signin: force web signin flow initiated visits to accounts.google.com to their own process.

chrome/browser/signin/signin_browsertest.cc

Index: chrome/browser/signin/signin_browsertest.cc
diff --git a/chrome/browser/signin/signin_browsertest.cc b/chrome/browser/signin/signin_browsertest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..cf6ed694a1bc7d91bcea9bdfde6f836e65e8d84b
--- /dev/null
+++ b/chrome/browser/signin/signin_browsertest.cc
@@ -0,0 +1,105 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_SIGNIN_SIGNIN_BROWSERTEST_H_
+#define CHROME_BROWSER_SIGNIN_SIGNIN_BROWSERTEST_H_
+
+#include "chrome/browser/signin/signin_manager.h"
+#include "chrome/browser/signin/signin_manager_factory.h"
+#include "chrome/browser/ui/browser.h"
+#include "chrome/browser/ui/tabs/tab_strip_model.h"
+#include "chrome/browser/ui/webui/signin/login_ui_service.h"
+#include "chrome/browser/ui/webui/signin/login_ui_service_factory.h"
+#include "chrome/browser/ui/webui/sync_promo/sync_promo_ui.h"
+#include "chrome/common/url_constants.h"
+#include "chrome/test/base/in_process_browser_test.h"
+#include "chrome/test/base/ui_test_utils.h"
+#include "content/public/browser/render_process_host.h"
+#include "content/public/browser/web_contents.h"
+#include "google_apis/gaia/gaia_urls.h"
+#include "net/url_request/test_url_fetcher_factory.h"
+
+namespace {
+  const char kNonSigninURL[] = "www.google.com";
+}
+
+class SigninBrowserTest : public InProcessBrowserTest {
+ public:
+  virtual void SetUp() OVERRIDE {
+    factory_.reset(new net::URLFetcherImplFactory());
+    fake_factory_.reset(new net::FakeURLFetcherFactory(factory_.get()));
+    fake_factory_->SetFakeResponse(
+        GaiaUrls::GetInstance()->service_login_url(),
+        std::string(),
+        true);
+    fake_factory_->SetFakeResponse(kNonSigninURL, std::string(), true);
+    // Yield control back to the InProcessBrowserTest framework.
+    InProcessBrowserTest::SetUp();
+  }
+
+  virtual void TearDown() OVERRIDE {
+    if (fake_factory_.get()) {
+      fake_factory_->ClearFakeResponses();
+      fake_factory_.reset();
+    }
+
+    // Cancel any outstanding URL fetches and destroy the URLFetcherImplFactory
+    // we created.
+    net::URLFetcher::CancelAll();
+    factory_.reset();
+    InProcessBrowserTest::TearDown();
+  }
+
+ private:
+  // Fake URLFetcher factory used to mock out GAIA signin.
+  scoped_ptr<net::FakeURLFetcherFactory> fake_factory_;
+
+  // The URLFetcherImplFactory instance used to instantiate |fake_factory_|.
+  scoped_ptr<net::URLFetcherImplFactory> factory_;
+};
+
+IN_PROC_BROWSER_TEST_F(SigninBrowserTest, ProcessIsolation) {
+  SigninManager* signin = SigninManagerFactory::GetForProfile(
+      browser()->profile());
+  EXPECT_FALSE(signin->HasSigninProcess());
+
+  // Starting from about:blank (or any normal renderer) won't result in us
+  // granting "signin" privileges to the process, because it is treated just
+  // as a normal navigation to that URL and normal renderers are suitable
+  // hosts.
+  ui_test_utils::NavigateToURL(browser(), SyncPromoUI::GetSyncPromoURL(
+          GURL(), SyncPromoUI::SOURCE_NTP_LINK, true));

[Charlie Reis, 2013/03/04 19:22:24]

nit: wrong indent

[tim (not reviewing), 2013/03/04 23:40:19]

Done.

+  EXPECT_FALSE(signin->HasSigninProcess());
+
+  // A "privileged" signin renderer will only be created if the navigation
+  // is programatically initiated in a brand new tab or in a tab with an
+  // unsuitable host, such as a WebUI tab hosting the new tab page.

[Charlie Reis, 2013/03/04 19:22:24]

I don't understand what this means.  Won't we always create a privileged
renderer, including on navigations from normal web pages?

Can you test for that?

+  ui_test_utils::NavigateToURL(browser(), GURL(chrome::kChromeUINewTabURL));
+  EXPECT_FALSE(signin->HasSigninProcess());
+
+  ui_test_utils::NavigateToURL(browser(), SyncPromoUI::GetSyncPromoURL(
+      GURL(), SyncPromoUI::SOURCE_NTP_LINK, true));
+  EXPECT_TRUE(signin->HasSigninProcess());
+
+  content::WebContents* active_tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  int active_tab_process_id =
+      active_tab->GetRenderProcessHost()->GetID();
+  EXPECT_TRUE(signin->IsSigninProcess(active_tab_process_id));

[Charlie Reis, 2013/03/04 19:22:24]

Can you add this line to verify that it doesn't have WebUI bindings?

EXPECT_EQ(0, active_tab->GetRenderViewHost()->GetEnabledBindings());

[tim (not reviewing), 2013/03/04 23:40:19]

Done.

+
+  // Entry points to signin request "SINGLETON_TAB" mode, so a new request
+  // shouldn't change anything.
+  LoginUIService* login = LoginUIServiceFactory::GetForProfile(
+      browser()->profile());
+  login->ShowLoginPopup();
+  EXPECT_EQ(active_tab, browser()->tab_strip_model()->GetActiveWebContents());
+  EXPECT_TRUE(signin->IsSigninProcess(active_tab_process_id));
+
+  // Navigating away should change the process.
+  ui_test_utils::NavigateToURL(browser(), GURL(kNonSigninURL));
+  EXPECT_FALSE(signin->IsSigninProcess(
+      active_tab->GetRenderProcessHost()->GetID()));
+}
+
+#endif  // CHROME_BROWSER_SIGNIN_SIGNIN_BROWSERTEST_H_