After signin token check failed, show force reauth dialog and start window closing countdown.

chrome/browser/signin/force_signin_verifier.cc

Index: chrome/browser/signin/force_signin_verifier.cc
diff --git a/chrome/browser/signin/force_signin_verifier.cc b/chrome/browser/signin/force_signin_verifier.cc
index 9afd37813e60a95759bb6d5224e99398dbbdbac5..96781c0db66fa71e11ebcb07550c15ef09ad76ff 100644
--- a/chrome/browser/signin/force_signin_verifier.cc
+++ b/chrome/browser/signin/force_signin_verifier.cc
@@ -4,12 +4,16 @@
 
 #include <string>
 
+#include "base/bind.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/force_signin_verifier.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
+#include "chrome/browser/ui/views/profiles/forced_reauthentication_dialog.h"
 #include "components/signin/core/browser/signin_manager.h"
 #include "google_apis/gaia/gaia_constants.h"
+#include "ui/views/widget/widget.h"
+#include "ui/views/widget/widget_deletion_observer.h"
 
 namespace {
 const net::BackoffEntry::Policy kBackoffPolicy = {
@@ -23,22 +27,34 @@ const net::BackoffEntry::Policy kBackoffPolicy = {
     false           // Do not always use initial delay.
 };
 
+const int kNoDelaySignoutInSecond = 3;  // If verification is finished within  3
+                                        // seconds, user can't cancel signout
+                                        // confirm dialog.
+const int kWindowClosingNormalDelayInSecond = 390;  //
+const int kWindowClosingShortDelayInSecond = 30;    // I

[Roger Tawa OOO till Jul 10th, 2017/06/20 14:17:51]

I think the comments here are incomplete.  Better to put the comment above each
constant instead of the right,especially when they are long.

[zmin, 2017/06/20 17:40:32]

Done.

+
 }  // namespace
 
 ForceSigninVerifier::ForceSigninVerifier(Profile* profile)
     : OAuth2TokenService::Consumer("force_signin_verifier"),
+#if !defined(OS_MACOSX)
+      profile_(profile),
+#endif
       has_token_verified_(false),
       backoff_entry_(&kBackoffPolicy),
       oauth2_token_service_(
           ProfileOAuth2TokenServiceFactory::GetForProfile(profile)),
       signin_manager_(SigninManagerFactory::GetForProfile(profile)),
-      token_request_time_(base::Time::Now()) {
+      token_request_time_(base::Time::Now()),
+      reauth_dialog_(nullptr) {
   net::NetworkChangeNotifier::AddNetworkChangeObserver(this);
   SendRequest();
 }
 
 ForceSigninVerifier::~ForceSigninVerifier() {
   Cancel();
+  if (dialog_observer_.get() && dialog_observer_->IsWidgetAlive())
+    reauth_dialog_->Close();
 }
 
 void ForceSigninVerifier::OnGetTokenSuccess(
@@ -107,8 +123,38 @@ bool ForceSigninVerifier::ShouldSendRequest() {
          signin_manager_->IsAuthenticated();
 }
 
+base::TimeDelta ForceSigninVerifier::StartCountdown() {
+  base::TimeDelta countdown_duration;
+  if (base::Time::Now() - token_request_time_ >
+      base::TimeDelta::FromSeconds(kNoDelaySignoutInSecond)) {

[Roger Tawa OOO till Jul 10th, 2017/06/20 14:17:51]

Can you add a comment explaining the if condition?  Also, where does 3 seconds
come from?  Is this possibly racy?

[zmin, 2017/06/20 17:40:32]

I have updated the comments above and rename the variables to make the logic
here more clear.

Based on the metrics, 99% of gaia ping can be finished in 3 seconds. User will
get a short countdown if ping returns in 3 seconds.

Once the reauth done, the ForceSigninVerifier will be recreated and the
countdown will be stopped automatically.

However, there're still some other potential race conditions. So I added some
code to cover them:
1) If signout has been called somewhere else and window has been closed, stop
the countdown to avoid double sign out.
2) If AuthInProcess is true, do not close window to interrupt the signin. If it
fails later, then the signin process should take care of the signout after that.

Note that, if user is still typing on the reauth gaia dialog, window will be
closed. However, if user press 'Signin again' button when countdown is less than
60 seconds, windows will be closed before reauth dialog displayed.

+    countdown_duration =
+        base::TimeDelta::FromSeconds(kWindowClosingNormalDelayInSecond);
+  } else {
+    countdown_duration =
+        base::TimeDelta::FromSeconds(kWindowClosingShortDelayInSecond);
+  }
+
+  window_close_timer_.Start(FROM_HERE, countdown_duration, this,
+                            &ForceSigninVerifier::CloseWindows);
+  return countdown_duration;
+}
+
 void ForceSigninVerifier::ShowDialog() {
-  // TODO(zmin): Show app modal dialog.
+#if !defined(OS_MACOSX)
+  base::TimeDelta countdown_duration = StartCountdown();
+  reauth_dialog_ = ForcedReauthenticationDialog::ShowDialog(
+                       profile_, signin_manager_, countdown_duration)
+                       ->GetWidget();
+  dialog_observer_ =
+      base::MakeUnique<views::WidgetDeletionObserver>(reauth_dialog_);
+#endif
+}
+
+void ForceSigninVerifier::CloseWindows() {
+  dialog_observer_.reset();
+  signin_manager_->SignOut(
+      signin_metrics::AUTHENTICATION_FAILED_WITH_FORCE_SIGNIN,
+      signin_metrics::SignoutDelete::IGNORE_METRIC);
 }
 
 OAuth2TokenService::Request* ForceSigninVerifier::GetRequestForTesting() {
@@ -122,3 +168,7 @@ net::BackoffEntry* ForceSigninVerifier::GetBackoffEntryForTesting() {
 base::OneShotTimer* ForceSigninVerifier::GetOneShotTimerForTesting() {
   return &backoff_request_timer_;
 }
+
+base::OneShotTimer* ForceSigninVerifier::GetWindowCloseTimerForTesting() {
+  return &window_close_timer_;
+}