signin: pull basic SigninManager functionality into new SigninManagerBase class.

chrome/browser/signin/signin_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/signin_manager.h"
 
 #include <string>
 #include <vector>
 
 #include "base/command_line.h"
@@ skipping 29 matching lines @@
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/render_process_host.h"
 #include "google_apis/gaia/gaia_auth_fetcher.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "net/base/escape.h"
 #include "net/url_request/url_request_context.h"
 #include "third_party/icu/public/i18n/unicode/regex.h"
 
-#if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
+#if defined(ENABLE_CONFIGURATION_POLICY)
 #include "chrome/browser/policy/cloud/user_policy_signin_service.h"
 #include "chrome/browser/policy/cloud/user_policy_signin_service_factory.h"
 #endif
 
 using namespace signin_internals_util;
 
 using content::BrowserThread;
 
 namespace {
 
 const char kGetInfoDisplayEmailKey[] = "displayEmail";
 const char kGetInfoEmailKey[] = "email";
 
-const char kGoogleAccountsUrl[] = "https://accounts.google.com";
-
 const int kInvalidProcessId = -1;
 
 const char kChromiumSyncService[] = "service=chromiumsync";
 
 }  // namespace
 
 // Under the covers, we use a dummy chrome-extension ID to serve the purposes
 // outlined in the .h file comment for this string.
 const char* SigninManager::kChromeSigninEffectiveSite =
     "chrome-extension://acfccoigjajmmgbhpfbjnpckhjjegnih";
@@ skipping 11 matching lines @@
     return false;
 
   // Any login UI URLs with signin=chromiumsync should be considered a web
   // URL (relies on GAIA keeping the "service=chromiumsync" query string
   // fragment present even when embedding inside a "continue" parameter).
   return net::UnescapeURLComponent(
       url.query(), net::UnescapeRule::URL_SPECIAL_CHARS)
           .find(kChromiumSyncService) != std::string::npos;
 }
 
-// static
-bool SigninManager::AreSigninCookiesAllowed(Profile* profile) {
-  CookieSettings* cookie_settings =
-      CookieSettings::Factory::GetForProfile(profile);
-  return AreSigninCookiesAllowed(cookie_settings);
-}
-
-// static
-bool SigninManager::AreSigninCookiesAllowed(CookieSettings* cookie_settings) {
-  return cookie_settings &&
-      cookie_settings->IsSettingCookieAllowed(GURL(kGoogleAccountsUrl),
-                                              GURL(kGoogleAccountsUrl));
-}
-
-// static
-bool SigninManager::IsAllowedUsername(const std::string& username,
-                                      const std::string& policy) {
-  if (policy.empty())
-    return true;
-
-  // Patterns like "*@foo.com" are not accepted by our regex engine (since they
-  // are not valid regular expressions - they should instead be ".*@foo.com").
-  // For convenience, detect these patterns and insert a "." character at the
-  // front.
-  string16 pattern = UTF8ToUTF16(policy);
-  if (pattern[0] == L'*')
-    pattern.insert(pattern.begin(), L'.');
-
-  // See if the username matches the policy-provided pattern.
-  UErrorCode status = U_ZERO_ERROR;
-  const icu::UnicodeString icu_pattern(pattern.data(), pattern.length());
-  icu::RegexMatcher matcher(icu_pattern, UREGEX_CASE_INSENSITIVE, status);
-  if (!U_SUCCESS(status)) {
-    LOG(ERROR) << "Invalid login regex: " << pattern << ", status: " << status;
-    // If an invalid pattern is provided, then prohibit *all* logins (better to
-    // break signin than to quietly allow users to sign in).
-    return false;
-  }
-  string16 username16 = UTF8ToUTF16(username);
-  icu::UnicodeString icu_input(username16.data(), username16.length());
-  matcher.reset(icu_input);
-  status = U_ZERO_ERROR;
-  UBool match = matcher.matches(status);
-  DCHECK(U_SUCCESS(status));
-  return !!match;  // !! == convert from UBool to bool.
-}
-
 SigninManager::SigninManager()
-    : profile_(NULL),
-      prohibit_signout_(false),
+    : prohibit_signout_(false),
       had_two_factor_error_(false),
       type_(SIGNIN_TYPE_NONE),
       weak_pointer_factory_(this),
       signin_process_id_(kInvalidProcessId) {
 }
 
