[signin] Split Dice and Mirror specific logic out of AccountReconcilor

This CL creates a AccountReconcilorDelegate class, with two subclasses
specialized for Mirror and Dice respectively.

Bug: 777774
Cq-Include-Trybots: master.tryserver.chromium.mac:ios-simulator-cronet;master.tryserver.chromium.mac:ios-simulator-full-configs
Change-Id: I4bdb4ecee7d4f12e910a2704a09802c383bca9bb
Reviewed-on: https://chromium-review.googlesource.com/766368
Commit-Queue: David Roger <droger@chromium.org>
Reviewed-by: Mihai Sardarescu <msarda@chromium.org>
Cr-Commit-Position: refs/heads/master@{#517347}

chrome/browser/signin/account_reconcilor_factory.cc

@@ -4,12 +4,24 @@
 
 #include "chrome/browser/signin/account_reconcilor_factory.h"
 
+#include <utility>
+
+#include "base/logging.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/chrome_signin_client_factory.h"
 #include "chrome/browser/signin/gaia_cookie_manager_service_factory.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "components/keyed_service/content/browser_context_dependency_manager.h"
+#include "components/signin/core/browser/account_reconcilor.h"
+#include "components/signin/core/browser/account_reconcilor_delegate.h"
+#include "components/signin/core/browser/mirror_account_reconcilor_delegate.h"
+#include "components/signin/core/browser/profile_management_switches.h"
+#include "components/signin/core/browser/signin_features.h"
+
+#if BUILDFLAG(ENABLE_DICE_SUPPORT)
+#include "components/signin/core/browser/dice_account_reconcilor_delegate.h"
+#endif
 
 AccountReconcilorFactory::AccountReconcilorFactory()
     : BrowserContextKeyedServiceFactory(
@@ -43,12 +55,41 @@ KeyedService* AccountReconcilorFactory::BuildServiceInstanceFor(
       SigninManagerFactory::GetForProfile(profile),
       ChromeSigninClientFactory::GetForProfile(profile),
       GaiaCookieManagerServiceFactory::GetForProfile(profile),
-      profile->IsNewProfile());
+      CreateAccountReconcilorDelegate(profile));
   reconcilor->Initialize(true /* start_reconcile_if_tokens_available */);
   return reconcilor;
 }
 
 void AccountReconcilorFactory::RegisterProfilePrefs(
     user_prefs::PrefRegistrySyncable* registry) {
-  AccountReconcilor::RegisterProfilePrefs(registry);
+#if BUILDFLAG(ENABLE_DICE_SUPPORT)
+  signin::DiceAccountReconcilorDelegate::RegisterProfilePrefs(registry);
+#endif
+}
+
+// static
+std::unique_ptr<signin::AccountReconcilorDelegate>
+AccountReconcilorFactory::CreateAccountReconcilorDelegate(Profile* profile) {
+  std::unique_ptr<signin::AccountReconcilorDelegate> delegate;
+  switch (signin::GetAccountConsistencyMethod()) {
+    case signin::AccountConsistencyMethod::kMirror:
+      delegate = std::make_unique<signin::MirrorAccountReconcilorDelegate>(
+          SigninManagerFactory::GetForProfile(profile));
+      break;
+    case signin::AccountConsistencyMethod::kDisabled:
+    case signin::AccountConsistencyMethod::kDiceFixAuthErrors:
+      delegate = std::make_unique<signin::AccountReconcilorDelegate>();
+      break;
+    case signin::AccountConsistencyMethod::kDicePrepareMigration:
+    case signin::AccountConsistencyMethod::kDiceMigration:
+    case signin::AccountConsistencyMethod::kDice:
+#if BUILDFLAG(ENABLE_DICE_SUPPORT)
+      delegate = std::make_unique<signin::DiceAccountReconcilorDelegate>(
+          profile->GetPrefs(), profile->IsNewProfile());
+#else
+      NOTREACHED();
+#endif
+      break;
+  }
+  return delegate;
 }

chrome/browser/signin/account_reconcilor_factory.h

@@ -5,10 +5,16 @@
 #ifndef CHROME_BROWSER_SIGNIN_ACCOUNT_RECONCILOR_FACTORY_H_
 #define CHROME_BROWSER_SIGNIN_ACCOUNT_RECONCILOR_FACTORY_H_
 
+#include <memory>
+
 #include "base/memory/singleton.h"
 #include "components/keyed_service/content/browser_context_keyed_service_factory.h"
-#include "components/signin/core/browser/account_reconcilor.h"
 
+namespace signin {
+class AccountReconcilorDelegate;
+}
+
+class AccountReconcilor;
 class Profile;
 
 // Singleton that owns all AccountReconcilors and associates them with
@@ -25,10 +31,15 @@ class AccountReconcilorFactory : public BrowserContextKeyedServiceFactory {
 
  private:
   friend struct base::DefaultSingletonTraits<AccountReconcilorFactory>;
+  friend class DummyAccountReconcilorWithDelegate;  // For testing.
 
   AccountReconcilorFactory();
   ~AccountReconcilorFactory() override;
 
+  // Creates the AccountReconcilorDelegate.
+  static std::unique_ptr<signin::AccountReconcilorDelegate>
+  CreateAccountReconcilorDelegate(Profile* profile);
+
   // BrowserContextKeyedServiceFactory:
   KeyedService* BuildServiceInstanceFor(
       content::BrowserContext* profile) const override;

chrome/browser/signin/account_reconcilor_unittest.cc

@@ -8,7 +8,6 @@
 
 #include "base/command_line.h"
 #include "base/macros.h"
-#include "base/memory/ptr_util.h"
 #include "base/run_loop.h"
 #include "base/scoped_observer.h"
 #include "base/strings/utf_string_conversions.h"
@@ -30,6 +29,7 @@
 #include "chrome/test/base/testing_profile_manager.h"
 #include "components/signin/core/browser/account_reconcilor.h"
 #include "components/signin/core/browser/account_tracker_service.h"
+#include "components/signin/core/browser/dice_account_reconcilor_delegate.h"
 #include "components/signin/core/browser/fake_gaia_cookie_manager_service.h"
 #include "components/signin/core/browser/fake_profile_oauth2_token_service.h"
 #include "components/signin/core/browser/profile_management_switches.h"
@@ -49,17 +49,32 @@
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
+// gmock does not allow mocking classes with move-only parameters, preventing
+// from mocking the AccountReconcilor class directly (because of the
+// unique_ptr<AccountReconcilorDelegate> parameter).
+// Introduce a dummy class creating the delegate internally, to avoid the move.
+class DummyAccountReconcilorWithDelegate : public AccountReconcilor {
+ public:
+  explicit DummyAccountReconcilorWithDelegate(Profile* profile)
+      : AccountReconcilor(
+            ProfileOAuth2TokenServiceFactory::GetForProfile(profile),
+            SigninManagerFactory::GetForProfile(profile),
+            ChromeSigninClientFactory::GetForProfile(profile),
+            GaiaCookieManagerServiceFactory::GetForProfile(profile),
+            AccountReconcilorFactory::CreateAccountReconcilorDelegate(
+                profile)) {
+    Initialize(false /* start_reconcile_if_tokens_available */);
+  }
+};
+
 namespace {
 
-class MockAccountReconcilor : public testing::StrictMock<AccountReconcilor> {
+class MockAccountReconcilor
+    : public testing::StrictMock<DummyAccountReconcilorWithDelegate> {
  public:
   static std::unique_ptr<KeyedService> Build(content::BrowserContext* context);
 
-  MockAccountReconcilor(ProfileOAuth2TokenService* token_service,
-                        SigninManagerBase* signin_manager,
-                        SigninClient* client,
-                        GaiaCookieManagerService* cookie_manager_service);
-  ~MockAccountReconcilor() override {}
+  explicit MockAccountReconcilor(Profile* profile);
 
   MOCK_METHOD1(PerformMergeAction, void(const std::string& account_id));
   MOCK_METHOD0(PerformLogoutAllAccountsAction, void());
@@ -69,25 +84,11 @@ class MockAccountReconcilor : public testing::StrictMock<AccountReconcilor> {
 std::unique_ptr<KeyedService> MockAccountReconcilor::Build(
     content::BrowserContext* context) {
   Profile* profile = Profile::FromBrowserContext(context);
-  std::unique_ptr<AccountReconcilor> reconcilor(new MockAccountReconcilor(
-      ProfileOAuth2TokenServiceFactory::GetForProfile(profile),
-      SigninManagerFactory::GetForProfile(profile),
-      ChromeSigninClientFactory::GetForProfile(profile),
-      GaiaCookieManagerServiceFactory::GetForProfile(profile)));
-  reconcilor->Initialize(false /* start_reconcile_if_tokens_available */);
-  return std::move(reconcilor);
+  return std::make_unique<MockAccountReconcilor>(profile);
 }
 
-MockAccountReconcilor::MockAccountReconcilor(
-    ProfileOAuth2TokenService* token_service,
-    SigninManagerBase* signin_manager,
-    SigninClient* client,
-    GaiaCookieManagerService* cookie_manager_service)
-    : testing::StrictMock<AccountReconcilor>(token_service,
-                                             signin_manager,
-                                             client,
-                                             cookie_manager_service,
-                                             false /* is_new_profile */) {}
+MockAccountReconcilor::MockAccountReconcilor(Profile* profile)
+    : testing::StrictMock<DummyAccountReconcilorWithDelegate>(profile) {}
 
 }  // namespace
 
@@ -271,6 +272,7 @@ TEST_F(AccountReconcilorTest, Basic) {
 // method with an empty implementation. On MacOS, the normal implementation
 // causes the try_bots to time out.
 TEST_F(AccountReconcilorTest, SigninManagerRegistration) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   AccountReconcilor* reconcilor =
       AccountReconcilorFactory::GetForProfile(profile());
   ASSERT_TRUE(reconcilor);
@@ -292,6 +294,7 @@ TEST_F(AccountReconcilorTest, SigninManagerRegistration) {
 // method with an empty implementation. On MacOS, the normal implementation
 // causes the try_bots to time out.
 TEST_F(AccountReconcilorTest, Reauth) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string email = "user@gmail.com";
   const std::string account_id =
       ConnectProfileToAccount("12345", email);
@@ -309,6 +312,7 @@ TEST_F(AccountReconcilorTest, Reauth) {
 #endif  // !defined(OS_CHROMEOS)
 
 TEST_F(AccountReconcilorTest, ProfileAlreadyConnected) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   ConnectProfileToAccount("12345", "user@gmail.com");
 
   AccountReconcilor* reconcilor =
@@ -895,10 +899,13 @@ TEST_F(AccountReconcilorTest, DiceMigrationAfterNoop) {
   cookie_manager_service()->SetListAccountsResponseOneAccount("user@gmail.com",
                                                               "12345");
   AccountReconcilor* reconcilor = GetMockReconcilor();
+  signin::DiceAccountReconcilorDelegate* dice_delegate =
+      static_cast<signin::DiceAccountReconcilorDelegate*>(
+          reconcilor->delegate_.get());
 
