| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/policy/cloud_policy_controller.h" |
| 6 |
| 7 #include "base/message_loop.h" |
| 8 #include "base/scoped_temp_dir.h" |
| 9 #include "chrome/browser/browser_thread.h" |
| 10 #include "chrome/browser/policy/cloud_policy_cache.h" |
| 11 #include "chrome/browser/policy/mock_configuration_policy_store.h" |
| 12 #include "chrome/browser/policy/mock_device_management_backend.h" |
| 13 #include "policy/policy_constants.h" |
| 14 #include "testing/gmock/include/gmock/gmock.h" |
| 15 #include "testing/gtest/include/gtest/gtest.h" |
| 16 |
| 17 const char kTestToken[] = "cloud_policy_controller_test_auth_token"; |
| 18 |
| 19 namespace policy { |
| 20 |
| 21 using ::testing::_; |
| 22 using ::testing::AtLeast; |
| 23 using ::testing::InSequence; |
| 24 using ::testing::Mock; |
| 25 using ::testing::Return; |
| 26 |
| 27 class MockCloudPolicyIdentityStrategy : public CloudPolicyIdentityStrategy { |
| 28 public: |
| 29 MockCloudPolicyIdentityStrategy() {} |
| 30 virtual ~MockCloudPolicyIdentityStrategy() {} |
| 31 |
| 32 MOCK_METHOD0(GetDeviceToken, std::string()); |
| 33 MOCK_METHOD0(GetDeviceID, std::string()); |
| 34 MOCK_METHOD2(GetCredentials, bool(std::string*, std::string*)); |
| 35 virtual void OnDeviceTokenAvailable(const std::string&) {} |
| 36 |
| 37 private: |
| 38 DISALLOW_COPY_AND_ASSIGN(MockCloudPolicyIdentityStrategy); |
| 39 }; |
| 40 |
| 41 ACTION_P2(MockCloudPolicyIdentityStrategyGetCredentials, username, auth_token) { |
| 42 *arg0 = username; |
| 43 *arg1 = auth_token; |
| 44 return true; |
| 45 } |
| 46 |
| 47 class MockDeviceTokenFetcher : public DeviceTokenFetcher { |
| 48 public: |
| 49 explicit MockDeviceTokenFetcher(CloudPolicyCache* cache) |
| 50 : DeviceTokenFetcher(NULL, cache) {} |
| 51 virtual ~MockDeviceTokenFetcher() {} |
| 52 |
| 53 MOCK_METHOD0(GetDeviceToken, std::string&()); |
| 54 MOCK_METHOD2(FetchToken, void(const std::string&, const std::string&)); |
| 55 |
| 56 private: |
| 57 DISALLOW_COPY_AND_ASSIGN(MockDeviceTokenFetcher); |
| 58 }; |
| 59 |
| 60 class CloudPolicyControllerTest : public testing::Test { |
| 61 public: |
| 62 CloudPolicyControllerTest() |
| 63 : ui_thread_(BrowserThread::UI, &loop_), |
| 64 file_thread_(BrowserThread::FILE, &loop_) {} |
| 65 |
| 66 virtual ~CloudPolicyControllerTest() {} |
| 67 |
| 68 virtual void SetUp() { |
| 69 ASSERT_TRUE(temp_user_data_dir_.CreateUniqueTempDir()); |
| 70 cache_.reset(new CloudPolicyCache( |
| 71 temp_user_data_dir_.path().AppendASCII("CloudPolicyControllerTest"))); |
| 72 token_fetcher_.reset(new MockDeviceTokenFetcher(cache_.get())); |
| 73 } |
| 74 |
| 75 virtual void TearDown() { |
| 76 controller_.reset(); // Unregisters observers. |
| 77 } |
| 78 |
| 79 // Takes ownership of |backend|. |
| 80 void CreateNewController(DeviceManagementBackend* backend) { |
| 81 controller_.reset(new CloudPolicyController( |
| 82 cache_.get(), backend, token_fetcher_.get(), &identity_strategy_)); |
| 83 } |
| 84 |
| 85 void CreateNewController(DeviceManagementBackend* backend, |
| 86 int64 policy_refresh_rate_ms, |
| 87 int policy_refresh_deviation_factor_percent, |
| 88 int64 policy_refresh_deviation_max_ms, |
| 89 int64 policy_refresh_error_delay_ms) { |
| 90 controller_.reset(new CloudPolicyController( |
| 91 cache_.get(), backend, token_fetcher_.get(), &identity_strategy_, |
| 92 policy_refresh_rate_ms, |
| 93 policy_refresh_deviation_factor_percent, |
| 94 policy_refresh_deviation_max_ms, |
| 95 policy_refresh_error_delay_ms)); |
| 96 } |
| 97 |
| 98 void ExpectHasSpdyPolicy() { |
| 99 MockConfigurationPolicyStore store; |
| 100 EXPECT_CALL(store, Apply(_, _)).Times(AtLeast(1)); |
| 101 cache_->GetManagedPolicyProvider()->Provide(&store); |
| 102 FundamentalValue expected(true); |
| 103 ASSERT_TRUE(store.Get(kPolicyDisableSpdy) != NULL); |
