Part 1 of implementing captcha for sync dialog.

Added GoogleServiceAuthError, which is the same as the incumbent AuthErrorState but can support captcha information too. I moved it because it just had nothing specific to sync about it. This CL is mostly a rename and basic plumbing CaptchaRequired error state from browser_sync::AuthWatcher through to UI thread.

Ben, I added a .h to chrome/browser/ alongside other google_* stuff. I'm just looking for your blessing here, or suggestion of alternate location.  

BUG=19738

Review URL: http://codereview.chromium.org/384040

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@31729 0039d316-1c4b-4281-b951-d872f2087c98

14 files changed, 190 insertions, 127 deletions

diff --git a/chrome/browser/browser_about_handler.cc b/chrome/browser/browser_about_handler.cc
index c49e266..6d8b4f4 100644
--- a/chrome/browser/browser_about_handler.cc
+++ b/chrome/browser/browser_about_handler.cc
@@ -23,13 +23,13 @@
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_thread.h"
 #include "chrome/browser/dom_ui/chrome_url_data_manager.h"
+#include "chrome/browser/google_service_auth_error.h"
 #include "chrome/browser/memory_details.h"
 #include "chrome/browser/net/dns_global.h"
 #include "chrome/browser/profile.h"
 #include "chrome/browser/profile_manager.h"
 #include "chrome/browser/renderer_host/render_process_host.h"
 #include "chrome/browser/renderer_host/render_view_host.h"
-#include "chrome/browser/sync/auth_error_state.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/histogram_synchronizer.h"
@@ -487,13 +487,14 @@ static void AddIntSyncDetail(ListValue* details, const std::wstring& stat_name,
   details->Append(val);
 }
 
-static std::wstring MakeSyncAuthErrorText(AuthErrorState state) {
+static std::wstring MakeSyncAuthErrorText(
+    const GoogleServiceAuthError::State& state) {
   switch (state) {
-    case AUTH_ERROR_INVALID_GAIA_CREDENTIALS:
+    case GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS:
       return L"INVALID_GAIA_CREDENTIALS";
-    case AUTH_ERROR_USER_NOT_SIGNED_UP:
+    case GoogleServiceAuthError::USER_NOT_SIGNED_UP:
       return L"USER_NOT_SIGNED_UP";
-    case AUTH_ERROR_CONNECTION_FAILED:
+    case GoogleServiceAuthError::CONNECTION_FAILED:
       return L"CONNECTION_FAILED";
     default:
       return std::wstring();
@@ -521,7 +522,7 @@ std::string AboutSync() {
     strings.Set(L"authenticated",
         new FundamentalValue(full_status.authenticated));
     strings.SetString(L"auth_problem",
-        MakeSyncAuthErrorText(service->GetAuthErrorState()));
+        MakeSyncAuthErrorText(service->GetAuthError().state()));
 
     strings.SetString(L"time_since_sync", service->GetLastSyncedTimeString());
 
