Clear opt-in for account-scoped passwords when Sync is turned off

This CL also clears the opt-in for the account-scoped password storage
when Sync is turned off (and the Sync consent is revoked).

Bug: 1098382
Change-Id: I4211a4f66c580f02d0844771dc1d09a03be268a7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2261272
Commit-Queue: Marc Treib <treib@chromium.org>
Reviewed-by: Alex Ilin <alexilin@chromium.org>
Reviewed-by: Mohamed Amir Yosef <mamir@chromium.org>
Cr-Commit-Position: refs/heads/master@{#781891}

chrome/browser/sync/test/integration/single_client_passwords_sync_test.cc

@@ -532,6 +532,11 @@ IN_PROC_BROWSER_TEST_F(SingleClientPasswordsWithAccountStorageSyncTest,
   ASSERT_TRUE(GetClient(0)->AwaitSyncTransportActive());
   ASSERT_FALSE(GetSyncService(0)->IsSyncFeatureEnabled());
 
+  // The account-storage opt-in gets cleared when turning off Sync, so opt in
+  // again.
+  OptInToAccountStorage(GetProfile(0)->GetPrefs(), GetSyncService(0));
+  PasswordSyncActiveChecker(GetSyncService(0)).Wait();
+
   // Now the password should be in both stores: The profile store does *not* get
   // cleared when Sync gets disabled.
   EXPECT_EQ(passwords_helper::GetAllLogins(profile_store).size(), 1u);

components/password_manager/core/browser/password_manager_features_util.cc

@@ -264,6 +264,12 @@ void OptOutOfAccountStorageAndClearSettings(
     return;
   }
 
+  OptOutOfAccountStorageAndClearSettingsForAccount(pref_service, gaia_id);
+}
+
+void OptOutOfAccountStorageAndClearSettingsForAccount(
+    PrefService* pref_service,
+    const std::string& gaia_id) {
   ScopedAccountStorageSettingsUpdate(pref_service,
                                      GaiaIdHash::FromGaiaId(gaia_id))
       .ClearAllSettings();

components/password_manager/core/browser/password_manager_features_util.h

@@ -61,6 +61,12 @@ void OptOutOfAccountStorageAndClearSettings(
     PrefService* pref_service,
     const syncer::SyncService* sync_service);
 
+// Like OptOutOfAccountStorageAndClearSettings(), but applies to a specific
+// given |gaia_id| rather than to the current signed-in user.
+void OptOutOfAccountStorageAndClearSettingsForAccount(
+    PrefService* pref_service,
+    const std::string& gaia_id);
+
 // Whether it makes sense to ask the user about the store when saving a
 // password (i.e. profile or account store). This is true if the user has
 // opted in already, or hasn't opted in but all other requirements are met (i.e.

components/password_manager/core/browser/sync/password_model_type_controller.cc

@@ -124,6 +124,17 @@ void PasswordModelTypeController::OnAccountsCookieDeletedByUserAction() {
   features_util::ClearAccountStorageSettingsForAllUsers(pref_service_);
 }
 
+void PasswordModelTypeController::OnPrimaryAccountCleared(
+    const CoreAccountInfo& previous_primary_account_info) {
+  // Note: OnPrimaryAccountCleared() basically means that the consent for
+  // Sync-the-feature was revoked. In this case, also clear any possible
+  // matching opt-in for the account-scoped storage, since it'd probably be
+  // surprising to the user if their account passwords still remained after
+  // disabling Sync.
+  features_util::OptOutOfAccountStorageAndClearSettingsForAccount(
+      pref_service_, previous_primary_account_info.gaia);
+}
+
 void PasswordModelTypeController::OnOptInStateMaybeChanged() {
   // Note: This method gets called in many other situations as well, not just
   // when the opt-in state changes, but DataTypePreconditionChanged() is cheap

components/password_manager/core/browser/sync/password_model_type_controller.h

@@ -54,6 +54,8 @@ class PasswordModelTypeController : public syncer::ModelTypeController,
       const signin::AccountsInCookieJarInfo& accounts_in_cookie_jar_info,
       const GoogleServiceAuthError& error) override;
   void OnAccountsCookieDeletedByUserAction() override;
+  void OnPrimaryAccountCleared(
+      const CoreAccountInfo& previous_primary_account_info) override;
 
  private:
   void OnOptInStateMaybeChanged();