Merge 95693 - [Sync] Fix encryption/passphrase handling.

chrome/browser/sync/sync_setup_flow.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/sync_setup_flow.h"
 
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
@@ skipping 158 matching lines @@
   args->SetBoolean("syncApps",
       service->profile()->GetPrefs()->GetBoolean(prefs::kSyncApps));
   args->SetBoolean("encryptionEnabled",
       !CommandLine::ForCurrentProcess()->HasSwitch(
           switches::kDisableSyncEncryption));
 
   syncable::ModelTypeSet encrypted_types;
   service->GetEncryptedDataTypes(&encrypted_types);
   bool encrypt_all =
       encrypted_types.upper_bound(syncable::PASSWORDS) != encrypted_types.end();
+  if (service->HasPendingEncryptedTypes())
+    encrypt_all = true;
   args->SetBoolean("encryptAllData", encrypt_all);
 
   // Load the parameters for the encryption tab.
   args->SetBoolean("usePassphrase", service->IsUsingSecondaryPassphrase());
 }
 
 bool SyncSetupFlow::AttachSyncSetupHandler(SyncSetupFlowHandler* handler) {
   if (flow_handler_)
     return false;
 
@@ skipping 71 matching lines @@
                                         const std::string& password,
                                         const std::string& captcha,
                                         const std::string& access_code) {
   service_->OnUserSubmittedAuth(username, password, captcha, access_code);
 }
 
 void SyncSetupFlow::OnUserConfigured(const SyncConfiguration& configuration) {
   // Go to the "loading..." screen.
   Advance(SyncSetupWizard::SETTING_UP);
 
+  // Note: encryption will not occur until OnUserChoseDatatypes is called.
+  syncable::ModelTypeSet encrypted_types;
   if (configuration.encrypt_all) {
-    syncable::ModelTypeSet data_types;
-    service_->GetRegisteredDataTypes(&data_types);
-    service_->EncryptDataTypes(data_types);
-  }
+    // Encrypt all registered types.
+    service_->GetRegisteredDataTypes(&encrypted_types);
+  }  // Else we clear the pending types for encryption.
+  service_->set_pending_types_for_encryption(encrypted_types);
 
-  // If we are activating the passphrase, we need to have one supplied.
-  DCHECK(service_->IsUsingSecondaryPassphrase() ||
-         !configuration.use_secondary_passphrase ||
-         configuration.secondary_passphrase.length() > 0);
-
+  // It's possible the user has to provide a secondary passphrase even when
+  // they have not set one previously. This occurs when the user has changed
+  // their gaia password and then sign in to a new machine for the first time.
+  // The new machine will download data encrypted with their old gaia password,
+  // which their current gaia password will not be able to decrypt, triggering
+  // a prompt for a passphrase. At this point, the user must enter their old
+  // password, which we store as a new secondary passphrase.
+  // TODO(zea): eventually use the above gaia_passphrase instead of the
+  // secondary passphrase in this case.
   if (configuration.use_secondary_passphrase) {
     if (!service_->IsUsingSecondaryPassphrase()) {
       service_->SetPassphrase(configuration.secondary_passphrase, true, true);
       tried_creating_explicit_passphrase_ = true;
     } else {
       service_->SetPassphrase(configuration.secondary_passphrase, true, false);
       tried_setting_explicit_passphrase_ = true;
     }
   }
 
@@ skipping 132 matching lines @@
       break;
     }
     case SyncSetupWizard::DONE:
       flow_handler_->ShowSetupDone(
           UTF16ToWide(service_->GetAuthenticatedUsername()));
       break;
     default:
       NOTREACHED() << "Invalid advance state: " << state;
   }
 }