Stop trusting the sign-in process if it manages to navigate to another URL.

chrome/browser/ui/sync/one_click_signin_helper.cc

Index: chrome/browser/ui/sync/one_click_signin_helper.cc
diff --git a/chrome/browser/ui/sync/one_click_signin_helper.cc b/chrome/browser/ui/sync/one_click_signin_helper.cc
index e94693f634c718d763c98df492e13c0b83c7b50b..8b1cf02f54ec1bf44da6d833cfaba93e4488a677 100644
--- a/chrome/browser/ui/sync/one_click_signin_helper.cc
+++ b/chrome/browser/ui/sync/one_click_signin_helper.cc
@@ -991,6 +991,22 @@ void OneClickSigninHelper::NavigateToPendingEntry(
   }
 }
 
+void OneClickSigninHelper::DidNavigateMainFrame(

[tim (not reviewing), 2013/06/25 22:39:43]

I forget how WebContentsObserver works... are we sure "main frame" is
sufficient?

[Charlie Reis, 2013/06/26 01:25:39]

Yes, since the main frame is what determines the process.  (At least until we
have OOP iframes.)

+    const content::LoadCommittedDetails& details,
+    const content::FrameNavigateParams& params) {
+  // If we navigate to a non-sign-in URL, make sure that the renderer process
+  // is no longer considered the trusted sign-in process.
+  if (!SigninManager::IsWebBasedSigninFlowURL(params.url)) {
+    Profile* profile =
+        Profile::FromBrowserContext(web_contents()->GetBrowserContext());
+    DCHECK(profile);

[tim (not reviewing), 2013/06/25 22:39:43]

Asserting that the profile is non-null and then handling the NULL case is
strange.  Just pass it to GetForProfile?

[Charlie Reis, 2013/06/26 01:25:39]

Sure.

+    SigninManager* manager = profile ?
+        SigninManagerFactory::GetForProfile(profile) : NULL;
+    if (manager)
+      manager->ClearSigninProcess();
+  }
+}
+
 void OneClickSigninHelper::DidStopLoading(
     content::RenderViewHost* render_view_host) {
   // If the user left the sign in process, clear all members.