| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/bind_helpers.h" | 6 #include "base/bind_helpers.h" |
| 7 #include "base/callback.h" | 7 #include "base/callback.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/file_util.h" | 9 #include "base/file_util.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 84 | 84 |
| 85 namespace { | 85 namespace { |
| 86 | 86 |
| 87 const char kGAIASIDCookieName[] = "SID"; | 87 const char kGAIASIDCookieName[] = "SID"; |
| 88 const char kGAIALSIDCookieName[] = "LSID"; | 88 const char kGAIALSIDCookieName[] = "LSID"; |
| 89 | 89 |
| 90 const char kTestAuthSIDCookie1[] = "fake-auth-SID-cookie-1"; | 90 const char kTestAuthSIDCookie1[] = "fake-auth-SID-cookie-1"; |
| 91 const char kTestAuthSIDCookie2[] = "fake-auth-SID-cookie-2"; | 91 const char kTestAuthSIDCookie2[] = "fake-auth-SID-cookie-2"; |
| 92 const char kTestAuthLSIDCookie1[] = "fake-auth-LSID-cookie-1"; | 92 const char kTestAuthLSIDCookie1[] = "fake-auth-LSID-cookie-1"; |
| 93 const char kTestAuthLSIDCookie2[] = "fake-auth-LSID-cookie-2"; | 93 const char kTestAuthLSIDCookie2[] = "fake-auth-LSID-cookie-2"; |
| 94 const char kTestAuthCode[] = "fake-auth-code"; | |
| 95 const char kTestGaiaUberToken[] = "fake-uber-token"; | |
| 96 const char kTestAuthLoginAccessToken[] = "fake-access-token"; | |
| 97 const char kTestRefreshToken[] = "fake-refresh-token"; | |
| 98 const char kTestSessionSIDCookie[] = "fake-session-SID-cookie"; | |
| 99 const char kTestSessionLSIDCookie[] = "fake-session-LSID-cookie"; | |
| 100 | 94 |
| 101 const char kFirstSAMLUserEmail[] = "bob@example.com"; | 95 const char kFirstSAMLUserEmail[] = "bob@example.com"; |
| 102 const char kSecondSAMLUserEmail[] = "alice@example.com"; | 96 const char kSecondSAMLUserEmail[] = "alice@example.com"; |
| 103 const char kHTTPSAMLUserEmail[] = "carol@example.com"; | 97 const char kHTTPSAMLUserEmail[] = "carol@example.com"; |
| 104 const char kNonSAMLUserEmail[] = "dan@example.com"; | 98 const char kNonSAMLUserEmail[] = "dan@example.com"; |
| 105 const char kDifferentDomainSAMLUserEmail[] = "eve@example.test"; | 99 const char kDifferentDomainSAMLUserEmail[] = "eve@example.test"; |
| 106 | 100 |
| 107 const char kSAMLIdPCookieName[] = "saml"; | 101 const char kSAMLIdPCookieName[] = "saml"; |
| 108 const char kSAMLIdPCookieValue1[] = "value-1"; | 102 const char kSAMLIdPCookieValue1[] = "value-1"; |
| 109 const char kSAMLIdPCookieValue2[] = "value-2"; | 103 const char kSAMLIdPCookieValue2[] = "value-2"; |
| (...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 296 fake_gaia_.RegisterSamlUser(kSecondSAMLUserEmail, saml_idp_url); | 290 fake_gaia_.RegisterSamlUser(kSecondSAMLUserEmail, saml_idp_url); |
| 297 fake_gaia_.RegisterSamlUser( | 291 fake_gaia_.RegisterSamlUser( |
| 298 kHTTPSAMLUserEmail, | 292 kHTTPSAMLUserEmail, |
| 299 embedded_test_server()->base_url().Resolve("/SAML")); | 293 embedded_test_server()->base_url().Resolve("/SAML")); |
| 300 fake_gaia_.RegisterSamlUser(kDifferentDomainSAMLUserEmail, saml_idp_url); | 294 fake_gaia_.RegisterSamlUser(kDifferentDomainSAMLUserEmail, saml_idp_url); |
| 301 | 295 |
| 302 fake_gaia_.Initialize(); | 296 fake_gaia_.Initialize(); |
| 303 } | 297 } |
| 304 | 298 |
| 305 virtual void SetUpOnMainThread() OVERRIDE { | 299 virtual void SetUpOnMainThread() OVERRIDE { |
| 306 SetMergeSessionParams(kFirstSAMLUserEmail, | 300 fake_gaia_.SetFakeMergeSessionParams(kFirstSAMLUserEmail, |
| 307 kTestAuthSIDCookie1, | 301 kTestAuthSIDCookie1, |
| 308 kTestAuthLSIDCookie1); | 302 kTestAuthLSIDCookie1); |
| 309 | 303 |
| 310 embedded_test_server()->RegisterRequestHandler( | 304 embedded_test_server()->RegisterRequestHandler( |
| 311 base::Bind(&FakeGaia::HandleRequest, base::Unretained(&fake_gaia_))); | 305 base::Bind(&FakeGaia::HandleRequest, base::Unretained(&fake_gaia_))); |
| 312 embedded_test_server()->RegisterRequestHandler(base::Bind( | 306 embedded_test_server()->RegisterRequestHandler(base::Bind( |
