Do not announce robot account token before account ID is available

chrome/browser/chromeos/settings/device_oauth2_token_service.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/settings/device_oauth2_token_service.h"
 
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
+#include "base/bind_helpers.h"
 #include "base/memory/weak_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/prefs/pref_registry_simple.h"
 #include "base/prefs/pref_service.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
-#include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/chromeos/settings/token_encryptor.h"
 #include "chrome/common/pref_names.h"
 #include "chromeos/cryptohome/system_salt_getter.h"
+#include "chromeos/settings/cros_settings_names.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "google_apis/gaia/gaia_urls.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "google_apis/gaia/oauth2_access_token_fetcher_impl.h"
 #include "policy/proto/device_management_backend.pb.h"
 
 namespace chromeos {
 
 struct DeviceOAuth2TokenService::PendingRequest {
   PendingRequest(const base::WeakPtr<RequestImpl>& request,
                  const std::string& client_id,
                  const std::string& client_secret,
                  const ScopeSet& scopes)
       : request(request),
         client_id(client_id),
         client_secret(client_secret),
         scopes(scopes) {}
 
   const base::WeakPtr<RequestImpl> request;
   const std::string client_id;
   const std::string client_secret;
   const ScopeSet scopes;
 };
 
+void DeviceOAuth2TokenService::OnServiceAccountIdentityChanged() {
+  if (!GetRobotAccountId().empty() && !refresh_token_.empty())
+    FireRefreshTokenAvailable(GetRobotAccountId());
+}
+
 DeviceOAuth2TokenService::DeviceOAuth2TokenService(
     net::URLRequestContextGetter* getter,
     PrefService* local_state)
     : url_request_context_getter_(getter),
       local_state_(local_state),
       state_(STATE_LOADING),
       max_refresh_token_validation_retries_(3),
+      service_account_identity_subscription_(
+          CrosSettings::Get()->AddSettingsObserver(
+              kServiceAccountIdentity,
+              base::Bind(
+                  &DeviceOAuth2TokenService::OnServiceAccountIdentityChanged,
+                  base::Unretained(this))).Pass()),
       weak_ptr_factory_(this) {
   // Pull in the system salt.
   SystemSaltGetter::Get()->GetSystemSalt(
       base::Bind(&DeviceOAuth2TokenService::DidGetSystemSalt,
                  weak_ptr_factory_.GetWeakPtr()));
 }
 
 DeviceOAuth2TokenService::~DeviceOAuth2TokenService() {
   FlushPendingRequests(false, GoogleServiceAuthError::REQUEST_CANCELED);
   FlushTokenSaveCallbacks(false);
 }
 
 // static
 void DeviceOAuth2TokenService::RegisterPrefs(PrefRegistrySimple* registry) {
   registry->RegisterStringPref(prefs::kDeviceRobotAnyApiRefreshToken,
                                std::string());
 }
 
 void DeviceOAuth2TokenService::SetAndSaveRefreshToken(
     const std::string& refresh_token,
     const StatusCallback& result_callback) {
   FlushPendingRequests(false, GoogleServiceAuthError::REQUEST_CANCELED);
 
   bool waiting_for_salt = state_ == STATE_LOADING;
   refresh_token_ = refresh_token;
   state_ = STATE_VALIDATION_PENDING;
-  FireRefreshTokenAvailable(GetRobotAccountId());
+
+  // If the robot account ID is not available yet, do not announce the token. It
+  // will be done from OnServiceAccountIdentityChanged() once the robot account
+  // ID becomes available as well.
+  if (!GetRobotAccountId().empty())
+    FireRefreshTokenAvailable(GetRobotAccountId());
 
   token_save_callbacks_.push_back(result_callback);
   if (!waiting_for_salt) {
     if (system_salt_.empty())
       FlushTokenSaveCallbacks(false);
     else
       EncryptAndSaveToken();
   }
 }
 
@@ skipping 165 matching lines @@
 
   // Announce the token.
   FireRefreshTokenAvailable(GetRobotAccountId());
   FireRefreshTokensLoaded();
 }
 
 void DeviceOAuth2TokenService::CheckRobotAccountId(
     const std::string& gaia_robot_id) {
   // Make sure the value returned by GetRobotAccountId has been validated
   // against current device settings.
-  switch (CrosSettings::Get()->PrepareTrustedValues(
-      base::Bind(&DeviceOAuth2TokenService::CheckRobotAccountId,
-                 weak_ptr_factory_.GetWeakPtr(),
-                 gaia_robot_id))) {
+  switch (CrosSettings::Get()->PrepareTrustedValues(base::Bind(
+              &DeviceOAuth2TokenService::CheckRobotAccountId,
+              weak_ptr_factory_.GetWeakPtr(),
+              gaia_robot_id))) {
     case CrosSettingsProvider::TRUSTED:
       // All good, compare account ids below.
       break;
     case CrosSettingsProvider::TEMPORARILY_UNTRUSTED:
       // The callback passed to PrepareTrustedValues above will trigger a
       // re-check eventually.
       return;
     case CrosSettingsProvider::PERMANENTLY_UNTRUSTED:
       // There's no trusted account id, which is equivalent to no token present.
       LOG(WARNING) << "Device settings permanently untrusted.";
@@ skipping 102 matching lines @@
   GoogleServiceAuthError auth_error(error);
   base::MessageLoop::current()->PostTask(FROM_HERE, base::Bind(
       &RequestImpl::InformConsumer,
       request->AsWeakPtr(),
       auth_error,
       std::string(),
       base::Time()));
 }
 
 }  // namespace chromeos