Enable "Let me choose what to sync" checkbox in gaia sign in page.

chrome/browser/ui/sync/one_click_signin_helper.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/sync/one_click_signin_helper.h"
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/metrics/histogram.h"
 #include "base/metrics/field_trial.h"
 #include "base/string_split.h"
+#include "base/string_util.h"
 #include "base/supports_user_data.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/browser/api/infobars/one_click_signin_infobar_delegate.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/defaults.h"
+#include "chrome/browser/google/google_util.h"
 #include "chrome/browser/infobars/infobar_tab_helper.h"
 #include "chrome/browser/prefs/pref_service.h"
 #include "chrome/browser/prefs/scoped_user_pref_update.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_info_cache.h"
 #include "chrome/browser/profiles/profile_io_data.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/signin/signin_names_io_thread.h"
@@ skipping 17 matching lines @@
 #include "content/public/browser/web_contents_view.h"
 #include "content/public/common/frame_navigate_params.h"
 #include "content/public/common/page_transition_types.h"
 #include "content/public/common/password_form.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "googleurl/src/gurl.h"
 #include "grit/chromium_strings.h"
 #include "grit/generated_resources.h"
 #include "grit/theme_resources.h"
-#include "net/base/escape.h"
 #include "net/cookies/cookie_monster.h"
 #include "net/url_request/url_request.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/resource/resource_bundle.h"
 
 #include <functional>
 
 DEFINE_WEB_CONTENTS_USER_DATA_KEY(OneClickSigninHelper)
 
 namespace {
 
 // Set to true if this chrome instance is in the blue-button-on-white-bar
 // experimental group.
 bool use_blue_on_white = false;
 
+// Add a specific email to the list of emails rejected for one-click
+// sign-in, for this profile.
+void AddEmailToOneClickRejectedList(Profile* profile,
+                                    const std::string& email) {
+  PrefService* pref_service = profile->GetPrefs();
+  ListPrefUpdate updater(pref_service,
+                         prefs::kReverseAutologinRejectedEmailList);
+  updater->AppendIfNotPresent(new base::StringValue(email));
+}
+
 // Start syncing with the given user information.
 void StartSync(Browser* browser,
                OneClickSigninHelper::AutoAccept auto_accept,
                const std::string& session_index,
                const std::string& email,
                const std::string& password,
                OneClickSigninSyncStarter::StartSyncMode start_mode) {
   // The starter deletes itself once its done.
   new OneClickSigninSyncStarter(browser, session_index, email, password,
                                 start_mode);
 
   int action = one_click_signin::HISTOGRAM_MAX;
   switch (auto_accept) {
     case OneClickSigninHelper::AUTO_ACCEPT_EXPLICIT:
       action = one_click_signin::HISTOGRAM_AUTO_WITH_DEFAULTS;
       break;
-    case OneClickSigninHelper::AUTO_ACCEPT:
+    case OneClickSigninHelper::AUTO_ACCEPT_ACCEPTED:
       action =
           start_mode == OneClickSigninSyncStarter::SYNC_WITH_DEFAULT_SETTINGS ?
               one_click_signin::HISTOGRAM_AUTO_WITH_DEFAULTS :
               one_click_signin::HISTOGRAM_AUTO_WITH_ADVANCED;
       break;
-    case OneClickSigninHelper::NO_AUTO_ACCEPT:
+    case OneClickSigninHelper::AUTO_ACCEPT_NONE:
       action =
           start_mode == OneClickSigninSyncStarter::SYNC_WITH_DEFAULT_SETTINGS ?
               one_click_signin::HISTOGRAM_WITH_DEFAULTS :
               one_click_signin::HISTOGRAM_WITH_ADVANCED;
       break;
     case OneClickSigninHelper::AUTO_ACCEPT_CONFIGURE:
       DCHECK(start_mode == OneClickSigninSyncStarter::CONFIGURE_SYNC_FIRST);
       action = one_click_signin::HISTOGRAM_AUTO_WITH_ADVANCED;
       break;
     default:
       NOTREACHED() << "Invalid auto_accept: " << auto_accept;
       break;
   }
 
