Add test for showing confirmation dialog for unsecure signin

chrome/browser/chromeos/login/saml/saml_browsertest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/command_line.h"
 #include "base/file_util.h"
 #include "base/files/file_path.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/path_service.h"
 #include "base/run_loop.h"
@@ skipping 39 matching lines @@
 using net::test_server::BasicHttpResponse;
 using net::test_server::HttpRequest;
 using net::test_server::HttpResponse;
 using testing::_;
 using testing::Return;
 
 namespace chromeos {
 
 namespace {
 
-const char kTestAuthSIDCookie[] = "fake-auth-SID-cookie";
-const char kTestAuthLSIDCookie[] = "fake-auth-LSID-cookie";
-const char kTestAuthCode[] = "fake-auth-code";
-const char kTestGaiaUberToken[] = "fake-uber-token";
-const char kTestAuthLoginAccessToken[] = "fake-access-token";
-const char kTestRefreshToken[] = "fake-refresh-token";
-const char kTestSessionSIDCookie[] = "fake-session-SID-cookie";
-const char kTestSessionLSIDCookie[] = "fake-session-LSID-cookie";
-
 const char kFirstSAMLUserEmail[] = "bob@example.com";
 const char kSecondSAMLUserEmail[] = "alice@example.com";
 const char kHTTPSAMLUserEmail[] = "carol@example.com";
 const char kNonSAMLUserEmail[] = "dan@example.com";
 
 const char kRelayState[] = "RelayState";
 
 // FakeSamlIdp serves IdP auth form and the form submission. The form is
 // served with the template's RelayState placeholder expanded to the real
 // RelayState parameter from request. The form submission redirects back to
@@ skipping 170 matching lines @@
     fake_gaia_.RegisterSamlUser(kFirstSAMLUserEmail, saml_idp_url);
     fake_gaia_.RegisterSamlUser(kSecondSAMLUserEmail, saml_idp_url);
     fake_gaia_.RegisterSamlUser(
         kHTTPSAMLUserEmail,
         embedded_test_server()->base_url().Resolve("/SAML"));
 
     fake_gaia_.Initialize();
   }
 
   virtual void SetUpOnMainThread() OVERRIDE {
-    SetMergeSessionParams(kFirstSAMLUserEmail);
+    fake_gaia_.SetFakeMergeSessionParamsForEmail(kFirstSAMLUserEmail);
 
     embedded_test_server()->RegisterRequestHandler(
         base::Bind(&FakeGaia::HandleRequest, base::Unretained(&fake_gaia_)));
     embedded_test_server()->RegisterRequestHandler(base::Bind(
         &FakeSamlIdp::HandleRequest, base::Unretained(&fake_saml_idp_)));
 
     // Restart the thread as the sandbox host process has already been spawned.
     embedded_test_server()->RestartThreadAndListen();
 
     login_screen_load_observer_.reset(new content::WindowedNotificationObserver(
         chrome::NOTIFICATION_LOGIN_OR_LOCK_WEBUI_VISIBLE,
         content::NotificationService::AllSources()));
   }
 
   virtual void CleanUpOnMainThread() OVERRIDE {
     // If the login display is still showing, exit gracefully.
     if (LoginDisplayHostImpl::default_host()) {
       base::MessageLoop::current()->PostTask(FROM_HERE,
                                              base::Bind(&chrome::AttemptExit));
       content::RunMessageLoop();
     }
   }
 
-  void SetMergeSessionParams(const std::string& email) {
-    FakeGaia::MergeSessionParams params;
-    params.auth_sid_cookie = kTestAuthSIDCookie;
-    params.auth_lsid_cookie = kTestAuthLSIDCookie;
-    params.auth_code = kTestAuthCode;
-    params.refresh_token = kTestRefreshToken;
-    params.access_token = kTestAuthLoginAccessToken;
-    params.gaia_uber_token = kTestGaiaUberToken;
-    params.session_sid_cookie = kTestSessionSIDCookie;
-    params.session_lsid_cookie = kTestSessionLSIDCookie;
-    params.email = email;
-    fake_gaia_.SetMergeSessionParams(params);
-  }
-
   WebUILoginDisplay* GetLoginDisplay() {
     ExistingUserController* controller =
         ExistingUserController::current_controller();
     CHECK(controller);
     return static_cast<WebUILoginDisplay*>(controller->login_display());
   }
 
