search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert of Add source column to chrome://policy showing the origins of policies. ...
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / device_local_account_policy_service_unittest.cc
blob53649bf65acb0984c0828ce3106727fd38a3bad2
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
6
7 #include <algorithm>
8
9 #include "base/bind.h"
10 #include "base/bind_helpers.h"
11 #include "base/callback.h"
12 #include "base/files/file_path.h"
13 #include "base/files/file_util.h"
14 #include "base/files/scoped_temp_dir.h"
15 #include "base/path_service.h"
16 #include "base/run_loop.h"
17 #include "base/strings/string_number_conversions.h"
18 #include "base/strings/stringprintf.h"
19 #include "base/test/scoped_path_override.h"
20 #include "base/test/test_simple_task_runner.h"
21 #include "base/thread_task_runner_handle.h"
22 #include "chrome/browser/chromeos/policy/device_local_account.h"
23 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h"
24 #include "chrome/browser/chromeos/policy/fake_affiliated_invalidation_service_provider.h"
25 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
26 #include "chrome/browser/chromeos/settings/cros_settings.h"
27 #include "chrome/browser/chromeos/settings/device_settings_service.h"
28 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
29 #include "chrome/common/chrome_paths.h"
30 #include "chromeos/chromeos_paths.h"
31 #include "chromeos/dbus/power_policy_controller.h"
32 #include "components/policy/core/common/cloud/cloud_policy_client.h"
33 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
34 #include "components/policy/core/common/cloud/cloud_policy_service.h"
35 #include "components/policy/core/common/cloud/mock_device_management_service.h"
36 #include "components/policy/core/common/cloud/policy_builder.h"
37 #include "components/policy/core/common/external_data_fetcher.h"
38 #include "components/policy/core/common/mock_configuration_policy_provider.h"
39 #include "components/policy/core/common/policy_bundle.h"
40 #include "components/policy/core/common/policy_map.h"
41 #include "components/policy/core/common/schema_registry.h"
42 #include "net/url_request/url_request_context_getter.h"
43 #include "net/url_request/url_request_test_util.h"
44 #include "policy/policy_constants.h"
45 #include "policy/proto/cloud_policy.pb.h"
46 #include "policy/proto/device_management_backend.pb.h"
47 #include "testing/gtest/include/gtest/gtest.h"
48
49 using testing::AnyNumber;
50 using testing::AtLeast;
51 using testing::Mock;
52 using testing::SaveArg;
53 using testing::_;
54
55 namespace em = enterprise_management;
56
57 namespace policy {
58
59 namespace {
60
61 const char kAccount1[] = "account1@localhost";
62 const char kAccount2[] = "account2@localhost";
63 const char kAccount3[] = "account3@localhost";
64
65 const char kExtensionID[] = "kbmnembihfiondgfjekmnmcbddelicoi";
66 const char kExtensionVersion[] = "1.0.0.0";
67 const char kExtensionCRXPath[] = "extensions/hosted_app.crx";
68 const char kUpdateURL[] = "https://clients2.google.com/service/update2/crx";
69
70 } // namespace
71
72 class MockDeviceLocalAccountPolicyServiceObserver
73 : public DeviceLocalAccountPolicyService::Observer {
74 public:
75 MOCK_METHOD1(OnPolicyUpdated, void(const std::string&));
76 MOCK_METHOD0(OnDeviceLocalAccountsChanged, void(void));
77 };
78
79 class DeviceLocalAccountPolicyServiceTestBase
80 : public chromeos::DeviceSettingsTestBase {
81 public:
82 DeviceLocalAccountPolicyServiceTestBase();
83
84 void SetUp() override;
85 void TearDown() override;
86
87 void CreatePolicyService();
88
89 void InstallDeviceLocalAccountPolicy(const std::string& account_id);
90 void AddDeviceLocalAccountToPolicy(const std::string& account_id);
91 virtual void InstallDevicePolicy();
92
93 const std::string account_1_user_id_;
94 const std::string account_2_user_id_;
95
96 PolicyMap expected_policy_map_;
97 UserPolicyBuilder device_local_account_policy_;
98 chromeos::CrosSettings cros_settings_;
99 scoped_refptr<base::TestSimpleTaskRunner> extension_cache_task_runner_;
100 MockDeviceManagementService mock_device_management_service_;
101 FakeAffiliatedInvalidationServiceProvider
102 affiliated_invalidation_service_provider_;
103 scoped_ptr<DeviceLocalAccountPolicyService> service_;
104
105 private:
106 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTestBase);
107 };
108
109 class DeviceLocalAccountPolicyServiceTest
110 : public DeviceLocalAccountPolicyServiceTestBase {
111 public:
112 MOCK_METHOD1(OnRefreshDone, void(bool));
113
114 protected:
115 DeviceLocalAccountPolicyServiceTest();
116
117 void SetUp() override;
118 void TearDown() override;
119
120 void InstallDevicePolicy() override;
121
122 MockDeviceLocalAccountPolicyServiceObserver service_observer_;
123
124 private:
125 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTest);
126 };
127
128 DeviceLocalAccountPolicyServiceTestBase::
