Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(26)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/extension_service_sync_unittest.cc

Issue 2004043002: Supervised Users Initiated Installs v2 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@kid_initiated_install
Patch Set: Response to code review from Marc Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/extensions/extension_service_test_with_install.cc » ('j') | chrome/browser/supervised_user/supervised_user_service.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/extension_service_sync_unittest.cc
diff --git a/chrome/browser/extensions/extension_service_sync_unittest.cc b/chrome/browser/extensions/extension_service_sync_unittest.cc
index 8e9ac8d150782cd6541ad382d8d1def162acb17d..587dda99919992a6e97e1b67c03169db921c641f 100644
--- a/chrome/browser/extensions/extension_service_sync_unittest.cc
+++ b/chrome/browser/extensions/extension_service_sync_unittest.cc
@@ -11,6 +11,7 @@
#include "base/bind.h"
#include "base/command_line.h"
+#include "base/feature_list.h"
#include "base/files/file_util.h"
#include "base/macros.h"
#include "base/memory/ptr_util.h"
@@ -52,8 +53,12 @@
#if defined(ENABLE_SUPERVISED_USERS)
#include "chrome/browser/supervised_user/permission_request_creator.h"
#include "chrome/browser/supervised_user/supervised_user_constants.h"
+#include "chrome/browser/supervised_user/supervised_user_features.h"
#include "chrome/browser/supervised_user/supervised_user_service.h"
#include "chrome/browser/supervised_user/supervised_user_service_factory.h"
+#include "chrome/browser/supervised_user/supervised_user_settings_service.h"
+#include "chrome/browser/supervised_user/supervised_user_settings_service_factory.h"
+#include "chrome/common/pref_names.h"
#endif
using extensions::AppSorting;
@@ -65,6 +70,7 @@ using extensions::Manifest;
using extensions::PermissionSet;
using syncer::SyncChange;
using syncer::SyncChangeList;
+using testing::Mock;
namespace {
@@ -1569,9 +1575,24 @@ class ExtensionServiceTestSupervised : public ExtensionServiceSyncTest,
"SupervisedUserExtensionPermissionIncrease", "group", params);
}
+ void InitSupervisedUserInitiatedExtensionInstallFeature(bool enabled) {
+ base::FeatureList::ClearInstanceForTesting();
+ std::unique_ptr<base::FeatureList> feature_list(new base::FeatureList);
+ if (enabled) {
+ feature_list->InitializeFromCommandLine(
+ "SupervisedUserInitiatedExtensionInstall", std::string());
+ }
+ base::FeatureList::SetInstance(std::move(feature_list));
+ }
+
void InitServices(bool profile_is_supervised) {
ExtensionServiceInitParams params = CreateDefaultInitParams();
params.profile_is_supervised = profile_is_supervised;
+ // If profile is supervised, don't pass a pref file such that the testing
+ // profile creates a pref service that uses SupervisedUserPrefStore.
+ if (profile_is_supervised) {
+ params.pref_file = base::FilePath();
+ }
InitializeExtensionService(params);
StartSyncing(syncer::EXTENSIONS);
@@ -1579,15 +1600,25 @@ class ExtensionServiceTestSupervised : public ExtensionServiceSyncTest,
supervised_user_service()->Init();
}
- std::string InstallPermissionsTestExtension() {
+ std::string InstallPermissionsTestExtension(bool by_custodian) {
const std::string version("1");
- const Extension* extension =
- PackAndInstallCRX(dir_path(version), pem_path(), INSTALL_NEW,
- Extension::WAS_INSTALLED_BY_CUSTODIAN);
- // The extension must now be installed and enabled.
+ int creation_flags = 0;
+ InstallState expected_state = INSTALL_WITHOUT_LOAD;
+ if (by_custodian) {
+ creation_flags = Extension::WAS_INSTALLED_BY_CUSTODIAN;
+ expected_state = INSTALL_NEW;
+ }
+ const Extension* extension = PackAndInstallCRX(
+ dir_path(version), pem_path(), expected_state, creation_flags);
+ // The extension must now be installed.
