Treat SyncCredentialsLost as an auth error

chrome/browser/sync/profile_sync_service.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/sync/profile_sync_service.h"
 
 #include <cstddef>
 #include <map>
 #include <set>
 #include <utility>
@@ skipping 140 matching lines @@
     sync_service_url_ = GURL(kSyncServerUrl);
   }
 #endif
 }
 
 ProfileSyncService::~ProfileSyncService() {
   sync_prefs_.RemoveSyncPrefObserver(this);
   Shutdown();
 }
 
-bool ProfileSyncService::AreCredentialsAvailable() {
-  if (IsManaged()) {
-    return false;
-  }
-
-  // If we have start suppressed, then basically just act like we have no
-  // credentials (login is required to fix this, since we need the user's
-  // passphrase to encrypt/decrypt anyway).
-  // TODO(sync): Revisit this when we move to a server-based keystore.
-  if (sync_prefs_.IsStartSuppressed())
+bool ProfileSyncService::IsSyncEnabledAndLoggedIn() {
+  // Exit if sync is disabled.
+  if (IsManaged() || sync_prefs_.IsStartSuppressed())
     return false;
 
-  // CrOS user is always logged in. Chrome uses signin_ to check logged in.
-  if (signin_->GetAuthenticatedUsername().empty())
-    return false;
+  // Sync is logged in if there is a non-empty authenticated username.
+  return !signin_->GetAuthenticatedUsername().empty();
+}
 
+bool ProfileSyncService::IsSyncTokenAvailable() {
   TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
   if (!token_service)
     return false;
-
-  // TODO(chron): Verify CrOS unit test behavior.
   return token_service->HasTokenForService(GaiaConstants::kSyncService);
 }
 
 void ProfileSyncService::Initialize() {
   InitSettings();
 
   // We clear this here (vs Shutdown) because we want to remember that an error
   // happened on shutdown so we can display details (message, location) about it
   // in about:sync.
   ClearStaleErrors();
 
   sync_prefs_.AddSyncPrefObserver(this);
 
   // For now, the only thing we can do through policy is to turn sync off.
   if (IsManaged()) {
     DisableForUser();
     return;
   }
 
   RegisterAuthNotifications();
 
   if (!HasSyncSetupCompleted())
     DisableForUser();  // Clean up in case of previous crash / setup abort.
 
   TryStart();
 }
 
 void ProfileSyncService::TryStart() {
-  if (!sync_prefs_.IsStartSuppressed() && AreCredentialsAvailable()) {
+  if (!IsSyncEnabledAndLoggedIn())
+    return;
+  TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
+  if (!token_service)
+    return;
+  // Don't start the backend if the token service hasn't finished loading tokens
+  // yet (if the backend is started before the sync token has been loaded,
+  // GetCredentials() will return bogus credentials).
+  if (IsSyncTokenAvailable() || token_service->TokensLoadedFromDB()) {
     if (HasSyncSetupCompleted() || auto_start_enabled_) {
       // If sync setup has completed we always start the backend.
       // If autostart is enabled, but we haven't completed sync setup, we try to
       // start sync anyway, since it's possible we crashed/shutdown after
       // logging in but before the backend finished initializing the last time.
       // Note that if we haven't finished setting up sync, backend bring up will
       // be done by the wizard.
       StartUp();
     }
-  } else if (HasSyncSetupCompleted()) {
-    TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
-    if (token_service && token_service->TokensLoadedFromDB() &&
-        !AreCredentialsAvailable()) {
-      // The token service has lost sync's tokens. We cannot recover from this
-      // without signing back in, which is not yet supported. For now, we
-      // trigger an unrecoverable error.
-      OnUnrecoverableError(FROM_HERE, "Sync credentials lost.");
-    }
   }
 }
 
 void ProfileSyncService::StartSyncingWithServer() {
   if (backend_.get())
     backend_->StartSyncingWithServer();
 }
 
 void ProfileSyncService::RegisterAuthNotifications() {
   TokenService* token_service = TokenServiceFactory::GetForProfile(profile_);
@@ skipping 66 matching lines @@
       }
     }
   }
 }
 
 SyncCredentials ProfileSyncService::GetCredentials() {
   SyncCredentials credentials;
   credentials.email = signin_->GetAuthenticatedUsername();
   DCHECK(!credentials.email.empty());
   TokenService* service = TokenServiceFactory::GetForProfile(profile_);
-  credentials.sync_token = service->GetTokenForService(
-      GaiaConstants::kSyncService);
+  if (service->HasTokenForService(GaiaConstants::kSyncService)) {
+      credentials.sync_token = service->GetTokenForService(
+          GaiaConstants::kSyncService);
+    UMA_HISTOGRAM_BOOLEAN("Sync.CredentialsLost", false);
+  } else {
+    // We've lost our sync credentials (crbug.com/121755), so just make up some
+    // invalid credentials so the backend will generate an auth error.
+    UMA_HISTOGRAM_BOOLEAN("Sync.CredentialsLost", true);
+    credentials.sync_token = "credentials_lost";
+  }
   return credentials;
 }
 
 void ProfileSyncService::InitializeBackend(bool delete_stale_data) {
   if (!backend_.get()) {
     NOTREACHED();
     return;
   }
 
   syncable::ModelTypeSet initial_types;
@@ skipping 70 matching lines @@
 }
 
 
 void ProfileSyncService::StartUp() {
   // Don't start up multiple times.
   if (backend_.get()) {
     DVLOG(1) << "Skipping bringing up backend host.";
     return;
   }
 