| 104 EXPECT_TRUE(store.Get(kPolicyDisableSpdy)->Equals(&expected)); |
| 105 } |
| 106 |
| 107 void SetupIdentityStrategy(const std::string& device_token, |
| 108 const std::string& device_id, |
| 109 const std::string& user_name, |
| 110 const std::string& auth_token) { |
| 111 EXPECT_CALL(identity_strategy_, GetDeviceToken()).WillRepeatedly( |
| 112 Return(device_token)); |
| 113 EXPECT_CALL(identity_strategy_, GetDeviceID()).WillRepeatedly( |
| 114 Return(device_id)); |
| 115 if (!user_name.empty()) { |
| 116 EXPECT_CALL(identity_strategy_, GetCredentials(_, _)).WillRepeatedly( |
| 117 MockCloudPolicyIdentityStrategyGetCredentials(user_name, auth_token)); |
| 118 } |
| 119 } |
| 120 |
| 121 protected: |
| 122 scoped_ptr<CloudPolicyCache> cache_; |
| 123 scoped_ptr<CloudPolicyController> controller_; |
| 124 scoped_ptr<MockDeviceTokenFetcher> token_fetcher_; |
| 125 MockCloudPolicyIdentityStrategy identity_strategy_; |
| 126 ScopedTempDir temp_user_data_dir_; |
| 127 MessageLoop loop_; |
| 128 |
| 129 private: |
| 130 BrowserThread ui_thread_; |
| 131 BrowserThread file_thread_; |
| 132 |
| 133 DISALLOW_COPY_AND_ASSIGN(CloudPolicyControllerTest); |
| 134 }; |
| 135 |
| 136 // If a device token is present when the controller starts up, it should |
| 137 // fetch and apply policy. |
| 138 TEST_F(CloudPolicyControllerTest, StartupWithDeviceToken) { |
| 139 SetupIdentityStrategy("fake_device_token", "device_id", "", ""); |
| 140 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); |
| 141 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( |
| 142 MockDeviceManagementBackendSucceedSpdyCloudPolicy()); |
| 143 CreateNewController(backend); |
| 144 loop_.RunAllPending(); |
| 145 ExpectHasSpdyPolicy(); |
| 146 } |
| 147 |
| 148 // If no device token is present when the controller starts up, it should |
| 149 // instruct the token_fetcher_ to fetch one. |
| 150 TEST_F(CloudPolicyControllerTest, StartupWithoutDeviceToken) { |
| 151 SetupIdentityStrategy("", "device_id", "a@b.com", "auth_token"); |
| 152 EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _)).Times(1); |
| 153 CreateNewController(NULL); |
| 154 loop_.RunAllPending(); |
| 155 } |
| 156 |
| 157 // If the current user belongs to a known non-managed domain, no token fetch |
| 158 // should be initiated. |
| 159 TEST_F(CloudPolicyControllerTest, StartupUnmanagedUser) { |
| 160 SetupIdentityStrategy("", "device_id", "DannoHelper@gmail.com", "auth_token"); |
| 161 EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _)).Times(0); |
| 162 CreateNewController(NULL); |
| 163 loop_.RunAllPending(); |
| 164 } |
| 165 |
| 166 // After policy has been fetched successfully, a new fetch should be triggered |
| 167 // after the refresh interval has timed out. |
| 168 TEST_F(CloudPolicyControllerTest, RefreshAfterSuccessfulPolicy) { |
| 169 SetupIdentityStrategy("device_token", "device_id", |
| 170 "DannoHelperDelegate@b.com", "auth_token"); |
| 171 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); |
| 172 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( |
| 173 MockDeviceManagementBackendSucceedSpdyCloudPolicy()).WillOnce( |
| 174 MockDeviceManagementBackendFailPolicy( |
| 175 DeviceManagementBackend::kErrorRequestFailed)); |
| 176 CreateNewController(backend, 0, 0, 0, 1000 * 1000); |
| 177 loop_.RunAllPending(); |
| 178 ExpectHasSpdyPolicy(); |
| 179 } |
| 180 |
| 181 // If poliy fetching failed, it should be retried. |
| 182 TEST_F(CloudPolicyControllerTest, RefreshAfterError) { |
| 183 SetupIdentityStrategy("device_token", "device_id", |
| 184 "DannoHelperDelegateImpl@b.com", "auth_token"); |
| 185 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); |
| 186 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( |
| 187 MockDeviceManagementBackendFailPolicy( |
