Don't let creating Google accounts on the Active Directory devices.

chrome/browser/chromeos/login/existing_user_controller_browsertest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
@@ skipping 60 matching lines @@
 namespace em = enterprise_management;
 
 namespace chromeos {
 
 namespace {
 
 const char kGaiaID[] = "12345";
 const char kUsername[] = "test_user@gmail.com";
 const char kSupervisedUserID[] = "supervised_user@locally-managed.localhost";
 const char kPassword[] = "test_password";
+const char kActiveDirectoryRealm[] = "active.directory.realm";
 
 const char kPublicSessionUserEmail[] = "public_session_user@localhost";
 const int kAutoLoginNoDelay = 0;
 const int kAutoLoginShortDelay = 1;
 const int kAutoLoginLongDelay = 10000;
 
 // Wait for cros settings to become permanently untrusted and run |callback|.
 void WaitForPermanentlyUntrustedStatusAndRun(const base::Closure& callback) {
   while (true) {
     const CrosSettingsProvider::TrustedStatus status =
@@ skipping 132 matching lines @@
   std::unique_ptr<ExistingUserController> existing_user_controller_;
 
   // |mock_login_display_| is owned by the ExistingUserController, which calls
   // CreateLoginDisplay() on the |mock_login_display_host_| to get it.
   MockLoginDisplay* mock_login_display_ = nullptr;
   std::unique_ptr<MockLoginDisplayHost> mock_login_display_host_;
 
   // Mock URLFetcher.
   MockURLFetcherFactory<SuccessFetcher> factory_;
 
-  const AccountId account_id_ =
+  const AccountId google_account_id_ =

[achuithb, 2017/02/17 13:03:49]

I think gaia_account_id_ is a better name, and more consistent with the rest of
this codebase.

[Roman Sorokin (ftl), 2017/02/17 14:28:43]

Done.

       AccountId::FromUserEmailGaiaId(kUsername, kGaiaID);
+  const AccountId ad_account_id_ =
+      AccountId::AdFromUserEmailObjGuid(kUsername, kGaiaID);
 
  private:
   DISALLOW_COPY_AND_ASSIGN(ExistingUserControllerTest);
 };
 
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerTest, PRE_ExistingUserLogin) {
-  RegisterUser(account_id_.GetUserEmail());
+  RegisterUser(google_account_id_.GetUserEmail());
 }
 
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerTest, DISABLED_ExistingUserLogin) {
   EXPECT_CALL(*mock_login_display_, SetUIEnabled(false))
       .Times(2);
-  UserContext user_context(account_id_);
+  UserContext user_context(google_account_id_);
   user_context.SetKey(Key(kPassword));
-  user_context.SetUserIDHash(account_id_.GetUserEmail());
+  user_context.SetUserIDHash(google_account_id_.GetUserEmail());
   test::UserSessionManagerTestApi session_manager_test_api(
       UserSessionManager::GetInstance());
   session_manager_test_api.InjectStubUserContext(user_context);
   EXPECT_CALL(*mock_login_display_, SetUIEnabled(true))
       .Times(1);
   EXPECT_CALL(*mock_login_display_host_,
               StartWizard(OobeScreen::SCREEN_TERMS_OF_SERVICE))
       .Times(0);
 
   content::WindowedNotificationObserver profile_prepared_observer(
@@ skipping 30 matching lines @@
 
   ExpectLoginFailure();
 }
 
 void ExistingUserControllerUntrustedTest::SetUpSessionManager() {
   InstallOwnerKey();
 }
 
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerUntrustedTest,
                        ExistingUserLoginForbidden) {
-  UserContext user_context(account_id_);
+  UserContext user_context(google_account_id_);
   user_context.SetKey(Key(kPassword));
-  user_context.SetUserIDHash(account_id_.GetUserEmail());
+  user_context.SetUserIDHash(google_account_id_.GetUserEmail());
   existing_user_controller()->Login(user_context, SigninSpecifics());
 }
 
 // Per http://crbug.com/603735, NewUserLoginForbidden fails.
 #if defined(LINUX)
 #define MAYBE_NewUserLoginForbidden DISABLED_NewUserLoginForbidden
 #else
 #define MAYBE_NewUserLoginForbidden NewUserLoginForbidden
 #endif
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerUntrustedTest,
                        MAYBE_NewUserLoginForbidden) {
-  UserContext user_context(account_id_);
+  UserContext user_context(google_account_id_);
   user_context.SetKey(Key(kPassword));
-  user_context.SetUserIDHash(account_id_.GetUserEmail());
+  user_context.SetUserIDHash(google_account_id_.GetUserEmail());
   existing_user_controller()->CompleteLogin(user_context);
 }
 
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerUntrustedTest,
                        GuestLoginForbidden) {
   existing_user_controller()->Login(
       UserContext(user_manager::USER_TYPE_GUEST, EmptyAccountId()),
       SigninSpecifics());
 }
 
