| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <cstring> | 5 #include <cstring> |
| 6 #include <memory> | 6 #include <memory> |
| 7 #include <string> | 7 #include <string> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 23 matching lines...) Expand all Loading... |
| 34 #include "chrome/browser/chromeos/login/ui/login_display_host_impl.h" | 34 #include "chrome/browser/chromeos/login/ui/login_display_host_impl.h" |
| 35 #include "chrome/browser/chromeos/login/ui/webui_login_display.h" | 35 #include "chrome/browser/chromeos/login/ui/webui_login_display.h" |
| 36 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" | 36 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" |
| 37 #include "chrome/browser/chromeos/login/wizard_controller.h" | 37 #include "chrome/browser/chromeos/login/wizard_controller.h" |
| 38 #include "chrome/browser/chromeos/policy/affiliation_test_helper.h" | 38 #include "chrome/browser/chromeos/policy/affiliation_test_helper.h" |
| 39 #include "chrome/browser/chromeos/policy/device_policy_builder.h" | 39 #include "chrome/browser/chromeos/policy/device_policy_builder.h" |
| 40 #include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h" | 40 #include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h" |
| 41 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" | 41 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" |
| 42 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 42 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 43 #include "chrome/browser/chromeos/settings/cros_settings.h" | 43 #include "chrome/browser/chromeos/settings/cros_settings.h" |
| 44 #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
| 45 #include "chrome/browser/media/webrtc/media_permission.h" |
| 44 #include "chrome/browser/policy/test/local_policy_test_server.h" | 46 #include "chrome/browser/policy/test/local_policy_test_server.h" |
| 45 #include "chrome/browser/profiles/profile.h" | 47 #include "chrome/browser/profiles/profile.h" |
| 46 #include "chrome/browser/ui/webui/signin/signin_utils.h" | 48 #include "chrome/browser/ui/webui/signin/signin_utils.h" |
| 47 #include "chrome/common/chrome_constants.h" | 49 #include "chrome/common/chrome_constants.h" |
| 48 #include "chrome/common/chrome_paths.h" | 50 #include "chrome/common/chrome_paths.h" |
| 49 #include "chrome/common/chrome_switches.h" | 51 #include "chrome/common/chrome_switches.h" |
| 50 #include "chrome/grit/generated_resources.h" | 52 #include "chrome/grit/generated_resources.h" |
| 51 #include "chrome/test/base/in_process_browser_test.h" | 53 #include "chrome/test/base/in_process_browser_test.h" |
| 52 #include "chromeos/chromeos_switches.h" | 54 #include "chromeos/chromeos_switches.h" |
| 53 #include "chromeos/cryptohome/system_salt_getter.h" | 55 #include "chromeos/cryptohome/system_salt_getter.h" |
| 54 #include "chromeos/dbus/cryptohome/key.pb.h" | 56 #include "chromeos/dbus/cryptohome/key.pb.h" |
| 55 #include "chromeos/dbus/cryptohome/rpc.pb.h" | 57 #include "chromeos/dbus/cryptohome/rpc.pb.h" |
| 56 #include "chromeos/dbus/cryptohome_client.h" | 58 #include "chromeos/dbus/cryptohome_client.h" |
| 57 #include "chromeos/dbus/dbus_thread_manager.h" | 59 #include "chromeos/dbus/dbus_thread_manager.h" |
| 58 #include "chromeos/dbus/fake_cryptohome_client.h" | 60 #include "chromeos/dbus/fake_cryptohome_client.h" |
| 59 #include "chromeos/dbus/fake_session_manager_client.h" | 61 #include "chromeos/dbus/fake_session_manager_client.h" |
| 60 #include "chromeos/dbus/session_manager_client.h" | 62 #include "chromeos/dbus/session_manager_client.h" |
| 61 #include "chromeos/dbus/shill_manager_client.h" | 63 #include "chromeos/dbus/shill_manager_client.h" |
| 62 #include "chromeos/login/auth/key.h" | 64 #include "chromeos/login/auth/key.h" |
| 63 #include "chromeos/settings/cros_settings_names.h" | 65 #include "chromeos/settings/cros_settings_names.h" |
| 66 #include "components/content_settings/core/browser/host_content_settings_map.h" |
| 67 #include "components/content_settings/core/common/content_settings_types.h" |
| 64 #include "components/guest_view/browser/test_guest_view_manager.h" | 68 #include "components/guest_view/browser/test_guest_view_manager.h" |
| 65 #include "components/policy/core/browser/browser_policy_connector.h" | 69 #include "components/policy/core/browser/browser_policy_connector.h" |
| 66 #include "components/policy/core/common/mock_configuration_policy_provider.h" | 70 #include "components/policy/core/common/mock_configuration_policy_provider.h" |
