chrome/browser/signin/signin_manager_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "components/signin/core/browser/signin_manager.h"
   6
   7 #include <vector>
   8
   9 #include "base/bind.h"
  10 #include "base/bind_helpers.h"
  11 #include "base/compiler_specific.h"
  12 #include "base/prefs/pref_service.h"
  13 #include "base/prefs/testing_pref_service.h"
  14 #include "base/run_loop.h"
  15 #include "base/strings/stringprintf.h"
  16 #include "chrome/browser/browser_process.h"
  17 #include "chrome/browser/chrome_notification_types.h"
  18 #include "chrome/browser/prefs/browser_prefs.h"
  19 #include "chrome/browser/signin/chrome_signin_client_factory.h"
  20 #include "chrome/browser/signin/fake_profile_oauth2_token_service.h"
  21 #include "chrome/browser/signin/fake_profile_oauth2_token_service_builder.h"
  22 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
  23 #include "chrome/browser/signin/signin_manager_factory.h"
  24 #include "chrome/browser/signin/test_signin_client_builder.h"
  25 #include "chrome/common/pref_names.h"
  26 #include "chrome/common/url_constants.h"
  27 #include "chrome/test/base/testing_browser_process.h"
  28 #include "chrome/test/base/testing_profile.h"
  29 #include "components/signin/core/browser/profile_oauth2_token_service.h"
  30 #include "components/signin/core/browser/test_signin_client.h"
  31 #include "content/public/browser/child_process_security_policy.h"
  32 #include "content/public/browser/notification_source.h"
  33 #include "content/public/test/test_browser_thread_bundle.h"
  34 #include "google_apis/gaia/gaia_constants.h"
  35 #include "google_apis/gaia/gaia_urls.h"
  36 #include "net/cookies/cookie_monster.h"
  37 #include "net/url_request/test_url_fetcher_factory.h"
  38 #include "net/url_request/url_request.h"
  39 #include "net/url_request/url_request_context_getter.h"
  40 #include "net/url_request/url_request_status.h"
  41
  42 #include "testing/gmock/include/gmock/gmock.h"
  43 #include "testing/gtest/include/gtest/gtest.h"
  44
  45 namespace {
  46
  47 KeyedService* SigninManagerBuild(content::BrowserContext* context) {
  48   SigninManager* service = NULL;
  49   Profile* profile = static_cast<Profile*>(context);
  50   service = new SigninManager(
  51       ChromeSigninClientFactory::GetInstance()->GetForProfile(profile),
  52       ProfileOAuth2TokenServiceFactory::GetForProfile(profile));
  53   service->Initialize(NULL);
  54   return service;
  55 }
  56
  57 class TestSigninManagerObserver : public SigninManagerBase::Observer {
  58  public:
  59   TestSigninManagerObserver() : num_failed_signins_(0),
  60                                 num_successful_signins_(0),
  61                                 num_signouts_(0) {
  62   }
  63
  64   ~TestSigninManagerObserver() override {}
  65
  66   int num_failed_signins_;
  67   int num_successful_signins_;
  68   int num_signouts_;
  69
  70  private:
  71   // SigninManagerBase::Observer:
  72   void GoogleSigninFailed(const GoogleServiceAuthError& error) override {
  73     num_failed_signins_++;
  74   }
  75
  76   void GoogleSigninSucceeded(const std::string& account_id,
  77                              const std::string& username,
  78                              const std::string& password) override {
  79     num_successful_signins_++;
  80   }
  81
  82   void GoogleSignedOut(const std::string& account_id,
  83                        const std::string& username) override {
  84     num_signouts_++;
  85   }
  86 };
  87
  88 }  // namespace
  89
  90
  91 class SigninManagerTest : public testing::Test {
  92  public:
  93   SigninManagerTest() : manager_(NULL) {}
  94   ~SigninManagerTest() override {}
  95
  96   void SetUp() override {
  97     manager_ = NULL;
  98     prefs_.reset(new TestingPrefServiceSimple);
  99     chrome::RegisterLocalState(prefs_->registry());
 100     TestingBrowserProcess::GetGlobal()->SetLocalState(
 101         prefs_.get());
 102     TestingProfile::Builder builder;
 103     builder.AddTestingFactory(ProfileOAuth2TokenServiceFactory::GetInstance(),
 104                               BuildFakeProfileOAuth2TokenService);
 105     builder.AddTestingFactory(ChromeSigninClientFactory::GetInstance(),
 106                               signin::BuildTestSigninClient);
 107     builder.AddTestingFactory(SigninManagerFactory::GetInstance(),
 108                               SigninManagerBuild);
 109     profile_ = builder.Build();
 110
 111     static_cast<TestSigninClient*>(
 112         ChromeSigninClientFactory::GetInstance()->GetForProfile(profile()))->
 113             SetURLRequestContext(profile_->GetRequestContext());
 114   }
 115
 116   void TearDown() override {
 117     if (manager_)
 118       manager_->RemoveObserver(&test_observer_);
 119
 120     // Destroy the SigninManager here, because it relies on profile() which is
 121     // freed in the base class.
