Elim cr-checkbox
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / device_local_account_policy_service_unittest.cc
blobae89764291a7fe0556c134caa64abca0d0905e37
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
7 #include <algorithm>
9 #include "base/bind.h"
10 #include "base/bind_helpers.h"
11 #include "base/callback.h"
12 #include "base/files/file_path.h"
13 #include "base/files/file_util.h"
14 #include "base/files/scoped_temp_dir.h"
15 #include "base/path_service.h"
16 #include "base/run_loop.h"
17 #include "base/strings/string_number_conversions.h"
18 #include "base/strings/stringprintf.h"
19 #include "base/test/scoped_path_override.h"
20 #include "base/test/test_simple_task_runner.h"
21 #include "base/thread_task_runner_handle.h"
22 #include "chrome/browser/chromeos/policy/device_local_account.h"
23 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h"
24 #include "chrome/browser/chromeos/policy/fake_affiliated_invalidation_service_provider.h"
25 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
26 #include "chrome/browser/chromeos/settings/cros_settings.h"
27 #include "chrome/browser/chromeos/settings/device_settings_service.h"
28 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
29 #include "chrome/common/chrome_paths.h"
30 #include "chromeos/chromeos_paths.h"
31 #include "chromeos/dbus/power_policy_controller.h"
32 #include "components/policy/core/common/cloud/cloud_policy_client.h"
33 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
34 #include "components/policy/core/common/cloud/cloud_policy_service.h"
35 #include "components/policy/core/common/cloud/mock_device_management_service.h"
36 #include "components/policy/core/common/cloud/policy_builder.h"
37 #include "components/policy/core/common/external_data_fetcher.h"
38 #include "components/policy/core/common/mock_configuration_policy_provider.h"
39 #include "components/policy/core/common/policy_bundle.h"
40 #include "components/policy/core/common/policy_map.h"
41 #include "components/policy/core/common/policy_types.h"
42 #include "components/policy/core/common/schema_registry.h"
43 #include "net/url_request/url_request_context_getter.h"
44 #include "net/url_request/url_request_test_util.h"
45 #include "policy/policy_constants.h"
46 #include "policy/proto/cloud_policy.pb.h"
47 #include "policy/proto/device_management_backend.pb.h"
48 #include "testing/gtest/include/gtest/gtest.h"
50 using testing::AnyNumber;
51 using testing::AtLeast;
52 using testing::Mock;
53 using testing::SaveArg;
54 using testing::_;
56 namespace em = enterprise_management;
58 namespace policy {
60 namespace {
62 const char kAccount1[] = "account1@localhost";
63 const char kAccount2[] = "account2@localhost";
64 const char kAccount3[] = "account3@localhost";
66 const char kExtensionID[] = "kbmnembihfiondgfjekmnmcbddelicoi";
67 const char kExtensionVersion[] = "1.0.0.0";
68 const char kExtensionCRXPath[] = "extensions/hosted_app.crx";
69 const char kUpdateURL[] = "https://clients2.google.com/service/update2/crx";
71 } // namespace
73 class MockDeviceLocalAccountPolicyServiceObserver
74 : public DeviceLocalAccountPolicyService::Observer {
75 public:
76 MOCK_METHOD1(OnPolicyUpdated, void(const std::string&));
77 MOCK_METHOD0(OnDeviceLocalAccountsChanged, void(void));
80 class DeviceLocalAccountPolicyServiceTestBase
81 : public chromeos::DeviceSettingsTestBase {
82 public:
83 DeviceLocalAccountPolicyServiceTestBase();
85 void SetUp() override;
86 void TearDown() override;
88 void CreatePolicyService();
90 void InstallDeviceLocalAccountPolicy(const std::string& account_id);
91 void AddDeviceLocalAccountToPolicy(const std::string& account_id);
92 virtual void InstallDevicePolicy();
94 const std::string account_1_user_id_;
95 const std::string account_2_user_id_;
97 PolicyMap expected_policy_map_;
98 UserPolicyBuilder device_local_account_policy_;
99 chromeos::CrosSettings cros_settings_;
100 scoped_refptr<base::TestSimpleTaskRunner> extension_cache_task_runner_;
101 MockDeviceManagementService mock_device_management_service_;
102 FakeAffiliatedInvalidationServiceProvider
103 affiliated_invalidation_service_provider_;
104 scoped_ptr<DeviceLocalAccountPolicyService> service_;
106 private:
107 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTestBase);
110 class DeviceLocalAccountPolicyServiceTest
111 : public DeviceLocalAccountPolicyServiceTestBase {
112 public:
113 MOCK_METHOD1(OnRefreshDone, void(bool));
115 protected:
116 DeviceLocalAccountPolicyServiceTest();
118 void SetUp() override;
119 void TearDown() override;
121 void InstallDevicePolicy() override;
123 MockDeviceLocalAccountPolicyServiceObserver service_observer_;
125 private:
126 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTest);
129 DeviceLocalAccountPolicyServiceTestBase::
130 DeviceLocalAccountPolicyServiceTestBase()
