chrome/browser/ui/webui/signin/inline_login_ui_browsertest.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "base/command_line.h"
   6 #include "chrome/browser/signin/signin_promo.h"
   7 #include "chrome/browser/ui/browser.h"
   8 #include "chrome/browser/ui/tabs/tab_strip_model.h"
   9 #include "chrome/browser/ui/webui/signin/inline_login_ui.h"
  10 #include "chrome/browser/ui/webui/signin/login_ui_service.h"
  11 #include "chrome/browser/ui/webui/signin/login_ui_service_factory.h"
  12 #include "chrome/common/chrome_switches.h"
  13 #include "chrome/common/url_constants.h"
  14 #include "chrome/test/base/in_process_browser_test.h"
  15 #include "chrome/test/base/test_browser_window.h"
  16 #include "chrome/test/base/test_chrome_web_ui_controller_factory.h"
  17 #include "chrome/test/base/testing_browser_process.h"
  18 #include "chrome/test/base/ui_test_utils.h"
  19 #include "content/public/browser/render_frame_host.h"
  20 #include "content/public/browser/render_process_host.h"
  21 #include "content/public/browser/session_storage_namespace.h"
  22 #include "content/public/browser/storage_partition.h"
  23 #include "content/public/browser/web_contents.h"
  24 #include "content/public/browser/web_ui_controller.h"
  25 #include "content/public/common/url_constants.h"
  26 #include "content/public/test/browser_test_utils.h"
  27 #include "content/public/test/test_navigation_observer.h"
  28 #include "google_apis/gaia/fake_gaia.h"
  29 #include "google_apis/gaia/gaia_switches.h"
  30 #include "net/base/url_util.h"
  31 #include "net/test/embedded_test_server/embedded_test_server.h"
  32 #include "net/test/embedded_test_server/http_request.h"
  33 #include "net/test/embedded_test_server/http_response.h"
  34 #include "testing/gmock/include/gmock/gmock.h"
  35 #include "testing/gtest/include/gtest/gtest.h"
  36
  37 using ::testing::_;
  38 using ::testing::Invoke;
  39 using ::testing::InvokeWithoutArgs;
  40
  41 namespace {
  42
  43 struct ContentInfo {
  44   ContentInfo(int pid, content::StoragePartition* storage_partition) {
  45     this->pid = pid;
  46     this->storage_partition = storage_partition;
  47   }
  48
  49   int pid;
  50   content::StoragePartition* storage_partition;
  51 };
  52
  53 ContentInfo NavigateAndGetInfo(
  54     Browser* browser,
  55     const GURL& url,
  56     WindowOpenDisposition disposition) {
  57   ui_test_utils::NavigateToURLWithDisposition(
  58       browser, url, disposition,
  59       ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION);
  60   content::WebContents* contents =
  61       browser->tab_strip_model()->GetActiveWebContents();
  62   content::RenderProcessHost* process = contents->GetRenderProcessHost();
  63   return ContentInfo(process->GetID(), process->GetStoragePartition());
  64 }
  65
  66 // Returns a new WebUI object for the WebContents from |arg0|.
  67 ACTION(ReturnNewWebUI) {
  68   return new content::WebUIController(arg0);
  69 }
  70
  71 // Mock the TestChromeWebUIControllerFactory::WebUIProvider to prove that we are
  72 // not called as expected.
