| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" | 5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" |
| 6 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage_factory.h" | 6 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage_factory.h" |
| 7 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" | 7 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" |
| 8 #include "chrome/common/pref_names.h" | 8 #include "chrome/common/pref_names.h" |
| 9 #include "chrome/test/base/testing_profile.h" | 9 #include "chrome/test/base/testing_profile.h" |
| 10 #include "components/prefs/pref_service.h" | 10 #include "components/prefs/pref_service.h" |
| 11 #include "components/prefs/scoped_user_pref_update.h" |
| 11 #include "content/public/test/test_browser_thread_bundle.h" | 12 #include "content/public/test/test_browser_thread_bundle.h" |
| 12 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
| 13 | 14 |
| 14 namespace { | 15 namespace { |
| 15 | 16 |
| 17 void SetConfirmationFrequency( |
| 18 PrefService* pref_service, |
| 19 chromeos::quick_unlock::PasswordConfirmationFrequency frequency) { |
| 20 pref_service->SetInteger(prefs::kQuickUnlockTimeout, |
| 21 static_cast<int>(frequency)); |
| 22 } |
| 23 |
| 16 class PinStorageUnitTest : public testing::Test { | 24 class PinStorageUnitTest : public testing::Test { |
| 17 protected: | 25 protected: |
| 18 PinStorageUnitTest() : profile_(new TestingProfile()) {} | 26 PinStorageUnitTest() : profile_(new TestingProfile()) {} |
| 19 ~PinStorageUnitTest() override {} | 27 ~PinStorageUnitTest() override {} |
| 20 | 28 |
| 21 // testing::Test: | 29 // testing::Test: |
| 22 void SetUp() override { chromeos::EnableQuickUnlockForTesting(); } | 30 void SetUp() override { |
| 31 chromeos::quick_unlock::EnableQuickUnlockForTesting(); |
| 32 } |
| 23 | 33 |
| 24 content::TestBrowserThreadBundle thread_bundle_; | 34 content::TestBrowserThreadBundle thread_bundle_; |
| 25 std::unique_ptr<TestingProfile> profile_; | 35 std::unique_ptr<TestingProfile> profile_; |
| 26 | 36 |
| 27 DISALLOW_COPY_AND_ASSIGN(PinStorageUnitTest); | 37 DISALLOW_COPY_AND_ASSIGN(PinStorageUnitTest); |
| 28 }; | 38 }; |
| 29 | 39 |
| 30 } // namespace | 40 } // namespace |
| 31 | 41 |
| 32 // Provides test-only PinStorage APIs. | 42 // Provides test-only PinStorage APIs. |
| 33 class PinStorageTestApi { | 43 class PinStorageTestApi { |
| 34 public: | 44 public: |
| 35 // Does *not* take ownership over |pin_storage|. | 45 // Does *not* take ownership over |pin_storage|. |
| 36 explicit PinStorageTestApi(chromeos::PinStorage* pin_storage) | 46 explicit PinStorageTestApi(chromeos::PinStorage* pin_storage) |
| 37 : pin_storage_(pin_storage) {} | 47 : pin_storage_(pin_storage) {} |
| 38 | 48 |
| 39 // Reduces the amount of strong auth time available by |time_delta|. | 49 // Reduces the amount of strong auth time available by |time_delta|. |
| 40 void ReduceRemainingStrongAuthTimeBy(const base::TimeDelta& time_delta) { | 50 void ReduceRemainingStrongAuthTimeBy(const base::TimeDelta& time_delta) { |
| 41 pin_storage_->last_strong_auth_ -= time_delta; | 51 pin_storage_->last_strong_auth_ -= time_delta; |
| 42 } | 52 } |
| 43 | 53 |
| 54 bool HasStrongAuthInfo() { |
| 55 return !pin_storage_->last_strong_auth_.is_null(); |
| 56 } |
| 57 |
| 44 std::string PinSalt() const { return pin_storage_->PinSalt(); } | 58 std::string PinSalt() const { return pin_storage_->PinSalt(); } |
| 45 | 59 |
| 46 std::string PinSecret() const { return pin_storage_->PinSecret(); } | 60 std::string PinSecret() const { return pin_storage_->PinSecret(); } |
| 47 | 61 |
| 48 private: | 62 private: |
| 49 chromeos::PinStorage* pin_storage_; | 63 chromeos::PinStorage* pin_storage_; |