| 313 &FakeSamlIdp::HandleRequest, base::Unretained(&fake_saml_idp_))); | 307 &FakeSamlIdp::HandleRequest, base::Unretained(&fake_saml_idp_))); |
| 314 | 308 |
| 315 // Restart the thread as the sandbox host process has already been spawned. | 309 // Restart the thread as the sandbox host process has already been spawned. |
| 316 embedded_test_server()->RestartThreadAndListen(); | 310 embedded_test_server()->RestartThreadAndListen(); |
| 317 | 311 |
| 318 login_screen_load_observer_.reset(new content::WindowedNotificationObserver( | 312 login_screen_load_observer_.reset(new content::WindowedNotificationObserver( |
| 319 chrome::NOTIFICATION_LOGIN_OR_LOCK_WEBUI_VISIBLE, | 313 chrome::NOTIFICATION_LOGIN_OR_LOCK_WEBUI_VISIBLE, |
| 320 content::NotificationService::AllSources())); | 314 content::NotificationService::AllSources())); |
| 321 } | 315 } |
| 322 | 316 |
| 323 virtual void TearDownOnMainThread() OVERRIDE { | 317 virtual void TearDownOnMainThread() OVERRIDE { |
| 324 // If the login display is still showing, exit gracefully. | 318 // If the login display is still showing, exit gracefully. |
| 325 if (LoginDisplayHostImpl::default_host()) { | 319 if (LoginDisplayHostImpl::default_host()) { |
| 326 base::MessageLoop::current()->PostTask(FROM_HERE, | 320 base::MessageLoop::current()->PostTask(FROM_HERE, |
| 327 base::Bind(&chrome::AttemptExit)); | 321 base::Bind(&chrome::AttemptExit)); |
| 328 content::RunMessageLoop(); | 322 content::RunMessageLoop(); |
| 329 } | 323 } |
| 330 } | 324 } |
| 331 | 325 |
| 332 void SetMergeSessionParams(const std::string& email, | |
| 333 const std::string& auth_sid_cookie, | |
| 334 const std::string& auth_lsid_cookie) { | |
| 335 FakeGaia::MergeSessionParams params; | |
| 336 params.auth_sid_cookie = auth_sid_cookie; | |
| 337 params.auth_lsid_cookie = auth_lsid_cookie; | |
| 338 params.auth_code = kTestAuthCode; | |
| 339 params.refresh_token = kTestRefreshToken; | |
| 340 params.access_token = kTestAuthLoginAccessToken; | |
| 341 params.gaia_uber_token = kTestGaiaUberToken; | |
| 342 params.session_sid_cookie = kTestSessionSIDCookie; | |
| 343 params.session_lsid_cookie = kTestSessionLSIDCookie; | |
| 344 params.email = email; | |
| 345 fake_gaia_.SetMergeSessionParams(params); | |
| 346 } | |
| 347 | |
| 348 WebUILoginDisplay* GetLoginDisplay() { | 326 WebUILoginDisplay* GetLoginDisplay() { |
| 349 ExistingUserController* controller = | 327 ExistingUserController* controller = |
| 350 ExistingUserController::current_controller(); | 328 ExistingUserController::current_controller(); |
| 351 CHECK(controller); | 329 CHECK(controller); |
| 352 return static_cast<WebUILoginDisplay*>(controller->login_display()); | 330 return static_cast<WebUILoginDisplay*>(controller->login_display()); |
| 353 } | 331 } |
| 354 | 332 |
| 355 void WaitForSigninScreen() { | 333 void WaitForSigninScreen() { |
| 356 WizardController* wizard_controller = | 334 WizardController* wizard_controller = |
| 357 WizardController::default_controller(); | 335 WizardController::default_controller(); |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 439 void ExecuteJsInSigninFrame(const std::string& js) { | 417 void ExecuteJsInSigninFrame(const std::string& js) { |
| 440 content::RenderFrameHost* frame = InlineLoginUI::GetAuthIframe( | 418 content::RenderFrameHost* frame = InlineLoginUI::GetAuthIframe( |
| 441 GetLoginUI()->GetWebContents(), GURL(), "signin-frame"); | 419 GetLoginUI()->GetWebContents(), GURL(), "signin-frame"); |
| 442 ASSERT_TRUE(content::ExecuteScript(frame, js)); | 420 ASSERT_TRUE(content::ExecuteScript(frame, js)); |
| 443 } | 421 } |
| 444 | 422 |
| 445 FakeSamlIdp* fake_saml_idp() { return &fake_saml_idp_; } | 423 FakeSamlIdp* fake_saml_idp() { return &fake_saml_idp_; } |
| 446 | 424 |
| 447 protected: | 425 protected: |
| 448 scoped_ptr<content::WindowedNotificationObserver> login_screen_load_observer_; | 426 scoped_ptr<content::WindowedNotificationObserver> login_screen_load_observer_; |
