Retrieve the authenticated user's e-mail from GAIA during SAML login

chrome/browser/chromeos/login/saml_browsertest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/command_line.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/chromeos/login/existing_user_controller.h"
 #include "chrome/browser/chromeos/login/login_display_host_impl.h"
 #include "chrome/browser/chromeos/login/test/oobe_screen_waiter.h"
+#include "chrome/browser/chromeos/login/user.h"
+#include "chrome/browser/chromeos/login/user_manager.h"
 #include "chrome/browser/chromeos/login/webui_login_display.h"
 #include "chrome/browser/chromeos/login/wizard_controller.h"
 #include "chrome/browser/lifetime/application_lifetime.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chromeos/chromeos_switches.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/test_utils.h"
@@ skipping 16 matching lines @@
 
 const char kTestAuthSIDCookie[] = "fake-auth-SID-cookie";
 const char kTestAuthLSIDCookie[] = "fake-auth-LSID-cookie";
 const char kTestAuthCode[] = "fake-auth-code";
 const char kTestGaiaUberToken[] = "fake-uber-token";
 const char kTestAuthLoginAccessToken[] = "fake-access-token";
 const char kTestRefreshToken[] = "fake-refresh-token";
 const char kTestSessionSIDCookie[] = "fake-session-SID-cookie";
 const char kTestSessionLSIDCookie[] = "fake-session-LSID-cookie";
 
+const char kAnotherUserEmail[] = "alice@example.com";
+const char kUserEmail[] = "bob@example.com";
+
 const char kRelayState[] = "RelayState";
 
 const char kDefaultIdpHtml[] =
     "<form id=IdPForm method=post action=\"$Post\">"
       "<input type=hidden name=RelayState value=\"$RelayState\">"
       "User: <input type=text id=Email name=Email>"
       "Password: <input type=password id=Password name=Password>"
       "<input id=Submit type=submit>"
     "</form>";
 
@@ skipping 108 matching lines @@
                                     gaia_url_.spec());
     fake_gaia_.Initialize();
 
     std::string saml_idp_host("saml.idp");
     GURL::Replacements replace_saml_idp_host;
     replace_saml_idp_host.SetHostStr(saml_idp_host);
     GURL saml_idp_url = server_url.ReplaceComponents(replace_saml_idp_host);
     saml_idp_url = saml_idp_url.Resolve("/SAML/SSO");
 
     fake_saml_idp_.SetUp(saml_idp_url.path(), gaia_url_);
-    fake_gaia_.RegisterSamlUser("saml_user", saml_idp_url);
+    fake_gaia_.RegisterSamlUser(kAnotherUserEmail, saml_idp_url);
+    fake_gaia_.RegisterSamlUser(kUserEmail, saml_idp_url);
   }
 
   virtual void SetUpOnMainThread() OVERRIDE {
     FakeGaia::MergeSessionParams params;
     params.auth_sid_cookie = kTestAuthSIDCookie;
     params.auth_lsid_cookie = kTestAuthLSIDCookie;
     params.auth_code = kTestAuthCode;
     params.refresh_token = kTestRefreshToken;
     params.access_token = kTestAuthLoginAccessToken;
     params.gaia_uber_token = kTestGaiaUberToken;
     params.session_sid_cookie = kTestSessionSIDCookie;
     params.session_lsid_cookie = kTestSessionLSIDCookie;
+    params.email = kUserEmail;
     fake_gaia_.SetMergeSessionParams(params);
 
     embedded_test_server()->RegisterRequestHandler(
         base::Bind(&FakeGaia::HandleRequest, base::Unretained(&fake_gaia_)));
     embedded_test_server()->RegisterRequestHandler(base::Bind(
         &FakeSamlIdp::HandleRequest, base::Unretained(&fake_saml_idp_)));
 
     // Restart the thread as the sandbox host process has already been spawned.
     embedded_test_server()->RestartThreadAndListen();
   }
@@ skipping 19 matching lines @@
     WizardController* wizard_controller =
         chromeos::WizardController::default_controller();
     CHECK(wizard_controller);
     wizard_controller->SkipToLoginForTesting(LoginScreenContext());
 
     content::WindowedNotificationObserver(
       chrome::NOTIFICATION_LOGIN_OR_LOCK_WEBUI_VISIBLE,
       content::NotificationService::AllSources()).Wait();
   }
 
-  void StartSamlAndWaitForIdpPageLoad() {
+  void StartSamlAndWaitForIdpPageLoad(const std::string& gaia_email) {
     WaitForSigninScreen();
 
     if (!saml_load_injected_) {
       saml_load_injected_ = true;
 
       ASSERT_TRUE(content::ExecuteScript(
           GetLoginUI()->GetWebContents(),
           "$('gaia-signin').gaiaAuthHost_.addEventListener('authFlowChange',"
               "function() {"
                 "window.domAutomationController.setAutomationId(0);"
                 "window.domAutomationController.send("
                     "$('gaia-signin').isSAML() ? 'SamlLoaded' : 'GaiaLoaded');"
               "});"));
     }
 
     content::DOMMessageQueue message_queue;  // Start observe before SAML.
-    GetLoginDisplay()->ShowSigninScreenForCreds("saml_user", "");
+    GetLoginDisplay()->ShowSigninScreenForCreds(gaia_email, "");
 
     std::string message;
     ASSERT_TRUE(message_queue.WaitForMessage(&message));
     EXPECT_EQ("\"SamlLoaded\"", message);
   }
 
   void SetSignFormField(const std::string& field_id,
                         const std::string& field_value) {
     std::string js =
         "(function(){"
@@ skipping 45 matching lines @@
 
   bool saml_load_injected_;
 
