Client changes for disabled dasher account

When sync receives DISABLED_BY_ADMIN from server PSS stops SyncBackendHost and disables sync by settings DisabledByAdmin pref. This prevents sync from connecting to server in the future. The way to reenable sync is to sign out and sign in again. In future milestone we will implement retry logic that will periodically (once a day) try to connect to sync server to see if sync is still disabled. BUG=178417 Review URL: https://chromiumcodereview.appspot.com/14655009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@202956 0039d316-1c4b-4281-b951-d872f2087c98

Client changes for disabled dasher account
When sync receives DISABLED_BY_ADMIN from server PSS stops SyncBackendHost and disables sync by settings DisabledByAdmin pref. This prevents sync from connecting to server in the future. The way to reenable sync is to sign out and sign in again. In future milestone we will implement retry logic that will periodically (once a day) try to connect to sync server to see if sync is still disabled. BUG=178417 Review URL: https://chromiumcodereview.appspot.com/14655009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@202956 0039d316-1c4b-4281-b951-d872f2087c98
5a496e5c · pavely@chromium.org · 27c521a7 · 5a496e5c · 5a496e5c · 5a496e5c
Commit 5a496e5c authored May 29, 2013 by pavely@chromium.org
16 changed files
--- a/chrome/browser/profiles/profile.cc
+++ b/chrome/browser/profiles/profile.cc
@@ -10,6 +10,7 @@
 #include "build/build_config.h"
 #include "chrome/browser/first_run/first_run.h"
 #include "chrome/browser/sync/profile_sync_service.h"
+#include "chrome/browser/sync/profile_sync_service_factory.h"
 #include "chrome/browser/sync/sync_prefs.h"
 #include "chrome/common/chrome_notification_types.h"
 #include "chrome/common/pref_names.h"
@@ -171,6 +172,11 @@ bool Profile::IsNewProfile() {
 }
 bool Profile::IsSyncAccessible() {
+  if (ProfileSyncServiceFactory::HasProfileSyncService(this))
+    return !ProfileSyncServiceFactory::GetForProfile(this)->IsManaged();
+  // No ProfileSyncService created yet - we don't want to create one, so just
+  // infer the accessible state by looking at prefs/command line flags.
  browser_sync::SyncPrefs prefs(GetPrefs());
  return ProfileSyncService::IsSyncEnabled() && !prefs.IsManaged();
 }

--- a/chrome/browser/sync/profile_sync_service.cc
+++ b/chrome/browser/sync/profile_sync_service.cc
@@ -131,7 +131,8 @@ static bool IsTokenServiceRelevant(const std::string& service) {
 bool ShouldShowActionOnUI(
    const syncer::SyncProtocolError& error) {
  return (error.action != syncer::UNKNOWN_ACTION &&
-          error.action != syncer::DISABLE_SYNC_ON_CLIENT);
+          error.action != syncer::DISABLE_SYNC_ON_CLIENT &&
+          error.action != syncer::STOP_SYNC_FOR_DISABLED_ACCOUNT);
 }
 ProfileSyncService::ProfileSyncService(ProfileSyncComponentsFactory* factory,
@@ -149,6 +150,7 @@ ProfileSyncService::ProfileSyncService(ProfileSyncComponentsFactory* factory,
      data_type_requested_sync_startup_(false),
      is_first_time_sync_configure_(false),
      backend_initialized_(false),
+      sync_disabled_by_admin_(false),
      is_auth_in_progress_(false),
      signin_(signin_manager),
      unrecoverable_error_reason_(ERROR_REASON_UNSET),
@@ -1223,6 +1225,12 @@ void ProfileSyncService::OnActionableError(const SyncProtocolError& error) {
      // TODO(rsimha): Re-evaluate whether to also sign out the user here after
      // a dashboard clear. See http://crbug.com/240436.
      break;
+    case syncer::STOP_SYNC_FOR_DISABLED_ACCOUNT:
+      // Sync disabled by domain admin. we should stop syncing until next
+      // restart.
+      sync_disabled_by_admin_ = true;
+      ShutdownImpl(true);
+      break;
    default:
      NOTREACHED();
  }
@@ -1979,7 +1987,7 @@ void ProfileSyncService::Observe(int type,
      break;
    }
    case chrome::NOTIFICATION_GOOGLE_SIGNED_OUT:
-      // Disable sync if the user is signed out.
+      sync_disabled_by_admin_ = false;
      DisableForUser();
      break;
    default: {
@@ -2016,7 +2024,7 @@ bool ProfileSyncService::IsSyncEnabled() {
 }
 bool ProfileSyncService::IsManaged() const {
-  return sync_prefs_.IsManaged();
+  return sync_prefs_.IsManaged() || sync_disabled_by_admin_;
 }
 bool ProfileSyncService::ShouldPushChanges() {

