Chromium Code Reviews Chromium Code Reviews
Issue 1414313002:
Allow dynamic updating of authentication policies (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/io_thread_unittest.cc |
| diff --git a/chrome/browser/io_thread_unittest.cc b/chrome/browser/io_thread_unittest.cc |
| index 443030626ad364113449b27903c8de0c86766bc2..bca96d1d9ca000f3dd3124ce4c2a1de51b369b99 100644 |
| --- a/chrome/browser/io_thread_unittest.cc |
| +++ b/chrome/browser/io_thread_unittest.cc |
| @@ -4,10 +4,20 @@ |
| #include "base/command_line.h" |
| #include "base/metrics/field_trial.h" |
| +#include "base/prefs/pref_registry_simple.h" |
| +#include "base/prefs/pref_service.h" |
| +#include "base/prefs/testing_pref_service.h" |
| #include "base/test/mock_entropy_provider.h" |
| +#include "chrome/browser/extensions/event_router_forwarder.h" |
| #include "chrome/browser/io_thread.h" |
| #include "chrome/common/chrome_switches.h" |
| +#include "chrome/common/pref_names.h" |
| #include "components/data_reduction_proxy/core/common/data_reduction_proxy_params.h" |
| +#include "components/policy/core/common/mock_policy_service.h" |
| +#include "components/proxy_config/pref_proxy_config_tracker_impl.h" |
| +#include "components/proxy_config/proxy_config_pref_names.h" |
| +#include "content/public/test/test_browser_thread_bundle.h" |
| +#include "net/http/http_auth_handler_negotiate.h" |
| #include "net/http/http_network_session.h" |
| #include "net/http/http_server_properties_impl.h" |
| #include "net/quic/quic_protocol.h" |
| @@ -17,9 +27,37 @@ |
| namespace test { |
| using ::testing::ElementsAre; |
| +using ::testing::ReturnRef; |
| +// Class used for accessing IOThread methods (friend of IOThread). Creating |
| +// an IOThreadPeer creates and initializes an IOThread instance set up for |
| +// testing, deleting it cleanly closes down and deletes the IOThread instance. |
| class IOThreadPeer { |
| public: |
| + IOThreadPeer() |
| + : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP) |
| +#if defined(ENABLE_EXTENSIONS) |
|
asanka
2015/10/28 03:27:43
Not an owner here, but this looks bad enough that
aberent
2015/11/02 18:52:50
Done.
|
| + , |
| + event_router_forwarder_(new extensions::EventRouterForwarder) |
| +#endif |
| + { |
| + PrefRegistrySimple* pref_registry = pref_service_.registry(); |
| + IOThread::RegisterPrefs(pref_registry); |
| + PrefProxyConfigTrackerImpl::RegisterPrefs(pref_registry); |
| + ssl_config::SSLConfigServiceManager::RegisterPrefs(pref_registry); |
| + |
| + // Set up default function behaviour. |
| + EXPECT_CALL(policy_service_, |
| + GetPolicies(policy::PolicyNamespace( |
| + policy::POLICY_DOMAIN_CHROME, std::string()))) |
| + .WillRepeatedly(ReturnRef(policy_map_)); |
| + io_thread_.reset(new IOThread(&pref_service_, &policy_service_, nullptr, |
| + event_router_forwarder_.get())); |
| + io_thread_->Init(); |
| + } |
| + |
| + ~IOThreadPeer() { io_thread_->CleanUp(); } |
| + |
| static void ConfigureQuicGlobals( |
| const base::CommandLine& command_line, |
| base::StringPiece quic_trial_group, |
| @@ -45,6 +83,20 @@ class IOThreadPeer { |
| net::HttpNetworkSession::Params* params) { |
| IOThread::InitializeNetworkSessionParamsFromGlobals(globals, params); |
| } |
| + |
| + IOThread* io_thread() { return io_thread_.get(); } |
| + |
| + TestingPrefServiceSimple* pref_service() { return &pref_service_; } |
| + |
| + private: |
| + content::TestBrowserThreadBundle thread_bundle_; |
| + TestingPrefServiceSimple pref_service_; |
| + scoped_refptr<extensions::EventRouterForwarder> event_router_forwarder_; |
|
asanka
2015/10/28 03:27:43
Guard with #if defined(ENABLE_EXTENSIONS)
aberent
2015/11/02 18:52:50
Doing so means that one needs #ifs in the IOThread
|
| + policy::PolicyMap policy_map_; |
| + policy::MockPolicyService policy_service_; |
| + scoped_ptr<IOThread> io_thread_; |
| + |
| + DISALLOW_COPY_AND_ASSIGN(IOThreadPeer); |
| }; |
| class IOThreadTest : public testing::Test { |
