Add new certificateProvider extension API.
[chromium-blink-merge.git] / chrome / browser / extensions / api / permissions / permissions_apitest.cc
blob0cd5a4e888569d4fe6bf5b5589d6bfd07a1aa1ba
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/extensions/api/permissions/permissions_api.h"
6 #include "chrome/browser/extensions/extension_apitest.h"
7 #include "chrome/browser/extensions/extension_management_test_util.h"
8 #include "chrome/browser/profiles/profile.h"
9 #include "chrome/browser/ui/browser.h"
10 #include "components/policy/core/browser/browser_policy_connector.h"
11 #include "components/policy/core/common/mock_configuration_policy_provider.h"
12 #include "extensions/browser/extension_prefs.h"
13 #include "extensions/common/permissions/permission_set.h"
14 #include "extensions/common/switches.h"
15 #include "net/dns/mock_host_resolver.h"
17 namespace extensions {
19 namespace {
21 static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
22 int schemes = URLPattern::SCHEME_ALL;
23 extent->AddPattern(URLPattern(schemes, pattern));
26 } // namespace
28 class ExperimentalApiTest : public ExtensionApiTest {
29 public:
30 void SetUpCommandLine(base::CommandLine* command_line) override {
31 ExtensionApiTest::SetUpCommandLine(command_line);
32 command_line->AppendSwitch(switches::kEnableExperimentalExtensionApis);
36 class ExtensionApiTestWithManagementPolicy : public ExtensionApiTest {
37 public:
38 void SetUpInProcessBrowserTestFixture() override {
39 ExtensionApiTest::SetUpInProcessBrowserTestFixture();
40 EXPECT_CALL(policy_provider_, IsInitializationComplete(testing::_))
41 .WillRepeatedly(testing::Return(true));
42 policy_provider_.SetAutoRefresh();
43 policy::BrowserPolicyConnector::SetPolicyProviderForTesting(
44 &policy_provider_);
47 protected:
48 policy::MockConfigurationPolicyProvider policy_provider_;
51 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, PermissionsFail) {
52 ASSERT_TRUE(RunExtensionTest("permissions/disabled")) << message_;
54 // Since the experimental APIs require a flag, this will fail even though
55 // it's enabled.
56 // TODO(erikkay) This test is currently broken because LoadExtension in
57 // ExtensionBrowserTest doesn't actually fail, it just times out. To fix this
58 // I'll need to add an EXTENSION_LOAD_ERROR notification, which is probably
59 // too much for the branch. I'll enable this on trunk later.
60 //ASSERT_FALSE(RunExtensionTest("permissions/enabled"))) << message_;
63 IN_PROC_BROWSER_TEST_F(ExperimentalApiTest, PermissionsSucceed) {
64 ASSERT_TRUE(RunExtensionTest("permissions/enabled")) << message_;
67 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, ExperimentalPermissionsFail) {
68 // At the time this test is being created, there is no experimental
69 // function that will not be graduating soon, and does not require a
70 // tab id as an argument. So, we need the tab permission to get
71 // a tab id.
72 ASSERT_TRUE(RunExtensionTest("permissions/experimental_disabled"))
73 << message_;
76 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, FaviconPermission) {
77 ASSERT_TRUE(RunExtensionTest("permissions/favicon")) << message_;
80 // Test functions and APIs that are always allowed (even if you ask for no
81 // permissions).
82 // Disabled: http://crbug.com/125193
83 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, DISABLED_AlwaysAllowed) {
84 ASSERT_TRUE(RunExtensionTest("permissions/always_allowed")) << message_;
87 // Tests that the optional permissions API works correctly.
88 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGranted) {
89 // Mark all the tested APIs as granted to bypass the confirmation UI.
90 APIPermissionSet apis;
91 apis.insert(APIPermission::kBookmark);
92 ManifestPermissionSet manifest_permissions;
93 URLPatternSet explicit_hosts;
94 AddPattern(&explicit_hosts, "http://*.c.com/*");
95 scoped_refptr<PermissionSet> granted_permissions =
96 new PermissionSet(apis, manifest_permissions,
97 explicit_hosts, URLPatternSet());
99 ExtensionPrefs* prefs = ExtensionPrefs::Get(browser()->profile());
100 prefs->AddGrantedPermissions("kjmkgkdkpedkejedfhmfcenooemhbpbo",
101 granted_permissions.get());
103 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
104 host_resolver()->AddRule("*.com", "127.0.0.1");
105 ASSERT_TRUE(StartEmbeddedTestServer());
106 EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_;
109 // Tests that the optional permissions API works correctly.
