[DeviceSync v2] Force enrollment after SyncMetadata 404 errors

This is a mitigation put in place to handle 404 errors returned by the CryptAuth server during SyncMetadata requests. A 404 error is returned when the server cannot find an enrolled device with the same Instance ID. Theoretically, this should never occur assuming that 1) we never run a v2 DeviceSync until the device has successfully enrolled using v2 Enrollment and 2) the Instance ID does not rotate. Without this mitigation, the user will unsuccessfully try to sync until the next enrollment, which could be up to 30 days. This fix will be removed when the root cause is uncovered. Bug: 1092113, b/155642672 Change-Id: Ibc766ad21d83d1ace26c5e8c6c45f3eed835da74 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2234126Reviewed-by: James Vecore <vecore@google.com> Commit-Queue: Josh Nohle <nohle@chromium.org> Cr-Commit-Position: refs/heads/master@{#776330}

[DeviceSync v2] Force enrollment after SyncMetadata 404 errors
This is a mitigation put in place to handle 404 errors returned by the CryptAuth server during SyncMetadata requests. A 404 error is returned when the server cannot find an enrolled device with the same Instance ID. Theoretically, this should never occur assuming that 1) we never run a v2 DeviceSync until the device has successfully enrolled using v2 Enrollment and 2) the Instance ID does not rotate. Without this mitigation, the user will unsuccessfully try to sync until the next enrollment, which could be up to 30 days. This fix will be removed when the root cause is uncovered. Bug: 1092113, b/155642672 Change-Id: Ibc766ad21d83d1ace26c5e8c6c45f3eed835da74 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2234126Reviewed-by: James Vecore <vecore@google.com> Commit-Queue: Josh Nohle <nohle@chromium.org> Cr-Commit-Position: refs/heads/master@{#776330}
65e3049c · Josh Nohle · Commit Bot · 7b27a2dd · 65e3049c · 65e3049c
Commit 65e3049c authored Jun 09, 2020 by Josh Nohle Committed by Commit Bot Jun 09, 2020
3 changed files
--- a/chromeos/services/device_sync/cryptauth_v2_device_manager_impl.cc
+++ b/chromeos/services/device_sync/cryptauth_v2_device_manager_impl.cc
@@ -294,6 +294,21 @@ void CryptAuthV2DeviceManagerImpl::OnDeviceSyncFinished(

  RecordDeviceSyncResult(device_sync_result);

+  // TODO(https://crbug.com/1092113): This is a workaround for the SyncMetadata
+  // 404 errors returned by the server when it cannot find an enrolled device
+  // with the same Instance ID. Theoretically, this should never occur assuming
+  // that 1) we never run a v2 DeviceSync until the device has successfully
+  // enrolled using v2 Enrollment and 2) the Instance ID does not rotate.
+  // Without this mitigation, the user will unsuccessfully try to sync until the
+  // next enrollment, which could be up to 30 days. Remove this code when the
+  // root cause is uncovered.
+  if (device_sync_result.result_code() ==
+      CryptAuthDeviceSyncResult::ResultCode::
+          kErrorSyncMetadataApiCallEndpointNotFound) {
+    scheduler_->RequestEnrollment(cryptauthv2::ClientMetadata::FAILURE_RECOVERY,
+                                  base::nullopt /* session_id */);
+  }
+
  scheduler_->HandleDeviceSyncResult(device_sync_result);

  base::Optional<base::TimeDelta> time_to_next_attempt = GetTimeToNextAttempt();

--- a/chromeos/services/device_sync/cryptauth_v2_device_manager_impl_unittest.cc
+++ b/chromeos/services/device_sync/cryptauth_v2_device_manager_impl_unittest.cc
@@ -209,6 +209,7 @@ class DeviceSyncCryptAuthV2DeviceManagerImplTest
  }

  CryptAuthV2DeviceManager* device_manager() { return device_manager_.get(); }
+  FakeCryptAuthScheduler* scheduler() { return &fake_scheduler_; }

 private:
  // Adds the ClientMetadata from the latest DeviceSync request to a list of
@@ -455,6 +456,27 @@ TEST_F(DeviceSyncCryptAuthV2DeviceManagerImplTest,
  TimeoutWaitingForClientAppMetadataAndVerifyResult();
 }

+// TODO(https://crbug.com/1092113): Remove when bug is resolved.
+TEST_F(DeviceSyncCryptAuthV2DeviceManagerImplTest,
+       ScheduleEnrollmentAfterSyncMetadataEndpointNotFoundError) {
+  CreateAndStartDeviceManager();
+  RequestDeviceSyncThroughSchedulerAndVerify(
+      cryptauthv2::ClientMetadata::PERIODIC, base::nullopt /* session_id */);
+  SucceedGetClientAppMetadataRequest();
+
+  EXPECT_FALSE(scheduler()->IsWaitingForEnrollmentResult());
+
+  // Fail SyncMetadata request with 404 error.
+  FinishDeviceSyncAttemptAndVerifyResult(
+      0u /* expected_device_sync_instance_index */,
+      CryptAuthDeviceSyncResult(CryptAuthDeviceSyncResult::ResultCode::
+                                    kErrorSyncMetadataApiCallEndpointNotFound,
+                                false /* did_device_registry_change */,
+                                base::nullopt /* client_directive */));
+
+  EXPECT_TRUE(scheduler()->IsWaitingForEnrollmentResult());
+}
+
 }  // namespace device_sync

 }  // namespace chromeos
--- a/chromeos/services/device_sync/fake_cryptauth_scheduler.cc
+++ b/chromeos/services/device_sync/fake_cryptauth_scheduler.cc
@@ -21,7 +21,6 @@ FakeCryptAuthScheduler::~FakeCryptAuthScheduler() = default;
 void FakeCryptAuthScheduler::RequestEnrollment(
    const cryptauthv2::ClientMetadata::InvocationReason& invocation_reason,
    const base::Optional<std::string>& session_id) {
-  DCHECK(HasEnrollmentSchedulingStarted());
  is_waiting_for_enrollment_result_ = true;

  cryptauthv2::ClientMetadata client_metadata;
@@ -37,7 +36,6 @@ void FakeCryptAuthScheduler::RequestEnrollment(
 void FakeCryptAuthScheduler::RequestDeviceSync(
    const cryptauthv2::ClientMetadata::InvocationReason& invocation_reason,
    const base::Optional<std::string>& session_id) {
-  DCHECK(HasDeviceSyncSchedulingStarted());
  is_waiting_for_device_sync_result_ = true;

  cryptauthv2::ClientMetadata client_metadata;