IdentityManager: Add APIs for querying state of refresh tokens

This CL adds APIs to IdentityManager for obtaining the set of all
accounts with refresh tokens and querying whether the primary account
is available with a refresh token.

The design follows that of IdentityManager's caching of the primary
account information:
- IdentityManager initializes its state with the current state of
  ProfileOAuth2TokenService.
- IdentityManager updates this state in response to notifications from
  PO2TS that an account's refresh token was updated/removed.

TBR=bsazonov@chromium.org

Bug: 806774
Change-Id: Idc4a37a15ced2e7d32f012a50e4e0d1fdb1aecdf
Reviewed-on: https://chromium-review.googlesource.com/1098668
Commit-Queue: Colin Blundell <blundell@chromium.org>
Reviewed-by: Mihai Sardarescu <msarda@chromium.org>
Reviewed-by: Marc Treib <treib@chromium.org>
Reviewed-by: Sylvain Defresne <sdefresne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#571451}

chrome/android/javatests/src/org/chromium/chrome/browser/signin/OAuth2TokenServiceIntegrationTest.java

@@ -156,6 +156,14 @@ public class OAuth2TokenServiceIntegrationTest {
             // Adding an observer should not lead to a callback.
             Assert.assertEquals(0, mObserver.getRevokedCallCount());
 
+            // First seed the account state (some native classes make the assumption that
+            // a notification that a token was revoked for a given account was preceded by a
+            // notifictation that that account was available).
+            mOAuth2TokenService.fireRefreshTokenAvailable(TEST_ACCOUNT1);
+            mOAuth2TokenService.fireRefreshTokenAvailable(TEST_ACCOUNT2);
+
+            Assert.assertEquals(2, mObserver.getAvailableCallCount());
+
             // An observer should be called with the correct account.
             mOAuth2TokenService.fireRefreshTokenRevoked(TEST_ACCOUNT1);
             Assert.assertEquals(1, mObserver.getRevokedCallCount());
@@ -166,8 +174,9 @@ public class OAuth2TokenServiceIntegrationTest {
             mOAuth2TokenService.fireRefreshTokenRevoked(TEST_ACCOUNT2);
             Assert.assertEquals(1, mObserver.getRevokedCallCount());
 
-            // No other observer interface method should ever have been called.
-            Assert.assertEquals(0, mObserver.getAvailableCallCount());
+            // No other observer interface method should have been called after the initial seeding
+            // of the accounts.
+            Assert.assertEquals(2, mObserver.getAvailableCallCount());
             Assert.assertEquals(0, mObserver.getLoadedCallCount());
         });
     }

services/identity/public/cpp/identity_manager.cc

@@ -14,7 +14,20 @@ IdentityManager::IdentityManager(SigninManagerBase* signin_manager,
     : signin_manager_(signin_manager),
       token_service_(token_service),
       account_tracker_service_(account_tracker_service) {
+  // Initialize the state of the primary account.
   primary_account_info_ = signin_manager_->GetAuthenticatedAccountInfo();
+
+  // Initialize the state of accounts with refresh tokens.
+  // |account_id| is moved into |accounts_with_refresh_tokens_|.
+  // Do not change this to "const std::string&".
+  for (std::string account_id : token_service->GetAccounts()) {
+    AccountInfo account_info =
+        account_tracker_service_->GetAccountInfo(account_id);
+    DCHECK(!account_info.IsEmpty());
+    accounts_with_refresh_tokens_.emplace(std::move(account_id),
+                                          std::move(account_info));
+  }
+
   signin_manager_->AddObserver(this);
 #if !defined(OS_CHROMEOS)
   SigninManager::FromSigninManagerBase(signin_manager_)
@@ -83,6 +96,29 @@ bool IdentityManager::HasPrimaryAccount() {
   return !primary_account_info_.account_id.empty();
 }
 
