New issue
Advanced search Search tips

Issue 891665 link

Starred by 1 user
Status: Fixed
Owner:
msarda@chromium.org
Closed: Oct 8
Cc:
jochen@chromium.org
ew...@chromium.org
sabineb@chromium.org
msarda@chromium.org
ios-bugs@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , iOS , Chrome , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Clear accounts from the token service when it is not longer present in the token service

Project Member Reported by msarda@chromium.org, Oct 3 
The account tracker service is seeded with the account email and GAIA ID when an account is added to Chrome. The account gets cleared as soon as it is removed from the token service. However, if the account is removed from disk (or we fail to save the token in the token DB), then the account info is left in the account tracker service indefinitely. There is thus a risk to leave account information on disk indefinitely.


We should clear the account info once the tokens are loaded as explained below:
* On desktop and ChromeOS, if we fail to read the token DB or decrypt the tokens, then the account should be kept in the account tracker.
* On mobile, the accounts are always seeded so it is fine to remove the tokens as soon as the accounts are loaded.
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 8 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0db5441db17b115085043d25d728111a43f79756

commit 0db5441db17b115085043d25d728111a43f79756
Author: Mihai Sardarescu <msarda@chromium.org>
Date: Mon Oct 08 14:59:19 2018

Stop tracking accounts that are not loaded by the token service

There was always a risk that account information was left on the device
if the tokens of the account was not loaded. This was not an issue in
the application as the token service is the the source of truth for the
list of accounts present in the browser. However, there is a small risk
that we leave PII information on disk (e.g. email, ful name etc).

This CL stop tracking the accounts for which tokens are no longer persent
in the token DB.

Bug:  891665 

Change-Id: I3a9f17bc32efaccb00688108b731bc9337a83f68
Reviewed-on: https://chromium-review.googlesource.com/c/1257914
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Reviewed-by: David Roger <droger@chromium.org>
Commit-Queue: Mihai Sardarescu <msarda@chromium.org>
Cr-Commit-Position: refs/heads/master@{#597563}
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/chrome/browser/chromeos/oauth2_token_service_delegate.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/chrome/browser/chromeos/oauth2_token_service_delegate.h
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/chrome/browser/chromeos/oauth2_token_service_delegate_unittest.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/chrome/browser/signin/dice_browsertest.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/chrome/browser/signin/dice_response_handler_unittest.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/chrome/browser/signin/mutable_profile_oauth2_token_service_delegate.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/chrome/browser/signin/mutable_profile_oauth2_token_service_delegate.h
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/chrome/browser/signin/mutable_profile_oauth2_token_service_delegate_unittest.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/chrome/browser/signin/oauth2_token_service_delegate_android.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/chrome/browser/signin/process_dice_header_delegate_impl_unittest.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/components/browser_sync/profile_sync_test_util.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/components/password_manager/core/browser/sync_username_test_base.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/components/signin/core/browser/about_signin_internals.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/components/signin/core/browser/account_reconcilor_unittest.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/components/signin/core/browser/fake_profile_oauth2_token_service.h
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/components/signin/core/browser/profile_oauth2_token_service.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/components/signin/core/browser/profile_oauth2_token_service.h
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/components/signin/core/browser/signin_manager.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/components/signin/core/browser/signin_manager.h
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/components/signin/core/browser/signin_manager_unittest.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/components/signin/ios/browser/account_consistency_service_unittest.mm
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/components/signin/ios/browser/profile_oauth2_token_service_ios_delegate.mm
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/google_apis/gaia/fake_oauth2_token_service_delegate.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/google_apis/gaia/oauth2_token_service_delegate.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/google_apis/gaia/oauth2_token_service_delegate.h
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/services/identity/identity_manager_impl_unittest.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/services/identity/public/cpp/identity_manager_unittest.cc
[modify] https://crrev.com/0db5441db17b115085043d25d728111a43f79756/services/identity/public/cpp/identity_test_environment.cc

Comment 2 by msarda@chromium.org, Oct 8

Cc: jochen@chromium.org
Status: Fixed (was: Started)

Sign in to add a comment