| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" | 5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" |
| 6 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage_factory.h" | 6 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage_factory.h" |
| 7 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" | 7 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" |
| 8 #include "chrome/common/pref_names.h" | 8 #include "chrome/common/pref_names.h" |
| 9 #include "chrome/test/base/testing_profile.h" | 9 #include "chrome/test/base/testing_profile.h" |
| 10 #include "components/prefs/pref_service.h" | 10 #include "components/prefs/pref_service.h" |
| 11 #include "components/prefs/scoped_user_pref_update.h" |
| 11 #include "content/public/test/test_browser_thread_bundle.h" | 12 #include "content/public/test/test_browser_thread_bundle.h" |
| 12 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
| 13 | 14 |
| 14 namespace { | 15 namespace { |
| 15 | 16 |
| 17 void SetConfirmationFrequency( |
| 18 PrefService* pref_service, |
| 19 chromeos::QuickUnlockPasswordConfirmationFrequency frequency) { |
| 20 pref_service->SetInteger(prefs::kQuickUnlockTimeout, |
| 21 static_cast<int>(frequency)); |
| 22 } |
| 23 |
| 16 class PinStorageUnitTest : public testing::Test { | 24 class PinStorageUnitTest : public testing::Test { |
| 17 protected: | 25 protected: |
| 18 PinStorageUnitTest() : profile_(new TestingProfile()) {} | 26 PinStorageUnitTest() : profile_(new TestingProfile()) {} |
| 19 ~PinStorageUnitTest() override {} | 27 ~PinStorageUnitTest() override {} |
| 20 | 28 |
| 21 // testing::Test: | 29 // testing::Test: |
| 22 void SetUp() override { chromeos::EnableQuickUnlockForTesting(); } | 30 void SetUp() override { chromeos::EnableQuickUnlockForTesting(); } |
| 23 | 31 |
| 24 content::TestBrowserThreadBundle thread_bundle_; | 32 content::TestBrowserThreadBundle thread_bundle_; |
| 25 std::unique_ptr<TestingProfile> profile_; | 33 std::unique_ptr<TestingProfile> profile_; |
| 26 | 34 |
| 27 DISALLOW_COPY_AND_ASSIGN(PinStorageUnitTest); | 35 DISALLOW_COPY_AND_ASSIGN(PinStorageUnitTest); |
| 28 }; | 36 }; |
| 29 | 37 |
| 30 } // namespace | 38 } // namespace |
| 31 | 39 |
| 32 // Provides test-only PinStorage APIs. | 40 // Provides test-only PinStorage APIs. |
| 33 class PinStorageTestApi { | 41 class PinStorageTestApi { |
| 34 public: | 42 public: |
| 35 // Does *not* take ownership over |pin_storage|. | 43 // Does *not* take ownership over |pin_storage|. |
| 36 explicit PinStorageTestApi(chromeos::PinStorage* pin_storage) | 44 explicit PinStorageTestApi(chromeos::PinStorage* pin_storage) |
| 37 : pin_storage_(pin_storage) {} | 45 : pin_storage_(pin_storage) {} |
| 38 | 46 |
| 39 // Reduces the amount of strong auth time available by |time_delta|. | 47 // Reduces the amount of strong auth time available by |time_delta|. |
| 40 void ReduceRemainingStrongAuthTimeBy(const base::TimeDelta& time_delta) { | 48 void ReduceRemainingStrongAuthTimeBy(const base::TimeDelta& time_delta) { |
| 41 pin_storage_->last_strong_auth_ -= time_delta; | 49 pin_storage_->last_strong_auth_ -= time_delta; |
| 42 } | 50 } |
| 43 | 51 |
| 52 bool HasStrongAuthInfo() { |
| 53 return !pin_storage_->last_strong_auth_.is_null(); |
| 54 } |
| 55 |
| 44 std::string PinSalt() const { return pin_storage_->PinSalt(); } | 56 std::string PinSalt() const { return pin_storage_->PinSalt(); } |
| 45 | 57 |
| 46 std::string PinSecret() const { return pin_storage_->PinSecret(); } | 58 std::string PinSecret() const { return pin_storage_->PinSecret(); } |
| 47 | 59 |
