Account Manager flag cleanup: Chrome Signin code

Chrome OS Account Manager has been launched to Stable channel and enabled on ToT. Cleanup the flag in Chrome signin code. Bug: 1009960 Test: unit_tests --gtest_filter="*ChromeSigninHelperTest*" Change-Id: I012a6967f890febba66e1ce8e19764b46e357aee Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1833609 Commit-Queue: Kush Sinha <sinhak@chromium.org> Reviewed-by: Boris Sazonov <bsazonov@chromium.org> Cr-Commit-Position: refs/heads/master@{#702042}

Account Manager flag cleanup: Chrome Signin code
Chrome OS Account Manager has been launched to Stable channel and enabled on ToT. Cleanup the flag in Chrome signin code. Bug: 1009960 Test: unit_tests --gtest_filter="*ChromeSigninHelperTest*" Change-Id: I012a6967f890febba66e1ce8e19764b46e357aee Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1833609 Commit-Queue: Kush Sinha <sinhak@chromium.org> Reviewed-by: Boris Sazonov <bsazonov@chromium.org> Cr-Commit-Position: refs/heads/master@{#702042}
bb073488 · Kush Sinha · Commit Bot · 5f1be786 · bb073488 · bb073488
Commit bb073488 authored Oct 02, 2019 by Kush Sinha Committed by Commit Bot Oct 02, 2019
4 changed files
--- a/chrome/browser/chromeos/account_manager/account_manager_util.cc
+++ b/chrome/browser/chromeos/account_manager/account_manager_util.cc
@@ -13,16 +13,12 @@
 #include "chrome/browser/profiles/profiles_state.h"
 #include "chromeos/components/account_manager/account_manager.h"
 #include "chromeos/components/account_manager/account_manager_factory.h"
-#include "chromeos/constants/chromeos_features.h"
 #include "chromeos/tpm/install_attributes.h"
 #include "services/network/public/cpp/shared_url_loader_factory.h"
 namespace chromeos {
 bool IsAccountManagerAvailable(const Profile* const profile) {
-  if (!features::IsAccountManagerEnabled())
-    return false;
  // Signin Profile does not have any accounts associated with it.
  if (chromeos::ProfileHelper::IsSigninProfile(profile))
    return false;

--- a/chrome/browser/signin/account_reconcilor_factory.cc
+++ b/chrome/browser/signin/account_reconcilor_factory.cc
@@ -29,7 +29,6 @@
 #include "chrome/browser/chromeos/account_manager/account_manager_util.h"
 #include "chrome/browser/chromeos/account_manager/account_migration_runner.h"
 #include "chrome/browser/lifetime/application_lifetime.h"
-#include "chromeos/constants/chromeos_features.h"
 #include "chromeos/tpm/install_attributes.h"
 #include "components/signin/core/browser/active_directory_account_reconcilor_delegate.h"
 #include "components/user_manager/user_manager.h"
@@ -181,15 +180,12 @@ AccountReconcilorFactory::CreateAccountReconcilorDelegate(Profile* profile) {
            signin::ActiveDirectoryAccountReconcilorDelegate>();
      }
-      // TODO(sinhak): Remove the if-condition (and use
+      // TODO(sinhak): Use |MirrorAccountReconcilorDelegate|) when all Chrome OS
-      // |MirrorAccountReconcilorDelegate|) when all Chrome OS users have been
+      // users have been migrated to Account Manager.
-      // migrated to Account Manager.
+      return std::make_unique<ChromeOSAccountReconcilorDelegate>(
-      if (chromeos::features::IsAccountManagerEnabled()) {
+          IdentityManagerFactory::GetForProfile(profile),
-        return std::make_unique<ChromeOSAccountReconcilorDelegate>(
+          chromeos::AccountManagerMigratorFactory::GetForBrowserContext(
-            IdentityManagerFactory::GetForProfile(profile),
+              profile));
-            chromeos::AccountManagerMigratorFactory::GetForBrowserContext(
-                profile));
-      }
 #elif defined(OS_ANDROID)
      if (base::FeatureList::IsEnabled(signin::kMiceFeature))
        return std::make_unique<signin::MiceAccountReconcilorDelegate>();

