OLD | NEW |
| (Empty) |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/ui/ash/session_state_delegate_chromeos.h" | |
6 | |
7 #include <memory> | |
8 #include <string> | |
9 #include <vector> | |
10 | |
11 #include "base/macros.h" | |
12 #include "base/run_loop.h" | |
13 #include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h" | |
14 #include "chrome/browser/chromeos/login/users/multi_profile_user_controller.h" | |
15 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h" | |
16 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | |
17 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | |
18 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" | |
19 #include "chrome/browser/chromeos/profiles/profile_helper.h" | |
20 #include "chrome/common/pref_names.h" | |
21 #include "chrome/test/base/testing_browser_process.h" | |
22 #include "chrome/test/base/testing_profile_manager.h" | |
23 #include "components/signin/core/account_id/account_id.h" | |
24 #include "components/user_manager/user_manager.h" | |
25 #include "content/public/test/test_browser_thread_bundle.h" | |
26 #include "net/cert/x509_certificate.h" | |
27 #include "net/test/cert_test_util.h" | |
28 #include "net/test/test_data_directory.h" | |
29 #include "testing/gtest/include/gtest/gtest.h" | |
30 | |
31 namespace chromeos { | |
32 | |
33 namespace { | |
34 | |
35 const char* kUser = "user@test.com"; | |
36 | |
37 // Weak ptr to PolicyCertVerifier - object is freed in test destructor once | |
38 // we've ensured the profile has been shut down. | |
39 policy::PolicyCertVerifier* g_policy_cert_verifier_for_factory = NULL; | |
40 | |
41 std::unique_ptr<KeyedService> CreateTestPolicyCertService( | |
42 content::BrowserContext* context) { | |
43 return policy::PolicyCertService::CreateForTesting( | |
44 kUser, g_policy_cert_verifier_for_factory, | |
45 user_manager::UserManager::Get()); | |
46 } | |
47 | |
48 } // namespace | |
49 | |
50 class SessionStateDelegateChromeOSTest : public testing::Test { | |
51 protected: | |
52 SessionStateDelegateChromeOSTest() : user_manager_(NULL) { | |
53 } | |
54 | |
55 ~SessionStateDelegateChromeOSTest() override {} | |
56 | |
57 void SetUp() override { | |
58 // Initialize the UserManager singleton to a fresh FakeChromeUserManager | |
59 // instance. | |
60 user_manager_ = new FakeChromeUserManager; | |
61 user_manager_enabler_.reset( | |
62 new chromeos::ScopedUserManagerEnabler(user_manager_)); | |
63 | |
64 // Create our SessionStateDelegate to experiment with. | |
65 session_state_delegate_.reset(new SessionStateDelegateChromeos()); | |
66 testing::Test::SetUp(); | |
67 } | |
68 | |
69 void TearDown() override { | |
70 testing::Test::TearDown(); | |
71 session_state_delegate_.reset(); | |
72 user_manager_enabler_.reset(); | |
73 user_manager_ = NULL; | |
74 // Clear our cached pointer to the PolicyCertVerifier. | |
75 g_policy_cert_verifier_for_factory = NULL; | |
76 profile_manager_.reset(); | |
77 | |
78 // We must ensure that the PolicyCertVerifier outlives the | |
79 // PolicyCertService so shutdown the profile here. Additionally, we need | |
80 // to run the message loop between freeing the PolicyCertService and | |
81 // freeing the PolicyCertVerifier (see | |
82 // PolicyCertService::OnTrustAnchorsChanged() which is called from | |
83 // PolicyCertService::Shutdown()). | |
84 base::RunLoop().RunUntilIdle(); | |
85 } | |
86 | |
87 // Add and log in a user to the session. | |
88 void UserAddedToSession(std::string user) { | |
89 user_manager()->AddUser(AccountId::FromUserEmail(user)); | |
90 user_manager()->LoginUser(AccountId::FromUserEmail(user)); | |
91 } | |
92 | |
93 // Get the active user. | |
94 const std::string& GetActiveUserEmail() { | |
95 return user_manager::UserManager::Get() | |
96 ->GetActiveUser() | |
97 ->GetAccountId() | |
98 .GetUserEmail(); | |
99 } | |
100 | |
101 FakeChromeUserManager* user_manager() { return user_manager_; } | |
102 SessionStateDelegateChromeos* session_state_delegate() { | |
103 return session_state_delegate_.get(); | |
104 } | |
105 | |
106 void InitForMultiProfile() { | |
107 profile_manager_.reset( | |
