Allow signin to continue even if sync is disabled by policy.

chrome/browser/ui/webui/sync_setup_handler.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/sync_setup_handler.h"
 
 #include "base/basictypes.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/command_line.h"
@@ skipping 170 matching lines @@
 bool AreUserNamesEqual(const string16& user1, const string16& user2) {
   return NormalizeUserName(user1) == NormalizeUserName(user2);
 }
 
 bool IsKeystoreEncryptionEnabled() {
   return CommandLine::ForCurrentProcess()->HasSwitch(
       switches::kSyncKeystoreEncryption);
 }
 
 void BringTabToFront(WebContents* web_contents) {
+  DCHECK(web_contents);
   Browser* browser = chrome::FindBrowserWithWebContents(web_contents);
   if (browser) {
     TabStripModel* tab_strip_model = browser->tab_strip_model();
     if (tab_strip_model) {
       int index = tab_strip_model->GetIndexOfWebContents(web_contents);
       if (index != TabStripModel::kNoTab)
         tab_strip_model->ActivateTabAt(index, false);
     }
   }
 }
@@ skipping 177 matching lines @@
     { "fullEncryptionOption", IDS_SYNC_FULL_ENCRYPTION_DATA },
   };
 
   RegisterStrings(localized_strings, resources, arraysize(resources));
   RegisterTitle(localized_strings, "syncSetupOverlay", IDS_SYNC_SETUP_TITLE);
 }
 
 void SyncSetupHandler::DisplayConfigureSync(bool show_advanced,
                                             bool passphrase_failed) {
   ProfileSyncService* service = GetSyncService();
+  DCHECK(service);
   if (!service->sync_initialized()) {
     // When user tries to setup sync while the sync backend is not initialized,
     // kick the sync backend and wait for it to be ready and show spinner until
     // the backend gets ready.
     retry_on_signin_failure_ = false;
 
     service->UnsuppressAndStart();
     DisplaySpinner();
 
     // To listen to the token available notifications, start SigninTracker.
@@ skipping 113 matching lines @@
 void SyncSetupHandler::ConfigureSyncDone() {
   StringValue page("done");
   web_ui()->CallJavascriptFunction(
       "SyncSetupOverlay.showSyncSetupPage", page);
 
   // Suppress the sync promo once the user signs into sync. This way the user
   // doesn't see the sync promo even if they sign out of sync later on.
   SyncPromoUI::SetUserSkippedSyncPromo(GetProfile());
 
   ProfileSyncService* service = GetSyncService();
+  DCHECK(service);
   if (!service->HasSyncSetupCompleted()) {
     // This is the first time configuring sync, so log it.
     FilePath profile_file_path = GetProfile()->GetPath();
     ProfileMetrics::LogProfileSyncSignIn(profile_file_path);
 
     // We're done configuring, so notify ProfileSyncService that it is OK to
     // start syncing.
     service->SetSyncSetupCompleted();
   }
 }
@@ skipping 139 matching lines @@
     args.SetString("errorMessage", local_error_message);
   if (fatal_error)
     args.SetBoolean("fatalError", true);
   args.SetString("captchaUrl", captcha);
   StringValue page("login");
   web_ui()->CallJavascriptFunction(
       "SyncSetupOverlay.showSyncSetupPage", page, args);
 }
 
 bool SyncSetupHandler::PrepareSyncSetup() {
-  ProfileSyncService* service = GetSyncService();
-  if (!service) {
-    // If there's no sync service, the user tried to manually invoke a syncSetup
-    // URL, but sync features are disabled.  We need to close the overlay for
-    // this (rare) case.
-    DLOG(WARNING) << "Closing sync UI because sync is disabled";
-    CloseOverlay();
-    return false;
-  }
 
   // If the wizard is already visible, just focus that one.
   if (FocusExistingWizardIfPresent()) {
     if (!IsActiveLogin())
       CloseOverlay();
     return false;
   }
 
