Calls FireRefreshTokenRevoked if an account is removed.

chrome/browser/signin/android_profile_oauth2_token_service.cc

Index: chrome/browser/signin/android_profile_oauth2_token_service.cc
diff --git a/chrome/browser/signin/android_profile_oauth2_token_service.cc b/chrome/browser/signin/android_profile_oauth2_token_service.cc
index 71fe1c3b684c752705b2089b178ef77ef6c1e1ac..5bc75695562cf52f6b42c84ed145fbb433d821d5 100644
--- a/chrome/browser/signin/android_profile_oauth2_token_service.cc
+++ b/chrome/browser/signin/android_profile_oauth2_token_service.cc
@@ -157,43 +157,64 @@ void AndroidProfileOAuth2TokenService::InvalidateOAuth2Token(
       j_access_token.obj());
 }
 
-void AndroidProfileOAuth2TokenService::ValidateAccounts(JNIEnv* env,
-                                                        jobject obj,
-                                                        jobjectArray accounts,
-                                                        jstring j_current_acc) {
+bool AndroidProfileOAuth2TokenService::ValidateAccounts(
+    JNIEnv* env,
+    jobject obj,
+    jobjectArray prev_account_ids,
+    jstring j_current_acc) {
   std::vector<std::string> account_ids;
   base::android::AppendJavaStringArrayToStringVector(env,
-                                                     accounts,
+                                                     prev_account_ids,
                                                      &account_ids);
   std::string signed_in_account = ConvertJavaStringToUTF8(env, j_current_acc);
-  ValidateAccounts(signed_in_account, account_ids);
+  return ValidateAccounts(signed_in_account, account_ids);
 }
 
-void AndroidProfileOAuth2TokenService::ValidateAccounts(
+bool AndroidProfileOAuth2TokenService::ValidateAccounts(
     const std::string& signed_in_account,
-    const std::vector<std::string>& account_ids) {
+    const std::vector<std::string>& prev_account_ids) {
   if (signed_in_account.empty())
-    return;
+    return false;

[Roger Tawa OOO till Jul 10th, 2014/04/10 15:30:54]

Should this return here, or should we still fire the revokes if
|prev_account_ids| is not empty?

Seems like you might be able to just remove lines 176-177.  If
|signed_in_accounts| is empty, it will fail the find() at line 180, and hit the
code at line 210.  What do you think?

 
+  std::vector<std::string> account_ids = GetAccounts();
   if (std::find(account_ids.begin(),
                 account_ids.end(),
                 signed_in_account) != account_ids.end()) {
-    // Currently signed in account still exists among accounts on system.
-    std::vector<std::string> ids = GetAccounts();
+    // Test to see if an account is removed from the Android AccountManager.
+    // If so, invoke FireRefreshTokenRevoked to notify the reconcilor.
+    for (std::vector<std::string>::const_iterator it = prev_account_ids.begin();
+         it != prev_account_ids.end(); it++) {
+      if (*it == signed_in_account)
+        continue;
+
+      if (std::find(account_ids.begin(),
+                    account_ids.end(),
+                    *it) == account_ids.end()) {
+        FireRefreshTokenRevoked(*it);
+      }
+    }
 
     // Always fire the primary signed in account first.
     FireRefreshTokenAvailable(signed_in_account);
 
-    for (std::vector<std::string>::iterator it = ids.begin();
-        it != ids.end(); it++) {
+    for (std::vector<std::string>::iterator it = account_ids.begin();
+         it != account_ids.end(); it++) {
       if (*it != signed_in_account) {
         FireRefreshTokenAvailable(*it);
       }
     }
+    return true;
   } else {
     // Currently signed in account does not any longer exist among accounts on
-    // system.
+    // system together with all other accounts.
     FireRefreshTokenRevoked(signed_in_account);
+    for (std::vector<std::string>::const_iterator it = prev_account_ids.begin();
+         it != prev_account_ids.end(); it++) {
+      if (*it == signed_in_account)
+        continue;
+      FireRefreshTokenRevoked(*it);
+    }
+    return false;
   }
 }

[Roger Tawa OOO till Jul 10th, 2014/04/10 15:30:54]

I think it would be good to write tests for this function, since it does a lot
of things.  Tests I could see:

1/ |prev_account_ids| empty, system accounts non-empty
2/ |prev_account_ids| == non-empty system accounts
3/ |prev_account_ids| non-empty but not equal to non-empty system accounts
4/ 1-3 above, with empty |signed_in_account|
5/ 1-3 above, with non-empty |signed_in_account| and its in system accounts
6/ 1-3 above, with non-empty |signed_in_account| and its not in system accounts

After each case, make sure stored accounts is what you expect and that all
available and revoked events were fired.

 
@@ -252,6 +273,14 @@ void AndroidProfileOAuth2TokenService::FireRefreshTokensLoaded() {
       env, java_ref_.obj());
 }
 
+void AndroidProfileOAuth2TokenService::RevokeAllCredentials() {
+  std::vector<std::string> accounts = GetAccounts();
+  for (std::vector<std::string>::iterator it = accounts.begin();
+       it != accounts.end(); it++) {
+    FireRefreshTokenRevoked(*it);
+  }
+}
+
 // Called from Java when fetching of an OAuth2 token is finished. The
 // |authToken| param is only valid when |result| is true.
 void OAuth2TokenFetched(JNIEnv* env, jclass clazz,