Chromium Code Reviews Chromium Code Reviews
Issue 1306183007:
Switch to id-based affiliation determination (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/prefs/pref_service.h" | |
| 5 #include "base/strings/stringprintf.h" | 6 #include "base/strings/stringprintf.h" |
| 7 #include "chrome/browser/browser_process.h" | |
| 8 #include "chrome/browser/chromeos/policy/affiliation_test_helper.h" | |
| 6 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | 9 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
| 7 #include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h" | 10 #include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h" |
| 8 #include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h" | 11 #include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h" |
| 9 #include "chrome/browser/extensions/extension_apitest.h" | 12 #include "chrome/browser/extensions/extension_apitest.h" |
| 10 #include "chrome/browser/net/url_request_mock_util.h" | 13 #include "chrome/browser/net/url_request_mock_util.h" |
| 14 #include "chrome/test/base/ui_test_utils.h" | |
| 11 #include "chromeos/dbus/fake_session_manager_client.h" | 15 #include "chromeos/dbus/fake_session_manager_client.h" |
| 12 #include "chromeos/login/user_names.h" | 16 #include "chromeos/login/user_names.h" |
| 13 #include "components/policy/core/common/mock_configuration_policy_provider.h" | 17 #include "components/policy/core/common/mock_configuration_policy_provider.h" |
| 18 #include "components/user_manager/user_manager.h" | |
| 14 #include "content/public/browser/notification_service.h" | 19 #include "content/public/browser/notification_service.h" |
| 15 #include "content/public/test/test_utils.h" | 20 #include "content/public/test/test_utils.h" |
| 16 #include "extensions/browser/api_test_utils.h" | 21 #include "extensions/browser/api_test_utils.h" |
| 17 #include "extensions/browser/extension_registry.h" | 22 #include "extensions/browser/extension_registry.h" |
| 18 #include "extensions/browser/test_extension_registry_observer.h" | 23 #include "extensions/browser/test_extension_registry_observer.h" |
| 24 #include "extensions/test/result_catcher.h" | |
| 19 #include "net/test/url_request/url_request_mock_http_job.h" | 25 #include "net/test/url_request/url_request_mock_http_job.h" |
| 20 #include "policy/policy_constants.h" | 26 #include "policy/policy_constants.h" |
| 21 | 27 |
| 22 namespace { | 28 namespace { |
| 23 | 29 |
| 24 const char kDeviceId[] = "device_id"; | 30 const char kDeviceId[] = "device_id"; |
| 25 const base::FilePath::CharType kTestExtensionDir[] = | 31 const base::FilePath::CharType kTestExtensionDir[] = |
| 26 FILE_PATH_LITERAL("extensions/api_test/enterprise_device_attributes"); | 32 FILE_PATH_LITERAL("extensions/api_test/enterprise_device_attributes"); |
| 27 const base::FilePath::CharType kUpdateManifestFileName[] = | 33 const base::FilePath::CharType kUpdateManifestFileName[] = |
| 28 FILE_PATH_LITERAL("update_manifest.xml"); | 34 FILE_PATH_LITERAL("update_manifest.xml"); |
| 29 | 35 |
| 36 const char kAffiliatedUser[] = "user@example.com"; | |
| 37 const char kAffiliationID[] = "some-affiliation-id"; | |
| 38 const char kAnotherAffiliationID[] = "another-affiliation-id"; | |
| 39 | |
| 30 // The managed_storage extension has a key defined in its manifest, so that | 40 // The managed_storage extension has a key defined in its manifest, so that |
| 31 // its extension ID is well-known and the policy system can push policies for | 41 // its extension ID is well-known and the policy system can push policies for |
| 32 // the extension. | 42 // the extension. |
