[identity] Enable multi-account consent flow on ChromeOS

ChromeOS can now support multiple accounts in the extension consent flow. This change should be compatible with the old consent flow as well. Bug: 1026237 Change-Id: I915a6697dc0301bb67f297983c32f98a1a2e5fb2 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2141102 Commit-Queue: Alex Ilin <alexilin@chromium.org> Reviewed-by: David Roger <droger@chromium.org> Cr-Commit-Position: refs/heads/master@{#757791}

[identity] Enable multi-account consent flow on ChromeOS
ChromeOS can now support multiple accounts in the extension consent flow. This change should be compatible with the old consent flow as well. Bug: 1026237 Change-Id: I915a6697dc0301bb67f297983c32f98a1a2e5fb2 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2141102 Commit-Queue: Alex Ilin <alexilin@chromium.org> Reviewed-by: David Roger <droger@chromium.org> Cr-Commit-Position: refs/heads/master@{#757791}
7f1b5314 · Alex Ilin · Commit Bot · ab28c349 · 7f1b5314 · 7f1b5314
Commit 7f1b5314 authored Apr 09, 2020 by Alex Ilin Committed by Commit Bot Apr 09, 2020
3 changed files
--- a/chrome/browser/extensions/api/identity/identity_api.cc
+++ b/chrome/browser/extensions/api/identity/identity_api.cc
@@ -260,7 +260,8 @@ IdentityAPI::RegisterOnShutdownCallback(const base::Closure& cb) {
 }

 bool IdentityAPI::AreExtensionsRestrictedToPrimaryAccount() {
-  return !AccountConsistencyModeManager::IsDiceEnabledForProfile(profile_);
+  return !AccountConsistencyModeManager::IsDiceEnabledForProfile(profile_) &&
+         !AccountConsistencyModeManager::IsMirrorEnabledForProfile(profile_);
 }

 IdentityAPI::IdentityAPI(Profile* profile,

--- a/chrome/browser/extensions/api/identity/identity_api_unittest.cc
+++ b/chrome/browser/extensions/api/identity/identity_api_unittest.cc
@@ -9,7 +9,6 @@
 #include "base/optional.h"
 #include "base/test/scoped_feature_list.h"
 #include "base/threading/thread_task_runner_handle.h"
-#include "build/build_config.h"
 #include "chrome/browser/extensions/test_extension_prefs.h"
 #include "chrome/test/base/testing_profile.h"
 #include "components/signin/public/base/signin_buildflags.h"
@@ -59,16 +58,10 @@ class IdentityAPITest : public testing::Test {
  std::unique_ptr<IdentityAPI> api_;
 };

-#if BUILDFLAG(ENABLE_DICE_SUPPORT)
-// Tests that all accounts in extensions is enabled when Dice is enabled.
-TEST_F(IdentityAPITest, DiceAllAccountsExtensions) {
+// Tests that all accounts in extensions is enabled for regular profiles.
+TEST_F(IdentityAPITest, AllAccountsExtensionEnabled) {
  EXPECT_FALSE(api()->AreExtensionsRestrictedToPrimaryAccount());
 }
-#else
-TEST_F(IdentityAPITest, AllAccountsExtensionDisabled) {
-  EXPECT_TRUE(api()->AreExtensionsRestrictedToPrimaryAccount());
-}
-#endif

 TEST_F(IdentityAPITest, GetGaiaIdForExtension) {
  std::string extension_id = prefs()->AddExtensionAndReturnId("extension");

--- a/chrome/browser/extensions/api/identity/identity_apitest.cc
+++ b/chrome/browser/extensions/api/identity/identity_apitest.cc
@@ -69,7 +69,11 @@

 #if defined(OS_CHROMEOS)
 #include "chrome/browser/chromeos/login/users/mock_user_manager.h"
+#include "chrome/browser/chromeos/net/network_portal_detector_test_impl.h"
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
+#include "chromeos/network/network_handler.h"
+#include "chromeos/network/network_state.h"
+#include "chromeos/network/network_state_handler.h"
 #include "chromeos/tpm/stub_install_attributes.h"
 #include "components/user_manager/scoped_user_manager.h"
 #endif
@@ -88,6 +92,27 @@ namespace utils = extension_function_test_utils;
 static const char kAccessToken[] = "auth_token";
 static const char kExtensionId[] = "ext_id";

+#if defined(OS_CHROMEOS)
+void InitNetwork() {
+  const chromeos::NetworkState* default_network =
+      chromeos::NetworkHandler::Get()
+          ->network_state_handler()
+          ->DefaultNetwork();
+
+  auto* portal_detector = new chromeos::NetworkPortalDetectorTestImpl();
+  portal_detector->SetDefaultNetworkForTesting(default_network->guid());
+
+  chromeos::NetworkPortalDetector::CaptivePortalState online_state;
+  online_state.status =
+      chromeos::NetworkPortalDetector::CAPTIVE_PORTAL_STATUS_ONLINE;
+  online_state.response_code = 204;
+  portal_detector->SetDetectionResultsForTesting(default_network->guid(),
+                                                 online_state);
+
+  chromeos::network_portal_detector::InitializeForTesting(portal_detector);
+}
+#endif
+
 // Asynchronous function runner allows tests to manipulate the browser window
 // after the call happens.
 class AsyncFunctionRunner {
@@ -499,6 +524,11 @@ class IdentityTestWithSignin : public AsyncExtensionBrowserTest {
  void SetUpOnMainThread() override {
    AsyncExtensionBrowserTest::SetUpOnMainThread();

+#if defined(OS_CHROMEOS)
+    // Fake the network online state so that Gaia requests can come through.
+    InitNetwork();
+#endif
+
    identity_test_env_profile_adaptor_ =
        std::make_unique<IdentityTestEnvironmentProfileAdaptor>(profile());

@@ -610,11 +640,7 @@ class IdentityGetAccountsFunctionTest : public IdentityTestWithSignin {
 };

 IN_PROC_BROWSER_TEST_F(IdentityGetAccountsFunctionTest, AllAccountsOn) {
-#if BUILDFLAG(ENABLE_DICE_SUPPORT)
  EXPECT_FALSE(id_api()->AreExtensionsRestrictedToPrimaryAccount());
-#else
-  EXPECT_TRUE(id_api()->AreExtensionsRestrictedToPrimaryAccount());
-#endif
 }

 IN_PROC_BROWSER_TEST_F(IdentityGetAccountsFunctionTest, NoneSignedIn) {
@@ -2020,6 +2046,8 @@ IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
  }
 }

+// The signin flow is simply not used on ChromeOS.
+#if !defined(OS_CHROMEOS)
 IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
                       MultiSecondaryInteractiveInvalidToken) {
  // Setup a secondary account with no valid refresh token, and try to get a
@@ -2059,6 +2087,7 @@ IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest,
    EXPECT_TRUE(func->scope_ui_shown());
  }
 }
+#endif

 IN_PROC_BROWSER_TEST_F(GetAuthTokenFunctionTest, ScopesDefault) {
  SignIn("primary@example.com");