IdentityManager: Add APIs for querying refresh token error state

Will be needed by multiple clients for converting away from
ProfileOAuth2TokenService.

Bug: 882861
Change-Id: Ie648a701a02d34e786703604cb8d1f7f080202bc
Reviewed-on: https://chromium-review.googlesource.com/c/1267499Reviewed-by: David Roger <droger@chromium.org>
Commit-Queue: Colin Blundell <blundell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#597558}

services/identity/public/cpp/identity_manager.cc

@@ -128,6 +128,16 @@ bool IdentityManager::HasAccountWithRefreshToken(
   return token_service_->RefreshTokenIsAvailable(account_id);
 }
 
+bool IdentityManager::HasAccountWithRefreshTokenInPersistentErrorState(
+    const std::string& account_id) const {
+  return GetErrorStateOfRefreshTokenForAccount(account_id).IsPersistentError();
+}
+
+GoogleServiceAuthError IdentityManager::GetErrorStateOfRefreshTokenForAccount(
+    const std::string& account_id) const {
+  return token_service_->GetAuthError(account_id);
+}
+
 bool IdentityManager::HasPrimaryAccountWithRefreshToken() const {
   return HasAccountWithRefreshToken(GetPrimaryAccountInfo().account_id);
 }

services/identity/public/cpp/identity_manager.h

@@ -187,6 +187,21 @@ class IdentityManager : public SigninManagerBase::Observer,
   // Returns true if a refresh token exists for |account_id|.
   bool HasAccountWithRefreshToken(const std::string& account_id) const;
 
+  // Returns true if (a) a refresh token exists for |account_id|, and (b) the
+  // refresh token is in a persistent error state (defined as
+  // GoogleServiceAuthError::IsPersistentError() returning true for the error
+  // returned by GetErrorStateOfRefreshTokenForAccount(account_id)).
+  bool HasAccountWithRefreshTokenInPersistentErrorState(
+      const std::string& account_id) const;
+
+  // Returns the error state of the refresh token associated with |account_id|.
+  // In particular: Returns GoogleServiceAuthError::AuthErrorNone() if either
+  // (a) no refresh token exists for |account_id|, or (b) the refresh token is
+  // not in a persistent error state. Otherwise, returns the last persistent
+  // error that was detected when using the refresh token.
+  GoogleServiceAuthError GetErrorStateOfRefreshTokenForAccount(
+      const std::string& account_id) const;
+
   // Returns true if (a) the primary account exists, and (b) a refresh token
   // exists for the primary account.
   bool HasPrimaryAccountWithRefreshToken() const;

services/identity/public/cpp/identity_manager_unittest.cc

@@ -1167,6 +1167,117 @@ TEST_F(
       identity_manager()->HasAccountWithRefreshToken(account_info2.account_id));
 }
 
+TEST_F(IdentityManagerTest, GetErrorStateOfRefreshTokenForAccount) {
+  AccountInfo primary_account_info =
+      identity_manager()->GetPrimaryAccountInfo();
+  std::string primary_account_id = primary_account_info.account_id;
+
+  // A primary account without a refresh token should not be in an error
+  // state, and setting a refresh token should not affect that.
+  EXPECT_EQ(GoogleServiceAuthError::AuthErrorNone(),
+            identity_manager()->GetErrorStateOfRefreshTokenForAccount(
+                primary_account_id));
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshTokenInPersistentErrorState(
+          primary_account_id));
+
+  SetRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+  EXPECT_EQ(GoogleServiceAuthError::AuthErrorNone(),
+            identity_manager()->GetErrorStateOfRefreshTokenForAccount(
+                primary_account_id));
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshTokenInPersistentErrorState(
+          primary_account_id));
+
+  // A secondary account without a refresh token should not be in an error
+  // state, and setting a refresh token should not affect that.
+  account_tracker()->SeedAccountInfo(kTestGaiaId2, kTestEmail2);
+  AccountInfo account_info2 =
+      account_tracker()->FindAccountInfoByGaiaId(kTestGaiaId2);
+  std::string account_id2 = account_info2.account_id;
+  EXPECT_EQ(
+      GoogleServiceAuthError::AuthErrorNone(),
+      identity_manager()->GetErrorStateOfRefreshTokenForAccount(account_id2));
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshTokenInPersistentErrorState(
+          account_id2));
+
+  SetRefreshTokenForAccount(token_service(), identity_manager(), account_id2);
+  EXPECT_EQ(
+      GoogleServiceAuthError::AuthErrorNone(),
+      identity_manager()->GetErrorStateOfRefreshTokenForAccount(account_id2));
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshTokenInPersistentErrorState(
+          account_id2));
+
+  GoogleServiceAuthError account_deleted_error =
+      GoogleServiceAuthError(GoogleServiceAuthError::State::ACCOUNT_DELETED);
+  GoogleServiceAuthError account_disabled_error =
+      GoogleServiceAuthError(GoogleServiceAuthError::State::ACCOUNT_DISABLED);
+  GoogleServiceAuthError transient_error = GoogleServiceAuthError(
+      GoogleServiceAuthError::State::SERVICE_UNAVAILABLE);
+
+  // Set a persistent error for |account_id2| and check that it's reflected.
+  token_service()->UpdateAuthErrorForTesting(account_id2,
+                                             account_deleted_error);
+  EXPECT_EQ(
+      account_deleted_error,
+      identity_manager()->GetErrorStateOfRefreshTokenForAccount(account_id2));
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshTokenInPersistentErrorState(
+          account_id2));
+  EXPECT_EQ(GoogleServiceAuthError::AuthErrorNone(),
+            identity_manager()->GetErrorStateOfRefreshTokenForAccount(
+                primary_account_id));
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshTokenInPersistentErrorState(
+          primary_account_id));
+
+  // A transient error should cause no change in the error state.
+  token_service()->UpdateAuthErrorForTesting(primary_account_id,
+                                             transient_error);
+  EXPECT_EQ(GoogleServiceAuthError::AuthErrorNone(),
+            identity_manager()->GetErrorStateOfRefreshTokenForAccount(
+                primary_account_id));
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshTokenInPersistentErrorState(
+          primary_account_id));
+
+  // Set a different persistent error for the primary account and check that
+  // it's reflected.
+  token_service()->UpdateAuthErrorForTesting(primary_account_id,
+                                             account_disabled_error);
+  EXPECT_EQ(
+      account_deleted_error,
+      identity_manager()->GetErrorStateOfRefreshTokenForAccount(account_id2));
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshTokenInPersistentErrorState(
+          account_id2));
+  EXPECT_EQ(account_disabled_error,
+            identity_manager()->GetErrorStateOfRefreshTokenForAccount(
+                primary_account_id));
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshTokenInPersistentErrorState(
+          primary_account_id));
+
+  // Remove the token for account2 and check that it goes back to having no
+  // error.
+  RemoveRefreshTokenForAccount(token_service(), identity_manager(),
+                               account_id2);
+  EXPECT_EQ(
+      GoogleServiceAuthError::AuthErrorNone(),
+      identity_manager()->GetErrorStateOfRefreshTokenForAccount(account_id2));
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshTokenInPersistentErrorState(
+          account_id2));
+  EXPECT_EQ(account_disabled_error,
+            identity_manager()->GetErrorStateOfRefreshTokenForAccount(
+                primary_account_id));
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshTokenInPersistentErrorState(
+          primary_account_id));
+}
+
 TEST_F(IdentityManagerTest, RemoveAccessTokenFromCache) {
   std::set<std::string> scopes{"scope"};
   std::string access_token = "access_token";