   // Dice is not enabled by default.
   ASSERT_FALSE(signin::IsDiceEnabledForProfile(profile()->GetPrefs()));
-  EXPECT_FALSE(reconcilor->IsAccountConsistencyEnforced());
+  EXPECT_FALSE(dice_delegate->IsAccountConsistencyEnforced());
 
   // No-op reconcile.
   EXPECT_CALL(*GetMockReconcilor(), PerformMergeAction(testing::_)).Times(0);
@@ -910,9 +917,10 @@ TEST_F(AccountReconcilorTest, DiceMigrationAfterNoop) {
   ASSERT_EQ(signin_metrics::ACCOUNT_RECONCILOR_OK, reconcilor->GetState());
 
   // Migration will happen on next startup.
-  EXPECT_TRUE(reconcilor->IsReadyForDiceMigration(false /* is_new_profile */));
+  EXPECT_TRUE(
+      dice_delegate->IsReadyForDiceMigration(false /* is_new_profile */));
   EXPECT_FALSE(signin::IsDiceEnabledForProfile(profile()->GetPrefs()));
-  EXPECT_FALSE(reconcilor->IsAccountConsistencyEnforced());
+  EXPECT_FALSE(reconcilor->delegate_->IsAccountConsistencyEnforced());
 }
 
 // Tests that the Dice migration does not happen after a busy reconcile.
@@ -926,10 +934,13 @@ TEST_F(AccountReconcilorTest, DiceNoMigrationAfterReconcile) {
   token_service()->UpdateCredentials(account_id, "refresh_token");
   cookie_manager_service()->SetListAccountsResponseNoAccounts();
   AccountReconcilor* reconcilor = GetMockReconcilor();
+  signin::DiceAccountReconcilorDelegate* dice_delegate =
+      static_cast<signin::DiceAccountReconcilorDelegate*>(
+          reconcilor->delegate_.get());
 
   // Dice is not enabled by default.
   ASSERT_FALSE(signin::IsDiceEnabledForProfile(profile()->GetPrefs()));
-  EXPECT_FALSE(reconcilor->IsAccountConsistencyEnforced());
+  EXPECT_FALSE(dice_delegate->IsAccountConsistencyEnforced());
 
   // Busy reconcile.
   EXPECT_CALL(*GetMockReconcilor(), PerformMergeAction(account_id));
@@ -942,9 +953,10 @@ TEST_F(AccountReconcilorTest, DiceNoMigrationAfterReconcile) {
   ASSERT_EQ(signin_metrics::ACCOUNT_RECONCILOR_OK, reconcilor->GetState());
 
   // Migration did not happen.
-  EXPECT_FALSE(reconcilor->IsReadyForDiceMigration(false /* is_new_profile */));
+  EXPECT_FALSE(
+      dice_delegate->IsReadyForDiceMigration(false /* is_new_profile */));
   EXPECT_FALSE(signin::IsDiceEnabledForProfile(profile()->GetPrefs()));
-  EXPECT_FALSE(reconcilor->IsAccountConsistencyEnforced());
+  EXPECT_FALSE(dice_delegate->IsAccountConsistencyEnforced());
 }
 
 #endif  // BUILDFLAG(ENABLE_DICE_SUPPORT)
@@ -952,6 +964,7 @@ TEST_F(AccountReconcilorTest, DiceNoMigrationAfterReconcile) {
 // Tests that reconcile cannot start before the tokens are loaded, and is
 // automatically started when tokens are loaded.
 TEST_F(AccountReconcilorTest, TokensNotLoaded) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   cookie_manager_service()->SetListAccountsResponseNoAccounts();
@@ -978,6 +991,7 @@ TEST_F(AccountReconcilorTest, TokensNotLoaded) {
 }
 
 TEST_F(AccountReconcilorTest, GetAccountsFromCookieSuccess) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   cookie_manager_service()->SetListAccountsResponseOneAccountWithParams(
@@ -1006,6 +1020,7 @@ TEST_F(AccountReconcilorTest, GetAccountsFromCookieSuccess) {
 }
 
 TEST_F(AccountReconcilorTest, GetAccountsFromCookieFailure) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   ConnectProfileToAccount("12345", "user@gmail.com");
   cookie_manager_service()->SetListAccountsResponseWebLoginRequired();
 
@@ -1032,6 +1047,7 @@ TEST_F(AccountReconcilorTest, GetAccountsFromCookieFailure) {
 }
 
 TEST_F(AccountReconcilorTest, StartReconcileNoop) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
 
@@ -1057,6 +1073,7 @@ TEST_F(AccountReconcilorTest, StartReconcileNoop) {
 }
 
 TEST_F(AccountReconcilorTest, StartReconcileCookiesDisabled) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   token_service()->UpdateCredentials(account_id, "refresh_token");
@@ -1078,6 +1095,7 @@ TEST_F(AccountReconcilorTest, StartReconcileCookiesDisabled) {
 }
 
 TEST_F(AccountReconcilorTest, StartReconcileContentSettings) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   token_service()->UpdateCredentials(account_id, "refresh_token");
@@ -1098,6 +1116,7 @@ TEST_F(AccountReconcilorTest, StartReconcileContentSettings) {
 }
 
 TEST_F(AccountReconcilorTest, StartReconcileContentSettingsGaiaUrl) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   token_service()->UpdateCredentials(account_id, "refresh_token");
@@ -1113,6 +1132,7 @@ TEST_F(AccountReconcilorTest, StartReconcileContentSettingsGaiaUrl) {
 }
 
 TEST_F(AccountReconcilorTest, StartReconcileContentSettingsNonGaiaUrl) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   token_service()->UpdateCredentials(account_id, "refresh_token");
@@ -1128,6 +1148,7 @@ TEST_F(AccountReconcilorTest, StartReconcileContentSettingsNonGaiaUrl) {
 }
 
 TEST_F(AccountReconcilorTest, StartReconcileContentSettingsInvalidPattern) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   token_service()->UpdateCredentials(account_id, "refresh_token");
@@ -1153,6 +1174,7 @@ TEST_F(AccountReconcilorTest, StartReconcileContentSettingsInvalidPattern) {
 // token service, will be considered the same as "dots@gmail.com" as returned
 // by gaia::ParseListAccountsData().
 TEST_F(AccountReconcilorTest, StartReconcileNoopWithDots) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   if (account_tracker()->GetMigrationState() !=
       AccountTrackerService::MIGRATION_NOT_STARTED) {
     return;
@@ -1177,6 +1199,7 @@ TEST_F(AccountReconcilorTest, StartReconcileNoopWithDots) {
 }
 
 TEST_F(AccountReconcilorTest, StartReconcileNoopMultiple) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   const std::string account_id2 =
@@ -1202,6 +1225,7 @@ TEST_F(AccountReconcilorTest, StartReconcileNoopMultiple) {
 }
 
 TEST_F(AccountReconcilorTest, StartReconcileAddToCookie) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   token_service()->UpdateCredentials(account_id, "refresh_token");
@@ -1244,6 +1268,7 @@ TEST_F(AccountReconcilorTest, StartReconcileAddToCookie) {
 // FakeSigninManagerForTesting::SignOut() which doesn't exist for ChromeOS.
 
 TEST_F(AccountReconcilorTest, SignoutAfterErrorDoesNotRecordUma) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   token_service()->UpdateCredentials(account_id, "refresh_token");
@@ -1280,6 +1305,7 @@ TEST_F(AccountReconcilorTest, SignoutAfterErrorDoesNotRecordUma) {
 #endif  // !defined(OS_CHROMEOS)
 
 TEST_F(AccountReconcilorTest, StartReconcileRemoveFromCookie) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   token_service()->UpdateCredentials(account_id, "refresh_token");
@@ -1309,6 +1335,7 @@ TEST_F(AccountReconcilorTest, StartReconcileRemoveFromCookie) {
 }
 
 TEST_F(AccountReconcilorTest, StartReconcileAddToCookieTwice) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   const std::string account_id2 =
@@ -1374,6 +1401,7 @@ TEST_F(AccountReconcilorTest, StartReconcileAddToCookieTwice) {
 }
 
 TEST_F(AccountReconcilorTest, StartReconcileBadPrimary) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   const std::string account_id2 =
@@ -1410,6 +1438,7 @@ TEST_F(AccountReconcilorTest, StartReconcileBadPrimary) {
 }
 
 TEST_F(AccountReconcilorTest, StartReconcileOnlyOnce) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   cookie_manager_service()->SetListAccountsResponseOneAccount(
@@ -1428,6 +1457,7 @@ TEST_F(AccountReconcilorTest, StartReconcileOnlyOnce) {
 }
 
 TEST_F(AccountReconcilorTest, Lock) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   cookie_manager_service()->SetListAccountsResponseOneAccount("user@gmail.com",
@@ -1456,7 +1486,7 @@ TEST_F(AccountReconcilorTest, Lock) {
 
   // Lock prevents reconcile from starting, as long as one instance is alive.
   std::unique_ptr<AccountReconcilor::Lock> lock_1 =
-      base::MakeUnique<AccountReconcilor::Lock>(reconcilor);
+      std::make_unique<AccountReconcilor::Lock>(reconcilor);
   EXPECT_EQ(1, reconcilor->account_reconcilor_lock_count_);
   reconcilor->StartReconcile();
   // lock_1 is blocking the reconcile.
@@ -1499,6 +1529,7 @@ TEST_F(AccountReconcilorTest, Lock) {
 }
 
 TEST_F(AccountReconcilorTest, StartReconcileWithSessionInfoExpiredDefault) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   const std::string account_id2 =
@@ -1524,6 +1555,7 @@ TEST_F(AccountReconcilorTest, StartReconcileWithSessionInfoExpiredDefault) {
 }
 
 TEST_F(AccountReconcilorTest, AddAccountToCookieCompletedWithBogusAccount) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   const std::string account_id =
       ConnectProfileToAccount("12345", "user@gmail.com");
   cookie_manager_service()->SetListAccountsResponseOneAccountWithParams(
@@ -1553,6 +1585,7 @@ TEST_F(AccountReconcilorTest, AddAccountToCookieCompletedWithBogusAccount) {
 }
 
 TEST_F(AccountReconcilorTest, NoLoopWithBadPrimary) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   // Connect profile to a primary account and then add a secondary account.
   const std::string account_id1 =
   ConnectProfileToAccount("12345", "user@gmail.com");
@@ -1602,6 +1635,7 @@ TEST_F(AccountReconcilorTest, NoLoopWithBadPrimary) {
 }
 