| @@ -498,4 +550,98 @@ TEST_F(IOThreadTest, QuicDisallowedByPolicy) { |
| EXPECT_FALSE(params.enable_quic); |
| } |
| +TEST_F(IOThreadTest, UpdateNegotiateDisableCnameLookup) { |
| + IOThreadPeer peer; |
| + |
| + net::HttpAuthHandlerRegistryFactory* factory = |
| + peer.io_thread()->globals()->http_auth_handler_factory.get(); |
| + |
| + auto negotiate_factory = static_cast<net::HttpAuthHandlerNegotiate::Factory*>( |
| + factory->GetSchemeFactory("negotiate")); |
| + // If we don't have a negotiate factory (net wasn't built with Kerberos) the |
| + // policy does nothing so we can't test anything. |
| + if (!negotiate_factory) |
| + return; |
| + |
| + peer.pref_service()->SetBoolean(prefs::kDisableAuthNegotiateCnameLookup, |
| + false); |
| + EXPECT_FALSE(negotiate_factory->disable_cname_lookup()); |
| + peer.pref_service()->SetBoolean(prefs::kDisableAuthNegotiateCnameLookup, |
| + true); |
| + EXPECT_TRUE(negotiate_factory->disable_cname_lookup()); |
| +} |
| + |
| +TEST_F(IOThreadTest, UpdateEnableAuthNegotiatePort) { |
| + IOThreadPeer peer; |
| + |
| + net::HttpAuthHandlerRegistryFactory* factory = |
| + peer.io_thread()->globals()->http_auth_handler_factory.get(); |
| + |
| + auto negotiate_factory = static_cast<net::HttpAuthHandlerNegotiate::Factory*>( |
| + factory->GetSchemeFactory("negotiate")); |
| + // If we don't have a negotiate factory (net wasn't built with Kerberos) the |
| + // policy does nothing so we can't test anything. |
| + if (!negotiate_factory) |
| + return; |
| + |
| + peer.pref_service()->SetBoolean(prefs::kEnableAuthNegotiatePort, false); |
| + EXPECT_FALSE(negotiate_factory->use_port()); |
| + peer.pref_service()->SetBoolean(prefs::kEnableAuthNegotiatePort, true); |
| + EXPECT_TRUE(negotiate_factory->use_port()); |
| +} |
| + |
| +TEST_F(IOThreadTest, UpdateServerWhitelist) { |
| + IOThreadPeer peer; |
| + |
| + GURL url("http://test.example.com"); |
| + |
| + peer.pref_service()->SetString(prefs::kAuthServerWhitelist, ""); |
| + net::URLSecurityManager* security_manager = |
| + peer.io_thread()->globals()->url_security_manager.get(); |
| + EXPECT_FALSE(security_manager->CanUseDefaultCredentials(url)); |
| + |
| + peer.pref_service()->SetString(prefs::kAuthServerWhitelist, "*"); |
| + security_manager = peer.io_thread()->globals()->url_security_manager.get(); |
| + EXPECT_TRUE(security_manager->CanUseDefaultCredentials(url)); |
| +} |
| + |
| +TEST_F(IOThreadTest, UpdateDelegateWhitelist) { |
| + IOThreadPeer peer; |
| + |
| + GURL url("http://test.example.com"); |
| + |
| + peer.pref_service()->SetString(prefs::kAuthNegotiateDelegateWhitelist, ""); |
| + net::URLSecurityManager* security_manager = |
| + peer.io_thread()->globals()->url_security_manager.get(); |
| + EXPECT_FALSE(security_manager->CanDelegate(url)); |
| + |
| + peer.pref_service()->SetString(prefs::kAuthNegotiateDelegateWhitelist, "*"); |
| + security_manager = peer.io_thread()->globals()->url_security_manager.get(); |
| + EXPECT_TRUE(security_manager->CanDelegate(url)); |
| +} |
| + |
| +#if defined(OS_ANDROID) |
| +// AuthAndroidNegotiateAccountType is only used on Android. |
| +TEST_F(IOThreadTest, UpdateAuthAndroidNegotiateAccountType) { |
| + IOThreadPeer peer; |
| + |
| + net::HttpAuthHandlerRegistryFactory* factory = |
| + peer.io_thread()->globals()->http_auth_handler_factory.get(); |
| + |
| + auto negotiate_factory = static_cast<net::HttpAuthHandlerNegotiate::Factory*>( |
| + factory->GetSchemeFactory("negotiate")); |
| + // If we don't have a negotiate factory (net wasn't built with Kerberos) the |
| + // policy does nothing so we can't test anything. |
| + if (!negotiate_factory) |
| + return; |
| + |
| + peer.pref_service()->SetString(prefs::kAuthAndroidNegotiateAccountType, |
| + "acc1"); |
| + EXPECT_EQ("acc1", *(negotiate_factory->library())); |
| + peer.pref_service()->SetString(prefs::kAuthAndroidNegotiateAccountType, |
| + "acc2"); |
| + EXPECT_EQ("acc2", *(negotiate_factory->library())); |
| +} |
| +#endif |
| + |
| } // namespace test |
