Remove constructors from strings to CoreAccountId.

CoreAccountId objects should not be constructed directly by the clients
of the IdentityManager. Instead they should be using the IdentityManager
API to create CoreAccountId objects.

This CL only allows tests to directly create CoreAccountId objects.

Bug: 1028182

Change-Id: I3b893e0d24cacfcc85536e8781cd354e22566cb1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1926501Reviewed-by: Colin Blundell <blundell@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org>
Reviewed-by: Sylvain Defresne <sdefresne@chromium.org>
Reviewed-by: Boris Sazonov <bsazonov@chromium.org>
Reviewed-by: David Roger <droger@chromium.org>
Commit-Queue: Mihai Sardarescu <msarda@chromium.org>
Cr-Commit-Position: refs/heads/master@{#719158}

chrome/browser/android/consent_auditor/consent_auditor_bridge.cc

@@ -17,6 +17,9 @@
 
 using base::android::JavaParamRef;
 
+// TODO(crbug.com/1028580) Pass |j_account_id| as a
+// org.chromium.components.signin.identitymanager.CoreAccountId and convert it
+// to CoreAccountId using ConvertFromJavaCoreAccountId.
 static void JNI_ConsentAuditorBridge_RecordConsent(
     JNIEnv* env,
     const JavaParamRef<jobject>& obj,
@@ -42,6 +45,7 @@ static void JNI_ConsentAuditorBridge_RecordConsent(
   }
   ConsentAuditorFactory::GetForProfile(
       ProfileAndroid::FromProfileAndroid(j_profile))
-      ->RecordSyncConsent(CoreAccountId(ConvertJavaStringToUTF8(j_account_id)),
-                          sync_consent);
+      ->RecordSyncConsent(
+          CoreAccountId::FromString(ConvertJavaStringToUTF8(j_account_id)),
+          sync_consent);
 }

chrome/browser/chromeos/policy/android_management_client_unittest.cc

@@ -34,7 +34,7 @@ namespace policy {
 
 namespace {
 
-const char kAccountId[] = "fake-account-id";
+const char kAccountEmail[] = "fake-account-id@gmail.com";
 const char kOAuthToken[] = "fake-oauth-token";
 
 }  // namespace
@@ -52,7 +52,7 @@ class AndroidManagementClientTest : public testing::Test {
         base::MakeRefCounted<network::WeakWrapperSharedURLLoaderFactory>(
             &url_loader_factory_);
     client_.reset(new AndroidManagementClient(
-        &service_, shared_url_loader_factory_, CoreAccountId(kAccountId),
+        &service_, shared_url_loader_factory_, CoreAccountId(kAccountEmail),
         identity_test_environment_.identity_manager()));
 
     service_.ScheduleInitialization(0);
@@ -85,7 +85,7 @@ TEST_F(AndroidManagementClientTest, CheckAndroidManagementCall) {
 
   // On ChromeOS platform, account_id and email are same.
   AccountInfo account_info =
-      identity_test_environment_.MakeAccountAvailable(kAccountId);
+      identity_test_environment_.MakeAccountAvailable(kAccountEmail);
 
   client_->StartCheckAndroidManagement(callback_observer_.Get());
 

chrome/browser/chromeos/settings/device_oauth2_token_service.cc

@@ -110,9 +110,9 @@ CoreAccountId DeviceOAuth2TokenService::GetRobotAccountId() const {
     return robot_account_id_for_testing_;
   }
 
-  std::string account_id;
-  CrosSettings::Get()->GetString(kServiceAccountIdentity, &account_id);
-  return CoreAccountId(account_id);
+  std::string email;
+  CrosSettings::Get()->GetString(kServiceAccountIdentity, &email);
+  return CoreAccountId::FromEmail(email);
 }
 
 void DeviceOAuth2TokenService::set_robot_account_id_for_testing(
@@ -170,7 +170,7 @@ void DeviceOAuth2TokenService::OnGetTokenInfoResponse(
   token_info->GetString("email", &gaia_robot_id);
   gaia_oauth_client_.reset();
 