131 : account_1_user_id_(GenerateDeviceLocalAccountUserId(
132 kAccount1,
133 DeviceLocalAccount::TYPE_PUBLIC_SESSION)),
134 account_2_user_id_(GenerateDeviceLocalAccountUserId(
135 kAccount2,
136 DeviceLocalAccount::TYPE_PUBLIC_SESSION)),
137 cros_settings_(&device_settings_service_),
138 extension_cache_task_runner_(new base::TestSimpleTaskRunner) {
141 void DeviceLocalAccountPolicyServiceTestBase::SetUp() {
142 chromeos::DeviceSettingsTestBase::SetUp();
144 expected_policy_map_.Set(key::kDisableSpdy,
145 POLICY_LEVEL_MANDATORY,
146 POLICY_SCOPE_USER,
147 POLICY_SOURCE_CLOUD,
148 new base::FundamentalValue(true),
149 NULL);
151 device_local_account_policy_.payload().mutable_disablespdy()->set_value(
152 true);
153 device_local_account_policy_.policy_data().set_policy_type(
154 dm_protocol::kChromePublicAccountPolicyType);
157 void DeviceLocalAccountPolicyServiceTestBase::TearDown() {
158 service_->Shutdown();
159 service_.reset();
160 extension_cache_task_runner_->RunUntilIdle();
161 chromeos::DeviceSettingsTestBase::TearDown();
164 void DeviceLocalAccountPolicyServiceTestBase::CreatePolicyService() {
165 service_.reset(new DeviceLocalAccountPolicyService(
166 &device_settings_test_helper_, &device_settings_service_, &cros_settings_,
167 &affiliated_invalidation_service_provider_,
168 base::ThreadTaskRunnerHandle::Get(), extension_cache_task_runner_,
169 base::ThreadTaskRunnerHandle::Get(), base::ThreadTaskRunnerHandle::Get(),
170 new net::TestURLRequestContextGetter(
171 base::ThreadTaskRunnerHandle::Get())));
174 void DeviceLocalAccountPolicyServiceTestBase::
175 InstallDeviceLocalAccountPolicy(const std::string& account_id) {
176 device_local_account_policy_.policy_data().set_settings_entity_id(account_id);
177 device_local_account_policy_.policy_data().set_username(account_id);
178 device_local_account_policy_.Build();
179 device_settings_test_helper_.set_device_local_account_policy_blob(
180 account_id, device_local_account_policy_.GetBlob());
183 void DeviceLocalAccountPolicyServiceTestBase::AddDeviceLocalAccountToPolicy(
184 const std::string& account_id) {
185 em::DeviceLocalAccountInfoProto* account =
186 device_policy_.payload().mutable_device_local_accounts()->add_account();
187 account->set_account_id(account_id);
188 account->set_type(
189 em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION);
192 void DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy() {
193 device_policy_.Build();
194 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
195 ReloadDeviceSettings();
198 DeviceLocalAccountPolicyServiceTest::DeviceLocalAccountPolicyServiceTest() {
199 CreatePolicyService();
202 void DeviceLocalAccountPolicyServiceTest::SetUp() {
203 DeviceLocalAccountPolicyServiceTestBase::SetUp();
204 service_->AddObserver(&service_observer_);
207 void DeviceLocalAccountPolicyServiceTest::TearDown() {
208 service_->RemoveObserver(&service_observer_);
209 DeviceLocalAccountPolicyServiceTestBase::TearDown();
212 void DeviceLocalAccountPolicyServiceTest::InstallDevicePolicy() {
213 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged());
214 DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy();
215 Mock::VerifyAndClearExpectations(&service_observer_);
218 TEST_F(DeviceLocalAccountPolicyServiceTest, NoAccounts) {
219 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_));
222 TEST_F(DeviceLocalAccountPolicyServiceTest, GetBroker) {
223 InstallDeviceLocalAccountPolicy(kAccount1);
224 AddDeviceLocalAccountToPolicy(kAccount1);
225 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
226 InstallDevicePolicy();
228 DeviceLocalAccountPolicyBroker* broker =
229 service_->GetBrokerForUser(account_1_user_id_);
230 ASSERT_TRUE(broker);
231 EXPECT_EQ(account_1_user_id_, broker->user_id());
232 ASSERT_TRUE(broker->core()->store());
233 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
234 EXPECT_FALSE(broker->core()->client());
235 EXPECT_FALSE(broker->core()->store()->policy_map().empty());
236 EXPECT_FALSE(broker->HasInvalidatorForTest());
239 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadNoPolicy) {
240 AddDeviceLocalAccountToPolicy(kAccount1);
241 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
242 InstallDevicePolicy();
244 DeviceLocalAccountPolicyBroker* broker =
245 service_->GetBrokerForUser(account_1_user_id_);
246 ASSERT_TRUE(broker);
247 EXPECT_EQ(account_1_user_id_, broker->user_id());
248 ASSERT_TRUE(broker->core()->store());
249 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR,
250 broker->core()->store()->status());
251 EXPECT_TRUE(broker->core()->store()->policy_map().empty());
252 EXPECT_FALSE(broker->HasInvalidatorForTest());
253 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_));
256 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadValidationFailure) {
