| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/bind_helpers.h" | 6 #include "base/bind_helpers.h" |
| 7 #include "base/callback.h" | 7 #include "base/callback.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/file_util.h" | 9 #include "base/file_util.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 77 using net::test_server::BasicHttpResponse; | 77 using net::test_server::BasicHttpResponse; |
| 78 using net::test_server::HttpRequest; | 78 using net::test_server::HttpRequest; |
| 79 using net::test_server::HttpResponse; | 79 using net::test_server::HttpResponse; |
| 80 using testing::_; | 80 using testing::_; |
| 81 using testing::Return; | 81 using testing::Return; |
| 82 | 82 |
| 83 namespace chromeos { | 83 namespace chromeos { |
| 84 | 84 |
| 85 namespace { | 85 namespace { |
| 86 | 86 |
| 87 const char kTestAuthSIDCookie[] = "fake-auth-SID-cookie"; | |
| 88 const char kTestAuthLSIDCookie[] = "fake-auth-LSID-cookie"; | |
| 89 const char kTestAuthCode[] = "fake-auth-code"; | |
| 90 const char kTestGaiaUberToken[] = "fake-uber-token"; | |
| 91 const char kTestAuthLoginAccessToken[] = "fake-access-token"; | |
| 92 const char kTestRefreshToken[] = "fake-refresh-token"; | |
| 93 const char kTestSessionSIDCookie[] = "fake-session-SID-cookie"; | |
| 94 const char kTestSessionLSIDCookie[] = "fake-session-LSID-cookie"; | |
| 95 | |
| 96 const char kFirstSAMLUserEmail[] = "bob@example.com"; | 87 const char kFirstSAMLUserEmail[] = "bob@example.com"; |
| 97 const char kSecondSAMLUserEmail[] = "alice@example.com"; | 88 const char kSecondSAMLUserEmail[] = "alice@example.com"; |
| 98 const char kHTTPSAMLUserEmail[] = "carol@example.com"; | 89 const char kHTTPSAMLUserEmail[] = "carol@example.com"; |
| 99 const char kNonSAMLUserEmail[] = "dan@example.com"; | 90 const char kNonSAMLUserEmail[] = "dan@example.com"; |
| 100 const char kDifferentDomainSAMLUserEmail[] = "eve@example.test"; | 91 const char kDifferentDomainSAMLUserEmail[] = "eve@example.test"; |
| 101 | 92 |
| 102 const char kSAMLIdPCookieValue1[] = "value-1"; | 93 const char kSAMLIdPCookieValue1[] = "value-1"; |
| 103 const char kSAMLIdPCookieValue2[] = "value-2"; | 94 const char kSAMLIdPCookieValue2[] = "value-2"; |
| 104 | 95 |
| 105 const char kRelayState[] = "RelayState"; | 96 const char kRelayState[] = "RelayState"; |
| (...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 290 fake_gaia_.RegisterSamlUser(kSecondSAMLUserEmail, saml_idp_url); | 281 fake_gaia_.RegisterSamlUser(kSecondSAMLUserEmail, saml_idp_url); |
| 291 fake_gaia_.RegisterSamlUser( | 282 fake_gaia_.RegisterSamlUser( |
| 292 kHTTPSAMLUserEmail, | 283 kHTTPSAMLUserEmail, |
| 293 embedded_test_server()->base_url().Resolve("/SAML")); | 284 embedded_test_server()->base_url().Resolve("/SAML")); |
| 294 fake_gaia_.RegisterSamlUser(kDifferentDomainSAMLUserEmail, saml_idp_url); | 285 fake_gaia_.RegisterSamlUser(kDifferentDomainSAMLUserEmail, saml_idp_url); |
| 295 | 286 |
| 296 fake_gaia_.Initialize(); | 287 fake_gaia_.Initialize(); |
| 297 } | 288 } |
| 298 | 289 |
| 299 virtual void SetUpOnMainThread() OVERRIDE { | 290 virtual void SetUpOnMainThread() OVERRIDE { |
| 300 SetMergeSessionParams(kFirstSAMLUserEmail); | 291 fake_gaia_.SetFakeMergeSessionParamsForEmail(kFirstSAMLUserEmail); |
| 301 | 292 |
| 302 embedded_test_server()->RegisterRequestHandler( | 293 embedded_test_server()->RegisterRequestHandler( |
