Make sure GetAuthenticatedAccountId() returns a canonicalized id.

chrome/browser/policy/cloud/user_policy_signin_service.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/policy/cloud/user_policy_signin_service.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "chrome/browser/browser_process.h"
@@ skipping 24 matching lines @@
                                   local_state,
                                   device_management_service,
                                   policy_manager,
                                   signin_manager,
                                   system_request_context),
       profile_(profile),
       oauth2_token_service_(token_service) {
   // ProfileOAuth2TokenService should not yet have loaded its tokens since this
   // happens in the background after PKS initialization - so this service
   // should always be created before the oauth token is available.
-  DCHECK(!oauth2_token_service_->RefreshTokenIsAvailable(
-             signin_manager->GetAuthenticatedAccountId()));
+  DCHECK(!signin_manager->IsAuthenticated() ||

[Andrew T Wilson (Slow), 2014/10/07 16:31:23]

Why is this required - does RefreshTokenIsAvailable() return an error if we
aren't yet authenticated?

[Roger Tawa OOO till Jul 10th, 2014/10/07 19:37:34]

Previously, you could call RefreshTokenIsAvailable() with an empty string and it
would return false.  However, in this CL I added checks to all public api of the
token service to validate the account_id.  One of the validation checks is that
the account_id is not empty.

This required a few tweaks to callers to fix tests, see ps9 and ps11.

You could argue that this validation should not be done in
RefreshTokenIsAvailable(), only the other public api calls of the token service.
 I think its good as is, but if you feel strongly that RefreshTokenIsAvailable()
should not validate the account_id, I can remove it.

[Roger Tawa OOO till Jul 10th, 2014/10/08 19:47:29]

I've decided to remove the validity check only from  RefreshTokenIsAvailable(). 
It was causing a lot of failures because there is code that passes an empty
string to RefreshTokenIsAvailable() as a test to see if the profile is signed
in.  I'll keep the check for all O2TS calls that would mutate the token service.
 As a result, I undid changes to user_cloud_policy_token_forwarder.cc,
user_policy_signin_service.cc, and auth_service.cc.

+         (!oauth2_token_service_->RefreshTokenIsAvailable(
+              signin_manager->GetAuthenticatedAccountId())));
 
   // Listen for an OAuth token to become available so we can register a client
   // if for some reason the client is not already registered (for example, if
   // the policy load failed during initial signin).
   oauth2_token_service_->AddObserver(this);
 }
 
 UserPolicySigninService::~UserPolicySigninService() {
 }
 
@@ skipping 132 matching lines @@
 }
 
 void UserPolicySigninService::ProhibitSignoutIfNeeded() {
   if (policy_manager()->IsClientRegistered()) {
     DVLOG(1) << "User is registered for policy - prohibiting signout";
     signin_manager()->ProhibitSignout(true);
   }
 }
 
 }  // namespace policy