257 device_local_account_policy_.policy_data().set_policy_type(
258 dm_protocol::kChromeUserPolicyType);
259 InstallDeviceLocalAccountPolicy(kAccount1);
260 AddDeviceLocalAccountToPolicy(kAccount1);
261 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
262 InstallDevicePolicy();
264 DeviceLocalAccountPolicyBroker* broker =
265 service_->GetBrokerForUser(account_1_user_id_);
266 ASSERT_TRUE(broker);
267 EXPECT_EQ(account_1_user_id_, broker->user_id());
268 ASSERT_TRUE(broker->core()->store());
269 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR,
270 broker->core()->store()->status());
271 EXPECT_TRUE(broker->core()->store()->policy_map().empty());
272 EXPECT_FALSE(broker->HasInvalidatorForTest());
273 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_));
276 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadPolicy) {
277 InstallDeviceLocalAccountPolicy(kAccount1);
278 AddDeviceLocalAccountToPolicy(kAccount1);
279 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
280 InstallDevicePolicy();
282 DeviceLocalAccountPolicyBroker* broker =
283 service_->GetBrokerForUser(account_1_user_id_);
284 ASSERT_TRUE(broker);
285 EXPECT_EQ(account_1_user_id_, broker->user_id());
286 ASSERT_TRUE(broker->core()->store());
287 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
288 ASSERT_TRUE(broker->core()->store()->policy());
289 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
290 broker->core()->store()->policy()->SerializeAsString());
291 EXPECT_TRUE(expected_policy_map_.Equals(
292 broker->core()->store()->policy_map()));
293 EXPECT_FALSE(broker->HasInvalidatorForTest());
294 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
297 TEST_F(DeviceLocalAccountPolicyServiceTest, StoreValidationFailure) {
298 AddDeviceLocalAccountToPolicy(kAccount1);
299 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
300 InstallDevicePolicy();
301 Mock::VerifyAndClearExpectations(&service_observer_);
303 DeviceLocalAccountPolicyBroker* broker =
304 service_->GetBrokerForUser(account_1_user_id_);
305 ASSERT_TRUE(broker);
306 EXPECT_EQ(account_1_user_id_, broker->user_id());
307 ASSERT_TRUE(broker->core()->store());
309 device_local_account_policy_.policy_data().set_policy_type(
310 dm_protocol::kChromeUserPolicyType);
311 device_local_account_policy_.Build();
312 broker->core()->store()->Store(device_local_account_policy_.policy());
313 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
314 FlushDeviceSettings();
316 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR,
317 broker->core()->store()->status());
318 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE,
319 broker->core()->store()->validation_status());
320 EXPECT_FALSE(broker->HasInvalidatorForTest());
321 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_));
324 TEST_F(DeviceLocalAccountPolicyServiceTest, StorePolicy) {
325 AddDeviceLocalAccountToPolicy(kAccount1);
326 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
327 InstallDevicePolicy();
328 Mock::VerifyAndClearExpectations(&service_observer_);
330 DeviceLocalAccountPolicyBroker* broker =
331 service_->GetBrokerForUser(account_1_user_id_);
332 ASSERT_TRUE(broker);
333 EXPECT_EQ(account_1_user_id_, broker->user_id());
334 ASSERT_TRUE(broker->core()->store());
336 device_local_account_policy_.policy_data().set_settings_entity_id(kAccount1);
337 device_local_account_policy_.policy_data().set_username(kAccount1);
338 device_local_account_policy_.Build();
339 broker->core()->store()->Store(device_local_account_policy_.policy());
340 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
341 FlushDeviceSettings();
343 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
344 ASSERT_TRUE(broker->core()->store()->policy());
345 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
346 broker->core()->store()->policy()->SerializeAsString());
347 EXPECT_TRUE(expected_policy_map_.Equals(
348 broker->core()->store()->policy_map()));
349 EXPECT_FALSE(broker->HasInvalidatorForTest());
350 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
353 TEST_F(DeviceLocalAccountPolicyServiceTest, DevicePolicyChange) {
354 InstallDeviceLocalAccountPolicy(kAccount1);
355 AddDeviceLocalAccountToPolicy(kAccount1);
356 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
357 InstallDevicePolicy();
359 device_policy_.payload().mutable_device_local_accounts()->clear_account();
360 InstallDevicePolicy();
362 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_));
365 TEST_F(DeviceLocalAccountPolicyServiceTest, DuplicateAccounts) {
366 InstallDeviceLocalAccountPolicy(kAccount1);
367 AddDeviceLocalAccountToPolicy(kAccount1);
368 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
369 InstallDevicePolicy();
370 Mock::VerifyAndClearExpectations(&service_observer_);
372 // Add a second entry with a duplicate account name to device policy.