diff --git a/chrome/browser/google_service_auth_error.h b/chrome/browser/google_service_auth_error.h
new file mode 100644
index 0000000..f05fd1a
--- /dev/null
+++ b/chrome/browser/google_service_auth_error.h
@@ -0,0 +1,99 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// A GoogleServiceAuthError is immutable, plain old data representing an
+// error from an attempt to authenticate with a Google service.
+// It could be from Google Accounts itself, or any service using Google
+// Accounts (e.g expired credentials).  It may contain additional data such as
+// captcha challenges.
+
+// A GoogleServiceAuthError without additional data is just a State, defined
+// below. A case could be made to have this relation implicit, to allow raising
+// error events concisely by doing OnAuthError(GoogleServiceAuthError::NONE),
+// for example. But the truth is this class is ever so slightly more than a
+// transparent wrapper around 'State' due to additional Captcha data
+// (e.g consider operator=), and this would violate the style guide. Thus,
+// you must explicitly use the constructor when all you have is a State.
+// The good news is the implementation nests the enum inside a class, so you
+// may forward declare and typedef GoogleServiceAuthError to something shorter
+// in the comfort of your own translation unit.
+
+#ifndef CHROME_BROWSER_GOOGLE_SERVICE_AUTH_ERROR_H_
+#define CHROME_BROWSER_GOOGLE_SERVICE_AUTH_ERROR_H_
+
+#include <string>
+#include "googleurl/src/gurl.h"
+
+class GoogleServiceAuthError {
+ public:
+  enum State {
+    // The user is authenticated.
+    NONE = 0,
+
+    // The credentials supplied to GAIA were either invalid, or the locally
+    // cached credentials have expired.
+    INVALID_GAIA_CREDENTIALS,
+
+    // The GAIA user is not authorized to use the service.
+    USER_NOT_SIGNED_UP,
+
+    // Could not connect to server to verify credentials. This could be in
+    // response to either failure to connect to GAIA or failure to connect to
+    // the service needing GAIA tokens during authentication.
+    CONNECTION_FAILED,
+
+    // The user needs to satisfy a CAPTCHA challenge to unlock their account.
+    // If no other information is available, this can be resolved by visiting
+    // https://www.google.com/accounts/DisplayUnlockCaptcha. Otherwise,
+    // captcha() will provide details about the associated challenge.
+    CAPTCHA_REQUIRED,
+  };
+
+  // Additional data for CAPTCHA_REQUIRED errors.
+  struct Captcha {
+    Captcha() {}
+    Captcha(const std::string& t, const GURL& img, const GURL& unlock)
+        : token(t), image_url(img), unlock_url(unlock) {}
+    std::string token;  // Globally identifies the specific CAPTCHA challenge.
+    GURL image_url;     // The CAPTCHA image to show the user.
+    GURL unlock_url;    // Pretty unlock page containing above captcha.
+  };
+
+  // Construct a GoogleServiceAuthError from a State with no additional data.
+  explicit GoogleServiceAuthError(State s) : state_(s) {}
+
+  // Construct a CAPTCHA_REQUIRED error with CAPTCHA challenge data.
+  static GoogleServiceAuthError FromCaptchaChallenge(
+      const std::string& captcha_token,
+      const GURL& captcha_image_url,
+      const GURL& captcha_unlock_url) {
+    return GoogleServiceAuthError(CAPTCHA_REQUIRED, captcha_token,
+                                  captcha_image_url, captcha_unlock_url);
+  }
+
+  // Provided for convenience for clients needing to reset an instance to NONE.
+  // (avoids err_ = GoogleServiceAuthError(GoogleServiceAuthError::NONE), due
+  // to explicit class and State enum relation. Note: shouldn't be inlined!
+  static const GoogleServiceAuthError None() {
+    static const GoogleServiceAuthError e(NONE);
+    return e;
+  }
+
+  // The error information.
+  const State& state() const { return state_; }
+  const Captcha& captcha() const { return captcha_; }
+
+ private:
+  GoogleServiceAuthError(State s, const std::string& captcha_token,
+                         const GURL& captcha_image_url,
+                         const GURL& captcha_unlock_url)
+      : state_(s),
+        captcha_(captcha_token, captcha_image_url, captcha_unlock_url) {
+  }
+
+  State state_;
+  Captcha captcha_;
+};
+
+#endif  // CHROME_BROWSER_GOOGLE_SERVICE_AUTH_ERROR_H_
diff --git a/chrome/browser/sync/auth_error_state.h b/chrome/browser/sync/auth_error_state.h
deleted file mode 100644
index a3ac980..0000000
--- a/chrome/browser/sync/auth_error_state.h
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CHROME_BROWSER_SYNC_AUTH_ERROR_STATE_H_
-#define CHROME_BROWSER_SYNC_AUTH_ERROR_STATE_H_
-
-#include <string>
-#include "base/string_util.h"
-
-enum AuthErrorState {
-  // The user is authenticated.
-  AUTH_ERROR_NONE = 0,
-
-  // The credentials supplied to GAIA were either invalid, or the locally
-  // cached credentials have expired. If this happens, the sync system
-  // will continue as if offline until authentication is reattempted.
-  AUTH_ERROR_INVALID_GAIA_CREDENTIALS,
-
-  // The GAIA user is not authorized to use the sync service.
-  AUTH_ERROR_USER_NOT_SIGNED_UP,
-
-  // Could not connect to server to verify credentials. This could be in
-  // response to either failure to connect to GAIA or failure to connect to
-  // the service needing GAIA tokens during authentication.
-  AUTH_ERROR_CONNECTION_FAILED,
-};
-
-#endif  // CHROME_BROWSER_SYNC_AUTH_ERROR_STATE_H_
diff --git a/chrome/browser/sync/engine/syncapi.cc b/chrome/browser/sync/engine/syncapi.cc
index b220751..7219abc 100644
--- a/chrome/browser/sync/engine/syncapi.cc
+++ b/chrome/browser/sync/engine/syncapi.cc
@@ -69,6 +69,8 @@ using std::vector;
 using syncable::Directory;
 using syncable::DirectoryManager;
 
+typedef GoogleServiceAuthError AuthError;
+
 static const int kServerReachablePollingIntervalMsec = 60000 * 60;
 static const int kThreadExitTimeoutMsec = 60000;
 static const int kSSLPort = 443;
@@ -667,7 +669,7 @@ class SyncManager::SyncInternal {
   explicit SyncInternal(SyncManager* sync_manager)
       : observer_(NULL),
         command_channel_(0),
-        auth_problem_(AUTH_PROBLEM_NONE),
+        auth_problem_(AuthError::NONE),
         sync_manager_(sync_manager),
         address_watch_thread_("SyncEngine_AddressWatcher"),
         notification_pending_(false),
@@ -878,8 +880,8 @@ class SyncManager::SyncInternal {
 