108 new TestingProfileManager(TestingBrowserProcess::GetGlobal())); | |
109 ASSERT_TRUE(profile_manager_->SetUp()); | |
110 | |
111 const AccountId account_id(AccountId::FromUserEmail(kUser)); | |
112 const user_manager::User* user = user_manager()->AddUser(account_id); | |
113 | |
114 // Note that user profiles are created after user login in reality. | |
115 user_profile_ = | |
116 profile_manager_->CreateTestingProfile(account_id.GetUserEmail()); | |
117 user_profile_->set_profile_name(account_id.GetUserEmail()); | |
118 chromeos::ProfileHelper::Get()->SetUserToProfileMappingForTesting( | |
119 user, user_profile_); | |
120 } | |
121 | |
122 content::TestBrowserThreadBundle threads_; | |
123 std::unique_ptr<policy::PolicyCertVerifier> cert_verifier_; | |
124 std::unique_ptr<TestingProfileManager> profile_manager_; | |
125 TestingProfile* user_profile_; | |
126 | |
127 private: | |
128 std::unique_ptr<chromeos::ScopedUserManagerEnabler> user_manager_enabler_; | |
129 std::unique_ptr<SessionStateDelegateChromeos> session_state_delegate_; | |
130 | |
131 // Not owned. | |
132 FakeChromeUserManager* user_manager_; | |
133 | |
134 DISALLOW_COPY_AND_ASSIGN(SessionStateDelegateChromeOSTest); | |
135 }; | |
136 | |
137 // Make sure that cycling one user does not cause any harm. | |
138 TEST_F(SessionStateDelegateChromeOSTest, CyclingOneUser) { | |
139 UserAddedToSession("firstuser@test.com"); | |
140 | |
141 EXPECT_EQ("firstuser@test.com", GetActiveUserEmail()); | |
142 session_state_delegate()->CycleActiveUser(ash::CycleUserDirection::NEXT); | |
143 EXPECT_EQ("firstuser@test.com", GetActiveUserEmail()); | |
144 session_state_delegate()->CycleActiveUser(ash::CycleUserDirection::PREVIOUS); | |
145 EXPECT_EQ("firstuser@test.com", GetActiveUserEmail()); | |
146 } | |
147 | |
148 // Cycle three users forwards and backwards to see that it works. | |
149 TEST_F(SessionStateDelegateChromeOSTest, CyclingThreeUsers) { | |
150 UserAddedToSession("firstuser@test.com"); | |
151 UserAddedToSession("seconduser@test.com"); | |
152 UserAddedToSession("thirduser@test.com"); | |
153 const ash::CycleUserDirection forward = ash::CycleUserDirection::NEXT; | |
154 | |
155 // Cycle forward. | |
156 EXPECT_EQ("firstuser@test.com", GetActiveUserEmail()); | |
157 session_state_delegate()->CycleActiveUser(forward); | |
158 EXPECT_EQ("seconduser@test.com", GetActiveUserEmail()); | |
159 session_state_delegate()->CycleActiveUser(forward); | |
160 EXPECT_EQ("thirduser@test.com", GetActiveUserEmail()); | |
161 session_state_delegate()->CycleActiveUser(forward); | |
162 EXPECT_EQ("firstuser@test.com", GetActiveUserEmail()); | |
163 | |
164 // Cycle backwards. | |
165 const ash::CycleUserDirection backward = ash::CycleUserDirection::PREVIOUS; | |
166 session_state_delegate()->CycleActiveUser(backward); | |
167 EXPECT_EQ("thirduser@test.com", GetActiveUserEmail()); | |
168 session_state_delegate()->CycleActiveUser(backward); | |
169 EXPECT_EQ("seconduser@test.com", GetActiveUserEmail()); | |
170 session_state_delegate()->CycleActiveUser(backward); | |
171 EXPECT_EQ("firstuser@test.com", GetActiveUserEmail()); | |
172 } | |
173 | |
174 // Make sure MultiProfile disabled by primary user policy. | |
175 TEST_F(SessionStateDelegateChromeOSTest, MultiProfileDisallowedByUserPolicy) { | |
176 InitForMultiProfile(); | |
177 EXPECT_TRUE( | |
178 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); | |
179 const AccountId account_id(AccountId::FromUserEmail(kUser)); | |
180 user_manager()->LoginUser(account_id); | |
181 EXPECT_TRUE( | |
182 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); | |
183 | |
184 user_profile_->GetPrefs()->SetString( | |
185 prefs::kMultiProfileUserBehavior, | |
186 chromeos::MultiProfileUserController::kBehaviorNotAllowed); | |
187 EXPECT_FALSE( | |
188 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); | |
189 } | |
190 | |
191 // Make sure MultiProfile disabled by primary user policy certificates. | |
192 TEST_F(SessionStateDelegateChromeOSTest, | |
193 MultiProfileDisallowedByPolicyCertificates) { | |
194 InitForMultiProfile(); | |
195 const AccountId account_id(AccountId::FromUserEmail(kUser)); | |
196 user_manager()->LoginUser(account_id); | |