129 DeviceLocalAccountPolicyServiceTestBase()
130 : account_1_user_id_(GenerateDeviceLocalAccountUserId(
131 kAccount1,
132 DeviceLocalAccount::TYPE_PUBLIC_SESSION)),
133 account_2_user_id_(GenerateDeviceLocalAccountUserId(
134 kAccount2,
135 DeviceLocalAccount::TYPE_PUBLIC_SESSION)),
136 cros_settings_(&device_settings_service_),
137 extension_cache_task_runner_(new base::TestSimpleTaskRunner) {
138 }
139
140 void DeviceLocalAccountPolicyServiceTestBase::SetUp() {
141 chromeos::DeviceSettingsTestBase::SetUp();
142
143 expected_policy_map_.Set(key::kDisableSpdy,
144 POLICY_LEVEL_MANDATORY,
145 POLICY_SCOPE_USER,
146 new base::FundamentalValue(true),
147 NULL);
148
149 device_local_account_policy_.payload().mutable_disablespdy()->set_value(
150 true);
151 device_local_account_policy_.policy_data().set_policy_type(
152 dm_protocol::kChromePublicAccountPolicyType);
153 }
154
155 void DeviceLocalAccountPolicyServiceTestBase::TearDown() {
156 service_->Shutdown();
157 service_.reset();
158 extension_cache_task_runner_->RunUntilIdle();
159 chromeos::DeviceSettingsTestBase::TearDown();
160 }
161
162 void DeviceLocalAccountPolicyServiceTestBase::CreatePolicyService() {
163 service_.reset(new DeviceLocalAccountPolicyService(
164 &device_settings_test_helper_, &device_settings_service_, &cros_settings_,
165 &affiliated_invalidation_service_provider_,
166 base::ThreadTaskRunnerHandle::Get(), extension_cache_task_runner_,
167 base::ThreadTaskRunnerHandle::Get(), base::ThreadTaskRunnerHandle::Get(),
168 new net::TestURLRequestContextGetter(
169 base::ThreadTaskRunnerHandle::Get())));
170 }
171
172 void DeviceLocalAccountPolicyServiceTestBase::
173 InstallDeviceLocalAccountPolicy(const std::string& account_id) {
174 device_local_account_policy_.policy_data().set_settings_entity_id(account_id);
175 device_local_account_policy_.policy_data().set_username(account_id);
176 device_local_account_policy_.Build();
177 device_settings_test_helper_.set_device_local_account_policy_blob(
178 account_id, device_local_account_policy_.GetBlob());
179 }
180
181 void DeviceLocalAccountPolicyServiceTestBase::AddDeviceLocalAccountToPolicy(
182 const std::string& account_id) {
183 em::DeviceLocalAccountInfoProto* account =
184 device_policy_.payload().mutable_device_local_accounts()->add_account();
185 account->set_account_id(account_id);
186 account->set_type(
187 em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION);
188 }
189
190 void DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy() {
191 device_policy_.Build();
192 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
193 ReloadDeviceSettings();
194 }
195
196 DeviceLocalAccountPolicyServiceTest::DeviceLocalAccountPolicyServiceTest() {
197 CreatePolicyService();
198 }
199
200 void DeviceLocalAccountPolicyServiceTest::SetUp() {
201 DeviceLocalAccountPolicyServiceTestBase::SetUp();
202 service_->AddObserver(&service_observer_);
203 }
204
205 void DeviceLocalAccountPolicyServiceTest::TearDown() {
206 service_->RemoveObserver(&service_observer_);
207 DeviceLocalAccountPolicyServiceTestBase::TearDown();
208 }
209
210 void DeviceLocalAccountPolicyServiceTest::InstallDevicePolicy() {
211 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged());
212 DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy();
213 Mock::VerifyAndClearExpectations(&service_observer_);
214 }
215
216 TEST_F(DeviceLocalAccountPolicyServiceTest, NoAccounts) {
217 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_));
218 }
219
220 TEST_F(DeviceLocalAccountPolicyServiceTest, GetBroker) {
221 InstallDeviceLocalAccountPolicy(kAccount1);
222 AddDeviceLocalAccountToPolicy(kAccount1);
223 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
224 InstallDevicePolicy();
225
226 DeviceLocalAccountPolicyBroker* broker =
227 service_->GetBrokerForUser(account_1_user_id_);
228 ASSERT_TRUE(broker);
229 EXPECT_EQ(account_1_user_id_, broker->user_id());
230 ASSERT_TRUE(broker->core()->store());
231 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
232 EXPECT_FALSE(broker->core()->client());
233 EXPECT_FALSE(broker->core()->store()->policy_map().empty());
234 EXPECT_FALSE(broker->HasInvalidatorForTest());
235 }
236
237 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadNoPolicy) {
238 AddDeviceLocalAccountToPolicy(kAccount1);
239 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
240 InstallDevicePolicy();
241
242 DeviceLocalAccountPolicyBroker* broker =
243 service_->GetBrokerForUser(account_1_user_id_);
244 ASSERT_TRUE(broker);
245 EXPECT_EQ(account_1_user_id_, broker->user_id());
246 ASSERT_TRUE(broker->core()->store());
247 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR,
248 broker->core()->store()->status());
249 EXPECT_TRUE(broker->core()->store()->policy_map().empty());
250 EXPECT_FALSE(broker->HasInvalidatorForTest());
251 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_));
252 }
253
254 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadValidationFailure) {