 void SigninManager::SetSigninProcess(int process_id) {
   if (process_id == signin_process_id_)
     return;
   DLOG_IF(WARNING, signin_process_id_ != kInvalidProcessId) <<
       "Replacing in-use signin process.";
   signin_process_id_ = process_id;
   const content::RenderProcessHost* process =
       content::RenderProcessHost::FromID(process_id);
   DCHECK(process);
   registrar_.Add(this,
                  content::NOTIFICATION_RENDERER_PROCESS_TERMINATED,
                  content::Source<content::RenderProcessHost>(process));
 }
 
 bool SigninManager::IsSigninProcess(int process_id) const {
   return process_id == signin_process_id_;
 }
 
 bool SigninManager::HasSigninProcess() const {
   return signin_process_id_ != kInvalidProcessId;
 }
 
 SigninManager::~SigninManager() {
-  DCHECK(!signin_global_error_.get()) <<
-      "SigninManager::Initialize called but not SigninManager::Shutdown";
 }
 
-void SigninManager::Initialize(Profile* profile) {
-  // Should never call Initialize() twice.
-  DCHECK(!IsInitialized());
-  profile_ = profile;
-  signin_global_error_.reset(new SigninGlobalError(this, profile));
-  GlobalErrorServiceFactory::GetForProfile(profile_)->AddGlobalError(
-      signin_global_error_.get());
-  PrefService* local_state = g_browser_process->local_state();
-  // local_state can be null during unit tests.
-  if (local_state) {
-    local_state_pref_registrar_.Init(local_state);
-    local_state_pref_registrar_.Add(
-        prefs::kGoogleServicesUsernamePattern,
-        base::Bind(&SigninManager::OnGoogleServicesUsernamePatternChanged,
-                   weak_pointer_factory_.GetWeakPtr()));
-  }
-  signin_allowed_.Init(prefs::kSigninAllowed, profile_->GetPrefs(),
-                       base::Bind(&SigninManager::OnSigninAllowedPrefChanged,
-                                  base::Unretained(this)));
-
-  // If the user is clearing the token service from the command line, then
-  // clear their login info also (not valid to be logged in without any
-  // tokens).
-  CommandLine* cmd_line = CommandLine::ForCurrentProcess();
-  if (cmd_line->HasSwitch(switches::kClearTokenService))
-    profile->GetPrefs()->ClearPref(prefs::kGoogleServicesUsername);
-
-  std::string user = profile_->GetPrefs()->GetString(
-      prefs::kGoogleServicesUsername);
-  if (!user.empty())
-    SetAuthenticatedUsername(user);
-  // TokenService can be null for unit tests.
+void SigninManager::InitTokenService() {
+  SigninManagerBase::InitTokenService();
   TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
-  if (token_service) {
-    token_service->Initialize(GaiaConstants::kChromeSource, profile_);
-    // ChromeOS will kick off TokenService::LoadTokensFromDB from
-    // OAuthLoginManager once the rest of the Profile is fully initialized.
-    // Starting it from here would cause OAuthLoginManager mismatch the origin
-    // of OAuth2 tokens.
-#if !defined(OS_CHROMEOS)
-    if (!authenticated_username_.empty()) {
-      token_service->LoadTokensFromDB();
-    }
-#endif
-  }
-  if ((!user.empty() && !IsAllowedUsername(user)) || !IsSigninAllowed()) {
-    // User is signed in, but the username is invalid - the administrator must
-    // have changed the policy since the last signin, so sign out the user.
-    SignOut();
-  }
-}
-
-bool SigninManager::IsInitialized() const {
-  return profile_ != NULL;
-}
-
-bool SigninManager::IsAllowedUsername(const std::string& username) const {
-  PrefService* local_state = g_browser_process->local_state();
-  if (!local_state)
-    return true; // In a unit test with no local state - all names are allowed.
-
-  std::string pattern = local_state->GetString(
-      prefs::kGoogleServicesUsernamePattern);
-  return IsAllowedUsername(username, pattern);
-}
-
-bool SigninManager::IsSigninAllowed() const {
-  return signin_allowed_.GetValue();
-}
-
-// static
-bool SigninManager::IsSigninAllowedOnIOThread(ProfileIOData* io_data) {
-  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
-  return io_data->signin_allowed()->GetValue();
+  if (token_service && !GetAuthenticatedUsername().empty())
+    token_service->LoadTokensFromDB();
 }
 