-  CheckRobotAccountId(CoreAccountId(gaia_robot_id));
+  CheckRobotAccountId(CoreAccountId::FromEmail(gaia_robot_id));
 }
 
 void DeviceOAuth2TokenService::OnOAuthError() {

chrome/browser/complex_tasks/endpoint_fetcher/endpoint_fetcher_unittest.cc

@@ -23,7 +23,7 @@ using MockEndpointFetcherCallback = base::MockCallback<EndpointFetcherCallback>;
 
 namespace {
 const char kContentType[] = "mock_content_type";
-const char kEmail[] = "mock_email";
+const char kEmail[] = "mock_email@gmail.com";
 const char kEndpoint[] = "https://my-endpoint.com";
 const char kExpectedResponse[] = "mock_response";
 const char kExpectedAuthError[] = "There was an authentication error";

chrome/browser/signin/signin_ui_util_unittest.cc

@@ -512,7 +512,7 @@ TEST_F(DiceSigninUiUtilTest,
       kMainGaiaID, kMainEmail, "refresh_token", false,
       signin_metrics::SourceForRefreshTokenOperation::kUnknown);
   GetIdentityManager()->GetAccountsMutator()->AddOrUpdateAccount(
-      kSecondaryEmail, kSecondaryGaiaID, "refresh_token", false,
+      kSecondaryGaiaID, kSecondaryEmail, "refresh_token", false,
       signin_metrics::SourceForRefreshTokenOperation::kUnknown);
 
   EXPECT_TRUE(ShouldShowAnimatedIdentityOnOpeningWindow(
@@ -542,7 +542,7 @@ TEST_F(DiceSigninUiUtilTest,
       kMainGaiaID, kMainEmail, "refresh_token", false,
       signin_metrics::SourceForRefreshTokenOperation::kUnknown);
   GetIdentityManager()->GetAccountsMutator()->AddOrUpdateAccount(
-      kSecondaryEmail, kSecondaryGaiaID, "refresh_token", false,
+      kSecondaryGaiaID, kSecondaryEmail, "refresh_token", false,
       signin_metrics::SourceForRefreshTokenOperation::kUnknown);
   EXPECT_TRUE(ShouldShowAnimatedIdentityOnOpeningWindow(
       *profile_manager()->profile_attributes_storage(), profile()));

chrome/browser/supervised_user/supervised_user_service_unittest.cc

@@ -228,7 +228,7 @@ TEST_F(SupervisedUserServiceTest, ShutDownCustodianProfileDownloader) {
 
   // Emulate being logged in, then start to download a profile so a
   // ProfileDownloader gets created.
-  identity_test_env()->MakePrimaryAccountAvailable("Logged In");
+  identity_test_env()->MakePrimaryAccountAvailable("logged_in@gmail.com");
 
   downloader_service->DownloadProfile(base::Bind(&OnProfileDownloadedFail));
 }

chrome/browser/ui/views/bookmarks/bookmark_bubble_view_unittest.cc

@@ -78,7 +78,8 @@ class BookmarkBubbleViewTest : public BrowserWithTestWindowTest {
 // Verifies that the sync promo is not displayed for a signed in user.
 TEST_F(BookmarkBubbleViewTest, SyncPromoSignedIn) {
   signin::MakePrimaryAccountAvailable(
-      IdentityManagerFactory::GetForProfile(profile()), "fake_username");
+      IdentityManagerFactory::GetForProfile(profile()),
+      "fake_username@gmail.com");
   CreateBubbleView();
   EXPECT_FALSE(bubble_->GetFootnoteViewForTesting());
 }

components/omnibox/browser/document_suggestions_service_unittest.cc

@@ -46,7 +46,7 @@ class DocumentSuggestionsServiceTest : public testing::Test {
             identity_test_env_.identity_manager(),
             shared_url_loader_factory_)) {
     // Set up identity manager.
-    identity_test_env_.SetPrimaryAccount("email");
+    identity_test_env_.SetPrimaryAccount("foo@gmail.com");
     identity_test_env_.SetRefreshTokenForPrimaryAccount();
     identity_test_env_.SetAutomaticIssueOfAccessTokens(true);
 

components/policy/test_support/policy_testserver.py

@@ -1191,7 +1191,7 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
     policy_data.settings_entity_id = msg.settings_entity_id
     policy_data.service_account_identity = policy.get(
         'service_account_identity',
-        'policy_testserver.py-service_account_identity')
+        'policy_testserver.py-service_account_identity@gmail.com')
     invalidation_source = policy.get('invalidation_source')
     if invalidation_source is not None:
       policy_data.invalidation_source = invalidation_source

