search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert of Add button to add new FSP services to Files app. (patchset #8 id:140001...
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / device_local_account_policy_service_unittest.cc
blob135584602807e5e0fddca009fb56b68e18659922
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
6
7 #include <algorithm>
8
9 #include "base/bind.h"
10 #include "base/bind_helpers.h"
11 #include "base/callback.h"
12 #include "base/files/file_path.h"
13 #include "base/files/file_util.h"
14 #include "base/files/scoped_temp_dir.h"
15 #include "base/message_loop/message_loop.h"
16 #include "base/message_loop/message_loop_proxy.h"
17 #include "base/path_service.h"
18 #include "base/run_loop.h"
19 #include "base/strings/string_number_conversions.h"
20 #include "base/strings/stringprintf.h"
21 #include "base/test/scoped_path_override.h"
22 #include "base/test/test_simple_task_runner.h"
23 #include "chrome/browser/chromeos/policy/device_local_account.h"
24 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h"
25 #include "chrome/browser/chromeos/policy/fake_affiliated_invalidation_service_provider.h"
26 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
27 #include "chrome/browser/chromeos/settings/cros_settings.h"
28 #include "chrome/browser/chromeos/settings/device_settings_service.h"
29 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
30 #include "chrome/common/chrome_paths.h"
31 #include "chromeos/chromeos_paths.h"
32 #include "chromeos/dbus/power_policy_controller.h"
33 #include "components/policy/core/common/cloud/cloud_policy_client.h"
34 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
35 #include "components/policy/core/common/cloud/cloud_policy_service.h"
36 #include "components/policy/core/common/cloud/mock_device_management_service.h"
37 #include "components/policy/core/common/cloud/policy_builder.h"
38 #include "components/policy/core/common/external_data_fetcher.h"
39 #include "components/policy/core/common/mock_configuration_policy_provider.h"
40 #include "components/policy/core/common/policy_bundle.h"
41 #include "components/policy/core/common/policy_map.h"
42 #include "components/policy/core/common/schema_registry.h"
43 #include "net/url_request/url_request_context_getter.h"
44 #include "net/url_request/url_request_test_util.h"
45 #include "policy/policy_constants.h"
46 #include "policy/proto/cloud_policy.pb.h"
47 #include "policy/proto/device_management_backend.pb.h"
48 #include "testing/gtest/include/gtest/gtest.h"
49
50 using testing::AnyNumber;
51 using testing::AtLeast;
52 using testing::Mock;
53 using testing::SaveArg;
54 using testing::_;
55
56 namespace em = enterprise_management;
57
58 namespace policy {
59
60 namespace {
61
62 const char kAccount1[] = "account1@localhost";
63 const char kAccount2[] = "account2@localhost";
64 const char kAccount3[] = "account3@localhost";
65
66 const char kExtensionID[] = "kbmnembihfiondgfjekmnmcbddelicoi";
67 const char kExtensionVersion[] = "1.0.0.0";
68 const char kExtensionCRXPath[] = "extensions/hosted_app.crx";
69 const char kUpdateURL[] = "https://clients2.google.com/service/update2/crx";
70
71 } // namespace
72
73 class MockDeviceLocalAccountPolicyServiceObserver
74 : public DeviceLocalAccountPolicyService::Observer {
75 public:
76 MOCK_METHOD1(OnPolicyUpdated, void(const std::string&));
77 MOCK_METHOD0(OnDeviceLocalAccountsChanged, void(void));
78 };
79
80 class DeviceLocalAccountPolicyServiceTestBase
81 : public chromeos::DeviceSettingsTestBase {
82 public:
83 DeviceLocalAccountPolicyServiceTestBase();
84
85 void SetUp() override;
86 void TearDown() override;
87
88 void CreatePolicyService();
89
90 void InstallDeviceLocalAccountPolicy(const std::string& account_id);
91 void AddDeviceLocalAccountToPolicy(const std::string& account_id);
92 virtual void InstallDevicePolicy();
93
94 const std::string account_1_user_id_;
95 const std::string account_2_user_id_;
96
97 PolicyMap expected_policy_map_;
98 UserPolicyBuilder device_local_account_policy_;
99 chromeos::CrosSettings cros_settings_;
100 scoped_refptr<base::TestSimpleTaskRunner> extension_cache_task_runner_;
101 MockDeviceManagementService mock_device_management_service_;
102 FakeAffiliatedInvalidationServiceProvider
103 affiliated_invalidation_service_provider_;
104 scoped_ptr<DeviceLocalAccountPolicyService> service_;
105
106 private:
107 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTestBase);
108 };
109
110 class DeviceLocalAccountPolicyServiceTest
111 : public DeviceLocalAccountPolicyServiceTestBase {
112 public:
113 MOCK_METHOD1(OnRefreshDone, void(bool));
114
115 protected:
116 DeviceLocalAccountPolicyServiceTest();
117
118 virtual void SetUp() override;
119 virtual void TearDown() override;
120
121 void InstallDevicePolicy() override;
122
123 MockDeviceLocalAccountPolicyServiceObserver service_observer_;
124
125 private:
126 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTest);
127 };
128
