Add a lock to the managed user settings page and require authentication for unlocking.

chrome/browser/managed_mode/managed_user_passphrase_unittest.cc

Index: chrome/browser/managed_mode/managed_user_passphrase_unittest.cc
diff --git a/chrome/browser/managed_mode/managed_user_passphrase_unittest.cc b/chrome/browser/managed_mode/managed_user_passphrase_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..093ab74d84ecd461fc51dcb8fb9e70d2e87d3231
--- /dev/null
+++ b/chrome/browser/managed_mode/managed_user_passphrase_unittest.cc
@@ -0,0 +1,86 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.

[Pam (message me for reviews), 2013/01/28 13:53:27]

2013

[Adrian Kuegel, 2013/01/28 15:41:44]

Done.

+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/managed_mode/managed_user_passphrase.h"
+
+#include <string>
+
+#include "testing/gtest/include/gtest/gtest.h"
+
+// This test checks the class ManagedUserPassphraseTest when providing a salt

[Pam (message me for reviews), 2013/01/28 13:53:27]

It actually checks the ManagedUserPassphrase class, right?

[Adrian Kuegel, 2013/01/28 15:41:44]

Right, I fixed that now.

+// as parameter of the constructor.
+TEST(ManagedUserPassphraseTest, WithSaltProvided) {

[Pam (message me for reviews), 2013/01/28 13:53:27]

Please add blank lines to make all these tests easier to read. It's partly
personal style, but I'd put them before each internal comment, since those mark
separate logical chunks.

[Adrian Kuegel, 2013/01/28 15:41:44]

Done.

+  std::string salt = "my special salt";
+  std::string salt2 = "my other special salt";
+  ManagedUserPassphrase instance_with_provided_salt(salt);
+  ManagedUserPassphrase other_instance_with_provided_salt(salt2);
+  // We expect that the provided salt is used internally as well.
+  EXPECT_STREQ(salt.c_str(), instance_with_provided_salt.GetSalt().c_str());
+  std::string passphrase_hash;
+  std::string passphrase = "some_passphrase123";
+  instance_with_provided_salt.GenerateHashFromPassphrase(passphrase,
+                                                         &passphrase_hash);
+  // As the method generates a Base64 encoded 128 bit key, we expect the
+  // passphrase hash to have length at least 7 bytes.
+  EXPECT_GE(passphrase_hash.size(), 7u);
+  // When calling the function with a (slightly) different parameter, we
+  // expect to get a different result.
+  std::string passphrase2 = passphrase + "4";
+  std::string passphrase_hash2;
+  instance_with_provided_salt.GenerateHashFromPassphrase(passphrase2,
+                                                         &passphrase_hash2);
+  EXPECT_GE(passphrase_hash2.size(), 7u);
+  EXPECT_STRNE(passphrase_hash.c_str(), passphrase_hash2.c_str());
+  // When calling the function again with the first parameter, we expect to
+  // get the same result as in the first call.
+  instance_with_provided_salt.GenerateHashFromPassphrase(passphrase,
+                                                         &passphrase_hash2);
+  EXPECT_STREQ(passphrase_hash.c_str(), passphrase_hash2.c_str());
+  // When calling the function on the instance with the other salt, but
+  // with the same passphrase, we expect to get a different result.
+  other_instance_with_provided_salt.GenerateHashFromPassphrase(
+      passphrase,
+      &passphrase_hash2);
+  EXPECT_STRNE(passphrase_hash.c_str(), passphrase_hash2.c_str());
+}
+
+// This test checks the class ManagedUserPassphraseTest when no salt is
+// provided as parameter of the constructor.
+TEST(ManagedUserPassphraseTest, WithEmptySalt) {
+  ManagedUserPassphrase instance_with_empty_salt((std::string()));
+  ManagedUserPassphrase other_instance_with_empty_salt((std::string()));
+  std::string salt = instance_with_empty_salt.GetSalt();
+  std::string salt2 = other_instance_with_empty_salt.GetSalt();
+  // We expect that the class will generate a salt randomly, and for different
+  // instances a different salt is calculated.
+  EXPECT_GT(salt.size(), 0u);
+  EXPECT_GT(salt2.size(), 0u);
+  EXPECT_STRNE(salt.c_str(), salt2.c_str());
+  std::string passphrase_hash;

[Pam (message me for reviews), 2013/01/28 13:53:27]

Once you've verified the presence of two different salts in the two passphrases,
I think it's safe to skip the rest of this test, since it duplicates what's
above.

[Adrian Kuegel, 2013/01/28 15:41:44]

True. It was actually just copy/paste, so it is definitely a duplicate test. I
removed these lines now.

+  std::string passphrase = "some_passphrase123";
+  instance_with_empty_salt.GenerateHashFromPassphrase(passphrase,
+                                                      &passphrase_hash);
+  // As the method generates a Base64 encoded 128 bit key, we expect the
+  // passphrase hash to have length at least 7 bytes.
+  EXPECT_GE(passphrase_hash.size(), 7u);
+  // When calling the function with a (slightly) different parameter, we
+  // expect to get a different result.
+  std::string passphrase2 = passphrase + "4";
+  std::string passphrase_hash2;
+  instance_with_empty_salt.GenerateHashFromPassphrase(passphrase2,
+                                                      &passphrase_hash2);
+  EXPECT_GE(passphrase_hash2.size(), 7u);
+  EXPECT_STRNE(passphrase_hash.c_str(), passphrase_hash2.c_str());
+  // When calling the function again with the first parameter, we expect to
+  // get the same result as in the first call.
+  instance_with_empty_salt.GenerateHashFromPassphrase(passphrase,
+                                                      &passphrase_hash2);
+  EXPECT_STREQ(passphrase_hash.c_str(), passphrase_hash2.c_str());
+  // When calling the function on the instance with the other salt, but
+  // with the same passphrase, we expect to get a different result.
+  other_instance_with_empty_salt.GenerateHashFromPassphrase(
+      passphrase,
+      &passphrase_hash2);
+  EXPECT_STRNE(passphrase_hash.c_str(), passphrase_hash2.c_str());
+}