   // Notify services that login UI is now active.
   GetLoginUIService()->SetLoginUI(this);
-  service->SetSetupInProgress(true);
+
+  ProfileSyncService* service = GetSyncService();
+  if (service)
+    service->SetSetupInProgress(true);
 
   return true;
 }
 
 void SyncSetupHandler::DisplaySpinner() {
   configuring_sync_ = true;
   StringValue page("spinner");
   DictionaryValue args;
 
   const int kTimeoutSec = 30;
@@ skipping 105 matching lines @@
   // If we're just being called to provide an ASP, then pass it to the
   // SigninManager and wait for the next step.
   if (!access_code.empty()) {
     signin->ProvideSecondFactorAccessCode(access_code);
     return;
   }
 
   // The user has submitted credentials, which indicates they don't want to
   // suppress start up anymore. We do this before starting the signin process,
   // so the ProfileSyncService knows to listen to the cached password.
-  GetSyncService()->UnsuppressAndStart();
+  ProfileSyncService* service = GetSyncService();
+  if (service)
+    service->UnsuppressAndStart();
 
   // Kick off a sign-in through the signin manager.
   signin->StartSignIn(username, password, current_error.captcha().token,
                       solution);
 }
 
 void SyncSetupHandler::GaiaCredentialsValid() {
   DCHECK(IsActiveLogin());
 
   // Gaia credentials are valid - update the UI.
@@ skipping 10 matching lines @@
   // since there is no way to show the user an error message.
   if (SyncPromoUI::UseWebBasedSigninFlow()) {
     CloseSyncSetup();
   } else if (retry_on_signin_failure_) {
     // Got a failed signin - this is either just a typical auth error, or a
     // sync error (treat sync errors as "fatal errors" - i.e. non-auth errors).
     // On ChromeOS, this condition can happen when auth token is invalid and
     // cannot start sync backend.
     // If using web-based sign in flow, don't show the gaia sign in page again
     // since there is no way to show the user an error message.
-    DisplayGaiaLogin(GetSyncService()->HasUnrecoverableError());
+    ProfileSyncService* service = GetSyncService();
+    DisplayGaiaLogin(service && service->HasUnrecoverableError());
   } else {
     // TODO(peria): Show error dialog for prompting sign in and out on
     // Chrome OS. http://crbug.com/128692
     CloseOverlay();
   }
 }
 
 Profile* SyncSetupHandler::GetProfile() const {
   return Profile::FromWebUI(web_ui());
 }
 
 ProfileSyncService* SyncSetupHandler::GetSyncService() const {
-  return ProfileSyncServiceFactory::GetForProfile(GetProfile());
+  Profile* profile = GetProfile();
+  return profile->IsSyncAccessible() ?
+      ProfileSyncServiceFactory::GetForProfile(GetProfile()) : NULL;
 }
 
 void SyncSetupHandler::SigninSuccess() {
-  DCHECK(GetSyncService()->sync_initialized());
+  ProfileSyncService* service = GetSyncService();
+  DCHECK(!service || service->sync_initialized());
   // Stop a timer to handle timeout in waiting for checking network connection.
   backend_start_timer_.reset();
 
   // If we have signed in while sync is already setup, it must be due to some
   // kind of re-authentication flow. In that case, just close the signin dialog
   // rather than forcing the user to go through sync configuration.
-  if (GetSyncService()->HasSyncSetupCompleted())
+  if (!service || service->HasSyncSetupCompleted())
     DisplayGaiaSuccessAndClose();
   else
     DisplayConfigureSync(false, false);
 }
 
 void SyncSetupHandler::HandleConfigure(const ListValue* args) {
   std::string json;
   if (!args->GetString(0, &json)) {
     NOTREACHED() << "Could not read JSON argument";
     return;
@@ skipping 10 matching lines @@
     NOTREACHED();
     return;
   }
 
   // Start configuring the ProfileSyncService using the configuration passed
   // to us from the JS layer.
   ProfileSyncService* service = GetSyncService();
 
   // If the sync engine has shutdown for some reason, just close the sync
   // dialog.
-  if (!service->sync_initialized()) {
+  if (!service || !service->sync_initialized()) {
     CloseOverlay();
     return;
   }
 