129 DeviceLocalAccountPolicyServiceTestBase::
130 DeviceLocalAccountPolicyServiceTestBase()
131 : account_1_user_id_(GenerateDeviceLocalAccountUserId(
132 kAccount1,
133 DeviceLocalAccount::TYPE_PUBLIC_SESSION)),
134 account_2_user_id_(GenerateDeviceLocalAccountUserId(
135 kAccount2,
136 DeviceLocalAccount::TYPE_PUBLIC_SESSION)),
137 cros_settings_(&device_settings_service_),
138 extension_cache_task_runner_(new base::TestSimpleTaskRunner) {
139 }
140
141 void DeviceLocalAccountPolicyServiceTestBase::SetUp() {
142 chromeos::DeviceSettingsTestBase::SetUp();
143
144 expected_policy_map_.Set(key::kDisableSpdy,
145 POLICY_LEVEL_MANDATORY,
146 POLICY_SCOPE_USER,
147 new base::FundamentalValue(true),
148 NULL);
149
150 device_local_account_policy_.payload().mutable_disablespdy()->set_value(
151 true);
152 device_local_account_policy_.policy_data().set_policy_type(
153 dm_protocol::kChromePublicAccountPolicyType);
154 }
155
156 void DeviceLocalAccountPolicyServiceTestBase::TearDown() {
157 service_->Shutdown();
158 service_.reset();
159 extension_cache_task_runner_->RunUntilIdle();
160 chromeos::DeviceSettingsTestBase::TearDown();
161 }
162
163 void DeviceLocalAccountPolicyServiceTestBase::CreatePolicyService() {
164 service_.reset(new DeviceLocalAccountPolicyService(
165 &device_settings_test_helper_,
166 &device_settings_service_,
167 &cros_settings_,
168 &affiliated_invalidation_service_provider_,
169 base::MessageLoopProxy::current(),
170 extension_cache_task_runner_,
171 base::MessageLoopProxy::current(),
172 base::MessageLoopProxy::current(),
173 new net::TestURLRequestContextGetter(base::MessageLoopProxy::current())));
174 }
175
176 void DeviceLocalAccountPolicyServiceTestBase::
177 InstallDeviceLocalAccountPolicy(const std::string& account_id) {
178 device_local_account_policy_.policy_data().set_settings_entity_id(account_id);
179 device_local_account_policy_.policy_data().set_username(account_id);
180 device_local_account_policy_.Build();
181 device_settings_test_helper_.set_device_local_account_policy_blob(
182 account_id, device_local_account_policy_.GetBlob());
183 }
184
185 void DeviceLocalAccountPolicyServiceTestBase::AddDeviceLocalAccountToPolicy(
186 const std::string& account_id) {
187 em::DeviceLocalAccountInfoProto* account =
188 device_policy_.payload().mutable_device_local_accounts()->add_account();
189 account->set_account_id(account_id);
190 account->set_type(
191 em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION);
192 }
193
194 void DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy() {
195 device_policy_.Build();
196 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
197 ReloadDeviceSettings();
198 }
199
200 DeviceLocalAccountPolicyServiceTest::DeviceLocalAccountPolicyServiceTest() {
201 CreatePolicyService();
202 }
203
204 void DeviceLocalAccountPolicyServiceTest::SetUp() {
205 DeviceLocalAccountPolicyServiceTestBase::SetUp();
206 service_->AddObserver(&service_observer_);
207 }
208
209 void DeviceLocalAccountPolicyServiceTest::TearDown() {
210 service_->RemoveObserver(&service_observer_);
211 DeviceLocalAccountPolicyServiceTestBase::TearDown();
212 }
213
214 void DeviceLocalAccountPolicyServiceTest::InstallDevicePolicy() {
215 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged());
216 DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy();
217 Mock::VerifyAndClearExpectations(&service_observer_);
218 }
219
220 TEST_F(DeviceLocalAccountPolicyServiceTest, NoAccounts) {
221 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_));
222 }
223
224 TEST_F(DeviceLocalAccountPolicyServiceTest, GetBroker) {
225 InstallDeviceLocalAccountPolicy(kAccount1);
226 AddDeviceLocalAccountToPolicy(kAccount1);
227 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
228 InstallDevicePolicy();
229
230 DeviceLocalAccountPolicyBroker* broker =
231 service_->GetBrokerForUser(account_1_user_id_);
232 ASSERT_TRUE(broker);
233 EXPECT_EQ(account_1_user_id_, broker->user_id());
234 ASSERT_TRUE(broker->core()->store());
235 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
236 EXPECT_FALSE(broker->core()->client());
237 EXPECT_FALSE(broker->core()->store()->policy_map().empty());
238 EXPECT_FALSE(broker->HasInvalidatorForTest());
239 }
240
241 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadNoPolicy) {
242 AddDeviceLocalAccountToPolicy(kAccount1);
243 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
244 InstallDevicePolicy();
245
246 DeviceLocalAccountPolicyBroker* broker =
247 service_->GetBrokerForUser(account_1_user_id_);
248 ASSERT_TRUE(broker);
249 EXPECT_EQ(account_1_user_id_, broker->user_id());
250 ASSERT_TRUE(broker->core()->store());
251 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR,
252 broker->core()->store()->status());
253 EXPECT_TRUE(broker->core()->store()->policy_map().empty());
254 EXPECT_FALSE(broker->HasInvalidatorForTest());
255 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_));
256 }
257