EXPECT_TRUE(extension);
- EXPECT_TRUE(registry()->enabled_extensions().Contains(extension->id()));
+
+ if (by_custodian)
+ EXPECT_TRUE(registry()->enabled_extensions().Contains(extension->id()));
+ else
+ EXPECT_TRUE(registry()->disabled_extensions().Contains(extension->id()));
+
EXPECT_EQ(version, extension->VersionString());
return extension->id();
@@ -1604,13 +1635,32 @@ class ExtensionServiceTestSupervised : public ExtensionServiceSyncTest,
EXPECT_EQ(version, extension->VersionString());
}
+ // Simulate a custodian approval for enabling the extension coming in
+ // through Sync by adding the approved version to the map of approved
+ // extensions. It doesn't change the disable reasons.
Marc Treib 2016/06/15 12:31:07 Is it particularly relevant that this doesn't chan
mamir 2016/06/15 17:30:03 The idea is: this method is responsible only for g
Marc Treib 2016/06/16 08:26:54 Acknowledged.
+ void SimulateCustodianApprovalViaSync(const std::string& extension_id,
+ const std::string& version) {
+ std::string key = SupervisedUserSettingsService::MakeSplitSettingKey(
+ supervised_users::kApprovedExtensions, extension_id);
+ syncer::SyncData sync_data =
+ SupervisedUserSettingsService::CreateSyncDataForSetting(
+ key, base::StringValue(version));
+
+ SyncChangeList list(
+ 1, SyncChange(FROM_HERE, SyncChange::ACTION_ADD, sync_data));
+
+ SupervisedUserSettingsService* supervised_user_settings_service =
+ SupervisedUserSettingsServiceFactory::GetForProfile(profile());
+ supervised_user_settings_service->ProcessSyncChanges(FROM_HERE, list);
+ }
+
SupervisedUserService* supervised_user_service() {
return SupervisedUserServiceFactory::GetForProfile(profile());
}
- static std::string UpdateRequestId(const std::string& extension_id,
- const std::string& version) {
- return SupervisedUserService::GetExtensionUpdateRequestId(
+ static std::string RequestId(const std::string& extension_id,
+ const std::string& version) {
+ return SupervisedUserService::GetExtensionRequestId(
extension_id, base::Version(version));
}
@@ -1643,6 +1693,10 @@ class MockPermissionRequestCreator : public PermissionRequestCreator {
FAIL();
}
+ MOCK_METHOD2(CreateExtensionInstallRequest,
+ void(const std::string& id,
+ const SupervisedUserService::SuccessCallback& callback));
+
MOCK_METHOD2(CreateExtensionUpdateRequest,
void(const std::string& id,
const SupervisedUserService::SuccessCallback& callback));
@@ -1653,6 +1707,7 @@ class MockPermissionRequestCreator : public PermissionRequestCreator {
TEST_F(ExtensionServiceTestSupervised, InstallOnlyAllowedByCustodian) {
InitServices(true /* profile_is_supervised */);
+ InitSupervisedUserInitiatedExtensionInstallFeature(false);
base::FilePath path1 = data_dir().AppendASCII("good.crx");
base::FilePath path2 = data_dir().AppendASCII("good2048.crx");
@@ -1668,13 +1723,84 @@ TEST_F(ExtensionServiceTestSupervised, InstallOnlyAllowedByCustodian) {
EXPECT_TRUE(registry()->enabled_extensions().Contains(extensions[1]->id()));
}
-TEST_F(ExtensionServiceTestSupervised, PreinstalledExtension) {
+TEST_F(ExtensionServiceTestSupervised,
+ InstallAllowedByCustodianAndSupervisedUser) {
+ InitServices(true /* profile_is_supervised */);
+ InitSupervisedUserInitiatedExtensionInstallFeature(true);
+
+ base::FilePath path1 = data_dir().AppendASCII("good.crx");
+ base::FilePath path2 = data_dir().AppendASCII("good2048.crx");
+ const Extension* extensions[] = {
+ InstallCRX(path1, INSTALL_WITHOUT_LOAD),
+ InstallCRX(path2, INSTALL_NEW, Extension::WAS_INSTALLED_BY_CUSTODIAN)
+ };
+
+ // Only the extension with the "installed by custodian" flag should have been
+ // installed and enabled.
