Chromium Code Reviews Chromium Code Reviews
Issue 12374007:
signin: force web signin flow initiated visits to accounts.google.com to their own process. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_BROWSER_SIGNIN_SIGNIN_BROWSERTEST_H_ | |
| 6 #define CHROME_BROWSER_SIGNIN_SIGNIN_BROWSERTEST_H_ | |
| 7 | |
| 8 #include "chrome/browser/signin/signin_manager.h" | |
| 9 #include "chrome/browser/signin/signin_manager_factory.h" | |
| 10 #include "chrome/browser/ui/browser.h" | |
| 11 #include "chrome/browser/ui/tabs/tab_strip_model.h" | |
| 12 #include "chrome/browser/ui/webui/signin/login_ui_service.h" | |
| 13 #include "chrome/browser/ui/webui/signin/login_ui_service_factory.h" | |
| 14 #include "chrome/browser/ui/webui/sync_promo/sync_promo_ui.h" | |
| 15 #include "chrome/common/url_constants.h" | |
| 16 #include "chrome/test/base/in_process_browser_test.h" | |
| 17 #include "chrome/test/base/ui_test_utils.h" | |
| 18 #include "content/public/browser/render_process_host.h" | |
| 19 #include "content/public/browser/render_view_host.h" | |
| 20 #include "content/public/browser/web_contents.h" | |
| 21 #include "google_apis/gaia/gaia_urls.h" | |
| 22 #include "net/url_request/test_url_fetcher_factory.h" | |
| 23 | |
| 24 namespace { | |
| 25 const char kNonSigninURL[] = "www.google.com"; | |
| 26 } | |
| 27 | |
| 28 class SigninBrowserTest : public InProcessBrowserTest { | |
| 29 public: | |
| 30 virtual void SetUp() OVERRIDE { | |
| 31 factory_.reset(new net::URLFetcherImplFactory()); | |
| 32 fake_factory_.reset(new net::FakeURLFetcherFactory(factory_.get())); | |
| 33 fake_factory_->SetFakeResponse( | |
| 34 GaiaUrls::GetInstance()->service_login_url(), | |
| 35 std::string(), | |
| 36 true); | |
| 37 fake_factory_->SetFakeResponse(kNonSigninURL, std::string(), true); | |
| 38 // Yield control back to the InProcessBrowserTest framework. | |
| 39 InProcessBrowserTest::SetUp(); | |
| 40 } | |
| 41 | |
| 42 virtual void TearDown() OVERRIDE { | |
| 43 if (fake_factory_.get()) { | |
| 44 fake_factory_->ClearFakeResponses(); | |
| 45 fake_factory_.reset(); | |
| 46 } | |
| 47 | |
| 48 // Cancel any outstanding URL fetches and destroy the URLFetcherImplFactory | |
| 49 // we created. | |
| 50 net::URLFetcher::CancelAll(); | |
| 51 factory_.reset(); | |
| 52 InProcessBrowserTest::TearDown(); | |
| 53 } | |
| 54 | |
| 55 private: | |
| 56 // Fake URLFetcher factory used to mock out GAIA signin. | |
| 57 scoped_ptr<net::FakeURLFetcherFactory> fake_factory_; | |
| 58 | |
| 59 // The URLFetcherImplFactory instance used to instantiate |fake_factory_|. | |
| 60 scoped_ptr<net::URLFetcherImplFactory> factory_; | |
| 61 }; | |
| 62 | |
| 63 IN_PROC_BROWSER_TEST_F(SigninBrowserTest, ProcessIsolation) { | |
| 64 // If the one-click-signin feature is not enabled (e.g Chrome OS), we | |
| 65 // never grant signin privileges to any renderer processes. | |
| 66 const bool kOneClickSigninEnabled = SyncPromoUI::UseWebBasedSigninFlow(); | |
| 67 | |
| 68 SigninManager* signin = SigninManagerFactory::GetForProfile( | |
| 69 browser()->profile()); | |
| 70 EXPECT_FALSE(signin->HasSigninProcess()); | |
| 71 | |
| 72 // First, note that only certain paths to our signin URL will result in | |
| 73 // swapping to a privileged process. Starting from about:blank (or any | |
| 74 // normal renderer) won't result in us granting "signin" privileges to the | |
| 75 // process, because it is treated just as a normal navigation to that URL | |
| 76 // and normal renderers are suitable hosts. | |
|
Charlie Reis
2013/03/06 00:14:53
How did this change?
tim (not reviewing)
2013/03/06 01:04:08
This changed because chrome-extension requires a d
| |
| 77 ui_test_utils::NavigateToURL(browser(), SyncPromoUI::GetSyncPromoURL( | |
| 78 GURL(), SyncPromoUI::SOURCE_NTP_LINK, true)); | |
| 79 EXPECT_FALSE(signin->HasSigninProcess()); | |
| 80 | |
| 81 // A "privileged" signin renderer will only be created if the navigation | |
| 82 // is programatically initiated in a brand new tab or in a tab with an | |
| 83 // unsuitable host, such as a WebUI tab hosting the new tab page. | |
| 84 ui_test_utils::NavigateToURL(browser(), GURL(chrome::kChromeUINewTabURL)); | |
| 85 EXPECT_FALSE(signin->HasSigninProcess()); | |
| 86 | |
| 87 ui_test_utils::NavigateToURL(browser(), SyncPromoUI::GetSyncPromoURL( | |
| 88 GURL(), SyncPromoUI::SOURCE_NTP_LINK, true)); | |
| 89 EXPECT_EQ(kOneClickSigninEnabled, signin->HasSigninProcess()); | |
| 90 | |
| 91 content::WebContents* active_tab = | |
| 92 browser()->tab_strip_model()->GetActiveWebContents(); | |
| 93 int active_tab_process_id = | |
| 94 active_tab->GetRenderProcessHost()->GetID(); | |
| 95 EXPECT_EQ(kOneClickSigninEnabled, | |
| 96 signin->IsSigninProcess(active_tab_process_id)); | |
| 97 EXPECT_EQ(0, active_tab->GetRenderViewHost()->GetEnabledBindings()); | |
| 98 | |
| 99 // Entry points to signin request "SINGLETON_TAB" mode, so a new request | |
| 100 // shouldn't change anything. | |
| 101 LoginUIService* login = LoginUIServiceFactory::GetForProfile( | |
| 102 browser()->profile()); | |
| 103 login->ShowLoginPopup(); | |
| 104 EXPECT_EQ(active_tab, browser()->tab_strip_model()->GetActiveWebContents()); | |
| 105 EXPECT_EQ(kOneClickSigninEnabled, | |
| 106 signin->IsSigninProcess(active_tab_process_id)); | |
| 107 | |
| 108 // Navigating away should change the process. | |
| 109 ui_test_utils::NavigateToURL(browser(), GURL(kNonSigninURL)); | |
| 110 EXPECT_FALSE(signin->IsSigninProcess( | |
| 111 active_tab->GetRenderProcessHost()->GetID())); | |
| 112 } | |
| 113 | |
| 114 #endif // CHROME_BROWSER_SIGNIN_SIGNIN_BROWSERTEST_H_ | |
| OLD | NEW |
