Bug 966520 - have sync prefs pane open the new "force sign in" page. r=gavin

browser/app/profile/firefox.js

@@ -1343,6 +1343,10 @@ pref("browser.uiCustomization.debug", false);
 // be fetched. Must use HTTPS.
 pref("identity.fxaccounts.remote.uri", "https://accounts.firefox.com/?service=sync&context=fx_desktop_v1");
 
+// The URL where remote content that forces re-authentication for Firefox Accounts
+// should be fetched.  Must use HTTPS.
+pref("identity.fxaccounts.remote.force_auth.uri", "https://accounts.firefox.com/force_auth?service=sync&context=fx_desktop_v1");
+
 // The URL we take the user to when they opt to "manage" their Firefox Account.
 // Note that this will always need to be in the same TLD as the
 // "identity.fxaccounts.remote.uri" pref.

browser/base/content/aboutaccounts/aboutaccounts.js

@@ -76,7 +76,7 @@ function promptForRelink(acctName) {
 let wrapper = {
   iframe: null,
 
-  init: function () {
+  init: function (url=null) {
     let weave = Cc["@mozilla.org/weave/service;1"]
                   .getService(Ci.nsISupports)
                   .wrappedJSObject;
@@ -92,7 +92,7 @@ let wrapper = {
     iframe.addEventListener("load", this);
 
     try {
-      iframe.src = fxAccounts.getAccountsURI();
+      iframe.src = url || fxAccounts.getAccountsURI();
     } catch (e) {
       error("Couldn't init Firefox Account wrapper: " + e.message);
     }
@@ -236,11 +236,14 @@ function openPrefs() {
 }
 
 function init() {
-  let signinQuery = window.location.href.match(/signin=true$/);
-
-  if (signinQuery) {
+  if (window.location.href.contains("action=signin")) {
     show("remote");
     wrapper.init();
+  } else if (window.location.href.contains("action=reauth")) {
+    fxAccounts.promiseAccountsForceSigninURI().then(url => {
+      show("remote");
+      wrapper.init(url);
+    });
   } else {
     // Check if we have a local account
     fxAccounts.getSignedInUser().then(user => {

browser/components/preferences/sync.js

@@ -256,8 +256,12 @@ let gSyncPane = {
     window.close();
   },
 
+  signIn: function() {
+    this.openContentInBrowser("about:accounts?action=signin");
+  },
+
   reSignIn: function() {
-    this.openContentInBrowser("about:accounts");
+    this.openContentInBrowser("about:accounts?action=reauth");
   },
 
   manageFirefoxAccount: function() {

browser/components/preferences/sync.xul

@@ -188,7 +188,7 @@
         <vbox id="noFxaAccount">
           <description>&welcome.description;</description>
           <label class="text-link"
-                 onclick="gSyncPane.openContentInBrowser('about:accounts?signin=true'); return false;"
+                 onclick="gSyncPane.signIn(); return false;"
                  value="&welcome.startButton.label;"/>
           <spacer flex="1"/>
           <label class="text-link"

services/fxaccounts/FxAccounts.jsm

@@ -645,7 +645,26 @@ this.FxAccounts.prototype = Object.freeze({
       throw new Error("Firefox Accounts server must use HTTPS");
     }
     return url;
-  }
+  },
+
+  // Returns a promise that resolves with the URL to use to force a re-signin
+  // of the current account.
+  promiseAccountsForceSigninURI: function() {
+    let url = Services.urlFormatter.formatURLPref("identity.fxaccounts.remote.force_auth.uri");
+    if (!/^https:/.test(url)) { // Comment to un-break emacs js-mode highlighting
+      throw new Error("Firefox Accounts server must use HTTPS");
+    }
+    // but we need to append the email address onto a query string.
+    return this.getSignedInUser().then(accountData => {
+      if (!accountData) {
+        return null;
+      }
+      let newQueryPortion = url.indexOf("?") == -1 ? "?" : "&";
+      newQueryPortion += "email=" + encodeURIComponent(accountData.email);
+      return url + newQueryPortion;
+    });
+  },
+
 });
 
 /**