   UMA_HISTOGRAM_ENUMERATION("AutoLogin.Reverse", action,
                             one_click_signin::HISTOGRAM_MAX);
 }
 
-// Determines the source of the sign in.  Its either one of the known sign in
-// access point (first run, NTP, menu, settings) or its an implicit sign in
-// via another Google property.  In the former case, "service" is also
-// checked to make sure its "chromiumsync".
-SyncPromoUI::Source GetSigninSource(const GURL& url) {
+// Determines the source of the sign in and the continue URL.  Its either one
+// of the known sign in access point (first run, NTP, menu, settings) or its
+// an implicit sign in via another Google property.  In the former case,
+// "service" is also checked to make sure its "chromiumsync".
+SyncPromoUI::Source GetSigninSource(const GURL& url, GURL* continue_url) {
   std::string value;
   chrome_common_net::GetValueForKeyInQuery(url, "service", &value);
   bool is_explicit_signin = value == "chromiumsync";

[tim (not reviewing), 2012/12/14 19:48:29]

We do this here, but then at the GetSigninSource callsite, right after we invoke
it we do a different "is explicit signin" check by examining the return value of
this function.  Could we perhaps pull this 'value==chromiumsync' check up to the
callsite, pass it in to this function, and use it for the subsequent check (and
perhaps DCHECK on source_unknown)?

[Roger Tawa OOO till Jul 10th, 2012/12/16 03:03:46]

This function is really the "definitive" check for explicit sign in.  A sign in
is explicit iff service==chromiumsync and the source is one of the 4 types
expected.  This variable is miss named, so I renamed it.  OK?

 
-  chrome_common_net::GetValueForKeyInQuery(url, "continue", &value);
-  SyncPromoUI::Source source =
-      SyncPromoUI::GetSourceForSyncPromoURL(GURL(
-          net::UnescapeURLComponent(value,
-                                    net::UnescapeRule::URL_SPECIAL_CHARS)));
+  // Find the final continue URL for this sign in.  In some cases, Gaia can
+  // continue to itself, with the original continue URL buried under a couple
+  // of layers of indirection.  Peel those layers away.
+  GURL local_continue_url = url;
+  do {
+    local_continue_url =
+        SyncPromoUI::GetNextPageURLForSyncPromoURL(local_continue_url);
+  } while (gaia::IsGaiaSignonRealm(local_continue_url.GetOrigin()));
 
-  if (!is_explicit_signin)
-    source = SyncPromoUI::SOURCE_UNKNOWN;
+  if (continue_url && local_continue_url.is_valid()) {
+    DCHECK(!continue_url->is_valid() || *continue_url == local_continue_url);
+    *continue_url = local_continue_url;
+  }
 
-  return source;
+  return is_explicit_signin ?
+      SyncPromoUI::GetSourceForSyncPromoURL(local_continue_url) :
+      SyncPromoUI::SOURCE_UNKNOWN;
+}
+
+// Returns true if |url| is a valid URL that can occur during the sign in
+// process.  Valid URLs are of the form:
+//
+//    https://accounts.google.{TLD}/...
+//    https://accounts.youtube.com/...
+//    https://accounts.blogger.com/...
+//
+// All special headers used by one click sign in occur on
+// https://accounts.google.com URLs.  However, the sign process may redirect

[tim (not reviewing), 2012/12/14 19:48:29]

typo - However, the signin* process may redirect

[Roger Tawa OOO till Jul 10th, 2012/12/16 03:03:46]

Done.

+// to intermediate Gaia URLs that do not end with .com.  For example, an account
+// that uses SMS 2-factor outside the US may redirect to country specific URLs.
+//
+// The sign in process may also redirect to youtube and blogger account URLs
+// so that Gaia acts as a single signon service.
+bool IsValidGaiaSigninRedirectOrResponseURL(const GURL& url) {
+  std::string hostname = url.host();
+  if (google_util::IsGoogleHostname(hostname, google_util::ALLOW_SUBDOMAIN)) {
+    // Also using IsGaiaSignonRealm() to handle overriding with command line.
+    return gaia::IsGaiaSignonRealm(url.GetOrigin()) ||
+        StartsWithASCII(hostname, "accounts.", false);
+  }
+
+  GURL origin = url.GetOrigin();
+  if (origin == GURL("https://accounts.youtube.com") ||
+      origin == GURL("https://accounts.blogger.com"))
+    return true;
+
+  return false;
 }
 
