Do not logout Unicorn accounts in case of Secondary Account errors

Fix a problem when the primary Unicorn account could be force
logged out in case secondary account becomes unauthenticated.
Force log out only when primary account has errors with its
refresh token.

R=droger@chromium.org, emaxx@chromium.org, sinhak@chromium.org

Bug: b/146461662
Change-Id: I22f2da65e2b208f47d791cd1c6c3d9b0235a9af1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2058958Reviewed-by: Kush Sinha <sinhak@chromium.org>
Reviewed-by: James Cook <jamescook@chromium.org>
Reviewed-by: David Roger <droger@chromium.org>
Commit-Queue: Andrei Salavei <solovey@google.com>
Cr-Commit-Position: refs/heads/master@{#746323}

chrome/browser/signin/account_reconcilor_factory.cc

@@ -61,9 +61,16 @@ class ChromeOSChildAccountReconcilorDelegate
       return;
     }
 
+    if (!GetIdentityManager()->HasAccountWithRefreshTokenInPersistentErrorState(
+            GetIdentityManager()->GetPrimaryAccountId(
+                signin::ConsentLevel::kNotRequired))) {
+      return;
+    }
+
     // Mark the account to require an online sign in.
     const user_manager::User* primary_user =
         user_manager::UserManager::Get()->GetPrimaryUser();
+    DCHECK(primary_user);
     user_manager::UserManager::Get()->SaveForceOnlineSignin(
         primary_user->GetAccountId(), true /* force_online_signin */);
 

components/signin/core/browser/mirror_account_reconcilor_delegate.h

@@ -27,6 +27,8 @@ class MirrorAccountReconcilorDelegate : public AccountReconcilorDelegate,
   // |ChromeOSAccountReconcilorDelegate|.
   bool IsReconcileEnabled() const override;
 
+  IdentityManager* GetIdentityManager() const { return identity_manager_; }
+
  private:
   // AccountReconcilorDelegate:
   bool IsAccountConsistencyEnforced() const override;