258 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadValidationFailure) {
259 device_local_account_policy_.policy_data().set_policy_type(
260 dm_protocol::kChromeUserPolicyType);
261 InstallDeviceLocalAccountPolicy(kAccount1);
262 AddDeviceLocalAccountToPolicy(kAccount1);
263 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
264 InstallDevicePolicy();
265
266 DeviceLocalAccountPolicyBroker* broker =
267 service_->GetBrokerForUser(account_1_user_id_);
268 ASSERT_TRUE(broker);
269 EXPECT_EQ(account_1_user_id_, broker->user_id());
270 ASSERT_TRUE(broker->core()->store());
271 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR,
272 broker->core()->store()->status());
273 EXPECT_TRUE(broker->core()->store()->policy_map().empty());
274 EXPECT_FALSE(broker->HasInvalidatorForTest());
275 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_));
276 }
277
278 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadPolicy) {
279 InstallDeviceLocalAccountPolicy(kAccount1);
280 AddDeviceLocalAccountToPolicy(kAccount1);
281 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
282 InstallDevicePolicy();
283
284 DeviceLocalAccountPolicyBroker* broker =
285 service_->GetBrokerForUser(account_1_user_id_);
286 ASSERT_TRUE(broker);
287 EXPECT_EQ(account_1_user_id_, broker->user_id());
288 ASSERT_TRUE(broker->core()->store());
289 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
290 ASSERT_TRUE(broker->core()->store()->policy());
291 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
292 broker->core()->store()->policy()->SerializeAsString());
293 EXPECT_TRUE(expected_policy_map_.Equals(
294 broker->core()->store()->policy_map()));
295 EXPECT_FALSE(broker->HasInvalidatorForTest());
296 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
297 }
298
299 TEST_F(DeviceLocalAccountPolicyServiceTest, StoreValidationFailure) {
300 AddDeviceLocalAccountToPolicy(kAccount1);
301 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
302 InstallDevicePolicy();
303 Mock::VerifyAndClearExpectations(&service_observer_);
304
305 DeviceLocalAccountPolicyBroker* broker =
306 service_->GetBrokerForUser(account_1_user_id_);
307 ASSERT_TRUE(broker);
308 EXPECT_EQ(account_1_user_id_, broker->user_id());
309 ASSERT_TRUE(broker->core()->store());
310
311 device_local_account_policy_.policy_data().set_policy_type(
312 dm_protocol::kChromeUserPolicyType);
313 device_local_account_policy_.Build();
314 broker->core()->store()->Store(device_local_account_policy_.policy());
315 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
316 FlushDeviceSettings();
317
318 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR,
319 broker->core()->store()->status());
320 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE,
321 broker->core()->store()->validation_status());
322 EXPECT_FALSE(broker->HasInvalidatorForTest());
323 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_));
324 }
325
326 TEST_F(DeviceLocalAccountPolicyServiceTest, StorePolicy) {
327 AddDeviceLocalAccountToPolicy(kAccount1);
328 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
329 InstallDevicePolicy();
330 Mock::VerifyAndClearExpectations(&service_observer_);
331
332 DeviceLocalAccountPolicyBroker* broker =
333 service_->GetBrokerForUser(account_1_user_id_);
334 ASSERT_TRUE(broker);
335 EXPECT_EQ(account_1_user_id_, broker->user_id());
336 ASSERT_TRUE(broker->core()->store());
337
338 device_local_account_policy_.policy_data().set_settings_entity_id(kAccount1);
339 device_local_account_policy_.policy_data().set_username(kAccount1);
340 device_local_account_policy_.Build();
341 broker->core()->store()->Store(device_local_account_policy_.policy());
342 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
343 FlushDeviceSettings();
344
345 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
346 ASSERT_TRUE(broker->core()->store()->policy());
347 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
348 broker->core()->store()->policy()->SerializeAsString());
349 EXPECT_TRUE(expected_policy_map_.Equals(
350 broker->core()->store()->policy_map()));
351 EXPECT_FALSE(broker->HasInvalidatorForTest());
352 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
353 }
354
355 TEST_F(DeviceLocalAccountPolicyServiceTest, DevicePolicyChange) {
356 InstallDeviceLocalAccountPolicy(kAccount1);
357 AddDeviceLocalAccountToPolicy(kAccount1);
358 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
359 InstallDevicePolicy();
360
361 device_policy_.payload().mutable_device_local_accounts()->clear_account();
362 InstallDevicePolicy();
363
364 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_));
365 }
366
367 TEST_F(DeviceLocalAccountPolicyServiceTest, DuplicateAccounts) {
368 InstallDeviceLocalAccountPolicy(kAccount1);
369 AddDeviceLocalAccountToPolicy(kAccount1);
370 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
371 InstallDevicePolicy();
372 Mock::VerifyAndClearExpectations(&service_observer_);
373
374 // Add a second entry with a duplicate account name to device policy.
