Attempt to recover sync token for managed user once we detected that sync auth fails.

chrome/browser/chromeos/login/auth_sync_observer.cc

Index: chrome/browser/chromeos/login/auth_sync_observer.cc
diff --git a/chrome/browser/chromeos/login/auth_sync_observer.cc b/chrome/browser/chromeos/login/auth_sync_observer.cc
index 4c623c2bee4f7c92cf8e961fa8bdce87b8cfa7cf..29e5deede66875fc09812938994571f79770d8c6 100644
--- a/chrome/browser/chromeos/login/auth_sync_observer.cc
+++ b/chrome/browser/chromeos/login/auth_sync_observer.cc
@@ -4,12 +4,15 @@
 
 #include "chrome/browser/chromeos/login/auth_sync_observer.h"
 
+#include "base/metrics/user_metrics.h"
+#include "base/metrics/user_metrics_action.h"
 #include "base/prefs/pref_service.h"
 #include "chrome/browser/chromeos/login/supervised_user_manager.h"
 #include "chrome/browser/chromeos/login/user_manager.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/profile_sync_service_factory.h"
 #include "chrome/common/pref_names.h"
+#include "content/public/browser/user_metrics.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 
 class Profile;
@@ -43,6 +46,7 @@ void AuthSyncObserver::OnStateChanged() {
          UserManager::Get()->IsLoggedInAsLocallyManagedUser());
   ProfileSyncService* sync_service =
       ProfileSyncServiceFactory::GetForProfile(profile_);
+  User* user = UserManager::Get()->GetUserByProfile(profile_);
   GoogleServiceAuthError::State state =
       sync_service->GetAuthError().state();
   if (state != GoogleServiceAuthError::NONE &&
@@ -54,21 +58,39 @@ void AuthSyncObserver::OnStateChanged() {
     // TODO(nkostylev): Remove after crosbug.com/25978 is implemented.
     LOG(WARNING) << "Invalidate OAuth token because of a sync error: "
                  << sync_service->GetAuthError().ToString();
-    std::string email = profile_->GetProfileName();
-    if (email.empty() && UserManager::Get()->IsLoggedInAsLocallyManagedUser()) {
-      std::string sync_id =
-          profile_->GetPrefs()->GetString(prefs::kManagedUserId);
-      const User* user =
-          UserManager::Get()->GetSupervisedUserManager()->FindBySyncId(sync_id);
-      if (user)
-        email = user->email();
-    }
+    std::string email = user->email();
     DCHECK(!email.empty());
     // TODO(nkostyelv): Change observer after active user has changed.
-    UserManager::Get()->SaveUserOAuthStatus(
-        gaia::CanonicalizeEmail(email),
+    User::OAuthTokenStatus old_status = user->oauth_token_status();
+    UserManager::Get()->SaveUserOAuthStatus(email,
         User::OAUTH2_TOKEN_STATUS_INVALID);
+    if (user->GetType() == User::USER_TYPE_LOCALLY_MANAGED &&
+        old_status != User::OAUTH2_TOKEN_STATUS_INVALID) {
+       // Attempt to restore token from file.
+       UserManager::Get()->GetSupervisedUserManager()->LoadSupervisedUserToken(
+           profile_,
+           base::Bind(&AuthSyncObserver::OnSupervisedTokenLoaded,
+               base::Unretained(this)));
+       content::RecordAction(
+           base::UserMetricsAction("ManagedUsers_Chromeos_Sync_Invalidated"));
+    }
+  } else if (state == GoogleServiceAuthError::NONE) {
+    if (user->GetType() == User::USER_TYPE_LOCALLY_MANAGED &&
+        user->oauth_token_status() == User::OAUTH2_TOKEN_STATUS_INVALID) {
+      LOG(ERROR) <<
+          "Got an incorrectly invalidated token case, restoring token status.";
+      UserManager::Get()->SaveUserOAuthStatus(
+          user->email(),
+          User::OAUTH2_TOKEN_STATUS_VALID);
+       content::RecordAction(
+           base::UserMetricsAction("ManagedUsers_Chromeos_Sync_Recovered"));
+    }
   }
 }
 
+void AuthSyncObserver::OnSupervisedTokenLoaded(const std::string& token) {
+  UserManager::Get()->GetSupervisedUserManager()->ConfigureSyncWithToken(
+      profile_, token);
+}
+
 }  // namespace chromeos