Calls FireRefreshTokenRevoked if an account is removed.

chrome/browser/signin/android_profile_oauth2_token_service.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/android_profile_oauth2_token_service.h"
 
 #include "base/android/jni_android.h"
 #include "base/android/jni_array.h"
 #include "base/android/jni_string.h"
 #include "base/bind.h"
@@ skipping 80 matching lines @@
   ScopedJavaLocalRef<jobjectArray> j_accounts =
       Java_OAuth2TokenService_getAccounts(
           env, base::android::GetApplicationContext());
   // TODO(fgorski): We may decide to filter out some of the accounts.
   base::android::AppendJavaStringArrayToStringVector(env,
                                                      j_accounts.obj(),
                                                      &accounts);
   return accounts;
 }
 
+std::vector<std::string> AndroidProfileOAuth2TokenService::GetSystemAccounts() {
+  std::vector<std::string> accounts;
+  JNIEnv* env = AttachCurrentThread();
+  ScopedJavaLocalRef<jobjectArray> j_accounts =
+      Java_OAuth2TokenService_getSystemAccounts(
+          env, base::android::GetApplicationContext());
+  base::android::AppendJavaStringArrayToStringVector(env,
+                                                     j_accounts.obj(),
+                                                     &accounts);
+  return accounts;
+}
+
 void AndroidProfileOAuth2TokenService::FetchOAuth2Token(
     RequestImpl* request,
     const std::string& account_id,
     net::URLRequestContextGetter* getter,
     const std::string& client_id,
     const std::string& client_secret,
     const OAuth2TokenService::ScopeSet& scopes) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
   DCHECK(!account_id.empty());
 
@@ skipping 39 matching lines @@
                                             access_token);
 
   JNIEnv* env = AttachCurrentThread();
   ScopedJavaLocalRef<jstring> j_access_token =
       ConvertUTF8ToJavaString(env, access_token);
   Java_OAuth2TokenService_invalidateOAuth2AuthToken(
       env, base::android::GetApplicationContext(),
       j_access_token.obj());
 }
 
-void AndroidProfileOAuth2TokenService::ValidateAccounts(JNIEnv* env,
-                                                        jobject obj,
-                                                        jobjectArray accounts,
-                                                        jstring j_current_acc) {
-  std::vector<std::string> account_ids;
-  base::android::AppendJavaStringArrayToStringVector(env,
-                                                     accounts,
-                                                     &account_ids);
+void AndroidProfileOAuth2TokenService::ValidateAccounts(
+    JNIEnv* env,
+    jobject obj,
+    jstring j_current_acc) {
   std::string signed_in_account = ConvertJavaStringToUTF8(env, j_current_acc);
-  ValidateAccounts(signed_in_account, account_ids);
+  ValidateAccounts(signed_in_account);
 }
 
 void AndroidProfileOAuth2TokenService::ValidateAccounts(
+    const std::string& signed_in_account) {
+  std::vector<std::string> prev_ids = GetAccounts();
+  std::vector<std::string> curr_ids = GetSystemAccounts();
+
+  if (!ValidateAccounts(signed_in_account, prev_ids, curr_ids)) {

[nyquist, 2014/04/24 22:27:05]

Nit: Remove { } to be consistent?

+    curr_ids.clear();
+  }
+
+  JNIEnv* env = AttachCurrentThread();
+  ScopedJavaLocalRef<jobjectArray> java_accounts(
+      base::android::ToJavaArrayOfStrings(env, curr_ids));
+  Java_OAuth2TokenService_saveStoredAccounts(
+      env, base::android::GetApplicationContext(), java_accounts.obj());
+}
+
+bool AndroidProfileOAuth2TokenService::ValidateAccounts(
     const std::string& signed_in_account,
-    const std::vector<std::string>& account_ids) {
-  if (signed_in_account.empty())
-    return;
+    const std::vector<std::string>& prev_account_ids,
+    const std::vector<std::string>& curr_account_ids) {
+  if (std::find(curr_account_ids.begin(),
+                curr_account_ids.end(),
+                signed_in_account) != curr_account_ids.end()) {
+    // Test to see if an account is removed from the Android AccountManager.
+    // If so, invoke FireRefreshTokenRevoked to notify the reconcilor.
+    for (std::vector<std::string>::const_iterator it = prev_account_ids.begin();
+         it != prev_account_ids.end(); it++) {
+      if (*it == signed_in_account)
+        continue;
 
-  if (std::find(account_ids.begin(),
-                account_ids.end(),
-                signed_in_account) != account_ids.end()) {
-    // Currently signed in account still exists among accounts on system.
-    std::vector<std::string> ids = GetAccounts();
+      if (std::find(curr_account_ids.begin(),
+                    curr_account_ids.end(),
+                    *it) == curr_account_ids.end()) {
+        FireRefreshTokenRevoked(*it);
+      }
+    }
 
     // Always fire the primary signed in account first.