   DISALLOW_COPY_AND_ASSIGN(SamlTest);
 };
 
 // Tests that signin frame should have 'saml' class and 'cancel' button is
 // visible when SAML IdP page is loaded. And 'cancel' button goes back to
 // gaia on clicking.
 IN_PROC_BROWSER_TEST_F(SamlTest, SamlUI) {
-  StartSamlAndWaitForIdpPageLoad();
+  StartSamlAndWaitForIdpPageLoad(kUserEmail);
 
   // Saml flow UI expectations.
   JsExpect("$('gaia-signin').classList.contains('saml')");
   JsExpect("!$('cancel-add-user-button').hidden");
 
   // Click on 'cancel'.
   content::DOMMessageQueue message_queue;  // Observe before 'cancel'.
   ASSERT_TRUE(content::ExecuteScript(
       GetLoginUI()->GetWebContents(),
       "$('cancel-add-user-button').click();"));
 
   // Auth flow should change back to Gaia.
   std::string message;
   do {
     ASSERT_TRUE(message_queue.WaitForMessage(&message));
   } while (message != "\"GaiaLoaded\"");
 
   // Saml flow is gone.
   JsExpect("!$('gaia-signin').classList.contains('saml')");
 }
 
 // Tests the single password scraped flow.
 IN_PROC_BROWSER_TEST_F(SamlTest, ScrapedSingle) {
-  StartSamlAndWaitForIdpPageLoad();
+  StartSamlAndWaitForIdpPageLoad(kUserEmail);
 
   // Fill-in the SAML IdP form and submit.
   SetSignFormField("Email", "fake_user");
   SetSignFormField("Password", "fake_password");
   ExecuteJsInSigninFrame("document.getElementById('IdPForm').submit();");
 
   // Lands on confirm password screen.
   OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait();
 
   // Enter an unknown password should go back to confirm password screen.
@@ skipping 11 matching lines @@
 IN_PROC_BROWSER_TEST_F(SamlTest, ScrapedMultiple) {
   fake_saml_idp()->set_html_template(
     "<form id=IdPForm method=post action=\"$Post\">"
       "<input type=hidden name=RelayState value=\"$RelayState\">"
       "User: <input type=text id=Email name=Email>"
       "Password: <input type=password id=Password name=Password>"
       "Password: <input type=password id=Password1 name=Password1>"
       "<input id=Submit type=submit>"
     "</form>");
 
-  StartSamlAndWaitForIdpPageLoad();
+  StartSamlAndWaitForIdpPageLoad(kUserEmail);
 
   SetSignFormField("Email", "fake_user");
   SetSignFormField("Password", "fake_password");
   SetSignFormField("Password1", "password1");
   ExecuteJsInSigninFrame("document.getElementById('IdPForm').submit();");
 
   OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait();
 
   // Either scraped password should be able to sign-in.
   SendConfirmPassword("password1");
   content::WindowedNotificationObserver(
       chrome::NOTIFICATION_SESSION_STARTED,
       content::NotificationService::AllSources()).Wait();
 }
 
 // Tests the no password scraped flow.
 IN_PROC_BROWSER_TEST_F(SamlTest, ScrapedNone) {
   fake_saml_idp()->set_html_template(
     "<form id=IdPForm method=post action=\"$Post\">"
       "<input type=hidden name=RelayState value=\"$RelayState\">"
       "User: <input type=text id=Email name=Email>"
       "<input id=Submit type=submit>"
     "</form>");
 
-  StartSamlAndWaitForIdpPageLoad();
+  StartSamlAndWaitForIdpPageLoad(kUserEmail);
 
   SetSignFormField("Email", "fake_user");
   ExecuteJsInSigninFrame("document.getElementById('IdPForm').submit();");
 
   OobeScreenWaiter(OobeDisplay::SCREEN_MESSAGE_BOX).Wait();
   JsExpect(
       "$('message-box-title').textContent == "
       "loadTimeData.getString('noPasswordWarningTitle')");
 }
 
+// Types |alice@example.com| into the GAIA login form but then authenticates as
+// |bob@example.com| via SAML. Verifies that the logged-in user is correctly
+// identified as Bob.
+IN_PROC_BROWSER_TEST_F(SamlTest, UseAutenticatedUserEmailAddress) {
+  // Type |alice@example.com| into the GAIA login form.
+  StartSamlAndWaitForIdpPageLoad(kAnotherUserEmail);
+
+  // Authenticate as bob@example.com via SAML (the |Email| provided here is
+  // irrelevant - the authenticated user's e-mail address that FakeGAIA
+  // reports was set via SetMergeSessionParams()).
+  SetSignFormField("Email", "fake_user");
+  SetSignFormField("Password", "fake_password");
+  ExecuteJsInSigninFrame("document.getElementById('IdPForm').submit();");
+
+  OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait();
+
+  SendConfirmPassword("fake_password");
+  content::WindowedNotificationObserver(
+      chrome::NOTIFICATION_SESSION_STARTED,
+      content::NotificationService::AllSources()).Wait();
+  const User* user = UserManager::Get()->GetActiveUser();
+  ASSERT_TRUE(user);
+  EXPECT_EQ(kUserEmail, user->email());
+}
+
+
 }  // namespace chromeos