| 427 FakeGaia fake_gaia_; |
| 449 | 428 |
| 450 private: | 429 private: |
| 451 FakeGaia fake_gaia_; | |
| 452 FakeSamlIdp fake_saml_idp_; | 430 FakeSamlIdp fake_saml_idp_; |
| 453 scoped_ptr<HTTPSForwarder> gaia_https_forwarder_; | 431 scoped_ptr<HTTPSForwarder> gaia_https_forwarder_; |
| 454 scoped_ptr<HTTPSForwarder> saml_https_forwarder_; | 432 scoped_ptr<HTTPSForwarder> saml_https_forwarder_; |
| 455 | 433 |
| 456 bool saml_load_injected_; | 434 bool saml_load_injected_; |
| 457 | 435 |
| 458 DISALLOW_COPY_AND_ASSIGN(SamlTest); | 436 DISALLOW_COPY_AND_ASSIGN(SamlTest); |
| 459 }; | 437 }; |
| 460 | 438 |
| 461 // Tests that signin frame should have 'saml' class and 'cancel' button is | 439 // Tests that signin frame should have 'saml' class and 'cancel' button is |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 562 // Types |bob@example.com| into the GAIA login form but then authenticates as | 540 // Types |bob@example.com| into the GAIA login form but then authenticates as |
| 563 // |alice@example.com| via SAML. Verifies that the logged-in user is correctly | 541 // |alice@example.com| via SAML. Verifies that the logged-in user is correctly |
| 564 // identified as Alice. | 542 // identified as Alice. |
| 565 IN_PROC_BROWSER_TEST_F(SamlTest, UseAutenticatedUserEmailAddress) { | 543 IN_PROC_BROWSER_TEST_F(SamlTest, UseAutenticatedUserEmailAddress) { |
| 566 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); | 544 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); |
| 567 // Type |bob@example.com| into the GAIA login form. | 545 // Type |bob@example.com| into the GAIA login form. |
| 568 StartSamlAndWaitForIdpPageLoad(kSecondSAMLUserEmail); | 546 StartSamlAndWaitForIdpPageLoad(kSecondSAMLUserEmail); |
| 569 | 547 |
| 570 // Authenticate as alice@example.com via SAML (the |Email| provided here is | 548 // Authenticate as alice@example.com via SAML (the |Email| provided here is |
| 571 // irrelevant - the authenticated user's e-mail address that FakeGAIA | 549 // irrelevant - the authenticated user's e-mail address that FakeGAIA |
| 572 // reports was set via SetMergeSessionParams()). | 550 // reports was set via |SetFakeMergeSessionParams|. |
| 573 SetSignFormField("Email", "fake_user"); | 551 SetSignFormField("Email", "fake_user"); |
| 574 SetSignFormField("Password", "fake_password"); | 552 SetSignFormField("Password", "fake_password"); |
| 575 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); | 553 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); |
| 576 | 554 |
| 577 OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); | 555 OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); |
| 578 | 556 |
| 579 SendConfirmPassword("fake_password"); | 557 SendConfirmPassword("fake_password"); |
| 580 content::WindowedNotificationObserver( | 558 content::WindowedNotificationObserver( |
| 581 chrome::NOTIFICATION_SESSION_STARTED, | 559 chrome::NOTIFICATION_SESSION_STARTED, |
| 582 content::NotificationService::AllSources()).Wait(); | 560 content::NotificationService::AllSources()).Wait(); |
| 583 const user_manager::User* user = UserManager::Get()->GetActiveUser(); | 561 const user_manager::User* user = UserManager::Get()->GetActiveUser(); |
| 584 ASSERT_TRUE(user); | 562 ASSERT_TRUE(user); |
| 585 EXPECT_EQ(kFirstSAMLUserEmail, user->email()); | 563 EXPECT_EQ(kFirstSAMLUserEmail, user->email()); |
| 586 } | 564 } |
| 587 | 565 |
| 588 // Verifies that if the authenticated user's e-mail address cannot be retrieved, | 566 // Verifies that if the authenticated user's e-mail address cannot be retrieved, |
| 589 // an error message is shown. | 567 // an error message is shown. |
| 590 IN_PROC_BROWSER_TEST_F(SamlTest, FailToRetrieveAutenticatedUserEmailAddress) { | 568 IN_PROC_BROWSER_TEST_F(SamlTest, FailToRetrieveAutenticatedUserEmailAddress) { |
| 591 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); | 569 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); |