+std::vector<AccountInfo> IdentityManager::GetAccountsWithRefreshTokens() {
+  // TODO(blundell): It seems wasteful to construct this vector every time this
+  // method is called, but it also seems bad to maintain the vector as an ivar
+  // along the map.
+  std::vector<AccountInfo> accounts;
+  accounts.reserve(accounts_with_refresh_tokens_.size());
+
+  for (const auto& pair : accounts_with_refresh_tokens_) {
+    accounts.push_back(pair.second);
+  }
+
+  return accounts;
+}
+
+bool IdentityManager::HasAccountWithRefreshToken(
+    const std::string& account_id) {
+  return base::ContainsKey(accounts_with_refresh_tokens_, account_id);
+}
+
+bool IdentityManager::HasPrimaryAccountWithRefreshToken() {
+  return HasAccountWithRefreshToken(GetPrimaryAccountInfo().account_id);
+}
+
 std::unique_ptr<AccessTokenFetcher>
 IdentityManager::CreateAccessTokenFetcherForAccount(
     const std::string& account_id,
@@ -197,6 +233,20 @@ void IdentityManager::WillFireOnRefreshTokenAvailable(
   AccountInfo account_info =
       account_tracker_service_->GetAccountInfo(account_id);
   DCHECK(!account_info.IsEmpty());
+
+  // Insert the account into |accounts_with_refresh_tokens_|.
+  auto insertion_result = accounts_with_refresh_tokens_.emplace(
+      account_id, std::move(account_info));
+
+  // The account might have already been  present (e.g., this method can fire on
+  // updating an invalid token to a valid one or vice versa); in this case we
+  // sanity-check that the cached account info has the expected values.
+  if (!insertion_result.second) {
+    AccountInfo cached_account_info = insertion_result.first->second;
+    DCHECK_EQ(account_info.gaia, cached_account_info.gaia);
+    DCHECK_EQ(account_info.email, cached_account_info.email);
+  }
+
   for (auto& observer : observer_list_) {
     observer.OnRefreshTokenUpdatedForAccount(account_info, is_valid);
   }
@@ -207,6 +257,11 @@ void IdentityManager::WillFireOnRefreshTokenRevoked(
   AccountInfo account_info =
       account_tracker_service_->GetAccountInfo(account_id);
   DCHECK(!account_info.IsEmpty());
+
+  auto iterator = accounts_with_refresh_tokens_.find(account_id);
+  DCHECK(iterator != accounts_with_refresh_tokens_.end());
+  accounts_with_refresh_tokens_.erase(iterator);
+
   for (auto& observer : observer_list_) {
     observer.OnRefreshTokenRemovedForAccount(account_info);
   }

services/identity/public/cpp/identity_manager.h

@@ -120,6 +120,20 @@ class IdentityManager : public SigninManagerBase::Observer,
   // primary account info has a valid account ID.
   bool HasPrimaryAccount();
 
+  // Provides access to the latest cached information of all accounts that have
+  // refresh tokens.
+  // NOTE: The accounts should not be assumed to be in any particular order; in
+  // particular, they are not guaranteed to be in the order in which the
+  // refresh tokens were added.
+  std::vector<AccountInfo> GetAccountsWithRefreshTokens();
+
+  // Returns true if a refresh token exists for |account_id|.
+  bool HasAccountWithRefreshToken(const std::string& account_id);
+
+  // Returns true if (a) the primary account exists, and (b) a refresh token
+  // exists for the primary account.
+  bool HasPrimaryAccountWithRefreshToken();
+
   // Creates an AccessTokenFetcher given the passed-in information.
   std::unique_ptr<AccessTokenFetcher> CreateAccessTokenFetcherForAccount(
       const std::string& account_id,
@@ -218,6 +232,10 @@ class IdentityManager : public SigninManagerBase::Observer,
   // The latest (cached) value of the primary account.
   AccountInfo primary_account_info_;
 
+  // The latest (cached) value of the accounts with refresh tokens.
+  using AccountIDToAccountInfoMap = std::map<std::string, AccountInfo>;
+  AccountIDToAccountInfoMap accounts_with_refresh_tokens_;
+
   // Lists of observers.
   // Makes sure lists are empty on destruction.
   base::ObserverList<Observer, true> observer_list_;

services/identity/public/cpp/identity_manager_unittest.cc

@@ -25,8 +25,11 @@ using SigninManagerForTest = FakeSigninManager;
 #endif  // OS_CHROMEOS
 
 const char kTestGaiaId[] = "dummyId";
+const char kTestGaiaId2[] = "dummyId2";
+const char kTestGaiaId3[] = "dummyId3";
 const char kTestEmail[] = "me@gmail.com";
 const char kTestEmail2[] = "me2@gmail.com";
+const char kTestEmail3[] = "me3@gmail.com";
 