 TEST_F(AccountReconcilorTest, WontMergeAccountsWithError) {
+  signin::ScopedAccountConsistencyMirror scoped_mirror;
   // Connect profile to a primary account and then add a secondary account.
   const std::string account_id1 =
   ConnectProfileToAccount("12345", "user@gmail.com");
@@ -1636,58 +1670,3 @@ TEST_F(AccountReconcilorTest, WontMergeAccountsWithError) {
   ASSERT_FALSE(reconcilor->is_reconcile_started_);
   ASSERT_FALSE(reconcilor->error_during_last_reconcile_);
 }
-
-#if BUILDFLAG(ENABLE_DICE_SUPPORT)
-// Checks that Dice migration happens when the reconcilor is created.
-TEST(AccountReconcilorMigrationTest, MigrateAtCreation) {
-  sync_preferences::TestingPrefServiceSyncable pref_service;
-  AccountReconcilor::RegisterProfilePrefs(pref_service.registry());
-  signin::RegisterAccountConsistencyProfilePrefs(pref_service.registry());
-  TestSigninClient signin_client(&pref_service);
-
-  {
-    // Migration does not happen if SetDiceMigrationOnStartup() is not called.
-    signin::ScopedAccountConsistencyDiceMigration scoped_dice_migration;
-    EXPECT_FALSE(signin::IsDiceEnabledForProfile(&pref_service));
-    AccountReconcilor reconcilor(nullptr, nullptr, &signin_client, nullptr,
-                                 false /* is_new_profile */);
-    EXPECT_FALSE(
-        reconcilor.IsReadyForDiceMigration(false /* is_new_profile */));
-    EXPECT_FALSE(signin::IsDiceEnabledForProfile(&pref_service));
-  }
-
-  AccountReconcilor::SetDiceMigrationOnStartup(&pref_service, true);
-
-  {
-    // Migration does not happen if Dice is not enabled.
-    signin::ScopedAccountConsistencyDiceFixAuthErrors scoped_dice_fix_errors;
-    AccountReconcilor reconcilor(nullptr, nullptr, &signin_client, nullptr,
-                                 false /* is_new_profile */);
-    EXPECT_TRUE(reconcilor.IsReadyForDiceMigration(false /* is_new_profile */));
-    EXPECT_FALSE(signin::IsDiceEnabledForProfile(&pref_service));
-  }
-
-  {
-    // Migration happens.
-    signin::ScopedAccountConsistencyDiceMigration scoped_dice_migration;
-    AccountReconcilor reconcilor(nullptr, nullptr, &signin_client, nullptr,
-                                 false /* is_new_profile */);
-    EXPECT_TRUE(reconcilor.IsReadyForDiceMigration(false /* is_new_profile */));
-    EXPECT_TRUE(signin::IsDiceEnabledForProfile(&pref_service));
-  }
-}
-
-// Checks that new profiles are migrated at creation.
-TEST(AccountReconcilorMigrationTest, NewProfile) {
-  signin::ScopedAccountConsistencyDiceMigration scoped_dice_migration;
-  sync_preferences::TestingPrefServiceSyncable pref_service;
-  AccountReconcilor::RegisterProfilePrefs(pref_service.registry());
-  signin::RegisterAccountConsistencyProfilePrefs(pref_service.registry());
-  TestSigninClient signin_client(&pref_service);
-
-  EXPECT_FALSE(signin::IsDiceEnabledForProfile(&pref_service));
-  AccountReconcilor reconcilor(nullptr, nullptr, &signin_client, nullptr,
-                               true /* is_new_profile */);
-  EXPECT_TRUE(signin::IsDiceEnabledForProfile(&pref_service));
-}
-#endif  // BUILDFLAG(ENABLE_DICE_SUPPORT)

chrome/browser/signin/dice_response_handler_unittest.cc

@@ -8,7 +8,6 @@
 
 #include "base/command_line.h"
 #include "base/macros.h"
-#include "base/memory/ptr_util.h"
 #include "base/memory/ref_counted.h"
 #include "base/message_loop/message_loop.h"
 #include "base/scoped_observer.h"
@@ -18,6 +17,7 @@
 #include "chrome/test/base/testing_profile.h"
 #include "components/signin/core/browser/account_reconcilor.h"
 #include "components/signin/core/browser/account_tracker_service.h"
+#include "components/signin/core/browser/dice_account_reconcilor_delegate.h"
 #include "components/signin/core/browser/fake_signin_manager.h"
 #include "components/signin/core/browser/profile_management_switches.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
@@ -114,7 +114,7 @@ class DiceResponseHandlerTest : public testing::Test,
         request_context_getter_(
             new net::TestURLRequestContextGetter(task_runner_)),
         signin_client_(&pref_service_),
-        token_service_(base::MakeUnique<FakeOAuth2TokenServiceDelegate>(
+        token_service_(std::make_unique<FakeOAuth2TokenServiceDelegate>(
             request_context_getter_.get())),
         signin_manager_(&signin_client_,
                         &token_service_,
@@ -125,13 +125,18 @@ class DiceResponseHandlerTest : public testing::Test,
     loop_.SetTaskRunner(task_runner_);
     DCHECK_EQ(task_runner_, base::ThreadTaskRunnerHandle::Get());
     signin_client_.SetURLRequestContext(request_context_getter_.get());
-    AccountReconcilor::RegisterProfilePrefs(pref_service_.registry());
+    signin::DiceAccountReconcilorDelegate::RegisterProfilePrefs(
+        pref_service_.registry());
     AccountTrackerService::RegisterPrefs(pref_service_.registry());
     SigninManager::RegisterProfilePrefs(pref_service_.registry());
     signin::RegisterAccountConsistencyProfilePrefs(pref_service_.registry());
-    account_reconcilor_ = base::MakeUnique<AccountReconcilor>(
-        &token_service_, &signin_manager_, &signin_client_, nullptr, false);
-    dice_response_handler_ = base::MakeUnique<DiceResponseHandler>(
+    auto account_reconcilor_delegate =
+        std::make_unique<signin::DiceAccountReconcilorDelegate>(
+            &pref_service_, false /* is_new_profile */);
+    account_reconcilor_ = std::make_unique<AccountReconcilor>(
+        &token_service_, &signin_manager_, &signin_client_, nullptr,
+        std::move(account_reconcilor_delegate));
+    dice_response_handler_ = std::make_unique<DiceResponseHandler>(
         &signin_client_, &signin_manager_, &token_service_,
         &account_tracker_service_, account_reconcilor_.get());
 
@@ -211,7 +216,7 @@ TEST_F(DiceResponseHandlerTest, Signin) {
       dice_params.signin_info.gaia_id, dice_params.signin_info.email);
   ASSERT_FALSE(token_service_.RefreshTokenIsAvailable(account_id));
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   // Check that a GaiaAuthFetcher has been created.
   ASSERT_THAT(signin_client_.consumer_, testing::NotNull());
   EXPECT_EQ(1, reconcilor_blocked_count_);
@@ -240,7 +245,7 @@ TEST_F(DiceResponseHandlerTest, SigninFailure) {
       dice_params.signin_info.gaia_id, dice_params.signin_info.email);
   ASSERT_FALSE(token_service_.RefreshTokenIsAvailable(account_id));
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   EXPECT_EQ(dice_params.signin_info.gaia_id, start_token_fetch_gaia_id_);
   EXPECT_EQ(dice_params.signin_info.email, start_token_fetch_email_);
   EXPECT_EQ("", finish_token_fetch_gaia_id_);
@@ -269,7 +274,7 @@ TEST_F(DiceResponseHandlerTest, SigninRepeatedWithSameAccount) {
       dice_params.signin_info.gaia_id, dice_params.signin_info.email);
   ASSERT_FALSE(token_service_.RefreshTokenIsAvailable(account_id));
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   EXPECT_EQ(dice_params.signin_info.gaia_id, start_token_fetch_gaia_id_);
   EXPECT_EQ(dice_params.signin_info.email, start_token_fetch_email_);
   // Check that a GaiaAuthFetcher has been created.
@@ -278,7 +283,7 @@ TEST_F(DiceResponseHandlerTest, SigninRepeatedWithSameAccount) {
   // Start a second request for the same account.
   signin_client_.consumer_ = nullptr;
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   // Check that there is no new request.
   ASSERT_THAT(signin_client_.consumer_, testing::IsNull());
   // Simulate GaiaAuthFetcher success for the first request.
@@ -305,7 +310,7 @@ TEST_F(DiceResponseHandlerTest, SigninWithTwoAccounts) {
   ASSERT_FALSE(token_service_.RefreshTokenIsAvailable(account_id_2));
   // Start first request.
   dice_response_handler_->ProcessDiceHeader(
-      dice_params_1, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params_1, std::make_unique<TestProcessDiceHeaderObserver>(this));
   // Check that a GaiaAuthFetcher has been created.
   GaiaAuthConsumer* consumer_1 = signin_client_.consumer_;
   ASSERT_THAT(consumer_1, testing::NotNull());
@@ -314,7 +319,7 @@ TEST_F(DiceResponseHandlerTest, SigninWithTwoAccounts) {
   // Start second request.
   signin_client_.consumer_ = nullptr;
   dice_response_handler_->ProcessDiceHeader(
-      dice_params_2, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params_2, std::make_unique<TestProcessDiceHeaderObserver>(this));
   GaiaAuthConsumer* consumer_2 = signin_client_.consumer_;
   ASSERT_THAT(consumer_2, testing::NotNull());
   // Simulate GaiaAuthFetcher success for the first request.
@@ -339,7 +344,7 @@ TEST_F(DiceResponseHandlerTest, Timeout) {
       dice_params.signin_info.gaia_id, dice_params.signin_info.email);
   ASSERT_FALSE(token_service_.RefreshTokenIsAvailable(account_id));
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   // Check that a GaiaAuthFetcher has been created.
   ASSERT_THAT(signin_client_.consumer_, testing::NotNull());
   EXPECT_EQ(
@@ -373,7 +378,7 @@ TEST_F(DiceResponseHandlerTest, SignoutMainAccount) {
   EXPECT_TRUE(signin_manager_.IsAuthenticated());
   // Receive signout response for the main account.
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   EXPECT_EQ("", start_token_fetch_gaia_id_);
   EXPECT_EQ("", start_token_fetch_email_);
 
@@ -414,7 +419,7 @@ TEST_F(DiceResponseHandlerTest, MigrationSignout) {
 
   // Receive signout response for all accounts.
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   EXPECT_EQ("", start_token_fetch_gaia_id_);
   EXPECT_EQ("", start_token_fetch_email_);
 
@@ -448,7 +453,7 @@ TEST_F(DiceResponseHandlerTest, SignoutSecondaryAccount) {
   EXPECT_TRUE(signin_manager_.IsAuthenticated());
   // Receive signout response for the secondary account.
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   EXPECT_EQ("", start_token_fetch_gaia_id_);
   EXPECT_EQ("", start_token_fetch_email_);
 