components/signin/internal/identity_manager/account_tracker_service.cc

@@ -314,7 +314,8 @@ void AccountTrackerService::MigrateToGaiaId() {
   std::vector<CoreAccountId> to_remove;
   std::vector<AccountInfo> migrated_accounts;
   for (const auto& pair : accounts_) {
-    const CoreAccountId new_account_id(pair.second.gaia);
+    const CoreAccountId new_account_id =
+        CoreAccountId::FromGaiaId(pair.second.gaia);
     if (pair.first == new_account_id)
       continue;
 
@@ -456,11 +457,11 @@ void AccountTrackerService::LoadFromPrefs() {
         // Ignore incorrectly persisted non-canonical account ids.
         if (value.find('@') != std::string::npos &&
             value != gaia::CanonicalizeEmail(value)) {
-          to_remove.insert(CoreAccountId(value));
+          to_remove.insert(CoreAccountId::FromString(value));
           continue;
         }
-        CoreAccountId account_id(value);
 
+        CoreAccountId account_id = CoreAccountId::FromString(value);
         StartTrackingAccount(account_id);
         AccountInfo& account_info = accounts_[account_id];
 
@@ -599,17 +600,13 @@ CoreAccountId AccountTrackerService::PickAccountIdForAccount(
   DCHECK(!email.empty());
   switch (GetMigrationState(pref_service)) {
     case MIGRATION_NOT_STARTED:
-      // Some tests don't use a real email address.  To support these cases,
-      // don't try to canonicalize these strings.
-      return CoreAccountId(email.find('@') == std::string::npos
-                               ? email
-                               : gaia::CanonicalizeEmail(email));
+      return CoreAccountId::FromEmail(gaia::CanonicalizeEmail(email));
     case MIGRATION_IN_PROGRESS:
     case MIGRATION_DONE:
-      return CoreAccountId(gaia);
+      return CoreAccountId::FromGaiaId(gaia);
     default:
       NOTREACHED();
-      return CoreAccountId(email);
+      return CoreAccountId::FromString(email);
   }
 }
 

components/signin/internal/identity_manager/child_account_info_fetcher_android.cc

@@ -52,6 +52,9 @@ ChildAccountInfoFetcherAndroid::~ChildAccountInfoFetcherAndroid() {
                                        j_child_account_info_fetcher_);
 }
 
+// TODO(crbug.com/1028580) Pass |j_account_id| as a
+// org.chromium.components.signin.identitymanager.CoreAccountId and convert it
+// to CoreAccountId using ConvertFromJavaCoreAccountId.
 void JNI_ChildAccountInfoFetcher_SetIsChildAccount(
     JNIEnv* env,
     jlong native_service,
@@ -60,6 +63,7 @@ void JNI_ChildAccountInfoFetcher_SetIsChildAccount(
   AccountFetcherService* service =
       reinterpret_cast<AccountFetcherService*>(native_service);
   service->SetIsChildAccount(
-      CoreAccountId(base::android::ConvertJavaStringToUTF8(env, j_account_id)),
+      CoreAccountId::FromString(
+          base::android::ConvertJavaStringToUTF8(env, j_account_id)),
       is_child_account);
 }

components/signin/internal/identity_manager/mutable_profile_oauth2_token_service_delegate.cc

@@ -87,7 +87,8 @@ bool IsLegacyServiceId(const std::string& account_id) {
 }
 
 CoreAccountId RemoveAccountIdPrefix(const std::string& prefixed_account_id) {
-  return CoreAccountId(prefixed_account_id.substr(kAccountIdPrefixLength));
+  return CoreAccountId::FromString(
+      prefixed_account_id.substr(kAccountIdPrefixLength));
 }
 
