Clean up Smart Lock cryptohome keys logic:

chrome/browser/signin/easy_unlock_service_regular.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/signin/easy_unlock_service_regular.h"
 
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/prefs/pref_service.h"
 #include "base/prefs/scoped_user_pref_update.h"
@@ skipping 73 matching lines @@
 
 #if defined(OS_CHROMEOS)
 void EasyUnlockServiceRegular::OnUserContextFromReauth(
     const chromeos::UserContext& user_context) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   short_lived_user_context_.reset(new chromeos::ShortLivedUserContext(
       user_context, apps::AppLifetimeMonitorFactory::GetForProfile(profile()),
       base::ThreadTaskRunnerHandle::Get().get()));
 
   OpenSetupApp();
+
+  // Use this opportunity to clear the crytohome keys if it was not already
+  // cleared earlier.
+  const base::ListValue* devices = GetRemoteDevices();
+  if (!devices || devices->empty()) {
+    chromeos::EasyUnlockKeyManager* key_manager =
+        chromeos::UserSessionManager::GetInstance()->GetEasyUnlockKeyManager();
+    key_manager->RefreshKeys(
+        user_context, base::ListValue(),
+        base::Bind(&EasyUnlockServiceRegular::SetHardlockAfterKeyOperation,
+                   weak_ptr_factory_.GetWeakPtr(),
+                   EasyUnlockScreenlockStateHandler::NO_PAIRING));
+  }
 }
 
-void EasyUnlockServiceRegular::OnKeysRefreshedForSetDevices(bool success) {
-  // If the keys were refreshed successfully, the hardlock state should be
-  // cleared, so Smart Lock can be used normally. Otherwise, we fall back to
-  // a hardlock state to force the user to type in their credentials again.
-  if (success) {
-    SetHardlockStateForUser(GetUserEmail(),
-                            EasyUnlockScreenlockStateHandler::NO_HARDLOCK);
-  }
+void EasyUnlockServiceRegular::SetHardlockAfterKeyOperation(
+    EasyUnlockScreenlockStateHandler::HardlockState state_on_success,
+    bool success) {
+  if (success)
+    SetHardlockStateForUser(GetUserEmail(), state_on_success);
 
-  // Even if the keys refresh suceeded, we still fetch the cryptohome keys as a
-  // sanity check.
+  // Even if the key operation (removeKey or refreshKey) suceeded, we still
+  // fetch and check the cryptohome keys against the keys in local preferences
+  // as a sanity check.
   CheckCryptohomeKeysAndMaybeHardlock();
 }
 #endif
 
 void EasyUnlockServiceRegular::OpenSetupApp() {
   ExtensionService* service =
       extensions::ExtensionSystem::Get(profile())->extension_service();
   const extensions::Extension* extension =
       service->GetExtensionById(extension_misc::kEasyUnlockAppId, false);
 
@@ skipping 33 matching lines @@
   if (pairing_dict && pairing_dict->GetList(kKeyDevices, &devices))
     return devices;
 
   return NULL;
 }
 
 void EasyUnlockServiceRegular::SetRemoteDevices(
     const base::ListValue& devices) {
   DictionaryPrefUpdate pairing_update(profile()->GetPrefs(),
                                       prefs::kEasyUnlockPairing);
-  pairing_update->SetWithoutPathExpansion(kKeyDevices, devices.DeepCopy());
+  if (devices.empty())
+    pairing_update->RemoveWithoutPathExpansion(kKeyDevices, NULL);
+  else
+    pairing_update->SetWithoutPathExpansion(kKeyDevices, devices.DeepCopy());
 
 #if defined(OS_CHROMEOS)
   // TODO(tengs): Investigate if we can determine if the remote devices were set
   // from sync or from the setup app.
-  if (short_lived_user_context_ && short_lived_user_context_->user_context() &&
-      !devices.empty()) {
+  if (short_lived_user_context_ && short_lived_user_context_->user_context()) {
     // We may already have the password cached, so proceed to create the
     // cryptohome keys for sign-in or the system will be hardlocked.
     chromeos::UserContext* user_context =
         short_lived_user_context_->user_context();
     chromeos::EasyUnlockKeyManager* key_manager =
         chromeos::UserSessionManager::GetInstance()->GetEasyUnlockKeyManager();
 
     key_manager->RefreshKeys(
         *user_context, devices,
-        base::Bind(&EasyUnlockServiceRegular::OnKeysRefreshedForSetDevices,
-                   weak_ptr_factory_.GetWeakPtr()));
+        base::Bind(&EasyUnlockServiceRegular::SetHardlockAfterKeyOperation,
+                   weak_ptr_factory_.GetWeakPtr(),
+                   EasyUnlockScreenlockStateHandler::NO_HARDLOCK));
   } else {
     CheckCryptohomeKeysAndMaybeHardlock();
   }
 #else
   CheckCryptohomeKeysAndMaybeHardlock();
 #endif
 }
 
-void EasyUnlockServiceRegular::ClearRemoteDevices() {
-  DictionaryPrefUpdate pairing_update(profile()->GetPrefs(),
-                                      prefs::kEasyUnlockPairing);
-  pairing_update->RemoveWithoutPathExpansion(kKeyDevices, NULL);
-  CheckCryptohomeKeysAndMaybeHardlock();
-}
-
 void EasyUnlockServiceRegular::RunTurnOffFlow() {
   if (turn_off_flow_status_ == PENDING)
     return;
 
   SetTurnOffFlowStatus(PENDING);
 
   // Currently there should only be one registered phone.
   // TODO(xiyuan): Revisit this when server supports toggle for all or
   // there are multiple phones.
   const base::DictionaryValue* pairing_dict =
@@ skipping 95 matching lines @@
 }
 
 void EasyUnlockServiceRegular::OnTurnOffFlowFinished(bool success) {
   turn_off_flow_.reset();
 
   if (!success) {
     SetTurnOffFlowStatus(FAIL);
     return;
   }
 
-  ClearRemoteDevices();
+  SetRemoteDevices(base::ListValue());
   SetTurnOffFlowStatus(IDLE);
   ReloadApp();
 }