| 303 base::Bind(&FakeGaia::HandleRequest, base::Unretained(&fake_gaia_))); | 294 base::Bind(&FakeGaia::HandleRequest, base::Unretained(&fake_gaia_))); |
| 304 embedded_test_server()->RegisterRequestHandler(base::Bind( | 295 embedded_test_server()->RegisterRequestHandler(base::Bind( |
| 305 &FakeSamlIdp::HandleRequest, base::Unretained(&fake_saml_idp_))); | 296 &FakeSamlIdp::HandleRequest, base::Unretained(&fake_saml_idp_))); |
| 306 | 297 |
| 307 // Restart the thread as the sandbox host process has already been spawned. | 298 // Restart the thread as the sandbox host process has already been spawned. |
| 308 embedded_test_server()->RestartThreadAndListen(); | 299 embedded_test_server()->RestartThreadAndListen(); |
| 309 | 300 |
| 310 login_screen_load_observer_.reset(new content::WindowedNotificationObserver( | 301 login_screen_load_observer_.reset(new content::WindowedNotificationObserver( |
| 311 chrome::NOTIFICATION_LOGIN_OR_LOCK_WEBUI_VISIBLE, | 302 chrome::NOTIFICATION_LOGIN_OR_LOCK_WEBUI_VISIBLE, |
| 312 content::NotificationService::AllSources())); | 303 content::NotificationService::AllSources())); |
| 313 } | 304 } |
| 314 | 305 |
| 315 virtual void TearDownOnMainThread() OVERRIDE { | 306 virtual void TearDownOnMainThread() OVERRIDE { |
| 316 // If the login display is still showing, exit gracefully. | 307 // If the login display is still showing, exit gracefully. |
| 317 if (LoginDisplayHostImpl::default_host()) { | 308 if (LoginDisplayHostImpl::default_host()) { |
| 318 base::MessageLoop::current()->PostTask(FROM_HERE, | 309 base::MessageLoop::current()->PostTask(FROM_HERE, |
| 319 base::Bind(&chrome::AttemptExit)); | 310 base::Bind(&chrome::AttemptExit)); |
| 320 content::RunMessageLoop(); | 311 content::RunMessageLoop(); |
| 321 } | 312 } |
| 322 } | 313 } |
| 323 | 314 |
| 324 void SetMergeSessionParams(const std::string& email) { | |
| 325 FakeGaia::MergeSessionParams params; | |
| 326 params.auth_sid_cookie = kTestAuthSIDCookie; | |
| 327 params.auth_lsid_cookie = kTestAuthLSIDCookie; | |
| 328 params.auth_code = kTestAuthCode; | |
| 329 params.refresh_token = kTestRefreshToken; | |
| 330 params.access_token = kTestAuthLoginAccessToken; | |
| 331 params.gaia_uber_token = kTestGaiaUberToken; | |
| 332 params.session_sid_cookie = kTestSessionSIDCookie; | |
| 333 params.session_lsid_cookie = kTestSessionLSIDCookie; | |
| 334 params.email = email; | |
| 335 fake_gaia_.SetMergeSessionParams(params); | |
| 336 } | |
| 337 | |
| 338 WebUILoginDisplay* GetLoginDisplay() { | 315 WebUILoginDisplay* GetLoginDisplay() { |
| 339 ExistingUserController* controller = | 316 ExistingUserController* controller = |
| 340 ExistingUserController::current_controller(); | 317 ExistingUserController::current_controller(); |
| 341 CHECK(controller); | 318 CHECK(controller); |
| 342 return static_cast<WebUILoginDisplay*>(controller->login_display()); | 319 return static_cast<WebUILoginDisplay*>(controller->login_display()); |
| 343 } | 320 } |
| 344 | 321 |
| 345 void WaitForSigninScreen() { | 322 void WaitForSigninScreen() { |
| 346 WizardController* wizard_controller = | 323 WizardController* wizard_controller = |
| 347 WizardController::default_controller(); | 324 WizardController::default_controller(); |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 429 void ExecuteJsInSigninFrame(const std::string& js) { | 406 void ExecuteJsInSigninFrame(const std::string& js) { |