375 AddDeviceLocalAccountToPolicy(kAccount1);
376 InstallDevicePolicy();
377
378 // Make sure the broker is accessible and policy got loaded.
379 DeviceLocalAccountPolicyBroker* broker =
380 service_->GetBrokerForUser(account_1_user_id_);
381 ASSERT_TRUE(broker);
382 EXPECT_EQ(account_1_user_id_, broker->user_id());
383 ASSERT_TRUE(broker->core()->store());
384 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
385 ASSERT_TRUE(broker->core()->store()->policy());
386 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
387 broker->core()->store()->policy()->SerializeAsString());
388 EXPECT_TRUE(expected_policy_map_.Equals(
389 broker->core()->store()->policy_map()));
390 EXPECT_FALSE(broker->HasInvalidatorForTest());
391 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
392 }
393
394 TEST_F(DeviceLocalAccountPolicyServiceTest, FetchPolicy) {
395 InstallDeviceLocalAccountPolicy(kAccount1);
396 AddDeviceLocalAccountToPolicy(kAccount1);
397 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
398 InstallDevicePolicy();
399
400 DeviceLocalAccountPolicyBroker* broker =
401 service_->GetBrokerForUser(account_1_user_id_);
402 ASSERT_TRUE(broker);
403
404 service_->Connect(&mock_device_management_service_);
405 EXPECT_TRUE(broker->core()->client());
406
407 em::DeviceManagementRequest request;
408 em::DeviceManagementResponse response;
409 response.mutable_policy_response()->add_response()->CopyFrom(
410 device_local_account_policy_.policy());
411 EXPECT_CALL(mock_device_management_service_,
412 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH, _))
413 .WillOnce(mock_device_management_service_.SucceedJob(response));
414 EXPECT_CALL(mock_device_management_service_,
415 StartJob(dm_protocol::kValueRequestPolicy,
416 std::string(), std::string(),
417 device_policy_.policy_data().request_token(),
418 dm_protocol::kValueUserAffiliationManaged,
419 device_policy_.policy_data().device_id(),
420 _))
421 .WillOnce(SaveArg<6>(&request));
422 // This will be called twice, because the ComponentCloudPolicyService will
423 // also become ready after flushing all the pending tasks.
424 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)).Times(2);
425 FlushDeviceSettings();
426 Mock::VerifyAndClearExpectations(&service_observer_);
427 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
428 EXPECT_TRUE(request.has_policy_request());
429 ASSERT_EQ(2, request.policy_request().request_size());
430
431 const em::PolicyFetchRequest* public_account =
432 &request.policy_request().request(0);
433 const em::PolicyFetchRequest* extensions =
434 &request.policy_request().request(1);
435 // The order is not guarateed.
436 if (extensions->policy_type() ==
437 dm_protocol::kChromePublicAccountPolicyType) {
438 std::swap(public_account, extensions);
439 }
440
441 EXPECT_EQ(dm_protocol::kChromePublicAccountPolicyType,
442 public_account->policy_type());
443 EXPECT_FALSE(public_account->has_machine_id());
444 EXPECT_EQ(kAccount1, public_account->settings_entity_id());
445
446 EXPECT_EQ(dm_protocol::kChromeExtensionPolicyType,
447 extensions->policy_type());
448 EXPECT_FALSE(extensions->has_machine_id());
449 EXPECT_FALSE(extensions->has_settings_entity_id());
450
451 ASSERT_TRUE(broker->core()->store());
452 EXPECT_EQ(CloudPolicyStore::STATUS_OK,
453 broker->core()->store()->status());
454 ASSERT_TRUE(broker->core()->store()->policy());
455 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
456 broker->core()->store()->policy()->SerializeAsString());
457 EXPECT_TRUE(expected_policy_map_.Equals(
458 broker->core()->store()->policy_map()));
459 EXPECT_TRUE(broker->HasInvalidatorForTest());
460 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
461 }
462
463 TEST_F(DeviceLocalAccountPolicyServiceTest, RefreshPolicy) {
464 InstallDeviceLocalAccountPolicy(kAccount1);
465 AddDeviceLocalAccountToPolicy(kAccount1);
466 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
467 InstallDevicePolicy();
468
469 DeviceLocalAccountPolicyBroker* broker =
470 service_->GetBrokerForUser(account_1_user_id_);
471 ASSERT_TRUE(broker);
472
473 service_->Connect(&mock_device_management_service_);
474 ASSERT_TRUE(broker->core()->service());
475
476 em::DeviceManagementResponse response;
477 response.mutable_policy_response()->add_response()->CopyFrom(
478 device_local_account_policy_.policy());
479 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _))
480 .WillOnce(mock_device_management_service_.SucceedJob(response));
481 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _));
482 EXPECT_CALL(*this, OnRefreshDone(true)).Times(1);
483 // This will be called twice, because the ComponentCloudPolicyService will
484 // also become ready after flushing all the pending tasks.