@@ -476,7 +481,7 @@ TEST_F(DiceResponseHandlerTest, SignoutWebOnly) {
   EXPECT_FALSE(signin_manager_.IsAuthenticated());
   // Receive signout response.
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   // Only the token corresponding the the Dice parameter has been removed.
   EXPECT_FALSE(token_service_.RefreshTokenIsAvailable(account_id));
   EXPECT_TRUE(token_service_.RefreshTokenIsAvailable(kSecondaryAccountID));
@@ -501,7 +506,7 @@ TEST_F(DiceResponseHandlerTest, SigninSignoutMainAccount) {
   std::string account_id_2 = account_tracker_service_.PickAccountIdForAccount(
       dice_params_2.signin_info.gaia_id, dice_params_2.signin_info.email);
   dice_response_handler_->ProcessDiceHeader(
-      dice_params_2, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params_2, std::make_unique<TestProcessDiceHeaderObserver>(this));
   // Check that a GaiaAuthFetcher has been created and is pending.
   ASSERT_THAT(signin_client_.consumer_, testing::NotNull());
   EXPECT_EQ(
@@ -509,7 +514,7 @@ TEST_F(DiceResponseHandlerTest, SigninSignoutMainAccount) {
   ASSERT_FALSE(token_service_.RefreshTokenIsAvailable(account_id_2));
   // Signout from main account while signin for the other account is in flight.
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   // Check that the token fetcher has been canceled and all tokens erased.
   EXPECT_EQ(
       0u, dice_response_handler_->GetPendingDiceTokenFetchersCountForTesting());
@@ -533,11 +538,11 @@ TEST_F(DiceResponseHandlerTest, SigninSignoutSecondaryAccount) {
   std::string account_id_2 = account_tracker_service_.PickAccountIdForAccount(
       signin_params_2.signin_info.gaia_id, signin_params_2.signin_info.email);
   dice_response_handler_->ProcessDiceHeader(
-      signin_params_1, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      signin_params_1, std::make_unique<TestProcessDiceHeaderObserver>(this));
   ASSERT_THAT(signin_client_.consumer_, testing::NotNull());
   signin_client_.consumer_ = nullptr;
   dice_response_handler_->ProcessDiceHeader(
-      signin_params_2, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      signin_params_2, std::make_unique<TestProcessDiceHeaderObserver>(this));
   ASSERT_THAT(signin_client_.consumer_, testing::NotNull());
   EXPECT_EQ(
       2u, dice_response_handler_->GetPendingDiceTokenFetchersCountForTesting());
@@ -545,7 +550,7 @@ TEST_F(DiceResponseHandlerTest, SigninSignoutSecondaryAccount) {
   ASSERT_FALSE(token_service_.RefreshTokenIsAvailable(account_id_2));
   // Signout from one of the accounts while signin is in flight.
   dice_response_handler_->ProcessDiceHeader(
-      signout_params_1, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      signout_params_1, std::make_unique<TestProcessDiceHeaderObserver>(this));
   // Check that one of the fetchers is cancelled.
   EXPECT_EQ(
       1u, dice_response_handler_->GetPendingDiceTokenFetchersCountForTesting());
@@ -567,7 +572,7 @@ TEST_F(DiceResponseHandlerTest, FixAuthErrorSignedOut) {
       account_tracker_service_.PickAccountIdForAccount(
           dice_params.signin_info.gaia_id, dice_params.signin_info.email)));
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   // Check that a GaiaAuthFetcher has not been created.
   ASSERT_THAT(signin_client_.consumer_, testing::IsNull());
 }
@@ -587,7 +592,7 @@ TEST_F(DiceResponseHandlerTest, FixAuthErrorSignOutDuringRequest) {
   EXPECT_TRUE(signin_manager_.IsAuthenticated());
   // Start re-authentication on the web.
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   // Check that a GaiaAuthFetcher has been created.
   ASSERT_THAT(signin_client_.consumer_, testing::NotNull());
   // Sign out.
@@ -613,13 +618,13 @@ TEST_F(DiceResponseHandlerTest, FixAuthError) {
   EXPECT_TRUE(signin_manager_.IsAuthenticated());
   // Start re-authentication on the web.
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   // Check that a GaiaAuthFetcher has been created.
   ASSERT_THAT(signin_client_.consumer_, testing::NotNull());
   // We need to listen for new token notifications, since there is no way to
   // check the actual value of the token in the token service.
   std::unique_ptr<DiceTestTokenServiceObserver> token_service_observer =
-      base::MakeUnique<DiceTestTokenServiceObserver>(
+      std::make_unique<DiceTestTokenServiceObserver>(
           dice_params.signin_info.gaia_id);
   ScopedObserver<ProfileOAuth2TokenService, DiceTestTokenServiceObserver>
       scoped_token_service_observer(token_service_observer.get());
@@ -652,7 +657,7 @@ TEST_F(DiceResponseHandlerTest, FixAuthErroDoesNotSignout) {
   EXPECT_TRUE(signin_manager_.IsAuthenticated());
   // Receive signout response for the main account.
   dice_response_handler_->ProcessDiceHeader(
-      dice_params, base::MakeUnique<TestProcessDiceHeaderObserver>(this));
+      dice_params, std::make_unique<TestProcessDiceHeaderObserver>(this));
   // User is not signed out from Chrome.
   EXPECT_TRUE(token_service_.RefreshTokenIsAvailable(account_id));
   EXPECT_TRUE(signin_manager_.IsAuthenticated());

components/signin/core/browser/BUILD.gn

@@ -42,6 +42,8 @@ static_library("browser") {
     "account_investigator.h",
     "account_reconcilor.cc",
     "account_reconcilor.h",
+    "account_reconcilor_delegate.cc",
+    "account_reconcilor_delegate.h",
     "account_tracker_service.cc",
     "account_tracker_service.h",
     "child_account_info_fetcher.cc",
@@ -52,10 +54,14 @@ static_library("browser") {
     "child_account_info_fetcher_impl.h",
     "chrome_connected_header_helper.cc",
     "chrome_connected_header_helper.h",
+    "dice_account_reconcilor_delegate.cc",
+    "dice_account_reconcilor_delegate.h",
     "dice_header_helper.cc",
     "dice_header_helper.h",
     "gaia_cookie_manager_service.cc",
     "gaia_cookie_manager_service.h",
+    "mirror_account_reconcilor_delegate.cc",
+    "mirror_account_reconcilor_delegate.h",
     "profile_identity_provider.cc",
     "profile_identity_provider.h",
     "profile_management_switches.cc",
@@ -139,6 +145,8 @@ static_library("browser") {
 
   if (!enable_dice_support) {
     sources -= [
+      "dice_account_reconcilor_delegate.cc",
+      "dice_account_reconcilor_delegate.h",
       "dice_header_helper.cc",
       "dice_header_helper.h",
     ]
@@ -194,6 +202,7 @@ source_set("unit_tests") {
     "account_info_unittest.cc",
     "account_investigator_unittest.cc",
     "account_tracker_service_unittest.cc",
+    "dice_account_reconcilor_delegate_unittest.cc",
     "gaia_cookie_manager_service_unittest.cc",
     "profile_management_switches_unittest.cc",
     "refresh_token_annotation_request_unittest.cc",
@@ -222,6 +231,10 @@ source_set("unit_tests") {
       "signin_status_metrics_provider_unittest.cc",
     ]
   }
+
+  if (!enable_dice_support) {
+    sources -= [ "dice_account_reconcilor_delegate_unittest.cc" ]
+  }
 }
 
 if (is_android) {

components/signin/core/browser/account_reconcilor.cc

@@ -11,25 +11,19 @@
 #include <utility>
 
 #include "base/bind.h"
-#include "base/json/json_reader.h"
 #include "base/location.h"
 #include "base/logging.h"
-#include "base/metrics/histogram_macros.h"
 #include "base/single_thread_task_runner.h"
-#include "base/stl_util.h"
-#include "base/strings/string_number_conversions.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "base/time/time.h"
 #include "build/build_config.h"
-#include "components/pref_registry/pref_registry_syncable.h"
-#include "components/prefs/pref_service.h"
+#include "components/signin/core/browser/account_reconcilor_delegate.h"
 #include "components/signin/core/browser/profile_management_switches.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_client.h"
 #include "components/signin/core/browser/signin_features.h"
 #include "components/signin/core/browser/signin_metrics.h"
 #include "google_apis/gaia/gaia_auth_util.h"
-#include "google_apis/gaia/gaia_oauth_client.h"
 #include "google_apis/gaia/gaia_urls.h"
 
 namespace {
@@ -37,25 +31,6 @@ namespace {
 // String used for source parameter in GAIA cookie manager calls.
 const char kSource[] = "ChromiumAccountReconcilor";
 
-#if BUILDFLAG(ENABLE_DICE_SUPPORT)
-// Preference indicating that the Dice migration should happen at the next
-// Chrome startup.
-const char kDiceMigrationOnStartupPref[] =
-    "signin.AccountReconcilor.kDiceMigrationOnStartup";
-
-const char kDiceMigrationStatusHistogram[] = "Signin.DiceMigrationStatus";
-
-// Used for UMA histogram kDiceMigrationStatusHistogram.
-// Do not remove or re-order values.
-enum class DiceMigrationStatus {
-  kEnabled,
-  kDisabledReadyForMigration,
-  kDisabledNotReadyForMigration,
-
-  kDiceMigrationStatusCount
-};
-#endif
-
 class AccountEqualToFunc {
  public:
   explicit AccountEqualToFunc(const gaia::ListedAccount& account)
@@ -106,8 +81,9 @@ AccountReconcilor::AccountReconcilor(
     SigninManagerBase* signin_manager,
     SigninClient* client,
     GaiaCookieManagerService* cookie_manager_service,
-    bool is_new_profile)
-    : token_service_(token_service),
+    std::unique_ptr<signin::AccountReconcilorDelegate> delegate)
+    : delegate_(std::move(delegate)),
+      token_service_(token_service),
       signin_manager_(signin_manager),
       client_(client),
       cookie_manager_service_(cookie_manager_service),
@@ -122,25 +98,8 @@ AccountReconcilor::AccountReconcilor(
       account_reconcilor_lock_count_(0),
       reconcile_on_unblock_(false) {
   VLOG(1) << "AccountReconcilor::AccountReconcilor";
-#if BUILDFLAG(ENABLE_DICE_SUPPORT)
-  PrefService* prefs = client_->GetPrefs();
-  bool is_ready_for_dice = IsReadyForDiceMigration(is_new_profile);
-  if (is_ready_for_dice && signin::IsDiceMigrationEnabled()) {
-    DCHECK(prefs);
-    if (!signin::IsDiceEnabledForProfile(prefs))
-      VLOG(1) << "Profile is migrating to Dice";
-    signin::MigrateProfileToDice(prefs);
-    DCHECK(signin::IsDiceEnabledForProfile(prefs));
-  }
-  UMA_HISTOGRAM_ENUMERATION(
-      kDiceMigrationStatusHistogram,
-      signin::IsDiceEnabledForProfile(prefs)
-          ? DiceMigrationStatus::kEnabled
-          : (is_ready_for_dice
-                 ? DiceMigrationStatus::kDisabledReadyForMigration
-                 : DiceMigrationStatus::kDisabledNotReadyForMigration),
-      DiceMigrationStatus::kDiceMigrationStatusCount);
-#endif
+  DCHECK(delegate_);
+  delegate_->set_reconcilor(this);
 }
 
 AccountReconcilor::~AccountReconcilor() {
@@ -150,22 +109,10 @@ AccountReconcilor::~AccountReconcilor() {
   DCHECK(!registered_with_cookie_manager_service_);
 }
 