| 48 private: | 60 private: |
| 49 chromeos::PinStorage* pin_storage_; | 61 chromeos::PinStorage* pin_storage_; |
| 50 | 62 |
| 51 DISALLOW_COPY_AND_ASSIGN(PinStorageTestApi); | 63 DISALLOW_COPY_AND_ASSIGN(PinStorageTestApi); |
| 52 }; | 64 }; |
| 53 | 65 |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 99 EXPECT_EQ(0, pin_storage->unlock_attempt_count()); | 111 EXPECT_EQ(0, pin_storage->unlock_attempt_count()); |
| 100 } | 112 } |
| 101 | 113 |
| 102 // Verifies that marking the strong auth makes TimeSinceLastStrongAuth a > zero | 114 // Verifies that marking the strong auth makes TimeSinceLastStrongAuth a > zero |
| 103 // value. | 115 // value. |
| 104 TEST_F(PinStorageUnitTest, TimeSinceLastStrongAuthReturnsPositiveValue) { | 116 TEST_F(PinStorageUnitTest, TimeSinceLastStrongAuthReturnsPositiveValue) { |
| 105 chromeos::PinStorage* pin_storage = | 117 chromeos::PinStorage* pin_storage = |
| 106 chromeos::PinStorageFactory::GetForProfile(profile_.get()); | 118 chromeos::PinStorageFactory::GetForProfile(profile_.get()); |
| 107 PinStorageTestApi pin_storage_test(pin_storage); | 119 PinStorageTestApi pin_storage_test(pin_storage); |
| 108 | 120 |
| 109 EXPECT_FALSE(pin_storage->HasStrongAuth()); | 121 EXPECT_FALSE(pin_storage_test.HasStrongAuthInfo()); |
| 110 | 122 |
| 111 pin_storage->MarkStrongAuth(); | 123 pin_storage->MarkStrongAuth(); |
| 112 | 124 |
| 113 EXPECT_TRUE(pin_storage->HasStrongAuth()); | 125 EXPECT_TRUE(pin_storage_test.HasStrongAuthInfo()); |
| 114 pin_storage_test.ReduceRemainingStrongAuthTimeBy( | 126 pin_storage_test.ReduceRemainingStrongAuthTimeBy( |
| 115 base::TimeDelta::FromSeconds(60)); | 127 base::TimeDelta::FromSeconds(60)); |
| 116 | 128 |
| 117 EXPECT_TRUE(pin_storage->TimeSinceLastStrongAuth() >= | 129 EXPECT_TRUE(pin_storage->TimeSinceLastStrongAuth() >= |
| 118 base::TimeDelta::FromSeconds(30)); | 130 base::TimeDelta::FromSeconds(30)); |
| 119 } | 131 } |
| 120 | 132 |
| 133 // Verifies that by altering the password confirmation preference, the pin |
| 134 // storage will request password reconfirmation as expected. |
| 135 TEST_F(PinStorageUnitTest, QuickUnlockPasswordConfirmationFrequencyPreference) { |
| 136 chromeos::PinStorage* pin_storage = |
| 137 chromeos::PinStorageFactory::GetForProfile(profile_.get()); |
| 138 PrefService* pref_service = profile_->GetPrefs(); |
| 139 PinStorageTestApi test_api(pin_storage); |
| 140 |
| 141 // The default is one day, so verify moving the last strong auth time back 13 |
| 142 // hours should not request strong auth. |
| 143 pin_storage->MarkStrongAuth(); |
| 144 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(13)); |
| 145 EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| 146 |
| 147 // Verify moving the last strong auth time back another 13 hours should |
| 148 // request strong auth. |
| 149 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(13)); |
| 150 EXPECT_FALSE(pin_storage->HasStrongAuth()); |
| 151 |
| 152 // Verify that by changing the frequency of required password confirmation to |
| 153 // six hours, moving the last strong auth interval back by 4 hours will not |
| 154 // trigger a request for strong auth, but moving it by an additional 4 hours |
| 155 // will. |
| 156 pin_storage->MarkStrongAuth(); |
| 157 SetConfirmationFrequency( |
| 158 pref_service, |
| 159 chromeos::QuickUnlockPasswordConfirmationFrequency::SIX_HOURS); |
| 160 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(4)); |
| 161 EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| 162 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(4)); |