 // This class is associated as user data with a given URLRequest object, in
 // order to pass information from one response to another during the process
 // of signing the user into their Gaia account.  This class is only meant
 // to be used from the IO thread.
 class OneClickSigninRequestUserData : public base::SupportsUserData::Data {
  public:
   const std::string& email() const { return email_; }
 
@@ skipping 61 matching lines @@
   // ConfirmInfoBarDelegate overrides.
   virtual string16 GetButtonLabel(InfoBarButton button) const OVERRIDE;
   virtual bool Accept() OVERRIDE;
   virtual bool Cancel() OVERRIDE;
   virtual string16 GetLinkText() const OVERRIDE;
   virtual bool LinkClicked(WindowOpenDisposition disposition) OVERRIDE;
 
   // OneClickSigninInfoBarDelegate overrides.
   virtual void GetAlternateColors(AlternateColors* alt_colors) OVERRIDE;
 
-  // Add a specific email to the list of emails rejected for one-click
-  // sign-in, for this profile.
-  void AddEmailToOneClickRejectedList(const std::string& email);
-
   // Record the specified action in the histogram for one-click sign in.
   void RecordHistogramAction(int action);
 
   // Information about the account that has just logged in.
   std::string session_index_;
   std::string email_;
   std::string password_;
 
   // Whether any UI controls in the infobar were pressed or not.
   bool button_pressed_;
@@ skipping 43 matching lines @@
 }
 
 string16 OneClickInfoBarDelegateImpl::GetButtonLabel(
     InfoBarButton button) const {
   return l10n_util::GetStringUTF16(
       (button == BUTTON_OK) ? IDS_ONE_CLICK_SIGNIN_INFOBAR_OK_BUTTON
                             : IDS_ONE_CLICK_SIGNIN_INFOBAR_CANCEL_BUTTON);
 }
 
 bool OneClickInfoBarDelegateImpl::Accept() {
+  content::WebContents* web_contents = owner()->GetWebContents();
+  Browser* browser = chrome::FindBrowserWithWebContents(web_contents);
+  Profile* profile = Profile::FromBrowserContext(
+      web_contents->GetBrowserContext());
+
   // User has accepted one-click sign-in for this account. Never ask again for
   // this profile.
-  Profile* profile = Profile::FromBrowserContext(
-      owner()->GetWebContents()->GetBrowserContext());
   SigninManager::DisableOneClickSignIn(profile);
-
-  content::WebContents* web_contents = owner()->GetWebContents();
-  Browser* browser = chrome::FindBrowserWithWebContents(web_contents);
   RecordHistogramAction(one_click_signin::HISTOGRAM_ACCEPTED);
   chrome::FindBrowserWithWebContents(web_contents)->window()->
-      ShowOneClickSigninBubble(base::Bind(&StartSync, browser,
-                                          OneClickSigninHelper::NO_AUTO_ACCEPT,
-                                          session_index_, email_, password_));
+      ShowOneClickSigninBubble(
+          base::Bind(&StartSync, browser,
+                     OneClickSigninHelper::AUTO_ACCEPT_NONE, session_index_,
+                     email_, password_));
   button_pressed_ = true;
   return true;
 }
 
 bool OneClickInfoBarDelegateImpl::Cancel() {
-  AddEmailToOneClickRejectedList(email_);
+  AddEmailToOneClickRejectedList(Profile::FromBrowserContext(
+      owner()->GetWebContents()->GetBrowserContext()), email_);
   RecordHistogramAction(one_click_signin::HISTOGRAM_REJECTED);
   button_pressed_ = true;
   return true;
 }
 
 string16 OneClickInfoBarDelegateImpl::GetLinkText() const {
   return l10n_util::GetStringUTF16(IDS_LEARN_MORE);
 }
 
