| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/bind_helpers.h" | 6 #include "base/bind_helpers.h" |
| 7 #include "base/callback.h" | 7 #include "base/callback.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 10 #include "base/files/file_util.h" | 10 #include "base/files/file_util.h" |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 | 83 |
| 84 namespace { | 84 namespace { |
| 85 | 85 |
| 86 const char kGAIASIDCookieName[] = "SID"; | 86 const char kGAIASIDCookieName[] = "SID"; |
| 87 const char kGAIALSIDCookieName[] = "LSID"; | 87 const char kGAIALSIDCookieName[] = "LSID"; |
| 88 | 88 |
| 89 const char kTestAuthSIDCookie1[] = "fake-auth-SID-cookie-1"; | 89 const char kTestAuthSIDCookie1[] = "fake-auth-SID-cookie-1"; |
| 90 const char kTestAuthSIDCookie2[] = "fake-auth-SID-cookie-2"; | 90 const char kTestAuthSIDCookie2[] = "fake-auth-SID-cookie-2"; |
| 91 const char kTestAuthLSIDCookie1[] = "fake-auth-LSID-cookie-1"; | 91 const char kTestAuthLSIDCookie1[] = "fake-auth-LSID-cookie-1"; |
| 92 const char kTestAuthLSIDCookie2[] = "fake-auth-LSID-cookie-2"; | 92 const char kTestAuthLSIDCookie2[] = "fake-auth-LSID-cookie-2"; |
| 93 const char kTestAuthCode[] = "fake-auth-code"; | |
| 94 const char kTestGaiaUberToken[] = "fake-uber-token"; | |
| 95 const char kTestAuthLoginAccessToken[] = "fake-access-token"; | |
| 96 const char kTestRefreshToken[] = "fake-refresh-token"; | |
| 97 const char kTestSessionSIDCookie[] = "fake-session-SID-cookie"; | |
| 98 const char kTestSessionLSIDCookie[] = "fake-session-LSID-cookie"; | |
| 99 | 93 |
| 100 const char kFirstSAMLUserEmail[] = "bob@example.com"; | 94 const char kFirstSAMLUserEmail[] = "bob@example.com"; |
| 101 const char kSecondSAMLUserEmail[] = "alice@example.com"; | 95 const char kSecondSAMLUserEmail[] = "alice@example.com"; |
| 102 const char kHTTPSAMLUserEmail[] = "carol@example.com"; | 96 const char kHTTPSAMLUserEmail[] = "carol@example.com"; |
| 103 const char kNonSAMLUserEmail[] = "dan@example.com"; | 97 const char kNonSAMLUserEmail[] = "dan@example.com"; |
| 104 const char kDifferentDomainSAMLUserEmail[] = "eve@example.test"; | 98 const char kDifferentDomainSAMLUserEmail[] = "eve@example.test"; |
| 105 | 99 |
| 106 const char kSAMLIdPCookieName[] = "saml"; | 100 const char kSAMLIdPCookieName[] = "saml"; |
| 107 const char kSAMLIdPCookieValue1[] = "value-1"; | 101 const char kSAMLIdPCookieValue1[] = "value-1"; |
| 108 const char kSAMLIdPCookieValue2[] = "value-2"; | 102 const char kSAMLIdPCookieValue2[] = "value-2"; |
| (...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 295 fake_gaia_.RegisterSamlUser(kSecondSAMLUserEmail, saml_idp_url); | 289 fake_gaia_.RegisterSamlUser(kSecondSAMLUserEmail, saml_idp_url); |
| 296 fake_gaia_.RegisterSamlUser( | 290 fake_gaia_.RegisterSamlUser( |
| 297 kHTTPSAMLUserEmail, | 291 kHTTPSAMLUserEmail, |
| 298 embedded_test_server()->base_url().Resolve("/SAML")); | 292 embedded_test_server()->base_url().Resolve("/SAML")); |
| 299 fake_gaia_.RegisterSamlUser(kDifferentDomainSAMLUserEmail, saml_idp_url); | 293 fake_gaia_.RegisterSamlUser(kDifferentDomainSAMLUserEmail, saml_idp_url); |
| 300 | 294 |
| 301 fake_gaia_.Initialize(); | 295 fake_gaia_.Initialize(); |
| 302 } | 296 } |
| 303 | 297 |
| 304 virtual void SetUpOnMainThread() OVERRIDE { | 298 virtual void SetUpOnMainThread() OVERRIDE { |
| 305 SetMergeSessionParams(kFirstSAMLUserEmail, | 299 fake_gaia_.SetFakeMergeSessionParams(kFirstSAMLUserEmail, |
| 306 kTestAuthSIDCookie1, | 300 kTestAuthSIDCookie1, |
| 307 kTestAuthLSIDCookie1); | 301 kTestAuthLSIDCookie1); |
| 308 | 302 |
| 309 embedded_test_server()->RegisterRequestHandler( | 303 embedded_test_server()->RegisterRequestHandler( |