--- a/chrome/browser/signin/chrome_signin_helper.cc
+++ b/chrome/browser/signin/chrome_signin_helper.cc
@@ -58,7 +58,6 @@
 #include "chrome/browser/supervised_user/supervised_user_service_factory.h"
 #include "chrome/browser/ui/settings_window_manager_chromeos.h"
 #include "chrome/browser/ui/webui/signin/inline_login_handler_dialog_chromeos.h"
-#include "chromeos/constants/chromeos_features.h"
 #endif
 namespace signin {
@@ -185,58 +184,45 @@ void ProcessMirrorHeader(
      AccountReconcilorFactory::GetForProfile(profile);
  account_reconcilor->OnReceivedManageAccountsResponse(service_type);
 #if defined(OS_CHROMEOS)
-  if (chrome::FindBrowserWithWebContents(web_contents) &&
-      service_type == GAIA_SERVICE_TYPE_INCOGNITO) {
-    chrome::NewIncognitoWindow(profile);
-    return;
-  }
  signin_metrics::LogAccountReconcilorStateOnGaiaResponse(
      account_reconcilor->GetState());
-  if (chromeos::features::IsAccountManagerEnabled()) {
+  // Do not do anything if the navigation happened in the "background".
-    // Chrome OS Account Manager is available. The only allowed operations
+  if (!chrome::FindBrowserWithWebContents(web_contents))
-    // are:
+    return;
-    //
-    // - Going Incognito (already handled in above switch-case).
-    // - Displaying the Account Manager for managing accounts.
-    // - Displaying a reauthentication window: Enterprise GSuite Accounts could
-    // have been forced through an online in-browser sign-in for sensitive
-    // webpages, thereby decreasing their session validity. After their session
-    // expires, they will receive a "Mirror" re-authentication request for all
-    // Google web properties.
-    // Do not display Account Manager if the navigation happened in the
-    // "background".
-    if (!chrome::FindBrowserWithWebContents(web_contents))
-      return;
-    if (manage_accounts_params.email.empty()) {
+  // The only allowed operations are:
-      // Display Account Manager for managing accounts.
+  // - Going Incognito.
-      chrome::SettingsWindowManager::GetInstance()->ShowOSSettings(
+  // - Displaying the Account Manager for managing accounts.
-          profile, chrome::kAccountManagerSubPage);
+  // - Displaying a reauthentication window: Enterprise GSuite Accounts could
-    } else {
+  // have been forced through an online in-browser sign-in for sensitive
-      // Do not display the re-authentication dialog if this event was triggered
+  // webpages, thereby decreasing their session validity. After their session
-      // by supervision being enabled for an account.  In this situation, a
+  // expires, they will receive a "Mirror" re-authentication request for all
-      // complete signout is required.
+  // Google web properties.
-      SupervisedUserService* service =
-          SupervisedUserServiceFactory::GetForProfile(profile);
+  if (service_type == GAIA_SERVICE_TYPE_INCOGNITO) {
-      if (service && service->signout_required_after_supervision_enabled()) {
+    chrome::NewIncognitoWindow(profile);
-        return;
-      }
-      // Display a re-authentication dialog.
-      chromeos::InlineLoginHandlerDialogChromeOS::Show(
-          manage_accounts_params.email);
-    }
    return;
  }
-  // TODO(sinhak): Remove this when Chrome OS Account Manager is released.
+  if (manage_accounts_params.email.empty()) {
-  // Chrome OS does not have an account picker right now. To fix
+    // Display Account Manager for managing accounts.
-  // https://crbug.com/807568, this is a no-op here. This is OK because in
+    chrome::SettingsWindowManager::GetInstance()->ShowOSSettings(
-  // the limited cases where Mirror is available on Chrome OS, 1:1 account
+        profile, chrome::kAccountManagerSubPage);
-  // consistency is enforced and adding/removing accounts is not allowed,
+  } else {
-  // GAIA_SERVICE_TYPE_INCOGNITO may be allowed though.
+    // Do not display the re-authentication dialog if this event was triggered
+    // by supervision being enabled for an account.  In this situation, a
+    // complete signout is required.
+    SupervisedUserService* service =
+        SupervisedUserServiceFactory::GetForProfile(profile);
+    if (service && service->signout_required_after_supervision_enabled()) {
+      return;
+    }
+    // Display a re-authentication dialog.
+    chromeos::InlineLoginHandlerDialogChromeOS::Show(
+        manage_accounts_params.email);
+  }
  return;
 #else   // !defined(OS_CHROMEOS)