-// static
-void AccountReconcilor::RegisterProfilePrefs(
-    user_prefs::PrefRegistrySyncable* registry) {
-#if BUILDFLAG(ENABLE_DICE_SUPPORT)
-  registry->RegisterBooleanPref(kDiceMigrationOnStartupPref, false);
-#endif
-}
-
 void AccountReconcilor::Initialize(bool start_reconcile_if_tokens_available) {
   VLOG(1) << "AccountReconcilor::Initialize";
-  RegisterWithSigninManager();
-
-  if (IsEnabled()) {
-    RegisterWithCookieManagerService();
-    RegisterWithContentSettings();
-    RegisterWithTokenService();
+  if (delegate_->IsReconcileEnabled()) {
+    EnableReconcile();
 
     // Start a reconcile if the tokens are already loaded.
     if (start_reconcile_if_tokens_available && IsTokenServiceReady())
@@ -173,31 +120,27 @@ void AccountReconcilor::Initialize(bool start_reconcile_if_tokens_available) {
   }
 }
 
-void AccountReconcilor::Shutdown() {
-  VLOG(1) << "AccountReconcilor::Shutdown";
+void AccountReconcilor::EnableReconcile() {
+  DCHECK(delegate_->IsReconcileEnabled());
+  RegisterWithCookieManagerService();
+  RegisterWithContentSettings();
+  RegisterWithTokenService();
+}
+
+void AccountReconcilor::DisableReconcile(bool logout_all_accounts) {
+  AbortReconcile();
   UnregisterWithCookieManagerService();
   UnregisterWithTokenService();
   UnregisterWithContentSettings();
-  UnregisterWithSigninManager();
-}
 
-void AccountReconcilor::RegisterWithSigninManager() {
-  if (signin::IsDicePrepareMigrationEnabled()) {
-    // Reconcilor is always turned on when DICE is enabled. It does not need to
-    // observe the SigninManager events.
-    return;
-  }
-
-  VLOG(1) << "AccountReconcilor::RegisterWithSigninManager";
-  signin_manager_->AddObserver(this);
+  if (logout_all_accounts)
+    PerformLogoutAllAccountsAction();
 }
 
-void AccountReconcilor::UnregisterWithSigninManager() {
-  if (signin::IsDicePrepareMigrationEnabled())
-    return;
-
-  VLOG(1) << "AccountReconcilor::UnregisterWithSigninManager";
-  signin_manager_->RemoveObserver(this);
+void AccountReconcilor::Shutdown() {
+  VLOG(1) << "AccountReconcilor::Shutdown";
+  DisableReconcile(false /* logout_all_accounts */);
+  delegate_.reset();
 }
 
 void AccountReconcilor::RegisterWithContentSettings() {
@@ -263,11 +206,6 @@ void AccountReconcilor::UnregisterWithCookieManagerService() {
   registered_with_cookie_manager_service_ = false;
 }
 
-bool AccountReconcilor::IsEnabled() {
-  return signin_manager_->IsAuthenticated() ||
-         signin::IsDicePrepareMigrationEnabled();
-}
-
 signin_metrics::AccountReconcilorState AccountReconcilor::GetState() {
   if (!is_reconcile_started_) {
     return error_during_last_reconcile_
@@ -319,34 +257,9 @@ void AccountReconcilor::OnRefreshTokensLoaded() {
   StartReconcile();
 }
 
-void AccountReconcilor::GoogleSigninSucceeded(const std::string& account_id,
-                                              const std::string& username) {
-  DCHECK(!signin::IsDicePrepareMigrationEnabled());
-  VLOG(1) << "AccountReconcilor::GoogleSigninSucceeded: signed in";
-  RegisterWithCookieManagerService();
-  RegisterWithContentSettings();
-  RegisterWithTokenService();
-}
-
-void AccountReconcilor::GoogleSignedOut(const std::string& account_id,
-                                        const std::string& username) {
-  DCHECK(!signin::IsDicePrepareMigrationEnabled());
-  VLOG(1) << "AccountReconcilor::GoogleSignedOut: signed out";
-  AbortReconcile();
-  UnregisterWithCookieManagerService();
-  UnregisterWithTokenService();
-  UnregisterWithContentSettings();
-  PerformLogoutAllAccountsAction();
-}
-
-bool AccountReconcilor::IsAccountConsistencyEnforced() {
-  return signin::IsAccountConsistencyMirrorEnabled() ||
-         signin::IsDiceEnabledForProfile(client_->GetPrefs());
-}
-
 void AccountReconcilor::PerformMergeAction(const std::string& account_id) {
   reconcile_is_noop_ = false;
-  if (!IsAccountConsistencyEnforced()) {
+  if (!delegate_->IsAccountConsistencyEnforced()) {
     MarkAccountAsAddedToCookie(account_id);
     return;
   }
@@ -356,7 +269,7 @@ void AccountReconcilor::PerformMergeAction(const std::string& account_id) {
 
 void AccountReconcilor::PerformLogoutAllAccountsAction() {
   reconcile_is_noop_ = false;
-  if (!IsAccountConsistencyEnforced())
+  if (!delegate_->IsAccountConsistencyEnforced())
     return;
   VLOG(1) << "AccountReconcilor::PerformLogoutAllAccountsAction";
   cookie_manager_service_->LogOutAllAccounts(kSource);
@@ -374,8 +287,7 @@ void AccountReconcilor::StartReconcile() {
     return;
   }
 
-
-  if (!IsEnabled() || !client_->AreSigninCookiesAllowed()) {
+  if (!delegate_->IsReconcileEnabled() || !client_->AreSigninCookiesAllowed()) {
     VLOG(1) << "AccountReconcilor::StartReconcile: !enabled or no cookies";
     return;
   }
@@ -392,13 +304,15 @@ void AccountReconcilor::StartReconcile() {
     observer.OnStartReconcile();
 
   // Reset state for validating oauth2 tokens.
-  primary_account_.clear();
-  chrome_accounts_.clear();
   add_to_cookie_.clear();
-  ValidateAccountsFromTokenService();
-
-  if (primary_account_.empty() && !signin::IsDicePrepareMigrationEnabled()) {
-    VLOG(1) << "AccountReconcilor::StartReconcile: primary has error";
+  bool is_primary_account_valid = false;
+  chrome_accounts_ = LoadValidAccountsFromTokenService(
+      &primary_account_, &is_primary_account_valid);
+  if (!is_primary_account_valid &&
+      delegate_->ShouldAbortReconcileIfPrimaryHasError()) {
+    VLOG(1) << "AccountReconcilor::StartReconcile: primary has error, abort.";
+    primary_account_.clear();
+    chrome_accounts_.clear();
     return;
   }
 
@@ -445,51 +359,38 @@ void AccountReconcilor::OnGaiaAccountsInCookieUpdated(
   }
 }
 
-void AccountReconcilor::ValidateAccountsFromTokenService() {
-  primary_account_ = signin_manager_->GetAuthenticatedAccountId();
-  DCHECK(signin::IsDicePrepareMigrationEnabled() || !primary_account_.empty());
-
-  chrome_accounts_ = token_service_->GetAccounts();
+std::vector<std::string> AccountReconcilor::LoadValidAccountsFromTokenService(
+    std::string* out_primary_account,
+    bool* out_is_primary_account_valid) const {
+  DCHECK(out_primary_account);
+  DCHECK(out_is_primary_account_valid);
+  *out_primary_account = signin_manager_->GetAuthenticatedAccountId();
+  std::vector<std::string> chrome_accounts = token_service_->GetAccounts();
+  *out_is_primary_account_valid = true;
 
   // Remove any accounts that have an error.  There is no point in trying to
   // reconcile them, since it won't work anyway.  If the list ends up being
   // empty, or if the primary account is in error, then don't reconcile any
   // accounts.
-  for (auto i = chrome_accounts_.begin(); i != chrome_accounts_.end(); ++i) {
+  for (auto i = chrome_accounts.begin(); i != chrome_accounts.end(); ++i) {
     if (token_service_->GetDelegate()->RefreshTokenHasError(*i)) {
-      if ((primary_account_ == *i) &&
-          !signin::IsDicePrepareMigrationEnabled()) {
-        primary_account_.clear();
-        chrome_accounts_.clear();
-        break;
-      } else {
-        VLOG(1) << "AccountReconcilor::ValidateAccountsFromTokenService: "
-                << *i << " has error, won't reconcile";
-        i->clear();
-      }
+      if (*out_primary_account == *i)
+        *out_is_primary_account_valid = false;
+      VLOG(1) << "AccountReconcilor::ValidateAccountsFromTokenService: " << *i
+              << " has error, won't reconcile";
+      i->clear();
     }
   }
-  chrome_accounts_.erase(std::remove(chrome_accounts_.begin(),
-                                     chrome_accounts_.end(),
-                                     std::string()),
-                         chrome_accounts_.end());
+
+  chrome_accounts.erase(std::remove(chrome_accounts.begin(),
+                                    chrome_accounts.end(), std::string()),
+                        chrome_accounts.end());
 
   VLOG(1) << "AccountReconcilor::ValidateAccountsFromTokenService: "
-          << "Chrome " << chrome_accounts_.size() << " accounts, "
-          << "Primary is '" << primary_account_ << "'";
-}
-
-void AccountReconcilor::OnNewProfileManagementFlagChanged(
-    bool new_flag_status) {
-  if (new_flag_status) {
-    // The reconciler may have been newly created just before this call, or may
-    // have already existed and in mid-reconcile. To err on the safe side, force
-    // a restart.
-    Shutdown();
-    Initialize(true);
-  } else {
-    Shutdown();
-  }
+          << "Chrome " << chrome_accounts.size() << " accounts, "
+          << "Primary is '" << *out_primary_account << "'";
+
+  return chrome_accounts;
 }
 
 void AccountReconcilor::OnReceivedManageAccountsResponse(
@@ -499,90 +400,12 @@ void AccountReconcilor::OnReceivedManageAccountsResponse(
   }
 }
 