 #if defined(OS_CHROMEOS)
 const char kTestEmailWithPeriod[] = "m.e@gmail.com";
@@ -479,6 +482,395 @@ TEST_F(IdentityManagerTest, HasPrimaryAccount) {
 #endif
 }
 
+TEST_F(IdentityManagerTest, GetAccountsInteractionWithPrimaryAccount) {
+  // Should not have any refresh tokens at initialization.
+  EXPECT_TRUE(identity_manager()->GetAccountsWithRefreshTokens().empty());
+
+  std::string account_id = signin_manager()->GetAuthenticatedAccountId();
+
+  // Add a refresh token for the primary account and check that it shows up in
+  // GetAccountsWithRefreshTokens().
+  SetRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+
+  std::vector<AccountInfo> accounts_after_update =
+      identity_manager()->GetAccountsWithRefreshTokens();
+
+  EXPECT_EQ(1u, accounts_after_update.size());
+  EXPECT_EQ(accounts_after_update[0].account_id, account_id);
+  EXPECT_EQ(accounts_after_update[0].gaia, kTestGaiaId);
+  EXPECT_EQ(accounts_after_update[0].email, kTestEmail);
+
+  // Update the token and check that it doesn't change the state (or blow up).
+  SetRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+
+  std::vector<AccountInfo> accounts_after_second_update =
+      identity_manager()->GetAccountsWithRefreshTokens();
+
+  EXPECT_EQ(1u, accounts_after_second_update.size());
+  EXPECT_EQ(accounts_after_second_update[0].account_id, account_id);
+  EXPECT_EQ(accounts_after_second_update[0].gaia, kTestGaiaId);
+  EXPECT_EQ(accounts_after_second_update[0].email, kTestEmail);
+
+  // Remove the token for the primary account and check that this is likewise
+  // reflected.
+  RemoveRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+
+  EXPECT_TRUE(identity_manager()->GetAccountsWithRefreshTokens().empty());
+}
+
+TEST_F(IdentityManagerTest,
+       QueryingOfRefreshTokensInteractionWithPrimaryAccount) {
+  AccountInfo account_info = identity_manager()->GetPrimaryAccountInfo();
+  std::string account_id = account_info.account_id;
+
+  // Should not have a refresh token for the primary account at initialization.
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshToken(account_info.account_id));
+  EXPECT_FALSE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  // Add a refresh token for the primary account and check that it affects this
+  // state.
+  SetRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshToken(account_info.account_id));
+  EXPECT_TRUE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  // Update the token and check that it doesn't change the state (or blow up).
+  SetRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshToken(account_info.account_id));
+  EXPECT_TRUE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  // Remove the token for the primary account and check that this is likewise
+  // reflected.
+  RemoveRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshToken(account_info.account_id));
+  EXPECT_FALSE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+}
+
+TEST_F(IdentityManagerTest, GetAccountsReflectsNonemptyInitialState) {
+  EXPECT_TRUE(identity_manager()->GetAccountsWithRefreshTokens().empty());
+
+  std::string account_id = signin_manager()->GetAuthenticatedAccountId();
+
+  // Add a refresh token for the primary account and sanity-check that it shows
+  // up in GetAccountsWithRefreshTokens().
+  SetRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+
+  std::vector<AccountInfo> accounts_after_update =
+      identity_manager()->GetAccountsWithRefreshTokens();
+
+  EXPECT_EQ(1u, accounts_after_update.size());
+  EXPECT_EQ(accounts_after_update[0].account_id, account_id);
+  EXPECT_EQ(accounts_after_update[0].gaia, kTestGaiaId);
+  EXPECT_EQ(accounts_after_update[0].email, kTestEmail);
+
+  // Recreate the IdentityManager and check that the newly-created instance
+  // reflects the current state.
+  RecreateIdentityManager();
+
+  std::vector<AccountInfo> accounts_after_recreation =
+      identity_manager()->GetAccountsWithRefreshTokens();
+  EXPECT_EQ(1u, accounts_after_recreation.size());
+  EXPECT_EQ(accounts_after_recreation[0].account_id, account_id);
