Override SigninManager::SignOut if force-signin is enabled.

chrome/browser/signin/chrome_signin_client.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/chrome_signin_client.h"
 
 #include <stddef.h>
 #include <utility>
 
+#include "base/bind.h"
 #include "base/command_line.h"
 #include "base/strings/utf_string_conversions.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/content_settings/cookie_settings_factory.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
 #include "chrome/browser/profiles/profile_attributes_entry.h"
 #include "chrome/browser/profiles/profile_attributes_storage.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/profiles/profile_metrics.h"
 #include "chrome/browser/profiles/profile_window.h"
 #include "chrome/browser/signin/local_auth.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
+#include "chrome/browser/ui/browser_list.h"
+#include "chrome/browser/ui/user_manager.h"
 #include "chrome/browser/web_data_service_factory.h"
 #include "chrome/common/channel_info.h"
 #include "chrome/common/features.h"
+#include "chrome/common/pref_names.h"
 #include "components/content_settings/core/browser/cookie_settings.h"
 #include "components/metrics/metrics_service.h"
 #include "components/prefs/pref_service.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_cookie_changed_subscription.h"
 #include "components/signin/core/browser/signin_header_helper.h"
 #include "components/signin/core/common/profile_management_switches.h"
 #include "components/signin/core/common/signin_pref_names.h"
 #include "components/signin/core/common/signin_switches.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "url/gurl.h"
 
 #if BUILDFLAG(ENABLE_SUPERVISED_USERS)
 #include "chrome/browser/supervised_user/supervised_user_constants.h"
 #endif
 
 #if defined(OS_CHROMEOS)
 #include "chrome/browser/chromeos/net/delay_network_call.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "components/user_manager/known_user.h"
 #include "components/user_manager/user_manager.h"
 #endif
 
 #if !defined(OS_ANDROID)
 #include "chrome/browser/first_run/first_run.h"
 #endif
 
+namespace {
+
+bool IsForceSigninEnabled() {
+  PrefService* prefs = g_browser_process->local_state();
+  return prefs && prefs->GetBoolean(prefs::kForceBrowserSignin);
+}
+
+#if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
+void OnCloseBrowsersAborted(const base::FilePath& path) {}
+#endif
+
+}  // namespace
+
 ChromeSigninClient::ChromeSigninClient(
-    Profile* profile, SigninErrorController* signin_error_controller)
+    Profile* profile,
+    SigninErrorController* signin_error_controller)
     : OAuth2TokenService::Consumer("chrome_signin_client"),
       profile_(profile),
-      signin_error_controller_(signin_error_controller) {
+      signin_error_controller_(signin_error_controller),
+      is_force_signin_enabled_(IsForceSigninEnabled()) {
   signin_error_controller_->AddObserver(this);
 #if !defined(OS_CHROMEOS)
   net::NetworkChangeNotifier::AddNetworkChangeObserver(this);
 #else
   // UserManager may not exist in unit_tests.
   if (!user_manager::UserManager::IsInitialized())
     return;
 
   const user_manager::User* user =
       chromeos::ProfileHelper::Get()->GetUserByProfile(profile_);
@@ skipping 102 matching lines @@
       GetProfileAttributesStorage().
       GetProfileAttributesWithPath(profile_->GetPath(), &entry);
 
   // If sign out occurs because Sync setup was in progress and the Profile got
   // deleted, then the profile's no longer in the ProfileAttributesStorage.
   if (!has_entry)
     return;
 
   entry->SetLocalAuthCredentials(std::string());
   entry->SetAuthInfo(std::string(), base::string16());
   entry->SetIsSigninRequired(false);

[Roger Tawa OOO till Jul 10th, 2016/11/02 13:20:39]

Can we call LockProfile() from here to reduce code duplication?  Would need a
new bool arg to method.

[zmin, 2016/11/02 20:30:22]

OnSignedOut is not always called during signout. For example, it won't be called
if user give up sign in by the manager confirm dialog.