| 430 content::RenderFrameHost* frame = InlineLoginUI::GetAuthIframe( | 407 content::RenderFrameHost* frame = InlineLoginUI::GetAuthIframe( |
| 431 GetLoginUI()->GetWebContents(), GURL(), "signin-frame"); | 408 GetLoginUI()->GetWebContents(), GURL(), "signin-frame"); |
| 432 ASSERT_TRUE(content::ExecuteScript(frame, js)); | 409 ASSERT_TRUE(content::ExecuteScript(frame, js)); |
| 433 } | 410 } |
| 434 | 411 |
| 435 FakeSamlIdp* fake_saml_idp() { return &fake_saml_idp_; } | 412 FakeSamlIdp* fake_saml_idp() { return &fake_saml_idp_; } |
| 436 | 413 |
| 437 protected: | 414 protected: |
| 438 scoped_ptr<content::WindowedNotificationObserver> login_screen_load_observer_; | 415 scoped_ptr<content::WindowedNotificationObserver> login_screen_load_observer_; |
| 416 FakeGaia fake_gaia_; |
| 439 | 417 |
| 440 private: | 418 private: |
| 441 FakeGaia fake_gaia_; | |
| 442 FakeSamlIdp fake_saml_idp_; | 419 FakeSamlIdp fake_saml_idp_; |
| 443 scoped_ptr<HTTPSForwarder> gaia_https_forwarder_; | 420 scoped_ptr<HTTPSForwarder> gaia_https_forwarder_; |
| 444 scoped_ptr<HTTPSForwarder> saml_https_forwarder_; | 421 scoped_ptr<HTTPSForwarder> saml_https_forwarder_; |
| 445 | 422 |
| 446 bool saml_load_injected_; | 423 bool saml_load_injected_; |
| 447 | 424 |
| 448 DISALLOW_COPY_AND_ASSIGN(SamlTest); | 425 DISALLOW_COPY_AND_ASSIGN(SamlTest); |
| 449 }; | 426 }; |
| 450 | 427 |
| 451 // Tests that signin frame should have 'saml' class and 'cancel' button is | 428 // Tests that signin frame should have 'saml' class and 'cancel' button is |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 552 // Types |bob@example.com| into the GAIA login form but then authenticates as | 529 // Types |bob@example.com| into the GAIA login form but then authenticates as |
| 553 // |alice@example.com| via SAML. Verifies that the logged-in user is correctly | 530 // |alice@example.com| via SAML. Verifies that the logged-in user is correctly |
| 554 // identified as Alice. | 531 // identified as Alice. |
| 555 IN_PROC_BROWSER_TEST_F(SamlTest, UseAutenticatedUserEmailAddress) { | 532 IN_PROC_BROWSER_TEST_F(SamlTest, UseAutenticatedUserEmailAddress) { |
| 556 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); | 533 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); |
| 557 // Type |bob@example.com| into the GAIA login form. | 534 // Type |bob@example.com| into the GAIA login form. |
| 558 StartSamlAndWaitForIdpPageLoad(kSecondSAMLUserEmail); | 535 StartSamlAndWaitForIdpPageLoad(kSecondSAMLUserEmail); |
| 559 | 536 |
| 560 // Authenticate as alice@example.com via SAML (the |Email| provided here is | 537 // Authenticate as alice@example.com via SAML (the |Email| provided here is |
| 561 // irrelevant - the authenticated user's e-mail address that FakeGAIA | 538 // irrelevant - the authenticated user's e-mail address that FakeGAIA |
| 562 // reports was set via SetMergeSessionParams()). | 539 // reports was set via |SetFakeMergeSessionParamsForEmail|. |
| 563 SetSignFormField("Email", "fake_user"); | 540 SetSignFormField("Email", "fake_user"); |
| 564 SetSignFormField("Password", "fake_password"); | 541 SetSignFormField("Password", "fake_password"); |
| 565 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); | 542 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); |