+  EXPECT_EQ(accounts_after_recreation[0].gaia, kTestGaiaId);
+  EXPECT_EQ(accounts_after_recreation[0].email, kTestEmail);
+}
+
+TEST_F(IdentityManagerTest,
+       QueryingOfRefreshTokensReflectsNonemptyInitialState) {
+  AccountInfo account_info = identity_manager()->GetPrimaryAccountInfo();
+  std::string account_id = account_info.account_id;
+
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshToken(account_info.account_id));
+  EXPECT_FALSE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  SetRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshToken(account_info.account_id));
+  EXPECT_TRUE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  // Recreate the IdentityManager and check that the newly-created instance
+  // reflects the current state.
+  RecreateIdentityManager();
+
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshToken(account_info.account_id));
+  EXPECT_TRUE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+}
+
+TEST_F(IdentityManagerTest, GetAccountsInteractionWithSecondaryAccounts) {
+  // Should not have any refresh tokens at initialization.
+  EXPECT_TRUE(identity_manager()->GetAccountsWithRefreshTokens().empty());
+
+  // Add a refresh token for a secondary account and check that it shows up in
+  // GetAccountsWithRefreshTokens().
+  account_tracker()->SeedAccountInfo(kTestGaiaId2, kTestEmail2);
+  std::string account_id2 =
+      account_tracker()->FindAccountInfoByGaiaId(kTestGaiaId2).account_id;
+  SetRefreshTokenForAccount(token_service(), identity_manager(), account_id2);
+
+  std::vector<AccountInfo> accounts_after_update =
+      identity_manager()->GetAccountsWithRefreshTokens();
+
+  EXPECT_EQ(1u, accounts_after_update.size());
+  EXPECT_EQ(accounts_after_update[0].account_id, account_id2);
+  EXPECT_EQ(accounts_after_update[0].gaia, kTestGaiaId2);
+  EXPECT_EQ(accounts_after_update[0].email, kTestEmail2);
+
+  // Add a refresh token for a different secondary account and check that it
+  // also shows up in GetAccountsWithRefreshTokens().
+  account_tracker()->SeedAccountInfo(kTestGaiaId3, kTestEmail3);
+  std::string account_id3 =
+      account_tracker()->FindAccountInfoByGaiaId(kTestGaiaId3).account_id;
+  SetRefreshTokenForAccount(token_service(), identity_manager(), account_id3);
+
+  std::vector<AccountInfo> accounts_after_second_update =
+      identity_manager()->GetAccountsWithRefreshTokens();
+  EXPECT_EQ(2u, accounts_after_second_update.size());
+
+  for (AccountInfo account_info : accounts_after_second_update) {
+    if (account_info.account_id == account_id2) {
+      EXPECT_EQ(account_info.gaia, kTestGaiaId2);
+      EXPECT_EQ(account_info.email, kTestEmail2);
+    } else {
+      EXPECT_EQ(account_info.gaia, kTestGaiaId3);
+      EXPECT_EQ(account_info.email, kTestEmail3);
+    }
+  }
+
+  // Remove the token for account2 and check that account3 is still present.
+  RemoveRefreshTokenForAccount(token_service(), identity_manager(),
+                               account_id2);
+
+  std::vector<AccountInfo> accounts_after_third_update =
+      identity_manager()->GetAccountsWithRefreshTokens();
+
+  EXPECT_EQ(1u, accounts_after_third_update.size());
+  EXPECT_EQ(accounts_after_third_update[0].account_id, account_id3);
+  EXPECT_EQ(accounts_after_third_update[0].gaia, kTestGaiaId3);
+  EXPECT_EQ(accounts_after_third_update[0].email, kTestEmail3);
+}
+
+TEST_F(IdentityManagerTest,
+       HasPrimaryAccountWithRefreshTokenInteractionWithSecondaryAccounts) {
+  EXPECT_FALSE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  // Adding a refresh token for a secondary account shouldn't change anything
+  // about the primary account
+  account_tracker()->SeedAccountInfo(kTestGaiaId2, kTestEmail2);
+  std::string account_id2 =
+      account_tracker()->FindAccountInfoByGaiaId(kTestGaiaId2).account_id;
+  SetRefreshTokenForAccount(token_service(), identity_manager(), account_id2);
+
+  EXPECT_FALSE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  // Adding a refresh token for a different secondary account should not do so
+  // either.
+  account_tracker()->SeedAccountInfo(kTestGaiaId3, kTestEmail3);