+ // The extension missing the "installed by custodian" flag is a
+ // supervised user initiated install and hence not enabled.
+ ASSERT_TRUE(extensions[0]);
+ ASSERT_TRUE(extensions[1]);
+ EXPECT_TRUE(registry()->disabled_extensions().Contains(extensions[0]->id()));
+ EXPECT_TRUE(registry()->enabled_extensions().Contains(extensions[1]->id()));
+}
+
+TEST_F(ExtensionServiceTestSupervised,
+ PreinstalledExtensionWithSUInitiatedInstalls) {
+ InitServices(false /* profile_is_supervised */);
+ InitSupervisedUserInitiatedExtensionInstallFeature(true);
+
+ // Install an extension.
+ base::FilePath path = data_dir().AppendASCII("good.crx");
+ const Extension* extension = InstallCRX(path, INSTALL_NEW);
+ std::string id = extension->id();
+ // Make sure it's enabled.
+ EXPECT_TRUE(registry()->enabled_extensions().Contains(id));
+
+ MockPermissionRequestCreator* creator = new MockPermissionRequestCreator;
+ supervised_user_service()->AddPermissionRequestCreator(
+ base::WrapUnique(creator));
+ const std::string version("1.0.0.0");
+
+ EXPECT_CALL(*creator, CreateExtensionInstallRequest(
+ RequestId(good_crx, version), testing::_));
+
+ // Now make the profile supervised.
+ profile()->AsTestingProfile()->SetSupervisedUserId(
+ supervised_users::kChildAccountSUID);
+
+ Mock::VerifyAndClearExpectations(creator);
+
+ // The extension should not be enabled anymore.
+ EXPECT_FALSE(registry()->enabled_extensions().Contains(id));
+
+ ExtensionPrefs* extension_prefs = ExtensionPrefs::Get(profile());
+ EXPECT_TRUE(extension_prefs->HasDisableReason(
+ id, extensions::Extension::DISABLE_CUSTODIAN_APPROVAL_REQUIRED));
+}
+
+TEST_F(ExtensionServiceTestSupervised,
+ PreinstalledExtensionWithoutSUInitiatedInstalls) {
InitServices(false /* profile_is_supervised */);
+ InitSupervisedUserInitiatedExtensionInstallFeature(false);
// Install an extension.
base::FilePath path = data_dir().AppendASCII("good.crx");
const Extension* extension = InstallCRX(path, INSTALL_NEW);
std::string id = extension->id();
+ // Make sure it's enabled.
+ EXPECT_TRUE(registry()->enabled_extensions().Contains(id));
+
+ MockPermissionRequestCreator* creator = new MockPermissionRequestCreator;
+ supervised_user_service()->AddPermissionRequestCreator(
+ base::WrapUnique(creator));
+ const std::string version("1.0.0.0");
+
+ // No request should be sent because supervised user initiated installs
+ // are disabled.
+ EXPECT_CALL(*creator, CreateExtensionInstallRequest(
+ RequestId(good_crx, version), testing::_))
Marc Treib 2016/06/15 12:31:07 I'd just use testing::_ instead of an explicit req
mamir 2016/06/15 17:30:03 Done.
+ .Times(0);
// Now make the profile supervised.
profile()->AsTestingProfile()->SetSupervisedUserId(
@@ -1682,6 +1808,40 @@ TEST_F(ExtensionServiceTestSupervised, PreinstalledExtension) {
// The extension should not be enabled anymore.