373 AddDeviceLocalAccountToPolicy(kAccount1);
374 InstallDevicePolicy();
376 // Make sure the broker is accessible and policy got loaded.
377 DeviceLocalAccountPolicyBroker* broker =
378 service_->GetBrokerForUser(account_1_user_id_);
379 ASSERT_TRUE(broker);
380 EXPECT_EQ(account_1_user_id_, broker->user_id());
381 ASSERT_TRUE(broker->core()->store());
382 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
383 ASSERT_TRUE(broker->core()->store()->policy());
384 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
385 broker->core()->store()->policy()->SerializeAsString());
386 EXPECT_TRUE(expected_policy_map_.Equals(
387 broker->core()->store()->policy_map()));
388 EXPECT_FALSE(broker->HasInvalidatorForTest());
389 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
392 TEST_F(DeviceLocalAccountPolicyServiceTest, FetchPolicy) {
393 InstallDeviceLocalAccountPolicy(kAccount1);
394 AddDeviceLocalAccountToPolicy(kAccount1);
395 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
396 InstallDevicePolicy();
398 DeviceLocalAccountPolicyBroker* broker =
399 service_->GetBrokerForUser(account_1_user_id_);
400 ASSERT_TRUE(broker);
402 service_->Connect(&mock_device_management_service_);
403 EXPECT_TRUE(broker->core()->client());
405 em::DeviceManagementRequest request;
406 em::DeviceManagementResponse response;
407 response.mutable_policy_response()->add_response()->CopyFrom(
408 device_local_account_policy_.policy());
409 EXPECT_CALL(mock_device_management_service_,
410 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH, _))
411 .WillOnce(mock_device_management_service_.SucceedJob(response));
412 EXPECT_CALL(
413 mock_device_management_service_,
414 StartJob(dm_protocol::kValueRequestPolicy, std::string(), std::string(),
415 device_policy_.policy_data().request_token(),
416 device_policy_.policy_data().device_id(), _))
417 .WillOnce(SaveArg<5>(&request));
418 // This will be called twice, because the ComponentCloudPolicyService will
419 // also become ready after flushing all the pending tasks.
420 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)).Times(2);
421 FlushDeviceSettings();
422 Mock::VerifyAndClearExpectations(&service_observer_);
423 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
424 EXPECT_TRUE(request.has_policy_request());
425 ASSERT_EQ(2, request.policy_request().request_size());
427 const em::PolicyFetchRequest* public_account =
428 &request.policy_request().request(0);
429 const em::PolicyFetchRequest* extensions =
430 &request.policy_request().request(1);
431 // The order is not guarateed.
432 if (extensions->policy_type() ==
433 dm_protocol::kChromePublicAccountPolicyType) {
434 std::swap(public_account, extensions);
437 EXPECT_EQ(dm_protocol::kChromePublicAccountPolicyType,
438 public_account->policy_type());
439 EXPECT_FALSE(public_account->has_machine_id());
440 EXPECT_EQ(kAccount1, public_account->settings_entity_id());
442 EXPECT_EQ(dm_protocol::kChromeExtensionPolicyType,
443 extensions->policy_type());
444 EXPECT_FALSE(extensions->has_machine_id());
445 EXPECT_FALSE(extensions->has_settings_entity_id());
447 ASSERT_TRUE(broker->core()->store());
448 EXPECT_EQ(CloudPolicyStore::STATUS_OK,
449 broker->core()->store()->status());
450 ASSERT_TRUE(broker->core()->store()->policy());
451 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
452 broker->core()->store()->policy()->SerializeAsString());
453 EXPECT_TRUE(expected_policy_map_.Equals(
454 broker->core()->store()->policy_map()));
455 EXPECT_TRUE(broker->HasInvalidatorForTest());
456 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
459 TEST_F(DeviceLocalAccountPolicyServiceTest, RefreshPolicy) {
460 InstallDeviceLocalAccountPolicy(kAccount1);
461 AddDeviceLocalAccountToPolicy(kAccount1);
462 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
463 InstallDevicePolicy();
465 DeviceLocalAccountPolicyBroker* broker =
466 service_->GetBrokerForUser(account_1_user_id_);
467 ASSERT_TRUE(broker);
469 service_->Connect(&mock_device_management_service_);
470 ASSERT_TRUE(broker->core()->service());
472 em::DeviceManagementResponse response;
473 response.mutable_policy_response()->add_response()->CopyFrom(
474 device_local_account_policy_.policy());
475 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _))
476 .WillOnce(mock_device_management_service_.SucceedJob(response));
477 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _));
478 EXPECT_CALL(*this, OnRefreshDone(true)).Times(1);
479 // This will be called twice, because the ComponentCloudPolicyService will
480 // also become ready after flushing all the pending tasks.