[nyquist, 2014/04/24 22:27:05]

How would you feel about extracting the rest of this block into its own method,
something like:
void FireRefreshTokenAvailableForAllAccounts(const std::string&
first_account_id, const std::vector<std::string>& all_account_ids)
?

     FireRefreshTokenAvailable(signed_in_account);
 
-    for (std::vector<std::string>::iterator it = ids.begin();
-        it != ids.end(); it++) {
+    for (std::vector<std::string>::const_iterator it = curr_account_ids.begin();
+         it != curr_account_ids.end(); it++) {
       if (*it != signed_in_account) {

[nyquist, 2014/04/24 22:27:05]

Nit: Remove { } to match the rest of this function?

         FireRefreshTokenAvailable(*it);
       }
     }
+    return true;
   } else {
     // Currently signed in account does not any longer exist among accounts on

[nyquist, 2014/04/24 22:27:05]

How would you feel about extracting the rest of this block into its own method,
something like:
void FireRefreshTokenRevokedForAllAccounts(const std::string& first_account_id,
const std::vector<std::string>& all_account_ids)
?

-    // system.
-    FireRefreshTokenRevoked(signed_in_account);
+    // system together with all other accounts.

[nyquist, 2014/04/24 22:27:05]

Could you add a comment for why we revoked all tokens (even for the non-signed
in accounts) when the currently signed in account is removed?

+    if (!signed_in_account.empty()) {

[nyquist, 2014/04/24 22:27:05]

Nit: Could you add a comment as to why we need to call FireRefreshTokenRevoked
for the currently signed in account first?

+      FireRefreshTokenRevoked(signed_in_account);
+    }
+    for (std::vector<std::string>::const_iterator it = prev_account_ids.begin();
+         it != prev_account_ids.end(); it++) {
+      if (*it == signed_in_account)
+        continue;
+      FireRefreshTokenRevoked(*it);
+    }
+    return false;
   }
 }
 
 void AndroidProfileOAuth2TokenService::FireRefreshTokenAvailableFromJava(
     JNIEnv* env,
     jobject obj,
     const jstring account_name) {
   std::string account_id = ConvertJavaStringToUTF8(env, account_name);
   AndroidProfileOAuth2TokenService::FireRefreshTokenAvailable(account_id);
 }
@@ skipping 38 matching lines @@
 
 void AndroidProfileOAuth2TokenService::FireRefreshTokensLoaded() {
   // Notify native observers.
   OAuth2TokenService::FireRefreshTokensLoaded();
   // Notify Java observers.
   JNIEnv* env = AttachCurrentThread();
   Java_OAuth2TokenService_notifyRefreshTokensLoaded(
       env, java_ref_.obj());
 }
 
+void AndroidProfileOAuth2TokenService::RevokeAllCredentials() {
+  std::vector<std::string> accounts = GetAccounts();
+  for (std::vector<std::string>::iterator it = accounts.begin();
+       it != accounts.end(); it++) {
+    FireRefreshTokenRevoked(*it);
+  }
+}
+
 // Called from Java when fetching of an OAuth2 token is finished. The
 // |authToken| param is only valid when |result| is true.
 void OAuth2TokenFetched(JNIEnv* env, jclass clazz,
     jstring authToken,
     jboolean result,
     jlong nativeCallback) {
   std::string token = ConvertJavaStringToUTF8(env, authToken);
   scoped_ptr<FetchOAuth2TokenCallback> heap_callback(
       reinterpret_cast<FetchOAuth2TokenCallback*>(nativeCallback));
   // Android does not provide enough information to know if the credentials are
   // wrong, so assume any error is transient by using CONNECTION_FAILED.
   GoogleServiceAuthError err(result ?
                              GoogleServiceAuthError::NONE :
                              GoogleServiceAuthError::CONNECTION_FAILED);
   heap_callback->Run(err, token, base::Time());
 }
 
 // static
 bool AndroidProfileOAuth2TokenService::Register(JNIEnv* env) {
   return RegisterNativesImpl(env);
 }