255 device_local_account_policy_.policy_data().set_policy_type(
256 dm_protocol::kChromeUserPolicyType);
257 InstallDeviceLocalAccountPolicy(kAccount1);
258 AddDeviceLocalAccountToPolicy(kAccount1);
259 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
260 InstallDevicePolicy();
261
262 DeviceLocalAccountPolicyBroker* broker =
263 service_->GetBrokerForUser(account_1_user_id_);
264 ASSERT_TRUE(broker);
265 EXPECT_EQ(account_1_user_id_, broker->user_id());
266 ASSERT_TRUE(broker->core()->store());
267 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR,
268 broker->core()->store()->status());
269 EXPECT_TRUE(broker->core()->store()->policy_map().empty());
270 EXPECT_FALSE(broker->HasInvalidatorForTest());
271 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_));
272 }
273
274 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadPolicy) {
275 InstallDeviceLocalAccountPolicy(kAccount1);
276 AddDeviceLocalAccountToPolicy(kAccount1);
277 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
278 InstallDevicePolicy();
279
280 DeviceLocalAccountPolicyBroker* broker =
281 service_->GetBrokerForUser(account_1_user_id_);
282 ASSERT_TRUE(broker);
283 EXPECT_EQ(account_1_user_id_, broker->user_id());
284 ASSERT_TRUE(broker->core()->store());
285 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
286 ASSERT_TRUE(broker->core()->store()->policy());
287 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
288 broker->core()->store()->policy()->SerializeAsString());
289 EXPECT_TRUE(expected_policy_map_.Equals(
290 broker->core()->store()->policy_map()));
291 EXPECT_FALSE(broker->HasInvalidatorForTest());
292 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
293 }
294
295 TEST_F(DeviceLocalAccountPolicyServiceTest, StoreValidationFailure) {
296 AddDeviceLocalAccountToPolicy(kAccount1);
297 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
298 InstallDevicePolicy();
299 Mock::VerifyAndClearExpectations(&service_observer_);
300
301 DeviceLocalAccountPolicyBroker* broker =
302 service_->GetBrokerForUser(account_1_user_id_);
303 ASSERT_TRUE(broker);
304 EXPECT_EQ(account_1_user_id_, broker->user_id());
305 ASSERT_TRUE(broker->core()->store());
306
307 device_local_account_policy_.policy_data().set_policy_type(
308 dm_protocol::kChromeUserPolicyType);
309 device_local_account_policy_.Build();
310 broker->core()->store()->Store(device_local_account_policy_.policy());
311 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
312 FlushDeviceSettings();
313
314 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR,
315 broker->core()->store()->status());
316 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE,
317 broker->core()->store()->validation_status());
318 EXPECT_FALSE(broker->HasInvalidatorForTest());
319 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_));
320 }
321
322 TEST_F(DeviceLocalAccountPolicyServiceTest, StorePolicy) {
323 AddDeviceLocalAccountToPolicy(kAccount1);
324 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
325 InstallDevicePolicy();
326 Mock::VerifyAndClearExpectations(&service_observer_);
327
328 DeviceLocalAccountPolicyBroker* broker =
329 service_->GetBrokerForUser(account_1_user_id_);
330 ASSERT_TRUE(broker);
331 EXPECT_EQ(account_1_user_id_, broker->user_id());
332 ASSERT_TRUE(broker->core()->store());
333
334 device_local_account_policy_.policy_data().set_settings_entity_id(kAccount1);
335 device_local_account_policy_.policy_data().set_username(kAccount1);
336 device_local_account_policy_.Build();
337 broker->core()->store()->Store(device_local_account_policy_.policy());
338 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
339 FlushDeviceSettings();
340
341 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
342 ASSERT_TRUE(broker->core()->store()->policy());
343 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
344 broker->core()->store()->policy()->SerializeAsString());
345 EXPECT_TRUE(expected_policy_map_.Equals(
346 broker->core()->store()->policy_map()));
347 EXPECT_FALSE(broker->HasInvalidatorForTest());
348 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
349 }
350
351 TEST_F(DeviceLocalAccountPolicyServiceTest, DevicePolicyChange) {
352 InstallDeviceLocalAccountPolicy(kAccount1);
353 AddDeviceLocalAccountToPolicy(kAccount1);
354 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
355 InstallDevicePolicy();
356
357 device_policy_.payload().mutable_device_local_accounts()->clear_account();
358 InstallDevicePolicy();
359
360 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_));
361 }
362
363 TEST_F(DeviceLocalAccountPolicyServiceTest, DuplicateAccounts) {
364 InstallDeviceLocalAccountPolicy(kAccount1);
365 AddDeviceLocalAccountToPolicy(kAccount1);
366 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
367 InstallDevicePolicy();
368 Mock::VerifyAndClearExpectations(&service_observer_);
369
370 // Add a second entry with a duplicate account name to device policy.
