Allow sync with 2-factor StrongAuth accounts in ChromeOS.

chrome/browser/sync/profile_sync_service.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/profile_sync_service.h"
 
 #include <map>
 #include <set>
 
 #include "app/l10n_util.h"
@@ skipping 105 matching lines @@
 ProfileSyncService::~ProfileSyncService() {
   Shutdown(false);
 }
 
 bool ProfileSyncService::AreCredentialsAvailable() {
   if (IsManaged()) {
     return false;
   }
 
   // CrOS user is always logged in. Chrome uses signin_ to check logged in.
-  if (!cros_user_.empty() || !signin_.GetUsername().empty()) {
+  if (!cros_user_.empty() || !signin_->GetUsername().empty()) {
     // TODO(chron): Verify CrOS unit test behavior.
     if (profile()->GetTokenService() &&
         profile()->GetTokenService()->HasTokenForService(
             GaiaConstants::kSyncService)) {
       return true;
     }
   }
   return false;
 }
 
 void ProfileSyncService::LoadMigratedCredentials(const std::string& username,
                                                  const std::string& token) {
-  signin_.SetUsername(username);
+  signin_->SetUsername(username);
   profile()->GetPrefs()->SetString(prefs::kGoogleServicesUsername, username);
   profile()->GetTokenService()->OnIssueAuthTokenSuccess(
       GaiaConstants::kSyncService, token);
   profile()->GetPrefs()->SetBoolean(prefs::kSyncCredentialsMigrated, true);
   token_migrator_.reset();
 }
 
 void ProfileSyncService::Initialize() {
   InitSettings();
   RegisterPreferences();
 
   // Watch the preference that indicates sync is managed so we can take
   // appropriate action.
   pref_sync_managed_.Init(prefs::kSyncManaged, profile_->GetPrefs(), this);
 
   // For now, the only thing we can do through policy is to turn sync off.
   if (IsManaged()) {
     DisableForUser();
     return;
   }
 
   RegisterAuthNotifications();
 
   // In Chrome, we integrate a SigninManager which works with the sync
   // setup wizard to kick off the TokenService. CrOS does its own plumbing
   // for the TokenService.
   if (cros_user_.empty()) {
     // Will load tokens from DB and broadcast Token events after.
-    signin_.Initialize(profile_);
+    // Note: We rely on signin_ != NULL unless !cros_user_.empty().
+    signin_.reset(new SigninManager());
+    signin_->Initialize(profile_);
   }
 
   if (!HasSyncSetupCompleted()) {
     DisableForUser();  // Clean up in case of previous crash / setup abort.
 
     // Under ChromeOS, just autostart it anyway if creds are here and start
     // is not being suppressed by preferences.
     if (!cros_user_.empty() &&
         !profile_->GetPrefs()->GetBoolean(prefs::kSyncSuppressStart) &&
         AreCredentialsAvailable()) {
@@ skipping 195 matching lines @@
   pref_service->ClearPref(prefs::kSyncHasSetupCompleted);
   pref_service->ClearPref(prefs::kEncryptionBootstrapToken);
 
   // TODO(nick): The current behavior does not clear e.g. prefs::kSyncBookmarks.
   // Is that really what we want?
   pref_service->ScheduleSavePersistentPrefs();
 }
 
 SyncCredentials ProfileSyncService::GetCredentials() {
   SyncCredentials credentials;
-  credentials.email = !cros_user_.empty() ? cros_user_ : signin_.GetUsername();
+  credentials.email = !cros_user_.empty() ? cros_user_ : signin_->GetUsername();
   DCHECK(!credentials.email.empty());
   TokenService* service = profile_->GetTokenService();
   credentials.sync_token = service->GetTokenForService(
       GaiaConstants::kSyncService);
   return credentials;
 }
 
 void ProfileSyncService::InitializeBackend(bool delete_sync_data_folder) {
   if (!backend_.get()) {
     NOTREACHED();
@@ skipping 104 matching lines @@
       &ProfileSyncService::OnClearServerDataTimeout);
   backend_->RequestClearServerData();
 }
 
 void ProfileSyncService::DisableForUser() {
   // Clear prefs (including SyncSetupHasCompleted) before shutting down so
   // PSS clients don't think we're set up while we're shutting down.
   ClearPreferences();
   Shutdown(true);
 