| 50 | 64 |
| 51 DISALLOW_COPY_AND_ASSIGN(PinStorageTestApi); | 65 DISALLOW_COPY_AND_ASSIGN(PinStorageTestApi); |
| 52 }; | 66 }; |
| 53 | 67 |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 99 EXPECT_EQ(0, pin_storage->unlock_attempt_count()); | 113 EXPECT_EQ(0, pin_storage->unlock_attempt_count()); |
| 100 } | 114 } |
| 101 | 115 |
| 102 // Verifies that marking the strong auth makes TimeSinceLastStrongAuth a > zero | 116 // Verifies that marking the strong auth makes TimeSinceLastStrongAuth a > zero |
| 103 // value. | 117 // value. |
| 104 TEST_F(PinStorageUnitTest, TimeSinceLastStrongAuthReturnsPositiveValue) { | 118 TEST_F(PinStorageUnitTest, TimeSinceLastStrongAuthReturnsPositiveValue) { |
| 105 chromeos::PinStorage* pin_storage = | 119 chromeos::PinStorage* pin_storage = |
| 106 chromeos::PinStorageFactory::GetForProfile(profile_.get()); | 120 chromeos::PinStorageFactory::GetForProfile(profile_.get()); |
| 107 PinStorageTestApi pin_storage_test(pin_storage); | 121 PinStorageTestApi pin_storage_test(pin_storage); |
| 108 | 122 |
| 109 EXPECT_FALSE(pin_storage->HasStrongAuth()); | 123 EXPECT_FALSE(pin_storage_test.HasStrongAuthInfo()); |
| 110 | 124 |
| 111 pin_storage->MarkStrongAuth(); | 125 pin_storage->MarkStrongAuth(); |
| 112 | 126 |
| 113 EXPECT_TRUE(pin_storage->HasStrongAuth()); | 127 EXPECT_TRUE(pin_storage_test.HasStrongAuthInfo()); |
| 114 pin_storage_test.ReduceRemainingStrongAuthTimeBy( | 128 pin_storage_test.ReduceRemainingStrongAuthTimeBy( |
| 115 base::TimeDelta::FromSeconds(60)); | 129 base::TimeDelta::FromSeconds(60)); |
| 116 | 130 |
| 117 EXPECT_TRUE(pin_storage->TimeSinceLastStrongAuth() >= | 131 EXPECT_TRUE(pin_storage->TimeSinceLastStrongAuth() >= |
| 118 base::TimeDelta::FromSeconds(30)); | 132 base::TimeDelta::FromSeconds(30)); |
| 119 } | 133 } |
| 120 | 134 |
| 135 // Verifies that by altering the password confirmation preference, the pin |
| 136 // storage will request password reconfirmation as expected. |
| 137 TEST_F(PinStorageUnitTest, PasswordConfirmationFrequencyPreference) { |
| 138 chromeos::PinStorage* pin_storage = |
| 139 chromeos::PinStorageFactory::GetForProfile(profile_.get()); |
| 140 PrefService* pref_service = profile_->GetPrefs(); |
| 141 PinStorageTestApi test_api(pin_storage); |
| 142 |
| 143 // The default is one day, so verify moving time back 13 hours should not |
| 144 // request strong auth. |
| 145 pin_storage->MarkStrongAuth(); |
| 146 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(13)); |
| 147 EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| 148 |
| 149 // Verify moving time back another 13 hours should request strong auth. |
| 150 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(13)); |
| 151 EXPECT_FALSE(pin_storage->HasStrongAuth()); |
| 152 |
| 153 // Verify that by changing the frequency of required password confirmation to |
| 154 // six hours, moving interval by 4 hours will not trigger a request for strong |
| 155 // auth, but moving interval by an additional 4 hours will. |
| 156 pin_storage->MarkStrongAuth(); |
| 157 SetConfirmationFrequency( |
| 158 pref_service, |
| 159 chromeos::quick_unlock::PasswordConfirmationFrequency::SIX_HOURS); |
| 160 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(4)); |
| 161 EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| 162 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(4)); |
| 163 EXPECT_FALSE(pin_storage->HasStrongAuth()); |
| 164 |
| 165 // Verify that by changing the frequency in the middle of a auth timeout, the |
| 166 // value of the new frequency persists. In this case, the frequency shortened |
| 167 // when the delay already passed the new frequency (but still did not reach |