 signin::LoadCredentialsState LoadCredentialsStateFromTokenResult(
@@ -430,8 +431,8 @@ void MutableProfileOAuth2TokenServiceDelegate::LoadCredentials(
   // to support legacy account IDs, and will not be needed after switching to
   // gaia IDs.
   if (primary_account_id.id.find('@') != std::string::npos) {
-    loading_primary_account_id_ =
-        CoreAccountId(gaia::CanonicalizeEmail(primary_account_id.id));
+    loading_primary_account_id_ = CoreAccountId::FromEmail(
+        gaia::CanonicalizeEmail(primary_account_id.id));
   } else {
     loading_primary_account_id_ = primary_account_id;
   }
@@ -552,8 +553,8 @@ void MutableProfileOAuth2TokenServiceDelegate::LoadAllCredentialsIntoMemory(
               // account id, make sure not to overwrite a refresh token from
               // a canonical version.  If no canonical version was loaded, then
               // re-persist this refresh token with the canonical account id.
-              CoreAccountId canon_account_id =
-                  CoreAccountId(gaia::CanonicalizeEmail(account_id.id));
+              CoreAccountId canon_account_id = CoreAccountId::FromEmail(
+                  gaia::CanonicalizeEmail(account_id.id));
               if (canon_account_id != account_id) {
                 ClearPersistedCredentials(account_id);
                 if (db_tokens.count(

components/signin/internal/identity_manager/oauth2_token_service_delegate_android.cc

@@ -165,7 +165,7 @@ OAuth2TokenServiceDelegateAndroid::OAuth2TokenServiceDelegateAndroid(
       AccountInfo account_info =
           account_tracker_service_->FindAccountInfoByEmail(account_name.id);
       DCHECK(!account_info.gaia.empty());
-      accounts_id.push_back(CoreAccountId(account_info.gaia));
+      accounts_id.push_back(CoreAccountId::FromGaiaId(account_info.gaia));
     }
     SetAccounts(accounts_id);
   }
@@ -235,13 +235,21 @@ std::vector<CoreAccountId> OAuth2TokenServiceDelegateAndroid::GetAccounts()
     const {
   std::vector<std::string> accounts;
   JNIEnv* env = AttachCurrentThread();
+
+  // TODO(crbug.com/1028580) Pass |j_accounts| as a list of
+  // org.chromium.components.signin.identitymanager.CoreAccountId and convert it
+  // to CoreAccountId using ConvertFromJavaCoreAccountId.
   ScopedJavaLocalRef<jobjectArray> j_accounts =
       signin::Java_OAuth2TokenService_getAccounts(env);
-  ;
+
   // TODO(fgorski): We may decide to filter out some of the accounts.
   base::android::AppendJavaStringArrayToStringVector(env, j_accounts,
                                                      &accounts);
-  return std::vector<CoreAccountId>(accounts.begin(), accounts.end());
+  std::vector<CoreAccountId> account_ids;
+  for (auto& account : accounts)
+    account_ids.push_back(CoreAccountId::FromString(account));
+
+  return account_ids;
 }
 
 std::vector<std::string>
@@ -252,6 +260,10 @@ OAuth2TokenServiceDelegateAndroid::GetSystemAccountNames() {
          "disable_interaction_with_system_accounts_";
   std::vector<std::string> account_names;
   JNIEnv* env = AttachCurrentThread();
+
+  // TODO(crbug.com/1028580) Pass |j_accounts| as a list of
+  // org.chromium.components.signin.identitymanager.CoreAccountId and convert it
+  // to CoreAccountId using ConvertFromJavaCoreAccountId.
   ScopedJavaLocalRef<jobjectArray> j_accounts =
       signin::Java_OAuth2TokenService_getSystemAccountNames(env, java_ref_);
   base::android::AppendJavaStringArrayToStringVector(env, j_accounts,
@@ -333,14 +345,17 @@ void OAuth2TokenServiceDelegateAndroid::
       env, java_ref_, j_account_id);
 }
 
+// TODO(crbug.com/1028580) Pass |account_id| as a
+// org.chromium.components.signin.identitymanager.CoreAccountId and convert it
+// to CoreAccountId using ConvertFromJavaCoreAccountId.
 void OAuth2TokenServiceDelegateAndroid::
     ReloadAllAccountsWithPrimaryAccountAfterSeeding(
         JNIEnv* env,
         const base::android::JavaParamRef<jstring>& account_id) {
   base::Optional<CoreAccountId> core_account_id;
   if (account_id) {
-    core_account_id = CoreAccountId();
-    core_account_id->id = ConvertJavaStringToUTF8(env, account_id);
+    core_account_id =
+        CoreAccountId::FromString(ConvertJavaStringToUTF8(env, account_id));
   }
   UpdateAccountList(core_account_id, GetValidAccounts(), GetSystemAccounts());
 }