197 EXPECT_TRUE( | |
198 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); | |
199 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates( | |
200 account_id.GetUserEmail()); | |
201 EXPECT_FALSE( | |
202 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); | |
203 | |
204 // Flush tasks posted to IO. | |
205 base::RunLoop().RunUntilIdle(); | |
206 } | |
207 | |
208 // Make sure MultiProfile disabled by primary user certificates in memory. | |
209 TEST_F(SessionStateDelegateChromeOSTest, | |
210 MultiProfileDisallowedByPrimaryUserCertificatesInMemory) { | |
211 InitForMultiProfile(); | |
212 const AccountId account_id(AccountId::FromUserEmail(kUser)); | |
213 user_manager()->LoginUser(account_id); | |
214 EXPECT_TRUE( | |
215 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); | |
216 cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure())); | |
217 g_policy_cert_verifier_for_factory = cert_verifier_.get(); | |
218 ASSERT_TRUE( | |
219 policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse( | |
220 user_profile_, CreateTestPolicyCertService)); | |
221 policy::PolicyCertService* service = | |
222 policy::PolicyCertServiceFactory::GetForProfile(user_profile_); | |
223 ASSERT_TRUE(service); | |
224 | |
225 EXPECT_FALSE(service->has_policy_certificates()); | |
226 net::CertificateList certificates; | |
227 certificates.push_back( | |
228 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem")); | |
229 service->OnTrustAnchorsChanged(certificates); | |
230 EXPECT_TRUE(service->has_policy_certificates()); | |
231 EXPECT_FALSE( | |
232 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); | |
233 | |
234 // Flush tasks posted to IO. | |
235 base::RunLoop().RunUntilIdle(); | |
236 } | |
237 | |
238 // Make sure adding users to multiprofiles disabled by reaching maximum | |
239 // number of users in sessions. | |
240 TEST_F(SessionStateDelegateChromeOSTest, | |
241 AddUserToMultiprofileDisallowedByMaximumUsers) { | |
242 InitForMultiProfile(); | |
243 | |
244 EXPECT_EQ(ash::AddUserSessionPolicy::ALLOWED, | |
245 session_state_delegate()->GetAddUserSessionPolicy()); | |
246 const AccountId account_id(AccountId::FromUserEmail(kUser)); | |
247 user_manager()->LoginUser(account_id); | |
248 while (session_state_delegate()->NumberOfLoggedInUsers() < | |
249 session_state_delegate()->GetMaximumNumberOfLoggedInUsers()) { | |
250 UserAddedToSession("bb@b.b"); | |
251 } | |
252 EXPECT_EQ(ash::AddUserSessionPolicy::ERROR_MAXIMUM_USERS_REACHED, | |
253 session_state_delegate()->GetAddUserSessionPolicy()); | |
254 } | |
255 | |
256 // Make sure adding users to multiprofiles disabled by logging in all possible | |
257 // users. | |
258 TEST_F(SessionStateDelegateChromeOSTest, | |
259 AddUserToMultiprofileDisallowedByAllUsersLogged) { | |
260 InitForMultiProfile(); | |
261 | |
262 EXPECT_EQ(ash::AddUserSessionPolicy::ALLOWED, | |
263 session_state_delegate()->GetAddUserSessionPolicy()); | |
264 const AccountId account_id(AccountId::FromUserEmail(kUser)); | |
265 user_manager()->LoginUser(account_id); | |
266 UserAddedToSession("bb@b.b"); | |
267 EXPECT_EQ(ash::AddUserSessionPolicy::ERROR_NO_ELIGIBLE_USERS, | |
268 session_state_delegate()->GetAddUserSessionPolicy()); | |
269 } | |
270 | |
271 // Make sure adding users to multiprofiles disabled by primary user policy. | |
272 TEST_F(SessionStateDelegateChromeOSTest, | |
273 AddUserToMultiprofileDisallowedByPrimaryUserPolicy) { | |
274 InitForMultiProfile(); | |
275 | |
276 EXPECT_EQ(ash::AddUserSessionPolicy::ALLOWED, | |
277 session_state_delegate()->GetAddUserSessionPolicy()); | |
278 const AccountId account_id(AccountId::FromUserEmail(kUser)); | |
279 user_manager()->LoginUser(account_id); | |
280 user_profile_->GetPrefs()->SetString( | |
281 prefs::kMultiProfileUserBehavior, | |
282 chromeos::MultiProfileUserController::kBehaviorNotAllowed); | |
283 user_manager()->AddUser(AccountId::FromUserEmail("bb@b.b")); | |
284 EXPECT_EQ(ash::AddUserSessionPolicy::ERROR_NOT_ALLOWED_PRIMARY_USER, | |
285 session_state_delegate()->GetAddUserSessionPolicy()); | |
286 } | |
287 | |
288 } // namespace chromeos | |
OLD | NEW |