 122     if (naked_manager_) {
 123       naked_manager_->Shutdown();
 124       naked_manager_.reset(NULL);
 125     }
 126     TestingBrowserProcess::GetGlobal()->SetLocalState(NULL);
 127
 128     // Manually destroy PrefService and Profile so that they are shutdown
 129     // in the correct order.  Both need to be destroyed before the
 130     // |thread_bundle_| member.
 131     profile_.reset();
 132     prefs_.reset();  // LocalState needs to outlive the profile.
 133   }
 134
 135   TestingProfile* profile() { return profile_.get(); }
 136
 137   // Sets up the signin manager as a service if other code will try to get it as
 138   // a PKS.
 139   void SetUpSigninManagerAsService() {
 140     DCHECK(!manager_);
 141     DCHECK(!naked_manager_);
 142     manager_ = static_cast<SigninManager*>(
 143         SigninManagerFactory::GetForProfile(profile()));
 144     manager_->AddObserver(&test_observer_);
 145   }
 146
 147   // Create a naked signin manager if integration with PKSs is not needed.
 148   void CreateNakedSigninManager() {
 149     DCHECK(!manager_);
 150     naked_manager_.reset(new SigninManager(
 151         ChromeSigninClientFactory::GetInstance()->GetForProfile(profile()),
 152         ProfileOAuth2TokenServiceFactory::GetForProfile(profile())));
 153
 154     manager_ = naked_manager_.get();
 155     manager_->AddObserver(&test_observer_);
 156   }
 157
 158   // Shuts down |manager_|.
 159   void ShutDownManager() {
 160     DCHECK(manager_);
 161     manager_->RemoveObserver(&test_observer_);
 162     manager_->Shutdown();
 163     if (naked_manager_)
 164       naked_manager_.reset(NULL);
 165     manager_ = NULL;
 166   }
 167
 168   void ExpectSignInWithRefreshTokenSuccess() {
 169     EXPECT_TRUE(manager_->IsAuthenticated());
 170
 171     ProfileOAuth2TokenService* token_service =
 172         ProfileOAuth2TokenServiceFactory::GetForProfile(profile());
 173     EXPECT_TRUE(token_service->RefreshTokenIsAvailable(
 174         manager_->GetAuthenticatedUsername()));
 175
 176     // Should go into token service and stop.
 177     EXPECT_EQ(1, test_observer_.num_successful_signins_);
 178     EXPECT_EQ(0, test_observer_.num_failed_signins_);
 179   }
 180
 181   void CompleteSigninCallback(const std::string& oauth_token) {
 182     oauth_tokens_fetched_.push_back(oauth_token);
 183     manager_->CompletePendingSignin();
 184   }
 185
 186   content::TestBrowserThreadBundle thread_bundle_;
 187   net::TestURLFetcherFactory factory_;
 188   scoped_ptr<SigninManager> naked_manager_;
 189   SigninManager* manager_;
 190   TestSigninManagerObserver test_observer_;
 191   scoped_ptr<TestingProfile> profile_;
 192   std::vector<std::string> oauth_tokens_fetched_;
 193   scoped_ptr<TestingPrefServiceSimple> prefs_;
 194   std::vector<std::string> cookies_;
 195 };
 196
 197 TEST_F(SigninManagerTest, SignInWithRefreshToken) {
 198   SetUpSigninManagerAsService();
 199   EXPECT_FALSE(manager_->IsAuthenticated());
 200
 201   manager_->StartSignInWithRefreshToken(
 202       "rt1",
 203       "user@gmail.com",
 204       "password",
 205       SigninManager::OAuthTokenFetchedCallback());
 206
 207   ExpectSignInWithRefreshTokenSuccess();
 208
 209   // Should persist across resets.