 }
 
 net::URLRequestContextGetter* ChromeSigninClient::GetURLRequestContext() {
   return profile_->GetRequestContext();
 }
 
 bool ChromeSigninClient::ShouldMergeSigninCredentialsIntoCookieJar() {
   return !switches::IsEnableAccountConsistency();
 }
 
@@ skipping 59 matching lines @@
 void ChromeSigninClient::PostSignedIn(const std::string& account_id,
                                       const std::string& username,
                                       const std::string& password) {
 #if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
   // Don't store password hash except when lock is available for the user.
   if (!password.empty() && profiles::IsLockAvailable(profile_))
     LocalAuth::SetLocalAuthCredentials(profile_, password);
 #endif
 }
 
+void ChromeSigninClient::PreSignOut(const base::Callback<void()>& sign_out) {
+#if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
+  if (is_force_signin_enabled_ && !profile_->IsSystemProfile() &&
+      !profile_->IsGuestSession()) {
+    BrowserList::CloseAllBrowsersWithProfile(
+        profile_, base::Bind(&ChromeSigninClient::OnCloseBrowsersSuccess,
+                             base::Unretained(this), sign_out),
+        base::Bind(&OnCloseBrowsersAborted));
+  } else {
+#else
+  {
+#endif
+    SigninClient::PreSignOut(sign_out);
+  }
+}
+
 void ChromeSigninClient::OnErrorChanged() {
   // Some tests don't have a ProfileManager.
   if (g_browser_process->profile_manager() == nullptr)
     return;
 
   ProfileAttributesEntry* entry;
 
   if (!g_browser_process->profile_manager()->GetProfileAttributesStorage().
           GetProfileAttributesWithPath(profile_->GetPath(), &entry)) {
     return;
@@ skipping 105 matching lines @@
         ProfileOAuth2TokenService* token_service =
             ProfileOAuth2TokenServiceFactory::GetForProfile(profile_);
         OAuth2TokenService::ScopeSet scopes;
         scopes.insert(GaiaConstants::kGoogleUserInfoEmail);
         oauth_request_ = token_service->StartRequest(account_id, scopes, this);
       }
     }
   }
 #endif
 }
+
+void ChromeSigninClient::OnCredentialsBeingCopied() {
+  if (is_force_signin_enabled_)
+    // The signout after credential copy won't open UserManager after all
+    // browser window are closed. Because the browser window will be opened for
+    // the new profile soon.
+    is_user_manager_displayed_ = false;

[Roger Tawa OOO till Jul 10th, 2016/11/02 13:20:39]

Nit: since comment is below the if() statement, I'd put { and } around the
block.

[zmin, 2016/11/02 20:30:22]

Done.

+}
+
+void ChromeSigninClient::OnCloseBrowsersSuccess(
+    const base::Callback<void()>& sign_out,
+    const base::FilePath& profile_path) {
+  SigninClient::PreSignOut(sign_out);
+
+  // After sign out, lock the profile and show UserManager if necessary.
+  LockProfile(profile_path);
+  if (is_user_manager_displayed_) {
+    ShowUserManager(profile_path);
+  } else {
+    is_user_manager_displayed_ = true;

[Roger Tawa OOO till Jul 10th, 2016/11/02 13:20:39]

Maybe this member could be renamed should_display_user_manager_ ?

Why does it it need to be set at line 442?  I think  OnCredentialsBeingCopied()
can be called but OnCloseBrowsersSuccess() is not, like when aborted.  Would it
be better instead to set it somewhere else?

[zmin, 2016/11/02 20:30:22]

Done.

Good point. Because displaying UserManager is in the end of sign out process,
I'll just reset this flag in the abort callback as well.

+  }
+}
+
+void ChromeSigninClient::LockProfile(const base::FilePath& profile_path) {
+  ProfileAttributesEntry* entry;
+  bool has_entry = g_browser_process->profile_manager()
+                       ->GetProfileAttributesStorage()
+                       .GetProfileAttributesWithPath(profile_path, &entry);
+  DCHECK(has_entry);
+  entry->SetIsSigninRequired(true);
+}
+
+void ChromeSigninClient::ShowUserManager(const base::FilePath& profile_path) {
+#if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
+  UserManager::Show(profile_path, profiles::USER_MANAGER_NO_TUTORIAL,
+                    profiles::USER_MANAGER_SELECT_PROFILE_NO_ACTION);
+#endif
+}