481 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)).Times(2);
482 broker->core()->service()->RefreshPolicy(
483 base::Bind(&DeviceLocalAccountPolicyServiceTest::OnRefreshDone,
484 base::Unretained(this)));
485 FlushDeviceSettings();
486 Mock::VerifyAndClearExpectations(&service_observer_);
487 Mock::VerifyAndClearExpectations(this);
488 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
490 ASSERT_TRUE(broker->core()->store());
491 EXPECT_EQ(CloudPolicyStore::STATUS_OK,
492 broker->core()->store()->status());
493 EXPECT_TRUE(expected_policy_map_.Equals(
494 broker->core()->store()->policy_map()));
495 EXPECT_TRUE(broker->HasInvalidatorForTest());
496 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
499 class DeviceLocalAccountPolicyExtensionCacheTest
500 : public DeviceLocalAccountPolicyServiceTestBase {
501 protected:
502 DeviceLocalAccountPolicyExtensionCacheTest();
504 void SetUp() override;
506 base::FilePath GetCacheDirectoryForAccountID(const std::string& account_id);
508 base::ScopedTempDir cache_root_dir_;
509 scoped_ptr<base::ScopedPathOverride> cache_root_dir_override_;
511 base::FilePath cache_dir_1_;
512 base::FilePath cache_dir_2_;
513 base::FilePath cache_dir_3_;
515 private:
516 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyExtensionCacheTest);
519 DeviceLocalAccountPolicyExtensionCacheTest::
520 DeviceLocalAccountPolicyExtensionCacheTest() {
523 void DeviceLocalAccountPolicyExtensionCacheTest::SetUp() {
524 DeviceLocalAccountPolicyServiceTestBase::SetUp();
525 ASSERT_TRUE(cache_root_dir_.CreateUniqueTempDir());
526 cache_root_dir_override_.reset(new base::ScopedPathOverride(
527 chromeos::DIR_DEVICE_LOCAL_ACCOUNT_EXTENSIONS,
528 cache_root_dir_.path()));
530 cache_dir_1_ = GetCacheDirectoryForAccountID(kAccount1);
531 cache_dir_2_ = GetCacheDirectoryForAccountID(kAccount2);
532 cache_dir_3_ = GetCacheDirectoryForAccountID(kAccount3);
534 em::StringList* forcelist = device_local_account_policy_.payload()
535 .mutable_extensioninstallforcelist()->mutable_value();
536 forcelist->add_entries(base::StringPrintf("%s;%s", kExtensionID, kUpdateURL));
539 base::FilePath DeviceLocalAccountPolicyExtensionCacheTest::
540 GetCacheDirectoryForAccountID(const std::string& account_id) {
541 return cache_root_dir_.path().Append(base::HexEncode(account_id.c_str(),
542 account_id.size()));
545 // Verifies that during startup, orphaned cache directories are deleted,
546 // cache directories belonging to an existing account are preserved and missing
547 // cache directories are created. Also verifies that when startup is complete,
548 // the caches for all existing accounts are running.
549 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, Startup) {
550 base::FilePath test_data_dir;
551 ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &test_data_dir));
552 const base::FilePath source_crx_file =
553 test_data_dir.Append(kExtensionCRXPath);
554 const std::string target_crx_file_name =
555 base::StringPrintf("%s-%s.crx", kExtensionID, kExtensionVersion);
557 // Create and pre-populate a cache directory for account 1.
558 EXPECT_TRUE(base::CreateDirectory(cache_dir_1_));
559 EXPECT_TRUE(CopyFile(source_crx_file,
560 cache_dir_1_.Append(target_crx_file_name)));
562 // Create and pre-populate a cache directory for account 3.
563 EXPECT_TRUE(base::CreateDirectory(cache_dir_3_));
564 EXPECT_TRUE(CopyFile(source_crx_file,
565 cache_dir_3_.Append(target_crx_file_name)));
567 // Add accounts 1 and 2 to device policy.
568 InstallDeviceLocalAccountPolicy(kAccount1);
569 InstallDeviceLocalAccountPolicy(kAccount2);
570 AddDeviceLocalAccountToPolicy(kAccount1);
571 AddDeviceLocalAccountToPolicy(kAccount2);
572 InstallDevicePolicy();
574 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
575 // deletion of orphaned cache directories.
576 CreatePolicyService();
577 FlushDeviceSettings();
578 extension_cache_task_runner_->RunUntilIdle();
580 // Verify that the cache directory for account 1 and its contents still exist.
581 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_));
582 EXPECT_TRUE(ContentsEqual(source_crx_file,
583 cache_dir_1_.Append(target_crx_file_name)));
585 // Verify that a cache directory for account 2 was created.
586 EXPECT_TRUE(base::DirectoryExists(cache_dir_2_));
588 // Verify that the cache directory for account 3 was deleted.
589 EXPECT_FALSE(base::DirectoryExists(cache_dir_3_));
591 // Verify that the cache for account 1 has been started.
592 DeviceLocalAccountPolicyBroker* broker =
593 service_->GetBrokerForUser(account_1_user_id_);
594 ASSERT_TRUE(broker);
595 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
597 // Verify that the cache for account 2 has been started.