   // Our cache of a recent authentication problem. If no authentication problem
   // occurred, or if the last problem encountered has been cleared (by a
-  // subsequent AuthWatcherEvent), this is set to AUTH_PROBLEM_NONE.
-  AuthProblem auth_problem_;
+  // subsequent AuthWatcherEvent), this is set to NONE.
+  AuthError::State auth_problem_;
 
   // The sync dir_manager to which we belong.
   SyncManager* const sync_manager_;
@@ -1065,7 +1067,7 @@ void SyncManager::SyncInternal::Authenticate(const std::string& username,
     // TODO(timsteele): Seems like this shouldn't be needed, but auth_watcher
     // currently drops blank password attempts on the floor and doesn't update
     // state; it only LOGs an error in this case. We want to make sure we set
-    // our AuthProblem state to denote an error.
+    // our GoogleServiceAuthError state to denote an error.
     RaiseAuthNeededEvent();
   }
   auth_watcher()->Authenticate(username, password, true);
@@ -1109,9 +1111,9 @@ void SyncManager::SyncInternal::AuthenticateForLastKnownUser() {
 }
 
 void SyncManager::SyncInternal::RaiseAuthNeededEvent() {
-  auth_problem_ = AUTH_PROBLEM_INVALID_GAIA_CREDENTIALS;
+  auth_problem_ = AuthError::INVALID_GAIA_CREDENTIALS;
   if (observer_)
-    observer_->OnAuthProblem(auth_problem_);
+    observer_->OnAuthError(AuthError(auth_problem_));
 }
 
 SyncManager::~SyncManager() {
@@ -1383,14 +1385,14 @@ void SyncManager::SyncInternal::HandleSyncerEvent(const SyncerEvent& event) {
 void SyncManager::SyncInternal::HandleAuthWatcherEvent(
     const AuthWatcherEvent& event) {
   // We don't care about an authentication attempt starting event, and we
-  // don't want to reset our state to AUTH_PROBLEM_NONE because the fact that
-  // an _attempt_ is starting doesn't change the fact that we have an auth
-  // problem.
+  // don't want to reset our state to GoogleServiceAuthError::NONE because the
+  // fact that an _attempt_ is starting doesn't change the fact that we have an
+  // auth problem.
   if (event.what_happened == AuthWatcherEvent::AUTHENTICATION_ATTEMPT_START)
     return;
   // We clear our last auth problem cache on new auth watcher events, and only
   // set it to indicate a problem state for certain AuthWatcherEvent types.
-  auth_problem_ = AUTH_PROBLEM_NONE;
+  auth_problem_ = AuthError::NONE;
   switch (event.what_happened) {
     case AuthWatcherEvent::AUTH_SUCCEEDED:
       // We now know the supplied username and password were valid. If this
@@ -1405,7 +1407,7 @@ void SyncManager::SyncInternal::HandleAuthWatcherEvent(
           << ", event.user_email= " << event.user_email;
 
       if (observer_)
-        observer_->OnAuthProblem(AUTH_PROBLEM_NONE);
+        observer_->OnAuthError(AuthError::None());
 
       // Hook up the DirectoryChangeEvent listener, HandleChangeEvent.
       {
@@ -1429,24 +1431,37 @@ void SyncManager::SyncInternal::HandleAuthWatcherEvent(
             this, &SyncInternal::HandleSyncerEvent));
       }
       return;
-    // Authentication failures translate to Status::AuthProblem events.
+    // Authentication failures translate to GoogleServiceAuthError events.
     case AuthWatcherEvent::GAIA_AUTH_FAILED:     // Invalid GAIA credentials.
+      if (event.auth_results->auth_error == browser_sync::CaptchaRequired) {
+        auth_problem_ = AuthError::CAPTCHA_REQUIRED;
+        GURL captcha("http://www.google.com/accounts/");
+        GURL::Replacements replacer;
+        replacer.SetPathStr(captcha.path().append(
+            event.auth_results->captcha_url));
+        captcha = captcha.ReplaceComponents(replacer);
+        observer_->OnAuthError(AuthError::FromCaptchaChallenge(
+            event.auth_results->captcha_token, captcha,
+            GURL(event.auth_results->auth_error_url)));
+        return;
+      }
     case AuthWatcherEvent::SERVICE_AUTH_FAILED:  // Expired GAIA credentials.
-      auth_problem_ = AUTH_PROBLEM_INVALID_GAIA_CREDENTIALS;
+      auth_problem_ = AuthError::INVALID_GAIA_CREDENTIALS;
       break;
     case AuthWatcherEvent::SERVICE_USER_NOT_SIGNED_UP:
-      auth_problem_ = AUTH_PROBLEM_USER_NOT_SIGNED_UP;
+      auth_problem_ = AuthError::USER_NOT_SIGNED_UP;
       break;
     case AuthWatcherEvent::SERVICE_CONNECTION_FAILED:
-      auth_problem_ = AUTH_PROBLEM_CONNECTION_FAILED;
+      auth_problem_ = AuthError::CONNECTION_FAILED;
       break;
     default:  // We don't care about the many other AuthWatcherEvent types.
       return;
   }
 
