Prepare to remove AreExtensionsRestrictedToPrimaryAccount

AreExtensionsRestrictedToPrimaryAccount returns true when account consistency (Mirror or DICE) is disabled. We distinguish 2 cases: a) On Desktop: DICE is disable only when sign-in is not allowed b) On ChromeOS: Mirror is disabled when account manager is not enabled. This corresponds to sessions like Guest, public session and kiosk mode where signing in to Chrome is disabled. https://source.chromium.org/chromium/chromium/src/+/master:chrome/browser/ash/account_manager/account_manager_util.cc This CL adds a DCHECK to validate that AreExtensionsRestrictedToPrimaryAccount() always returns false when sign-in is allowed. This is as a temporary CL to prepare the removal of AreExtensionsRestrictedToPrimaryAccount(). Bug: 1181236 Change-Id: I776124f95892b1b7c31022d33584ccd8770a7b81 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2713802 Commit-Queue: Mihai Sardarescu <msarda@chromium.org> Reviewed-by: Alex Ilin <alexilin@chromium.org> Cr-Commit-Position: refs/heads/master@{#856644}
chromium · Feb 23, 2021 · 4f95fb1 · 4f95fb1
1 parent 51e9f34
commit 4f95fb1
Showing 1 changed file with 15 additions and 2 deletions.
diff --git a/chrome/browser/extensions/api/identity/identity_api.cc b/chrome/browser/extensions/api/identity/identity_api.cc
@@ -28,6 +28,7 @@
 #include "chrome/browser/signin/identity_manager_factory.h"
 #include "chrome/common/extensions/api/identity.h"
 #include "chrome/common/url_constants.h"
+#include "components/signin/public/base/signin_pref_names.h"
 #include "extensions/browser/extension_function_dispatcher.h"
 #include "extensions/browser/extension_prefs.h"
 #include "extensions/common/extension.h"
@@ -133,8 +134,20 @@ base::CallbackListSubscription IdentityAPI::RegisterOnShutdownCallback(
 }
 
 bool IdentityAPI::AreExtensionsRestrictedToPrimaryAccount() {
-  return !AccountConsistencyModeManager::IsDiceEnabledForProfile(profile_) &&
-         !AccountConsistencyModeManager::IsMirrorEnabledForProfile(profile_);
+  bool extensions_restricted_to_primary_account =
+      !AccountConsistencyModeManager::IsDiceEnabledForProfile(profile_) &&
+      !AccountConsistencyModeManager::IsMirrorEnabledForProfile(profile_);
+  if (extensions_restricted_to_primary_account) {
+    // TODO(crbug.com/1181236): Remove AreExtensionsRestrictedToPrimaryAccount
+    // as it always returns false when sign-in is allowed.
+    CHECK(!profile_->GetPrefs()->GetBoolean(prefs::kSigninAllowed))
+        << "This is temporary check to verify that "
+           "AreExtensionsRestrictedToPrimaryAccount() returns true iff sign-in "
+           "is not allowed. In this case, chrome.identity API returns errors "
+           "when fetching access tokens. Therefore method "
+           "AreExtensionsRestrictedToPrimaryAccount() can be removed.";
+  }
+  return extensions_restricted_to_primary_account;
 }
 
 IdentityAPI::IdentityAPI(Profile* profile,