598 broker = service_->GetBrokerForUser(account_2_user_id_);
599 ASSERT_TRUE(broker);
600 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
603 // Verifies that while the deletion of orphaned cache directories is in
604 // progress, the caches for accounts which existed before the deletion started
605 // are running but caches for newly added accounts are not started.
606 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstOrphanDeletion) {
607 // Add account 1 to device policy.
608 InstallDeviceLocalAccountPolicy(kAccount1);
609 AddDeviceLocalAccountToPolicy(kAccount1);
610 InstallDevicePolicy();
612 // Create the DeviceLocalAccountPolicyService, triggering the deletion of
613 // orphaned cache directories.
614 CreatePolicyService();
615 FlushDeviceSettings();
617 // Verify that the cache for account 1 has been started as it is unaffected by
618 // the orphan deletion.
619 DeviceLocalAccountPolicyBroker* broker =
620 service_->GetBrokerForUser(account_1_user_id_);
621 ASSERT_TRUE(broker);
622 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
624 // Add account 2 to device policy.
625 InstallDeviceLocalAccountPolicy(kAccount2);
626 AddDeviceLocalAccountToPolicy(kAccount2);
627 InstallDevicePolicy();
629 // Verify that the cache for account 2 has not been started yet as the orphan
630 // deletion is still in progress.
631 broker = service_->GetBrokerForUser(account_2_user_id_);
632 ASSERT_TRUE(broker);
633 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning());
635 // Allow the orphan deletion to finish.
636 extension_cache_task_runner_->RunUntilIdle();
637 base::RunLoop().RunUntilIdle();
639 // Verify that the cache for account 2 has been started.
640 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
643 // Verifies that while the shutdown of a cache is in progress, no new cache is
644 // started if an account with the same ID is re-added.
645 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstCacheShutdown) {
646 // Add account 1 to device policy.
647 InstallDeviceLocalAccountPolicy(kAccount1);
648 AddDeviceLocalAccountToPolicy(kAccount1);
649 InstallDevicePolicy();
651 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
652 // deletion of orphaned cache directories.
653 CreatePolicyService();
654 FlushDeviceSettings();
655 extension_cache_task_runner_->RunUntilIdle();
657 // Remove account 1 from device policy, triggering a shutdown of its cache.
658 device_policy_.payload().mutable_device_local_accounts()->clear_account();
659 InstallDevicePolicy();
661 // Re-add account 1 to device policy.
662 AddDeviceLocalAccountToPolicy(kAccount1);
663 InstallDevicePolicy();
665 // Verify that the cache for account 1 has not been started yet as the
666 // shutdown of a previous cache for this account ID is still in progress.
667 DeviceLocalAccountPolicyBroker* broker =
668 service_->GetBrokerForUser(account_1_user_id_);
669 ASSERT_TRUE(broker);
670 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning());
672 // Allow the cache shutdown to finish.
673 extension_cache_task_runner_->RunUntilIdle();
674 base::RunLoop().RunUntilIdle();
676 // Verify that the cache directory for account 1 still exists.
677 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_));
679 // Verify that the cache for account 1 has been started, reusing the existing
680 // cache directory.
681 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
684 // Verifies that while the deletion of an obsolete cache directory is in
685 // progress, no new cache is started if an account with the same ID is re-added.
686 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest,
687 RaceAgainstObsoleteDeletion) {
688 // Add account 1 to device policy.
689 InstallDeviceLocalAccountPolicy(kAccount1);
690 AddDeviceLocalAccountToPolicy(kAccount1);
691 InstallDevicePolicy();
693 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
694 // deletion of orphaned cache directories.
695 CreatePolicyService();
696 FlushDeviceSettings();
697 extension_cache_task_runner_->RunUntilIdle();
699 // Remove account 1 from device policy, allowing the shutdown of its cache to
700 // finish and the deletion of its now obsolete cache directory to begin.
701 device_policy_.payload().mutable_device_local_accounts()->clear_account();
702 InstallDevicePolicy();
703 extension_cache_task_runner_->RunUntilIdle();
704 base::RunLoop().RunUntilIdle();
706 // Re-add account 1 to device policy.
707 AddDeviceLocalAccountToPolicy(kAccount1);
708 InstallDevicePolicy();
710 // Verify that the cache for account 1 has not been started yet as the
711 // deletion of the cache directory for this account ID is still in progress.
712 DeviceLocalAccountPolicyBroker* broker =
713 service_->GetBrokerForUser(account_1_user_id_);
714 ASSERT_TRUE(broker);
715 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning());
717 // Allow the deletion to finish.
718 extension_cache_task_runner_->RunUntilIdle();
719 base::RunLoop().RunUntilIdle();
721 // Verify that the cache directory for account 1 was deleted.
722 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_));
724 // Verify that the cache for account 1 has been started.
725 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
728 // Verifies that when an account is added and no deletion of cache directories
729 // affecting this account is in progress, its cache is started immediately.
730 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, AddAccount) {
731 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
732 // deletion of orphaned cache directories.