--- a/chrome/browser/sync/profile_sync_service.h
+++ b/chrome/browser/sync/profile_sync_service.h
@@ -848,6 +848,11 @@ class ProfileSyncService : public ProfileSyncServiceBase,
  // Whether the SyncBackendHost has been initialized.
  bool backend_initialized_;
+  // Set when sync receives DISABLED_BY_ADMIN error from server. Prevents
+  // ProfileSyncService from starting backend till browser restarted or user
+  // signed out.
+  bool sync_disabled_by_admin_;
  // Set to true if a signin has completed but we're still waiting for the
  // backend to refresh its credentials.
  bool is_auth_in_progress_;

--- a/chrome/browser/sync/sync_prefs.cc
+++ b/chrome/browser/sync/sync_prefs.cc
@@ -132,13 +132,6 @@ void SyncPrefs::RegisterUserPrefs(user_prefs::PrefRegistrySyncable* registry) {
                             user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
 }
-// static
-bool SyncPrefs::IsSyncAccessibleOnIOThread(ProfileIOData* io_data) {
-  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
-  return ProfileSyncService::IsSyncEnabled() &&
-         !io_data->sync_disabled()->GetValue();
-}
 void SyncPrefs::AddSyncPrefObserver(SyncPrefObserver* sync_pref_observer) {
  DCHECK(CalledOnValidThread());
  sync_pref_observers_.AddObserver(sync_pref_observer);

--- a/chrome/browser/sync/sync_prefs.h
+++ b/chrome/browser/sync/sync_prefs.h
@@ -59,11 +59,6 @@ class SyncPrefs : NON_EXPORTED_BASE(public base::NonThreadSafe),
  static void RegisterUserPrefs(user_prefs::PrefRegistrySyncable* registry);
-  // Checks if sync is enabled for the profile that owns |io_data|. This must
-  // be invoked on the IO thread, and can be used to check if sync is enabled
-  // on that thread.
-  static bool IsSyncAccessibleOnIOThread(ProfileIOData* io_data);
  void AddSyncPrefObserver(SyncPrefObserver* sync_pref_observer);
  void RemoveSyncPrefObserver(SyncPrefObserver* sync_pref_observer);

--- a/chrome/browser/ui/sync/one_click_signin_sync_starter.cc
+++ b/chrome/browser/ui/sync/one_click_signin_sync_starter.cc
@@ -220,9 +220,7 @@ void OneClickSigninSyncStarter::CompleteInitForNewProfile(
    // Copy credentials from the old profile to the just-created profile,
    // and switch over to tracking that profile.
    new_signin_manager->CopyCredentialsFrom(*old_signin_manager);
-    ProfileSyncService* profile_sync_service = GetProfileSyncService();
+    FinishProfileSyncServiceSetup();
-    if (profile_sync_service)
-      profile_sync_service->SetSetupInProgress(false);
    Initialize(new_profile, NULL);
    DCHECK_EQ(profile_, new_profile);
@@ -281,9 +279,7 @@ void OneClickSigninSyncStarter::UntrustedSigninConfirmed(
 void OneClickSigninSyncStarter::SigninFailed(
    const GoogleServiceAuthError& error) {
-  ProfileSyncService* profile_sync_service = GetProfileSyncService();
+  FinishProfileSyncServiceSetup();
-  if (profile_sync_service)
-    profile_sync_service->SetSetupInProgress(false);
  if (confirmation_required_ == CONFIRM_AFTER_SIGNIN) {
    switch (error.state()) {
      case GoogleServiceAuthError::SERVICE_UNAVAILABLE:
@@ -311,8 +307,8 @@ void OneClickSigninSyncStarter::SigninSuccess() {
        profile_sync_service->OnUserChoseDatatypes(true,
                                                   syncer::ModelTypeSet());
        profile_sync_service->SetSyncSetupCompleted();
-        profile_sync_service->SetSetupInProgress(false);
      }
+      FinishProfileSyncServiceSetup();
      if (confirmation_required_ == CONFIRM_AFTER_SIGNIN) {
        string16 message;
        if (!profile_sync_service) {
@@ -377,6 +373,7 @@ void OneClickSigninSyncStarter::ConfigureSync() {
      }
    } else {
      // Sync is disabled - just display the settings page.
+      FinishProfileSyncServiceSetup();
      chrome::ShowSettings(browser_);
    }
  }
@@ -389,6 +386,13 @@ ProfileSyncService* OneClickSigninSyncStarter::GetProfileSyncService() {
  return service;
 }
+void OneClickSigninSyncStarter::FinishProfileSyncServiceSetup() {
+  ProfileSyncService* service =
+      ProfileSyncServiceFactory::GetForProfile(profile_);
+  if (service)
+    service->SetSetupInProgress(false);
+}
 void OneClickSigninSyncStarter::ShowSyncSettingsPageOnSameTab() {
  std::string url = std::string(chrome::kChromeUISettingsURL) +
      chrome::kSyncSetupSubPage;

