[signin] Signout from settings deletes authentication tokens

When Dice is enabled, this will allow the reconcilor to perform a full web logout, in addition to turning off Sync. Bug: 852000 Cq-Include-Trybots: luci.chromium.try:closure_compilation Change-Id: I55bda4d7151fccd8c1f40b522fed0f5b63adbc1f Reviewed-on: https://chromium-review.googlesource.com/1117071 Commit-Queue: David Roger <droger@chromium.org> Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org> Cr-Commit-Position: refs/heads/master@{#571526}

[signin] Signout from settings deletes authentication tokens
When Dice is enabled, this will allow the reconcilor to perform a full web logout, in addition to turning off Sync. Bug: 852000 Cq-Include-Trybots: luci.chromium.try:closure_compilation Change-Id: I55bda4d7151fccd8c1f40b522fed0f5b63adbc1f Reviewed-on: https://chromium-review.googlesource.com/1117071 Commit-Queue: David Roger <droger@chromium.org> Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org> Cr-Commit-Position: refs/heads/master@{#571526}
27b0225c · David Roger · Commit Bot · bd54ce72 · 27b0225c · 27b0225c
Commit 27b0225c authored Jun 29, 2018 by David Roger Committed by Commit Bot Jun 29, 2018
3 changed files
--- a/chrome/browser/resources/settings/people_page/sync_browser_proxy.js
+++ b/chrome/browser/resources/settings/people_page/sync_browser_proxy.js
@@ -225,7 +225,7 @@ cr.define('settings', function() {

    /** @override */
    signOut(deleteProfile) {
-      chrome.send('SyncSetupStopSyncing', [deleteProfile]);
+      chrome.send('SyncSetupSignout', [deleteProfile]);
    }

    /** @override */

--- a/chrome/browser/ui/webui/settings/people_handler.cc
+++ b/chrome/browser/ui/webui/settings/people_handler.cc
@@ -21,6 +21,7 @@
 #include "chrome/browser/profiles/profile_metrics.h"
 #include "chrome/browser/profiles/profile_window.h"
 #include "chrome/browser/signin/chrome_signin_helper.h"
+#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_error_controller_factory.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/signin/signin_promo.h"
@@ -42,6 +43,7 @@
 #include "components/browser_sync/profile_sync_service.h"
 #include "components/prefs/pref_service.h"
 #include "components/signin/core/browser/profile_management_switches.h"
+#include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_error_controller.h"
 #include "components/signin/core/browser/signin_header_helper.h"
 #include "components/signin/core/browser/signin_metrics.h"
@@ -251,9 +253,8 @@ void PeopleHandler::RegisterMessages() {
                          base::Unretained(this)));
 #else
  web_ui()->RegisterMessageCallback(
-      "SyncSetupStopSyncing",
-      base::BindRepeating(&PeopleHandler::HandleStopSyncing,
-                          base::Unretained(this)));
+      "SyncSetupSignout", base::BindRepeating(&PeopleHandler::HandleSignout,
+                                              base::Unretained(this)));
  web_ui()->RegisterMessageCallback(
      "SyncSetupStartSignIn",
      base::BindRepeating(&PeopleHandler::HandleStartSignin,
@@ -708,19 +709,30 @@ void PeopleHandler::HandleStartSignin(const base::ListValue* args) {
  DisplayGaiaLogin(signin_metrics::AccessPoint::ACCESS_POINT_SETTINGS);
 }

-void PeopleHandler::HandleStopSyncing(const base::ListValue* args) {
+void PeopleHandler::HandleSignout(const base::ListValue* args) {
  bool delete_profile = false;
  args->GetBoolean(0, &delete_profile);

-  if (!SigninManagerFactory::GetForProfile(profile_)->IsSignoutProhibited()) {
-    if (GetSyncService())
-      ProfileSyncService::SyncEvent(ProfileSyncService::STOP_FROM_OPTIONS);
-
-    signin_metrics::SignoutDelete delete_metric =
-        delete_profile ? signin_metrics::SignoutDelete::DELETED
-                       : signin_metrics::SignoutDelete::KEEPING;
-    SigninManagerFactory::GetForProfile(profile_)
-        ->SignOut(signin_metrics::USER_CLICKED_SIGNOUT_SETTINGS, delete_metric);
+  SigninManager* signin_manager = SigninManagerFactory::GetForProfile(profile_);
+  if (signin_manager->IsSignoutProhibited()) {
+    // If the user cannot signout, the profile must be destroyed.
+    DCHECK(delete_profile);
+  } else {
+    if (signin_manager->IsAuthenticated()) {
+      if (GetSyncService())
+        ProfileSyncService::SyncEvent(ProfileSyncService::STOP_FROM_OPTIONS);
+
+      signin_metrics::SignoutDelete delete_metric =
+          delete_profile ? signin_metrics::SignoutDelete::DELETED
+                         : signin_metrics::SignoutDelete::KEEPING;
+      signin_manager->SignOutAndRemoveAllAccounts(
+          signin_metrics::USER_CLICKED_SIGNOUT_SETTINGS, delete_metric);
+    } else {
+      DCHECK(!delete_profile)
+          << "Deleting the profile should only be offered the user is syncing.";
+      ProfileOAuth2TokenServiceFactory::GetForProfile(profile_)
+          ->RevokeAllCredentials();
+    }
  }

  if (delete_profile) {

--- a/chrome/browser/ui/webui/settings/people_handler.h
+++ b/chrome/browser/ui/webui/settings/people_handler.h
@@ -174,7 +174,7 @@ class PeopleHandler : public SettingsPageUIHandler,
  void HandleRequestPinLoginState(const base::ListValue* args);
 #endif
  void HandleStartSignin(const base::ListValue* args);
-  void HandleStopSyncing(const base::ListValue* args);
+  void HandleSignout(const base::ListValue* args);
  void HandleGetSyncStatus(const base::ListValue* args);
  void HandleManageOtherPeople(const base::ListValue* args);