   void WaitForSigninScreen() {
     WizardController::SkipPostLoginScreensForTesting();
     WizardController* wizard_controller =
@@ skipping 80 matching lines @@
   void ExecuteJsInSigninFrame(const std::string& js) {
     content::RenderFrameHost* frame = InlineLoginUI::GetAuthIframe(
         GetLoginUI()->GetWebContents(), GURL(), "signin-frame");
     ASSERT_TRUE(content::ExecuteScript(frame, js));
   }
 
   FakeSamlIdp* fake_saml_idp() { return &fake_saml_idp_; }
 
  protected:
   scoped_ptr<content::WindowedNotificationObserver> login_screen_load_observer_;
+  FakeGaia fake_gaia_;
 
  private:
-  FakeGaia fake_gaia_;
   FakeSamlIdp fake_saml_idp_;
   scoped_ptr<HTTPSForwarder> gaia_https_forwarder_;
   scoped_ptr<HTTPSForwarder> saml_https_forwarder_;
 
   bool saml_load_injected_;
 
   DISALLOW_COPY_AND_ASSIGN(SamlTest);
 };
 
 // Tests that signin frame should have 'saml' class and 'cancel' button is
@@ skipping 100 matching lines @@
 // Types |bob@example.com| into the GAIA login form but then authenticates as
 // |alice@example.com| via SAML. Verifies that the logged-in user is correctly
 // identified as Alice.
 IN_PROC_BROWSER_TEST_F(SamlTest, UseAutenticatedUserEmailAddress) {
   fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");
   // Type |bob@example.com| into the GAIA login form.
   StartSamlAndWaitForIdpPageLoad(kSecondSAMLUserEmail);
 
   // Authenticate as alice@example.com via SAML (the |Email| provided here is
   // irrelevant - the authenticated user's e-mail address that FakeGAIA
-  // reports was set via SetMergeSessionParams()).
+  // reports was set via |SetFakeMergeSessionParamsForEmail|.
   SetSignFormField("Email", "fake_user");
   SetSignFormField("Password", "fake_password");
   ExecuteJsInSigninFrame("document.getElementById('Submit').click();");
 
   OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait();
 
   SendConfirmPassword("fake_password");
   content::WindowedNotificationObserver(
       chrome::NOTIFICATION_SESSION_STARTED,
       content::NotificationService::AllSources()).Wait();
   const user_manager::User* user = UserManager::Get()->GetActiveUser();
   ASSERT_TRUE(user);
   EXPECT_EQ(kFirstSAMLUserEmail, user->email());
 }
 
 // Verifies that if the authenticated user's e-mail address cannot be retrieved,
 // an error message is shown.
 IN_PROC_BROWSER_TEST_F(SamlTest, FailToRetrieveAutenticatedUserEmailAddress) {
   fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");
   StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail);
 
-  SetMergeSessionParams("");
+  fake_gaia_.SetFakeMergeSessionParamsForEmail("");
   SetSignFormField("Email", "fake_user");
   SetSignFormField("Password", "fake_password");
   ExecuteJsInSigninFrame("document.getElementById('Submit').click();");
 
   EXPECT_EQ(l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_NO_EMAIL),
             WaitForAndGetFatalErrorMessage());
 }
 
 // Tests the password confirm flow: show error on the first failure and
 // fatal error on the second failure.
@@ skipping 183 matching lines @@
 // Verifies that when the offline login time limit is exceeded for a user who
 // authenticated via SAML, that user is forced to log in online the next time.
 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, SAMLZeroLimit) {
   login_screen_load_observer_->Wait();
   // Verify that offline login is not allowed.
   JsExpect("window.getComputedStyle(document.querySelector("
            "    '#pod-row .signin-button-container')).display != 'none'");
 }
 
 }  // namespace chromeos