+
   // Fire notification that the status changed due to an authentication error.
   if (observer_)
-    observer_->OnAuthProblem(auth_problem_);
+    observer_->OnAuthError(AuthError(auth_problem_));
 }
 
 SyncManager::Status::Summary SyncManager::GetStatusSummary() const {
diff --git a/chrome/browser/sync/engine/syncapi.h b/chrome/browser/sync/engine/syncapi.h
index 96f7815..f91d765 100644
--- a/chrome/browser/sync/engine/syncapi.h
+++ b/chrome/browser/sync/engine/syncapi.h
@@ -43,6 +43,7 @@
 #include "base/basictypes.h"
 #include "base/file_path.h"
 #include "build/build_config.h"
+#include "chrome/browser/google_service_auth_error.h"
 #include "googleurl/src/gurl.h"
 
 // The MSVC compiler for Windows requires that any classes exported by, or
@@ -357,23 +358,6 @@ class SYNC_EXPORT SyncManager {
     Action action;
   };
 
-  // When the SyncManager is unable to initiate the syncing process due to a
-  // failure during authentication, AuthProblem describes the actual problem
-  // more precisely.
-  enum AuthProblem {
-    AUTH_PROBLEM_NONE = 0,
-    // The credentials supplied to GAIA were either invalid, or the locally
-    // cached credentials have expired. If this happens, the sync system
-    // will continue as if offline until authentication is reattempted.
-    AUTH_PROBLEM_INVALID_GAIA_CREDENTIALS,
-    // The GAIA user is not authorized to use the sync service.
-    AUTH_PROBLEM_USER_NOT_SIGNED_UP,
-    // Could not connect to server to verify credentials. This could be in
-    // response to either failure to connect to GAIA or failure to connect to
-    // the sync service during authentication.
-    AUTH_PROBLEM_CONNECTION_FAILED,
-  };
-
   // Status encapsulates detailed state about the internals of the SyncManager.
   struct Status {
     // Summary is a distilled set of important information that the end-user may
@@ -471,7 +455,7 @@ class SYNC_EXPORT SyncManager {
     virtual void OnSyncCycleCompleted() = 0;
 
     // Called when user interaction may be required due to an auth problem.
-    virtual void OnAuthProblem(AuthProblem auth_problem) = 0;
+    virtual void OnAuthError(const GoogleServiceAuthError& auth_error) = 0;
 
     // Called when initialization is complete to the point that SyncManager can
     // process changes. This does not necessarily mean authentication succeeded
diff --git a/chrome/browser/sync/glue/sync_backend_host.cc b/chrome/browser/sync/glue/sync_backend_host.cc
index 523a30f..dcce1d4 100644
--- a/chrome/browser/sync/glue/sync_backend_host.cc
+++ b/chrome/browser/sync/glue/sync_backend_host.cc
@@ -20,6 +20,8 @@ static const char kGaiaSourceForChrome[] = "ChromiumBrowser";
 static const FilePath::CharType kSyncDataFolderName[] =
     FILE_PATH_LITERAL("Sync Data");
 
+typedef GoogleServiceAuthError AuthError;
+
 namespace browser_sync {
 
 SyncBackendHost::SyncBackendHost(SyncFrontend* frontend,
@@ -31,7 +33,7 @@ SyncBackendHost::SyncBackendHost(SyncFrontend* frontend,
       frontend_(frontend),
       processor_(processor),
       sync_data_folder_path_(profile_path.Append(kSyncDataFolderName)),
-      last_auth_error_(AUTH_ERROR_NONE) {
+      last_auth_error_(AuthError::None()) {
   core_ = new Core(this);
 }
 
@@ -125,7 +127,7 @@ string16 SyncBackendHost::GetAuthenticatedUsername() const {
   return UTF8ToUTF16(core_->syncapi()->GetAuthenticatedUsername());
 }
 
-AuthErrorState SyncBackendHost::GetAuthErrorState() const {
+const GoogleServiceAuthError& SyncBackendHost::GetAuthError() const {
   return last_auth_error_;
 }
 
@@ -214,23 +216,6 @@ void SyncBackendHost::Core::DoShutdown(bool sync_disabled) {
   host_ = NULL;
 }
 