 bool OneClickInfoBarDelegateImpl::LinkClicked(
@@ skipping 14 matching lines @@
     alt_colors->infobar_top_color = SK_ColorWHITE;
     alt_colors->button_text_color = SK_ColorWHITE;
     alt_colors->button_background_color = SkColorSetRGB(71, 135, 237);
     alt_colors->button_border_color = SkColorSetRGB(48, 121, 237);
     return;
   }
 
   return OneClickSigninInfoBarDelegate::GetAlternateColors(alt_colors);
 }
 
-void OneClickInfoBarDelegateImpl::AddEmailToOneClickRejectedList(
-    const std::string& email) {
-  Profile* profile = Profile::FromBrowserContext(
-      owner()->GetWebContents()->GetBrowserContext());
-  PrefService* pref_service = profile->GetPrefs();
-  ListPrefUpdate updater(pref_service,
-                         prefs::kReverseAutologinRejectedEmailList);
-  updater->AppendIfNotPresent(new base::StringValue(email));
-}
-
 void OneClickInfoBarDelegateImpl::RecordHistogramAction(int action) {
   UMA_HISTOGRAM_ENUMERATION("AutoLogin.Reverse", action,
                             one_click_signin::HISTOGRAM_MAX);
 }
 
 OneClickSigninHelper::OneClickSigninHelper(content::WebContents* web_contents)
     : content::WebContentsObserver(web_contents),
-      auto_accept_(NO_AUTO_ACCEPT),
+      auto_accept_(AUTO_ACCEPT_NONE),
       source_(SyncPromoUI::SOURCE_UNKNOWN) {
 }
 
 OneClickSigninHelper::~OneClickSigninHelper() {
 }
 
 // static
 void OneClickSigninHelper::AssociateWithRequestForTesting(
     base::SupportsUserData* request,
     const std::string& email) {
   OneClickSigninRequestUserData::AssociateWithRequest(request, email);
 }
 
 // static
 bool OneClickSigninHelper::CanOffer(content::WebContents* web_contents,
                                     CanOfferFor can_offer_for,
                                     const std::string& email,
                                     int* error_message_id) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+    VLOG(1) << "OneClickSigninHelper::CanOffer";
 
   if (error_message_id)
     *error_message_id = 0;
 
   if (!web_contents)
     return false;
 
   if (web_contents->GetBrowserContext()->IsOffTheRecord())
     return false;
 
@@ skipping 72 matching lines @@
       ProfileSyncService* service =
           ProfileSyncServiceFactory::GetForProfile(profile);
       if (!service)
         return false;
 
       if (service->FirstSetupInProgress())
         return false;
     }
   }
 
+  VLOG(1) << "OneClickSigninHelper::CanOffer: yes we can";
   return true;
 }
 
 // static
 OneClickSigninHelper::Offer OneClickSigninHelper::CanOfferOnIOThread(
     net::URLRequest* request,
     ProfileIOData* io_data) {
   return CanOfferOnIOThreadImpl(request->url(), request->referrer(),
                                 request, io_data);
 }
 
 // static
 OneClickSigninHelper::Offer OneClickSigninHelper::CanOfferOnIOThreadImpl(
     const GURL& url,
     const std::string& referrer,
     base::SupportsUserData* request,
     ProfileIOData* io_data) {
   if (!gaia::IsGaiaSignonRealm(url.GetOrigin()))
     return IGNORE_REQUEST;
 
   if (!io_data)
     return DONT_OFFER;
 
   if (!SyncPromoUI::UseWebBasedSigninFlow())
     return DONT_OFFER;
 
-  // Don't offer if the source is known, as that means it's an explicit sign
-  // in request.
-  if (GetSigninSource(url) != SyncPromoUI::SOURCE_UNKNOWN ||
-      GetSigninSource(GURL(referrer)) != SyncPromoUI::SOURCE_UNKNOWN) {
-    return DONT_OFFER;
-  }
-
   if (!ProfileSyncService::IsSyncEnabled())
     return DONT_OFFER;
 