  73 class FooWebUIProvider
  74     : public TestChromeWebUIControllerFactory::WebUIProvider {
  75  public:
  76   MOCK_METHOD2(NewWebUI, content::WebUIController*(content::WebUI* web_ui,
  77                                                    const GURL& url));
  78 };
  79
  80 class MockLoginUIObserver : public LoginUIService::Observer {
  81  public:
  82   MOCK_METHOD0(OnUntrustedLoginUIShown, void());
  83 };
  84
  85 const char kFooWebUIURL[] = "chrome://foo/";
  86
  87 }  // namespace
  88
  89 class InlineLoginUIBrowserTest : public InProcessBrowserTest {
  90  public:
  91   InlineLoginUIBrowserTest() {}
  92 };
  93
  94 #if defined(OS_LINUX)
  95 // crbug.com/422868
  96 #define MAYBE_DifferentStorageId DISABLED_DifferentStorageId
  97 #else
  98 #define MAYBE_DifferentStorageId DifferentStorageId
  99 #endif
 100 IN_PROC_BROWSER_TEST_F(InlineLoginUIBrowserTest, MAYBE_DifferentStorageId) {
 101   GURL test_url = ui_test_utils::GetTestUrl(
 102       base::FilePath(base::FilePath::kCurrentDirectory),
 103       base::FilePath(FILE_PATH_LITERAL("title1.html")));
 104
 105   ContentInfo info1 =
 106       NavigateAndGetInfo(browser(), test_url, CURRENT_TAB);
 107   ContentInfo info2 =
 108       NavigateAndGetInfo(browser(),
 109                          signin::GetPromoURL(signin::SOURCE_START_PAGE, false),
 110                          CURRENT_TAB);
 111   NavigateAndGetInfo(browser(), test_url, CURRENT_TAB);
 112   ContentInfo info3 =
 113       NavigateAndGetInfo(browser(),
 114                          signin::GetPromoURL( signin::SOURCE_START_PAGE, false),
 115                          NEW_FOREGROUND_TAB);
 116
 117   // The info for signin should be the same.
 118   ASSERT_EQ(info2.storage_partition, info3.storage_partition);
 119   // The info for test_url and signin should be different.
 120   ASSERT_NE(info1.storage_partition, info2.storage_partition);
 121 }
 122
 123 IN_PROC_BROWSER_TEST_F(InlineLoginUIBrowserTest, OneProcessLimit) {
 124   GURL test_url_1 = ui_test_utils::GetTestUrl(
 125       base::FilePath(base::FilePath::kCurrentDirectory),
 126       base::FilePath(FILE_PATH_LITERAL("title1.html")));
 127   GURL test_url_2 = ui_test_utils::GetTestUrl(
 128       base::FilePath(base::FilePath::kCurrentDirectory),
 129       base::FilePath(FILE_PATH_LITERAL("data:text/html,Hello world!")));
 130
 131   // Even when the process limit is set to one, the signin process should
 132   // still be given its own process and storage partition.
 133   content::RenderProcessHost::SetMaxRendererProcessCount(1);
 134
 135   ContentInfo info1 =
 136       NavigateAndGetInfo(browser(), test_url_1, CURRENT_TAB);
 137   ContentInfo info2 =
 138       NavigateAndGetInfo(browser(), test_url_2, CURRENT_TAB);
 139   ContentInfo info3 =
 140       NavigateAndGetInfo(browser(),
 141                          signin::GetPromoURL( signin::SOURCE_START_PAGE, false),
 142                          CURRENT_TAB);
 143
 144   ASSERT_EQ(info1.pid, info2.pid);
 145   ASSERT_NE(info1.pid, info3.pid);
 146 }
 147
 148 class InlineLoginUISafeIframeBrowserTest : public InProcessBrowserTest {
 149  public:
 150   FooWebUIProvider& foo_provider() { return foo_provider_; }
 151
 152   void WaitUntilUIReady() {
 153     content::DOMMessageQueue message_queue;
 154     ASSERT_TRUE(content::ExecuteScript(
 155         browser()->tab_strip_model()->GetActiveWebContents(),
 156         "if (!inline.login.getAuthExtHost())"
 157         "  inline.login.initialize();"
 158         "var handler = function() {"
 159         "  window.domAutomationController.setAutomationId(0);"
 160         "  window.domAutomationController.send('ready');"
 161         "};"
 162         "if (inline.login.isAuthReady())"
 163         "  handler();"
 164         "else"
 165         "  inline.login.getAuthExtHost().addEventListener('ready', handler);"));
 166
 167     std::string message;
 168     do {
 169       ASSERT_TRUE(message_queue.WaitForMessage(&message));
 170     } while (message != "\"ready\"");
 171   }
 172
 173  // Executes JavaScript code in the auth iframe hosted by gaia_auth extension.
