search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert of Add button to add new FSP services to Files app. (patchset #8 id:140001...
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / blocking_login_browsertest.cc
blobdabc1f7acffcb24e4f000deab10a6052e837bf63
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <string>
6 #include <vector>
7
8 #include "base/bind.h"
9 #include "base/command_line.h"
10 #include "base/run_loop.h"
11 #include "base/stl_util.h"
12 #include "chrome/browser/browser_process.h"
13 #include "chrome/browser/chrome_notification_types.h"
14 #include "chrome/browser/chromeos/login/existing_user_controller.h"
15 #include "chrome/browser/chromeos/login/ui/webui_login_display.h"
16 #include "chrome/browser/chromeos/login/wizard_controller.h"
17 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
18 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
19 #include "chrome/browser/ui/webui/chromeos/login/signin_screen_handler.h"
20 #include "chrome/common/chrome_switches.h"
21 #include "chrome/test/base/in_process_browser_test.h"
22 #include "chromeos/chromeos_switches.h"
23 #include "components/policy/core/common/cloud/device_management_service.h"
24 #include "components/policy/core/common/policy_switches.h"
25 #include "components/user_manager/user_manager.h"
26 #include "content/public/browser/notification_observer.h"
27 #include "content/public/browser/notification_registrar.h"
28 #include "content/public/browser/notification_service.h"
29 #include "content/public/test/test_utils.h"
30 #include "google_apis/gaia/fake_gaia.h"
31 #include "google_apis/gaia/gaia_switches.h"
32 #include "google_apis/gaia/gaia_urls.h"
33 #include "net/http/http_status_code.h"
34 #include "net/test/embedded_test_server/embedded_test_server.h"
35 #include "net/test/embedded_test_server/http_request.h"
36 #include "net/test/embedded_test_server/http_response.h"
37 #include "policy/proto/device_management_backend.pb.h"
38 #include "testing/gtest/include/gtest/gtest.h"
39
40 namespace chromeos {
41
42 namespace {
43
44 namespace em = enterprise_management;
45
46 const char kDomain[] = "domain.com";
47 const char kUsername[] = "user@domain.com";
48 const char kUsernameOtherDomain[] = "user@other.com";
49
50 const char kOAuthCodeCookie[] = "oauth_code=1234; Secure; HttpOnly";
51
52 const char kOAuth2TokenPairData[] =
53 "{"
54 " \"refresh_token\": \"1234\","
55 " \"access_token\": \"5678\","
56 " \"expires_in\": 3600"
57 "}";
58
59 const char kOAuth2AccessTokenData[] =
60 "{"
61 " \"access_token\": \"5678\","
62 " \"expires_in\": 3600"
63 "}";
64
65 const char kDMRegisterRequest[] = "/device_management?request=register";
66 const char kDMPolicyRequest[] = "/device_management?request=policy";
67
68 void CopyLockResult(base::RunLoop* loop,
69 policy::EnterpriseInstallAttributes::LockResult* out,
70 policy::EnterpriseInstallAttributes::LockResult result) {
71 *out = result;
72 loop->Quit();
73 }
74
75 } // namespace
76
77 struct BlockingLoginTestParam {
78 const int steps;
79 const char* username;
80 const bool enroll_device;
81 };
82
83 class BlockingLoginTest
84 : public InProcessBrowserTest,
85 public content::NotificationObserver,
86 public testing::WithParamInterface<BlockingLoginTestParam> {
87 public:
88 BlockingLoginTest() : profile_added_(NULL) {}
89
90 void SetUpCommandLine(base::CommandLine* command_line) override {
91 // Initialize the test server early, so that we can use its base url for
92 // the command line flags.
93 ASSERT_TRUE(embedded_test_server()->InitializeAndWaitUntilReady());
94
95 // Use the login manager screens and the gaia auth extension.
96 command_line->AppendSwitch(switches::kLoginManager);
97 command_line->AppendSwitch(switches::kForceLoginManagerInTests);
98 command_line->AppendSwitchASCII(switches::kLoginProfile, "user");
99 command_line->AppendSwitchASCII(::switches::kAuthExtensionPath,
100 "gaia_auth");
101
102 // Redirect requests to gaia and the policy server to the test server.