   // Check for incognito before other parts of the io_data, since those
   // members may not be initalized.
   if (io_data->is_incognito())
     return DONT_OFFER;
 
   if (!io_data->reverse_autologin_enabled()->GetValue())
     return DONT_OFFER;
@@ skipping 57 matching lines @@
 void OneClickSigninHelper::ShowInfoBarIfPossible(net::URLRequest* request,
                                                  int child_id,
                                                  int route_id) {
   std::string google_chrome_signin_value;
   std::string google_accounts_signin_value;
   request->GetResponseHeaderByName("Google-Chrome-SignIn",
                                    &google_chrome_signin_value);
   request->GetResponseHeaderByName("Google-Accounts-SignIn",
                                    &google_accounts_signin_value);
 
-  VLOG(1) << "OneClickSigninHelper::ShowInfoBarIfPossible:"
-          << " g-a-s='" << google_accounts_signin_value << "'"
-          << " g-c-s='" << google_chrome_signin_value << "'";
+  if (!google_accounts_signin_value.empty() ||
+      !google_chrome_signin_value.empty()) {
+    VLOG(1) << "OneClickSigninHelper::ShowInfoBarIfPossible:"
+            << " g-a-s='" << google_accounts_signin_value << "'"
+            << " g-c-s='" << google_chrome_signin_value << "'";
+  }
 
   if (!SyncPromoUI::UseWebBasedSigninFlow() &&
       google_accounts_signin_value.empty()) {
     return;
   }
 
   if (!gaia::IsGaiaSignonRealm(request->original_url().GetOrigin()))
     return;
 
   // Parse Google-Accounts-SignIn.
@@ skipping 12 matching lines @@
       session_index = value;
     }
   }
 
   // Later in the chain of this request, we'll need to check the email address
   // in the IO thread (see CanOfferOnIOThread).  So save the email address as
   // user data on the request (only for web-based flow).
   if (SyncPromoUI::UseWebBasedSigninFlow() && !email.empty())
     OneClickSigninRequestUserData::AssociateWithRequest(request, email);
 
-  VLOG(1) << "OneClickSigninHelper::ShowInfoBarIfPossible:"
-          << " email=" << email
-          << " sessionindex=" << session_index;
+  if (!email.empty() || !session_index.empty()) {
+    VLOG(1) << "OneClickSigninHelper::ShowInfoBarIfPossible:"
+            << " email=" << email
+            << " sessionindex=" << session_index;
+  }
 
   // Parse Google-Chrome-SignIn.
-  AutoAccept auto_accept = NO_AUTO_ACCEPT;
+  AutoAccept auto_accept = AUTO_ACCEPT_NONE;
   SyncPromoUI::Source source = SyncPromoUI::SOURCE_UNKNOWN;
+  GURL continue_url;
   if (SyncPromoUI::UseWebBasedSigninFlow()) {
     std::vector<std::string> tokens;
     base::SplitString(google_chrome_signin_value, ',', &tokens);
     for (size_t i = 0; i < tokens.size(); ++i) {
       const std::string& token = tokens[i];
       if (token == "accepted") {
-        auto_accept = AUTO_ACCEPT;
+        auto_accept = AUTO_ACCEPT_ACCEPTED;
       } else if (token == "configure") {
         auto_accept = AUTO_ACCEPT_CONFIGURE;
       } else if (token == "rejected-for-profile") {
-        auto_accept = REJECTED_FOR_PROFILE;
+        auto_accept = AUTO_ACCEPT_REJECTED_FOR_PROFILE;
       }
     }
 
     // If this is an explicit sign in (i.e., first run, NTP, menu,settings)
     // then force the auto accept type to explicit.
-    source = GetSigninSource(request->original_url());
-    if (source == SyncPromoUI::SOURCE_UNKNOWN)
-      source = GetSigninSource(GURL(request->referrer()));
-
+    source = GetSigninSource(request->original_url(), &continue_url);
     if (source != SyncPromoUI::SOURCE_UNKNOWN)
       auto_accept = AUTO_ACCEPT_EXPLICIT;
   }
 
-  VLOG(1) << "OneClickSigninHelper::ShowInfoBarIfPossible:"
-          << " auto_accept=" << auto_accept;
+  if (auto_accept != AUTO_ACCEPT_NONE) {
+    VLOG(1) << "OneClickSigninHelper::ShowInfoBarIfPossible:"
+            << " auto_accept=" << auto_accept;
+  }
 