485 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)).Times(2);
486 broker->core()->service()->RefreshPolicy(
487 base::Bind(&DeviceLocalAccountPolicyServiceTest::OnRefreshDone,
488 base::Unretained(this)));
489 FlushDeviceSettings();
490 Mock::VerifyAndClearExpectations(&service_observer_);
491 Mock::VerifyAndClearExpectations(this);
492 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
493
494 ASSERT_TRUE(broker->core()->store());
495 EXPECT_EQ(CloudPolicyStore::STATUS_OK,
496 broker->core()->store()->status());
497 EXPECT_TRUE(expected_policy_map_.Equals(
498 broker->core()->store()->policy_map()));
499 EXPECT_TRUE(broker->HasInvalidatorForTest());
500 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
501 }
502
503 class DeviceLocalAccountPolicyExtensionCacheTest
504 : public DeviceLocalAccountPolicyServiceTestBase {
505 protected:
506 DeviceLocalAccountPolicyExtensionCacheTest();
507
508 void SetUp() override;
509
510 base::FilePath GetCacheDirectoryForAccountID(const std::string& account_id);
511
512 base::ScopedTempDir cache_root_dir_;
513 scoped_ptr<base::ScopedPathOverride> cache_root_dir_override_;
514
515 base::FilePath cache_dir_1_;
516 base::FilePath cache_dir_2_;
517 base::FilePath cache_dir_3_;
518
519 private:
520 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyExtensionCacheTest);
521 };
522
523 DeviceLocalAccountPolicyExtensionCacheTest::
524 DeviceLocalAccountPolicyExtensionCacheTest() {
525 }
526
527 void DeviceLocalAccountPolicyExtensionCacheTest::SetUp() {
528 DeviceLocalAccountPolicyServiceTestBase::SetUp();
529 ASSERT_TRUE(cache_root_dir_.CreateUniqueTempDir());
530 cache_root_dir_override_.reset(new base::ScopedPathOverride(
531 chromeos::DIR_DEVICE_LOCAL_ACCOUNT_EXTENSIONS,
532 cache_root_dir_.path()));
533
534 cache_dir_1_ = GetCacheDirectoryForAccountID(kAccount1);
535 cache_dir_2_ = GetCacheDirectoryForAccountID(kAccount2);
536 cache_dir_3_ = GetCacheDirectoryForAccountID(kAccount3);
537
538 em::StringList* forcelist = device_local_account_policy_.payload()
539 .mutable_extensioninstallforcelist()->mutable_value();
540 forcelist->add_entries(base::StringPrintf("%s;%s", kExtensionID, kUpdateURL));
541 }
542
543 base::FilePath DeviceLocalAccountPolicyExtensionCacheTest::
544 GetCacheDirectoryForAccountID(const std::string& account_id) {
545 return cache_root_dir_.path().Append(base::HexEncode(account_id.c_str(),
546 account_id.size()));
547 }
548
549 // Verifies that during startup, orphaned cache directories are deleted,
550 // cache directories belonging to an existing account are preserved and missing
551 // cache directories are created. Also verifies that when startup is complete,
552 // the caches for all existing accounts are running.
553 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, Startup) {
554 base::FilePath test_data_dir;
555 ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &test_data_dir));
556 const base::FilePath source_crx_file =
557 test_data_dir.Append(kExtensionCRXPath);
558 const std::string target_crx_file_name =
559 base::StringPrintf("%s-%s.crx", kExtensionID, kExtensionVersion);
560
561 // Create and pre-populate a cache directory for account 1.
562 EXPECT_TRUE(base::CreateDirectory(cache_dir_1_));
563 EXPECT_TRUE(CopyFile(source_crx_file,
564 cache_dir_1_.Append(target_crx_file_name)));
565
566 // Create and pre-populate a cache directory for account 3.
567 EXPECT_TRUE(base::CreateDirectory(cache_dir_3_));
568 EXPECT_TRUE(CopyFile(source_crx_file,
569 cache_dir_3_.Append(target_crx_file_name)));
570
571 // Add accounts 1 and 2 to device policy.
572 InstallDeviceLocalAccountPolicy(kAccount1);
573 InstallDeviceLocalAccountPolicy(kAccount2);
574 AddDeviceLocalAccountToPolicy(kAccount1);
575 AddDeviceLocalAccountToPolicy(kAccount2);
576 InstallDevicePolicy();
577
578 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
579 // deletion of orphaned cache directories.
580 CreatePolicyService();
581 FlushDeviceSettings();
582 extension_cache_task_runner_->RunUntilIdle();
583
584 // Verify that the cache directory for account 1 and its contents still exist.
585 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_));
586 EXPECT_TRUE(ContentsEqual(source_crx_file,
587 cache_dir_1_.Append(target_crx_file_name)));
588
589 // Verify that a cache directory for account 2 was created.
590 EXPECT_TRUE(base::DirectoryExists(cache_dir_2_));
591
592 // Verify that the cache directory for account 3 was deleted.
593 EXPECT_FALSE(base::DirectoryExists(cache_dir_3_));
594
595 // Verify that the cache for account 1 has been started.