| 33 const char kTestExtensionID[] = "nbiliclbejdndfpchgkbmfoppjplbdok"; | 43 const char kTestExtensionID[] = "nbiliclbejdndfpchgkbmfoppjplbdok"; |
| 34 | 44 |
| 45 struct Params { | |
| 46 explicit Params(bool affiliated) : affiliated_(affiliated) {} | |
| 47 bool affiliated_; | |
| 48 }; | |
| 49 | |
| 35 } // namespace | 50 } // namespace |
| 36 | 51 |
| 37 namespace extensions { | 52 namespace extensions { |
| 38 | 53 |
| 39 class EnterpriseDeviceAttributesTest : public ExtensionApiTest { | 54 class EnterpriseDeviceAttributesTest : |
| 55 public ExtensionApiTest, | |
| 56 public ::testing::WithParamInterface<Params> { | |
| 40 public: | 57 public: |
| 41 explicit EnterpriseDeviceAttributesTest(const std::string& domain) | 58 EnterpriseDeviceAttributesTest() { |
| 42 : fake_session_manager_client_(new chromeos::FakeSessionManagerClient), | 59 set_exit_when_last_browser_closes(false); |
| 43 test_domain_(domain) {} | 60 set_chromeos_user_ = false; |
| 61 } | |
| 44 | 62 |
| 45 protected: | 63 protected: |
| 64 // ExtensionApiTest | |
| 65 void SetUpCommandLine(base::CommandLine* command_line) override { | |
| 66 ExtensionApiTest::SetUpCommandLine(command_line); | |
| 67 chromeos::affiliation_test_helper::AppendCommandLineSwitches(command_line); | |
| 68 } | |
| 69 | |
| 46 void SetUpInProcessBrowserTestFixture() override { | 70 void SetUpInProcessBrowserTestFixture() override { |
| 71 ExtensionApiTest::SetUpInProcessBrowserTestFixture(); | |
| 72 | |
| 73 chromeos::FakeSessionManagerClient* fake_session_manager_client = | |
| 74 new chromeos::FakeSessionManagerClient; | |
| 47 chromeos::DBusThreadManager::GetSetterForTesting()->SetSessionManagerClient( | 75 chromeos::DBusThreadManager::GetSetterForTesting()->SetSessionManagerClient( |
| 48 make_scoped_ptr(fake_session_manager_client_)); | 76 scoped_ptr<chromeos::SessionManagerClient>( |
| 49 ExtensionApiTest::SetUpInProcessBrowserTestFixture(); | 77 fake_session_manager_client)); |
| 78 | |
| 79 std::set<std::string> device_affiliation_ids; | |
| 80 device_affiliation_ids.insert(kAffiliationID); | |
| 81 chromeos::affiliation_test_helper::SetDeviceAffiliationID( | |
| 82 &test_helper_, fake_session_manager_client, device_affiliation_ids); | |
| 83 | |
| 84 std::set<std::string> user_affiliation_ids; | |
| 85 if (GetParam().affiliated_) { | |
| 86 user_affiliation_ids.insert(kAffiliationID); | |
| 87 } else { | |
| 88 user_affiliation_ids.insert(kAnotherAffiliationID); | |
| 89 } | |
| 90 policy::UserPolicyBuilder user_policy; | |
| 91 chromeos::affiliation_test_helper::SetUserAffiliationIDs( | |
| 92 &user_policy, fake_session_manager_client, kAffiliatedUser, | |
| 93 user_affiliation_ids); | |
| 50 | 94 |
| 51 // Set up fake install attributes. | 95 // Set up fake install attributes. |
| 52 scoped_ptr<policy::StubEnterpriseInstallAttributes> attributes( | 96 scoped_ptr<policy::StubEnterpriseInstallAttributes> attributes( |
| 53 new policy::StubEnterpriseInstallAttributes()); | 97 new policy::StubEnterpriseInstallAttributes()); |
| 54 | 98 |
| 55 attributes->SetDomain(test_domain_); | 99 attributes->SetRegistrationUser(kAffiliatedUser); |
| 56 attributes->SetRegistrationUser(chromeos::login::kStubUser); | |
| 57 policy::BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting( | 100 policy::BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting( |
| 58 attributes.release()); | 101 attributes.release()); |
| 59 | 102 |
| 60 test_helper_.InstallOwnerKey(); | 103 test_helper_.InstallOwnerKey(); |
| 61 // Init the device policy. | 104 // Init the device policy. |
| 62 policy::DevicePolicyBuilder* device_policy = test_helper_.device_policy(); | 105 policy::DevicePolicyBuilder* device_policy = test_helper_.device_policy(); |
