Making OAuth2TokenService multi-login aware, updating callers, minor fixes

chrome/browser/chromeos/settings/device_oauth2_token_service.cc

Index: chrome/browser/chromeos/settings/device_oauth2_token_service.cc
diff --git a/chrome/browser/chromeos/settings/device_oauth2_token_service.cc b/chrome/browser/chromeos/settings/device_oauth2_token_service.cc
index dbcf249e6bfabd215da76c1820a98f90a623d62f..6a92407f1b31528de76287f756d497db645284e6 100644
--- a/chrome/browser/chromeos/settings/device_oauth2_token_service.cc
+++ b/chrome/browser/chromeos/settings/device_oauth2_token_service.cc
@@ -115,7 +115,7 @@ void DeviceOAuth2TokenService::ValidatingConsumer::StartValidation(
 
   gaia_oauth_client_->RefreshToken(
       client_info,
-      token_service_->GetRefreshToken(),
+      token_service_->GetRefreshToken(std::string()),
       std::vector<std::string>(1, kServiceScopeGetUserInfo),
       token_service_->max_refresh_token_validation_retries_,
       this);
@@ -221,18 +221,21 @@ DeviceOAuth2TokenService::~DeviceOAuth2TokenService() {
 }
 
 scoped_ptr<OAuth2TokenService::Request> DeviceOAuth2TokenService::StartRequest(
+    const std::string& account_id,
     const OAuth2TokenService::ScopeSet& scopes,
     OAuth2TokenService::Consumer* consumer) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+  DCHECK(account_id.empty());
 
   if (refresh_token_is_valid_) {
-    return OAuth2TokenService::StartRequest(scopes, consumer).Pass();
+    return OAuth2TokenService::StartRequest(
+        account_id, scopes, consumer).Pass();
   } else {
     scoped_ptr<ValidatingConsumer> validating_consumer(
         new ValidatingConsumer(this, consumer));
 
     scoped_ptr<Request> request = OAuth2TokenService::StartRequest(
-        scopes, validating_consumer.get());
+        account_id, scopes, validating_consumer.get());

[Andrew T Wilson (Slow), 2013/08/30 10:47:00]

Yeah, this stuff needs to be moved to FetchOAuth2Token() since it's possible to
bypass it by using one of the other StartRequestXXXX APIs.

Not as part of this CL, though.

[fgorski, 2013/08/30 20:10:16]

crbug.com/282454.
There is the aspect of validation here, that is not easily movable (as I
mentioned in an email earlier, and the bug), but I think we could solve it in a
way that makes a clear separation between acquiring the access token and
validating the refresh token:
* we could launch the validation of the refresh token, when it is provided, so
that by the time it is required to get the access token, it is already
validated.
* onrefreshtokenavailable is only sent out once the validation was successful
* GetRefreshToken checks for validity of the token and only returns a token,
when it is valid.

(Updated the bug with the comments above)

     validating_consumer->StartValidation(request.Pass());
     return validating_consumer.PassAs<Request>();
   }
@@ -260,7 +263,9 @@ void DeviceOAuth2TokenService::SetAndSaveRefreshToken(
                           encrypted_refresh_token);
 }
 
-std::string DeviceOAuth2TokenService::GetRefreshToken() {
+std::string DeviceOAuth2TokenService::GetRefreshToken(
+    const std::string& account_id) {
+  DCHECK(account_id.empty());
   if (refresh_token_.empty()) {
     std::string encrypted_refresh_token =
         local_state_->GetString(prefs::kDeviceRobotAnyApiRefreshToken);