 174   void ExecuteJsInSigninFrame(const std::string& js) {
 175     content::WebContents* web_contents =
 176         browser()->tab_strip_model()->GetActiveWebContents();
 177     ASSERT_TRUE(content::ExecuteScript(InlineLoginUI::GetAuthIframe(
 178         web_contents, GURL(), "signin-frame"), js));
 179   }
 180
 181  private:
 182   virtual void SetUp() override {
 183     ASSERT_TRUE(embedded_test_server()->InitializeAndWaitUntilReady());
 184
 185     // EmbeddedTestServer spawns a thread to initialize socket.
 186     // Stop IO thread in preparation for fork and exec.
 187     embedded_test_server()->StopThread();
 188
 189     InProcessBrowserTest::SetUp();
 190   }
 191
 192   virtual void SetUpCommandLine(CommandLine* command_line) override {
 193     const GURL& base_url = embedded_test_server()->base_url();
 194     command_line->AppendSwitchASCII(::switches::kGaiaUrl, base_url.spec());
 195     command_line->AppendSwitchASCII(::switches::kLsoUrl, base_url.spec());
 196     command_line->AppendSwitchASCII(::switches::kGoogleApisUrl,
 197                                     base_url.spec());
 198   }
 199
 200   virtual void SetUpOnMainThread() override {
 201     embedded_test_server()->RestartThreadAndListen();
 202
 203     content::WebUIControllerFactory::UnregisterFactoryForTesting(
 204         ChromeWebUIControllerFactory::GetInstance());
 205     test_factory_.reset(new TestChromeWebUIControllerFactory);
 206     content::WebUIControllerFactory::RegisterFactory(test_factory_.get());
 207     test_factory_->AddFactoryOverride(
 208         GURL(kFooWebUIURL).host(), &foo_provider_);
 209   }
 210
 211   virtual void TearDownOnMainThread() override {
 212     test_factory_->RemoveFactoryOverride(GURL(kFooWebUIURL).host());
 213     content::WebUIControllerFactory::UnregisterFactoryForTesting(
 214         test_factory_.get());
 215     test_factory_.reset();
 216     EXPECT_TRUE(embedded_test_server()->ShutdownAndWaitUntilComplete());
 217   }
 218
 219   FooWebUIProvider foo_provider_;
 220   scoped_ptr<TestChromeWebUIControllerFactory> test_factory_;
 221 };
 222
 223 // Make sure that the foo webui handler is working properly and that it gets
 224 // created when navigated to normally.
 225 IN_PROC_BROWSER_TEST_F(InlineLoginUISafeIframeBrowserTest, Basic) {
 226   const GURL kUrl(kFooWebUIURL);
 227   EXPECT_CALL(foo_provider(), NewWebUI(_, ::testing::Eq(kUrl)))
 228       .WillOnce(ReturnNewWebUI());
 229   ui_test_utils::NavigateToURL(browser(), GURL(kFooWebUIURL));
 230 }
 231
 232 // Make sure that the foo webui handler does not get created when we try to
 233 // load it inside the iframe of the login ui.
 234 IN_PROC_BROWSER_TEST_F(InlineLoginUISafeIframeBrowserTest, NoWebUIInIframe) {
 235   GURL url = signin::GetPromoURL(signin::SOURCE_START_PAGE, false).
 236       Resolve("?source=0&frameUrl=chrome://foo");
 237   EXPECT_CALL(foo_provider(), NewWebUI(_, _)).Times(0);
 238   ui_test_utils::NavigateToURL(browser(), url);
 239 }
 240
 241 // Flaky on CrOS, http://crbug.com/364759.
 242 #if defined(OS_CHROMEOS)
 243 #define MAYBE_TopFrameNavigationDisallowed DISABLED_TopFrameNavigationDisallowed
 244 #else
 245 #define MAYBE_TopFrameNavigationDisallowed TopFrameNavigationDisallowed
 246 #endif
 247
 248 // Make sure that the gaia iframe cannot trigger top-frame navigation.
 249 // TODO(guohui): flaky on trybot crbug/364759.