| 63 device_policy->SetDefaultSigningKey(); | 106 device_policy->SetDefaultSigningKey(); |
| 64 device_policy->policy_data().set_directory_api_id(kDeviceId); | 107 device_policy->policy_data().set_directory_api_id(kDeviceId); |
| 65 device_policy->Build(); | 108 device_policy->Build(); |
| 66 | 109 |
| 67 fake_session_manager_client_->set_device_policy(device_policy->GetBlob()); | 110 fake_session_manager_client->set_device_policy(device_policy->GetBlob()); |
| 68 fake_session_manager_client_->OnPropertyChangeComplete(true); | 111 fake_session_manager_client->OnPropertyChangeComplete(true); |
| 69 | 112 |
| 70 // Init the user policy provider. | 113 // Init the user policy provider. |
| 71 EXPECT_CALL(policy_provider_, IsInitializationComplete(testing::_)) | 114 EXPECT_CALL(policy_provider_, IsInitializationComplete(testing::_)) |
| 72 .WillRepeatedly(testing::Return(true)); | 115 .WillRepeatedly(testing::Return(true)); |
| 73 policy_provider_.SetAutoRefresh(); | 116 policy_provider_.SetAutoRefresh(); |
| 74 policy::BrowserPolicyConnector::SetPolicyProviderForTesting( | 117 policy::BrowserPolicyConnector::SetPolicyProviderForTesting( |
| 75 &policy_provider_); | 118 &policy_provider_); |
| 76 } | 119 } |
| 77 | 120 |
| 78 void SetUpOnMainThread() override { | 121 void SetUpOnMainThread() override { |
| 122 const base::ListValue* users = | |
| 123 g_browser_process->local_state()->GetList("LoggedInUsers"); | |
| 124 if (!users->empty()) { | |
| 125 chromeos::affiliation_test_helper::LoginUser(kAffiliatedUser); | |
| 126 } | |
| 127 | |
| 79 ExtensionApiTest::SetUpOnMainThread(); | 128 ExtensionApiTest::SetUpOnMainThread(); |
| 80 | |
| 81 // Enable the URLRequestMock, which is required for force-installing the | |
| 82 // test extension through policy. | |
| 83 content::BrowserThread::PostTask( | |
| 84 content::BrowserThread::IO, FROM_HERE, | |
| 85 base::Bind(chrome_browser_net::SetUrlRequestMocksEnabled, true)); | |
| 86 | |
| 87 SetPolicy(); | |
| 88 } | 129 } |
| 89 | 130 |
| 90 private: | |
| 91 void SetPolicy() { | 131 void SetPolicy() { |
| 92 // Extensions that are force-installed come from an update URL, which | 132 // Extensions that are force-installed come from an update URL, which |
| 93 // defaults to the webstore. Use a mock URL for this test with an update | 133 // defaults to the webstore. Use a mock URL for this test with an update |
| 94 // manifest that includes the crx file of the test extension. | 134 // manifest that includes the crx file of the test extension. |
| 95 base::FilePath update_manifest_path = | 135 base::FilePath update_manifest_path = |
| 96 base::FilePath(kTestExtensionDir).Append(kUpdateManifestFileName); | 136 base::FilePath(kTestExtensionDir).Append(kUpdateManifestFileName); |
| 97 GURL update_manifest_url( | 137 GURL update_manifest_url( |
| 98 net::URLRequestMockHTTPJob::GetMockUrl(update_manifest_path)); | 138 net::URLRequestMockHTTPJob::GetMockUrl(update_manifest_path)); |
| 99 | 139 |
| 100 scoped_ptr<base::ListValue> forcelist(new base::ListValue); | 140 scoped_ptr<base::ListValue> forcelist(new base::ListValue); |
| 101 forcelist->AppendString(base::StringPrintf( | 141 forcelist->AppendString(base::StringPrintf( |
| 102 "%s;%s", kTestExtensionID, update_manifest_url.spec().c_str())); | 142 "%s;%s", kTestExtensionID, update_manifest_url.spec().c_str())); |
| 103 | 143 |
| 104 policy::PolicyMap policy; | 144 policy::PolicyMap policy; |
| 105 policy.Set(policy::key::kExtensionInstallForcelist, | 145 policy.Set(policy::key::kExtensionInstallForcelist, |
| 106 policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_MACHINE, | 146 policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_MACHINE, |