| 67 #include "components/policy/core/common/policy_map.h" | 71 #include "components/policy/core/common/policy_map.h" |
| 68 #include "components/policy/core/common/policy_switches.h" | 72 #include "components/policy/core/common/policy_switches.h" |
| 69 #include "components/policy/core/common/policy_types.h" | 73 #include "components/policy/core/common/policy_types.h" |
| 70 #include "components/policy/policy_constants.h" | 74 #include "components/policy/policy_constants.h" |
| 71 #include "components/policy/proto/device_management_backend.pb.h" | 75 #include "components/policy/proto/device_management_backend.pb.h" |
| 72 #include "components/user_manager/user.h" | 76 #include "components/user_manager/user.h" |
| 73 #include "components/user_manager/user_manager.h" | 77 #include "components/user_manager/user_manager.h" |
| (...skipping 879 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 953 SAMLPolicyTest(); | 957 SAMLPolicyTest(); |
| 954 ~SAMLPolicyTest() override; | 958 ~SAMLPolicyTest() override; |
| 955 | 959 |
| 956 // SamlTest: | 960 // SamlTest: |
| 957 void SetUpInProcessBrowserTestFixture() override; | 961 void SetUpInProcessBrowserTestFixture() override; |
| 958 void SetUpOnMainThread() override; | 962 void SetUpOnMainThread() override; |
| 959 | 963 |
| 960 void SetSAMLOfflineSigninTimeLimitPolicy(int limit); | 964 void SetSAMLOfflineSigninTimeLimitPolicy(int limit); |
| 961 void EnableTransferSAMLCookiesPolicy(); | 965 void EnableTransferSAMLCookiesPolicy(); |
| 962 void SetLoginBehaviorPolicyToSAMLInterstitial(); | 966 void SetLoginBehaviorPolicyToSAMLInterstitial(); |
| 967 void SetLoginVideoCaptureAllowedUrls(const std::vector<GURL>& allowed); |
| 963 | 968 |
| 964 void ShowGAIALoginForm(); | 969 void ShowGAIALoginForm(); |
| 965 void ShowSAMLInterstitial(); | 970 void ShowSAMLInterstitial(); |
| 966 void ClickNextOnSAMLInterstitialPage(); | 971 void ClickNextOnSAMLInterstitialPage(); |
| 967 void ClickChangeAccountOnSAMLInterstitialPage(); | 972 void ClickChangeAccountOnSAMLInterstitialPage(); |
| 968 void LogInWithSAML(const std::string& user_id, | 973 void LogInWithSAML(const std::string& user_id, |
| 969 const std::string& auth_sid_cookie, | 974 const std::string& auth_sid_cookie, |
| 970 const std::string& auth_lsid_cookie); | 975 const std::string& auth_lsid_cookie); |
| 971 | 976 |
| 972 std::string GetCookieValue(const std::string& name); | 977 std::string GetCookieValue(const std::string& name); |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1088 std::unique_ptr<CrosSettings::ObserverSubscription> observer = | 1093 std::unique_ptr<CrosSettings::ObserverSubscription> observer = |
| 1089 CrosSettings::Get()->AddSettingsObserver(kLoginAuthenticationBehavior, | 1094 CrosSettings::Get()->AddSettingsObserver(kLoginAuthenticationBehavior, |
| 1090 run_loop.QuitClosure()); | 1095 run_loop.QuitClosure()); |
| 1091 device_policy_->SetDefaultSigningKey(); | 1096 device_policy_->SetDefaultSigningKey(); |
| 1092 device_policy_->Build(); | 1097 device_policy_->Build(); |
| 1093 fake_session_manager_client_->set_device_policy(device_policy_->GetBlob()); | 1098 fake_session_manager_client_->set_device_policy(device_policy_->GetBlob()); |
| 1094 fake_session_manager_client_->OnPropertyChangeComplete(true); | 1099 fake_session_manager_client_->OnPropertyChangeComplete(true); |
| 1095 run_loop.Run(); | 1100 run_loop.Run(); |
| 1096 } | 1101 } |
| 1097 | 1102 |
| 1103 void SAMLPolicyTest::SetLoginVideoCaptureAllowedUrls( |
| 1104 const std::vector<GURL>& allowed) { |
| 1105 em::ChromeDeviceSettingsProto& proto(device_policy_->payload()); |
| 1106 for (const GURL& url : allowed) |
| 1107 proto.mutable_login_video_capture_allowed_urls()->add_urls(url.spec()); |
| 1108 |
| 1109 base::RunLoop run_loop; |
| 1110 std::unique_ptr<CrosSettings::ObserverSubscription> observer = |
| 1111 CrosSettings::Get()->AddSettingsObserver(kLoginVideoCaptureAllowedUrls, |
| 1112 run_loop.QuitClosure()); |
| 1113 device_policy_->SetDefaultSigningKey(); |
| 1114 device_policy_->Build(); |
| 1115 fake_session_manager_client_->set_device_policy(device_policy_->GetBlob()); |
| 1116 fake_session_manager_client_->OnPropertyChangeComplete(true); |
| 1117 run_loop.Run(); |
| 1118 } |
| 1119 |
| 1098 void SAMLPolicyTest::ShowGAIALoginForm() { | 1120 void SAMLPolicyTest::ShowGAIALoginForm() { |
| 1099 login_screen_load_observer_->Wait(); | 1121 login_screen_load_observer_->Wait(); |