EXPECT_FALSE(registry()->enabled_extensions().Contains(id));
+
+ extensions::ExtensionPrefs* extension_prefs =
+ extensions::ExtensionPrefs::Get(profile());
+ EXPECT_TRUE(extension_prefs->HasDisableReason(
+ id, extensions::Extension::DISABLE_CUSTODIAN_APPROVAL_REQUIRED));
+}
+
+TEST_F(ExtensionServiceTestSupervised,
+ ExtensionApprovalBeforeInstallation) {
Marc Treib 2016/06/15 12:31:07 nit: fits on the previous line I think
mamir 2016/06/15 17:30:03 Done.
+ // This tests the case when the sync entity flagging the extension as approved
+ // arrives before the extension itself is installed.
+ InitServices(true /* profile_is_supervised */);
+ InitSupervisedUserInitiatedExtensionInstallFeature(true);
+
+ MockPermissionRequestCreator* creator = new MockPermissionRequestCreator;
+ supervised_user_service()->AddPermissionRequestCreator(
+ base::WrapUnique(creator));
+
+ std::string id = good_crx;
+ const std::string version("1.0.0.0");
Marc Treib 2016/06/15 12:31:07 nit: Why is one const and the other isn't? (Don't
mamir 2016/06/15 17:30:03 Done.
+
+ SimulateCustodianApprovalViaSync(id, version);
+
+ // Now install an extension.
+ base::FilePath path = data_dir().AppendASCII("good.crx");
+ const Extension* extension = InstallCRX(path, INSTALL_NEW);
+
+ // No approval request should be sent.
+ EXPECT_CALL(*creator, CreateExtensionInstallRequest(
+ RequestId(extension->id(), version), testing::_))
+ .Times(0);
+
+ // Make sure it's enabled.
+ EXPECT_TRUE(registry()->enabled_extensions().Contains(id));
}
TEST_F(ExtensionServiceTestSupervised, UpdateWithoutPermissionIncrease) {
@@ -1721,14 +1881,14 @@ TEST_F(ExtensionServiceTestSupervised, UpdateWithPermissionIncreaseNoApproval) {
supervised_user_service()->AddPermissionRequestCreator(
base::WrapUnique(creator));
- std::string id = InstallPermissionsTestExtension();
+ std::string id = InstallPermissionsTestExtension(true /* by_custodian */);
// Update to a new version with increased permissions.
// Since we don't require the custodian's approval, no permission request
// should be created.
const std::string version2("2");
EXPECT_CALL(*creator, CreateExtensionUpdateRequest(
- UpdateRequestId(id, version2), testing::_))
+ RequestId(id, version2), testing::_))
.Times(0);
UpdatePermissionsTestExtension(id, version2, DISABLED);
}
@@ -1746,12 +1906,13 @@ TEST_F(ExtensionServiceTestSupervised,
const std::string version1("1");
const std::string version2("2");
- std::string id = InstallPermissionsTestExtension();
+ std::string id = InstallPermissionsTestExtension(true /* by_custodian */);
// Update to a new version with increased permissions.
EXPECT_CALL(*creator, CreateExtensionUpdateRequest(
- UpdateRequestId(id, version2), testing::_));
+ RequestId(id, version2), testing::_));
UpdatePermissionsTestExtension(id, version2, DISABLED);
+ Mock::VerifyAndClearExpectations(creator);
// Simulate a custodian approval for re-enabling the extension coming in
// through Sync, but set the old version. This can happen when there already
@@ -1767,7 +1928,7 @@ TEST_F(ExtensionServiceTestSupervised,
// Attempting to re-enable an old version should result in a permission
// request for the current version.