 void SigninManager::CleanupNotificationRegistration() {
-#if !defined(OS_CHROMEOS)
   content::Source<TokenService> token_service(
       TokenServiceFactory::GetForProfile(profile_));
   if (registrar_.IsRegistered(this,
                               chrome::NOTIFICATION_TOKEN_AVAILABLE,
                               token_service)) {
     registrar_.Remove(this,
                       chrome::NOTIFICATION_TOKEN_AVAILABLE,
                       token_service);
   }
-#endif
-}
-
-const std::string& SigninManager::GetAuthenticatedUsername() const {
-  return authenticated_username_;
-}
-
-void SigninManager::SetAuthenticatedUsername(const std::string& username) {
-  if (!authenticated_username_.empty()) {
-    DLOG_IF(ERROR, username != authenticated_username_) <<
-        "Tried to change the authenticated username to something different: " <<
-        "Current: " << authenticated_username_ << ", New: " << username;
-    return;
-  }
-  authenticated_username_ = username;
-  // TODO(tim): We could go further in ensuring kGoogleServicesUsername and
-  // authenticated_username_ are consistent once established (e.g. remove
-  // authenticated_username_ altogether). Bug 107160.
-
-  NotifyDiagnosticsObservers(USERNAME, username);
-
-  // Go ahead and update the last signed in username here as well. Once a
-  // user is signed in the two preferences should match. Doing it here as
-  // opposed to on signin allows us to catch the upgrade scenario.
-  profile_->GetPrefs()->SetString(prefs::kGoogleServicesLastUsername, username);
 }
 
 std::string SigninManager::SigninTypeToString(
     SigninManager::SigninType type) {
   switch (type) {
     case SIGNIN_TYPE_NONE:
       return "No Signin";
     case SIGNIN_TYPE_CLIENT_LOGIN:
       return "Client Login";
     case SIGNIN_TYPE_WITH_CREDENTIALS:
@@ skipping 37 matching lines @@
 
   NotifyDiagnosticsObservers(SIGNIN_TYPE, SigninTypeToString(type));
   return true;
 }
 
 // Users must always sign out before they sign in again.
 void SigninManager::StartSignIn(const std::string& username,
                                 const std::string& password,
                                 const std::string& login_token,
                                 const std::string& login_captcha) {
-  DCHECK(authenticated_username_.empty() ||
-         gaia::AreEmailsSame(username, authenticated_username_));
+  DCHECK(GetAuthenticatedUsername().empty() ||
+         gaia::AreEmailsSame(username, GetAuthenticatedUsername()));
 
   if (!PrepareForSignin(SIGNIN_TYPE_CLIENT_LOGIN, username, password))
     return;
 
   client_login_->StartClientLogin(username,
                                   password,
                                   "",
                                   login_token,
                                   login_captcha,
                                   GaiaAuthFetcher::HostedAccountsNotAllowed);
 
   // Register for token availability.  The signin manager will pre-login the
-  // user when the GAIA service token is ready for use.  Only do this if we
-  // are not running in ChomiumOS, since it handles pre-login itself, and if
-  // cookies are not disabled for Google accounts.
-#if !defined(OS_CHROMEOS)
+  // user when the GAIA service token is ready for use.
   if (AreSigninCookiesAllowed(profile_)) {
     TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
     registrar_.Add(this,
                    chrome::NOTIFICATION_TOKEN_AVAILABLE,
                    content::Source<TokenService>(token_service));
   }
-#endif
 }
 
 void SigninManager::ProvideSecondFactorAccessCode(
     const std::string& access_code) {
   DCHECK(!possibly_invalid_username_.empty() && !password_.empty() &&
       last_result_.data.empty());
   DCHECK(type_ == SIGNIN_TYPE_CLIENT_LOGIN);
 
   client_login_.reset(new GaiaAuthFetcher(this,
                                           GaiaConstants::kChromeSource,
                                           profile_->GetRequestContext()));
   client_login_->StartClientLogin(possibly_invalid_username_,
                                   access_code,
                                   "",
                                   std::string(),
                                   std::string(),
                                   GaiaAuthFetcher::HostedAccountsNotAllowed);
 }
 
 void SigninManager::StartSignInWithCredentials(const std::string& session_index,
                                                const std::string& username,
                                                const std::string& password) {
-  DCHECK(authenticated_username_.empty() ||
-         gaia::AreEmailsSame(username, authenticated_username_));
+  DCHECK(GetAuthenticatedUsername().empty() ||
+         gaia::AreEmailsSame(username, GetAuthenticatedUsername()));
 