| 1100 ASSERT_TRUE(content::ExecuteScript( | 1122 ASSERT_TRUE(content::ExecuteScript( |
| 1101 GetLoginUI()->GetWebContents(), | 1123 GetLoginUI()->GetWebContents(), |
| 1102 "$('gaia-signin').gaiaAuthHost_.addEventListener('ready', function() {" | 1124 "$('gaia-signin').gaiaAuthHost_.addEventListener('ready', function() {" |
| 1103 " window.domAutomationController.setAutomationId(0);" | 1125 " window.domAutomationController.setAutomationId(0);" |
| 1104 " window.domAutomationController.send('ready');" | 1126 " window.domAutomationController.send('ready');" |
| 1105 "});" | 1127 "});" |
| 1106 "$('add-user-button').click();")); | 1128 "$('add-user-button').click();")); |
| 1107 content::DOMMessageQueue message_queue; | 1129 content::DOMMessageQueue message_queue; |
| (...skipping 291 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1399 SetSignFormField("Password", "fake_password"); | 1421 SetSignFormField("Password", "fake_password"); |
| 1400 | 1422 |
| 1401 // Scraping one password should finish login. | 1423 // Scraping one password should finish login. |
| 1402 content::WindowedNotificationObserver session_start_waiter( | 1424 content::WindowedNotificationObserver session_start_waiter( |
| 1403 chrome::NOTIFICATION_SESSION_STARTED, | 1425 chrome::NOTIFICATION_SESSION_STARTED, |
| 1404 content::NotificationService::AllSources()); | 1426 content::NotificationService::AllSources()); |
| 1405 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); | 1427 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); |
| 1406 session_start_waiter.Wait(); | 1428 session_start_waiter.Wait(); |
| 1407 } | 1429 } |
| 1408 | 1430 |
| 1431 // Ensure that the permission status of getUserMedia requests from SAML login |
| 1432 // pages is controlled by the kLoginVideoCaptureAllowedUrls pref rather than the |
| 1433 // underlying user content setting. |
| 1434 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, TestLoginMediaPermission) { |
| 1435 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); |
| 1436 |
| 1437 const GURL url1("https://google.com"); |
| 1438 const GURL url2("https://example.com"); |
| 1439 const GURL url3("https://not-allowed.com"); |
| 1440 SetLoginVideoCaptureAllowedUrls({url1, url2}); |
| 1441 WaitForSigninScreen(); |
| 1442 |
| 1443 content::WebContents* web_contents = GetLoginUI()->GetWebContents(); |
| 1444 Profile* profile = |
| 1445 Profile::FromBrowserContext(web_contents->GetBrowserContext()); |
| 1446 content::MediaStreamRequestResult reason; |
| 1447 |
| 1448 // Mic should always be blocked. |
| 1449 { |
| 1450 MediaPermission permission(CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC, url1, |
| 1451 url1, profile, web_contents); |
| 1452 EXPECT_EQ(CONTENT_SETTING_BLOCK, permission.GetPermissionStatus(&reason)); |
| 1453 } |
| 1454 |
| 1455 // Camera should be allowed if allowed by the whitelist, otherwise blocked. |
| 1456 { |
| 1457 MediaPermission permission(CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA, url1, |
| 1458 url1, profile, web_contents); |
| 1459 EXPECT_EQ(CONTENT_SETTING_ALLOW, permission.GetPermissionStatus(&reason)); |
| 1460 } |
| 1461 |
| 1462 { |
| 1463 MediaPermission permission(CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA, url2, |
| 1464 url2, profile, web_contents); |
| 1465 EXPECT_EQ(CONTENT_SETTING_ALLOW, permission.GetPermissionStatus(&reason)); |
| 1466 } |
| 1467 |
| 1468 { |
| 1469 MediaPermission permission(CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA, url3, |
| 1470 url3, profile, web_contents); |
| 1471 EXPECT_EQ(CONTENT_SETTING_BLOCK, permission.GetPermissionStatus(&reason)); |
| 1472 } |
| 1473 |
| 1474 // Camera should be blocked in the login screen, even if it's allowed via |
| 1475 // content setting. |
| 1476 { |
| 1477 HostContentSettingsMapFactory::GetForProfile(profile) |
| 1478 ->SetContentSettingDefaultScope( |
| 1479 url3, url3, CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA, std::string(), |
| 1480 CONTENT_SETTING_ALLOW); |
| 1481 |
| 1482 MediaPermission permission(CONTENT_SETTINGS_TYPE_MEDIASTREAM_CAMERA, url3, |
| 1483 url3, profile, web_contents); |
| 1484 EXPECT_EQ(CONTENT_SETTING_BLOCK, permission.GetPermissionStatus(&reason)); |
| 1485 } |
| 1486 } |
| 1487 |
| 1409 } // namespace chromeos | 1488 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2696703006:
Move media permission checking logic for ChromeOS login pages (Closed)