components/signin/internal/identity_manager/primary_account_manager.cc

@@ -107,8 +107,9 @@ void PrimaryAccountManager::Initialize(PrefService* local_state) {
 
   bool consented =
       client_->GetPrefs()->GetBoolean(prefs::kGoogleServicesConsentedToSync);
+  CoreAccountId account_id = CoreAccountId::FromString(pref_account_id);
   CoreAccountInfo account_info =
-      account_tracker_service_->GetAccountInfo(CoreAccountId(pref_account_id));
+      account_tracker_service_->GetAccountInfo(account_id);
   if (consented) {
     DCHECK(!account_info.account_id.empty());
     // First reset the state, because SetAuthenticatedAccountInfo can only be

components/signin/public/identity_manager/accounts_mutator_unittest.cc

@@ -20,8 +20,8 @@
 
 namespace {
 
-const char kTestGaiaId[] = "gaia-id-test_user@test.com";
-const char kTestGaiaId2[] = "gaia-id-test_user-2@test.com";
+const char kTestGaiaId[] = "gaia-id-test_user-test.com";
+const char kTestGaiaId2[] = "gaia-id-test_user-2-test.com";
 const char kTestEmail[] = "test_user@test.com";
 const char kTestEmail2[] = "test_user@test-2.com";
 const char kRefreshToken[] = "refresh_token";

components/suggestions/suggestions_service_impl_unittest.cc

@@ -42,7 +42,7 @@ using testing::StrictMock;
 
 namespace {
 
-const char kEmail[] = "foo_email";
+const char kEmail[] = "foo_email@gmail.com";
 const char kSuggestionsUrlPath[] = "/chromesuggestions";
 const char kBlacklistUrlPath[] = "/chromesuggestions/blacklist";
 const char kBlacklistClearUrlPath[] = "/chromesuggestions/blacklist/clear";

components/unified_consent/unified_consent_service_unittest.cc

@@ -90,7 +90,7 @@ TEST_F(UnifiedConsentServiceTest, DefaultValuesWhenSignedOut) {
 
 TEST_F(UnifiedConsentServiceTest, EnableUrlKeyedAnonymizedDataCollection) {
   CreateConsentService();
-  identity_test_environment_.SetPrimaryAccount("testaccount");
+  identity_test_environment_.SetPrimaryAccount("testaccount@gmail.com");
   EXPECT_FALSE(pref_service_.GetBoolean(
       prefs::kUrlKeyedAnonymizedDataCollectionEnabled));
 
@@ -102,7 +102,7 @@ TEST_F(UnifiedConsentServiceTest, EnableUrlKeyedAnonymizedDataCollection) {
 
 TEST_F(UnifiedConsentServiceTest, Migration_UpdateSettings) {
   // Create user that syncs history and has no custom passphrase.
-  identity_test_environment_.SetPrimaryAccount("testaccount");
+  identity_test_environment_.SetPrimaryAccount("testaccount@gmail.com");
   sync_service_.GetUserSettings()->SetSelectedTypes(
       false, {syncer::UserSelectableType::kHistory});
   EXPECT_TRUE(sync_service_.IsSyncFeatureActive());
@@ -122,7 +122,7 @@ TEST_F(UnifiedConsentServiceTest, ClearPrimaryAccountDisablesSomeServices) {
   base::HistogramTester histogram_tester;
 
   CreateConsentService();
-  identity_test_environment_.SetPrimaryAccount("testaccount");
+  identity_test_environment_.SetPrimaryAccount("testaccount@gmail.com");
 
   // Precondition: Enable unified consent.
   consent_service_->SetUrlKeyedAnonymizedDataCollectionEnabled(true);

google_apis/BUILD.gn

@@ -171,6 +171,7 @@ google_apis_tmpl("google_apis") {
 static_library("test_support") {
   testonly = true
   sources = [
+    "gaia/core_account_id_for_testing.cc",
     "gaia/fake_gaia.cc",
     "gaia/fake_gaia.h",
     "gaia/fake_oauth2_access_token_manager.cc",

google_apis/gaia/core_account_id.cc

@@ -4,6 +4,16 @@
 
 #include "google_apis/gaia/core_account_id.h"
 
