OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_factory.h" | |
6 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_storage.h" | |
7 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" | |
8 #include "chrome/common/pref_names.h" | |
9 #include "chrome/test/base/testing_profile.h" | |
10 #include "components/prefs/pref_service.h" | |
11 #include "content/public/test/test_browser_thread_bundle.h" | |
12 #include "testing/gtest/include/gtest/gtest.h" | |
13 | |
14 namespace chromeos { | |
15 namespace { | |
16 | |
17 void SetConfirmationFrequency( | |
18 PrefService* pref_service, | |
19 quick_unlock::PasswordConfirmationFrequency frequency) { | |
20 pref_service->SetInteger(prefs::kQuickUnlockTimeout, | |
21 static_cast<int>(frequency)); | |
22 } | |
23 | |
24 base::TimeDelta GetExpirationTime(PrefService* pref_service) { | |
25 int frequency = pref_service->GetInteger(prefs::kQuickUnlockTimeout); | |
26 return quick_unlock::PasswordConfirmationFrequencyToTimeDelta( | |
27 static_cast<quick_unlock::PasswordConfirmationFrequency>(frequency)); | |
28 } | |
29 | |
30 class FingerprintStorageUnitTest : public testing::Test { | |
31 protected: | |
32 FingerprintStorageUnitTest() : profile_(new TestingProfile()) {} | |
33 ~FingerprintStorageUnitTest() override {} | |
34 | |
35 // testing::Test: | |
36 void SetUp() override { quick_unlock::EnableForTesting(); } | |
37 | |
38 content::TestBrowserThreadBundle thread_bundle_; | |
39 std::unique_ptr<TestingProfile> profile_; | |
40 | |
41 DISALLOW_COPY_AND_ASSIGN(FingerprintStorageUnitTest); | |
42 }; | |
43 | |
44 } // namespace | |
45 | |
46 // Provides test-only FingerprintStorage APIs. | |
47 class FingerprintStorageTestApi { | |
48 public: | |
49 // Does *not* take ownership over |fingerprint_storage|. | |
50 explicit FingerprintStorageTestApi( | |
51 quick_unlock::FingerprintStorage* fingerprint_storage) | |
52 : fingerprint_storage_(fingerprint_storage) {} | |
53 | |
54 // Reduces the amount of strong auth time available by |time_delta|. | |
55 void ReduceRemainingStrongAuthTimeBy(const base::TimeDelta& time_delta) { | |
56 fingerprint_storage_->last_strong_auth_ -= time_delta; | |
57 } | |
58 | |
59 bool HasStrongAuthInfo() { | |
60 return !fingerprint_storage_->last_strong_auth_.is_null(); | |
61 } | |
62 | |
63 void SetEnrollments(bool has_enrollments) { | |
64 fingerprint_storage_->has_enrollments_ = has_enrollments; | |
65 } | |
66 | |
67 private: | |
68 quick_unlock::FingerprintStorage* fingerprint_storage_; | |
69 | |
70 DISALLOW_COPY_AND_ASSIGN(FingerprintStorageTestApi); | |
71 }; | |
72 | |
73 // Verifies that: | |
74 // 1. Initial unlock attempt count is zero. | |
75 // 2. Attempting unlock attempts correctly increases unlock attempt count. | |
76 // 3. Resetting unlock attempt count correctly sets attempt count to 0. | |
77 TEST_F(FingerprintStorageUnitTest, UnlockAttemptCount) { | |
78 quick_unlock::FingerprintStorage* fingerprint_storage = | |
79 quick_unlock::QuickUnlockFactory::GetForProfile(profile_.get()) | |
80 ->fingerprint_storage(); | |
81 | |
82 EXPECT_EQ(0, fingerprint_storage->unlock_attempt_count()); | |
83 | |
84 fingerprint_storage->AddUnlockAttempt(); | |
85 fingerprint_storage->AddUnlockAttempt(); | |
86 fingerprint_storage->AddUnlockAttempt(); | |
87 EXPECT_EQ(3, fingerprint_storage->unlock_attempt_count()); | |
88 | |
89 fingerprint_storage->ResetUnlockAttemptCount(); | |
90 EXPECT_EQ(0, fingerprint_storage->unlock_attempt_count()); | |
