cros: Added policies for screen unlock.

chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc

Index: chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc
diff --git a/chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc b/chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc
index d0266f8f59eb96504b8a62f03f17a92a790002c5..d439b52627cae82b929d08d69d85c29831c7a8b9 100644
--- a/chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc
+++ b/chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc
@@ -8,11 +8,19 @@
 #include "chrome/common/pref_names.h"
 #include "chrome/test/base/testing_profile.h"
 #include "components/prefs/pref_service.h"
+#include "components/prefs/scoped_user_pref_update.h"
 #include "content/public/test/test_browser_thread_bundle.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace {
 
+void SetConfirmationFrequency(
+    PrefService* pref_service,
+    chromeos::QuickUnlockPasswordConfirmationFrequency frequency) {
+  pref_service->SetInteger(prefs::kQuickUnlockTimeout,
+                           static_cast<int>(frequency));
+}
+
 class PinStorageUnitTest : public testing::Test {
  protected:
   PinStorageUnitTest() : profile_(new TestingProfile()) {}
@@ -41,6 +49,10 @@ class PinStorageTestApi {
     pin_storage_->last_strong_auth_ -= time_delta;
   }
 
+  bool HasStrongAuthInfo() {
+    return !pin_storage_->last_strong_auth_.is_null();
+  }
+
   std::string PinSalt() const { return pin_storage_->PinSalt(); }
 
   std::string PinSecret() const { return pin_storage_->PinSecret(); }
@@ -106,11 +118,11 @@ TEST_F(PinStorageUnitTest, TimeSinceLastStrongAuthReturnsPositiveValue) {
       chromeos::PinStorageFactory::GetForProfile(profile_.get());
   PinStorageTestApi pin_storage_test(pin_storage);
 
-  EXPECT_FALSE(pin_storage->HasStrongAuth());
+  EXPECT_FALSE(pin_storage_test.HasStrongAuthInfo());
 
   pin_storage->MarkStrongAuth();
 
-  EXPECT_TRUE(pin_storage->HasStrongAuth());
+  EXPECT_TRUE(pin_storage_test.HasStrongAuthInfo());
   pin_storage_test.ReduceRemainingStrongAuthTimeBy(
       base::TimeDelta::FromSeconds(60));
 
@@ -118,6 +130,65 @@ TEST_F(PinStorageUnitTest, TimeSinceLastStrongAuthReturnsPositiveValue) {
               base::TimeDelta::FromSeconds(30));
 }
 
+// Verifies that by altering the password confirmation preference, the pin
+// storage will request password reconfirmation as expected.
+TEST_F(PinStorageUnitTest, QuickUnlockPasswordConfirmationFrequencyPreference) {
+  chromeos::PinStorage* pin_storage =
+      chromeos::PinStorageFactory::GetForProfile(profile_.get());
+  PrefService* pref_service = profile_->GetPrefs();
+  PinStorageTestApi test_api(pin_storage);
+
+  // The default is one day, so verify moving time back 13 hours should not

[pastarmovj, 2016/11/04 10:33:03]

nit: isn't this moving time forward instead of back? :)

[sammiequon, 2016/11/06 17:52:52]

Yes. It actually moves the last seen time back which is kind of moving time
forward. I made the comment more descriptive. Done.

+  // request strong auth.
+  pin_storage->MarkStrongAuth();
+  test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(13));
+  EXPECT_TRUE(pin_storage->HasStrongAuth());
+
+  // Verify moving time back another 13 hours should request strong auth.
+  test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(13));
+  EXPECT_FALSE(pin_storage->HasStrongAuth());
+
+  // Verify that by changing the frequency of required password confirmation to
+  // six hours, moving interval by 4 hours will not trigger a request for strong
+  // auth, but moving interval by an additional 4 hours will.
+  pin_storage->MarkStrongAuth();
+  SetConfirmationFrequency(
+      pref_service,
+      chromeos::QuickUnlockPasswordConfirmationFrequency::SIX_HOURS);
+  test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(4));
+  EXPECT_TRUE(pin_storage->HasStrongAuth());
+  test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(4));
+  EXPECT_FALSE(pin_storage->HasStrongAuth());
+
+  // A valid strong auth becomes invalid if the confirmation frequency is
+  // shortened to less than the expiration time.
+  pin_storage->MarkStrongAuth();
+  SetConfirmationFrequency(
+      pref_service,
+      chromeos::QuickUnlockPasswordConfirmationFrequency::TWELVE_HOURS);
+  EXPECT_TRUE(pin_storage->HasStrongAuth());
+  test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(8));
+  EXPECT_TRUE(pin_storage->HasStrongAuth());
+  SetConfirmationFrequency(
+      pref_service,
+      chromeos::QuickUnlockPasswordConfirmationFrequency::SIX_HOURS);
+  EXPECT_FALSE(pin_storage->HasStrongAuth());
+
+  // An expired strong auth becomes usable if the confirmation frequency gets
+  // extended past the expiration time.
+  pin_storage->MarkStrongAuth();
+  SetConfirmationFrequency(
+      pref_service,
+      chromeos::QuickUnlockPasswordConfirmationFrequency::SIX_HOURS);
+  EXPECT_TRUE(pin_storage->HasStrongAuth());
+  test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(8));
+  EXPECT_FALSE(pin_storage->HasStrongAuth());
+  SetConfirmationFrequency(
+      pref_service,
+      chromeos::QuickUnlockPasswordConfirmationFrequency::TWELVE_HOURS);
+  EXPECT_TRUE(pin_storage->HasStrongAuth());
+}
+
 // Verifies that the correct pin can be used to authenticate.
 TEST_F(PinStorageUnitTest, AuthenticationSucceedsWithRightPin) {
   chromeos::PinStorage* pin_storage =
@@ -161,7 +232,7 @@ TEST_F(PinStorageUnitTest, AuthenticationFailsFromTimeout) {
 
   // Remove all of the strong auth time so that we have a strong auth timeout.
   pin_storage_test.ReduceRemainingStrongAuthTimeBy(
-      chromeos::PinStorage::kStrongAuthTimeout + base::TimeDelta::FromHours(1));
+      base::TimeDelta::FromDays(10));
 
   EXPECT_FALSE(pin_storage->IsPinAuthenticationAvailable());
 }