 210   ShutDownManager();
 211   CreateNakedSigninManager();
 212   manager_->Initialize(NULL);
 213   EXPECT_EQ("user@gmail.com", manager_->GetAuthenticatedUsername());
 214 }
 215
 216 TEST_F(SigninManagerTest, SignInWithRefreshTokenCallbackComplete) {
 217   SetUpSigninManagerAsService();
 218   EXPECT_FALSE(manager_->IsAuthenticated());
 219
 220   // Since the password is empty, must verify the gaia cookies first.
 221   SigninManager::OAuthTokenFetchedCallback callback =
 222       base::Bind(&SigninManagerTest::CompleteSigninCallback,
 223                  base::Unretained(this));
 224   manager_->StartSignInWithRefreshToken(
 225       "rt1",
 226       "user@gmail.com",
 227       "password",
 228       callback);
 229
 230   ExpectSignInWithRefreshTokenSuccess();
 231   ASSERT_EQ(1U, oauth_tokens_fetched_.size());
 232   EXPECT_EQ(oauth_tokens_fetched_[0], "rt1");
 233 }
 234
 235 TEST_F(SigninManagerTest, SignOut) {
 236   SetUpSigninManagerAsService();
 237   manager_->StartSignInWithRefreshToken(
 238       "rt1",
 239       "user@gmail.com",
 240       "password",
 241       SigninManager::OAuthTokenFetchedCallback());
 242   manager_->SignOut(signin_metrics::SIGNOUT_TEST);
 243   EXPECT_FALSE(manager_->IsAuthenticated());
 244   // Should not be persisted anymore
 245   ShutDownManager();
 246   CreateNakedSigninManager();
 247   manager_->Initialize(NULL);
 248   EXPECT_FALSE(manager_->IsAuthenticated());
 249 }
 250
 251 TEST_F(SigninManagerTest, SignOutWhileProhibited) {
 252   SetUpSigninManagerAsService();
 253   EXPECT_FALSE(manager_->IsAuthenticated());
 254
 255   manager_->SetAuthenticatedUsername("user@gmail.com");
 256   manager_->ProhibitSignout(true);
 257   manager_->SignOut(signin_metrics::SIGNOUT_TEST);
 258   EXPECT_TRUE(manager_->IsAuthenticated());
 259   manager_->ProhibitSignout(false);
 260   manager_->SignOut(signin_metrics::SIGNOUT_TEST);
 261   EXPECT_FALSE(manager_->IsAuthenticated());
 262 }
 263
 264 TEST_F(SigninManagerTest, TestIsWebBasedSigninFlowURL) {
 265   EXPECT_FALSE(SigninManager::IsWebBasedSigninFlowURL(
 266       GURL("http://www.google.com")));
 267   EXPECT_TRUE(SigninManager::IsWebBasedSigninFlowURL(
 268       GURL("https://accounts.google.com/ServiceLogin?service=chromiumsync")));
 269   EXPECT_FALSE(SigninManager::IsWebBasedSigninFlowURL(
 270       GURL("http://accounts.google.com/ServiceLogin?service=chromiumsync")));
 271   // http, not https, should not be treated as web based signin.
 272   EXPECT_FALSE(SigninManager::IsWebBasedSigninFlowURL(
 273       GURL("http://accounts.google.com/ServiceLogin?service=googlemail")));
 274   // chromiumsync is double-embedded in a continue query param.
