Chromium Code Reviews Chromium Code Reviews
Issue 2387253002:
cros: Added policies for screen unlock. (Closed)
| Index: chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc |
| diff --git a/chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc b/chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc |
| index d0266f8f59eb96504b8a62f03f17a92a790002c5..5f0e18bbbed74622fa45c2d18e3ec8e76775866c 100644 |
| --- a/chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc |
| +++ b/chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc |
| @@ -8,6 +8,7 @@ |
| #include "chrome/common/pref_names.h" |
| #include "chrome/test/base/testing_profile.h" |
| #include "components/prefs/pref_service.h" |
| +#include "components/prefs/scoped_user_pref_update.h" |
| #include "content/public/test/test_browser_thread_bundle.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| @@ -19,7 +20,14 @@ class PinStorageUnitTest : public testing::Test { |
| ~PinStorageUnitTest() override {} |
| // testing::Test: |
| - void SetUp() override { chromeos::EnableQuickUnlockForTesting(); } |
| + void SetUp() override { |
| + chromeos::EnableQuickUnlockForTesting(); |
| + |
| + // Pin is not allowed by default so we need to update it for this test. |
|
jdufault
2016/10/25 17:39:50
nit: Pin => PIN
What about
// PIN is not enabl
sammiequon
2016/10/25 19:18:41
Done.
|
| + ListPrefUpdate update(profile_->GetPrefs(), |
| + prefs::kQuickUnlockModeWhitelist); |
| + update->Append(base::MakeUnique<base::StringValue>("pin")); |
| + } |
| content::TestBrowserThreadBundle thread_bundle_; |
| std::unique_ptr<TestingProfile> profile_; |
| @@ -41,6 +49,10 @@ class PinStorageTestApi { |
| pin_storage_->last_strong_auth_ -= time_delta; |
| } |
| + bool IsLastStrongAuthAvaliable() { |
| + return !pin_storage_->last_strong_auth_.is_null(); |
| + } |
| + |
| std::string PinSalt() const { return pin_storage_->PinSalt(); } |
| std::string PinSecret() const { return pin_storage_->PinSecret(); } |
| @@ -106,11 +118,11 @@ TEST_F(PinStorageUnitTest, TimeSinceLastStrongAuthReturnsPositiveValue) { |
| chromeos::PinStorageFactory::GetForProfile(profile_.get()); |
| PinStorageTestApi pin_storage_test(pin_storage); |
| - EXPECT_FALSE(pin_storage->HasStrongAuth()); |
| + EXPECT_FALSE(pin_storage_test.IsLastStrongAuthAvaliable()); |
| pin_storage->MarkStrongAuth(); |
| - EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| + EXPECT_TRUE(pin_storage_test.IsLastStrongAuthAvaliable()); |
| pin_storage_test.ReduceRemainingStrongAuthTimeBy( |
| base::TimeDelta::FromSeconds(60)); |
| @@ -118,6 +130,68 @@ TEST_F(PinStorageUnitTest, TimeSinceLastStrongAuthReturnsPositiveValue) { |
| base::TimeDelta::FromSeconds(30)); |
| } |
| +// Verifies altering the password confirmation preference produces the expected |
| +// results. |
| +TEST_F(PinStorageUnitTest, PasswordConfirmationFrequencyPreference) { |
| + chromeos::PinStorage* pin_storage = |
| + chromeos::PinStorageFactory::GetForProfile(profile_.get()); |
| + PrefService* pref_service = profile_->GetPrefs(); |
| + PinStorageTestApi pin_storage_test(pin_storage); |
| + |
| + // The default is one day, so verify moving time back 13 hours should not |
| + // request strong auth. |
| + pin_storage->MarkStrongAuth(); |
| + pin_storage_test.ReduceRemainingStrongAuthTimeBy( |
| + base::TimeDelta::FromHours(13)); |
| + EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| + |
| + // Verify moving time back another 13 hours should request strong auth. |
| + pin_storage_test.ReduceRemainingStrongAuthTimeBy( |
| + base::TimeDelta::FromHours(13)); |