+  std::string account_id3 =
+      account_tracker()->FindAccountInfoByGaiaId(kTestGaiaId3).account_id;
+  SetRefreshTokenForAccount(token_service(), identity_manager(), account_id3);
+
+  EXPECT_FALSE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  // Removing the token for account2 should have no effect.
+  RemoveRefreshTokenForAccount(token_service(), identity_manager(),
+                               account_id2);
+
+  EXPECT_FALSE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+}
+
+TEST_F(IdentityManagerTest,
+       HasAccountWithRefreshTokenInteractionWithSecondaryAccounts) {
+  account_tracker()->SeedAccountInfo(kTestGaiaId2, kTestEmail2);
+  AccountInfo account_info2 =
+      account_tracker()->FindAccountInfoByGaiaId(kTestGaiaId2);
+  std::string account_id2 = account_info2.account_id;
+
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshToken(account_info2.account_id));
+
+  // Add a refresh token for account_info2 and check that this is reflected by
+  // HasAccountWithRefreshToken(.account_id).
+  SetRefreshTokenForAccount(token_service(), identity_manager(), account_id2);
+
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshToken(account_info2.account_id));
+
+  // Go through the same process for a different secondary account.
+  account_tracker()->SeedAccountInfo(kTestGaiaId3, kTestEmail3);
+  AccountInfo account_info3 =
+      account_tracker()->FindAccountInfoByGaiaId(kTestGaiaId3);
+  std::string account_id3 = account_info3.account_id;
+
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshToken(account_info2.account_id));
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshToken(account_info3.account_id));
+
+  SetRefreshTokenForAccount(token_service(), identity_manager(), account_id3);
+
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshToken(account_info2.account_id));
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshToken(account_info3.account_id));
+
+  // Remove the token for account2.
+  RemoveRefreshTokenForAccount(token_service(), identity_manager(),
+                               account_id2);
+
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshToken(account_info2.account_id));
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshToken(account_info3.account_id));
+}
+
+TEST_F(IdentityManagerTest,
+       GetAccountsInteractionBetweenPrimaryAndSecondaryAccounts) {
+  // Should not have any refresh tokens at initialization.
+  EXPECT_TRUE(identity_manager()->GetAccountsWithRefreshTokens().empty());
+
+  // Add a refresh token for a secondary account and check that it shows up in
+  // GetAccountsWithRefreshTokens().
+  account_tracker()->SeedAccountInfo(kTestGaiaId2, kTestEmail2);
+  std::string account_id2 =
+      account_tracker()->FindAccountInfoByGaiaId(kTestGaiaId2).account_id;
+  SetRefreshTokenForAccount(token_service(), identity_manager(), account_id2);
+
+  std::vector<AccountInfo> accounts_after_update =
+      identity_manager()->GetAccountsWithRefreshTokens();
+
+  EXPECT_EQ(1u, accounts_after_update.size());
+  EXPECT_EQ(accounts_after_update[0].account_id, account_id2);
+  EXPECT_EQ(accounts_after_update[0].gaia, kTestGaiaId2);
+  EXPECT_EQ(accounts_after_update[0].email, kTestEmail2);
+
+  EXPECT_FALSE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  // Add a refresh token for the primary account and check that it
+  // also shows up in GetAccountsWithRefreshTokens().
+  std::string primary_account_id =
+      signin_manager()->GetAuthenticatedAccountId();
+  SetRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+
+  std::vector<AccountInfo> accounts_after_second_update =
+      identity_manager()->GetAccountsWithRefreshTokens();
+  EXPECT_EQ(2u, accounts_after_second_update.size());
+
+  for (AccountInfo account_info : accounts_after_second_update) {
+    if (account_info.account_id == account_id2) {
+      EXPECT_EQ(account_info.gaia, kTestGaiaId2);
+      EXPECT_EQ(account_info.email, kTestEmail2);
+    } else {
+      EXPECT_EQ(account_info.gaia, kTestGaiaId);
+      EXPECT_EQ(account_info.email, kTestEmail);