-// There are several cases, depending on the account consistency method and
-// whether this is the first execution. The logic can be summarized below:
-// * With Mirror, always use the primary account as first Gaia account.
-// * With Dice,
-//   - On first execution, the candidates are examined in this order:
-//     1. The primary account
-//     2. The current first Gaia account
-//     3. The last known first Gaia account
-//     4. The first account in the token service
-//   - On subsequent executions, the order is:
-//     1. The current first Gaia account
-//     2. The primary account
-//     3. The last known first Gaia account
-//     4. The first account in the token service
-std::string AccountReconcilor::GetFirstGaiaAccountForReconcile(
-    const std::vector<gaia::ListedAccount>& gaia_accounts) const {
-  if (!signin::IsDicePrepareMigrationEnabled()) {
-    // Mirror only uses the primary account, and it is never empty.
-    DCHECK(!primary_account_.empty());
-    DCHECK(base::ContainsValue(chrome_accounts_, primary_account_));
-    return primary_account_;
-  }
-
-  DCHECK(signin::IsDicePrepareMigrationEnabled());
-  if (chrome_accounts_.empty())
-    return std::string();  // No Chrome account, log out.
-
-  bool valid_primary_account =
-      !primary_account_.empty() &&
-      base::ContainsValue(chrome_accounts_, primary_account_);
-
-  if (gaia_accounts.empty()) {
-    if (valid_primary_account)
-      return primary_account_;
-
-    // Try the last known account. This happens when the cookies are cleared
-    // while Sync is disabled.
-    if (base::ContainsValue(chrome_accounts_, last_known_first_account_))
-      return last_known_first_account_;
-
-    // As a last resort, use the first Chrome account.
-    return chrome_accounts_[0];
-  }
-
-  const std::string& first_gaia_account = gaia_accounts[0].id;
-  bool first_gaia_account_is_valid =
-      gaia_accounts[0].valid &&
-      base::ContainsValue(chrome_accounts_, first_gaia_account);
-
-  if (!first_gaia_account_is_valid &&
-      (primary_account_ == first_gaia_account)) {
-    // The primary account is also the first Gaia account, and is invalid.
-    // Logout everything.
-    return std::string();
-  }
-
-  if (first_execution_) {
-    // On first execution, try the primary account, and then the first Gaia
-    // account.
-    if (valid_primary_account)
-      return primary_account_;
-    if (first_gaia_account_is_valid)
-      return first_gaia_account;
-    // As a last resort, use the first Chrome account.
-    return chrome_accounts_[0];
-  }
-
-  // While Chrome is running, try the first Gaia account, and then the
-  // primary account.
-  if (first_gaia_account_is_valid)
-    return first_gaia_account;
-  if (valid_primary_account)
-    return primary_account_;
-
-  // Changing the first Gaia account while Chrome is running would be
-  // confusing for the user. Logout everything.
-  return std::string();
-}
-
 void AccountReconcilor::FinishReconcile(
     std::vector<gaia::ListedAccount>&& gaia_accounts) {
   VLOG(1) << "AccountReconcilor::FinishReconcile";
   DCHECK(add_to_cookie_.empty());
-  std::string first_account = GetFirstGaiaAccountForReconcile(gaia_accounts);
+  std::string first_account = delegate_->GetFirstGaiaAccountForReconcile(
+      chrome_accounts_, gaia_accounts, primary_account_, first_execution_);
   // |first_account| must be in |chrome_accounts_|.
   DCHECK(first_account.empty() ||
          (std::find(chrome_accounts_.begin(), chrome_accounts_.end(),
@@ -616,7 +439,7 @@ void AccountReconcilor::FinishReconcile(
   }
 
   if (first_account.empty()) {
-    DCHECK(signin::IsDicePrepareMigrationEnabled());
+    DCHECK(!delegate_->ShouldAbortReconcileIfPrimaryHasError());
     // Gaia cookie has been cleared or was already empty.
     DCHECK((first_account_mismatch && rebuild_cookie) ||
            (number_gaia_accounts == 0));
@@ -659,13 +482,8 @@ void AccountReconcilor::FinishReconcile(
       !first_account_mismatch, first_execution_, number_gaia_accounts);
   first_execution_ = false;
   CalculateIfReconcileIsDone();
-  if (!is_reconcile_started_) {
-    last_known_first_account_ = first_account;
-
-    // Migration happens on startup if the last reconcile was a no-op.
-    if (signin::IsDicePrepareMigrationEnabled())
-      SetDiceMigrationOnStartup(client_->GetPrefs(), reconcile_is_noop_);
-  }
+  if (!is_reconcile_started_)
+    delegate_->OnReconcileFinished(first_account, reconcile_is_noop_);
   ScheduleStartReconcileIfChromeAccountsChanged();
 }
 
@@ -706,7 +524,7 @@ void AccountReconcilor::RevokeAllSecondaryTokens() {
   for (const std::string& account : chrome_accounts_) {
     if (account != primary_account_) {
       reconcile_is_noop_ = false;
-      if (IsAccountConsistencyEnforced()) {
+      if (delegate_->IsAccountConsistencyEnforced()) {
         VLOG(1) << "Revoking token for " << account;
         token_service_->RevokeCredentials(account);
       }
@@ -796,21 +614,3 @@ void AccountReconcilor::UnblockReconcile() {
     StartReconcile();
   }
 }
-
-bool AccountReconcilor::IsReadyForDiceMigration(bool is_new_profile) {
-#if BUILDFLAG(ENABLE_DICE_SUPPORT)
-  return is_new_profile ||
-         client_->GetPrefs()->GetBoolean(kDiceMigrationOnStartupPref);
-#else
-  return false;
-#endif
-}
-
-// static
-void AccountReconcilor::SetDiceMigrationOnStartup(PrefService* prefs,
-                                                  bool migrate) {
-#if BUILDFLAG(ENABLE_DICE_SUPPORT)
-  VLOG(1) << "Dice migration on next startup: " << migrate;
-  prefs->SetBoolean(kDiceMigrationOnStartupPref, migrate);
-#endif
-}

components/signin/core/browser/account_reconcilor.h

@@ -4,11 +4,8 @@
 #ifndef COMPONENTS_SIGNIN_CORE_BROWSER_ACCOUNT_RECONCILOR_H_
 #define COMPONENTS_SIGNIN_CORE_BROWSER_ACCOUNT_RECONCILOR_H_
 
-#include <functional>
 #include <memory>
-#include <set>
 #include <string>
-#include <utility>
 #include <vector>
 
 #include "base/callback_forward.h"
@@ -29,18 +26,17 @@
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "google_apis/gaia/oauth2_token_service.h"
 
+namespace signin {
+class AccountReconcilorDelegate;
+}
+
 class ProfileOAuth2TokenService;
 class SigninClient;
 
-namespace user_prefs {
-class PrefRegistrySyncable;
-}
-
 class AccountReconcilor : public KeyedService,
                           public content_settings::Observer,
                           public GaiaCookieManagerService::Observer,
-                          public OAuth2TokenService::Observer,
-                          public SigninManagerBase::Observer {
+                          public OAuth2TokenService::Observer {
  public:
   // When an instance of this class exists, the account reconcilor is suspended.
   // It will automatically restart when all instances of Lock have been
@@ -78,21 +74,21 @@ class AccountReconcilor : public KeyedService,
     virtual void OnUnblockReconcile() {}
   };
 
-  AccountReconcilor(ProfileOAuth2TokenService* token_service,
-                    SigninManagerBase* signin_manager,
-                    SigninClient* client,
-                    GaiaCookieManagerService* cookie_manager_service,
-                    bool is_new_profile);
+  AccountReconcilor(
+      ProfileOAuth2TokenService* token_service,
+      SigninManagerBase* signin_manager,
+      SigninClient* client,
+      GaiaCookieManagerService* cookie_manager_service,
+      std::unique_ptr<signin::AccountReconcilorDelegate> delegate);
   ~AccountReconcilor() override;
 
-  static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
-
+  // Initializes the account reconcilor. Should be called once after
+  // construction.
   void Initialize(bool start_reconcile_if_tokens_available);
 
-  // Signal that the status of the new_profile_management flag has changed.
-  // Pass the new status as an explicit parameter since disabling the flag
-  // doesn't remove it from the CommandLine::ForCurrentProcess().
-  void OnNewProfileManagementFlagChanged(bool new_flag_status);
+  // Enables and disables the reconciliation.
+  void EnableReconcile();
+  void DisableReconcile(bool logout_all_gaia_accounts);
 
   // Signal that an X-Chrome-Manage-Accounts was received from GAIA. Pass the
   // ServiceType specified by GAIA in the 204 response.
@@ -161,7 +157,6 @@ class AccountReconcilor : public KeyedService,
                            AddAccountToCookieCompletedWithBogusAccount);
   FRIEND_TEST_ALL_PREFIXES(AccountReconcilorTest, NoLoopWithBadPrimary);
   FRIEND_TEST_ALL_PREFIXES(AccountReconcilorTest, WontMergeAccountsWithError);
-  FRIEND_TEST_ALL_PREFIXES(AccountReconcilorMigrationTest, MigrateAtCreation);
 
   bool IsRegisteredWithTokenService() const {
     return registered_with_token_service_;
@@ -177,13 +172,6 @@ class AccountReconcilor : public KeyedService,
   void RegisterWithContentSettings();
   void UnregisterWithContentSettings();
 
-  // The reconcilor is enabled if Sync or Dice is enabled.
-  bool IsEnabled();
-  // Returns true if account consistency is enforced (Mirror or Dice).
-  // If this is false, reconcile is done, but its results are discarded and no
-  // changes to the accounts are made.
-  bool IsAccountConsistencyEnforced();
-
   // All actions with side effects, only doing meaningful work if account
   // consistency is enabled. Virtual so that they can be overridden in tests.
   virtual void PerformMergeAction(const std::string& account_id);
@@ -199,20 +187,18 @@ class AccountReconcilor : public KeyedService,
   // Revokes tokens for all accounts in chrome_accounts_ but primary_account_.
   void RevokeAllSecondaryTokens();
 
-  void ValidateAccountsFromTokenService();
+  // Returns the list of valid accounts from the TokenService.
+  // The primary account is returned in |out_primary_account| if any.
+  std::vector<std::string> LoadValidAccountsFromTokenService(
+      std::string* out_primary_account,
+      bool* out_is_primary_account_valid) const;
+
   // Note internally that this |account_id| is added to the cookie jar.
   bool MarkAccountAsAddedToCookie(const std::string& account_id);
 
   // The reconcilor only starts when the token service is ready.
   bool IsTokenServiceReady();
 
-  // Returns the first account to add in the Gaia cookie.
-  // If this returns an empty string, the user must be logged out of all
-  // accounts.
-  // |gaia_accounts| are the current accounts in the Gaia cookie.
-  std::string GetFirstGaiaAccountForReconcile(
-      const std::vector<gaia::ListedAccount>& gaia_accounts) const;
-
   // Overriden from content_settings::Observer.
   void OnContentSettingChanged(
       const ContentSettingsPattern& primary_pattern,
@@ -233,12 +219,6 @@ class AccountReconcilor : public KeyedService,
   void OnEndBatchChanges() override;
   void OnRefreshTokensLoaded() override;
 
-  // Overriden from SigninManagerBase::Observer.
-  void GoogleSigninSucceeded(const std::string& account_id,
-                             const std::string& username) override;
-  void GoogleSignedOut(const std::string& account_id,
-                       const std::string& username) override;
-
   // Lock related methods.
   void IncrementLockCount();
   void DecrementLockCount();
@@ -246,11 +226,7 @@ class AccountReconcilor : public KeyedService,
   void UnblockReconcile();
   bool IsReconcileBlocked() const;
 
-  // Dice migration methods:
-  // Returns true if migration can happen on the next startup.
-  bool IsReadyForDiceMigration(bool is_new_profile);
-  // Schedules migration to happen at next startup.
-  static void SetDiceMigrationOnStartup(PrefService* prefs, bool migrate);
+  std::unique_ptr<signin::AccountReconcilorDelegate> delegate_;
 
   // The ProfileOAuth2TokenService associated with this reconcilor.
   ProfileOAuth2TokenService* token_service_;
@@ -289,8 +265,6 @@ class AccountReconcilor : public KeyedService,
   std::vector<std::string> chrome_accounts_;
   std::vector<std::string> add_to_cookie_;
   bool chrome_accounts_changed_;
-  // Last known "first account". Used when cookies are lost as a best guess.
-  std::string last_known_first_account_;
 