 250 IN_PROC_BROWSER_TEST_F(InlineLoginUISafeIframeBrowserTest,
 251     MAYBE_TopFrameNavigationDisallowed) {
 252   // Loads into gaia iframe a web page that attempts to deframe on load.
 253   GURL deframe_url(embedded_test_server()->GetURL("/login/deframe.html"));
 254   GURL url(net::AppendOrReplaceQueryParameter(
 255       signin::GetPromoURL(signin::SOURCE_START_PAGE, false),
 256       "frameUrl", deframe_url.spec()));
 257   ui_test_utils::NavigateToURL(browser(), url);
 258   WaitUntilUIReady();
 259
 260   content::WebContents* contents =
 261       browser()->tab_strip_model()->GetActiveWebContents();
 262   EXPECT_EQ(url, contents->GetVisibleURL());
 263
 264   content::NavigationController& controller = contents->GetController();
 265   EXPECT_TRUE(controller.GetPendingEntry() == NULL);
 266 }
 267
 268 // Flaky on CrOS, http://crbug.com/364759.
 269 #if defined(OS_CHROMEOS)
 270 #define MAYBE_NavigationToOtherChromeURLDisallowed \
 271     DISABLED_NavigationToOtherChromeURLDisallowed
 272 #else
 273 #define MAYBE_NavigationToOtherChromeURLDisallowed \
 274     NavigationToOtherChromeURLDisallowed
 275 #endif
 276
 277 IN_PROC_BROWSER_TEST_F(InlineLoginUISafeIframeBrowserTest,
 278     MAYBE_NavigationToOtherChromeURLDisallowed) {
 279   ui_test_utils::NavigateToURL(
 280       browser(), signin::GetPromoURL(signin::SOURCE_START_PAGE, false));
 281   WaitUntilUIReady();
 282
 283   content::WebContents* contents =
 284       browser()->tab_strip_model()->GetActiveWebContents();
 285   ASSERT_TRUE(content::ExecuteScript(
 286       contents, "window.location.href = 'chrome://foo'"));
 287
 288   content::TestNavigationObserver navigation_observer(contents, 1);
 289   navigation_observer.Wait();
 290
 291   EXPECT_EQ(GURL("about:blank"), contents->GetVisibleURL());
 292 }
 293
 294 #if !defined(OS_CHROMEOS)
 295 IN_PROC_BROWSER_TEST_F(InlineLoginUISafeIframeBrowserTest,
 296     ConfirmationRequiredForNonsecureSignin) {
 297   FakeGaia fake_gaia;
 298   fake_gaia.Initialize();
 299
 300   embedded_test_server()->RegisterRequestHandler(
 301       base::Bind(&FakeGaia::HandleRequest,
 302                  base::Unretained(&fake_gaia)));
 303   fake_gaia.SetFakeMergeSessionParams(
 304       "email", "fake-sid-cookie", "fake-lsid-cookie");
 305
 306   // Navigates to the Chrome signin page which loads the fake gaia auth page.
 307   // Since the fake gaia auth page is served over HTTP, thus expects to see an
 308   // untrusted signin confirmation dialog upon submitting credentials below.
 309   ui_test_utils::NavigateToURL(
 310       browser(), signin::GetPromoURL(signin::SOURCE_START_PAGE, false));
 311   WaitUntilUIReady();
 312
 313   MockLoginUIObserver observer;
 314   LoginUIServiceFactory::GetForProfile(browser()->profile())
 315       ->AddObserver(&observer);
 316   base::RunLoop run_loop;
 317   EXPECT_CALL(observer, OnUntrustedLoginUIShown())
 318       .WillOnce(InvokeWithoutArgs(&run_loop, &base::RunLoop::Quit));
 319
 320   std::string js =
 321       "document.getElementById('Email').value = 'email';"
 322       "document.getElementById('Passwd').value = 'password';"
 323       "document.getElementById('signIn').click();";
 324   ExecuteJsInSigninFrame(js);
 325
 326   run_loop.Run();
 327   base::MessageLoop::current()->RunUntilIdle();
 328 }
 329 #endif // OS_CHROMEOS