371 AddDeviceLocalAccountToPolicy(kAccount1);
372 InstallDevicePolicy();
373
374 // Make sure the broker is accessible and policy got loaded.
375 DeviceLocalAccountPolicyBroker* broker =
376 service_->GetBrokerForUser(account_1_user_id_);
377 ASSERT_TRUE(broker);
378 EXPECT_EQ(account_1_user_id_, broker->user_id());
379 ASSERT_TRUE(broker->core()->store());
380 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
381 ASSERT_TRUE(broker->core()->store()->policy());
382 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
383 broker->core()->store()->policy()->SerializeAsString());
384 EXPECT_TRUE(expected_policy_map_.Equals(
385 broker->core()->store()->policy_map()));
386 EXPECT_FALSE(broker->HasInvalidatorForTest());
387 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
388 }
389
390 TEST_F(DeviceLocalAccountPolicyServiceTest, FetchPolicy) {
391 InstallDeviceLocalAccountPolicy(kAccount1);
392 AddDeviceLocalAccountToPolicy(kAccount1);
393 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
394 InstallDevicePolicy();
395
396 DeviceLocalAccountPolicyBroker* broker =
397 service_->GetBrokerForUser(account_1_user_id_);
398 ASSERT_TRUE(broker);
399
400 service_->Connect(&mock_device_management_service_);
401 EXPECT_TRUE(broker->core()->client());
402
403 em::DeviceManagementRequest request;
404 em::DeviceManagementResponse response;
405 response.mutable_policy_response()->add_response()->CopyFrom(
406 device_local_account_policy_.policy());
407 EXPECT_CALL(mock_device_management_service_,
408 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH, _))
409 .WillOnce(mock_device_management_service_.SucceedJob(response));
410 EXPECT_CALL(
411 mock_device_management_service_,
412 StartJob(dm_protocol::kValueRequestPolicy, std::string(), std::string(),
413 device_policy_.policy_data().request_token(),
414 device_policy_.policy_data().device_id(), _))
415 .WillOnce(SaveArg<5>(&request));
416 // This will be called twice, because the ComponentCloudPolicyService will
417 // also become ready after flushing all the pending tasks.
418 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)).Times(2);
419 FlushDeviceSettings();
420 Mock::VerifyAndClearExpectations(&service_observer_);
421 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
422 EXPECT_TRUE(request.has_policy_request());
423 ASSERT_EQ(2, request.policy_request().request_size());
424
425 const em::PolicyFetchRequest* public_account =
426 &request.policy_request().request(0);
427 const em::PolicyFetchRequest* extensions =
428 &request.policy_request().request(1);
429 // The order is not guarateed.
430 if (extensions->policy_type() ==
431 dm_protocol::kChromePublicAccountPolicyType) {
432 std::swap(public_account, extensions);
433 }
434
435 EXPECT_EQ(dm_protocol::kChromePublicAccountPolicyType,
436 public_account->policy_type());
437 EXPECT_FALSE(public_account->has_machine_id());
438 EXPECT_EQ(kAccount1, public_account->settings_entity_id());
439
440 EXPECT_EQ(dm_protocol::kChromeExtensionPolicyType,
441 extensions->policy_type());
442 EXPECT_FALSE(extensions->has_machine_id());
443 EXPECT_FALSE(extensions->has_settings_entity_id());
444
445 ASSERT_TRUE(broker->core()->store());
446 EXPECT_EQ(CloudPolicyStore::STATUS_OK,
447 broker->core()->store()->status());
448 ASSERT_TRUE(broker->core()->store()->policy());
449 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
450 broker->core()->store()->policy()->SerializeAsString());
451 EXPECT_TRUE(expected_policy_map_.Equals(
452 broker->core()->store()->policy_map()));
453 EXPECT_TRUE(broker->HasInvalidatorForTest());
454 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
455 }
456
457 TEST_F(DeviceLocalAccountPolicyServiceTest, RefreshPolicy) {
458 InstallDeviceLocalAccountPolicy(kAccount1);
459 AddDeviceLocalAccountToPolicy(kAccount1);
460 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
461 InstallDevicePolicy();
462
463 DeviceLocalAccountPolicyBroker* broker =
464 service_->GetBrokerForUser(account_1_user_id_);
465 ASSERT_TRUE(broker);
466
467 service_->Connect(&mock_device_management_service_);
468 ASSERT_TRUE(broker->core()->service());
469
470 em::DeviceManagementResponse response;
471 response.mutable_policy_response()->add_response()->CopyFrom(
472 device_local_account_policy_.policy());
473 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _))
474 .WillOnce(mock_device_management_service_.SucceedJob(response));
475 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _));
476 EXPECT_CALL(*this, OnRefreshDone(true)).Times(1);
477 // This will be called twice, because the ComponentCloudPolicyService will
478 // also become ready after flushing all the pending tasks.