   if (!PrepareForSignin(SIGNIN_TYPE_WITH_CREDENTIALS, username, password))
     return;
 
   if (password.empty()) {
     // Chrome must verify the GAIA cookies first if auto sign-in is triggered
     // with no password provided. This is to protect Chrome against forged
     // GAIA cookies from a super-domain.
     VerifyGaiaCookiesBeforeSignIn(session_index);
   } else {
@@ skipping 43 matching lines @@
   if (success) {
     client_login_->StartCookieForOAuthLoginTokenExchange(session_index);
   } else {
     HandleAuthError(GoogleServiceAuthError(
         GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS), true);
   }
 }
 
 void SigninManager::StartSignInWithOAuth(const std::string& username,
                                          const std::string& password) {
-  DCHECK(authenticated_username_.empty());
+  DCHECK(GetAuthenticatedUsername().empty());
 
   if (!PrepareForSignin(SIGNIN_TYPE_CLIENT_OAUTH, username, password))
     return;
 
   std::vector<std::string> scopes;
   scopes.push_back(GaiaUrls::GetInstance()->oauth1_login_scope());
   const std::string& locale = g_browser_process->GetApplicationLocale();
 
   client_login_->StartClientOAuth(
       username, password, scopes, std::string(), locale);
 
   // Register for token availability.  The signin manager will pre-login the
-  // user when the GAIA service token is ready for use.  Only do this if we
-  // are not running in ChomiumOS, since it handles pre-login itself, and if
-  // cookies are not disabled for Google accounts.
-#if !defined(OS_CHROMEOS)
+  // user when the GAIA service token is ready for use.
   if (AreSigninCookiesAllowed(profile_)) {
     TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
     registrar_.Add(this,
                    chrome::NOTIFICATION_TOKEN_AVAILABLE,
                    content::Source<TokenService>(token_service));
   }
-#endif
 }
 
 void SigninManager::ProvideOAuthChallengeResponse(
     GoogleServiceAuthError::State type,
     const std::string& token,
     const std::string& solution) {
   DCHECK(!possibly_invalid_username_.empty() && !password_.empty());
   DCHECK(type_ == SIGNIN_TYPE_CLIENT_OAUTH);
 
   client_login_.reset(new GaiaAuthFetcher(this,
                                           GaiaConstants::kChromeSource,
                                           profile_->GetRequestContext()));
   client_login_->StartClientOAuthChallengeResponse(type, token, solution);
 }
 
 void SigninManager::ClearTransientSigninData() {
   DCHECK(IsInitialized());
 
   CleanupNotificationRegistration();
   client_login_.reset();
-#if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
+#if defined(ENABLE_CONFIGURATION_POLICY)
   policy_client_.reset();
 #endif
   last_result_ = ClientLoginResult();
   possibly_invalid_username_.clear();
   password_.clear();
   had_two_factor_error_ = false;
   type_ = SIGNIN_TYPE_NONE;
   temp_oauth_login_tokens_ = ClientOAuthResult();
 }
 
 void SigninManager::HandleAuthError(const GoogleServiceAuthError& error,
                                     bool clear_transient_data) {
   // In some cases, the user should not be signed out.  For example, the failure
   // may be due to a captcha or OTP challenge.  In these cases, the transient
   // data must be kept to properly handle the follow up. This routine clears
   // the data before sending out the notification so the SigninManager is no
   // longer in the AuthInProgress state when the notification goes out.
   if (clear_transient_data)
     ClearTransientSigninData();
 
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_GOOGLE_SIGNIN_FAILED,
       content::Source<Profile>(profile_),
       content::Details<const GoogleServiceAuthError>(&error));
 }
 
 void SigninManager::SignOut() {
   DCHECK(IsInitialized());
 
-  if (authenticated_username_.empty()) {
+  if (GetAuthenticatedUsername().empty()) {
     if (AuthInProgress()) {
       // If the user is in the process of signing in, then treat a call to
       // SignOut as a cancellation request.
       GoogleServiceAuthError error(GoogleServiceAuthError::REQUEST_CANCELED);
       HandleAuthError(error, true);
     } else {
       // Clean up our transient data and exit if we aren't signed in.
       // This avoids a perf regression from clearing out the TokenDB if
       // SignOut() is invoked on startup to clean up any incomplete previous
       // signin attempts.
       ClearTransientSigninData();
     }
     return;

[Andrew T Wilson (Slow), 2013/04/18 13:28:07]

Not to keep beating on the SignOut drum, but it's fragile to have a derived
class handler not call its superclass, as it assumes that the derived class has
completely knowledge of everything the superclass does and can guarantee that
it's safe not to call the superclass.