   // Used for the Lock.
   // StartReconcile() is blocked while this is > 0.

components/signin/core/browser/account_reconcilor_delegate.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/signin/core/browser/account_reconcilor_delegate.h"
+
+namespace signin {
+
+bool AccountReconcilorDelegate::IsReconcileEnabled() const {
+  return false;
+}
+
+bool AccountReconcilorDelegate::IsAccountConsistencyEnforced() const {
+  return false;
+}
+
+bool AccountReconcilorDelegate::ShouldAbortReconcileIfPrimaryHasError() const {
+  return false;
+}
+
+std::string AccountReconcilorDelegate::GetFirstGaiaAccountForReconcile(
+    const std::vector<std::string>& chrome_accounts,
+    const std::vector<gaia::ListedAccount>& gaia_accounts,
+    const std::string& primary_account,
+    bool first_execution) const {
+  return std::string();
+}
+
+}  // namespace signin

components/signin/core/browser/account_reconcilor_delegate.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_SIGNIN_CORE_BROWSER_ACCOUNT_RECONCILOR_DELEGATE_H_
+#define COMPONENTS_SIGNIN_CORE_BROWSER_ACCOUNT_RECONCILOR_DELEGATE_H_
+
+#include <string>
+#include <vector>
+
+#include "google_apis/gaia/gaia_auth_util.h"
+
+class AccountReconcilor;
+
+namespace signin {
+
+// Base class for AccountReconcilorDelegate.
+class AccountReconcilorDelegate {
+ public:
+  virtual ~AccountReconcilorDelegate() {}
+
+  // Returns true if the reconcilor should reconcile the profile. Defaults to
+  // false.
+  virtual bool IsReconcileEnabled() const;
+
+  // Returns true if account consistency is enforced (Mirror or Dice).
+  // If this is false, reconcile is done, but its results are discarded and no
+  // changes to the accounts are made. Defaults to false.
+  virtual bool IsAccountConsistencyEnforced() const;
+
+  // Returns true if Reconcile should be aborted when the primary account is in
+  // error state. Defaults to false.
+  virtual bool ShouldAbortReconcileIfPrimaryHasError() const;
+
+  // Returns the first account to add in the Gaia cookie.
+  // If this returns an empty string, the user must be logged out of all
+  // accounts.
+  virtual std::string GetFirstGaiaAccountForReconcile(
+      const std::vector<std::string>& chrome_accounts,
+      const std::vector<gaia::ListedAccount>& gaia_accounts,
+      const std::string& primary_account,
+      bool first_execution) const;
+
+  // Called when reconcile is finished.
+  virtual void OnReconcileFinished(const std::string& first_account,
+                                   bool reconcile_is_noop) {}
+
+  void set_reconcilor(AccountReconcilor* reconcilor) {
+    reconcilor_ = reconcilor;
+  }
+  AccountReconcilor* reconcilor() { return reconcilor_; }
+
+ private:
+  AccountReconcilor* reconcilor_;
+};
+
+}  // namespace signin
+
+#endif  // COMPONENTS_SIGNIN_CORE_BROWSER_ACCOUNT_RECONCILOR_DELEGATE_H_

components/signin/core/browser/dice_account_reconcilor_delegate.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/signin/core/browser/dice_account_reconcilor_delegate.h"
+
+#include <vector>
+
+#include "base/logging.h"
+#include "base/metrics/histogram_macros.h"
+#include "base/stl_util.h"
+#include "components/pref_registry/pref_registry_syncable.h"
+#include "components/prefs/pref_service.h"
+#include "components/signin/core/browser/profile_management_switches.h"
+
+namespace signin {
+
+namespace {
+
+// Preference indicating that the Dice migration should happen at the next
+// Chrome startup.
+const char kDiceMigrationOnStartupPref[] =
+    "signin.AccountReconcilor.kDiceMigrationOnStartup";
+
+const char kDiceMigrationStatusHistogram[] = "Signin.DiceMigrationStatus";
+
+// Used for UMA histogram kDiceMigrationStatusHistogram.
+// Do not remove or re-order values.
+enum class DiceMigrationStatus {
+  kEnabled,
+  kDisabledReadyForMigration,
+  kDisabledNotReadyForMigration,
+
+  // This is the last value. New values should be inserted above.
+  kDiceMigrationStatusCount
+};
+
+}  // namespace
+
+DiceAccountReconcilorDelegate::DiceAccountReconcilorDelegate(
+    PrefService* user_prefs,
+    bool is_new_profile)
+    : user_prefs_(user_prefs) {
+  DCHECK(user_prefs_);
+  bool is_ready_for_dice = IsReadyForDiceMigration(is_new_profile);
+  if (is_ready_for_dice && IsDiceMigrationEnabled()) {
+    if (!IsDiceEnabledForProfile(user_prefs_))
+      VLOG(1) << "Profile is migrating to Dice";
+    MigrateProfileToDice(user_prefs_);
+    DCHECK(IsDiceEnabledForProfile(user_prefs_));
+  }
+  UMA_HISTOGRAM_ENUMERATION(
+      kDiceMigrationStatusHistogram,
+      IsDiceEnabledForProfile(user_prefs_)
+          ? DiceMigrationStatus::kEnabled
+          : (is_ready_for_dice
+                 ? DiceMigrationStatus::kDisabledReadyForMigration
+                 : DiceMigrationStatus::kDisabledNotReadyForMigration),
+      DiceMigrationStatus::kDiceMigrationStatusCount);
+}
+
+// static
+void DiceAccountReconcilorDelegate::RegisterProfilePrefs(
+    user_prefs::PrefRegistrySyncable* registry) {
+  registry->RegisterBooleanPref(kDiceMigrationOnStartupPref, false);
+}
+
+// static
+void DiceAccountReconcilorDelegate::SetDiceMigrationOnStartup(
+    PrefService* prefs,
+    bool migrate) {
+  VLOG(1) << "Dice migration on next startup: " << migrate;
+  prefs->SetBoolean(kDiceMigrationOnStartupPref, migrate);
+}
+
+bool DiceAccountReconcilorDelegate::IsReadyForDiceMigration(
+    bool is_new_profile) {
+  return is_new_profile || user_prefs_->GetBoolean(kDiceMigrationOnStartupPref);
+}
+
+bool DiceAccountReconcilorDelegate::IsReconcileEnabled() const {
+  return IsDicePrepareMigrationEnabled();
+}
+
+bool DiceAccountReconcilorDelegate::IsAccountConsistencyEnforced() const {
+  return IsDiceEnabledForProfile(user_prefs_);
+}
+
+// - On first execution, the candidates are examined in this order:
+//   1. The primary account
+//   2. The current first Gaia account
+//   3. The last known first Gaia account
+//   4. The first account in the token service
+// - On subsequent executions, the order is:
+//   1. The current first Gaia account
+//   2. The primary account
+//   3. The last known first Gaia account
+//   4. The first account in the token service
+std::string DiceAccountReconcilorDelegate::GetFirstGaiaAccountForReconcile(
+    const std::vector<std::string>& chrome_accounts,
+    const std::vector<gaia::ListedAccount>& gaia_accounts,
+    const std::string& primary_account,
+    bool first_execution) const {
+  if (chrome_accounts.empty())
+    return std::string();  // No Chrome account, log out.
+
+  bool valid_primary_account =
+      !primary_account.empty() &&
+      base::ContainsValue(chrome_accounts, primary_account);
+
+  if (gaia_accounts.empty()) {
+    if (valid_primary_account)
+      return primary_account;
+
+    // Try the last known account. This happens when the cookies are cleared
+    // while Sync is disabled.
+    if (base::ContainsValue(chrome_accounts, last_known_first_account_))
+      return last_known_first_account_;
+
+    // As a last resort, use the first Chrome account.
+    return chrome_accounts[0];
+  }
+
+  const std::string& first_gaia_account = gaia_accounts[0].id;
+  bool first_gaia_account_is_valid =
+      gaia_accounts[0].valid &&
+      base::ContainsValue(chrome_accounts, first_gaia_account);
+
+  if (!first_gaia_account_is_valid && (primary_account == first_gaia_account)) {
+    // The primary account is also the first Gaia account, and is invalid.
+    // Logout everything.
+    return std::string();
+  }
+
+  if (first_execution) {
+    // On first execution, try the primary account, and then the first Gaia
+    // account.
+    if (valid_primary_account)
+      return primary_account;
+    if (first_gaia_account_is_valid)
+      return first_gaia_account;
+    // As a last resort, use the first Chrome account.
+    return chrome_accounts[0];
+  }
+
+  // While Chrome is running, try the first Gaia account, and then the
+  // primary account.
+  if (first_gaia_account_is_valid)
+    return first_gaia_account;
+  if (valid_primary_account)
+    return primary_account;
+
+  // Changing the first Gaia account while Chrome is running would be
+  // confusing for the user. Logout everything.
+  return std::string();
+}
+
+void DiceAccountReconcilorDelegate::OnReconcileFinished(
+    const std::string& first_account,
+    bool reconcile_is_noop) {
+  last_known_first_account_ = first_account;
+
+  // Migration happens on startup if the last reconcile was a no-op.
+  if (IsDicePrepareMigrationEnabled())
+    SetDiceMigrationOnStartup(user_prefs_, reconcile_is_noop);
+}
+
+}  // namespace signin

components/signin/core/browser/dice_account_reconcilor_delegate.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_SIGNIN_CORE_BROWSER_DICE_ACCOUNT_RECONCILOR_DELEGATE_H_
+#define COMPONENTS_SIGNIN_CORE_BROWSER_DICE_ACCOUNT_RECONCILOR_DELEGATE_H_
+
+#include <string>
+
+#include "base/macros.h"
+#include "components/signin/core/browser/account_reconcilor_delegate.h"
+
+namespace user_prefs {
+class PrefRegistrySyncable;
+}
+
+class PrefService;
+
+namespace signin {
+
+// AccountReconcilorDelegate specialized for Dice.
+class DiceAccountReconcilorDelegate : public AccountReconcilorDelegate {
+ public:
+  DiceAccountReconcilorDelegate(PrefService* user_prefs, bool is_new_profile);
+  ~DiceAccountReconcilorDelegate() override {}
+
+  static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
+
+  // Dice migration methods, public for testing:
+  // Schedules migration to happen at next startup.
+  static void SetDiceMigrationOnStartup(PrefService* prefs, bool migrate);
+  // Returns true if migration can happen on the next startup.
+  bool IsReadyForDiceMigration(bool is_new_profile);
+
+  // AccountReconcilorDelegate:
+  bool IsReconcileEnabled() const override;
+  bool IsAccountConsistencyEnforced() const override;
+  std::string GetFirstGaiaAccountForReconcile(
+      const std::vector<std::string>& chrome_accounts,
+      const std::vector<gaia::ListedAccount>& gaia_accounts,
+      const std::string& primary_account,
+      bool first_execution) const override;
+  void OnReconcileFinished(const std::string& first_account,
+                           bool reconcile_is_noop) override;
+
+ private:
+  PrefService* user_prefs_;
+
+  // Last known "first account". Used when cookies are lost as a best guess.
+  std::string last_known_first_account_;
+
+  DISALLOW_COPY_AND_ASSIGN(DiceAccountReconcilorDelegate);
+};
+
+}  // namespace signin
+
+#endif  // COMPONENTS_SIGNIN_CORE_BROWSER_DICE_ACCOUNT_RECONCILOR_DELEGATE_H_