   // Note: Data encryption will not occur until configuration is complete
   // (when the PSS receives its CONFIGURE_DONE notification from the sync
   // backend), so the user still has a chance to cancel out of the operation
   // if (for example) some kind of passphrase error is encountered.
   if (configuration.encrypt_all)
     service->EnableEncryptEverything();
@@ skipping 85 matching lines @@
 
   // Bring up the existing wizard, or just display it on this page.
   if (!FocusExistingWizardIfPresent())
     OpenSyncSetup(false);
 }
 
 void SyncSetupHandler::HandleShowSetupUI(const ListValue* args) {
   OpenSyncSetup(false);
 }
 
+// TODO(atwilson): Remove chrome-os-only API in favor of routing everything
+// through ShowSetupUI.
 void SyncSetupHandler::HandleShowSetupUIWithoutLogin(const ListValue* args) {
   OpenConfigureSync();
 }
 
 void SyncSetupHandler::HandleDoSignOutOnAuthError(const ListValue* args) {
   DLOG(INFO) << "Signing out the user to fix a sync error.";
   browser::AttemptUserExit();
 }
 
 void SyncSetupHandler::HandleStopSyncing(const ListValue* args) {
   ProfileSyncService* service = GetSyncService();
-  DCHECK(service);
 
-  if (ProfileSyncService::IsSyncEnabled()) {
+  if (service) {
     service->DisableForUser();
     ProfileSyncService::SyncEvent(ProfileSyncService::STOP_FROM_OPTIONS);
   }
+  GetSignin()->SignOut();
 }
 
 void SyncSetupHandler::HandleCloseTimeout(const ListValue* args) {
   CloseSyncSetup();
 }
 
 void SyncSetupHandler::CloseSyncSetup() {
   // TODO(atwilson): Move UMA tracking of signin events out of sync module.
   ProfileSyncService* sync_service = GetSyncService();
   if (IsActiveLogin()) {
-    if (!sync_service->HasSyncSetupCompleted()) {
+    if (!sync_service || !sync_service->HasSyncSetupCompleted()) {
       if (signin_tracker_.get()) {
         ProfileSyncService::SyncEvent(
             ProfileSyncService::CANCEL_DURING_SIGNON);
       } else if (configuring_sync_) {
         ProfileSyncService::SyncEvent(
             ProfileSyncService::CANCEL_DURING_CONFIGURE);
       } else {
         ProfileSyncService::SyncEvent(
             ProfileSyncService::CANCEL_FROM_SIGNON_WITHOUT_AUTH);
       }
     }
 
     // Let the various services know that we're no longer active.
     if (SyncPromoUI::UseWebBasedSigninFlow())
       CloseGaiaSigninPage();
 
     GetLoginUIService()->LoginUIClosed(this);
   }
 
   if (sync_service) {
     // Make sure user isn't left half-logged-in (signed in, but without sync
     // started up). If the user hasn't finished setting up sync, then sign out
     // and shut down sync.
     if (!sync_service->HasSyncSetupCompleted()) {
       DVLOG(1) << "Signin aborted by user action";
+      if (signin_tracker_.get() || sync_service->FirstSetupInProgress()) {
+        // User was still in the process of signing in, so sign him out again.
+        // This makes sure that the user isn't left signed in but with sync
+        // un-configured.
+        //
+        // This has the side-effect of signing out the user in the following
+        // scenario:
+        //   * User signs in while sync is disabled by policy.
+        //   * Sync is re-enabled by policy.
+        //   * User brings up sync setup dialog to do initial sync config.
+        //   * User cancels out of the dialog.
+        //
+        // This case is indistinguishable from the "one click signin" case where
+        // the user checks the "advanced setup" checkbox, then cancels out of
+        // the setup box, which is a much more common scenario, so we do the
+        // right thing for the one-click case.
+        GetSignin()->SignOut();
+      }
       sync_service->DisableForUser();
-
       browser_sync::SyncPrefs sync_prefs(GetProfile()->GetPrefs());
       sync_prefs.SetStartSuppressed(true);
     }
     sync_service->SetSetupInProgress(false);
   }
 