-  DCHECK(AreCredentialsAvailable());
+  DCHECK(IsSyncEnabledAndLoggedIn());
 
   last_synced_time_ = sync_prefs_.GetLastSyncedTime();
 
 #if defined(OS_CHROMEOS)
   std::string bootstrap_token = sync_prefs_.GetEncryptionBootstrapToken();
   if (bootstrap_token.empty()) {
     sync_prefs_.SetEncryptionBootstrapToken(
         sync_prefs_.GetSpareBootstrapToken());
   }
 #endif
@@ skipping 968 matching lines @@
   DCHECK(encrypted_types_.Has(syncable::PASSWORDS));
   // We may be called during the setup process before we're
   // initialized.  In this case, we default to the sensitive types.
   return encrypted_types_;
 }
 
 void ProfileSyncService::OnSyncManagedPrefChange(bool is_sync_managed) {
   NotifyObservers();
   if (is_sync_managed) {
     DisableForUser();
-  } else if (HasSyncSetupCompleted() && AreCredentialsAvailable()) {
+  } else if (HasSyncSetupCompleted() &&
+             IsSyncEnabledAndLoggedIn() &&
+             IsSyncTokenAvailable()) {
+    // Previously-configured sync has been re-enabled, so start sync now.
     StartUp();
   }
 }
 
 void ProfileSyncService::Observe(int type,
                                  const content::NotificationSource& source,
                                  const content::NotificationDetails& details) {
   switch (type) {
     case chrome::NOTIFICATION_SYNC_CONFIGURE_START:
     case chrome::NOTIFICATION_SYNC_CONFIGURE_BLOCKED:
@@ skipping 101 matching lines @@
         // Track the fact that we're still waiting for auth to complete.
         is_auth_in_progress_ = true;
       }
       break;
     }
     case chrome::NOTIFICATION_TOKEN_REQUEST_FAILED: {
       const TokenService::TokenRequestFailedDetails& token_details =
           *(content::Details<const TokenService::TokenRequestFailedDetails>(
               details).ptr());
       if (IsTokenServiceRelevant(token_details.service()) &&
-          !AreCredentialsAvailable()) {
-        // The additional check around AreCredentialsAvailable above prevents us
+          !IsSyncTokenAvailable()) {
+        // The additional check around IsSyncTokenAvailable() above prevents us
         // sounding the alarm if we actually have a valid token but a refresh
         // attempt by TokenService failed for any variety of reasons (e.g. flaky
         // network). It's possible the token we do have is also invalid, but in
         // that case we should already have (or can expect) an auth error sent
         // from the sync backend.
         GoogleServiceAuthError error(
             GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
         UpdateAuthErrorState(error);
       }
       break;
     }
     case chrome::NOTIFICATION_TOKEN_AVAILABLE: {
       const TokenService::TokenAvailableDetails& token_details =
           *(content::Details<const TokenService::TokenAvailableDetails>(
               details).ptr());
       if (IsTokenServiceRelevant(token_details.service()) &&
-          AreCredentialsAvailable()) {
+          IsSyncEnabledAndLoggedIn() &&
+          IsSyncTokenAvailable()) {
         if (backend_initialized_)
           backend_->UpdateCredentials(GetCredentials());
-        else if (!sync_prefs_.IsStartSuppressed())
+        else
           StartUp();
       }
       break;
     }
     case chrome::NOTIFICATION_TOKEN_LOADING_FINISHED: {
       // This notification gets fired when TokenService loads the tokens
       // from storage.
-      if (AreCredentialsAvailable()) {
-        // Initialize the backend if sync token was loaded.
-        if (backend_initialized_) {
+      if (IsSyncEnabledAndLoggedIn()) {
+        // Initialize the backend if sync is enabled. If the sync token was
+        // not loaded, GetCredentials() will generate invalid credentials to
+        // cause the backend to generate an auth error (crbug.com/121755).
+        if (backend_initialized_)
           backend_->UpdateCredentials(GetCredentials());
-        }
-        if (!sync_prefs_.IsStartSuppressed())
+        else
           StartUp();
-      } else if (!auto_start_enabled_ &&
-                 !signin_->GetAuthenticatedUsername().empty() &&
-                 HasSyncSetupCompleted()) {
-        // If not in auto-start / Chrome OS mode, and we have a username
-        // without tokens, the user will need to signin again. At the moment
-        // this is not supported, so we trigger an unrecoverable error.
-        OnUnrecoverableError(FROM_HERE, "Sync credentials lost.");
       }
       break;
     }
     default: {
       NOTREACHED();
     }
   }
 }
 
 void ProfileSyncService::AddObserver(Observer* observer) {
@@ skipping 96 matching lines @@
   // See http://stackoverflow.com/questions/6224121/is-new-this-myclass-undefined-behaviour-after-directly-calling-the-destru.
   ProfileSyncService* old_this = this;
   this->~ProfileSyncService();
   new(old_this) ProfileSyncService(
       new ProfileSyncComponentsFactoryImpl(profile,
                                            CommandLine::ForCurrentProcess()),
       profile,
       signin,
       behavior);
 }