| 107 forcelist.release(), NULL); | 147 forcelist.release(), NULL); |
| 108 | 148 |
| 109 // Set the policy and wait until the extension is installed. | 149 // Set the policy and wait until the extension is installed. |
| 110 extensions::TestExtensionRegistryObserver observer( | 150 extensions::TestExtensionRegistryObserver observer( |
| 111 ExtensionRegistry::Get(profile())); | 151 ExtensionRegistry::Get(profile())); |
| 112 policy_provider_.UpdateChromePolicy(policy); | 152 policy_provider_.UpdateChromePolicy(policy); |
| 113 observer.WaitForExtensionLoaded(); | 153 observer.WaitForExtensionLoaded(); |
| 114 } | 154 } |
| 115 | 155 |
| 116 chromeos::FakeSessionManagerClient* const fake_session_manager_client_; | 156 // Load |page_url| in |browser| and wait for PASSED or FAILED notification. |
| 157 // The functionality of this function is reduced functionality of | |
| 158 // RunExtensionSubtest(), but we don't use it here because it requires | |
| 159 // function browser() to return non-NULL pointer. It is not our case and we | |
|
Andrew T Wilson (Slow)
2015/09/16 15:02:06
Not clear - why isn't browser() returning a valid
peletskyi
2015/09/21 14:17:25
browser() is a function of InProcessBrowserTest an
| |
| 160 // can not set that pointer to valid value. From another side we need only | |
| 161 // very little functionality from RunExtensionSubtest(). Thus so that don't | |
| 162 // make RunExtensionSubtest() to complex we just introduce a new function. | |
| 163 bool TestExtension(Browser* browser, const std::string& page_url) { | |
| 164 DCHECK(!page_url.empty()) <<"page_url cannot be empty"; | |
| 165 | |
| 166 extensions::ResultCatcher catcher; | |
| 167 ui_test_utils::NavigateToURL(browser, GURL(page_url)); | |
| 168 | |
| 169 if (!catcher.GetNextResult()) { | |
| 170 message_ = catcher.message(); | |
| 171 return false; | |
| 172 } | |
| 173 return true; | |
| 174 } | |
| 175 | |
| 176 private: | |
| 117 policy::MockConfigurationPolicyProvider policy_provider_; | 177 policy::MockConfigurationPolicyProvider policy_provider_; |
| 118 policy::DevicePolicyCrosTestHelper test_helper_; | 178 policy::DevicePolicyCrosTestHelper test_helper_; |
| 119 const std::string test_domain_; | |
| 120 }; | 179 }; |
| 121 | 180 |
| 122 // Creates affiliated user before browser initializes. | 181 IN_PROC_BROWSER_TEST_P(EnterpriseDeviceAttributesTest, PRE_Success) { |
| 123 class EnterpriseDeviceAttributesAffiliatedTest | 182 chromeos::affiliation_test_helper::PreLoginUser(kAffiliatedUser); |
| 124 : public EnterpriseDeviceAttributesTest { | 183 } |
| 125 public: | |
| 126 EnterpriseDeviceAttributesAffiliatedTest() | |
| 127 : EnterpriseDeviceAttributesTest("gmail.com") {} | |
| 128 }; | |
| 129 | 184 |
| 130 // Creates non-affiliated user before browser init. | 185 IN_PROC_BROWSER_TEST_P(EnterpriseDeviceAttributesTest, Success) { |
| 131 class EnterpriseDeviceAttributesNonAffiliatedTest | 186 content::BrowserThread::PostTask( |
| 132 : public EnterpriseDeviceAttributesTest { | 187 content::BrowserThread::IO, FROM_HERE, |
| 133 public: | 188 base::Bind(chrome_browser_net::SetUrlRequestMocksEnabled, true)); |
| 134 EnterpriseDeviceAttributesNonAffiliatedTest() | |
| 135 : EnterpriseDeviceAttributesTest("example.com") {} | |
| 136 }; | |
| 137 | 189 |
| 138 // Tests the case of an affiliated user and pre-installed extension. Fetches | 190 SetPolicy(); |
| 139 // the valid cloud directory device id. | 191 |
| 140 IN_PROC_BROWSER_TEST_F(EnterpriseDeviceAttributesAffiliatedTest, Success) { | 192 EXPECT_EQ(GetParam().affiliated_, user_manager::UserManager::Get() |
| 193 ->FindUser(kAffiliatedUser) | |