--- a/components/signin/internal/identity_manager/profile_oauth2_token_service_builder.cc
+++ b/components/signin/internal/identity_manager/profile_oauth2_token_service_builder.cc
@@ -23,7 +23,6 @@
 #if defined(OS_CHROMEOS)
 #include "chromeos/components/account_manager/account_manager.h"
-#include "chromeos/constants/chromeos_features.h"
 #include "components/signin/internal/identity_manager/profile_oauth2_token_service_delegate_chromeos.h"
 #include "components/user_manager/user_manager.h"
 #endif  // defined(OS_CHROMEOS)
@@ -57,8 +56,7 @@ std::unique_ptr<ProfileOAuth2TokenServiceIOSDelegate> CreateIOSOAuthDelegate(
      signin_client, std::move(device_accounts_provider),
      account_tracker_service);
 }
-#else  // !defined(OS_ANDROID) && !defined(OS_IOS)
+#elif defined(OS_CHROMEOS)
-#if defined(OS_CHROMEOS)
 std::unique_ptr<signin::ProfileOAuth2TokenServiceDelegateChromeOS>
 CreateCrOsOAuthDelegate(
    AccountTrackerService* account_tracker_service,
@@ -70,25 +68,7 @@ CreateCrOsOAuthDelegate(
      account_tracker_service, network_connection_tracker, account_manager,
      is_regular_profile);
 }
-#endif  // defined(OS_CHROMEOS)
+#else
-// Supervised users cannot revoke credentials.
-bool CanRevokeCredentials() {
-#if defined(OS_CHROMEOS)
-  // UserManager may not exist in unit_tests.
-  if (user_manager::UserManager::IsInitialized() &&
-      user_manager::UserManager::Get()->IsLoggedInAsSupervisedUser()) {
-    // Don't allow revoking credentials for Chrome OS supervised users.
-    // See http://crbug.com/332032
-    LOG(ERROR) << "Attempt to revoke supervised user refresh "
-               << "token detected, ignoring.";
-    return false;
-  }
-#endif
-  return true;
-}
 std::unique_ptr<MutableProfileOAuth2TokenServiceDelegate>
 CreateMutableProfileOAuthDelegate(
    AccountTrackerService* account_tracker_service,
@@ -110,7 +90,7 @@ CreateMutableProfileOAuthDelegate(
  return std::make_unique<MutableProfileOAuth2TokenServiceDelegate>(
      signin_client, account_tracker_service, network_connection_tracker,
      token_web_data, account_consistency, revoke_all_tokens_on_load,
-      CanRevokeCredentials(),
+      true /* can_revoke_credentials */,
 #if defined(OS_WIN)
      reauth_callback
 #else
@@ -147,24 +127,19 @@ CreateOAuth2TokenServiceDelegate(
  return CreateIOSOAuthDelegate(signin_client,
                                std::move(device_accounts_provider),
                                account_tracker_service);
-#else  // !defined(OS_ANDROID) && !defined(OS_IOS)
+#elif defined(OS_CHROMEOS)
-#if defined(OS_CHROMEOS)
+  return CreateCrOsOAuthDelegate(account_tracker_service,
-  if (chromeos::features::IsAccountManagerEnabled()) {
+                                 network_connection_tracker, account_manager,
-    return CreateCrOsOAuthDelegate(account_tracker_service,
+                                 is_regular_profile);
-                                   network_connection_tracker, account_manager,
+#else
-                                   is_regular_profile);
+  // Fall back to |MutableProfileOAuth2TokenServiceDelegate| on all platforms
-  }
+  // other than Android, iOS, and Chrome OS.
-#endif  // defined(OS_CHROMEOS)
-  // Fall back to |MutableProfileOAuth2TokenServiceDelegate|:
-  // 1. On all platforms other than Android and Chrome OS.
-  // 2. On Chrome OS, if Account Manager has not been switched on yet
-  // (chromeos::features::IsAccountManagerEnabled).
  return CreateMutableProfileOAuthDelegate(
      account_tracker_service, account_consistency,
      delete_signin_cookies_on_exit, token_web_data, signin_client,
 #if defined(OS_WIN)
      reauth_callback,
-#endif
+#endif  // defined(OS_WIN)
      network_connection_tracker);
 #endif  // defined(OS_ANDROID)