103 command_line->AppendSwitchASCII(::switches::kGaiaUrl,
104 embedded_test_server()->base_url().spec());
105 command_line->AppendSwitchASCII(::switches::kLsoUrl,
106 embedded_test_server()->base_url().spec());
107 command_line->AppendSwitchASCII(
108 policy::switches::kDeviceManagementUrl,
109 embedded_test_server()->GetURL("/device_management").spec());
110 }
111
112 void SetUpOnMainThread() override {
113 fake_gaia_.Initialize();
114
115 embedded_test_server()->RegisterRequestHandler(
116 base::Bind(&BlockingLoginTest::HandleRequest, base::Unretained(this)));
117 embedded_test_server()->RegisterRequestHandler(
118 base::Bind(&FakeGaia::HandleRequest, base::Unretained(&fake_gaia_)));
119
120 registrar_.Add(this,
121 chrome::NOTIFICATION_PROFILE_ADDED,
122 content::NotificationService::AllSources());
123 }
124
125 void TearDownOnMainThread() override {
126 RunUntilIdle();
127 EXPECT_TRUE(responses_.empty());
128 STLDeleteElements(&responses_);
129 EXPECT_TRUE(embedded_test_server()->ShutdownAndWaitUntilComplete());
130 }
131
132 void Observe(int type,
133 const content::NotificationSource& source,
134 const content::NotificationDetails& details) override {
135 ASSERT_EQ(chrome::NOTIFICATION_PROFILE_ADDED, type);
136 ASSERT_FALSE(profile_added_);
137 profile_added_ = content::Source<Profile>(source).ptr();
138 }
139
140 void RunUntilIdle() {
141 base::RunLoop().RunUntilIdle();
142 }
143
144 policy::BrowserPolicyConnectorChromeOS* browser_policy_connector() {
145 return g_browser_process->platform_part()
146 ->browser_policy_connector_chromeos();
147 }
148
149 void SkipToSigninScreen() {
150 WizardController::SkipPostLoginScreensForTesting();
151 WizardController* wizard_controller =
152 WizardController::default_controller();
153 ASSERT_TRUE(wizard_controller);
154 wizard_controller->SkipToLoginForTesting(LoginScreenContext());
155
156 content::WindowedNotificationObserver(
157 chrome::NOTIFICATION_LOGIN_OR_LOCK_WEBUI_VISIBLE,
158 content::NotificationService::AllSources()).Wait();
159 RunUntilIdle();
160 }
161
162 void EnrollDevice(const std::string& username) {
163 base::RunLoop loop;
164 policy::EnterpriseInstallAttributes::LockResult result;
165 browser_policy_connector()->GetInstallAttributes()->LockDevice(
166 username, policy::DEVICE_MODE_ENTERPRISE, "100200300",
167 base::Bind(&CopyLockResult, &loop, &result));
168 loop.Run();
169 EXPECT_EQ(policy::EnterpriseInstallAttributes::LOCK_SUCCESS, result);
170 RunUntilIdle();
171 }
172
173 void Login(const std::string& username) {
174 content::WindowedNotificationObserver session_started_observer(
175 chrome::NOTIFICATION_SESSION_STARTED,
176 content::NotificationService::AllSources());
177
178 ExistingUserController* controller =
179 ExistingUserController::current_controller();
180 ASSERT_TRUE(controller);
181 WebUILoginDisplay* login_display =
182 static_cast<WebUILoginDisplay*>(controller->login_display());
183 ASSERT_TRUE(login_display);
184
185 login_display->ShowSigninScreenForCreds(username, "password");
186
187 // Wait for the session to start after submitting the credentials. This
188 // will wait until all the background requests are done.
189 session_started_observer.Wait();
190 }
191
192 // Handles an HTTP request sent to the test server. This handler either
193 // uses a canned response in |responses_| if the request path matches one
194 // of the URLs that we mock, otherwise this handler delegates to |fake_gaia_|.
195 scoped_ptr<net::test_server::HttpResponse> HandleRequest(
196 const net::test_server::HttpRequest& request) {
197 scoped_ptr<net::test_server::HttpResponse> response;
198
199 GaiaUrls* gaia = GaiaUrls::GetInstance();
200 if (request.relative_url == gaia->client_login_to_oauth2_url().path() ||
201 request.relative_url == gaia->oauth2_token_url().path() ||
202 request.relative_url.find(kDMRegisterRequest) == 0 ||
203 request.relative_url.find(kDMPolicyRequest) == 0) {
204 if (!responses_.empty()) {
205 response.reset(responses_.back());
206 responses_.pop_back();
207 }
208 }
209
210 return response.Pass();
211 }
212
213 // Creates a new canned response that will respond with the given HTTP
214 // status |code|. That response is appended to |responses_| and will be the
215 // next response used.
216 // Returns a reference to that response, so that it can be further customized.
217 net::test_server::BasicHttpResponse& PushResponse(net::HttpStatusCode code) {
218 net::test_server::BasicHttpResponse* response =
219 new net::test_server::BasicHttpResponse();
220 response->set_code(code);
221 responses_.push_back(response);
222 return *response;
223 }
224
225 // Returns the body of the register response from the policy server.
226 std::string GetRegisterResponse() {
227 em::DeviceManagementResponse response;
228 em::DeviceRegisterResponse* register_response =
229 response.mutable_register_response();
230 register_response->set_device_management_token("1234");
231 register_response->set_enrollment_type(
232 em::DeviceRegisterResponse::ENTERPRISE);
233 std::string data;
234 EXPECT_TRUE(response.SerializeToString(&data));
235 return data;
236 }
237
238 // Returns the body of the fetch response from the policy server.