| 163 EXPECT_FALSE(pin_storage->HasStrongAuth()); |
| 164 |
| 165 // A valid strong auth becomes invalid if the confirmation frequency is |
| 166 // shortened to less than the expiration time. |
| 167 pin_storage->MarkStrongAuth(); |
| 168 SetConfirmationFrequency( |
| 169 pref_service, |
| 170 chromeos::QuickUnlockPasswordConfirmationFrequency::TWELVE_HOURS); |
| 171 EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| 172 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(8)); |
| 173 EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| 174 SetConfirmationFrequency( |
| 175 pref_service, |
| 176 chromeos::QuickUnlockPasswordConfirmationFrequency::SIX_HOURS); |
| 177 EXPECT_FALSE(pin_storage->HasStrongAuth()); |
| 178 |
| 179 // An expired strong auth becomes usable if the confirmation frequency gets |
| 180 // extended past the expiration time. |
| 181 pin_storage->MarkStrongAuth(); |
| 182 SetConfirmationFrequency( |
| 183 pref_service, |
| 184 chromeos::QuickUnlockPasswordConfirmationFrequency::SIX_HOURS); |
| 185 EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| 186 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(8)); |
| 187 EXPECT_FALSE(pin_storage->HasStrongAuth()); |
| 188 SetConfirmationFrequency( |
| 189 pref_service, |
| 190 chromeos::QuickUnlockPasswordConfirmationFrequency::TWELVE_HOURS); |
| 191 EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| 192 } |
| 193 |
| 121 // Verifies that the correct pin can be used to authenticate. | 194 // Verifies that the correct pin can be used to authenticate. |
| 122 TEST_F(PinStorageUnitTest, AuthenticationSucceedsWithRightPin) { | 195 TEST_F(PinStorageUnitTest, AuthenticationSucceedsWithRightPin) { |
| 123 chromeos::PinStorage* pin_storage = | 196 chromeos::PinStorage* pin_storage = |
| 124 chromeos::PinStorageFactory::GetForProfile(profile_.get()); | 197 chromeos::PinStorageFactory::GetForProfile(profile_.get()); |
| 125 | 198 |
| 126 pin_storage->SetPin("1111"); | 199 pin_storage->SetPin("1111"); |
| 127 | 200 |
| 128 pin_storage->MarkStrongAuth(); | 201 pin_storage->MarkStrongAuth(); |
| 129 EXPECT_TRUE(pin_storage->TryAuthenticatePin("1111")); | 202 EXPECT_TRUE(pin_storage->TryAuthenticatePin("1111")); |
| 130 } | 203 } |
| (...skipping 23 matching lines...) Expand all Loading... |
| 154 chromeos::PinStorage* pin_storage = | 227 chromeos::PinStorage* pin_storage = |
| 155 chromeos::PinStorageFactory::GetForProfile(profile_.get()); | 228 chromeos::PinStorageFactory::GetForProfile(profile_.get()); |
| 156 PinStorageTestApi pin_storage_test(pin_storage); | 229 PinStorageTestApi pin_storage_test(pin_storage); |
| 157 | 230 |
| 158 pin_storage->SetPin("1111"); | 231 pin_storage->SetPin("1111"); |
| 159 pin_storage->MarkStrongAuth(); | 232 pin_storage->MarkStrongAuth(); |
| 160 EXPECT_TRUE(pin_storage->IsPinAuthenticationAvailable()); | 233 EXPECT_TRUE(pin_storage->IsPinAuthenticationAvailable()); |
| 161 | 234 |
| 162 // Remove all of the strong auth time so that we have a strong auth timeout. | 235 // Remove all of the strong auth time so that we have a strong auth timeout. |
| 163 pin_storage_test.ReduceRemainingStrongAuthTimeBy( | 236 pin_storage_test.ReduceRemainingStrongAuthTimeBy( |
| 164 chromeos::PinStorage::kStrongAuthTimeout + base::TimeDelta::FromHours(1)); | 237 base::TimeDelta::FromDays(10)); |
| 165 | 238 |
| 166 EXPECT_FALSE(pin_storage->IsPinAuthenticationAvailable()); | 239 EXPECT_FALSE(pin_storage->IsPinAuthenticationAvailable()); |
| 167 } | 240 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2387253002:
cros: Added policies for screen unlock. (Closed)