596 DeviceLocalAccountPolicyBroker* broker =
597 service_->GetBrokerForUser(account_1_user_id_);
598 ASSERT_TRUE(broker);
599 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
600
601 // Verify that the cache for account 2 has been started.
602 broker = service_->GetBrokerForUser(account_2_user_id_);
603 ASSERT_TRUE(broker);
604 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
605 }
606
607 // Verifies that while the deletion of orphaned cache directories is in
608 // progress, the caches for accounts which existed before the deletion started
609 // are running but caches for newly added accounts are not started.
610 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstOrphanDeletion) {
611 // Add account 1 to device policy.
612 InstallDeviceLocalAccountPolicy(kAccount1);
613 AddDeviceLocalAccountToPolicy(kAccount1);
614 InstallDevicePolicy();
615
616 // Create the DeviceLocalAccountPolicyService, triggering the deletion of
617 // orphaned cache directories.
618 CreatePolicyService();
619 FlushDeviceSettings();
620
621 // Verify that the cache for account 1 has been started as it is unaffected by
622 // the orphan deletion.
623 DeviceLocalAccountPolicyBroker* broker =
624 service_->GetBrokerForUser(account_1_user_id_);
625 ASSERT_TRUE(broker);
626 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
627
628 // Add account 2 to device policy.
629 InstallDeviceLocalAccountPolicy(kAccount2);
630 AddDeviceLocalAccountToPolicy(kAccount2);
631 InstallDevicePolicy();
632
633 // Verify that the cache for account 2 has not been started yet as the orphan
634 // deletion is still in progress.
635 broker = service_->GetBrokerForUser(account_2_user_id_);
636 ASSERT_TRUE(broker);
637 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning());
638
639 // Allow the orphan deletion to finish.
640 extension_cache_task_runner_->RunUntilIdle();
641 base::RunLoop().RunUntilIdle();
642
643 // Verify that the cache for account 2 has been started.
644 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
645 }
646
647 // Verifies that while the shutdown of a cache is in progress, no new cache is
648 // started if an account with the same ID is re-added.
649 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstCacheShutdown) {
650 // Add account 1 to device policy.
651 InstallDeviceLocalAccountPolicy(kAccount1);
652 AddDeviceLocalAccountToPolicy(kAccount1);
653 InstallDevicePolicy();
654
655 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
656 // deletion of orphaned cache directories.
657 CreatePolicyService();
658 FlushDeviceSettings();
659 extension_cache_task_runner_->RunUntilIdle();
660
661 // Remove account 1 from device policy, triggering a shutdown of its cache.
662 device_policy_.payload().mutable_device_local_accounts()->clear_account();
663 InstallDevicePolicy();
664
665 // Re-add account 1 to device policy.
666 AddDeviceLocalAccountToPolicy(kAccount1);
667 InstallDevicePolicy();
668
669 // Verify that the cache for account 1 has not been started yet as the
670 // shutdown of a previous cache for this account ID is still in progress.
671 DeviceLocalAccountPolicyBroker* broker =
672 service_->GetBrokerForUser(account_1_user_id_);
673 ASSERT_TRUE(broker);
674 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning());
675
676 // Allow the cache shutdown to finish.
677 extension_cache_task_runner_->RunUntilIdle();
678 base::RunLoop().RunUntilIdle();
679
680 // Verify that the cache directory for account 1 still exists.
681 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_));
682
683 // Verify that the cache for account 1 has been started, reusing the existing
684 // cache directory.
685 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
686 }
687
688 // Verifies that while the deletion of an obsolete cache directory is in
689 // progress, no new cache is started if an account with the same ID is re-added.
690 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest,
691 RaceAgainstObsoleteDeletion) {
692 // Add account 1 to device policy.
693 InstallDeviceLocalAccountPolicy(kAccount1);
694 AddDeviceLocalAccountToPolicy(kAccount1);
695 InstallDevicePolicy();
696
697 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
698 // deletion of orphaned cache directories.
699 CreatePolicyService();
700 FlushDeviceSettings();
701 extension_cache_task_runner_->RunUntilIdle();
702
703 // Remove account 1 from device policy, allowing the shutdown of its cache to
704 // finish and the deletion of its now obsolete cache directory to begin.
705 device_policy_.payload().mutable_device_local_accounts()->clear_account();
706 InstallDevicePolicy();
707 extension_cache_task_runner_->RunUntilIdle();
708 base::RunLoop().RunUntilIdle();
709
710 // Re-add account 1 to device policy.
711 AddDeviceLocalAccountToPolicy(kAccount1);
712 InstallDevicePolicy();
713
714 // Verify that the cache for account 1 has not been started yet as the
715 // deletion of the cache directory for this account ID is still in progress.
716 DeviceLocalAccountPolicyBroker* broker =
717 service_->GetBrokerForUser(account_1_user_id_);
718 ASSERT_TRUE(broker);
719 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning());
720
721 // Allow the deletion to finish.
722 extension_cache_task_runner_->RunUntilIdle();
723 base::RunLoop().RunUntilIdle();
724
725 // Verify that the cache directory for account 1 was deleted.