| 188 DeviceManagementBackend::kErrorRequestFailed)).WillOnce( |
| 189 MockDeviceManagementBackendSucceedSpdyCloudPolicy()); |
| 190 CreateNewController(backend, 1000 * 1000, 0, 0, 0); |
| 191 loop_.RunAllPending(); |
| 192 ExpectHasSpdyPolicy(); |
| 193 } |
| 194 |
| 195 // If the backend reports that the device token was invalid, the controller |
| 196 // should instruct the token fetcher to fetch a new token. |
| 197 TEST_F(CloudPolicyControllerTest, InvalidToken) { |
| 198 SetupIdentityStrategy("device_token", "device_id", "standup@ten.am", "auth"); |
| 199 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); |
| 200 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( |
| 201 MockDeviceManagementBackendFailPolicy( |
| 202 DeviceManagementBackend::kErrorServiceManagementTokenInvalid)); |
| 203 EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _)).Times(1); |
| 204 CreateNewController(backend); |
| 205 loop_.RunAllPending(); |
| 206 } |
| 207 |
| 208 // If the backend reports that the device is unknown to the server, the |
| 209 // controller should instruct the token fetcher to fetch a new token. |
| 210 TEST_F(CloudPolicyControllerTest, DeviceNotFound) { |
| 211 SetupIdentityStrategy("device_token", "device_id", "me@you.com", "auth"); |
| 212 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); |
| 213 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( |
| 214 MockDeviceManagementBackendFailPolicy( |
| 215 DeviceManagementBackend::kErrorServiceDeviceNotFound)); |
| 216 EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _)).Times(1); |
| 217 CreateNewController(backend); |
| 218 loop_.RunAllPending(); |
| 219 } |
| 220 |
| 221 // If the backend reports that the device is no longer managed, the controller |
| 222 // shoud instruct the token fetcher to fetch a new token (which will in turn |
| 223 // set and persist the correct 'unmanaged' state). |
| 224 TEST_F(CloudPolicyControllerTest, NoLongerManaged) { |
| 225 SetupIdentityStrategy("device_token", "device_id", "who@what.com", "auth"); |
| 226 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); |
| 227 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( |
| 228 MockDeviceManagementBackendFailPolicy( |
| 229 DeviceManagementBackend::kErrorServiceManagementNotSupported)); |
| 230 EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _)).Times(1); |
| 231 CreateNewController(backend); |
| 232 loop_.RunAllPending(); |
| 233 } |
| 234 |
| 235 // If the server doesn't support the new protocol, the controller should fall |
| 236 // back to the old protocol. |
| 237 TEST_F(CloudPolicyControllerTest, FallbackToOldProtocol) { |
| 238 SetupIdentityStrategy("device_token", "device_id", "a@b.com", "auth"); |
| 239 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); |
| 240 // If the CloudPolicyRequest fails with kErrorRequestInvalid... |
| 241 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( |
| 242 MockDeviceManagementBackendFailPolicy( |
| 243 DeviceManagementBackend::kErrorRequestInvalid)); |
| 244 // ...the client should fall back to a classic PolicyRequest, |
| 245 // and remember this fallback for any future request, |
| 246 // both after successful fetches and after errors. |
| 247 EXPECT_CALL(*backend, ProcessPolicyRequest(_, _, _, _)).WillOnce( |
| 248 MockDeviceManagementBackendSucceedBooleanPolicy( |
| 249 key::kDisableSpdy, true)).WillOnce( |
| 250 MockDeviceManagementBackendFailPolicy( |
| 251 DeviceManagementBackend::kErrorHttpStatus)).WillOnce( |
| 252 Return()); |
| 253 CreateNewController(backend, 0, 0, 0, 0); |
| 254 loop_.RunAllPending(); |
| 255 ExpectHasSpdyPolicy(); |
| 256 } |
| 257 |
| 258 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6520008:
Device policy infrastructure (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src