderViewHost* render_view_host) {
   // If the user left the sign in process, clear all members.
   // TODO(rogerta): might need to allow some youtube URLs.
   content::WebContents* contents = web_contents();
-  if (!gaia::IsGaiaSignonRealm(contents->GetURL().GetOrigin())) {
-    CleanTransientState();
-    return;
-  }
+  const GURL url = contents->GetURL();
+  VLOG(1) << "OneClickSigninHelper::DidStopLoading: url=" << url.spec();
 
-  if (!error_message_.empty()) {
+  // If an error has already occured during the sign in flow, make sure to
+  // display it to the user and abort the process.  Do this only for
+  // explicit sign ins.
+  if (!error_message_.empty() && auto_accept_ == AUTO_ACCEPT_EXPLICIT) {
+    VLOG(1) << "OneClickSigninHelper::DidStopLoading: error=" << error_message_;
     RedirectToNTP();
     return;
   }
 
+  // If there is no valid email or password yet, there is nothing to do.
   if (email_.empty() || password_.empty())
     return;
 
+  // When the user use the firt-run, ntp, or hotdog menu to sign in, then have
+  // the option of checking the the box "Let me choose what to sync".  When the
+  // sign in process started, the source parameter in the continue URL may have
+  // indicated one of the three options above.  However, once this box is
+  // checked, the source parameter will indicate settings.  This will only be
+  // comminucated back to chrome when Gaia redirects to the continue URL, and
+  // this is considered here a last minute change to the source.  See a little
+  // further below for when this variable is set to true.
+  bool last_minute_source_change = false;
+
+  if (SyncPromoUI::UseWebBasedSigninFlow()) {
+    if (IsValidGaiaSigninRedirectOrResponseURL(url))
+      return;
+
+    // During an explicit sign in, if the user has not yet reached the final
+    // continue URL, wait for it to arrive. Note that Gaia will add some extra
+    // query parameters to the continue URL.  Ignore them when checking to
+    // see if the user has continued.
+    //
+    // If this is not an explicit sign in, we don't need to check if we landed
+    // on the right continue URL.  This is important because the continue URL
+    // may itself lead to a redirect, which means this function will never see
+    // the continue URL go by.
+    if (auto_accept_ == AUTO_ACCEPT_EXPLICIT) {
+      DCHECK(source_ != SyncPromoUI::SOURCE_UNKNOWN);
+      GURL::Replacements replacements;
+      replacements.ClearQuery();
+      const bool continue_url_match =
+          url.ReplaceComponents(replacements) == continue_url_;
+      if (!continue_url_match) {
+        VLOG(1) << "OneClickSigninHelper::DidStopLoading: invalid url='"
+                << url.spec()
+                << "' expected continue url=" << continue_url_;
+        CleanTransientState();
+        return;
+      }
+
+      // In explicit sign ins, the user may have checked the box
+      // "Let me choose what to sync".  This is reflected as a change in the
+      // source of the continue URL.  Make one last check of the current URL
+      // to see if there is a valid source and its set to settings.  If so,
+      // it overrides the current source.
+      SyncPromoUI::Source source =
+          SyncPromoUI::GetSourceForSyncPromoURL(url);
+      if (source == SyncPromoUI::SOURCE_SETTINGS) {
+        source_ = SyncPromoUI::SOURCE_SETTINGS;
+        last_minute_source_change = true;
+      }
+    }
+  }
+
   Browser* browser = chrome::FindBrowserWithWebContents(contents);
+  Profile* profile =
+      Profile::FromBrowserContext(contents->GetBrowserContext());
   InfoBarTabHelper* infobar_tab_helper =
       InfoBarTabHelper::FromWebContents(contents);
 
+  VLOG(1) << "OneClickSigninHelper::DidStopLoading: signin is go."
+          << " auto_accept=" << auto_accept_
+          << " source=" << source_;
+
   switch (auto_accept_) {
-    case AUTO_ACCEPT:
+    case AUTO_ACCEPT_NONE:
+      if (SyncPromoUI::UseWebBasedSigninFlow()) {
+        UMA_HISTOGRAM_ENUMERATION("AutoLogin.Reverse",
+                                  one_click_signin::HISTOGRAM_DISMISSED,
+                                  one_click_signin::HISTOGRAM_MAX);
+      } else {
+        infobar_tab_helper->AddInfoBar(
+            new OneClickInfoBarDelegateImpl(infobar_tab_helper, session_index_,
+                                            email_, password_));
+      }
+      break;
+    case AUTO_ACCEPT_ACCEPTED:
+      SigninManager::DisableOneClickSignIn(profile);
       browser->window()->ShowOneClickSigninBubble(
           base::Bind(&StartSync, browser, auto_accept_, session_index_,
                      email_, password_));
       break;
-    case NO_AUTO_ACCEPT:
-      infobar_tab_helper->AddInfoBar(
-          new OneClickInfoBarDelegateImpl(infobar_tab_helper, session_index_,
-                                          email_, password_));
-      break;
     case AUTO_ACCEPT_CONFIGURE:
+      SigninManager::DisableOneClickSignIn(profile);
       StartSync(browser, auto_accept_, session_index_, email_, password_,
                 OneClickSigninSyncStarter::CONFIGURE_SYNC_FIRST);
       break;
     case AUTO_ACCEPT_EXPLICIT:
       StartSync(browser, auto_accept_, session_index_, email_, password_,
                 source_ == SyncPromoUI::SOURCE_SETTINGS ?
                     OneClickSigninSyncStarter::CONFIGURE_SYNC_FIRST :
                     OneClickSigninSyncStarter::SYNC_WITH_DEFAULT_SETTINGS);
+
+      // If this was a last minute switch to the settings page, this means the
+      // started with first-run/NTP/wrench menu, and checked the "configure
+      // first" checkbox.  Replace the default blank continue page with an
+      // about:blank page, so that when the settings page is displayed, it
+      // reuses the tab.
+      if (last_minute_source_change) {
+        contents->GetController().LoadURL(
+            GURL("about:blank"), content::Referrer(),
+            content::PAGE_TRANSITION_AUTO_TOPLEVEL, std::string());
+      }
       break;
-    case REJECTED_FOR_PROFILE:
+    case AUTO_ACCEPT_REJECTED_FOR_PROFILE:
+      AddEmailToOneClickRejectedList(profile, email_);
       UMA_HISTOGRAM_ENUMERATION("AutoLogin.Reverse",
                                 one_click_signin::HISTOGRAM_REJECTED,
                                 one_click_signin::HISTOGRAM_MAX);
       break;
     default:
       NOTREACHED() << "Invalid auto_accept=" << auto_accept_;
       break;
   }
 
   // If this explicit sign in is not from settings page, show the NTP after
   // sign in completes.  In the case of the settings page, it will get closed
   // by SyncSetupHandler.
   if (auto_accept_ == AUTO_ACCEPT_EXPLICIT &&
       source_ != SyncPromoUI::SOURCE_SETTINGS) {
-    Profile* profile =
-        Profile::FromBrowserContext(contents->GetBrowserContext());
     signin_tracker_.reset(new SigninTracker(profile, this));
   }
 
   CleanTransientState();
 }
 
 void OneClickSigninHelper::GaiaCredentialsValid() {
 }
 
 void OneClickSigninHelper::SigninFailed(const GoogleServiceAuthError& error) {
@@ skipping 13 matching lines @@
         break;
     }
   }
 
   RedirectToNTP();
 }
 
 void OneClickSigninHelper::SigninSuccess() {
   RedirectToNTP();
 }