cros: Terminate if merge session fails for online sign-in

chrome/browser/chromeos/login/session/user_session_manager.cc

Index: chrome/browser/chromeos/login/session/user_session_manager.cc
diff --git a/chrome/browser/chromeos/login/session/user_session_manager.cc b/chrome/browser/chromeos/login/session/user_session_manager.cc
index 598c694798e4635a12843bd8438e10552d6dfa95..467db4df9f7fe789279b1f758c9c4638e1f7010c 100644
--- a/chrome/browser/chromeos/login/session/user_session_manager.cc
+++ b/chrome/browser/chromeos/login/session/user_session_manager.cc
@@ -867,6 +867,16 @@ void UserSessionManager::OnSessionRestoreStateChanged(
 
   login_manager->RemoveObserver(this);
 
+  const bool is_online_signin =

[achuithb, 2017/05/25 19:44:17]

I think a comment explaining that this is necessary to prevent a policy exploit
and a link to the bug might me useful?

[xiyuan, 2017/05/25 20:24:09]

Done.

+      user_context_.GetAuthFlow() == UserContext::AUTH_FLOW_GAIA_WITH_SAML ||
+      user_context_.GetAuthFlow() == UserContext::AUTH_FLOW_GAIA_WITHOUT_SAML;
+  if (is_online_signin && state == OAuth2LoginManager::SESSION_RESTORE_FAILED) {
+    LOG(ERROR)
+        << "Session restore failed for online sign-in, terminating session.";
+    chrome::AttemptUserExit();
+    return;
+  }
+
   if (exit_after_session_restore_ &&
       (state  == OAuth2LoginManager::SESSION_RESTORE_DONE ||
        state  == OAuth2LoginManager::SESSION_RESTORE_FAILED ||