479 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)).Times(2);
480 broker->core()->service()->RefreshPolicy(
481 base::Bind(&DeviceLocalAccountPolicyServiceTest::OnRefreshDone,
482 base::Unretained(this)));
483 FlushDeviceSettings();
484 Mock::VerifyAndClearExpectations(&service_observer_);
485 Mock::VerifyAndClearExpectations(this);
486 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
487
488 ASSERT_TRUE(broker->core()->store());
489 EXPECT_EQ(CloudPolicyStore::STATUS_OK,
490 broker->core()->store()->status());
491 EXPECT_TRUE(expected_policy_map_.Equals(
492 broker->core()->store()->policy_map()));
493 EXPECT_TRUE(broker->HasInvalidatorForTest());
494 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
495 }
496
497 class DeviceLocalAccountPolicyExtensionCacheTest
498 : public DeviceLocalAccountPolicyServiceTestBase {
499 protected:
500 DeviceLocalAccountPolicyExtensionCacheTest();
501
502 void SetUp() override;
503
504 base::FilePath GetCacheDirectoryForAccountID(const std::string& account_id);
505
506 base::ScopedTempDir cache_root_dir_;
507 scoped_ptr<base::ScopedPathOverride> cache_root_dir_override_;
508
509 base::FilePath cache_dir_1_;
510 base::FilePath cache_dir_2_;
511 base::FilePath cache_dir_3_;
512
513 private:
514 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyExtensionCacheTest);
515 };
516
517 DeviceLocalAccountPolicyExtensionCacheTest::
518 DeviceLocalAccountPolicyExtensionCacheTest() {
519 }
520
521 void DeviceLocalAccountPolicyExtensionCacheTest::SetUp() {
522 DeviceLocalAccountPolicyServiceTestBase::SetUp();
523 ASSERT_TRUE(cache_root_dir_.CreateUniqueTempDir());
524 cache_root_dir_override_.reset(new base::ScopedPathOverride(
525 chromeos::DIR_DEVICE_LOCAL_ACCOUNT_EXTENSIONS,
526 cache_root_dir_.path()));
527
528 cache_dir_1_ = GetCacheDirectoryForAccountID(kAccount1);
529 cache_dir_2_ = GetCacheDirectoryForAccountID(kAccount2);
530 cache_dir_3_ = GetCacheDirectoryForAccountID(kAccount3);
531
532 em::StringList* forcelist = device_local_account_policy_.payload()
533 .mutable_extensioninstallforcelist()->mutable_value();
534 forcelist->add_entries(base::StringPrintf("%s;%s", kExtensionID, kUpdateURL));
535 }
536
537 base::FilePath DeviceLocalAccountPolicyExtensionCacheTest::
538 GetCacheDirectoryForAccountID(const std::string& account_id) {
539 return cache_root_dir_.path().Append(base::HexEncode(account_id.c_str(),
540 account_id.size()));
541 }
542
543 // Verifies that during startup, orphaned cache directories are deleted,
544 // cache directories belonging to an existing account are preserved and missing
545 // cache directories are created. Also verifies that when startup is complete,
546 // the caches for all existing accounts are running.
547 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, Startup) {
548 base::FilePath test_data_dir;
549 ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &test_data_dir));
550 const base::FilePath source_crx_file =
551 test_data_dir.Append(kExtensionCRXPath);
552 const std::string target_crx_file_name =
553 base::StringPrintf("%s-%s.crx", kExtensionID, kExtensionVersion);
554
555 // Create and pre-populate a cache directory for account 1.
556 EXPECT_TRUE(base::CreateDirectory(cache_dir_1_));
557 EXPECT_TRUE(CopyFile(source_crx_file,
558 cache_dir_1_.Append(target_crx_file_name)));
559
560 // Create and pre-populate a cache directory for account 3.
561 EXPECT_TRUE(base::CreateDirectory(cache_dir_3_));
562 EXPECT_TRUE(CopyFile(source_crx_file,
563 cache_dir_3_.Append(target_crx_file_name)));
564
565 // Add accounts 1 and 2 to device policy.
566 InstallDeviceLocalAccountPolicy(kAccount1);
567 InstallDeviceLocalAccountPolicy(kAccount2);
568 AddDeviceLocalAccountToPolicy(kAccount1);
569 AddDeviceLocalAccountToPolicy(kAccount2);
570 InstallDevicePolicy();
571
572 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
573 // deletion of orphaned cache directories.
574 CreatePolicyService();
575 FlushDeviceSettings();
576 extension_cache_task_runner_->RunUntilIdle();
577
578 // Verify that the cache directory for account 1 and its contents still exist.
579 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_));
580 EXPECT_TRUE(ContentsEqual(source_crx_file,
581 cache_dir_1_.Append(target_crx_file_name)));
582
583 // Verify that a cache directory for account 2 was created.
584 EXPECT_TRUE(base::DirectoryExists(cache_dir_2_));
585
586 // Verify that the cache directory for account 3 was deleted.
587 EXPECT_FALSE(base::DirectoryExists(cache_dir_3_));
588
589 // Verify that the cache for account 1 has been started.
