Add CHECK to non-DICE signin that it's only used for force-signin

Also unlock any left-over parent profiles now that (legacy) supervised user profiles
don't exist anymore.

R=msarda@chromium.org

Change-Id: I19231e38e9b086c77cb250d14366d6acfa481509
Reviewed-on: https://chromium-review.googlesource.com/c/1292872Reviewed-by: Mihai Sardarescu <msarda@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#601498}

chrome/browser/profiles/profile_attributes_entry.cc

@@ -54,8 +54,19 @@ void ProfileAttributesEntry::Initialize(ProfileInfoCache* cache,
   storage_key_ = profile_path_.BaseName().MaybeAsASCII();
 
   is_force_signin_enabled_ = signin_util::IsForceSigninEnabled();
-  if (!IsAuthenticated() && is_force_signin_enabled_)
+  if (is_force_signin_enabled_) {
+    if (!IsAuthenticated())
       is_force_signin_profile_locked_ = true;
+#if defined(OS_MACOSX) || defined(OS_LINUX) || defined(OS_WIN)
+  } else if (IsSigninRequired()) {
+    // Profiles that require signin in the absence of an enterprise policy are
+    // left-overs from legacy supervised users. Just unlock them, so users can
+    // keep using them.
+    SetLocalAuthCredentials(std::string());
+    SetAuthInfo(std::string(), base::string16());
+    SetIsSigninRequired(false);
+#endif
+  }
 }
 
 base::string16 ProfileAttributesEntry::GetName() const {

chrome/browser/ui/startup/startup_browser_creator_corrupt_profiles_browsertest_win.cc

@@ -19,6 +19,7 @@
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/profiles/profile_window.h"
+#include "chrome/browser/signin/signin_util.h"
 #include "chrome/browser/ui/browser_list.h"
 #include "chrome/browser/ui/user_manager.h"
 #include "chrome/common/chrome_paths.h"
@@ -358,6 +359,7 @@ IN_PROC_BROWSER_TEST_F(StartupBrowserCreatorCorruptProfileTest,
                        PRE_DoNotStartLockedProfile) {
   // Lock the default profile. The user manager is shown after the profile is
   // locked.
+  signin_util::SetForceSigninForTesting(true);
   profiles::LockProfile(browser()->profile());
   ExpectUserManagerToShow();
 }
@@ -365,6 +367,7 @@ IN_PROC_BROWSER_TEST_F(StartupBrowserCreatorCorruptProfileTest,
 bool StartupBrowserCreatorCorruptProfileTest::
     SetUpUserDataDirectoryForDoNotStartLockedProfile() {
   SetExpectTestBodyToRun(false);
+  signin_util::SetForceSigninForTesting(true);
   return RemoveCreateDirectoryPermissionForUserDataDirectory();
 }
 

chrome/browser/ui/views/profiles/user_manager_view.cc

@@ -15,6 +15,7 @@
 #include "chrome/browser/profiles/profile_window.h"
 #include "chrome/browser/profiles/profiles_state.h"
 #include "chrome/browser/signin/signin_promo.h"
+#include "chrome/browser/signin/signin_util.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_dialogs.h"
 #include "chrome/browser/ui/browser_finder.h"
@@ -244,6 +245,9 @@ void UserManagerProfileDialog::ShowReauthDialogWithProfilePath(
     const std::string& email,
     const base::FilePath& profile_path,
     signin_metrics::Reason reason) {
+  CHECK(signin_util::IsForceSigninEnabled() ||
+        reason != signin_metrics::Reason::REASON_UNLOCK)
+      << "Legacy supervised users are no longer supported.";
   // This method should only be called if the user manager is already showing.
   if (!UserManager::IsShowing())
     return;

chrome/browser/ui/webui/signin/user_manager_ui_browsertest.cc

@@ -143,6 +143,7 @@ class UserManagerUIAuthenticatedUserBrowserTest
 
 IN_PROC_BROWSER_TEST_F(UserManagerUIAuthenticatedUserBrowserTest, Reauth) {
   Init();
+  signin_util::SetForceSigninForTesting(true);
   entry_->SetLocalAuthCredentials("1mock_credentials");
 
   LaunchAuthenticatedUser("email@mock.com");