chrome/browser/signin/local_auth_unittest.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/signin/local_auth.h"
   6
   7 #include "base/base64.h"
   8 #include "base/prefs/pref_service.h"
   9 #include "chrome/browser/profiles/profile_manager.h"
  10 #include "chrome/test/base/testing_browser_process.h"
  11 #include "chrome/test/base/testing_pref_service_syncable.h"
  12 #include "chrome/test/base/testing_profile.h"
  13 #include "chrome/test/base/testing_profile_manager.h"
  14 #include "components/os_crypt/os_crypt.h"
  15 #include "content/public/test/test_browser_thread_bundle.h"
  16
  17 #include "testing/gtest/include/gtest/gtest.h"
  18
  19 class LocalAuthTest : public testing::Test {
  20   content::TestBrowserThreadBundle thread_bundle_;
  21 };
  22
  23 TEST_F(LocalAuthTest, SetAndCheckCredentials) {
  24   TestingProfileManager testing_profile_manager(
  25       TestingBrowserProcess::GetGlobal());
  26   ASSERT_TRUE(testing_profile_manager.SetUp());
  27   Profile* prof = testing_profile_manager.CreateTestingProfile("p1");
  28   ProfileInfoCache& cache =
  29       testing_profile_manager.profile_manager()->GetProfileInfoCache();
  30   EXPECT_EQ(1U, cache.GetNumberOfProfiles());
  31   EXPECT_EQ("", cache.GetLocalAuthCredentialsOfProfileAtIndex(0));
  32
  33 #if defined(OS_MACOSX)
  34   OSCrypt::UseMockKeychain(true);
  35 #endif
  36
  37   std::string password("Some Password");
  38   EXPECT_FALSE(LocalAuth::ValidateLocalAuthCredentials(prof, password));
  39
  40   LocalAuth::SetLocalAuthCredentials(prof, password);
  41   std::string passhash = cache.GetLocalAuthCredentialsOfProfileAtIndex(0);
  42
  43   // We perform basic validation on the written record to ensure bugs don't slip
  44   // in that cannot be seen from the API:
  45   //  - The encoding exists (we can guarantee future backward compatibility).
  46   //  - The plaintext version of the password is not mistakenly stored anywhere.
  47   EXPECT_FALSE(passhash.empty());
  48   EXPECT_EQ('2', passhash[0]);
  49   EXPECT_EQ(passhash.find(password), std::string::npos);
  50
  51   std::string decodedhash;
  52   base::Base64Decode(passhash.substr(1), &decodedhash);
  53   EXPECT_FALSE(decodedhash.empty());
  54   EXPECT_EQ(decodedhash.find(password), std::string::npos);
  55
  56   EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password));
  57   EXPECT_FALSE(LocalAuth::ValidateLocalAuthCredentials(prof, password + "1"));
  58
  59   LocalAuth::SetLocalAuthCredentials(prof, password);  // makes different salt
  60   EXPECT_NE(passhash, cache.GetLocalAuthCredentialsOfProfileAtIndex(0));
  61 }
  62
  63 TEST_F(LocalAuthTest, SetUpgradeAndCheckCredentials) {
  64   TestingProfileManager testing_profile_manager(
  65       TestingBrowserProcess::GetGlobal());
  66   ASSERT_TRUE(testing_profile_manager.SetUp());
  67   Profile* prof = testing_profile_manager.CreateTestingProfile("p1");
  68   ProfileInfoCache& cache =
  69       testing_profile_manager.profile_manager()->GetProfileInfoCache();
  70
  71 #if defined(OS_MACOSX)
  72   OSCrypt::UseMockKeychain(true);
  73 #endif
  74
  75   std::string password("Some Password");
  76   size_t profile_index = cache.GetIndexOfProfileWithPath(prof->GetPath());
  77   LocalAuth::SetLocalAuthCredentialsWithEncoding(profile_index, password, '1');
  78
  79   // Ensure we indeed persisted the correct encoding.
  80   std::string oldpasshash = cache.GetLocalAuthCredentialsOfProfileAtIndex(
  81       profile_index);
  82   EXPECT_EQ('1', oldpasshash[0]);
  83
  84   // Validate, ensure we can validate against the old encoding.
  85   EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password));
  86
  87   // Ensure we updated the encoding.
  88   std::string newpasshash = cache.GetLocalAuthCredentialsOfProfileAtIndex(
  89       profile_index);
  90   EXPECT_EQ('2', newpasshash[0]);
  91   // Encoding '2' writes fewer bytes than encoding '1'.
  92   EXPECT_LE(newpasshash.length(), oldpasshash.length());
  93
  94   // Validate, ensure we validate against the new encoding.
  95   EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password));
  96 }
  97
  98 // Test truncation where each byte is left whole.
  99 TEST_F(LocalAuthTest, TruncateStringEvenly) {
 100   std::string two_chars = "A6";
 101   std::string three_chars = "A6C";
 102   EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(two_chars, 16));
 103   EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(three_chars, 16));
 104
 105   EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(two_chars, 14));
 106   EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(three_chars, 14));
 107 }
 108
 109 // Test truncation that affects the results within a byte.
 110 TEST_F(LocalAuthTest, TruncateStringUnevenly) {
 111   std::string two_chars = "Az";
 112   std::string three_chars = "AzC";
 113   // 'z' = 0x7A, ':' = 0x3A.
 114   std::string two_chars_truncated = "A:";
 115   EXPECT_EQ(two_chars_truncated,
 116       LocalAuth::TruncateStringByBits(two_chars, 14));
 117   EXPECT_EQ(two_chars_truncated,
 118       LocalAuth::TruncateStringByBits(three_chars, 14));
 119 }