726 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_));
727
728 // Verify that the cache for account 1 has been started.
729 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
730 }
731
732 // Verifies that when an account is added and no deletion of cache directories
733 // affecting this account is in progress, its cache is started immediately.
734 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, AddAccount) {
735 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
736 // deletion of orphaned cache directories.
737 InstallDevicePolicy();
738 CreatePolicyService();
739 FlushDeviceSettings();
740 extension_cache_task_runner_->RunUntilIdle();
741
742 // Add account 1 to device policy.
743 InstallDeviceLocalAccountPolicy(kAccount1);
744 AddDeviceLocalAccountToPolicy(kAccount1);
745 InstallDevicePolicy();
746
747 // Verify that the cache for account 1 has been started.
748 DeviceLocalAccountPolicyBroker* broker =
749 service_->GetBrokerForUser(account_1_user_id_);
750 ASSERT_TRUE(broker);
751 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
752 }
753
754 // Verifies that when an account is removed, its cache directory is deleted.
755 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RemoveAccount) {
756 // Add account 1 to device policy.
757 InstallDeviceLocalAccountPolicy(kAccount1);
758 AddDeviceLocalAccountToPolicy(kAccount1);
759 InstallDevicePolicy();
760
761 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
762 // deletion of orphaned cache directories.
763 CreatePolicyService();
764 FlushDeviceSettings();
765 extension_cache_task_runner_->RunUntilIdle();
766
767 // Verify that a cache directory has been created for account 1.
768 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_));
769
770 // Remove account 1 from device policy, allowing the deletion of its now
771 // obsolete cache directory to finish.
772 device_policy_.payload().mutable_device_local_accounts()->clear_account();
773 InstallDevicePolicy();
774 extension_cache_task_runner_->RunUntilIdle();
775 base::RunLoop().RunUntilIdle();
776 extension_cache_task_runner_->RunUntilIdle();
777
778 // Verify that the cache directory for account 1 was deleted.
779 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_));
780 }
781
782 class DeviceLocalAccountPolicyProviderTest
783 : public DeviceLocalAccountPolicyServiceTestBase {
784 protected:
785 DeviceLocalAccountPolicyProviderTest();
786
787 void SetUp() override;
788 void TearDown() override;
789
790 SchemaRegistry schema_registry_;
791 scoped_ptr<DeviceLocalAccountPolicyProvider> provider_;
792 MockConfigurationPolicyObserver provider_observer_;
793
794 private:
795 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyProviderTest);
796 };
797
798 DeviceLocalAccountPolicyProviderTest::DeviceLocalAccountPolicyProviderTest() {
799 CreatePolicyService();
800 provider_ = DeviceLocalAccountPolicyProvider::Create(
801 GenerateDeviceLocalAccountUserId(kAccount1,
802 DeviceLocalAccount::TYPE_PUBLIC_SESSION),
803 service_.get());
804 }
805
806 void DeviceLocalAccountPolicyProviderTest::SetUp() {
807 DeviceLocalAccountPolicyServiceTestBase::SetUp();
808 provider_->Init(&schema_registry_);
809 provider_->AddObserver(&provider_observer_);
810
811 // Values implicitly enforced for public accounts.
812 expected_policy_map_.Set(key::kLidCloseAction,
813 POLICY_LEVEL_MANDATORY,
814 POLICY_SCOPE_MACHINE,
815 new base::FundamentalValue(
816 chromeos::PowerPolicyController::
817 ACTION_STOP_SESSION),
818 NULL);
819 expected_policy_map_.Set(key::kShelfAutoHideBehavior,
820 POLICY_LEVEL_MANDATORY,
821 POLICY_SCOPE_MACHINE,
822 new base::StringValue("Never"),
823 NULL);
824 expected_policy_map_.Set(key::kShowLogoutButtonInTray,
825 POLICY_LEVEL_MANDATORY,
826 POLICY_SCOPE_MACHINE,
827 new base::FundamentalValue(true),
828 NULL);
829 expected_policy_map_.Set(key::kFullscreenAllowed,
830 POLICY_LEVEL_MANDATORY,
831 POLICY_SCOPE_MACHINE,
832 new base::FundamentalValue(false),
833 NULL);
834 }
835
836 void DeviceLocalAccountPolicyProviderTest::TearDown() {
837 provider_->RemoveObserver(&provider_observer_);
838 provider_->Shutdown();
839 provider_.reset();
840 DeviceLocalAccountPolicyServiceTestBase::TearDown();
841 }
842
843 TEST_F(DeviceLocalAccountPolicyProviderTest, Initialization) {
844 EXPECT_FALSE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
845
846 // Policy change should complete initialization.
847 InstallDeviceLocalAccountPolicy(kAccount1);
848 AddDeviceLocalAccountToPolicy(kAccount1);
849 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
850 .Times(AtLeast(1));
851 InstallDevicePolicy();
852 Mock::VerifyAndClearExpectations(&provider_observer_);
853
854 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
855
856 // The account disappearing should *not* flip the initialization flag back.
