Correctly deal with tokens for supervised users in ProfileOAuth2TokenService.

chrome/browser/signin/profile_oauth2_token_service.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/profile_oauth2_token_service.h"
 
 #include "base/bind.h"
 #include "base/message_loop/message_loop.h"
 #include "base/stl_util.h"
 #include "base/time/time.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/signin_global_error.h"
 #include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/signin/token_service.h"
 #include "chrome/browser/signin/token_service_factory.h"
 #include "chrome/browser/ui/global_error/global_error_service.h"
 #include "chrome/browser/ui/global_error/global_error_service_factory.h"
 #include "chrome/browser/webdata/token_web_data.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_details.h"
 #include "content/public/browser/notification_source.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "net/url_request/url_request_context_getter.h"
 
+#if defined(ENABLE_MANAGED_USERS)
+#include "chrome/browser/managed_mode/managed_user_constants.h"
+#endif
+
 namespace {
 
 const char kAccountIdPrefix[] = "AccountId-";
 const size_t kAccountIdPrefixLength = 10;
 
 bool IsLegacyServiceId(const std::string& account_id) {
   return account_id.compare(0u, kAccountIdPrefixLength, kAccountIdPrefix) != 0;
 }
 
 bool IsLegacyRefreshTokenId(const std::string& service_id) {
@@ skipping 109 matching lines @@
     return;
 
   DCHECK_GT(refresh_tokens_.count(account_id), 0u);
   refresh_tokens_[account_id]->SetLastAuthError(error);
 }
 
 void ProfileOAuth2TokenService::Observe(
     int type,
     const content::NotificationSource& source,
     const content::NotificationDetails& details) {
-  const std::string& account_id = GetPrimaryAccountId();
+  std::string account_id = GetPrimaryAccountId();
   switch (type) {
     case chrome::NOTIFICATION_TOKEN_AVAILABLE: {
       TokenService::TokenAvailableDetails* tok_details =
           content::Details<TokenService::TokenAvailableDetails>(details).ptr();
       if (tok_details->service() ==
           GaiaConstants::kGaiaOAuth2LoginRefreshToken) {
         // TODO(fgorski): Work on removing this code altogether in favor of the
         // upgrade steps invoked by Initialize.
         // TODO(fgorski): Refresh token received that way is not persisted in
         // the token DB.
+        account_id = GetAccountIdForMigratingRefreshToken();
         CancelRequestsForAccount(account_id);
         ClearCacheForAccount(account_id);
         refresh_tokens_[account_id].reset(
             new AccountInfo(this, account_id, tok_details->token()));
         UpdateAuthError(account_id, GoogleServiceAuthError::AuthErrorNone());
         FireRefreshTokenAvailable(account_id);
       }
       break;
     }
     case chrome::NOTIFICATION_TOKENS_CLEARED: {
@@ skipping 24 matching lines @@
       }
       FireRefreshTokensLoaded();
       break;
     default:
       NOTREACHED() << "Invalid notification type=" << type;
       break;
   }
 }
 
 std::string ProfileOAuth2TokenService::GetPrimaryAccountId() {
-  if (profile_->IsManaged())
-    return std::string("SupervisedUser");
-
   SigninManagerBase* signin_manager =
       SigninManagerFactory::GetForProfileIfExists(profile_);
   // TODO(fgorski): DCHECK(signin_manager) here - it may require update to test
   // code and the line above (SigninManager might not exist yet).
   return signin_manager ? signin_manager->GetAuthenticatedUsername()
       : std::string();
 }
 
 std::vector<std::string> ProfileOAuth2TokenService::GetAccounts() {
   std::vector<std::string> account_ids;
@@ skipping 91 matching lines @@
   DCHECK_EQ(0, web_data_service_request_);
 
   CancelAllRequests();
   refresh_tokens_.clear();
   scoped_refptr<TokenWebData> token_web_data =
       TokenWebData::FromBrowserContext(profile_);
   if (token_web_data.get())
     web_data_service_request_ = token_web_data->GetAllTokens(this);
 }
 
+std::string ProfileOAuth2TokenService::GetAccountIdForMigratingRefreshToken() {
+#if defined(ENABLE_MANAGED_USERS)
+  // TODO(bauerb): Make sure that only services that can deal with supervised
+  // users see the supervised user token.
+  if (profile_->IsManaged())
+    return managed_users::kManagedUserPseudoEmail;
+#endif
+
+  return GetPrimaryAccountId();
+}
+
 void ProfileOAuth2TokenService::OnWebDataServiceRequestDone(
     WebDataServiceBase::Handle handle,
     const WDTypedResult* result) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
   DCHECK_EQ(web_data_service_request_, handle);
   web_data_service_request_ = 0;
 
   if (result) {
     DCHECK(result->GetType() == TOKEN_RESULT);
     const WDResult<std::map<std::string, std::string> > * token_result =
@@ skipping 25 matching lines @@
     } else {
       DCHECK(!refresh_token.empty());
       std::string account_id = RemoveAccountIdPrefix(prefixed_account_id);
       refresh_tokens_[account_id].reset(
           new AccountInfo(this, account_id, refresh_token));
       FireRefreshTokenAvailable(account_id);
       // TODO(fgorski): Notify diagnostic observers.
     }
   }
 
-  if (!old_login_token.empty() &&
-      refresh_tokens_.count(GetPrimaryAccountId()) == 0) {
-    UpdateCredentials(GetPrimaryAccountId(), old_login_token);
+  if (!old_login_token.empty()) {
+    std::string account_id = GetAccountIdForMigratingRefreshToken();
+
+    if (refresh_tokens_.count(account_id) == 0)
+      UpdateCredentials(account_id, old_login_token);
   }
 
   FireRefreshTokensLoaded();
 }