Disallow sign-in when OAuth client ID is not set.

Bug: NONE Change-Id: I351d102d2d9a25d81c15417f7fdba72ac3028855 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2429063 Commit-Queue: Mihai Sardarescu <msarda@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#811736}

Disallow sign-in when OAuth client ID is not set.
Bug: NONE Change-Id: I351d102d2d9a25d81c15417f7fdba72ac3028855 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2429063 Commit-Queue: Mihai Sardarescu <msarda@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Cr-Commit-Position: refs/heads/master@{#811736}
0be94b28 · Mihai Sardarescu · Commit Bot · db764626 · 0be94b28 · 0be94b28
Commit 0be94b28 authored Sep 29, 2020 by Mihai Sardarescu Committed by Commit Bot Sep 29, 2020
2 changed files
--- a/chrome/browser/signin/account_consistency_mode_manager.cc
+++ b/chrome/browser/signin/account_consistency_mode_manager.cc
@@ -29,6 +29,10 @@ using signin::AccountConsistencyMethod;
 namespace {
+// By default, DICE is not enabled in builds lacking an API key. May be set to
+// true for tests.
+bool g_ignore_missing_oauth_client_for_testing = false;
 #if BUILDFLAG(ENABLE_DICE_SUPPORT)
 // Preference indicating that the Dice migraton has happened.
 const char kDiceMigrationCompletePref[] = "signin.DiceMigrationComplete";
@@ -45,13 +49,29 @@ bool IsBrowserSigninAllowedByCommandLine() {
  // If the commandline flag is not provided, the default is true.
  return true;
 }
+// Returns true if Desktop Identity Consistency can be enabled for this build
+// (i.e. if OAuth client ID and client secret are configured).
+bool CanEnableDiceForBuild() {
+  if (g_ignore_missing_oauth_client_for_testing ||
+      google_apis::HasOAuthClientConfigured()) {
+    return true;
+  }
+  // Only log this once.
+  static bool logged_warning = []() {
+    LOG(WARNING) << "Desktop Identity Consistency cannot be enabled as no "
+                    "OAuth client ID and client secret have been configured.";
+    return true;
+  }();
+  ALLOW_UNUSED_LOCAL(logged_warning);
+  return false;
+}
 #endif
 }  // namespace
-bool AccountConsistencyModeManager::ignore_missing_oauth_client_for_testing_ =
-    false;
 // static
 AccountConsistencyModeManager* AccountConsistencyModeManager::GetForProfile(
    Profile* profile) {
@@ -69,8 +89,9 @@ AccountConsistencyModeManager::AccountConsistencyModeManager(Profile* profile)
  PrefService* prefs = profile->GetPrefs();
  // Propagate settings changes from the previous launch to the signin-allowed
  // pref.
-  bool signin_allowed = prefs->GetBoolean(prefs::kSigninAllowedOnNextStartup) &&
+  bool signin_allowed = CanEnableDiceForBuild() &&
-                        IsBrowserSigninAllowedByCommandLine();
+                        IsBrowserSigninAllowedByCommandLine() &&
+                        prefs->GetBoolean(prefs::kSigninAllowedOnNextStartup);
  prefs->SetBoolean(prefs::kSigninAllowed, signin_allowed);
  UMA_HISTOGRAM_BOOLEAN("Signin.SigninAllowed", signin_allowed);
@@ -135,7 +156,7 @@ bool AccountConsistencyModeManager::IsMirrorEnabledForProfile(
 // static
 void AccountConsistencyModeManager::SetIgnoreMissingOAuthClientForTesting() {
-  ignore_missing_oauth_client_for_testing_ = true;
+  g_ignore_missing_oauth_client_for_testing = true;
 }
 // static
@@ -188,20 +209,6 @@ AccountConsistencyModeManager::ComputeAccountConsistencyMethod(
  if (profile->IsLegacySupervised())
    return AccountConsistencyMethod::kDisabled;
-  bool can_enable_dice_for_build = ignore_missing_oauth_client_for_testing_ ||
-                                   google_apis::HasOAuthClientConfigured();
-  if (!can_enable_dice_for_build) {
-    // Only log this once.
-    static bool logged_warning = []() {
-      LOG(WARNING) << "Desktop Identity Consistency cannot be enabled as no "
-                      "OAuth client ID and client secret have been configured.";
-      return true;
-    }();
-    ALLOW_UNUSED_LOCAL(logged_warning);
-    return AccountConsistencyMethod::kDisabled;
-  }
  if (!profile->GetPrefs()->GetBoolean(prefs::kSigninAllowed)) {
    VLOG(1) << "Desktop Identity Consistency disabled as sign-in to Chrome"
               "is not allowed";

--- a/chrome/browser/signin/account_consistency_mode_manager.h
+++ b/chrome/browser/signin/account_consistency_mode_manager.h
@@ -87,10 +87,6 @@ class AccountConsistencyModeManager : public KeyedService {
  signin::AccountConsistencyMethod account_consistency_;
  bool account_consistency_initialized_;
-  // By default, DICE is not enabled in builds lacking an API key. Set to true
-  // for tests.
-  static bool ignore_missing_oauth_client_for_testing_;
  DISALLOW_COPY_AND_ASSIGN(AccountConsistencyModeManager);
 };