-static AuthErrorState AuthProblemToAuthError(
-    const sync_api::SyncManager::AuthProblem& auth_problem) {
-  switch (auth_problem) {
-    case sync_api::SyncManager::AUTH_PROBLEM_NONE:
-      return AUTH_ERROR_NONE;
-    case sync_api::SyncManager::AUTH_PROBLEM_INVALID_GAIA_CREDENTIALS:
-      return AUTH_ERROR_INVALID_GAIA_CREDENTIALS;
-    case sync_api::SyncManager::AUTH_PROBLEM_CONNECTION_FAILED:
-      return AUTH_ERROR_CONNECTION_FAILED;
-    case sync_api::SyncManager::AUTH_PROBLEM_USER_NOT_SIGNED_UP:
-      return AUTH_ERROR_USER_NOT_SIGNED_UP;
-  }
-
-  NOTREACHED() << "Unknown AuthProblem.";
-  return AUTH_ERROR_NONE;
-}
-
 void SyncBackendHost::Core::OnChangesApplied(
     const sync_api::BaseTransaction* trans,
     const sync_api::SyncManager::ChangeRecord* changes,
@@ -276,17 +261,16 @@ void SyncBackendHost::Core::OnInitializationComplete() {
       NewRunnableMethod(this, &Core::StartSavingChanges));
 }
 
-void SyncBackendHost::Core::OnAuthProblem(
-    sync_api::SyncManager::AuthProblem auth_problem) {
+void SyncBackendHost::Core::OnAuthError(const AuthError& auth_error) {
   // We could be on SyncEngine_AuthWatcherThread.  Post to our core loop so
   // we can modify state.
   host_->frontend_loop_->PostTask(FROM_HERE,
       NewRunnableMethod(this, &Core::HandleAuthErrorEventOnFrontendLoop,
-      AuthProblemToAuthError(auth_problem)));
+      auth_error));
 }
 
 void SyncBackendHost::Core::HandleAuthErrorEventOnFrontendLoop(
-    AuthErrorState new_auth_error) {
+    const GoogleServiceAuthError& new_auth_error) {
   if (!host_ || !host_->frontend_)
     return;
 
diff --git a/chrome/browser/sync/glue/sync_backend_host.h b/chrome/browser/sync/glue/sync_backend_host.h
index 69065d8..7bc633e 100644
--- a/chrome/browser/sync/glue/sync_backend_host.h
+++ b/chrome/browser/sync/glue/sync_backend_host.h
@@ -13,8 +13,8 @@
 #include "base/ref_counted.h"
 #include "base/thread.h"
 #include "base/timer.h"
+#include "chrome/browser/google_service_auth_error.h"
 #include "chrome/browser/net/url_request_context_getter.h"
-#include "chrome/browser/sync/auth_error_state.h"
 #include "chrome/browser/sync/engine/syncapi.h"
 #include "chrome/browser/sync/glue/bookmark_model_worker.h"
 #include "googleurl/src/gurl.h"
@@ -102,7 +102,7 @@ class SyncBackendHost {
   // summarized form.
   Status GetDetailedStatus();
   StatusSummary GetStatusSummary();
-  AuthErrorState GetAuthErrorState() const;
+  const GoogleServiceAuthError& GetAuthError() const;
 
   const FilePath& sync_data_folder_path() const {
     return sync_data_folder_path_;
@@ -149,8 +149,7 @@ class SyncBackendHost {
         int change_count);
     virtual void OnSyncCycleCompleted();
     virtual void OnInitializationComplete();
-    virtual void OnAuthProblem(
-        sync_api::SyncManager::AuthProblem auth_problem);
+    virtual void OnAuthError(const GoogleServiceAuthError& auth_error);
 
     // Note:
     //
@@ -240,7 +239,8 @@ class SyncBackendHost {
 
     // Dispatched to from HandleAuthErrorEventOnCoreLoop to handle updating
     // frontend UI components.
-    void HandleAuthErrorEventOnFrontendLoop(AuthErrorState new_auth_error);
+    void HandleAuthErrorEventOnFrontendLoop(
+        const GoogleServiceAuthError& new_auth_error);
 
     // Our parent SyncBackendHost
     SyncBackendHost* host_;
@@ -282,7 +282,7 @@ class SyncBackendHost {
   FilePath sync_data_folder_path_;
 
   // UI-thread cache of the last AuthErrorState received from syncapi.
-  AuthErrorState last_auth_error_;
+  GoogleServiceAuthError last_auth_error_;
 
   DISALLOW_COPY_AND_ASSIGN(SyncBackendHost);
 };
diff --git a/chrome/browser/sync/profile_sync_service.cc b/chrome/browser/sync/profile_sync_service.cc
index 636c17f..d8a6b00 100644
--- a/chrome/browser/sync/profile_sync_service.cc
+++ b/chrome/browser/sync/profile_sync_service.cc
@@ -34,11 +34,13 @@ using browser_sync::ChangeProcessor;
 using browser_sync::ModelAssociator;
 using browser_sync::SyncBackendHost;
 
+typedef GoogleServiceAuthError AuthError;
+
 // Default sync server URL.
 static const char kSyncServerUrl[] = "https://clients4.google.com/chrome-sync";
 