+#include "base/logging.h"
+
+namespace {
+// Returns whether the string looks like an email (the test is
+// crude an only checks whether it includes an '@').
+bool IsEmail(const std::string& string) {
+  return string.find('@') != std::string::npos;
+}
+}  // anonymous namespace
+
 CoreAccountId::CoreAccountId() = default;
 
 CoreAccountId::CoreAccountId(const CoreAccountId&) = default;
@@ -16,11 +26,31 @@ CoreAccountId& CoreAccountId::operator=(const CoreAccountId&) = default;
 
 CoreAccountId& CoreAccountId::operator=(CoreAccountId&&) noexcept = default;
 
-CoreAccountId::CoreAccountId(const char* id) : id(id) {}
+// static
+CoreAccountId CoreAccountId::FromGaiaId(const std::string& gaia_id) {
+  if (gaia_id.empty())
+    return CoreAccountId();
+
+  DCHECK(!IsEmail(gaia_id))
+      << "Expected a Gaia ID and got an email [actual = " << gaia_id << "]";
+  return CoreAccountId::FromString(gaia_id);
+}
+
+// static
+CoreAccountId CoreAccountId::FromEmail(const std::string& email) {
+  if (email.empty())
+    return CoreAccountId();
 
-CoreAccountId::CoreAccountId(std::string&& id) : id(std::move(id)) {}
+  DCHECK(IsEmail(email)) << "Expected an email [actual = " << email << "]";
+  return CoreAccountId::FromString(email);
+}
 
-CoreAccountId::CoreAccountId(const std::string& id) : id(id) {}
+// static
+CoreAccountId CoreAccountId::FromString(const std::string value) {
+  CoreAccountId account_id;
+  account_id.id = value;
+  return account_id;
+}
 
 bool CoreAccountId::empty() const {
   return id.empty();

google_apis/gaia/core_account_id.h

@@ -11,10 +11,18 @@
 
 #include "build/build_config.h"
 
-// Represent the id of an account for interaction with GAIA. It is
-// currently implicitly convertible to and from std::string to allow
-// progressive migration of the code (see https://crbug.com/959157
-// for design and tracking).
+// Represent the id of an account for interaction with GAIA.
+//
+// --------------------------------------------------------------------------
+// DO NOT USE CoreAccountId AS A PERSISTENT IDENTIFIER OF AN ACCOUNT.
+//
+// Currently a CoreAccountId can be created from a Gaia ID or from an email
+// that was canonicalized. We are in the process of migrating this identifier
+// to always be created from a Gaia ID.
+// Until the migration is complete, the value of a CoreAccountId value may
+// change on start-up.
+// --------------------------------------------------------------------------
+
 struct CoreAccountId {
   CoreAccountId();
   CoreAccountId(const CoreAccountId&);
@@ -24,14 +32,51 @@ struct CoreAccountId {
   CoreAccountId& operator=(const CoreAccountId&);
   CoreAccountId& operator=(CoreAccountId&&) noexcept;
 
+  // Checks if the account is valid or not.
+  bool empty() const;
+
+  // -------------------------------------------------------------------------
+  // --------------------------- DO NOT USE ----------------------------------
+  // TL;DR: To get a CoreAccountId, please use the IdentityManager.
+  //
+  // All constructors of this class are private or only used for tests as
+  // clients should not be creating CoreAccountId objects directly.
+
+  // Create a CoreAccountId from a Gaia ID.
+  // Returns an empty CoreAccountId if |gaia_id| is empty.
+  static CoreAccountId FromGaiaId(const std::string& gaia_id);
+
+  // Create a CoreAccountId object from an email.
+  // Returns an empty CoreAccountId if |email| is empty.
+  static CoreAccountId FromEmail(const std::string& email);
+
+  // Create a CoreAccountId object from a string that is either a gaia_id
+  // or an email.
+  //
+  // Note: This method only exits while the code is being migrated to
+  // use Gaia ID as the value of a CoreAccountId.
+  static CoreAccountId FromString(const std::string gaia_id_or_email);
+  // ---------------------------------------- ---------------------------------
+
+  // --------------------------------------------------------------------------
+  // -------------------- ONLY FOR TESTING ------------------------------------
+  // The following constructors are only used for testing. Their implementation
+  // is defined in core_account_id_for_testing.cc and is not linked in the
+  // production code. The reason for this is that they are currently being
+  // removed, but they are extensively used by the testing code.
+  //
+  // TODO(crbug.com/1028578): Update the tests to use one of FromEmail(),
+  // FromGaia() or FromString() methods above.
   explicit CoreAccountId(const char* id);
   explicit CoreAccountId(std::string&& id);
   explicit CoreAccountId(const std::string& id);
+  // --------------------------------------------------------------------------
 