| 194 ->is_affiliated()); | |
| 195 | |
| 196 // Device ID is available only for affiliated user. | |
| 197 std::string device_id = GetParam().affiliated_ ? kDeviceId : ""; | |
| 198 | |
| 141 // Pass the expected value (device_id) to test. | 199 // Pass the expected value (device_id) to test. |
| 142 ASSERT_TRUE(RunExtensionSubtest( | 200 ASSERT_TRUE(TestExtension(CreateBrowser(profile()), |
| 143 "", base::StringPrintf("chrome-extension://%s/basic.html?%s", | 201 base::StringPrintf("chrome-extension://%s/basic.html?%s", |
| 144 kTestExtensionID, kDeviceId))) | 202 kTestExtensionID, device_id.c_str()))) |
| 145 << message_; | 203 << message_; |
| 146 } | 204 } |
| 147 | 205 |
| 148 // Test the case of non-affiliated user and pre-installed by policy extension. | |
| 149 // Extension API is available, but fetches the empty string. | |
| 150 IN_PROC_BROWSER_TEST_F(EnterpriseDeviceAttributesNonAffiliatedTest, | |
| 151 EmptyString) { | |
| 152 // Pass the expected value (empty string) to test. | |
| 153 ASSERT_TRUE(RunExtensionSubtest( | |
| 154 "", base::StringPrintf("chrome-extension://%s/basic.html?%s", | |
| 155 kTestExtensionID, ""))) | |
| 156 << message_; | |
| 157 } | |
| 158 | |
| 159 // Ensure that extensions that are not pre-installed by policy throw an install | 206 // Ensure that extensions that are not pre-installed by policy throw an install |
| 160 // warning if they request the enterprise.deviceAttributes permission in the | 207 // warning if they request the enterprise.deviceAttributes permission in the |
| 161 // manifest and that such extensions don't see the | 208 // manifest and that such extensions don't see the |
| 162 // chrome.enterprise.deviceAttributes namespace. | 209 // chrome.enterprise.deviceAttributes namespace. |
| 163 IN_PROC_BROWSER_TEST_F( | 210 IN_PROC_BROWSER_TEST_F( |
| 164 ExtensionApiTest, | 211 ExtensionApiTest, |
| 165 EnterpriseDeviceAttributesIsRestrictedToPolicyExtension) { | 212 EnterpriseDeviceAttributesIsRestrictedToPolicyExtension) { |
| 166 ASSERT_TRUE(RunExtensionSubtest("enterprise_device_attributes", | 213 ASSERT_TRUE(RunExtensionSubtest("enterprise_device_attributes", |
| 167 "api_not_available.html", | 214 "api_not_available.html", |
| 168 kFlagIgnoreManifestWarnings)); | 215 kFlagIgnoreManifestWarnings)); |
| 169 | 216 |
| 170 base::FilePath extension_path = | 217 base::FilePath extension_path = |
| 171 test_data_dir_.AppendASCII("enterprise_device_attributes"); | 218 test_data_dir_.AppendASCII("enterprise_device_attributes"); |
| 172 extensions::ExtensionRegistry* registry = | 219 extensions::ExtensionRegistry* registry = |
| 173 extensions::ExtensionRegistry::Get(profile()); | 220 extensions::ExtensionRegistry::Get(profile()); |
| 174 const extensions::Extension* extension = | 221 const extensions::Extension* extension = |
| 175 GetExtensionByPath(registry->enabled_extensions(), extension_path); | 222 GetExtensionByPath(registry->enabled_extensions(), extension_path); |
| 176 ASSERT_FALSE(extension->install_warnings().empty()); | 223 ASSERT_FALSE(extension->install_warnings().empty()); |
| 177 EXPECT_EQ( | 224 EXPECT_EQ( |
| 178 "'enterprise.deviceAttributes' is not allowed for specified install " | 225 "'enterprise.deviceAttributes' is not allowed for specified install " |
| 179 "location.", | 226 "location.", |
| 180 extension->install_warnings()[0].message); | 227 extension->install_warnings()[0].message); |
| 181 } | 228 } |
| 182 | 229 |
| 230 INSTANTIATE_TEST_CASE_P(AffiliationCheck, | |
| 231 EnterpriseDeviceAttributesTest, | |
| 232 ::testing::Values(Params(true), Params(false))); | |
| 183 } // namespace extensions | 233 } // namespace extensions |
| OLD | NEW |