-  // If |session_index|, |email|, and |auto_accept| all have their default
-  // value, don't bother posting a task to the UI thread.  It will be a noop
-  // anyway.
+  // If |session_index|, |email|, |auto_accept|, and |continue_url| all have
+  // their default value, don't bother posting a task to the UI thread.
+  // It will be a noop anyway.
   //
   // The two headers above may (but not always) come in different http requests
   // so a post to the UI thread is still needed if |auto_accept| is not its
   // default value, but |email| and |session_index| are.
-  if (session_index.empty() && email.empty() && auto_accept == NO_AUTO_ACCEPT)
+  if (session_index.empty() && email.empty() &&
+      auto_accept == AUTO_ACCEPT_NONE && !continue_url.is_valid()) {
     return;
+  }
 
   content::BrowserThread::PostTask(
       content::BrowserThread::UI, FROM_HERE,
       base::Bind(&OneClickSigninHelper::ShowInfoBarUIThread, session_index,
-                 email, auto_accept, source, child_id, route_id));
+                 email, auto_accept, source, continue_url, child_id, route_id));
 }
 
 // static
 void OneClickSigninHelper::ShowInfoBarUIThread(
     const std::string& session_index,
     const std::string& email,
     AutoAccept auto_accept,
     SyncPromoUI::Source source,
+    const GURL& continue_url,
     int child_id,
     int route_id) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
 
   content::WebContents* web_contents = tab_util::GetWebContentsByID(child_id,
                                                                     route_id);
 
   // TODO(mathp): The appearance of this infobar should be tested using a
   // browser_test.
   OneClickSigninHelper* helper =
@@ skipping 19 matching lines @@
 
   // Save the email in the one-click signin manager.  The manager may
   // not exist if the contents is incognito or if the profile is already
   // connected to a Google account.
   if (!session_index.empty())
     helper->session_index_ = session_index;
 
   if (!email.empty())
     helper->email_ = email;
 
-  if (auto_accept != NO_AUTO_ACCEPT) {
+  if (auto_accept != AUTO_ACCEPT_NONE) {
     helper->auto_accept_ = auto_accept;
     helper->source_ = source;
   }
+
+  if (continue_url.is_valid()) {
+    // When Gaia finally redirects to the continue URL, Gaia will add some
+    // extra query parameters.  So ignore the parameters when checking to see
+    // if the user has continued.
+    GURL::Replacements replacements;
+    replacements.ClearQuery();
+    helper->continue_url_ = continue_url.ReplaceComponents(replacements);
+  }
 }
 
 void OneClickSigninHelper::RedirectToNTP() {
+  VLOG(1) << "OneClickSigninHelper::RedirectToNTP";
+
   // Redirect to NTP with sign in bubble visible.
   content::WebContents* contents = web_contents();
   Profile* profile =
       Profile::FromBrowserContext(contents->GetBrowserContext());
   PrefService* pref_service = profile->GetPrefs();
   pref_service->SetBoolean(prefs::kSyncPromoShowNTPBubble, true);
   pref_service->SetString(prefs::kSyncPromoErrorMessage, error_message_);
 
   contents->GetController().LoadURL(GURL(chrome::kChromeUINewTabURL),
                                     content::Referrer(),
                                     content::PAGE_TRANSITION_AUTO_TOPLEVEL,
                                     std::string());
 
   error_message_.clear();
   signin_tracker_.reset();
 }
 
 void OneClickSigninHelper::CleanTransientState() {
+  VLOG(1) << "OneClickSigninHelper::CleanTransientState";
   email_.clear();
   password_.clear();
-  auto_accept_ = NO_AUTO_ACCEPT;
+  auto_accept_ = AUTO_ACCEPT_NONE;
   source_ = SyncPromoUI::SOURCE_UNKNOWN;
+  continue_url_ = GURL();
 }
 
 void OneClickSigninHelper::DidNavigateAnyFrame(
     const content::LoadCommittedDetails& details,
     const content::FrameNavigateParams& params) {
   // We only need to scrape the password for Gaia logins.
   const content::PasswordForm& form = params.password_form;
   if (form.origin.is_valid() &&
       gaia::IsGaiaSignonRealm(GURL(form.signon_realm))) {
     VLOG(1) << "OneClickSigninHelper::DidNavigateAnyFrame: got password";
     password_ = UTF16ToUTF8(params.password_form.password_value);
   }
 }
 