590 DeviceLocalAccountPolicyBroker* broker =
591 service_->GetBrokerForUser(account_1_user_id_);
592 ASSERT_TRUE(broker);
593 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
594
595 // Verify that the cache for account 2 has been started.
596 broker = service_->GetBrokerForUser(account_2_user_id_);
597 ASSERT_TRUE(broker);
598 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
599 }
600
601 // Verifies that while the deletion of orphaned cache directories is in
602 // progress, the caches for accounts which existed before the deletion started
603 // are running but caches for newly added accounts are not started.
604 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstOrphanDeletion) {
605 // Add account 1 to device policy.
606 InstallDeviceLocalAccountPolicy(kAccount1);
607 AddDeviceLocalAccountToPolicy(kAccount1);
608 InstallDevicePolicy();
609
610 // Create the DeviceLocalAccountPolicyService, triggering the deletion of
611 // orphaned cache directories.
612 CreatePolicyService();
613 FlushDeviceSettings();
614
615 // Verify that the cache for account 1 has been started as it is unaffected by
616 // the orphan deletion.
617 DeviceLocalAccountPolicyBroker* broker =
618 service_->GetBrokerForUser(account_1_user_id_);
619 ASSERT_TRUE(broker);
620 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
621
622 // Add account 2 to device policy.
623 InstallDeviceLocalAccountPolicy(kAccount2);
624 AddDeviceLocalAccountToPolicy(kAccount2);
625 InstallDevicePolicy();
626
627 // Verify that the cache for account 2 has not been started yet as the orphan
628 // deletion is still in progress.
629 broker = service_->GetBrokerForUser(account_2_user_id_);
630 ASSERT_TRUE(broker);
631 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning());
632
633 // Allow the orphan deletion to finish.
634 extension_cache_task_runner_->RunUntilIdle();
635 base::RunLoop().RunUntilIdle();
636
637 // Verify that the cache for account 2 has been started.
638 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
639 }
640
641 // Verifies that while the shutdown of a cache is in progress, no new cache is
642 // started if an account with the same ID is re-added.
643 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstCacheShutdown) {
644 // Add account 1 to device policy.
645 InstallDeviceLocalAccountPolicy(kAccount1);
646 AddDeviceLocalAccountToPolicy(kAccount1);
647 InstallDevicePolicy();
648
649 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
650 // deletion of orphaned cache directories.
651 CreatePolicyService();
652 FlushDeviceSettings();
653 extension_cache_task_runner_->RunUntilIdle();
654
655 // Remove account 1 from device policy, triggering a shutdown of its cache.
656 device_policy_.payload().mutable_device_local_accounts()->clear_account();
657 InstallDevicePolicy();
658
659 // Re-add account 1 to device policy.
660 AddDeviceLocalAccountToPolicy(kAccount1);
661 InstallDevicePolicy();
662
663 // Verify that the cache for account 1 has not been started yet as the
664 // shutdown of a previous cache for this account ID is still in progress.
665 DeviceLocalAccountPolicyBroker* broker =
666 service_->GetBrokerForUser(account_1_user_id_);
667 ASSERT_TRUE(broker);
668 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning());
669
670 // Allow the cache shutdown to finish.
671 extension_cache_task_runner_->RunUntilIdle();
672 base::RunLoop().RunUntilIdle();
673
674 // Verify that the cache directory for account 1 still exists.
675 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_));
676
677 // Verify that the cache for account 1 has been started, reusing the existing
678 // cache directory.
679 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
680 }
681
682 // Verifies that while the deletion of an obsolete cache directory is in
683 // progress, no new cache is started if an account with the same ID is re-added.
684 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest,
685 RaceAgainstObsoleteDeletion) {
686 // Add account 1 to device policy.
687 InstallDeviceLocalAccountPolicy(kAccount1);
688 AddDeviceLocalAccountToPolicy(kAccount1);
689 InstallDevicePolicy();
690
691 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
692 // deletion of orphaned cache directories.
693 CreatePolicyService();
694 FlushDeviceSettings();
695 extension_cache_task_runner_->RunUntilIdle();
696
697 // Remove account 1 from device policy, allowing the shutdown of its cache to
698 // finish and the deletion of its now obsolete cache directory to begin.
699 device_policy_.payload().mutable_device_local_accounts()->clear_account();
700 InstallDevicePolicy();
701 extension_cache_task_runner_->RunUntilIdle();
702 base::RunLoop().RunUntilIdle();
703
704 // Re-add account 1 to device policy.
705 AddDeviceLocalAccountToPolicy(kAccount1);
706 InstallDevicePolicy();
707
708 // Verify that the cache for account 1 has not been started yet as the
709 // deletion of the cache directory for this account ID is still in progress.
710 DeviceLocalAccountPolicyBroker* broker =
711 service_->GetBrokerForUser(account_1_user_id_);
712 ASSERT_TRUE(broker);
713 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning());
714
715 // Allow the deletion to finish.
716 extension_cache_task_runner_->RunUntilIdle();
717 base::RunLoop().RunUntilIdle();
718
719 // Verify that the cache directory for account 1 was deleted.
