cros: Clear secret when it is no longer needed.

BUG=416127

Review URL: https://codereview.chromium.org/589643003

Cr-Commit-Position: refs/heads/master@{#295869}

1 files changed, 8 insertions, 0 deletions

diff --git a/chrome/browser/chromeos/login/session/user_session_manager.cc b/chrome/browser/chromeos/login/session/user_session_manager.cc
index a760b37..bd6bfa9 100644
--- a/chrome/browser/chromeos/login/session/user_session_manager.cc
+++ b/chrome/browser/chromeos/login/session/user_session_manager.cc
@@ -796,6 +796,7 @@ void UserSessionManager::FinalizePrepareProfile(Profile* profile) {
     delegate_->OnProfilePrepared(profile);
 
   UpdateEasyUnlockKeys(profile);
+  user_context_.ClearSecrets();
 }
 
 void UserSessionManager::InitSessionRestoreStrategy() {
@@ -1003,6 +1004,13 @@ void UserSessionManager::UpdateEasyUnlockKeys(Profile* user_profile) {
   if (user_context_.GetUserType() != user_manager::USER_TYPE_REGULAR)
     return;
 
+  // Bail if |user_context_| does not have secret.
+  if (user_context_.GetKey()->GetSecret().empty()) {
+    // Nagging if this is not crash restore case.
+    DCHECK(user_sessions_restored_);
+    return;
+  }
+
   // |user_context_| and |user_profile| must belong to the same user.
   DCHECK_EQ(SigninManagerFactory::GetForProfile(user_profile)
                 ->GetAuthenticatedAccountId(),