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerUntrustedTest,
                        SupervisedUserLoginForbidden) {
   UserContext user_context(AccountId::FromUserEmail(kSupervisedUserID));
   user_context.SetKey(Key(kPassword));
-  user_context.SetUserIDHash(account_id_.GetUserEmail());
+  user_context.SetUserIDHash(google_account_id_.GetUserEmail());
   existing_user_controller()->Login(user_context, SigninSpecifics());
 }
 
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerUntrustedTest,
                        SupervisedUserCreationForbidden) {
   MockBaseScreenDelegate mock_base_screen_delegate;
   SupervisedUserCreationScreenHandler supervised_user_creation_screen_handler;
   SupervisedUserCreationScreen supervised_user_creation_screen(
       &mock_base_screen_delegate, &supervised_user_creation_screen_handler);
 
-  supervised_user_creation_screen.AuthenticateManager(account_id_, kPassword);
+  supervised_user_creation_screen.AuthenticateManager(google_account_id_,
+                                                      kPassword);
 }
 
 MATCHER_P(HasDetails, expected, "") {
   return expected == *content::Details<const std::string>(arg).ptr();
 }
 
 class ExistingUserControllerPublicSessionTest
     : public ExistingUserControllerTest {
  protected:
   ExistingUserControllerPublicSessionTest() {}
@@ skipping 237 matching lines @@
   profile_prepared_observer.Wait();
 
   // Wait for login tasks to complete.
   content::RunAllPendingInMessageLoop();
 }
 
 // See http://crbug.com/654719
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest,
                        DISABLED_LoginStopsAutoLogin) {
   // Set up mocks to check login success.
-  UserContext user_context(account_id_);
+  UserContext user_context(google_account_id_);
   user_context.SetKey(Key(kPassword));
   user_context.SetUserIDHash(user_context.GetAccountId().GetUserEmail());
   ExpectSuccessfulLogin(user_context);
 
   existing_user_controller()->OnSigninScreenReady();
   SetAutoLoginPolicy(kPublicSessionUserEmail, kAutoLoginLongDelay);
   EXPECT_TRUE(auto_login_timer());
 
   content::WindowedNotificationObserver profile_prepared_observer(
       chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED,
@@ skipping 14 matching lines @@
   ASSERT_TRUE(auto_login_timer());
   EXPECT_FALSE(auto_login_timer()->IsRunning());
 
   ClearNotifications();
 }
 
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest,
                        GuestModeLoginStopsAutoLogin) {
   EXPECT_CALL(*mock_login_display_, SetUIEnabled(false))
       .Times(2);
-  UserContext user_context(account_id_);
+  UserContext user_context(google_account_id_);
   user_context.SetKey(Key(kPassword));
   test::UserSessionManagerTestApi session_manager_test_api(
       UserSessionManager::GetInstance());
   session_manager_test_api.InjectStubUserContext(user_context);
 
   existing_user_controller()->OnSigninScreenReady();
   SetAutoLoginPolicy(kPublicSessionUserEmail, kAutoLoginLongDelay);
   EXPECT_TRUE(auto_login_timer());
 
   // Login and check that it stopped the timer.
   existing_user_controller()->Login(
       UserContext(user_manager::USER_TYPE_GUEST, EmptyAccountId()),
       SigninSpecifics());
   EXPECT_TRUE(is_login_in_progress());
   ASSERT_TRUE(auto_login_timer());
   EXPECT_FALSE(auto_login_timer()->IsRunning());
 
   // Wait for login tasks to complete.
   content::RunAllPendingInMessageLoop();
 
   // Timer should still be stopped after login completes.
   ASSERT_TRUE(auto_login_timer());
   EXPECT_FALSE(auto_login_timer()->IsRunning());
 }
 
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest,
                        CompleteLoginStopsAutoLogin) {
   // Set up mocks to check login success.
-  UserContext user_context(account_id_);
+  UserContext user_context(google_account_id_);
   user_context.SetKey(Key(kPassword));
   user_context.SetUserIDHash(user_context.GetAccountId().GetUserEmail());
   ExpectSuccessfulLogin(user_context);
   EXPECT_CALL(*mock_login_display_host_, OnCompleteLogin())
       .Times(1);
 
   existing_user_controller()->OnSigninScreenReady();
   SetAutoLoginPolicy(kPublicSessionUserEmail, kAutoLoginLongDelay);
   EXPECT_TRUE(auto_login_timer());
 
@@ skipping 51 matching lines @@
   EXPECT_FALSE(auto_login_timer()->IsRunning());
 }
 
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest,
                        LoginForbiddenWhenUntrusted) {
   // Make cros settings untrusted.
   MakeCrosSettingsPermanentlyUntrusted();
 
   // Check that the attempt to start a public session fails with an error.
   ExpectLoginFailure();
-  UserContext user_context(account_id_);
+  UserContext user_context(google_account_id_);
   user_context.SetKey(Key(kPassword));
   user_context.SetUserIDHash(user_context.GetAccountId().GetUserEmail());
   existing_user_controller()->Login(user_context, SigninSpecifics());
 }
 