| + EXPECT_FALSE(pin_storage->HasStrongAuth()); |
| + |
| + // Reset the time since last strong auth. |
| + pin_storage->MarkStrongAuth(); |
| + |
| + // Verify that by changing the frequency of required password confirmation to |
| + // six hours, moving interval by 4 hours will not trigger a request for strong |
| + // auth, but moving interval by an additional 4 hours will. |
| + pref_service->SetInteger( |
| + prefs::kQuickUnlockTimeout, |
| + static_cast<int>(chromeos::PasswordConfirmationFrequency::SIX_HOURS)); |
| + pin_storage_test.ReduceRemainingStrongAuthTimeBy( |
| + base::TimeDelta::FromHours(4)); |
| + EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| + pin_storage_test.ReduceRemainingStrongAuthTimeBy( |
| + base::TimeDelta::FromHours(4)); |
| + EXPECT_FALSE(pin_storage->HasStrongAuth()); |
| + |
| + // Verify that by changing the frequency of required password confirmation to |
| + // twelve hours, the current interval of 8 hours will not trigger a request |
| + // for strong auth, but moving interval by an additional 5 hours will. |
| + pref_service->SetInteger( |
| + prefs::kQuickUnlockTimeout, |
| + static_cast<int>(chromeos::PasswordConfirmationFrequency::TWELVE_HOURS)); |
| + EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| + pin_storage_test.ReduceRemainingStrongAuthTimeBy( |
| + base::TimeDelta::FromHours(5)); |
| + EXPECT_FALSE(pin_storage->HasStrongAuth()); |
| + |
| + pin_storage->MarkStrongAuth(); |
| + // Verify that by changing the frequency of required password confirmation to |
| + // one week, moving interval by 3 days will not trigger a request for strong |
| + // auth, but moving interval by an addition 5 days will. |
| + pref_service->SetInteger( |
| + prefs::kQuickUnlockTimeout, |
| + static_cast<int>(chromeos::PasswordConfirmationFrequency::WEEK)); |
| + pin_storage_test.ReduceRemainingStrongAuthTimeBy( |
| + base::TimeDelta::FromDays(3)); |
| + EXPECT_TRUE(pin_storage->HasStrongAuth()); |
| + pin_storage_test.ReduceRemainingStrongAuthTimeBy( |
| + base::TimeDelta::FromDays(5)); |
| + EXPECT_FALSE(pin_storage->HasStrongAuth()); |
| +} |
| + |
| // Verifies that the correct pin can be used to authenticate. |
| TEST_F(PinStorageUnitTest, AuthenticationSucceedsWithRightPin) { |
| chromeos::PinStorage* pin_storage = |
| @@ -161,7 +235,24 @@ TEST_F(PinStorageUnitTest, AuthenticationFailsFromTimeout) { |
| // Remove all of the strong auth time so that we have a strong auth timeout. |
| pin_storage_test.ReduceRemainingStrongAuthTimeBy( |
| - chromeos::PinStorage::kStrongAuthTimeout + base::TimeDelta::FromHours(1)); |
| + base::TimeDelta::FromDays(10)); |
| EXPECT_FALSE(pin_storage->IsPinAuthenticationAvailable()); |
| } |
| + |
| +TEST_F(PinStorageUnitTest, VerifyPinUnlockAgainstPolicy) { |
| + ListPrefUpdate update(profile_->GetPrefs(), prefs::kQuickUnlockModeWhitelist); |
| + // Verify that clearing the whitelist diables the pin. |
| + update->Clear(); |
| + EXPECT_FALSE(chromeos::IsPinUnlockEnabled(profile_->GetPrefs())); |
| + |
| + // Verify that by adding pin and another unlock mode, pin is enabled. |
| + update->Append(base::MakeUnique<base::StringValue>("pin")); |
| + EXPECT_TRUE(chromeos::IsPinUnlockEnabled(profile_->GetPrefs())); |
| + update->Append(base::MakeUnique<base::StringValue>("password")); |
| + EXPECT_TRUE(chromeos::IsPinUnlockEnabled(profile_->GetPrefs())); |
| + |
| + // Verify that adding all to the whitelist enables the pin. |
| + update->Append(base::MakeUnique<base::StringValue>("all")); |
| + EXPECT_TRUE(chromeos::IsPinUnlockEnabled(profile_->GetPrefs())); |
| +} |
