Avoid Network Error Screen on "Back" in SAML PIN

This fixes the UX glitch that pressing the "Back" button
in the SAML smart card PIN dialog (<security-token-pin>
Polymer element) was triggering the "Network Error" screen.

The underlying issue is that cancelling the PIN dialog
indeed aborts the TLS handshake with an error, but it
doesn't make sense to show this error to the user.

The proposed fix is to remember whether the PIN dialog was
canceled during the current authentication attempt, and
suppress the network error in that case.

Bug: 1052409
Test: start SAML login via a smart card, proceed to PIN dialog, press "Back", verify that no Network Error screen is shown
Change-Id: If54dbd067da763afca7ceec4957bebf0d748da9c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2069542
Commit-Queue: Maksim Ivanov <emaxx@chromium.org>
Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#746435}

chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.cc

@@ -577,6 +577,8 @@ void GaiaScreenHandler::LoadGaiaWithPartitionAndVersionAndConsent(
   }
   public_saml_url_fetcher_.reset();
 
+  was_security_token_pin_canceled_ = false;
+
   frame_state_ = FRAME_STATE_LOADING;
   CallJS("login.GaiaSigninScreen.loadAuthExtension", params);
 }
@@ -782,11 +784,14 @@ void GaiaScreenHandler::HandleWebviewLoadAborted(int error_code) {
                  << net::ErrorToShortString(error_code);
     return;
   }
-  if (error_code == net::ERR_TIMED_OUT &&
-      is_security_token_pin_dialog_running()) {
-    // Timeout errors are expected when the security token PIN is not entered by
-    // the user on time. In that case, return the user back to the first sign-in
-    // step instead of showing the network error screen.
+  if ((was_security_token_pin_canceled_ && error_code == net::ERR_FAILED) ||
+      (is_security_token_pin_dialog_running() &&
+       error_code == net::ERR_TIMED_OUT)) {
+    // Specific errors are expected when the security token PIN is aborted
+    // (either with a generic failure if the user canceled the dialog, or with a
+    // timeout error if the user didn't enter it on time). In that case, return
+    // the user back to the first sign-in step instead of showing the network
+    // error screen.
     ReloadGaia(/*force_reload=*/true);
     return;
   }
@@ -1116,6 +1121,7 @@ void GaiaScreenHandler::HandleSecurityTokenPinEntered(
     return;
   }
 
+  was_security_token_pin_canceled_ = user_input.empty();
   if (user_input.empty()) {
     security_token_pin_entered_callback_.Reset();
     std::move(security_token_pin_dialog_closed_callback_).Run();

chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.h

@@ -446,6 +446,9 @@ class GaiaScreenHandler : public BaseScreenHandler,
   // Is non-empty iff the dialog is active.
   SecurityTokenPinDialogClosedCallback
       security_token_pin_dialog_closed_callback_;
+  // Whether the PIN dialog shown during the current authentication attempt was
+  // canceled by the user.
+  bool was_security_token_pin_canceled_ = false;
 
   // Handler for |samlChallengeMachineKey| request.
   std::unique_ptr<SamlChallengeKeyHandler> saml_challenge_key_handler_;