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest,
                        NoAutoLoginWhenUntrusted) {
   // Start the public session timer.
   SetAutoLoginPolicy(kPublicSessionUserEmail, kAutoLoginLongDelay);
   existing_user_controller()->OnSigninScreenReady();
@@ skipping 10 matching lines @@
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest,
                        PRE_TestLoadingPublicUsersFromLocalState) {
   // First run propagates public accounts and stores them in Local State.
 }
 
 IN_PROC_BROWSER_TEST_F(ExistingUserControllerPublicSessionTest,
                        TestLoadingPublicUsersFromLocalState) {
   // Second run loads list of public accounts from Local State.
 }
 
+class ExistingUserControllerActiveDirectoryTest
+    : public ExistingUserControllerTest {
+ public:
+  ExistingUserControllerActiveDirectoryTest() = default;
+
+  void MarkOwnership() override {

[achuithb, 2017/02/17 13:03:49]

comment about class whose methods are being overridden.

[Roman Sorokin (ftl), 2017/02/17 14:28:43]

Done.

+    policy::DevicePolicyCrosTestHelper::MarkAsActiveDirectoryEnterpriseOwned(
+        kActiveDirectoryRealm);
+  }
+
+  void SetUpInProcessBrowserTestFixture() override {
+    RefreshDevicePolicy();
+    ExistingUserControllerTest::SetUpInProcessBrowserTestFixture();
+  }
+
+ protected:
+  void ExpectLoginFailure() {
+    EXPECT_CALL(*mock_login_display_, SetUIEnabled(false)).Times(2);
+    EXPECT_CALL(*mock_login_display_,
+                ShowError(IDS_LOGIN_ERROR_ACTIVE_DIRECTORY_ONLY, 1,
+                          HelpAppLauncher::HELP_CANT_ACCESS_ACCOUNT))
+        .Times(1);
+    EXPECT_CALL(*mock_login_display_, SetUIEnabled(true)).Times(1);
+  }
+  void ExpectLoginSuccess() {
+    EXPECT_CALL(*mock_login_display_, SetUIEnabled(false)).Times(2);
+    EXPECT_CALL(*mock_login_display_, SetUIEnabled(true)).Times(1);
+    EXPECT_CALL(*mock_login_display_host_, OnCompleteLogin()).Times(1);
+  }
+};
+
+IN_PROC_BROWSER_TEST_F(ExistingUserControllerActiveDirectoryTest,

[achuithb, 2017/02/17 13:03:49]

Comment about what's being tested by this.

[Roman Sorokin (ftl), 2017/02/17 14:28:43]

Done.

+                       ActiveDirectoryOnlineLogin_Success) {
+  ExpectLoginSuccess();
+  UserContext user_context(ad_account_id_);
+  user_context.SetKey(Key(kPassword));
+  user_context.SetUserIDHash(ad_account_id_.GetUserEmail());
+  user_context.SetAuthFlow(UserContext::AUTH_FLOW_ACTIVE_DIRECTORY);
+  user_context.SetUserType(user_manager::UserType::USER_TYPE_ACTIVE_DIRECTORY);
+  content::WindowedNotificationObserver profile_prepared_observer(
+      chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED,
+      content::NotificationService::AllSources());
+  existing_user_controller()->CompleteLogin(user_context);
+
+  profile_prepared_observer.Wait();
+  base::ThreadTaskRunnerHandle::Get()->PostTask(
+      FROM_HERE, base::Bind(&ClearNotifications));
+  content::RunAllPendingInMessageLoop();
+}
+
+IN_PROC_BROWSER_TEST_F(ExistingUserControllerActiveDirectoryTest,

[achuithb, 2017/02/17 13:03:49]

Function comment

[Roman Sorokin (ftl), 2017/02/17 14:28:43]

Done.

+                       ActiveDirectoryOfflineLogin_Failure) {
+  ExpectLoginFailure();
+  UserContext user_context(ad_account_id_);
+  user_context.SetKey(Key(kPassword));
+  user_context.SetUserIDHash(ad_account_id_.GetUserEmail());
+  user_context.SetUserType(user_manager::UserType::USER_TYPE_ACTIVE_DIRECTORY);
+  existing_user_controller()->Login(user_context, SigninSpecifics());
+}
+
+IN_PROC_BROWSER_TEST_F(ExistingUserControllerActiveDirectoryTest,

[achuithb, 2017/02/17 13:03:49]

Function comment

[Roman Sorokin (ftl), 2017/02/17 14:28:43]

Done.

+                       GoogleAccountLogin_Failure) {
+  ExpectLoginFailure();

[achuithb, 2017/02/17 13:03:49]

GAIAAccountLogin_Failure

[Roman Sorokin (ftl), 2017/02/17 14:28:43]

Done.

+  EXPECT_CALL(*mock_login_display_host_, OnCompleteLogin()).Times(1);
+  UserContext user_context(google_account_id_);
+  user_context.SetKey(Key(kPassword));
+  user_context.SetUserIDHash(google_account_id_.GetUserEmail());
+  existing_user_controller()->CompleteLogin(user_context);
+}
+
 }  // namespace chromeos