720 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_));
721
722 // Verify that the cache for account 1 has been started.
723 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
724 }
725
726 // Verifies that when an account is added and no deletion of cache directories
727 // affecting this account is in progress, its cache is started immediately.
728 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, AddAccount) {
729 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
730 // deletion of orphaned cache directories.
731 InstallDevicePolicy();
732 CreatePolicyService();
733 FlushDeviceSettings();
734 extension_cache_task_runner_->RunUntilIdle();
735
736 // Add account 1 to device policy.
737 InstallDeviceLocalAccountPolicy(kAccount1);
738 AddDeviceLocalAccountToPolicy(kAccount1);
739 InstallDevicePolicy();
740
741 // Verify that the cache for account 1 has been started.
742 DeviceLocalAccountPolicyBroker* broker =
743 service_->GetBrokerForUser(account_1_user_id_);
744 ASSERT_TRUE(broker);
745 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
746 }
747
748 // Verifies that when an account is removed, its cache directory is deleted.
749 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RemoveAccount) {
750 // Add account 1 to device policy.
751 InstallDeviceLocalAccountPolicy(kAccount1);
752 AddDeviceLocalAccountToPolicy(kAccount1);
753 InstallDevicePolicy();
754
755 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
756 // deletion of orphaned cache directories.
757 CreatePolicyService();
758 FlushDeviceSettings();
759 extension_cache_task_runner_->RunUntilIdle();
760
761 // Verify that a cache directory has been created for account 1.
762 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_));
763
764 // Remove account 1 from device policy, allowing the deletion of its now
765 // obsolete cache directory to finish.
766 device_policy_.payload().mutable_device_local_accounts()->clear_account();
767 InstallDevicePolicy();
768 extension_cache_task_runner_->RunUntilIdle();
769 base::RunLoop().RunUntilIdle();
770 extension_cache_task_runner_->RunUntilIdle();
771
772 // Verify that the cache directory for account 1 was deleted.
773 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_));
774 }
775
776 class DeviceLocalAccountPolicyProviderTest
777 : public DeviceLocalAccountPolicyServiceTestBase {
778 protected:
779 DeviceLocalAccountPolicyProviderTest();
780
781 void SetUp() override;
782 void TearDown() override;
783
784 SchemaRegistry schema_registry_;
785 scoped_ptr<DeviceLocalAccountPolicyProvider> provider_;
786 MockConfigurationPolicyObserver provider_observer_;
787
788 private:
789 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyProviderTest);
790 };
791
792 DeviceLocalAccountPolicyProviderTest::DeviceLocalAccountPolicyProviderTest() {
793 CreatePolicyService();
794 provider_ = DeviceLocalAccountPolicyProvider::Create(
795 GenerateDeviceLocalAccountUserId(kAccount1,
796 DeviceLocalAccount::TYPE_PUBLIC_SESSION),
797 service_.get());
798 }
799
800 void DeviceLocalAccountPolicyProviderTest::SetUp() {
801 DeviceLocalAccountPolicyServiceTestBase::SetUp();
802 provider_->Init(&schema_registry_);
803 provider_->AddObserver(&provider_observer_);
804
805 // Values implicitly enforced for public accounts.
806 expected_policy_map_.Set(key::kLidCloseAction,
807 POLICY_LEVEL_MANDATORY,
808 POLICY_SCOPE_MACHINE,
809 new base::FundamentalValue(
810 chromeos::PowerPolicyController::
811 ACTION_STOP_SESSION),
812 NULL);
813 expected_policy_map_.Set(key::kShelfAutoHideBehavior,
814 POLICY_LEVEL_MANDATORY,
815 POLICY_SCOPE_MACHINE,
816 new base::StringValue("Never"),
817 NULL);
818 expected_policy_map_.Set(key::kShowLogoutButtonInTray,
819 POLICY_LEVEL_MANDATORY,
820 POLICY_SCOPE_MACHINE,
821 new base::FundamentalValue(true),
822 NULL);
823 expected_policy_map_.Set(key::kFullscreenAllowed,
824 POLICY_LEVEL_MANDATORY,
825 POLICY_SCOPE_MACHINE,
826 new base::FundamentalValue(false),
827 NULL);
828 }
829
830 void DeviceLocalAccountPolicyProviderTest::TearDown() {
831 provider_->RemoveObserver(&provider_observer_);
832 provider_->Shutdown();
833 provider_.reset();
834 DeviceLocalAccountPolicyServiceTestBase::TearDown();
835 }
836
837 TEST_F(DeviceLocalAccountPolicyProviderTest, Initialization) {
838 EXPECT_FALSE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
839
840 // Policy change should complete initialization.
841 InstallDeviceLocalAccountPolicy(kAccount1);
842 AddDeviceLocalAccountToPolicy(kAccount1);
843 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
844 .Times(AtLeast(1));
845 InstallDevicePolicy();
846 Mock::VerifyAndClearExpectations(&provider_observer_);
847
848 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
849
850 // The account disappearing should *not* flip the initialization flag back.