| 168 // the old frequency) so password confirmation is required. |
| 169 pin_storage->MarkStrongAuth(); |
| 170 SetConfirmationFrequency( |
| 171 pref_service, |
| 172 chromeos::quick_unlock::PasswordConfirmationFrequency::TWELVE_HOURS); |
| 173 EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| 174 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(8)); |
| 175 EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| 176 SetConfirmationFrequency( |
| 177 pref_service, |
| 178 chromeos::quick_unlock::PasswordConfirmationFrequency::SIX_HOURS); |
| 179 EXPECT_FALSE(pin_storage->HasStrongAuth()); |
| 180 |
| 181 // Verify that by changing the frequency in the middle of a auth timeout, the |
| 182 // value of the new frequency persists. In this case, the frequency increased |
| 183 // when the delay already passed the old frequency (but did not reach the new |
| 184 // frequency) so password confirmation is not required. |
| 185 pin_storage->MarkStrongAuth(); |
| 186 SetConfirmationFrequency( |
| 187 pref_service, |
| 188 chromeos::quick_unlock::PasswordConfirmationFrequency::SIX_HOURS); |
| 189 EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| 190 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(8)); |
| 191 EXPECT_FALSE(pin_storage->HasStrongAuth()); |
| 192 SetConfirmationFrequency( |
| 193 pref_service, |
| 194 chromeos::quick_unlock::PasswordConfirmationFrequency::TWELVE_HOURS); |
| 195 EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| 196 } |
| 197 |
| 121 // Verifies that the correct pin can be used to authenticate. | 198 // Verifies that the correct pin can be used to authenticate. |
| 122 TEST_F(PinStorageUnitTest, AuthenticationSucceedsWithRightPin) { | 199 TEST_F(PinStorageUnitTest, AuthenticationSucceedsWithRightPin) { |
| 123 chromeos::PinStorage* pin_storage = | 200 chromeos::PinStorage* pin_storage = |
| 124 chromeos::PinStorageFactory::GetForProfile(profile_.get()); | 201 chromeos::PinStorageFactory::GetForProfile(profile_.get()); |
| 125 | 202 |
| 126 pin_storage->SetPin("1111"); | 203 pin_storage->SetPin("1111"); |
| 127 | 204 |
| 128 pin_storage->MarkStrongAuth(); | 205 pin_storage->MarkStrongAuth(); |
| 129 EXPECT_TRUE(pin_storage->TryAuthenticatePin("1111")); | 206 EXPECT_TRUE(pin_storage->TryAuthenticatePin("1111")); |
| 130 } | 207 } |
| (...skipping 23 matching lines...) Expand all Loading... |
| 154 chromeos::PinStorage* pin_storage = | 231 chromeos::PinStorage* pin_storage = |
| 155 chromeos::PinStorageFactory::GetForProfile(profile_.get()); | 232 chromeos::PinStorageFactory::GetForProfile(profile_.get()); |
| 156 PinStorageTestApi pin_storage_test(pin_storage); | 233 PinStorageTestApi pin_storage_test(pin_storage); |
| 157 | 234 |
| 158 pin_storage->SetPin("1111"); | 235 pin_storage->SetPin("1111"); |
| 159 pin_storage->MarkStrongAuth(); | 236 pin_storage->MarkStrongAuth(); |
| 160 EXPECT_TRUE(pin_storage->IsPinAuthenticationAvailable()); | 237 EXPECT_TRUE(pin_storage->IsPinAuthenticationAvailable()); |
| 161 | 238 |
| 162 // Remove all of the strong auth time so that we have a strong auth timeout. | 239 // Remove all of the strong auth time so that we have a strong auth timeout. |
| 163 pin_storage_test.ReduceRemainingStrongAuthTimeBy( | 240 pin_storage_test.ReduceRemainingStrongAuthTimeBy( |
| 164 chromeos::PinStorage::kStrongAuthTimeout + base::TimeDelta::FromHours(1)); | 241 base::TimeDelta::FromDays(10)); |
| 165 | 242 |
| 166 EXPECT_FALSE(pin_storage->IsPinAuthenticationAvailable()); | 243 EXPECT_FALSE(pin_storage->IsPinAuthenticationAvailable()); |
| 167 } | 244 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2387253002:
cros: Added policies for screen unlock. (Closed)