 void OneClickSigninHelper::DidStopLoading(
     content::RenderViewHost* render_view_host) {
   // If the user left the sign in process, clear all members.
   // TODO(rogerta): might need to allow some youtube URLs.
   content::WebContents* contents = web_contents();
-  if (!gaia::IsGaiaSignonRealm(contents->GetURL().GetOrigin())) {
-    CleanTransientState();
-    return;
-  }
+  const GURL url = contents->GetURL();
+  VLOG(1) << "OneClickSigninHelper::DidStopLoading: url=" << url.spec();
 
-  if (!error_message_.empty()) {
+  // If an error has already occured during the sign in flow, make sure to
+  // display it to the user and abort the process.  Do this only for
+  // explicit sign ins.
+  if (!error_message_.empty() && auto_accept_ == AUTO_ACCEPT_EXPLICIT) {
+    VLOG(1) << "OneClickSigninHelper::DidStopLoading: error=" << error_message_;
     RedirectToNTP();
     return;
   }
 
+  // If there is no valid email or password yet, there is nothing to do.
   if (email_.empty() || password_.empty())
     return;
 
+  bool last_minute_source_change = false;

[tim (not reviewing), 2012/12/14 19:48:29]

I'm a bit confused, how does the user saying "I want to go to the configure
screen" imply we change the value of the field that denotes "where did this
request come from"?

[Roger Tawa OOO till Jul 10th, 2012/12/16 03:03:46]

It was kind of explained at line 845 below, but I have added more commentary. 
More is always better when it comes to commentary :-)

+
+  if (SyncPromoUI::UseWebBasedSigninFlow()) {
+    if (IsValidGaiaSigninRedirectOrResponseURL(url))
+      return;
+
+    // During an explicit sign in, if the user has not yet reached the final
+    // continue URL, wait for it to arrive. Note that Gaia will add some extra
+    // query parameters to the continue URL.  Ignore them when checking to
+    // see if the user has continued.
+    //
+    // If this is not an explicit sign in, we don't need to check if we landed
+    // on the right continue URL.  This is important because the continue URL
+    // may itself lead to a redirect, which means this function will never see
+    // the continue URL go by.
+    if (source_ != SyncPromoUI::SOURCE_UNKNOWN) {

[tim (not reviewing), 2012/12/14 19:48:29]

Use AUTO_ACCEPT_EXPLICIT instead of SOURCE_UNKNOWN comparison? (You could dcheck
the source condition?) 

Same below.

[Roger Tawa OOO till Jul 10th, 2012/12/16 03:03:46]

Done.  Where also below?

[tim (not reviewing), 2012/12/18 01:25:48]

Hmm... good question.

+      GURL::Replacements replacements;
+      replacements.ClearQuery();
+      const bool continue_url_match =
+          url.ReplaceComponents(replacements) == continue_url_;
+      if (!continue_url_match) {
+        VLOG(1) << "OneClickSigninHelper::DidStopLoading: invalid url='"
+                << url.spec()
+                << "' expected continue url=" << continue_url_;
+        CleanTransientState();
+        return;
+      }
+
+      // In explicit sign ins, the user may have checked the box
+      // "Let me choose what to sync".  This is reflected as a change in the
+      // source of the continue URL.  Make one last check of the current URL
+      // to see if there is a valid source and its set to "settings".  If so,

[tim (not reviewing), 2012/12/14 19:48:29]

nit-  it's set to settings

[Roger Tawa OOO till Jul 10th, 2012/12/16 03:03:46]

Done.