733 InstallDevicePolicy();
734 CreatePolicyService();
735 FlushDeviceSettings();
736 extension_cache_task_runner_->RunUntilIdle();
738 // Add account 1 to device policy.
739 InstallDeviceLocalAccountPolicy(kAccount1);
740 AddDeviceLocalAccountToPolicy(kAccount1);
741 InstallDevicePolicy();
743 // Verify that the cache for account 1 has been started.
744 DeviceLocalAccountPolicyBroker* broker =
745 service_->GetBrokerForUser(account_1_user_id_);
746 ASSERT_TRUE(broker);
747 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
750 // Verifies that when an account is removed, its cache directory is deleted.
751 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RemoveAccount) {
752 // Add account 1 to device policy.
753 InstallDeviceLocalAccountPolicy(kAccount1);
754 AddDeviceLocalAccountToPolicy(kAccount1);
755 InstallDevicePolicy();
757 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
758 // deletion of orphaned cache directories.
759 CreatePolicyService();
760 FlushDeviceSettings();
761 extension_cache_task_runner_->RunUntilIdle();
763 // Verify that a cache directory has been created for account 1.
764 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_));
766 // Remove account 1 from device policy, allowing the deletion of its now
767 // obsolete cache directory to finish.
768 device_policy_.payload().mutable_device_local_accounts()->clear_account();
769 InstallDevicePolicy();
770 extension_cache_task_runner_->RunUntilIdle();
771 base::RunLoop().RunUntilIdle();
772 extension_cache_task_runner_->RunUntilIdle();
774 // Verify that the cache directory for account 1 was deleted.
775 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_));
778 class DeviceLocalAccountPolicyProviderTest
779 : public DeviceLocalAccountPolicyServiceTestBase {
780 protected:
781 DeviceLocalAccountPolicyProviderTest();
783 void SetUp() override;
784 void TearDown() override;
786 SchemaRegistry schema_registry_;
787 scoped_ptr<DeviceLocalAccountPolicyProvider> provider_;
788 MockConfigurationPolicyObserver provider_observer_;
790 private:
791 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyProviderTest);
794 DeviceLocalAccountPolicyProviderTest::DeviceLocalAccountPolicyProviderTest() {
795 CreatePolicyService();
796 provider_ = DeviceLocalAccountPolicyProvider::Create(
797 GenerateDeviceLocalAccountUserId(kAccount1,
798 DeviceLocalAccount::TYPE_PUBLIC_SESSION),
799 service_.get());
802 void DeviceLocalAccountPolicyProviderTest::SetUp() {
803 DeviceLocalAccountPolicyServiceTestBase::SetUp();
804 provider_->Init(&schema_registry_);
805 provider_->AddObserver(&provider_observer_);
807 // Values implicitly enforced for public accounts.
808 expected_policy_map_.Set(key::kLidCloseAction,
809 POLICY_LEVEL_MANDATORY,
810 POLICY_SCOPE_MACHINE,
811 POLICY_SOURCE_ENTERPRISE_OVERRIDE,
812 new base::FundamentalValue(
813 chromeos::PowerPolicyController::
814 ACTION_STOP_SESSION),
815 NULL);
816 expected_policy_map_.Set(key::kShelfAutoHideBehavior,
817 POLICY_LEVEL_MANDATORY,
818 POLICY_SCOPE_MACHINE,
819 POLICY_SOURCE_ENTERPRISE_OVERRIDE,
820 new base::StringValue("Never"),
821 NULL);
822 expected_policy_map_.Set(key::kShowLogoutButtonInTray,
823 POLICY_LEVEL_MANDATORY,
824 POLICY_SCOPE_MACHINE,
825 POLICY_SOURCE_ENTERPRISE_OVERRIDE,
826 new base::FundamentalValue(true),
827 NULL);
828 expected_policy_map_.Set(key::kFullscreenAllowed,
829 POLICY_LEVEL_MANDATORY,
830 POLICY_SCOPE_MACHINE,
831 POLICY_SOURCE_ENTERPRISE_OVERRIDE,
832 new base::FundamentalValue(false),
833 NULL);
836 void DeviceLocalAccountPolicyProviderTest::TearDown() {
837 provider_->RemoveObserver(&provider_observer_);
838 provider_->Shutdown();
839 provider_.reset();
840 DeviceLocalAccountPolicyServiceTestBase::TearDown();
843 TEST_F(DeviceLocalAccountPolicyProviderTest, Initialization) {
844 EXPECT_FALSE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
846 // Policy change should complete initialization.
847 InstallDeviceLocalAccountPolicy(kAccount1);
848 AddDeviceLocalAccountToPolicy(kAccount1);
849 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
850 .Times(AtLeast(1));
851 InstallDevicePolicy();
852 Mock::VerifyAndClearExpectations(&provider_observer_);
854 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
856 // The account disappearing should *not* flip the initialization flag back.