components/signin/core/browser/dice_account_reconcilor_delegate_unittest.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/signin/core/browser/dice_account_reconcilor_delegate.h"
+
+#include "components/signin/core/browser/profile_management_switches.h"
+#include "components/signin/core/browser/scoped_account_consistency.h"
+#include "components/sync_preferences/testing_pref_service_syncable.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+// Checks that Dice migration happens when the reconcilor is created.
+TEST(DiceAccountReconcilorDelegateTest, MigrateAtCreation) {
+  sync_preferences::TestingPrefServiceSyncable pref_service;
+  signin::DiceAccountReconcilorDelegate::RegisterProfilePrefs(
+      pref_service.registry());
+  signin::RegisterAccountConsistencyProfilePrefs(pref_service.registry());
+
+  {
+    // Migration does not happen if SetDiceMigrationOnStartup() is not called.
+    signin::ScopedAccountConsistencyDiceMigration scoped_dice_migration;
+    EXPECT_FALSE(signin::IsDiceEnabledForProfile(&pref_service));
+    signin::DiceAccountReconcilorDelegate delegate(&pref_service, false);
+    EXPECT_FALSE(delegate.IsReadyForDiceMigration(false /* is_new_profile */));
+    EXPECT_FALSE(signin::IsDiceEnabledForProfile(&pref_service));
+  }
+
+  signin::DiceAccountReconcilorDelegate::SetDiceMigrationOnStartup(
+      &pref_service, true);
+
+  {
+    // Migration does not happen if Dice is not enabled.
+    signin::ScopedAccountConsistencyDiceFixAuthErrors scoped_dice_fix_errors;
+    EXPECT_FALSE(signin::IsDiceEnabledForProfile(&pref_service));
+    signin::DiceAccountReconcilorDelegate delegate(&pref_service, false);
+    EXPECT_TRUE(delegate.IsReadyForDiceMigration(false /* is_new_profile */));
+    EXPECT_FALSE(signin::IsDiceEnabledForProfile(&pref_service));
+  }
+
+  {
+    // Migration happens.
+    signin::ScopedAccountConsistencyDiceMigration scoped_dice_migration;
+    EXPECT_FALSE(signin::IsDiceEnabledForProfile(&pref_service));
+    signin::DiceAccountReconcilorDelegate delegate(&pref_service, false);
+    EXPECT_TRUE(delegate.IsReadyForDiceMigration(false /* is_new_profile */));
+    EXPECT_TRUE(signin::IsDiceEnabledForProfile(&pref_service));
+  }
+}
+
+// Checks that new profiles are migrated at creation.
+TEST(DiceAccountReconcilorDelegateTest, NewProfile) {
+  signin::ScopedAccountConsistencyDiceMigration scoped_dice_migration;
+  sync_preferences::TestingPrefServiceSyncable pref_service;
+  signin::DiceAccountReconcilorDelegate::RegisterProfilePrefs(
+      pref_service.registry());
+  signin::RegisterAccountConsistencyProfilePrefs(pref_service.registry());
+  EXPECT_FALSE(signin::IsDiceEnabledForProfile(&pref_service));
+  signin::DiceAccountReconcilorDelegate delegate(&pref_service, true);
+  EXPECT_TRUE(signin::IsDiceEnabledForProfile(&pref_service));
+}

components/signin/core/browser/mirror_account_reconcilor_delegate.cc

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/signin/core/browser/mirror_account_reconcilor_delegate.h"
+
+#include "base/logging.h"
+#include "components/signin/core/browser/account_reconcilor.h"
+
+namespace signin {
+
+MirrorAccountReconcilorDelegate::MirrorAccountReconcilorDelegate(
+    SigninManagerBase* signin_manager)
+    : signin_manager_(signin_manager) {
+  DCHECK(signin_manager_);
+  signin_manager_->AddObserver(this);
+}
+
+MirrorAccountReconcilorDelegate::~MirrorAccountReconcilorDelegate() {
+  signin_manager_->RemoveObserver(this);
+}
+
+bool MirrorAccountReconcilorDelegate::IsReconcileEnabled() const {
+  return signin_manager_->IsAuthenticated();
+}
+
+bool MirrorAccountReconcilorDelegate::IsAccountConsistencyEnforced() const {
+  return true;
+}
+
+bool MirrorAccountReconcilorDelegate::ShouldAbortReconcileIfPrimaryHasError()
+    const {
+  return true;
+}
+
+std::string MirrorAccountReconcilorDelegate::GetFirstGaiaAccountForReconcile(
+    const std::vector<std::string>& chrome_accounts,
+    const std::vector<gaia::ListedAccount>& gaia_accounts,
+    const std::string& primary_account,
+    bool first_execution) const {
+  // Mirror only uses the primary account, and it is never empty.
+  DCHECK(!primary_account.empty());
+  DCHECK(base::ContainsValue(chrome_accounts, primary_account));
+  return primary_account;
+}
+
+void MirrorAccountReconcilorDelegate::GoogleSigninSucceeded(
+    const std::string& account_id,
+    const std::string& username) {
+  reconcilor()->EnableReconcile();
+}
+
+void MirrorAccountReconcilorDelegate::GoogleSignedOut(
+    const std::string& account_id,
+    const std::string& username) {
+  reconcilor()->DisableReconcile(true /* logout_all_gaia_accounts */);
+}
+
+}  // namespace signin

components/signin/core/browser/mirror_account_reconcilor_delegate.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef COMPONENTS_SIGNIN_CORE_BROWSER_MIRROR_ACCOUNT_RECONCILOR_DELEGATE_H_
+#define COMPONENTS_SIGNIN_CORE_BROWSER_MIRROR_ACCOUNT_RECONCILOR_DELEGATE_H_
+
+#include "base/macros.h"
+#include "components/signin/core/browser/account_reconcilor_delegate.h"
+#include "components/signin/core/browser/signin_manager_base.h"
+
+namespace signin {
+
+// AccountReconcilorDelegate specialized for Mirror.
+class MirrorAccountReconcilorDelegate : public AccountReconcilorDelegate,
+                                        public SigninManagerBase::Observer {
+ public:
+  MirrorAccountReconcilorDelegate(SigninManagerBase* signin_manager);
+  ~MirrorAccountReconcilorDelegate() override;
+
+ private:
+  // AccountReconcilorDelegate:
+  bool IsReconcileEnabled() const override;
+  bool IsAccountConsistencyEnforced() const override;
+  bool ShouldAbortReconcileIfPrimaryHasError() const override;
+  std::string GetFirstGaiaAccountForReconcile(
+      const std::vector<std::string>& chrome_accounts,
+      const std::vector<gaia::ListedAccount>& gaia_accounts,
+      const std::string& primary_account,
+      bool first_execution) const override;
+
+  // SigninManagerBase::Observer:
+  void GoogleSigninSucceeded(const std::string& account_id,
+                             const std::string& username) override;
+  void GoogleSignedOut(const std::string& account_id,
+                       const std::string& username) override;
+
+  SigninManagerBase* signin_manager_;
+
+  DISALLOW_COPY_AND_ASSIGN(MirrorAccountReconcilorDelegate);
+};
+
+}  // namespace signin
+
+#endif  // COMPONENTS_SIGNIN_CORE_BROWSER_MIRROR_ACCOUNT_RECONCILOR_DELEGATE_H_

components/signin/ios/browser/account_consistency_service_unittest.mm

@@ -8,8 +8,11 @@
 
 #include <memory>
 
-#include "base/memory/ptr_util.h"
+#include "base/bind.h"
+#include "base/bind_helpers.h"
+#include "base/values.h"
 #include "components/signin/core/browser/account_reconcilor.h"
+#include "components/signin/core/browser/account_reconcilor_delegate.h"
 #include "components/signin/core/browser/account_tracker_service.h"
 #include "components/signin/core/browser/fake_signin_manager.h"
 #include "components/signin/core/browser/gaia_cookie_manager_service.h"
@@ -78,7 +81,12 @@ class FakeAccountConsistencyService : public AccountConsistencyService {
 class MockAccountReconcilor : public AccountReconcilor {
  public:
   MockAccountReconcilor(SigninClient* client)
-      : AccountReconcilor(nullptr, nullptr, client, nullptr, false) {}
+      : AccountReconcilor(
+            nullptr,
+            nullptr,
+            client,
+            nullptr,
+            std::make_unique<signin::AccountReconcilorDelegate>()) {}
   MOCK_METHOD1(OnReceivedManageAccountsResponse, void(signin::GAIAServiceType));
 };
 
@@ -150,7 +158,7 @@ class AccountConsistencyServiceTest : public PlatformTest {
     cookie_settings_ =
         new content_settings::CookieSettings(settings_map_.get(), &prefs_, "");
     account_reconcilor_ =
-        base::MakeUnique<MockAccountReconcilor>(signin_client_.get());
+        std::make_unique<MockAccountReconcilor>(signin_client_.get());
     ResetAccountConsistencyService();
   }
 

ios/chrome/browser/signin/account_reconcilor_factory.cc

@@ -4,11 +4,12 @@
 
 #include "ios/chrome/browser/signin/account_reconcilor_factory.h"
 
-#include <utility>
+#include <memory>
 
 #include "base/memory/singleton.h"
 #include "components/keyed_service/ios/browser_state_dependency_manager.h"
 #include "components/signin/core/browser/account_reconcilor.h"
+#include "components/signin/core/browser/mirror_account_reconcilor_delegate.h"
 #include "ios/chrome/browser/browser_state/chrome_browser_state.h"
 #include "ios/chrome/browser/signin/gaia_cookie_manager_service_factory.h"
 #include "ios/chrome/browser/signin/oauth2_token_service_factory.h"
@@ -45,12 +46,15 @@ std::unique_ptr<KeyedService> AccountReconcilorFactory::BuildServiceInstanceFor(
     web::BrowserState* context) const {
   ios::ChromeBrowserState* chrome_browser_state =
       ios::ChromeBrowserState::FromBrowserState(context);
+  SigninManager* signin_manager =
+      SigninManagerFactory::GetForBrowserState(chrome_browser_state);
   std::unique_ptr<AccountReconcilor> reconcilor(new AccountReconcilor(
       OAuth2TokenServiceFactory::GetForBrowserState(chrome_browser_state),
-      SigninManagerFactory::GetForBrowserState(chrome_browser_state),
+      signin_manager,
       SigninClientFactory::GetForBrowserState(chrome_browser_state),
       GaiaCookieManagerServiceFactory::GetForBrowserState(chrome_browser_state),
-      false /* is_new_profile */));
+      std::make_unique<signin::MirrorAccountReconcilorDelegate>(
+          signin_manager)));
   reconcilor->Initialize(true /* start_reconcile_if_tokens_available */);
   return reconcilor;
 }