EXPECT_CALL(*creator, CreateExtensionUpdateRequest(
- UpdateRequestId(id, version2), testing::_));
+ RequestId(id, version2), testing::_));
SyncChangeList list =
MakeSyncChangeList(id, specifics, SyncChange::ACTION_UPDATE);
@@ -1779,6 +1940,7 @@ TEST_F(ExtensionServiceTestSupervised,
id, base::Version(version1)));
EXPECT_FALSE(extension_sync_service()->HasPendingReenable(
id, base::Version(version2)));
+ Mock::VerifyAndClearExpectations(creator);
}
TEST_F(ExtensionServiceTestSupervised,
@@ -1791,13 +1953,14 @@ TEST_F(ExtensionServiceTestSupervised,
supervised_user_service()->AddPermissionRequestCreator(
base::WrapUnique(creator));
- std::string id = InstallPermissionsTestExtension();
+ std::string id = InstallPermissionsTestExtension(true /* by_custodian */);
// Update to a new version with increased permissions.
const std::string version2("2");
EXPECT_CALL(*creator, CreateExtensionUpdateRequest(
- UpdateRequestId(id, version2), testing::_));
+ RequestId(id, version2), testing::_));
UpdatePermissionsTestExtension(id, version2, DISABLED);
+ Mock::VerifyAndClearExpectations(creator);
// Simulate a custodian approval for re-enabling the extension coming in
// through Sync.
@@ -1827,13 +1990,14 @@ TEST_F(ExtensionServiceTestSupervised,
supervised_user_service()->AddPermissionRequestCreator(
base::WrapUnique(creator));
- std::string id = InstallPermissionsTestExtension();
+ std::string id = InstallPermissionsTestExtension(true /* by_custodian */);
// Update to a new version with increased permissions.
const std::string version2("2");
EXPECT_CALL(*creator, CreateExtensionUpdateRequest(
- UpdateRequestId(id, version2), testing::_));
+ RequestId(id, version2), testing::_));
UpdatePermissionsTestExtension(id, version2, DISABLED);
+ Mock::VerifyAndClearExpectations(creator);
// Simulate a custodian approval for re-enabling the extension coming in
// through Sync. Set a newer version than we have installed.
@@ -1848,7 +2012,7 @@ TEST_F(ExtensionServiceTestSupervised,
// This should *not* result in a new permission request.
EXPECT_CALL(*creator, CreateExtensionUpdateRequest(
- UpdateRequestId(id, version3), testing::_))
+ RequestId(id, version3), testing::_))
.Times(0);
SyncChangeList list =
@@ -1865,6 +2029,107 @@ TEST_F(ExtensionServiceTestSupervised,
UpdatePermissionsTestExtension(id, version3, ENABLED);
}
+TEST_F(ExtensionServiceTestSupervised, SupervisedUserInitiatedInstalls) {
+ InitNeedCustodianApprovalFieldTrial(true);
+ InitSupervisedUserInitiatedExtensionInstallFeature(true);
+
+ InitServices(true /* profile_is_supervised */);
+
+ MockPermissionRequestCreator* creator = new MockPermissionRequestCreator;
+ supervised_user_service()->AddPermissionRequestCreator(
+ base::WrapUnique(creator));
+
+ base::FilePath path = data_dir().AppendASCII("good.crx");
+ const std::string version("1.0.0.0");
+
+ EXPECT_CALL(*creator, CreateExtensionInstallRequest(
+ RequestId(good_crx, version), testing::_));
+
+ // Should be installed but disabled, a request for approval should be sent.
+ const Extension* extension = InstallCRX(path, INSTALL_WITHOUT_LOAD);
+ ASSERT_EQ(extension->id(), good_crx);
+ ASSERT_TRUE(extension);
+ EXPECT_TRUE(registry()->disabled_extensions().Contains(extension->id()));
+ EXPECT_FALSE(registry()->enabled_extensions().Contains(extension->id()));
+ Mock::VerifyAndClearExpectations(creator);
+
+ SimulateCustodianApprovalViaSync(extension->id(), version);
+
+ // The extension should be enabled now.