857 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
858 .Times(AnyNumber());
859 device_policy_.payload().mutable_device_local_accounts()->clear_account();
860 InstallDevicePolicy();
861 Mock::VerifyAndClearExpectations(&provider_observer_);
863 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
866 TEST_F(DeviceLocalAccountPolicyProviderTest, Policy) {
867 // Policy should load successfully.
868 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
869 .Times(AtLeast(1));
870 InstallDeviceLocalAccountPolicy(kAccount1);
871 AddDeviceLocalAccountToPolicy(kAccount1);
872 InstallDevicePolicy();
873 Mock::VerifyAndClearExpectations(&provider_observer_);
875 PolicyBundle expected_policy_bundle;
876 expected_policy_bundle.Get(PolicyNamespace(
877 POLICY_DOMAIN_CHROME, std::string())).CopyFrom(expected_policy_map_);
878 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
880 // Policy change should be reported.
881 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
882 .Times(AtLeast(1));
883 device_local_account_policy_.payload().mutable_disablespdy()->set_value(
884 false);
885 InstallDeviceLocalAccountPolicy(kAccount1);
886 DeviceLocalAccountPolicyBroker* broker =
887 service_->GetBrokerForUser(account_1_user_id_);
888 ASSERT_TRUE(broker);
889 broker->core()->store()->Load();
890 FlushDeviceSettings();
891 Mock::VerifyAndClearExpectations(&provider_observer_);
893 expected_policy_bundle.Get(
894 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
895 .Set(key::kDisableSpdy,
896 POLICY_LEVEL_MANDATORY,
897 POLICY_SCOPE_USER,
898 POLICY_SOURCE_CLOUD,
899 new base::FundamentalValue(false),
900 NULL);
901 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
903 // Any values set for the |ShelfAutoHideBehavior|, |ShowLogoutButtonInTray|
904 // and |ExtensionAllowedTypes| policies should be overridden.
905 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
906 .Times(AtLeast(1));
907 device_local_account_policy_.payload().mutable_shelfautohidebehavior()->
908 set_value("Always");
909 device_local_account_policy_.payload().mutable_showlogoutbuttonintray()->
910 set_value(false);
911 InstallDeviceLocalAccountPolicy(kAccount1);
912 broker->core()->store()->Load();
913 FlushDeviceSettings();
914 Mock::VerifyAndClearExpectations(&provider_observer_);
915 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
917 // Account disappears, policy should stay in effect.
918 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
919 .Times(AnyNumber());
920 device_policy_.payload().mutable_device_local_accounts()->clear_account();
921 InstallDevicePolicy();
922 Mock::VerifyAndClearExpectations(&provider_observer_);
924 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
927 TEST_F(DeviceLocalAccountPolicyProviderTest, RefreshPolicies) {
928 // If there's no device policy, the refresh completes immediately.
929 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_));
930 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
931 .Times(AtLeast(1));
932 provider_->RefreshPolicies();
933 Mock::VerifyAndClearExpectations(&provider_observer_);
935 // Make device settings appear.
936 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
937 .Times(AnyNumber());
938 AddDeviceLocalAccountToPolicy(kAccount1);
939 InstallDevicePolicy();
940 EXPECT_TRUE(service_->GetBrokerForUser(account_1_user_id_));
942 // If there's no cloud connection, refreshes are still immediate.
943 DeviceLocalAccountPolicyBroker* broker =
944 service_->GetBrokerForUser(account_1_user_id_);
945 ASSERT_TRUE(broker);
946 EXPECT_FALSE(broker->core()->client());
947 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
948 .Times(AtLeast(1));
949 provider_->RefreshPolicies();
950 Mock::VerifyAndClearExpectations(&provider_observer_);
952 // Bring up the cloud connection. The refresh scheduler may fire refreshes at
953 // this point which are not relevant for the test.
954 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _))
955 .WillRepeatedly(
956 mock_device_management_service_.FailJob(DM_STATUS_REQUEST_FAILED));
957 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _))
958 .Times(AnyNumber());
959 service_->Connect(&mock_device_management_service_);
960 FlushDeviceSettings();
961 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
963 // No callbacks until the refresh completes.
964 EXPECT_CALL(provider_observer_, OnUpdatePolicy(_)).Times(0);
965 MockDeviceManagementJob* request_job;
966 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _))
967 .WillOnce(mock_device_management_service_.CreateAsyncJob(&request_job));
968 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _));
969 provider_->RefreshPolicies();
970 ReloadDeviceSettings();
971 Mock::VerifyAndClearExpectations(&provider_observer_);
972 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
973 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
975 // When the response comes in, it should propagate and fire the notification.
976 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
977 .Times(AtLeast(1));
978 ASSERT_TRUE(request_job);
979 em::DeviceManagementResponse response;
980 device_local_account_policy_.Build();
981 response.mutable_policy_response()->add_response()->CopyFrom(
982 device_local_account_policy_.policy());
983 request_job->SendResponse(DM_STATUS_SUCCESS, response);
984 FlushDeviceSettings();
985 Mock::VerifyAndClearExpectations(&provider_observer_);
988 } // namespace policy