-  // Checks if the account is valid or not.
-  bool empty() const;
-
+  // --------------------------------------------------------------------------
+  // --------------------------- DO NOT USE -----------------------------------
+  // TL;DR: msarda@ is in the process of making this variable private.
   std::string id;
+  // --------------------------------------------------------------------------
 };
 
 bool operator<(const CoreAccountId& lhs, const CoreAccountId& rhs);

google_apis/gaia/core_account_id_for_testing.cc

+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "google_apis/gaia/core_account_id.h"
+
+CoreAccountId::CoreAccountId(const char* id) : id(id) {}
+
+CoreAccountId::CoreAccountId(std::string&& id) : id(std::move(id)) {}
+
+CoreAccountId::CoreAccountId(const std::string& id) : id(id) {}
\ No newline at end of file

google_apis/gcm/BUILD.gn

@@ -168,6 +168,7 @@ test("gcm_unit_tests") {
     "//base/test:test_support",
     "//google_apis",
     "//google_apis:run_all_unittests",
+    "//google_apis:test_support",
     "//mojo/public/cpp/system:system",
     "//net",
     "//net:test_support",

google_apis/gcm/engine/gcm_store_impl.cc

@@ -151,7 +151,8 @@ std::string MakeAccountKey(const CoreAccountId& account_id) {
 }
 
 CoreAccountId ParseAccountKey(const std::string& key) {
-  return CoreAccountId(key.substr(base::size(kAccountKeyStart) - 1));
+  return CoreAccountId::FromString(
+      key.substr(base::size(kAccountKeyStart) - 1));
 }
 
 std::string MakeHeartbeatKey(const std::string& scope) {

ios/chrome/browser/signin/authentication_service.mm

@@ -278,7 +278,7 @@ AuthenticationService::GetLastKnownAccountsFromForeground() {
   for (const auto& value : accounts_pref->GetList()) {
     DCHECK(value.is_string());
     DCHECK(!value.GetString().empty());
-    accounts.push_back(CoreAccountId(value.GetString()));
+    accounts.push_back(CoreAccountId::FromString(value.GetString()));
   }
   return accounts;
 }

ios/chrome/browser/ui/authentication/authentication_flow_performer.mm

@@ -336,7 +336,7 @@ const int64_t kAuthenticationFlowTimeoutSeconds = 10;
 - (BOOL)shouldHandleMergeCaseForIdentity:(ChromeIdentity*)identity
                             browserState:
                                 (ios::ChromeBrowserState*)browserState {
-  CoreAccountId lastSignedInAccountId(
+  CoreAccountId lastSignedInAccountId = CoreAccountId::FromString(
       browserState->GetPrefs()->GetString(prefs::kGoogleServicesLastAccountId));
   CoreAccountId currentSignedInAccountId =
       IdentityManagerFactory::GetForBrowserState(browserState)

ios/chrome/browser/ui/settings/clear_browsing_data/clear_browsing_data_collection_view_controller_unittest.mm

@@ -96,7 +96,7 @@ class ClearBrowsingDataCollectionViewControllerTest
         std::make_unique<AuthenticationServiceDelegateFake>());
 
     ios::FakeChromeIdentityService::GetInstanceFromChromeProvider()
-        ->AddIdentities(@[ @"syncuser@example.com" ]);
+        ->AddIdentities(@[ @"syncuser" ]);
 
     test_sync_service_ = static_cast<syncer::TestSyncService*>(
         ProfileSyncServiceFactory::GetForBrowserState(browser_state_.get()));

services/identity/public/cpp/core_account_id_mojom_traits.cc

@@ -15,7 +15,7 @@ bool StructTraits<identity::mojom::CoreAccountId::DataView, ::CoreAccountId>::
     return false;
   }
 
-  out->id = id;
+  *out = CoreAccountId::FromString(id);
 
   return true;
 }