+      // it overrides the current source.
+      SyncPromoUI::Source source =
+          SyncPromoUI::GetSourceForSyncPromoURL(url);
+      if (source == SyncPromoUI::SOURCE_SETTINGS) {
+        source_ = SyncPromoUI::SOURCE_SETTINGS;
+        last_minute_source_change = true;
+      }
+    }
+  }
+
   Browser* browser = chrome::FindBrowserWithWebContents(contents);
+  Profile* profile =
+      Profile::FromBrowserContext(contents->GetBrowserContext());
   InfoBarTabHelper* infobar_tab_helper =
       InfoBarTabHelper::FromWebContents(contents);
 
+  VLOG(1) << "OneClickSigninHelper::DidStopLoading: signin is go."
+          << " auto_accept=" << auto_accept_
+          << " source=" << source_;
+
   switch (auto_accept_) {
-    case AUTO_ACCEPT:
+    case AUTO_ACCEPT_NONE:
+      if (SyncPromoUI::UseWebBasedSigninFlow()) {
+        UMA_HISTOGRAM_ENUMERATION("AutoLogin.Reverse",
+                                  one_click_signin::HISTOGRAM_DISMISSED,
+                                  one_click_signin::HISTOGRAM_MAX);
+      } else {
+        infobar_tab_helper->AddInfoBar(
+            new OneClickInfoBarDelegateImpl(infobar_tab_helper, session_index_,
+                                            email_, password_));
+      }
+      break;
+    case AUTO_ACCEPT_ACCEPTED:
+      SigninManager::DisableOneClickSignIn(profile);
       browser->window()->ShowOneClickSigninBubble(
           base::Bind(&StartSync, browser, auto_accept_, session_index_,
                      email_, password_));
       break;
-    case NO_AUTO_ACCEPT:
-      infobar_tab_helper->AddInfoBar(
-          new OneClickInfoBarDelegateImpl(infobar_tab_helper, session_index_,
-                                          email_, password_));
-      break;
     case AUTO_ACCEPT_CONFIGURE:
+      SigninManager::DisableOneClickSignIn(profile);
       StartSync(browser, auto_accept_, session_index_, email_, password_,
                 OneClickSigninSyncStarter::CONFIGURE_SYNC_FIRST);
       break;
     case AUTO_ACCEPT_EXPLICIT:
       StartSync(browser, auto_accept_, session_index_, email_, password_,
                 source_ == SyncPromoUI::SOURCE_SETTINGS ?
                     OneClickSigninSyncStarter::CONFIGURE_SYNC_FIRST :
                     OneClickSigninSyncStarter::SYNC_WITH_DEFAULT_SETTINGS);
+
+      // If this was a last minute switch to the settings page, this means the
+      // started with first-run/NTP/wrench menu, and checked the "configure
+      // first" checkbox.  Replace the default blank continue page with an
+      // about:blank page, so that when the settings page is displayed, it
+      // reuses the tab.
+      if (last_minute_source_change) {
+        contents->GetController().LoadURL(
+            GURL("about:blank"), content::Referrer(),
+            content::PAGE_TRANSITION_AUTO_TOPLEVEL, std::string());
+      }
       break;
-    case REJECTED_FOR_PROFILE:
+    case AUTO_ACCEPT_REJECTED_FOR_PROFILE:
+      AddEmailToOneClickRejectedList(profile, email_);
       UMA_HISTOGRAM_ENUMERATION("AutoLogin.Reverse",
                                 one_click_signin::HISTOGRAM_REJECTED,
                                 one_click_signin::HISTOGRAM_MAX);
       break;
     default:
       NOTREACHED() << "Invalid auto_accept=" << auto_accept_;
       break;
   }
 
   // If this explicit sign in is not from settings page, show the NTP after
   // sign in completes.  In the case of the settings page, it will get closed
   // by SyncSetupHandler.
   if (auto_accept_ == AUTO_ACCEPT_EXPLICIT &&
       source_ != SyncPromoUI::SOURCE_SETTINGS) {
-    Profile* profile =
-        Profile::FromBrowserContext(contents->GetBrowserContext());
     signin_tracker_.reset(new SigninTracker(profile, this));
   }
 
   CleanTransientState();
 }
 
 void OneClickSigninHelper::GaiaCredentialsValid() {
 }
 
 void OneClickSigninHelper::SigninFailed(const GoogleServiceAuthError& error) {
@@ skipping 13 matching lines @@
         break;
     }
   }
 
   RedirectToNTP();
 }
 
 void OneClickSigninHelper::SigninSuccess() {
   RedirectToNTP();
 }