Add ForceSigninVerifier.

chrome/browser/signin/force_signin_verifier.h

Index: chrome/browser/signin/force_signin_verifier.h
diff --git a/chrome/browser/signin/force_signin_verifier.h b/chrome/browser/signin/force_signin_verifier.h
new file mode 100644
index 0000000000000000000000000000000000000000..ab88836015a6d0997e5d0d2f54c2d7ce2cfc35ab
--- /dev/null
+++ b/chrome/browser/signin/force_signin_verifier.h
@@ -0,0 +1,77 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SIGNIN_FORCE_SIGNIN_VERIFIER_H_
+#define CHROME_BROWSER_SIGNIN_FORCE_SIGNIN_VERIFIER_H_
+
+#include <memory>
+#include <string>
+
+#include "base/macros.h"
+#include "base/time/time.h"
+#include "base/timer/timer.h"
+#include "google_apis/gaia/oauth2_token_service.h"
+#include "net/base/backoff_entry.h"
+#include "net/base/network_change_notifier.h"
+
+class Profile;
+class SigninManager;
+
+// ForceSigninVerifier will verify profile's auth token when profile is loaded
+// into memory by the first time via gaia server. It will retry on any transient
+// error.
+class ForceSigninVerifier
+    : public OAuth2TokenService::Consumer,
+      public net::NetworkChangeNotifier::NetworkChangeObserver {
+ public:
+  explicit ForceSigninVerifier(Profile* profile);
+  ~ForceSigninVerifier();
+
+  // OAuth2TokenService::Consumer implementation
+  void OnGetTokenSuccess(const OAuth2TokenService::Request* request,
+                         const std::string& access_token,
+                         const base::Time& expiration_time) override;
+  void OnGetTokenFailure(const OAuth2TokenService::Request* request,
+                         const GoogleServiceAuthError& error) override;
+
+  // net::NetworkChangeNotifier::NetworkChangeObserver
+  void OnNetworkChanged(
+      net::NetworkChangeNotifier::ConnectionType type) override;
+
+  // Cancel any pending or ongoing verification.
+  void Cancel();
+
+ protected:
+  // Sent the token verification request. The request will be sent only if

[Roger Tawa OOO till Jul 10th, 2017/04/10 15:15:20]

nit: Sent -> Send

[zmin, 2017/04/10 22:27:49]

Done.

+  //   - The token has never been verified before.
+  //   - There is no on going verification.
+  //   - There is network connection.
+  //   - The profile has signed in.
+  //
+  void SendRequest();
+
+  virtual bool ShouldSendRequest();
+
+  // Show the warning dialog before sign out user and close assoicated browser

[Roger Tawa OOO till Jul 10th, 2017/04/10 15:15:20]

Nit:
sign out -> signing out
close -> closing

[zmin, 2017/04/10 22:27:49]

Done.

+  // window.
+  virtual void ShowDialog();
+
+  std::unique_ptr<OAuth2TokenService::Request> access_token_request_;
+
+  // Indicates whether the verification is finished successfully or with a
+  // persistent error.
+  bool has_token_verified_;
+  net::BackoffEntry backoff_entry_;
+  base::OneShotTimer backoff_request_timer_;

[Roger Tawa OOO till Jul 10th, 2017/04/10 15:15:20]

All data members should be private.  You can add accessor functions as either
public or protected.  Looking at the mock class, could probably put most of
those accessor functions in this class as public, except maybe the out that
returns the request, which could be left protected.

[zmin, 2017/04/10 22:27:49]

I create a public method for |has_token_verified_|.

For the rest, because all of them can't do copy and return, I have to return
pointer instead. So I write  getter functions for them under protector plus
'ForTesting' in naming to make sure that they are only used by test.

+
+ private:
+  OAuth2TokenService* oauth2_token_service_;
+  SigninManager* signin_manager_;
+
+  base::Time token_request_time_;
+
+  DISALLOW_COPY_AND_ASSIGN(ForceSigninVerifier);
+};
+
+#endif  // CHROME_BROWSER_SIGNIN_FORCE_SIGNIN_VERIFIER_H_