+    }
+  }
+
+  EXPECT_TRUE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  // Remove the token for the primary account and check that account2 is still
+  // present.
+  RemoveRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+
+  std::vector<AccountInfo> accounts_after_third_update =
+      identity_manager()->GetAccountsWithRefreshTokens();
+
+  EXPECT_EQ(1u, accounts_after_third_update.size());
+  EXPECT_EQ(accounts_after_update[0].account_id, account_id2);
+  EXPECT_EQ(accounts_after_update[0].gaia, kTestGaiaId2);
+  EXPECT_EQ(accounts_after_update[0].email, kTestEmail2);
+
+  EXPECT_FALSE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+}
+
+TEST_F(
+    IdentityManagerTest,
+    HasPrimaryAccountWithRefreshTokenInteractionBetweenPrimaryAndSecondaryAccounts) {
+  EXPECT_FALSE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  // Add a refresh token for a secondary account and check that it doesn't
+  // impact the above state.
+  account_tracker()->SeedAccountInfo(kTestGaiaId2, kTestEmail2);
+  std::string account_id2 =
+      account_tracker()->FindAccountInfoByGaiaId(kTestGaiaId2).account_id;
+  SetRefreshTokenForAccount(token_service(), identity_manager(), account_id2);
+
+  EXPECT_FALSE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  // Add a refresh token for the primary account and check that it
+  // *does* impact the stsate of HasPrimaryAccountWithRefreshToken().
+  std::string primary_account_id =
+      signin_manager()->GetAuthenticatedAccountId();
+  SetRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+
+  EXPECT_TRUE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  // Remove the token for the secondary account and check that this doesn't flip
+  // the state.
+  RemoveRefreshTokenForAccount(token_service(), identity_manager(),
+                               account_id2);
+
+  EXPECT_TRUE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+
+  // Remove the token for the primary account and check that this flips the
+  // state.
+  RemoveRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+
+  EXPECT_FALSE(identity_manager()->HasPrimaryAccountWithRefreshToken());
+}
+
+TEST_F(
+    IdentityManagerTest,
+    HasAccountWithRefreshTokenInteractionBetweenPrimaryAndSecondaryAccounts) {
+  AccountInfo primary_account_info =
+      identity_manager()->GetPrimaryAccountInfo();
+  std::string primary_account_id = primary_account_info.account_id;
+
+  account_tracker()->SeedAccountInfo(kTestGaiaId2, kTestEmail2);
+  AccountInfo account_info2 =
+      account_tracker()->FindAccountInfoByGaiaId(kTestGaiaId2);
+  std::string account_id2 = account_info2.account_id;
+
+  EXPECT_FALSE(identity_manager()->HasAccountWithRefreshToken(
+      primary_account_info.account_id));
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshToken(account_info2.account_id));
+
+  // Add a refresh token for account_info2 and check that this is reflected by
+  // HasAccountWithRefreshToken(.account_id).
+  SetRefreshTokenForAccount(token_service(), identity_manager(), account_id2);
+
+  EXPECT_FALSE(identity_manager()->HasAccountWithRefreshToken(
+      primary_account_info.account_id));
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshToken(account_info2.account_id));
+
+  // Go through the same process for the primary account.
+  SetRefreshTokenForPrimaryAccount(token_service(), identity_manager());
+
+  EXPECT_TRUE(identity_manager()->HasAccountWithRefreshToken(
+      primary_account_info.account_id));
+  EXPECT_TRUE(
+      identity_manager()->HasAccountWithRefreshToken(account_info2.account_id));
+
+  // Remove the token for account2.
+  RemoveRefreshTokenForAccount(token_service(), identity_manager(),
+                               account_id2);
+
+  EXPECT_TRUE(identity_manager()->HasAccountWithRefreshToken(
+      primary_account_info.account_id));
+  EXPECT_FALSE(
+      identity_manager()->HasAccountWithRefreshToken(account_info2.account_id));
+}
+
 TEST_F(IdentityManagerTest, RemoveAccessTokenFromCache) {
   std::set<std::string> scopes{"scope"};
   std::string access_token = "access_token";