110 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsAutoConfirm) {
111 // Rather than setting the granted permissions, set the UI autoconfirm flag
112 // and run the same tests.
113 PermissionsRequestFunction::SetAutoConfirmForTests(true);
114 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
115 host_resolver()->AddRule("*.com", "127.0.0.1");
116 ASSERT_TRUE(StartEmbeddedTestServer());
117 EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_;
120 // Test that denying the optional permissions confirmation dialog works.
121 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsDeny) {
122 PermissionsRequestFunction::SetAutoConfirmForTests(false);
123 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
124 host_resolver()->AddRule("*.com", "127.0.0.1");
125 ASSERT_TRUE(StartEmbeddedTestServer());
126 EXPECT_TRUE(RunExtensionTest("permissions/optional_deny")) << message_;
129 // Tests that the permissions.request function must be called from within a
130 // user gesture.
131 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGesture) {
132 PermissionsRequestFunction::SetIgnoreUserGestureForTests(false);
133 host_resolver()->AddRule("*.com", "127.0.0.1");
134 ASSERT_TRUE(StartEmbeddedTestServer());
135 EXPECT_TRUE(RunExtensionTest("permissions/optional_gesture")) << message_;
138 // Tests that the user gesture is retained in the permissions.request function
139 // callback.
140 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsRetainGesture) {
141 PermissionsRequestFunction::SetAutoConfirmForTests(true);
142 PermissionsRequestFunction::SetIgnoreUserGestureForTests(false);
143 host_resolver()->AddRule("*.com", "127.0.0.1");
144 ASSERT_TRUE(StartEmbeddedTestServer());
145 EXPECT_TRUE(RunExtensionTest("permissions/optional_retain_gesture"))
146 << message_;
149 // Test that optional permissions blocked by enterprise policy will be denied
150 // automatically.
151 IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy,
152 OptionalPermissionsPolicyBlocked) {
153 // Set enterprise policy to block some API permissions.
155 ExtensionManagementPolicyUpdater pref(&policy_provider_);
156 pref.AddBlockedPermission("*", "management");
158 // Set auto confirm UI flag.
159 PermissionsRequestFunction::SetAutoConfirmForTests(true);
160 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
161 EXPECT_TRUE(RunExtensionTest("permissions/optional_policy_blocked"))
162 << message_;
165 // Tests that an extension can't gain access to file: URLs without the checkbox
166 // entry in prefs. There shouldn't be a warning either.
167 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsFileAccess) {
168 // There shouldn't be a warning, so we shouldn't need to autoconfirm.
169 PermissionsRequestFunction::SetAutoConfirmForTests(false);
170 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
172 ExtensionPrefs* prefs = ExtensionPrefs::Get(browser()->profile());
174 EXPECT_TRUE(
175 RunExtensionTestNoFileAccess("permissions/file_access_no")) << message_;
176 EXPECT_FALSE(prefs->AllowFileAccess("dgloelfbnddbdacakahpogklfdcccbib"));
178 EXPECT_TRUE(RunExtensionTest("permissions/file_access_yes")) << message_;
179 // TODO(kalman): ugh, it would be nice to test this condition, but it seems
180 // like there's somehow a race here where the prefs aren't updated in time
181 // with the "allow file access" bit, so we'll just have to trust that
182 // RunExtensionTest (unlike RunExtensionTestNoFileAccess) does indeed
183 // not set the allow file access bit. Otherwise this test doesn't mean
184 // a whole lot (i.e. file access works - but it'd better not be the case
185 // that the extension actually has file access, since that'd be the bug
186 // that this is supposed to be testing).
187 //EXPECT_TRUE(prefs->AllowFileAccess("hlonmbgfjccgolnaboonlakjckinmhmd"));
190 // Test requesting, querying, and removing host permissions for host
191 // permissions that are a subset of the optional permissions.
192 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, HostSubsets) {
193 PermissionsRequestFunction::SetAutoConfirmForTests(true);
194 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
195 EXPECT_TRUE(RunExtensionTest("permissions/host_subsets")) << message_;
198 // Tests that requesting an optional permission from a background page, with
199 // another window open, grants the permission and updates the bindings
200 // (chrome.whatever, in this case chrome.alarms). Regression test for
201 // crbug.com/435141, see details there for trickiness.
202 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsUpdatesBindings) {
203 ASSERT_TRUE(RunExtensionTest("permissions/optional_updates_bindings"))
204 << message_;
207 } // namespace extensions