signin: move SigninManagerBase::Signout to SigninManager.

chrome/browser/signin/signin_manager.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // The signin manager encapsulates some functionality tracking
 // which user is signed in. See SigninManagerBase for full description of
 // responsibilities. The class defined in this file provides functionality
 // required by all platforms except Chrome OS.
 //
 // When a user is signed in, a ClientLogin request is run on their behalf.
@@ skipping 55 matching lines @@
   // This is used to distinguish URLs belonging to the special web signin flow
   // running in the special signin process from other URLs on the same domain.
   // We do not grant WebUI privilieges / bindings to this process or to URLs of
   // this scheme; enforcement of privileges is handled separately by
   // OneClickSigninHelper.
   static const char* kChromeSigninEffectiveSite;
 
   explicit SigninManager(scoped_ptr<SigninManagerDelegate> delegate);
   virtual ~SigninManager();
 
+  // Returns true if the username is allowed based on the policy string.
+  static bool IsUsernameAllowedByPolicy(const std::string& username,
+                                        const std::string& policy);
+
   // Attempt to sign in this user with ClientLogin. If successful, set a
   // preference indicating the signed in user and send out a notification,
   // then start fetching tokens for the user.
   // This is overridden for test subclasses that don't want to issue auth
   // requests.
   virtual void StartSignIn(const std::string& username,
                            const std::string& password,
                            const std::string& login_token,
                            const std::string& login_captcha);
 
@@ skipping 17 matching lines @@
       const std::string& password,
       const OAuthTokenFetchedCallback& oauth_fetched_callback);
 
   // Copies auth credentials from one SigninManager to this one. This is used
   // when creating a new profile during the signin process to transfer the
   // in-progress credentials to the new profile.
   virtual void CopyCredentialsFrom(const SigninManager& source);
 
   // Sign a user out, removing the preference, erasing all keys
   // associated with the user, and canceling all auth in progress.
-  virtual void SignOut() OVERRIDE;
+  virtual void SignOut();
+
+  // On platforms where SigninManager is responsible for dealing with
+  // invalid username policy updates, we need to check this during
+  // initialization and sign the user out.
+  virtual void Initialize(Profile* profile) OVERRIDE;
 
   // Invoked from an OAuthTokenFetchedCallback to complete user signin.
   virtual void CompletePendingSignin();
 
   // Returns true if there's a signin in progress.
   virtual bool AuthInProgress() const OVERRIDE;
 
+  virtual bool IsSigninAllowed() const OVERRIDE;
+
+  // Returns true if the passed username is allowed by policy. Virtual for
+  // mocking in tests.
+  virtual bool IsAllowedUsername(const std::string& username) const;
+
   // If an authentication is in progress, return the username being
   // authenticated. Returns an empty string if no auth is in progress.
   const std::string& GetUsernameForAuthInProgress() const;
 
   // Handles errors if a required user info key is not returned from the
   // GetUserInfo call.
   void OnGetUserInfoKeyNotFound(const std::string& key);
 
   // Set the profile preference to turn off one-click sign-in so that it won't
   // ever show it again in this profile (even if the user tries a new account).
@@ skipping 22 matching lines @@
 
 
   // Tells the SigninManager whether to prohibit signout for this profile.
   // If |prohibit_signout| is true, then signout will be prohibited.
   void ProhibitSignout(bool prohibit_signout);
 
   // If true, signout is prohibited for this profile (calls to SignOut() are
   // ignored).
   bool IsSignoutProhibited() const;
 
+  // Checks if signin is allowed for the profile that owns |io_data|. This must
+  // be invoked on the IO thread, and can be used to check if signin is enabled
+  // on that thread.
+  static bool IsSigninAllowedOnIOThread(ProfileIOData* io_data);
+
   // Allows the SigninManager to track the privileged signin process
   // identified by |process_id| so that we can later ask (via IsSigninProcess)
   // if it is safe to sign the user in from the current context (see
   // OneClickSigninHelper).  All of this tracking state is reset once the
   // renderer process terminates.
   void SetSigninProcess(int process_id);
   bool IsSigninProcess(int process_id) const;
   bool HasSigninProcess() const;
 
  protected:
@@ skipping 43 matching lines @@
   // Called to handle an error from a GAIA auth fetch.  Sets the last error
   // to |error|, sends out a notification of login failure, and clears the
   // transient signin data if |clear_transient_data| is true.
   void HandleAuthError(const GoogleServiceAuthError& error,
                        bool clear_transient_data);
 
   // Called to tell GAIA that we will no longer be using the current refresh
   // token.
   void RevokeOAuthLoginToken();
 
+  void OnSigninAllowedPrefChanged();
+  void OnGoogleServicesUsernamePatternChanged();
+
   // ClientLogin identity.
   std::string possibly_invalid_username_;
   std::string password_;  // This is kept empty whenever possible.
   bool had_two_factor_error_;
 
   void CleanupNotificationRegistration();
 
   // Result of the last client login, kept pending the lookup of the
   // canonical email.
   ClientLoginResult last_result_;
@@ skipping 25 matching lines @@
   // See SetSigninProcess.  Tracks the currently active signin process
   // by ID, if there is one.
   int signin_process_id_;
 
   // Callback invoked during signin after an OAuth token has been fetched
   // but before signin is complete.
   OAuthTokenFetchedCallback oauth_token_fetched_callback_;
 
   scoped_ptr<SigninManagerDelegate> delegate_;
 
+  // Helper object to listen for changes to signin preferences stored in non-
+  // profile-specific local prefs (like kGoogleServicesUsernamePattern).
+  PrefChangeRegistrar local_state_pref_registrar_;
+
+  // Helper object to listen for changes to the signin allowed preference.
+  BooleanPrefMember signin_allowed_;
+
   DISALLOW_COPY_AND_ASSIGN(SigninManager);
 };
 
 #endif  // !defined(OS_CHROMEOS)
 
 #endif  // CHROME_BROWSER_SIGNIN_SIGNIN_MANAGER_H_