857 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
858 .Times(AnyNumber());
859 device_policy_.payload().mutable_device_local_accounts()->clear_account();
860 InstallDevicePolicy();
861 Mock::VerifyAndClearExpectations(&provider_observer_);
862
863 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
864 }
865
866 TEST_F(DeviceLocalAccountPolicyProviderTest, Policy) {
867 // Policy should load successfully.
868 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
869 .Times(AtLeast(1));
870 InstallDeviceLocalAccountPolicy(kAccount1);
871 AddDeviceLocalAccountToPolicy(kAccount1);
872 InstallDevicePolicy();
873 Mock::VerifyAndClearExpectations(&provider_observer_);
874
875 PolicyBundle expected_policy_bundle;
876 expected_policy_bundle.Get(PolicyNamespace(
877 POLICY_DOMAIN_CHROME, std::string())).CopyFrom(expected_policy_map_);
878 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
879
880 // Policy change should be reported.
881 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
882 .Times(AtLeast(1));
883 device_local_account_policy_.payload().mutable_disablespdy()->set_value(
884 false);
885 InstallDeviceLocalAccountPolicy(kAccount1);
886 DeviceLocalAccountPolicyBroker* broker =
887 service_->GetBrokerForUser(account_1_user_id_);
888 ASSERT_TRUE(broker);
889 broker->core()->store()->Load();
890 FlushDeviceSettings();
891 Mock::VerifyAndClearExpectations(&provider_observer_);
892
893 expected_policy_bundle.Get(
894 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
895 .Set(key::kDisableSpdy,
896 POLICY_LEVEL_MANDATORY,
897 POLICY_SCOPE_USER,
898 new base::FundamentalValue(false),
899 NULL);
900 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
901
902 // Any values set for the |ShelfAutoHideBehavior|, |ShowLogoutButtonInTray|
903 // and |ExtensionAllowedTypes| policies should be overridden.
904 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
905 .Times(AtLeast(1));
906 device_local_account_policy_.payload().mutable_shelfautohidebehavior()->
907 set_value("Always");
908 device_local_account_policy_.payload().mutable_showlogoutbuttonintray()->
909 set_value(false);
910 InstallDeviceLocalAccountPolicy(kAccount1);
911 broker->core()->store()->Load();
912 FlushDeviceSettings();
913 Mock::VerifyAndClearExpectations(&provider_observer_);
914 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
915
916 // Account disappears, policy should stay in effect.
917 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
918 .Times(AnyNumber());
919 device_policy_.payload().mutable_device_local_accounts()->clear_account();
920 InstallDevicePolicy();
921 Mock::VerifyAndClearExpectations(&provider_observer_);
922
923 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
924 }
925
926 TEST_F(DeviceLocalAccountPolicyProviderTest, RefreshPolicies) {
927 // If there's no device policy, the refresh completes immediately.
928 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_));
929 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
930 .Times(AtLeast(1));
931 provider_->RefreshPolicies();
932 Mock::VerifyAndClearExpectations(&provider_observer_);
933
934 // Make device settings appear.
935 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
936 .Times(AnyNumber());
937 AddDeviceLocalAccountToPolicy(kAccount1);
938 InstallDevicePolicy();
939 EXPECT_TRUE(service_->GetBrokerForUser(account_1_user_id_));
940
941 // If there's no cloud connection, refreshes are still immediate.
942 DeviceLocalAccountPolicyBroker* broker =
943 service_->GetBrokerForUser(account_1_user_id_);
944 ASSERT_TRUE(broker);
945 EXPECT_FALSE(broker->core()->client());
946 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
947 .Times(AtLeast(1));
948 provider_->RefreshPolicies();
949 Mock::VerifyAndClearExpectations(&provider_observer_);
950
951 // Bring up the cloud connection. The refresh scheduler may fire refreshes at
952 // this point which are not relevant for the test.
953 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _))
954 .WillRepeatedly(
955 mock_device_management_service_.FailJob(DM_STATUS_REQUEST_FAILED));
956 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _))
957 .Times(AnyNumber());
958 service_->Connect(&mock_device_management_service_);
959 FlushDeviceSettings();
960 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
961
962 // No callbacks until the refresh completes.
963 EXPECT_CALL(provider_observer_, OnUpdatePolicy(_)).Times(0);
964 MockDeviceManagementJob* request_job;
965 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _))
966 .WillOnce(mock_device_management_service_.CreateAsyncJob(&request_job));
967 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _));
968 provider_->RefreshPolicies();
969 ReloadDeviceSettings();
970 Mock::VerifyAndClearExpectations(&provider_observer_);
971 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
972 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
973
974 // When the response comes in, it should propagate and fire the notification.
975 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
976 .Times(AtLeast(1));
977 ASSERT_TRUE(request_job);
978 em::DeviceManagementResponse response;
979 device_local_account_policy_.Build();
980 response.mutable_policy_response()->add_response()->CopyFrom(
981 device_local_account_policy_.policy());
982 request_job->SendResponse(DM_STATUS_SUCCESS, response);
983 FlushDeviceSettings();
984 Mock::VerifyAndClearExpectations(&provider_observer_);
985 }
986
987 } // namespace policy