91 } | |
92 | |
93 // Verifies that marking the strong auth makes TimeSinceLastStrongAuth a > zero | |
94 // value. | |
95 TEST_F(FingerprintStorageUnitTest, | |
96 TimeSinceLastStrongAuthReturnsPositiveValue) { | |
97 quick_unlock::FingerprintStorage* fingerprint_storage = | |
98 quick_unlock::QuickUnlockFactory::GetForProfile(profile_.get()) | |
99 ->fingerprint_storage(); | |
100 PrefService* pref_service = profile_->GetPrefs(); | |
101 FingerprintStorageTestApi test_api(fingerprint_storage); | |
102 | |
103 EXPECT_FALSE(test_api.HasStrongAuthInfo()); | |
104 | |
105 fingerprint_storage->MarkStrongAuth(); | |
106 | |
107 EXPECT_TRUE(test_api.HasStrongAuthInfo()); | |
108 base::TimeDelta expiration_time = GetExpirationTime(pref_service); | |
109 test_api.ReduceRemainingStrongAuthTimeBy(expiration_time); | |
110 | |
111 EXPECT_TRUE(fingerprint_storage->TimeSinceLastStrongAuth() >= | |
112 (expiration_time / 2)); | |
113 } | |
114 | |
115 // Verifies that by altering the password confirmation preference, the | |
116 // fingerprint storage will request password reconfirmation as expected. | |
117 TEST_F(FingerprintStorageUnitTest, | |
jdufault
2017/02/27 21:41:50
You should be able to remove these strong auth tes
xiaoyinh(OOO Sep 11-29)
2017/02/28 01:20:49
Done.
| |
118 QuickUnlockPasswordConfirmationFrequencyPreference) { | |
119 quick_unlock::FingerprintStorage* fingerprint_storage = | |
120 quick_unlock::QuickUnlockFactory::GetForProfile(profile_.get()) | |
121 ->fingerprint_storage(); | |
122 PrefService* pref_service = profile_->GetPrefs(); | |
123 FingerprintStorageTestApi test_api(fingerprint_storage); | |
124 | |
125 // The default is one day, so verify moving the last strong auth time back 12 | |
126 // hours(half of the expiration time) should not request strong auth. | |
127 fingerprint_storage->MarkStrongAuth(); | |
128 base::TimeDelta expiration_time = GetExpirationTime(pref_service); | |
129 test_api.ReduceRemainingStrongAuthTimeBy(expiration_time / 2); | |
130 EXPECT_TRUE(fingerprint_storage->HasStrongAuth()); | |
131 | |
132 // Verify moving the last strong auth time back another half of the expiration | |
133 // time should request strong auth. | |
134 test_api.ReduceRemainingStrongAuthTimeBy(expiration_time / 2); | |
135 EXPECT_FALSE(fingerprint_storage->HasStrongAuth()); | |
136 | |
137 // Verify that by changing the frequency of required password confirmation to | |
138 // six hours, moving the last strong auth interval back by 3 hours(half) will | |
139 // not trigger a request for strong auth, but moving it by an additional 3 | |
140 // hours will. | |
141 fingerprint_storage->MarkStrongAuth(); | |
142 SetConfirmationFrequency( | |
143 pref_service, quick_unlock::PasswordConfirmationFrequency::SIX_HOURS); | |
144 expiration_time = GetExpirationTime(pref_service); | |
145 test_api.ReduceRemainingStrongAuthTimeBy(expiration_time / 2); | |
146 EXPECT_TRUE(fingerprint_storage->HasStrongAuth()); | |
147 test_api.ReduceRemainingStrongAuthTimeBy(expiration_time / 2); | |
148 EXPECT_FALSE(fingerprint_storage->HasStrongAuth()); | |
149 | |
150 // A valid strong auth becomes invalid if the confirmation frequency is | |
151 // shortened to less than the expiration time. | |
152 fingerprint_storage->MarkStrongAuth(); | |
153 SetConfirmationFrequency( | |
154 pref_service, quick_unlock::PasswordConfirmationFrequency::TWELVE_HOURS); | |