-  if (cros_user_.empty()) {
-    signin_.SignOut();
+  if (signin_.get()) {
+    signin_->SignOut();
   }
 
   FOR_EACH_OBSERVER(Observer, observers_, OnStateChanged());
 }
 
 bool ProfileSyncService::HasSyncSetupCompleted() const {
   return profile_->GetPrefs()->GetBoolean(prefs::kSyncHasSetupCompleted);
 }
 
 void ProfileSyncService::SetSyncSetupCompleted() {
@@ skipping 269 matching lines @@
 
 void ProfileSyncService::OnUserSubmittedAuth(
     const std::string& username, const std::string& password,
     const std::string& captcha, const std::string& access_code) {
   last_attempted_user_email_ = username;
   is_auth_in_progress_ = true;
   FOR_EACH_OBSERVER(Observer, observers_, OnStateChanged());
 
   auth_start_time_ = base::TimeTicks::Now();
 
-  // TODO(chron): Mechanism for ChromeOS auth renewal?
-  // (maybe just run the dialog anyway?)
-  // or send it to the CrOS login somehow?
-  if (!cros_user_.empty()) {
-    LOG(WARNING) << "No mechanism on ChromeOS yet. See http://crbug.com/50292";
+  if (!signin_.get()) {
+    // In ChromeOS we sign in during login, so we do not instantiate signin_.
+    // If this function gets called, we need to re-authenticate (e.g. for
+    // two factor signin), so instantiante signin_ here.
+    signin_.reset(new SigninManager());
+    signin_->Initialize(profile_);
   }
 
   if (!access_code.empty()) {
-    signin_.ProvideSecondFactorAccessCode(access_code);
+    signin_->ProvideSecondFactorAccessCode(access_code);
     return;
   }
 
-  if (!signin_.GetUsername().empty()) {
-    signin_.SignOut();
+  if (!signin_->GetUsername().empty()) {
+    signin_->SignOut();
   }
 
   // The user has submitted credentials, which indicates they don't
   // want to suppress start up anymore.
   PrefService* prefs = profile_->GetPrefs();
   prefs->SetBoolean(prefs::kSyncSuppressStart, false);
   prefs->ScheduleSavePersistentPrefs();
 
-  signin_.StartSignIn(username,
-                      password,
-                      last_auth_error_.captcha().token,
-                      captcha);
+  signin_->StartSignIn(username,
+                       password,
+                       last_auth_error_.captcha().token,
+                       captcha);
 }
 
 void ProfileSyncService::OnUserChoseDatatypes(bool sync_everything,
     const syncable::ModelTypeSet& chosen_types) {
   if (!backend_.get()) {
     NOTREACHED();
     return;
   }
   profile_->GetPrefs()->SetBoolean(prefs::kKeepEverythingSynced,
       sync_everything);
@@ skipping 256 matching lines @@
 
         if (!profile_->GetPrefs()->GetBoolean(prefs::kSyncSuppressStart))
           StartUp();
       }
       break;
     }
     case NotificationType::TOKEN_LOADING_FINISHED: {
       // If not in Chrome OS, and we have a username without tokens,
       // the user will need to signin again, so sign out.
       if (cros_user_.empty() &&
-          !signin_.GetUsername().empty() &&
+          !signin_->GetUsername().empty() &&
           !AreCredentialsAvailable()) {
         DisableForUser();
       }
       break;
     }
     default: {
       NOTREACHED();
     }
   }
 }
@@ skipping 31 matching lines @@
   // is initialized, all enabled data types are consistent with one
   // another, and no unrecoverable error has transpired.
   if (unrecoverable_error_detected_)
     return false;
 
   if (!data_type_manager_.get())
     return false;
 
   return data_type_manager_->state() == DataTypeManager::CONFIGURED;
 }