 ProfileSyncService::ProfileSyncService(Profile* profile)
-    : last_auth_error_(AUTH_ERROR_NONE),
+    : last_auth_error_(AuthError::None()),
       profile_(profile),
       sync_service_url_(kSyncServerUrl),
       backend_initialized_(false),
@@ -237,17 +239,17 @@ void ProfileSyncService::OnSyncCycleCompleted() {
 }
 
 void ProfileSyncService::OnAuthError() {
-  last_auth_error_ = backend_->GetAuthErrorState();
+  last_auth_error_ = backend_->GetAuthError();
   // Protect against the in-your-face dialogs that pop out of nowhere.
   // Require the user to click somewhere to run the setup wizard in the case
   // of a steady-state auth failure.
   if (WizardIsVisible() || expecting_first_run_auth_needed_event_) {
-    wizard_.Step(AUTH_ERROR_NONE == backend_->GetAuthErrorState() ?
+    wizard_.Step(AuthError::NONE == last_auth_error_.state() ?
         SyncSetupWizard::GAIA_SUCCESS : SyncSetupWizard::GAIA_LOGIN);
   }
 
   if (expecting_first_run_auth_needed_event_) {
-    last_auth_error_ = AUTH_ERROR_NONE;
+    last_auth_error_ = AuthError::None();
     expecting_first_run_auth_needed_event_ = false;
   }
 
@@ -276,7 +278,7 @@ void ProfileSyncService::ShowLoginDialog() {
     auth_error_time_ = base::TimeTicks();  // Reset auth_error_time_ to null.
   }
 
-  if (last_auth_error_ != AUTH_ERROR_NONE) {
+  if (last_auth_error_.state() != AuthError::NONE) {
     wizard_.Step(SyncSetupWizard::GAIA_LOGIN);
   }
 }
diff --git a/chrome/browser/sync/profile_sync_service.h b/chrome/browser/sync/profile_sync_service.h
index 23ad03e..6730226 100644
--- a/chrome/browser/sync/profile_sync_service.h
+++ b/chrome/browser/sync/profile_sync_service.h
@@ -14,6 +14,7 @@
 #include "base/observer_list.h"
 #include "base/scoped_ptr.h"
 #include "chrome/browser/bookmarks/bookmark_model.h"
+#include "chrome/browser/google_service_auth_error.h"
 #include "chrome/browser/profile.h"
 #include "chrome/browser/sync/glue/change_processor.h"
 #include "chrome/browser/sync/glue/model_associator.h"
@@ -129,7 +130,7 @@ class ProfileSyncService : public NotificationObserver,
   browser_sync::SyncBackendHost::StatusSummary QuerySyncStatusSummary();
   browser_sync::SyncBackendHost::Status QueryDetailedSyncStatus();
 
-  AuthErrorState GetAuthErrorState() const {
+  const GoogleServiceAuthError& GetAuthError() const {
     return last_auth_error_;
   }
 
@@ -230,7 +231,7 @@ class ProfileSyncService : public NotificationObserver,
   // "expected" auth failure from observers.
   // TODO(timsteele): Same as expecting_first_run_auth_needed_event_. Remove
   // this!
-  AuthErrorState last_auth_error_;
+  GoogleServiceAuthError last_auth_error_;
 
   // Cache of the last name the client attempted to authenticate.
   std::string last_attempted_user_email_;
diff --git a/chrome/browser/sync/sync_setup_flow.cc b/chrome/browser/sync/sync_setup_flow.cc
index cf60350..50a8c2c 100644
--- a/chrome/browser/sync/sync_setup_flow.cc
+++ b/chrome/browser/sync/sync_setup_flow.cc
@@ -14,8 +14,8 @@
 #include "base/values.h"
 #include "chrome/browser/browser.h"
 #include "chrome/browser/browser_list.h"
+#include "chrome/browser/google_service_auth_error.h"
 #include "chrome/browser/renderer_host/render_view_host.h"
-#include "chrome/browser/sync/auth_error_state.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/tab_contents/tab_contents.h"
 #include "chrome/common/pref_names.h"
@@ -214,14 +214,14 @@ void SyncSetupFlow::OnDialogClosed(const std::string& json_retval) {
 // static
 void SyncSetupFlow::GetArgsForGaiaLogin(const ProfileSyncService* service,
                                         DictionaryValue* args) {
-  AuthErrorState error(service->GetAuthErrorState());
+  const GoogleServiceAuthError& error = service->GetAuthError();
   if (!service->last_attempted_user_email().empty()) {
     args->SetString(L"user", service->last_attempted_user_email());
-    args->SetInteger(L"error", error);
+    args->SetInteger(L"error", error.state());
   } else {
     std::wstring user(UTF16ToWide(service->GetAuthenticatedUsername()));
     args->SetString(L"user", user);
-    args->SetInteger(L"error", user.empty() ? 0 : error);
+    args->SetInteger(L"error", user.empty() ? 0 : error.state());
   }
 }
 
diff --git a/chrome/browser/sync/sync_setup_wizard_unittest.cc b/chrome/browser/sync/sync_setup_wizard_unittest.cc
index bf5ee91..ba9e8d9 100644
--- a/chrome/browser/sync/sync_setup_wizard_unittest.cc
+++ b/chrome/browser/sync/sync_setup_wizard_unittest.cc
@@ -9,6 +9,7 @@
 #include "base/stl_util-inl.h"
 #include "chrome/browser/browser.h"
 #include "chrome/browser/browser_list.h"
+#include "chrome/browser/google_service_auth_error.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "chrome/browser/sync/sync_setup_flow.h"
 #include "chrome/browser/sync/sync_setup_wizard.h"
@@ -21,6 +22,8 @@
 static const char* kTestUser = "chrome.p13n.test@gmail.com";
 static const char* kTestPassword = "passwd";
 