239 std::string GetPolicyResponse() {
240 em::DeviceManagementResponse response;
241 response.mutable_policy_response()->add_response();
242 std::string data;
243 EXPECT_TRUE(response.SerializeToString(&data));
244 return data;
245 }
246
247 protected:
248 Profile* profile_added_;
249
250 private:
251 FakeGaia fake_gaia_;
252 std::vector<net::test_server::HttpResponse*> responses_;
253 content::NotificationRegistrar registrar_;
254
255 DISALLOW_COPY_AND_ASSIGN(BlockingLoginTest);
256 };
257
258 IN_PROC_BROWSER_TEST_P(BlockingLoginTest, LoginBlocksForUser) {
259 // Verify that there isn't a logged in user when the test starts.
260 user_manager::UserManager* user_manager = user_manager::UserManager::Get();
261 EXPECT_FALSE(user_manager->IsUserLoggedIn());
262 EXPECT_FALSE(browser_policy_connector()->IsEnterpriseManaged());
263 EXPECT_FALSE(profile_added_);
264
265 // Enroll the device, if enrollment is enabled for this test instance.
266 if (GetParam().enroll_device) {
267 EnrollDevice(kUsername);
268
269 EXPECT_FALSE(user_manager->IsUserLoggedIn());
270 EXPECT_TRUE(browser_policy_connector()->IsEnterpriseManaged());
271 EXPECT_EQ(kDomain, browser_policy_connector()->GetEnterpriseDomain());
272 EXPECT_FALSE(profile_added_);
273 EXPECT_EQ(policy::USER_AFFILIATION_MANAGED,
274 browser_policy_connector()->GetUserAffiliation(kUsername));
275 RunUntilIdle();
276 EXPECT_FALSE(user_manager->IsKnownUser(kUsername));
277 }
278
279 // Skip the OOBE, go to the sign-in screen, and wait for the login screen to
280 // become visible.
281 SkipToSigninScreen();
282 EXPECT_FALSE(profile_added_);
283
284 // Prepare the fake HTTP responses.
285 if (GetParam().steps < 5) {
286 // If this instance is not going to complete the entire flow successfully
287 // then the last step will fail.
288
289 // This response body is important to make the gaia fetcher skip its delayed
290 // retry behavior, which makes testing harder. If this is sent to the policy
291 // fetchers then it will make them fail too.
292 PushResponse(net::HTTP_UNAUTHORIZED).set_content("Error=AccountDeleted");
293 }
294
295 // Push a response for each step that is going to succeed, in reverse order.
296 switch (GetParam().steps) {
297 default:
298 ADD_FAILURE() << "Invalid step number: " << GetParam().steps;
299 return;
300
301 case 5:
302 PushResponse(net::HTTP_OK).set_content(GetPolicyResponse());
303
304 case 4:
305 PushResponse(net::HTTP_OK).set_content(GetRegisterResponse());
306
307 case 3:
308 PushResponse(net::HTTP_OK).set_content(kOAuth2AccessTokenData);
309
310 case 2:
311 PushResponse(net::HTTP_OK).set_content(kOAuth2TokenPairData);
312
313 case 1:
314 PushResponse(net::HTTP_OK)
315 .AddCustomHeader("Set-Cookie", kOAuthCodeCookie);
316 break;
317
318 case 0:
319 break;
320 }
321
322 // Login now. This verifies that logging in with the canned responses (which
323 // may include failures) won't be blocked due to the potential failures.
324 EXPECT_FALSE(profile_added_);
325 Login(GetParam().username);
326 EXPECT_TRUE(profile_added_);
327 ASSERT_TRUE(user_manager->IsUserLoggedIn());
328 EXPECT_TRUE(user_manager->IsCurrentUserNew());
329 }
330
331 const BlockingLoginTestParam kBlockinLoginTestCases[] = {
332 { 0, kUsername, true },
333 { 1, kUsername, true },
334 { 2, kUsername, true },
335 { 3, kUsername, true },
336 { 4, kUsername, true },
337 { 5, kUsername, true },
338 { 0, kUsername, false },
339 { 1, kUsername, false },
340 { 2, kUsername, false },
341 { 3, kUsername, false },
342 { 4, kUsername, false },
343 { 5, kUsername, false },
344 { 0, kUsernameOtherDomain, true },
345 { 1, kUsernameOtherDomain, true },
346 { 2, kUsernameOtherDomain, true },
347 { 3, kUsernameOtherDomain, true },
348 { 4, kUsernameOtherDomain, true },
349 { 5, kUsernameOtherDomain, true },
350 };
351
352 INSTANTIATE_TEST_CASE_P(BlockingLoginTestInstance,
353 BlockingLoginTest,
354 testing::ValuesIn(kBlockinLoginTestCases));
355
356 } // namespace chromeos