851 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
852 .Times(AnyNumber());
853 device_policy_.payload().mutable_device_local_accounts()->clear_account();
854 InstallDevicePolicy();
855 Mock::VerifyAndClearExpectations(&provider_observer_);
856
857 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
858 }
859
860 TEST_F(DeviceLocalAccountPolicyProviderTest, Policy) {
861 // Policy should load successfully.
862 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
863 .Times(AtLeast(1));
864 InstallDeviceLocalAccountPolicy(kAccount1);
865 AddDeviceLocalAccountToPolicy(kAccount1);
866 InstallDevicePolicy();
867 Mock::VerifyAndClearExpectations(&provider_observer_);
868
869 PolicyBundle expected_policy_bundle;
870 expected_policy_bundle.Get(PolicyNamespace(
871 POLICY_DOMAIN_CHROME, std::string())).CopyFrom(expected_policy_map_);
872 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
873
874 // Policy change should be reported.
875 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
876 .Times(AtLeast(1));
877 device_local_account_policy_.payload().mutable_disablespdy()->set_value(
878 false);
879 InstallDeviceLocalAccountPolicy(kAccount1);
880 DeviceLocalAccountPolicyBroker* broker =
881 service_->GetBrokerForUser(account_1_user_id_);
882 ASSERT_TRUE(broker);
883 broker->core()->store()->Load();
884 FlushDeviceSettings();
885 Mock::VerifyAndClearExpectations(&provider_observer_);
886
887 expected_policy_bundle.Get(
888 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
889 .Set(key::kDisableSpdy,
890 POLICY_LEVEL_MANDATORY,
891 POLICY_SCOPE_USER,
892 new base::FundamentalValue(false),
893 NULL);
894 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
895
896 // Any values set for the |ShelfAutoHideBehavior|, |ShowLogoutButtonInTray|
897 // and |ExtensionAllowedTypes| policies should be overridden.
898 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
899 .Times(AtLeast(1));
900 device_local_account_policy_.payload().mutable_shelfautohidebehavior()->
901 set_value("Always");
902 device_local_account_policy_.payload().mutable_showlogoutbuttonintray()->
903 set_value(false);
904 InstallDeviceLocalAccountPolicy(kAccount1);
905 broker->core()->store()->Load();
906 FlushDeviceSettings();
907 Mock::VerifyAndClearExpectations(&provider_observer_);
908 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
909
910 // Account disappears, policy should stay in effect.
911 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
912 .Times(AnyNumber());
913 device_policy_.payload().mutable_device_local_accounts()->clear_account();
914 InstallDevicePolicy();
915 Mock::VerifyAndClearExpectations(&provider_observer_);
916
917 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
918 }
919
920 TEST_F(DeviceLocalAccountPolicyProviderTest, RefreshPolicies) {
921 // If there's no device policy, the refresh completes immediately.
922 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_));
923 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
924 .Times(AtLeast(1));
925 provider_->RefreshPolicies();
926 Mock::VerifyAndClearExpectations(&provider_observer_);
927
928 // Make device settings appear.
929 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
930 .Times(AnyNumber());
931 AddDeviceLocalAccountToPolicy(kAccount1);
932 InstallDevicePolicy();
933 EXPECT_TRUE(service_->GetBrokerForUser(account_1_user_id_));
934
935 // If there's no cloud connection, refreshes are still immediate.
936 DeviceLocalAccountPolicyBroker* broker =
937 service_->GetBrokerForUser(account_1_user_id_);
938 ASSERT_TRUE(broker);
939 EXPECT_FALSE(broker->core()->client());
940 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
941 .Times(AtLeast(1));
942 provider_->RefreshPolicies();
943 Mock::VerifyAndClearExpectations(&provider_observer_);
944
945 // Bring up the cloud connection. The refresh scheduler may fire refreshes at
946 // this point which are not relevant for the test.
947 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _))
948 .WillRepeatedly(
949 mock_device_management_service_.FailJob(DM_STATUS_REQUEST_FAILED));
950 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _))
951 .Times(AnyNumber());
952 service_->Connect(&mock_device_management_service_);
953 FlushDeviceSettings();
954 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
955
956 // No callbacks until the refresh completes.
957 EXPECT_CALL(provider_observer_, OnUpdatePolicy(_)).Times(0);
958 MockDeviceManagementJob* request_job;
959 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _))
960 .WillOnce(mock_device_management_service_.CreateAsyncJob(&request_job));
961 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _));
962 provider_->RefreshPolicies();
963 ReloadDeviceSettings();
964 Mock::VerifyAndClearExpectations(&provider_observer_);
965 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
966 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
967
968 // When the response comes in, it should propagate and fire the notification.
969 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
970 .Times(AtLeast(1));
971 ASSERT_TRUE(request_job);
972 em::DeviceManagementResponse response;
973 device_local_account_policy_.Build();
974 response.mutable_policy_response()->add_response()->CopyFrom(
975 device_local_account_policy_.policy());
976 request_job->SendResponse(DM_STATUS_SUCCESS, response);
977 FlushDeviceSettings();
978 Mock::VerifyAndClearExpectations(&provider_observer_);
979 }
980
981 } // namespace policy