signin: force web signin flow initiated visits to accounts.google.com to their own process.

chrome/browser/signin/signin_manager.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // The signin manager encapsulates some functionality tracking
 // which user is signed in. When a user is signed in, a ClientLogin
 // request is run on their behalf. Auth tokens are fetched from Google
 // and the results are stored in the TokenService.
 //
 // **NOTE** on semantics of SigninManager:
@@ skipping 22 matching lines @@
 #include "content/public/browser/notification_registrar.h"
 #include "google_apis/gaia/gaia_auth_consumer.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "net/cookies/canonical_cookie.h"
 
 class CookieSettings;
 class GaiaAuthFetcher;
 class PrefService;
 class SigninGlobalError;
 
+namespace content {
+class RenderProcessHost;
+}
+
 namespace policy {
 class CloudPolicyClient;
 }
 
 // Details for the Notification type GOOGLE_SIGNIN_SUCCESSFUL.
 // A listener might use this to make note of a username / password
 // pair for encryption keys.
 struct GoogleServiceSigninSuccessDetails {
   GoogleServiceSigninSuccessDetails(const std::string& in_username,
                                     const std::string& in_password)
@@ skipping 135 matching lines @@
   // ProfileKeyedService implementation.
   virtual void Shutdown() OVERRIDE;
 
   // Tells the SigninManager to prohibit signout for this profile.
   void ProhibitSignout();
 
   // If true, signout is prohibited for this profile (calls to SignOut() are
   // ignored).
   bool IsSignoutProhibited() const;
 
+  void SetSigninProcess(const content::RenderProcessHost* process);
+  bool IsSigninProcess(const content::RenderProcessHost* process) const;

[Roger Tawa OOO till Jul 10th, 2013/02/28 04:07:42]

Any reason to pass RenderProcessHost* instead of just an int?

[Charlie Reis, 2013/02/28 17:33:02]

Yes, I think the ID would be sufficient here, and consistent with similar checks
elsewhere.

+
  protected:
   // Weak pointer to parent profile (protected so FakeSigninManager can access
   // it).
   Profile* profile_;
 
   // Used to show auth errors in the wrench menu. The SigninGlobalError is
   // different than most GlobalErrors in that its lifetime is controlled by
   // SigninManager (so we can expose a reference for use in the wrench menu).
   scoped_ptr<SigninGlobalError> signin_global_error_;
 
@@ skipping 116 matching lines @@
   // with credentials.  These will be passed to TokenService so that it does
   // not need to mint new ones.
   ClientOAuthResult temp_oauth_login_tokens_;
 
   // The list of SigninDiagnosticObservers.
   ObserverList<signin_internals_util::SigninDiagnosticsObserver, true>
       signin_diagnostics_observers_;
 
   base::WeakPtrFactory<SigninManager> weak_pointer_factory_;
 
+  int signin_process_id_;
 
 #if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
   // CloudPolicyClient reference we keep while determining whether to create
   // a new profile for an enterprise user or not.
   scoped_ptr<policy::CloudPolicyClient> policy_client_;
 #endif
 
   DISALLOW_COPY_AND_ASSIGN(SigninManager);
 };
 
 #endif  // CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_