--- a/chrome/browser/ui/sync/one_click_signin_sync_starter.h
+++ b/chrome/browser/ui/sync/one_click_signin_sync_starter.h
@@ -117,8 +117,15 @@ class OneClickSigninSyncStarter : public SigninTracker::Observer {
  // signin is completed.
  void UntrustedSigninConfirmed(StartSyncMode response);
+  // GetProfileSyncService returns non-NULL pointer if sync is enabled.
+  // There is a scenario when when ProfileSyncService discovers that sync is
+  // disabled during setup. In this case GetProfileSyncService will return NULL,
+  // but we still need to call PSS::SetSetupInProgress(false). For this purpose
+  // call FinishProfileSyncServiceSetup() function.
  ProfileSyncService* GetProfileSyncService();
+  void FinishProfileSyncServiceSetup();
  // Displays the sync configuration UI.
  void ConfigureSync();
  void ShowSyncSettingsPageOnSameTab();

--- a/chrome/browser/ui/webui/sync_setup_handler.cc
+++ b/chrome/browser/ui/webui/sync_setup_handler.cc
@@ -1147,8 +1147,8 @@ void SyncSetupHandler::CloseSyncSetup() {
  if (IsActiveLogin()) {
    // Don't log a cancel event if the sync setup dialog is being
    // automatically closed due to an auth error.
-    if ((!sync_service || !sync_service->HasSyncSetupCompleted()) &&
+    if (!sync_service || (!sync_service->HasSyncSetupCompleted() &&
-        sync_service->GetAuthError().state() == GoogleServiceAuthError::NONE) {
+        sync_service->GetAuthError().state() == GoogleServiceAuthError::NONE)) {
      if (signin_tracker_.get()) {
        ProfileSyncService::SyncEvent(
            ProfileSyncService::CANCEL_DURING_SIGNON);

--- a/sync/engine/sync_scheduler_impl.cc
+++ b/sync/engine/sync_scheduler_impl.cc
@@ -43,6 +43,7 @@ bool ShouldRequestEarlyExit(const SyncProtocolError& error) {
      return false;
    case NOT_MY_BIRTHDAY:
    case CLEAR_PENDING:
+    case DISABLED_BY_ADMIN:
      // If we send terminate sync early then |sync_cycle_ended| notification
      // would not be sent. If there were no actions then |ACTIONABLE_ERROR|
      // notification wouldnt be sent either. Then the UI layer would be left

--- a/sync/engine/syncer_proto_util.cc
+++ b/sync/engine/syncer_proto_util.cc
@@ -121,6 +121,8 @@ SyncProtocolErrorType ConvertSyncProtocolErrorTypePBToLocalType(
      return TRANSIENT_ERROR;
    case sync_pb::SyncEnums::MIGRATION_DONE:
      return MIGRATION_DONE;
+    case sync_pb::SyncEnums::DISABLED_BY_ADMIN:
+      return DISABLED_BY_ADMIN;
    case sync_pb::SyncEnums::UNKNOWN:
      return UNKNOWN_ERROR;
    case sync_pb::SyncEnums::USER_NOT_ACTIVATED:
@@ -340,7 +342,9 @@ SyncProtocolError ConvertLegacyErrorCodeToNewError(
  error.error_type = ConvertSyncProtocolErrorTypePBToLocalType(error_type);
  if (error_type == sync_pb::SyncEnums::CLEAR_PENDING ||
      error_type == sync_pb::SyncEnums::NOT_MY_BIRTHDAY) {
-      error.action = DISABLE_SYNC_ON_CLIENT;
+    error.action = DISABLE_SYNC_ON_CLIENT;
+  } else if (error_type == sync_pb::SyncEnums::DISABLED_BY_ADMIN) {
+    error.action = STOP_SYNC_FOR_DISABLED_ACCOUNT;
  }  // There is no other action we can compute for legacy server.
  return error;
 }
@@ -472,6 +476,8 @@ SyncerError SyncerProtoUtil::PostClientToServerMessage(
      return SERVER_RETURN_CLEAR_PENDING;
    case NOT_MY_BIRTHDAY:
      return SERVER_RETURN_NOT_MY_BIRTHDAY;
+    case DISABLED_BY_ADMIN:
+      return SERVER_RETURN_DISABLED_BY_ADMIN;
    default:
      NOTREACHED();
      return UNSET;