+ EXPECT_TRUE(registry()->enabled_extensions().Contains(extension->id()));
+}
+
+TEST_F(ExtensionServiceTestSupervised,
+ UpdateSUInitiatedInstallWithoutPermissionIncrease) {
+ InitNeedCustodianApprovalFieldTrial(true);
+ InitSupervisedUserInitiatedExtensionInstallFeature(true);
+
+ InitServices(true /* profile_is_supervised */);
+
+ base::FilePath base_path = data_dir().AppendASCII("autoupdate");
+ base::FilePath pem_path = base_path.AppendASCII("key.pem");
+
+ const Extension* extension = PackAndInstallCRX(
+ base_path.AppendASCII("v1"), pem_path, INSTALL_WITHOUT_LOAD);
+
+ ASSERT_TRUE(extension);
+ EXPECT_FALSE(registry()->enabled_extensions().Contains(extension->id()));
+
+ SimulateCustodianApprovalViaSync(extension->id(), extension->VersionString());
+
+ // The extension should be enabled now.
+ EXPECT_TRUE(registry()->enabled_extensions().Contains(extension->id()));
+
+ // Save the id, as the extension object will be destroyed during updating.
+ std::string id = extension->id();
+
+ const base::Version old_version = *extension->version();
+
+ // Update to a new version.
+ PackCRXAndUpdateExtension(id, base_path.AppendASCII("v2"), pem_path, ENABLED);
+
+ // The extension should still be there and enabled.
+ extension = registry()->enabled_extensions().GetByID(id);
+ ASSERT_TRUE(extension);
+ // The version should have increased.
+ EXPECT_EQ(1, extension->version()->CompareTo(old_version));
+
+ // Check that the approved version has been updated in the prefs as well.
+ // Prefs are updated via Sync. If the prefs are updated, then the new
+ // approved version has been pushed to Sync as well.
+ std::string approved_version;
+ PrefService* pref_service = profile()->GetPrefs();
+ const base::DictionaryValue* approved_extensions =
+ pref_service->GetDictionary(prefs::kSupervisedUserApprovedExtensions);
+ approved_extensions->GetStringWithoutPathExpansion(id, &approved_version);
+
+ EXPECT_EQ(0,
+ extension->version()->CompareTo(base::Version(approved_version)));
+}
+
+TEST_F(ExtensionServiceTestSupervised,
+ UpdateSUInitiatedInstallWithPermissionIncrease) {
Marc Treib 2016/06/15 12:31:07 This test name suggests that it's the counterpart
mamir 2016/06/15 17:30:03 Because they test different flows. The first tests
Marc Treib 2016/06/16 08:26:54 So, steps 1 and 2 are identical, and step 3 is ide
mamir 2016/06/17 15:03:18 As discussed offline, in order to unify both tests
+ InitNeedCustodianApprovalFieldTrial(true);
+ InitSupervisedUserInitiatedExtensionInstallFeature(true);
+
+ InitServices(true /* profile_is_supervised */);
+
+ std::string id = InstallPermissionsTestExtension(false /* by_custodian */);
+ const std::string version("1");
Marc Treib 2016/06/15 12:31:07 Also here: please try to be consistent with consts
mamir 2016/06/15 17:30:03 Done.
+
+ SimulateCustodianApprovalViaSync(id, version);
+
+ // The extension should be enabled now.
+ EXPECT_TRUE(registry()->enabled_extensions().Contains(id));
+
+ const std::string version2("2");
+
+ UpdatePermissionsTestExtension(id, version2, DISABLED);
+
+ // The extension should be disabled.
+ EXPECT_FALSE(registry()->enabled_extensions().Contains(id));
Marc Treib 2016/06/15 12:31:07 Also check the disable reasons?
mamir 2016/06/15 17:30:03 Done.
+}
Marc Treib 2016/06/15 12:31:07 Please extend the test with an incoming approval a
mamir 2016/06/15 17:30:03 But this would be duplicating other tests covering
Marc Treib 2016/06/16 08:26:54 The way that approval and re-enabling work are ver
mamir 2016/06/17 15:03:17 Done.
+
TEST_F(ExtensionServiceSyncTest, SyncUninstallByCustodianSkipsPolicy) {
InitializeEmptyExtensionService();
extension_sync_service()->MergeDataAndStartSyncing(
« no previous file with comments | « no previous file | chrome/browser/extensions/extension_service_test_with_install.cc » ('j') | chrome/browser/supervised_user/supervised_user_service.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698