155 expiration_time = GetExpirationTime(pref_service); | |
156 EXPECT_TRUE(fingerprint_storage->HasStrongAuth()); | |
157 test_api.ReduceRemainingStrongAuthTimeBy(expiration_time / 2); | |
158 EXPECT_TRUE(fingerprint_storage->HasStrongAuth()); | |
159 SetConfirmationFrequency( | |
160 pref_service, quick_unlock::PasswordConfirmationFrequency::SIX_HOURS); | |
161 EXPECT_FALSE(fingerprint_storage->HasStrongAuth()); | |
162 | |
163 // An expired strong auth becomes usable if the confirmation frequency gets | |
164 // extended past the expiration time. | |
165 fingerprint_storage->MarkStrongAuth(); | |
166 SetConfirmationFrequency( | |
167 pref_service, quick_unlock::PasswordConfirmationFrequency::SIX_HOURS); | |
168 expiration_time = GetExpirationTime(pref_service); | |
169 EXPECT_TRUE(fingerprint_storage->HasStrongAuth()); | |
170 test_api.ReduceRemainingStrongAuthTimeBy(expiration_time); | |
171 EXPECT_FALSE(fingerprint_storage->HasStrongAuth()); | |
172 SetConfirmationFrequency( | |
173 pref_service, quick_unlock::PasswordConfirmationFrequency::TWELVE_HOURS); | |
174 EXPECT_TRUE(fingerprint_storage->HasStrongAuth()); | |
175 } | |
176 | |
177 // Verifies that authentication is not available when | |
178 // 1. No enrollments registered | |
179 // 2. Too many authentication attempts | |
180 // 3. No valid strong auth | |
181 TEST_F(FingerprintStorageUnitTest, AuthenticationUnAvailable) { | |
182 quick_unlock::FingerprintStorage* fingerprint_storage = | |
183 quick_unlock::QuickUnlockFactory::GetForProfile(profile_.get()) | |
184 ->fingerprint_storage(); | |
185 PrefService* pref_service = profile_->GetPrefs(); | |
186 FingerprintStorageTestApi test_api(fingerprint_storage); | |
187 | |
188 EXPECT_FALSE(test_api.HasStrongAuthInfo()); | |
189 fingerprint_storage->MarkStrongAuth(); | |
190 EXPECT_TRUE(test_api.HasStrongAuthInfo()); | |
191 | |
192 EXPECT_FALSE(fingerprint_storage->HasEnrollment()); | |
193 test_api.SetEnrollments(true); | |
194 EXPECT_TRUE(fingerprint_storage->HasEnrollment()); | |
195 EXPECT_EQ(0, fingerprint_storage->unlock_attempt_count()); | |
196 EXPECT_TRUE(fingerprint_storage->IsFingerprintAuthenticationAvailable()); | |
197 | |
198 // No enrollment registered makes fingerprint authentication unavailable. | |
199 test_api.SetEnrollments(false); | |
200 EXPECT_FALSE(fingerprint_storage->IsFingerprintAuthenticationAvailable()); | |
201 test_api.SetEnrollments(true); | |
202 EXPECT_TRUE(fingerprint_storage->IsFingerprintAuthenticationAvailable()); | |
203 | |
204 // Too many authentication attempts make fingerprint authentication | |
205 // unavailable. | |
206 for (int i = 0; i < quick_unlock::FingerprintStorage::kMaximumUnlockAttempts; | |
207 ++i) { | |
208 fingerprint_storage->AddUnlockAttempt(); | |
209 } | |
210 EXPECT_FALSE(fingerprint_storage->IsFingerprintAuthenticationAvailable()); | |
211 fingerprint_storage->ResetUnlockAttemptCount(); | |
212 EXPECT_TRUE(fingerprint_storage->IsFingerprintAuthenticationAvailable()); | |
213 | |
214 // Strong auth becomes invalid after 1 day, and invalid strong auth makes | |
215 // fingerprint authentication unavailable. | |
216 base::TimeDelta expiration_time = GetExpirationTime(pref_service); | |
217 test_api.ReduceRemainingStrongAuthTimeBy(expiration_time); | |
218 EXPECT_FALSE(fingerprint_storage->HasStrongAuth()); | |
219 EXPECT_FALSE(fingerprint_storage->IsFingerprintAuthenticationAvailable()); | |
220 } | |
221 | |
222 } // namespace chromeos | |
OLD | NEW |