--- a/sync/internal_api/public/util/syncer_error.cc
+++ b/sync/internal_api/public/util/syncer_error.cc
@@ -26,6 +26,7 @@ const char* GetSyncerErrorString(SyncerError value) {
    ENUM_CASE(SERVER_RETURN_NOT_MY_BIRTHDAY);
    ENUM_CASE(SERVER_RETURN_CONFLICT);
    ENUM_CASE(SERVER_RESPONSE_VALIDATION_FAILED);
+    ENUM_CASE(SERVER_RETURN_DISABLED_BY_ADMIN);
    ENUM_CASE(SYNCER_OK);
  }
  NOTREACHED();

--- a/sync/internal_api/public/util/syncer_error.h
+++ b/sync/internal_api/public/util/syncer_error.h
@@ -37,6 +37,7 @@ enum SYNC_EXPORT_PRIVATE SyncerError {
  SERVER_RETURN_NOT_MY_BIRTHDAY,
  SERVER_RETURN_CONFLICT,
  SERVER_RESPONSE_VALIDATION_FAILED,
+  SERVER_RETURN_DISABLED_BY_ADMIN,
  SYNCER_OK
 };

--- a/sync/protocol/proto_enum_conversions.cc
+++ b/sync/protocol/proto_enum_conversions.cc
@@ -133,6 +133,7 @@ const char* GetErrorTypeString(sync_pb::SyncEnums::ErrorType error_type) {
    ENUM_CASE(sync_pb::SyncEnums, CLEAR_PENDING);
    ENUM_CASE(sync_pb::SyncEnums, TRANSIENT_ERROR);
    ENUM_CASE(sync_pb::SyncEnums, MIGRATION_DONE);
+    ENUM_CASE(sync_pb::SyncEnums, DISABLED_BY_ADMIN);
    ENUM_CASE(sync_pb::SyncEnums, UNKNOWN);
  }
  NOTREACHED();

--- a/sync/protocol/sync_enums.proto
+++ b/sync/protocol/sync_enums.proto
@@ -87,6 +87,7 @@ message SyncEnums {
                              // types.  Client should clear the cache for
                              // these data types only and then re-sync with
                              // a server.
+    DISABLED_BY_ADMIN = 10;   // An administrator disabled sync for this domain.
    UNKNOWN            = 100; // Unknown value. This should never be explicitly
                              // used; it is the default value when an
                              // out-of-date client parses a value it doesn't

--- a/sync/protocol/sync_protocol_error.cc
+++ b/sync/protocol/sync_protocol_error.cc
@@ -22,6 +22,7 @@ const char* GetSyncErrorTypeString(SyncProtocolErrorType type) {
    ENUM_CASE(NON_RETRIABLE_ERROR);
    ENUM_CASE(MIGRATION_DONE);
    ENUM_CASE(INVALID_CREDENTIAL);
+    ENUM_CASE(DISABLED_BY_ADMIN);
    ENUM_CASE(UNKNOWN_ERROR);
  }
  NOTREACHED();
@@ -35,6 +36,7 @@ const char* GetClientActionString(ClientAction action) {
    ENUM_CASE(ENABLE_SYNC_ON_ACCOUNT);
    ENUM_CASE(STOP_AND_RESTART_SYNC);
    ENUM_CASE(DISABLE_SYNC_ON_CLIENT);
+    ENUM_CASE(STOP_SYNC_FOR_DISABLED_ACCOUNT);
    ENUM_CASE(UNKNOWN_ACTION);
  }
  NOTREACHED();

--- a/sync/protocol/sync_protocol_error.h
+++ b/sync/protocol/sync_protocol_error.h
@@ -39,6 +39,9 @@ enum SyncProtocolErrorType {
  // Invalid Credential.
  INVALID_CREDENTIAL,
+  // An administrator disabled sync for this domain.
+  DISABLED_BY_ADMIN,
  // The default value.
  UNKNOWN_ERROR
 };
@@ -59,6 +62,10 @@ enum ClientAction {
  // Wipe this client of any sync data.
  DISABLE_SYNC_ON_CLIENT,
+  // Account is disabled by admin. Stop sync, clear prefs and show message on
+  // settings page that account is disabled.
+  STOP_SYNC_FOR_DISABLED_ACCOUNT,
  // The default. No action.
  UNKNOWN_ACTION
 };