 275   EXPECT_TRUE(SigninManager::IsWebBasedSigninFlowURL(
 276       GURL("https://accounts.google.com/CheckCookie?"
 277            "continue=https%3A%2F%2Fwww.google.com%2Fintl%2Fen-US%2Fchrome"
 278            "%2Fblank.html%3Fsource%3D3%26nonadv%3D1&service=chromiumsync")));
 279 }
 280
 281 TEST_F(SigninManagerTest, Prohibited) {
 282   g_browser_process->local_state()->SetString(
 283       prefs::kGoogleServicesUsernamePattern, ".*@google.com");
 284   CreateNakedSigninManager();
 285   manager_->Initialize(g_browser_process->local_state());
 286   EXPECT_TRUE(manager_->IsAllowedUsername("test@google.com"));
 287   EXPECT_TRUE(manager_->IsAllowedUsername("happy@google.com"));
 288   EXPECT_FALSE(manager_->IsAllowedUsername("test@invalid.com"));
 289   EXPECT_FALSE(manager_->IsAllowedUsername("test@notgoogle.com"));
 290   EXPECT_FALSE(manager_->IsAllowedUsername(std::string()));
 291 }
 292
 293 TEST_F(SigninManagerTest, TestAlternateWildcard) {
 294   // Test to make sure we accept "*@google.com" as a pattern (treat it as if
 295   // the admin entered ".*@google.com").
 296   g_browser_process->local_state()->SetString(
 297       prefs::kGoogleServicesUsernamePattern, "*@google.com");
 298   CreateNakedSigninManager();
 299   manager_->Initialize(g_browser_process->local_state());
 300   EXPECT_TRUE(manager_->IsAllowedUsername("test@google.com"));
 301   EXPECT_TRUE(manager_->IsAllowedUsername("happy@google.com"));
 302   EXPECT_FALSE(manager_->IsAllowedUsername("test@invalid.com"));
 303   EXPECT_FALSE(manager_->IsAllowedUsername("test@notgoogle.com"));
 304   EXPECT_FALSE(manager_->IsAllowedUsername(std::string()));
 305 }
 306
 307 TEST_F(SigninManagerTest, ProhibitedAtStartup) {
 308   profile()->GetPrefs()->SetString(prefs::kGoogleServicesUsername,
 309                                    "monkey@invalid.com");
 310   g_browser_process->local_state()->SetString(
 311       prefs::kGoogleServicesUsernamePattern, ".*@google.com");
 312   CreateNakedSigninManager();
 313   manager_->Initialize(g_browser_process->local_state());
 314   // Currently signed in user is prohibited by policy, so should be signed out.
 315   EXPECT_EQ("", manager_->GetAuthenticatedUsername());
 316 }
 317
 318 TEST_F(SigninManagerTest, ProhibitedAfterStartup) {
 319   std::string user("monkey@invalid.com");
 320   profile()->GetPrefs()->SetString(prefs::kGoogleServicesUsername, user);
 321   CreateNakedSigninManager();
 322   manager_->Initialize(g_browser_process->local_state());
 323   EXPECT_EQ(user, manager_->GetAuthenticatedUsername());
 324   // Update the profile - user should be signed out.
 325   g_browser_process->local_state()->SetString(
 326       prefs::kGoogleServicesUsernamePattern, ".*@google.com");
 327   EXPECT_EQ("", manager_->GetAuthenticatedUsername());
 328 }
 329
 330 TEST_F(SigninManagerTest, ExternalSignIn) {
 331   CreateNakedSigninManager();
 332   manager_->Initialize(g_browser_process->local_state());
 333   EXPECT_EQ("",
 334             profile()->GetPrefs()->GetString(prefs::kGoogleServicesUsername));
 335   EXPECT_EQ("", manager_->GetAuthenticatedUsername());
 336   EXPECT_EQ(0, test_observer_.num_successful_signins_);
 337
 338   manager_->OnExternalSigninCompleted("external@example.com");
 339   EXPECT_EQ(1, test_observer_.num_successful_signins_);
 340   EXPECT_EQ(0, test_observer_.num_failed_signins_);
 341   EXPECT_EQ("external@example.com",
 342             profile()->GetPrefs()->GetString(prefs::kGoogleServicesUsername));
 343   EXPECT_EQ("external@example.com", manager_->GetAuthenticatedUsername());
 344 }
 345
 346 TEST_F(SigninManagerTest, SigninNotAllowed) {
 347   std::string user("user@google.com");
 348   profile()->GetPrefs()->SetString(prefs::kGoogleServicesUsername, user);
 349   profile()->GetPrefs()->SetBoolean(prefs::kSigninAllowed, false);
 350   SetUpSigninManagerAsService();
 351 }