+typedef GoogleServiceAuthError AuthError;
+
 // A PSS subtype to inject.
 class ProfileSyncServiceForWizardTest : public ProfileSyncService {
  public:
@@ -48,9 +51,10 @@ class ProfileSyncServiceForWizardTest : public ProfileSyncService {
     return UTF8ToUTF16(username_);
   }
 
-  void set_auth_state(const std::string& last_email, AuthErrorState state) {
+  void set_auth_state(const std::string& last_email,
+                      const AuthError::State& state) {
     last_attempted_user_email_ = last_email;
-    last_auth_error_ = state;
+    last_auth_error_ = AuthError(state);
   }
 
   void ResetTestStats() {
@@ -208,7 +212,7 @@ TEST_F(SyncSetupWizardTest, InitialStepLogin) {
   service_->ResetTestStats();
 
   // Simulate failed credentials.
-  service_->set_auth_state(kTestUser, AUTH_ERROR_INVALID_GAIA_CREDENTIALS);
+  service_->set_auth_state(kTestUser, AuthError::INVALID_GAIA_CREDENTIALS);
   wizard_->Step(SyncSetupWizard::GAIA_LOGIN);
   EXPECT_TRUE(wizard_->IsVisible());
   EXPECT_FALSE(test_window_->TestAndResetWasShowHTMLDialogCalled());
@@ -221,8 +225,8 @@ TEST_F(SyncSetupWizardTest, InitialStepLogin) {
   EXPECT_EQ(kTestUser, actual_user);
   int error = -1;
   dialog_args.GetInteger(L"error", &error);
-  EXPECT_EQ(static_cast<int>(AUTH_ERROR_INVALID_GAIA_CREDENTIALS), error);
-  service_->set_auth_state(kTestUser, AUTH_ERROR_NONE);
+  EXPECT_EQ(static_cast<int>(AuthError::INVALID_GAIA_CREDENTIALS), error);
+  service_->set_auth_state(kTestUser, AuthError::NONE);
 
   // Simulate success.
   wizard_->Step(SyncSetupWizard::GAIA_SUCCESS);
@@ -361,7 +365,7 @@ TEST_F(SyncSetupWizardTest, DiscreteRun) {
   wizard_->Step(SyncSetupWizard::GAIA_LOGIN);
   EXPECT_EQ(SyncSetupWizard::GAIA_SUCCESS, test_window_->flow()->end_state_);
 
-  service_->set_auth_state(kTestUser, AUTH_ERROR_INVALID_GAIA_CREDENTIALS);
+  service_->set_auth_state(kTestUser, AuthError::INVALID_GAIA_CREDENTIALS);
   wizard_->Step(SyncSetupWizard::GAIA_LOGIN);
   EXPECT_TRUE(wizard_->IsVisible());
   SyncSetupFlow::GetArgsForGaiaLogin(service_, &dialog_args);
@@ -371,8 +375,8 @@ TEST_F(SyncSetupWizardTest, DiscreteRun) {
   EXPECT_EQ(kTestUser, actual_user);
   int error = -1;
   dialog_args.GetInteger(L"error", &error);
-  EXPECT_EQ(static_cast<int>(AUTH_ERROR_INVALID_GAIA_CREDENTIALS), error);
-  service_->set_auth_state(kTestUser, AUTH_ERROR_NONE);
+  EXPECT_EQ(static_cast<int>(AuthError::INVALID_GAIA_CREDENTIALS), error);
+  service_->set_auth_state(kTestUser, AuthError::NONE);
 
   wizard_->Step(SyncSetupWizard::GAIA_SUCCESS);
   EXPECT_TRUE(test_window_->TestAndResetWasShowHTMLDialogCalled());
diff --git a/chrome/browser/sync/sync_status_ui_helper.cc b/chrome/browser/sync/sync_status_ui_helper.cc
index 37b790a..7c6f30b 100644
--- a/chrome/browser/sync/sync_status_ui_helper.cc
+++ b/chrome/browser/sync/sync_status_ui_helper.cc
@@ -6,20 +6,22 @@
 
 #include "app/l10n_util.h"
 #include "base/string_util.h"
-#include "chrome/browser/sync/auth_error_state.h"
+#include "chrome/browser/google_service_auth_error.h"
 #include "chrome/browser/sync/profile_sync_service.h"
 #include "grit/chromium_strings.h"
 #include "grit/generated_resources.h"
 