Which is fine in some situations, but I think is unnecessary in this case,
especially if we make the base class implementation empty.

   }
 
   if (prohibit_signout_) {
     DVLOG(1) << "Ignoring attempt to sign out while signout is prohibited";
     return;
   }
-  DCHECK(!authenticated_username_.empty());
-  GoogleServiceSignoutDetails details(authenticated_username_);
 
   ClearTransientSigninData();
-  authenticated_username_.clear();
-  profile_->GetPrefs()->ClearPref(prefs::kGoogleServicesUsername);
-
-  // Erase (now) stale information from AboutSigninInternals.
-  NotifyDiagnosticsObservers(USERNAME, std::string());
-  NotifyDiagnosticsObservers(LSID, std::string());
-  NotifyDiagnosticsObservers(signin_internals_util::SID, std::string());
-
-  TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
-  content::NotificationService::current()->Notify(
-      chrome::NOTIFICATION_GOOGLE_SIGNED_OUT,
-      content::Source<Profile>(profile_),
-      content::Details<const GoogleServiceSignoutDetails>(&details));
   RevokeOAuthLoginToken();
-  token_service->ResetCredentialsInMemory();
-  token_service->EraseTokensFromDB();
+  SigninManagerBase::SignOut();
 }
 
 void SigninManager::RevokeOAuthLoginToken() {
   TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
   if (token_service->HasOAuthLoginToken()) {
     revoke_token_fetcher_.reset(
         new GaiaAuthFetcher(this,
                             GaiaConstants::kChromeSource,
                             profile_->GetRequestContext()));
     revoke_token_fetcher_->StartRevokeOAuth2Token(
@@ skipping 107 matching lines @@
   // expected, return an error.
   if (type_ == SIGNIN_TYPE_WITH_CREDENTIALS &&
       !gaia::AreEmailsSame(display_email_iter->second,
                            possibly_invalid_username_)) {
     OnGetUserInfoKeyNotFound(kGetInfoDisplayEmailKey);
     return;
   }
 
   possibly_invalid_username_ = email_iter->second;
 
-#if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
+#if defined(ENABLE_CONFIGURATION_POLICY)
   // TODO(atwilson): Move this code out to OneClickSignin instead of having
   // it embedded in SigninManager - we don't want UI logic in SigninManager.
   // If this is a new signin (authenticated_username_ is not set) and we have
   // an OAuth token, try loading policy for this user now, before any signed in
   // services are initialized. If there's no oauth token (the user is using the
   // old ClientLogin flow) then policy will get loaded once the TokenService
   // finishes initializing (not ideal, but it's a reasonable fallback).
-  if (authenticated_username_.empty() &&
+  if (GetAuthenticatedUsername().empty() &&
       !temp_oauth_login_tokens_.refresh_token.empty()) {
     policy::UserPolicySigninService* policy_service =
         policy::UserPolicySigninServiceFactory::GetForProfile(profile_);
     policy_service->RegisterPolicyClient(
         possibly_invalid_username_,
         temp_oauth_login_tokens_.refresh_token,
         base::Bind(&SigninManager::OnRegisteredForPolicy,
                    weak_pointer_factory_.GetWeakPtr()));
     return;
   }
 #endif
 
   // Not waiting for policy load - just complete signin directly.
   CompleteSigninAfterPolicyLoad();
 }
 
-#if defined(ENABLE_CONFIGURATION_POLICY) && !defined(OS_CHROMEOS)
+#if defined(ENABLE_CONFIGURATION_POLICY)
 void SigninManager::OnRegisteredForPolicy(
     scoped_ptr<policy::CloudPolicyClient> client) {
   // If there's no token for the user (no policy) just finish signing in.
   if (!client.get()) {
     DVLOG(1) << "Policy registration failed";
     CompleteSigninAfterPolicyLoad();
     return;
   }
 