| 592 StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail); | 570 StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail); |
| 593 | 571 |
| 594 SetMergeSessionParams("", kTestAuthSIDCookie1, kTestAuthLSIDCookie1); | 572 fake_gaia_.SetFakeMergeSessionParams( |
| 573 "",, kTestAuthSIDCookie1, kTestAuthLSIDCookie1); |
| 595 SetSignFormField("Email", "fake_user"); | 574 SetSignFormField("Email", "fake_user"); |
| 596 SetSignFormField("Password", "fake_password"); | 575 SetSignFormField("Password", "fake_password"); |
| 597 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); | 576 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); |
| 598 | 577 |
| 599 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_NO_EMAIL), | 578 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_NO_EMAIL), |
| 600 WaitForAndGetFatalErrorMessage()); | 579 WaitForAndGetFatalErrorMessage()); |
| 601 } | 580 } |
| 602 | 581 |
| 603 // Tests the password confirm flow: show error on the first failure and | 582 // Tests the password confirm flow: show error on the first failure and |
| 604 // fatal error on the second failure. | 583 // fatal error on the second failure. |
| (...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 787 ASSERT_TRUE(message_queue.WaitForMessage(&message)); | 766 ASSERT_TRUE(message_queue.WaitForMessage(&message)); |
| 788 EXPECT_EQ("\"ready\"", message); | 767 EXPECT_EQ("\"ready\"", message); |
| 789 } | 768 } |
| 790 | 769 |
| 791 void SAMLPolicyTest::LogInWithSAML(const std::string& user_id, | 770 void SAMLPolicyTest::LogInWithSAML(const std::string& user_id, |
| 792 const std::string& auth_sid_cookie, | 771 const std::string& auth_sid_cookie, |
| 793 const std::string& auth_lsid_cookie) { | 772 const std::string& auth_lsid_cookie) { |
| 794 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); | 773 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); |
| 795 StartSamlAndWaitForIdpPageLoad(user_id); | 774 StartSamlAndWaitForIdpPageLoad(user_id); |
| 796 | 775 |
| 797 SetMergeSessionParams(user_id, auth_sid_cookie, auth_lsid_cookie); | 776 fake_gaia_.SetFakeMergeSessionParams( |
| 777 user_id, auth_sid_cookie, auth_lsid_cookie); |
| 798 SetSignFormField("Email", "fake_user"); | 778 SetSignFormField("Email", "fake_user"); |
| 799 SetSignFormField("Password", "fake_password"); | 779 SetSignFormField("Password", "fake_password"); |
| 800 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); | 780 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); |
| 801 | 781 |
| 802 OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); | 782 OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); |
| 803 | 783 |
| 804 SendConfirmPassword("fake_password"); | 784 SendConfirmPassword("fake_password"); |
| 805 content::WindowedNotificationObserver( | 785 content::WindowedNotificationObserver( |
| 806 chrome::NOTIFICATION_SESSION_STARTED, | 786 chrome::NOTIFICATION_SESSION_STARTED, |
| 807 content::NotificationService::AllSources()).Wait(); | 787 content::NotificationService::AllSources()).Wait(); |
| (...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 976 kTestAuthSIDCookie1, | 956 kTestAuthSIDCookie1, |
| 977 kTestAuthLSIDCookie1); | 957 kTestAuthLSIDCookie1); |
| 978 | 958 |
| 979 GetCookies(); | 959 GetCookies(); |
| 980 EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName)); | 960 EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName)); |
| 981 EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName)); | 961 EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName)); |
| 982 EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName)); | 962 EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName)); |
| 983 } | 963 } |
| 984 | 964 |
| 985 } // namespace chromeos | 965 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 418043002:
Add test for showing confirmation dialog for unsecure signin (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src