+typedef GoogleServiceAuthError AuthError;
+
 // Given an authentication state, this helper function returns the appropriate
 // status message and, if necessary, the text that should appear in the
 // re-login link.
-static void GetLabelsForAuthError(AuthErrorState auth_error,
+static void GetLabelsForAuthError(const AuthError& auth_error,
     ProfileSyncService* service, string16* status_label,
     string16* link_label) {
   if (link_label)
     link_label->assign(l10n_util::GetStringUTF16(IDS_SYNC_RELOGIN_LINK_LABEL));
-  if (auth_error == AUTH_ERROR_INVALID_GAIA_CREDENTIALS) {
+  if (auth_error.state() == AuthError::INVALID_GAIA_CREDENTIALS) {
     // If the user name is empty then the first login failed, otherwise the
     // credentials are out-of-date.
     if (service->GetAuthenticatedUsername().empty())
@@ -28,7 +30,7 @@ static void GetLabelsForAuthError(AuthErrorState auth_error,
     else
       status_label->assign(
           l10n_util::GetStringUTF16(IDS_SYNC_LOGIN_INFO_OUT_OF_DATE));
-  } else if (auth_error == AUTH_ERROR_CONNECTION_FAILED) {
+  } else if (auth_error.state() == AuthError::CONNECTION_FAILED) {
     // Note that there is little the user can do if the server is not
     // reachable. Since attempting to re-connect is done automatically by
     // the Syncer, we do not show the (re)login link.
@@ -69,19 +71,19 @@ SyncStatusUIHelper::MessageType SyncStatusUIHelper::GetLabels(
 
   if (service->HasSyncSetupCompleted()) {
     ProfileSyncService::Status status(service->QueryDetailedSyncStatus());
-    AuthErrorState auth_error(service->GetAuthErrorState());
+    const AuthError& auth_error = service->GetAuthError();
 
     // Either show auth error information with a link to re-login, auth in prog,
     // or note that everything is OK with the last synced time.
     if (status.authenticated) {
       // Everything is peachy.
       status_label->assign(GetSyncedStateStatusLabel(service));
-      DCHECK_EQ(auth_error, AUTH_ERROR_NONE);
+      DCHECK_EQ(auth_error.state(), AuthError::NONE);
     } else if (service->UIShouldDepictAuthInProgress()) {
       status_label->assign(
           l10n_util::GetStringUTF16(IDS_SYNC_AUTHENTICATING_LABEL));
       result_type = PRE_SYNCED;
-    } else if (auth_error != AUTH_ERROR_NONE) {
+    } else if (auth_error.state() != AuthError::NONE) {
       GetLabelsForAuthError(auth_error, service, status_label, link_label);
       result_type = SYNC_ERROR;
     }
@@ -91,13 +93,13 @@ SyncStatusUIHelper::MessageType SyncStatusUIHelper::GetLabels(
     result_type = PRE_SYNCED;
     if (service->SetupInProgress()) {
       ProfileSyncService::Status status(service->QueryDetailedSyncStatus());
-      AuthErrorState auth_error(service->GetAuthErrorState());
+      const AuthError& auth_error = service->GetAuthError();
       status_label->assign(
           l10n_util::GetStringUTF16(IDS_SYNC_NTP_SETUP_IN_PROGRESS));
       if (service->UIShouldDepictAuthInProgress()) {
         status_label->assign(
             l10n_util::GetStringUTF16(IDS_SYNC_AUTHENTICATING_LABEL));
-      } else if (auth_error != AUTH_ERROR_NONE) {
+      } else if (auth_error.state() != AuthError::NONE) {
         status_label->clear();
         GetLabelsForAuthError(auth_error, service, status_label, NULL);
         result_type = SYNC_ERROR;
diff --git a/chrome/chrome.gyp b/chrome/chrome.gyp
index 1a55676..a8528f9 100755
--- a/chrome/chrome.gyp
+++ b/chrome/chrome.gyp
@@ -1471,6 +1471,7 @@
         'browser/form_field_history_manager.h',
         'browser/gears_integration.cc',
         'browser/gears_integration.h',
+        'browser/google_service_auth_error.h',
         'browser/google_update.cc',
         'browser/google_update.h',
         'browser/google_update_settings_posix.cc',
diff --git a/chrome/test/live_sync/profile_sync_service_test_harness.cc b/chrome/test/live_sync/profile_sync_service_test_harness.cc
index f15ec89..c2202f7 100644
--- a/chrome/test/live_sync/profile_sync_service_test_harness.cc
+++ b/chrome/test/live_sync/profile_sync_service_test_harness.cc
@@ -7,7 +7,6 @@
 #include "chrome/browser/tab_contents/tab_contents.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/common/pref_service.h"
-#include "chrome/browser/sync/auth_error_state.h"
 #include "chrome/test/live_sync/profile_sync_service_test_harness.h"
 #include "chrome/test/ui_test_utils.h"
 #include "testing/gtest/include/gtest/gtest.h"