   // Stash away a copy of our CloudPolicyClient (should not already have one).
@@ skipping 85 matching lines @@
     SignOut();
   }
 }
 #endif
 
 void SigninManager::CompleteSigninAfterPolicyLoad() {
   DCHECK(!possibly_invalid_username_.empty());
   SetAuthenticatedUsername(possibly_invalid_username_);
   possibly_invalid_username_.clear();
   profile_->GetPrefs()->SetString(prefs::kGoogleServicesUsername,
-                                  authenticated_username_);
+                                  GetAuthenticatedUsername());
 
-  GoogleServiceSigninSuccessDetails details(authenticated_username_,
+  GoogleServiceSigninSuccessDetails details(GetAuthenticatedUsername(),
                                             password_);
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_GOOGLE_SIGNIN_SUCCESSFUL,
       content::Source<Profile>(profile_),
       content::Details<const GoogleServiceSigninSuccessDetails>(&details));
 
   password_.clear();  // Don't need it anymore.
   DisableOneClickSignIn(profile_);  // Don't ever offer again.
 
   TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
@@ skipping 30 matching lines @@
 
 void SigninManager::OnUbertokenFailure(const GoogleServiceAuthError& error) {
   LOG(WARNING) << " Unable to login the user to the web: " << error.ToString();
   ubertoken_fetcher_.reset();
 }
 
 void SigninManager::Observe(int type,
                             const content::NotificationSource& source,
                             const content::NotificationDetails& details) {
   switch (type) {
-#if !defined(OS_CHROMEOS)
     case chrome::NOTIFICATION_TOKEN_AVAILABLE: {
       TokenService::TokenAvailableDetails* tok_details =
           content::Details<TokenService::TokenAvailableDetails>(
               details).ptr();
 
       // If a GAIA service token has become available, use it to pre-login the
       // user to other services that depend on GAIA credentials.
       if (tok_details->service() ==
           GaiaConstants::kGaiaOAuth2LoginRefreshToken) {
         ubertoken_fetcher_.reset(new UbertokenFetcher(profile_, this));
@@ skipping 11 matching lines @@
       // if this was from the current signin process.
       registrar_.Remove(this,
                         content::NOTIFICATION_RENDERER_PROCESS_TERMINATED,
                         source);
       if (signin_process_id_ ==
           content::Source<content::RenderProcessHost>(source)->GetID()) {
         signin_process_id_ = kInvalidProcessId;
       }
       break;
     }
-#endif
     default:
       NOTREACHED();
   }
 }
 
-void SigninManager::Shutdown() {
-  if (signin_global_error_.get()) {
-    GlobalErrorServiceFactory::GetForProfile(profile_)->RemoveGlobalError(
-        signin_global_error_.get());
-    signin_global_error_.reset();
-  }
-}
-
 void SigninManager::ProhibitSignout(bool prohibit_signout) {
   prohibit_signout_ = prohibit_signout;
 }
 
 bool SigninManager::IsSignoutProhibited() const {
   return prohibit_signout_;
 }
-
-void SigninManager::OnGoogleServicesUsernamePatternChanged() {
-  if (!authenticated_username_.empty() &&
-      !IsAllowedUsername(authenticated_username_)) {
-    // Signed in user is invalid according to the current policy so sign
-    // the user out.
-    SignOut();
-  }
-}
-
-void SigninManager::OnSigninAllowedPrefChanged() {
-  if (!IsSigninAllowed())
-    SignOut();
-}
-
-void SigninManager::AddSigninDiagnosticsObserver(
-    SigninDiagnosticsObserver* observer) {
-  signin_diagnostics_observers_.AddObserver(observer);
-}
-
-void SigninManager::RemoveSigninDiagnosticsObserver(
-    SigninDiagnosticsObserver* observer) {
-  signin_diagnostics_observers_.RemoveObserver(observer);
-}
-
-void SigninManager::NotifyDiagnosticsObservers(
-    const UntimedSigninStatusField& field,
-    const std::string& value) {
-  FOR_EACH_OBSERVER(SigninDiagnosticsObserver,
-                    signin_diagnostics_observers_,
-                    NotifySigninValueChanged(field, value));
-}
-
-void SigninManager::NotifyDiagnosticsObservers(
-    const TimedSigninStatusField& field,
-    const std::string& value) {
-  FOR_EACH_OBSERVER(SigninDiagnosticsObserver,
-                    signin_diagnostics_observers_,
-                    NotifySigninValueChanged(field, value));
-}