| 566 | 543 |
| 567 OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); | 544 OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); |
| 568 | 545 |
| 569 SendConfirmPassword("fake_password"); | 546 SendConfirmPassword("fake_password"); |
| 570 content::WindowedNotificationObserver( | 547 content::WindowedNotificationObserver( |
| 571 chrome::NOTIFICATION_SESSION_STARTED, | 548 chrome::NOTIFICATION_SESSION_STARTED, |
| 572 content::NotificationService::AllSources()).Wait(); | 549 content::NotificationService::AllSources()).Wait(); |
| 573 const user_manager::User* user = UserManager::Get()->GetActiveUser(); | 550 const user_manager::User* user = UserManager::Get()->GetActiveUser(); |
| 574 ASSERT_TRUE(user); | 551 ASSERT_TRUE(user); |
| 575 EXPECT_EQ(kFirstSAMLUserEmail, user->email()); | 552 EXPECT_EQ(kFirstSAMLUserEmail, user->email()); |
| 576 } | 553 } |
| 577 | 554 |
| 578 // Verifies that if the authenticated user's e-mail address cannot be retrieved, | 555 // Verifies that if the authenticated user's e-mail address cannot be retrieved, |
| 579 // an error message is shown. | 556 // an error message is shown. |
| 580 IN_PROC_BROWSER_TEST_F(SamlTest, FailToRetrieveAutenticatedUserEmailAddress) { | 557 IN_PROC_BROWSER_TEST_F(SamlTest, FailToRetrieveAutenticatedUserEmailAddress) { |
| 581 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); | 558 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); |
| 582 StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail); | 559 StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail); |
| 583 | 560 |
| 584 SetMergeSessionParams(""); | 561 fake_gaia_.SetFakeMergeSessionParamsForEmail(""); |
| 585 SetSignFormField("Email", "fake_user"); | 562 SetSignFormField("Email", "fake_user"); |
| 586 SetSignFormField("Password", "fake_password"); | 563 SetSignFormField("Password", "fake_password"); |
| 587 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); | 564 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); |
| 588 | 565 |
| 589 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_NO_EMAIL), | 566 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_NO_EMAIL), |
| 590 WaitForAndGetFatalErrorMessage()); | 567 WaitForAndGetFatalErrorMessage()); |
| 591 } | 568 } |
| 592 | 569 |
| 593 // Tests the password confirm flow: show error on the first failure and | 570 // Tests the password confirm flow: show error on the first failure and |
| 594 // fatal error on the second failure. | 571 // fatal error on the second failure. |
| (...skipping 343 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 938 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); | 915 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); |
| 939 ShowGAIALoginForm(); | 916 ShowGAIALoginForm(); |
| 940 | 917 |
| 941 EnableTransferSAMLCookiesPolicy(); | 918 EnableTransferSAMLCookiesPolicy(); |
| 942 | 919 |
| 943 LogInWithSAML(kDifferentDomainSAMLUserEmail); | 920 LogInWithSAML(kDifferentDomainSAMLUserEmail); |
| 944 VerifySAMLIdPCookieValue(kSAMLIdPCookieValue1); | 921 VerifySAMLIdPCookieValue(kSAMLIdPCookieValue1); |
| 945 } | 922 } |
| 946 | 923 |
| 947 } // namespace chromeos | 924 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 418043002:
Add test for showing confirmation dialog for unsecure signin (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src