   // Reset the attempted email address and error, otherwise the sync setup
   // overlay in the settings page will stay in whatever error state it was last
   // when it is reopened.
   last_attempted_user_email_.clear();
   last_signin_error_ = GoogleServiceAuthError::None();
 
   configuring_sync_ = false;
   signin_tracker_.reset();
 
   // Stop a timer to handle timeout in waiting for checking network connection.
   backend_start_timer_.reset();
 }
 
 void SyncSetupHandler::OpenSyncSetup(bool force_login) {
   if (!PrepareSyncSetup())
     return;
 
-  ProfileSyncService* service = GetSyncService();
-
   // There are several different UI flows that can bring the user here:
   // 1) Signin promo (passes force_login=true)
-  // 2) Normal signin through options page (IsSyncEnabledAndLoggedIn() will
-  //    return false).
-  // 3) Previously working credentials have expired
-  //    (service->GetAuthError() != NONE).
+  // 2) Normal signin through options page (GetAuthenticatedUsername() is
+  //    empty).
+  // 3) Previously working credentials have expired.
   // 4) User is already signed in, but App Notifications needs to force another
   //    login so it can fetch an oauth token (passes force_login=true)
   // 5) User clicks [Advanced Settings] button on options page while already
   //    logged in.
   // 6) One-click signin (credentials are already available, so should display
   //    sync configure UI, not login UI).
   // 7) ChromeOS re-enable after disabling sync.
+  SigninManager* signin = GetSignin();
   if (force_login ||
-      !service->IsSyncEnabledAndLoggedIn() ||
-      service->GetAuthError().state() != GoogleServiceAuthError::NONE) {
+      signin->GetAuthenticatedUsername().empty() ||
+      signin->signin_global_error()->HasBadge()) {
     // User is not logged in, or login has been specially requested - need to
     // display login UI (cases 1-4).
     DisplayGaiaLogin(false);
   } else {
+    if (!GetSyncService()) {
+      // Shouldn't happen, except in various race conditions where a policy
+      // push comes down that disables sync while the user is trying to
+      // configure it.
+      DLOG(WARNING) << "Cannot display sync UI when sync is disabled";
+      return;
+    }
+
     // User is already logged in. They must have brought up the config wizard
     // via the "Advanced..." button or through One-Click signin (cases 5/6), or
     // they are re-enabling sync on Chrome OS.
     DisplayConfigureSync(true, false);
   }
 
   if (!SyncPromoUI::UseWebBasedSigninFlow())
     ShowSetupUI();
 }
 
 void SyncSetupHandler::OpenConfigureSync() {
   if (!PrepareSyncSetup())
     return;
 
   DisplayConfigureSync(true, false);
   ShowSetupUI();
 }
 
 void SyncSetupHandler::FocusUI() {
   DCHECK(IsActiveLogin());
-  if (SyncPromoUI::UseWebBasedSigninFlow() && signin_tracker_) {
+  // Bring the GAIA tab to the foreground if there is one.
+  if (SyncPromoUI::UseWebBasedSigninFlow() &&
+      signin_tracker_ &&
+      active_gaia_signin_tab_) {
     BringTabToFront(active_gaia_signin_tab_);
   } else {
     WebContents* web_contents = web_ui()->GetWebContents();
     web_contents->GetDelegate()->ActivateContents(web_contents);
   }
 }
 
 void SyncSetupHandler::CloseUI() {
   DCHECK(IsActiveLogin());
   CloseOverlay();
@@ skipping 77 matching lines @@
     if (i != current_profile_index && AreUserNamesEqual(
         cache.GetUserNameOfProfileAtIndex(i), username_utf16)) {
       *error_message = l10n_util::GetStringUTF16(
           IDS_SYNC_USER_NAME_IN_USE_ERROR);
       return false;
     }
   }
 
   return true;
 }