Attempt to recover sync token for managed user once we detected that sync auth fails.

chrome/browser/chromeos/login/auth_sync_observer.cc

Index: chrome/browser/chromeos/login/auth_sync_observer.cc
diff --git a/chrome/browser/chromeos/login/auth_sync_observer.cc b/chrome/browser/chromeos/login/auth_sync_observer.cc
index 4c623c2bee4f7c92cf8e961fa8bdce87b8cfa7cf..d17228e7a54f185c05c75314cb0a1ef649ceeabc 100644
--- a/chrome/browser/chromeos/login/auth_sync_observer.cc
+++ b/chrome/browser/chromeos/login/auth_sync_observer.cc
@@ -43,6 +43,7 @@ void AuthSyncObserver::OnStateChanged() {
          UserManager::Get()->IsLoggedInAsLocallyManagedUser());
   ProfileSyncService* sync_service =
       ProfileSyncServiceFactory::GetForProfile(profile_);
+  User* user = UserManager::Get()->GetUserByProfile(profile_);
   GoogleServiceAuthError::State state =
       sync_service->GetAuthError().state();
   if (state != GoogleServiceAuthError::NONE &&
@@ -54,21 +55,36 @@ void AuthSyncObserver::OnStateChanged() {
     // TODO(nkostylev): Remove after crosbug.com/25978 is implemented.
     LOG(WARNING) << "Invalidate OAuth token because of a sync error: "
                  << sync_service->GetAuthError().ToString();
-    std::string email = profile_->GetProfileName();
-    if (email.empty() && UserManager::Get()->IsLoggedInAsLocallyManagedUser()) {
-      std::string sync_id =
-          profile_->GetPrefs()->GetString(prefs::kManagedUserId);
-      const User* user =
-          UserManager::Get()->GetSupervisedUserManager()->FindBySyncId(sync_id);
-      if (user)
-        email = user->email();
-    }
+    std::string email = user->email();
     DCHECK(!email.empty());
     // TODO(nkostyelv): Change observer after active user has changed.
-    UserManager::Get()->SaveUserOAuthStatus(
-        gaia::CanonicalizeEmail(email),
+    User::OAuthTokenStatus old_status = user->oauth_token_status();
+    UserManager::Get()->SaveUserOAuthStatus(email,
         User::OAUTH2_TOKEN_STATUS_INVALID);
+    if (user->GetType() == User::USER_TYPE_LOCALLY_MANAGED &&
+        old_status == User::OAUTH2_TOKEN_STATUS_VALID) {

[Nikita (slow), 2014/02/07 09:51:48]

This needs to be checked as 
old_status != User::OAUTH2_TOKEN_STATUS_INVALID

since first generation supervised users didn't have their token status set
correctly and it was OAUTH_TOKEN_STATUS_UNKNOWN. 

+       // Attempt to restore token from file.
+       UserManager::Get()->GetSupervisedUserManager()->LoadSupervisedUserToken(

[Nikita (slow), 2014/02/07 09:51:48]

nit: Please add UMA metric to track this.

+           profile_,
+           base::Bind(&AuthSyncObserver::OnSupervisedTokenLoaded,
+               base::Unretained(this)));
+
+    }
+  } else if (state == GoogleServiceAuthError::NONE) {
+    if (user->GetType() == User::USER_TYPE_LOCALLY_MANAGED &&
+        user->oauth_token_status() == User::OAUTH2_TOKEN_STATUS_INVALID) {
+      LOG(ERROR) <<

[Nikita (slow), 2014/02/07 09:51:48]

nit: Please add UMA metric to track this.

+          "Got an incorrectly invalidated token case, restoring token status.";
+      UserManager::Get()->SaveUserOAuthStatus(
+          user->email(),
+          User::OAUTH2_TOKEN_STATUS_VALID);
+    }
   }
 }
 
+void AuthSyncObserver::OnSupervisedTokenLoaded(const std::string& token) {
+  UserManager::Get()->GetSupervisedUserManager()->ConfigureSyncWithToken(
+      profile_, token);
+}
+
 }  // namespace chromeos