| 310 base::Bind(&FakeGaia::HandleRequest, base::Unretained(&fake_gaia_))); | 304 base::Bind(&FakeGaia::HandleRequest, base::Unretained(&fake_gaia_))); |
| 311 embedded_test_server()->RegisterRequestHandler(base::Bind( | 305 embedded_test_server()->RegisterRequestHandler(base::Bind( |
| 312 &FakeSamlIdp::HandleRequest, base::Unretained(&fake_saml_idp_))); | 306 &FakeSamlIdp::HandleRequest, base::Unretained(&fake_saml_idp_))); |
| 313 | 307 |
| 314 // Restart the thread as the sandbox host process has already been spawned. | 308 // Restart the thread as the sandbox host process has already been spawned. |
| 315 embedded_test_server()->RestartThreadAndListen(); | 309 embedded_test_server()->RestartThreadAndListen(); |
| 316 | 310 |
| 317 login_screen_load_observer_.reset(new content::WindowedNotificationObserver( | 311 login_screen_load_observer_.reset(new content::WindowedNotificationObserver( |
| 318 chrome::NOTIFICATION_LOGIN_OR_LOCK_WEBUI_VISIBLE, | 312 chrome::NOTIFICATION_LOGIN_OR_LOCK_WEBUI_VISIBLE, |
| 319 content::NotificationService::AllSources())); | 313 content::NotificationService::AllSources())); |
| 320 } | 314 } |
| 321 | 315 |
| 322 virtual void TearDownOnMainThread() OVERRIDE { | 316 virtual void TearDownOnMainThread() OVERRIDE { |
| 323 // If the login display is still showing, exit gracefully. | 317 // If the login display is still showing, exit gracefully. |
| 324 if (LoginDisplayHostImpl::default_host()) { | 318 if (LoginDisplayHostImpl::default_host()) { |
| 325 base::MessageLoop::current()->PostTask(FROM_HERE, | 319 base::MessageLoop::current()->PostTask(FROM_HERE, |
| 326 base::Bind(&chrome::AttemptExit)); | 320 base::Bind(&chrome::AttemptExit)); |
| 327 content::RunMessageLoop(); | 321 content::RunMessageLoop(); |
| 328 } | 322 } |
| 329 } | 323 } |
| 330 | 324 |
| 331 void SetMergeSessionParams(const std::string& email, | |
| 332 const std::string& auth_sid_cookie, | |
| 333 const std::string& auth_lsid_cookie) { | |
| 334 FakeGaia::MergeSessionParams params; | |
| 335 params.auth_sid_cookie = auth_sid_cookie; | |
| 336 params.auth_lsid_cookie = auth_lsid_cookie; | |
| 337 params.auth_code = kTestAuthCode; | |
| 338 params.refresh_token = kTestRefreshToken; | |
| 339 params.access_token = kTestAuthLoginAccessToken; | |
| 340 params.gaia_uber_token = kTestGaiaUberToken; | |
| 341 params.session_sid_cookie = kTestSessionSIDCookie; | |
| 342 params.session_lsid_cookie = kTestSessionLSIDCookie; | |
| 343 params.email = email; | |
| 344 fake_gaia_.SetMergeSessionParams(params); | |
| 345 } | |
| 346 | |
| 347 WebUILoginDisplay* GetLoginDisplay() { | 325 WebUILoginDisplay* GetLoginDisplay() { |
| 348 ExistingUserController* controller = | 326 ExistingUserController* controller = |
| 349 ExistingUserController::current_controller(); | 327 ExistingUserController::current_controller(); |
| 350 CHECK(controller); | 328 CHECK(controller); |
| 351 return static_cast<WebUILoginDisplay*>(controller->login_display()); | 329 return static_cast<WebUILoginDisplay*>(controller->login_display()); |
| 352 } | 330 } |
| 353 | 331 |
| 354 void WaitForSigninScreen() { | 332 void WaitForSigninScreen() { |
| 355 WizardController* wizard_controller = | 333 WizardController* wizard_controller = |
| 356 WizardController::default_controller(); | 334 WizardController::default_controller(); |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 438 void ExecuteJsInSigninFrame(const std::string& js) { | 416 void ExecuteJsInSigninFrame(const std::string& js) { |
| 439 content::RenderFrameHost* frame = InlineLoginUI::GetAuthIframe( | 417 content::RenderFrameHost* frame = InlineLoginUI::GetAuthIframe( |
| 440 GetLoginUI()->GetWebContents(), GURL(), "signin-frame"); | 418 GetLoginUI()->GetWebContents(), GURL(), "signin-frame"); |
| 441 ASSERT_TRUE(content::ExecuteScript(frame, js)); | 419 ASSERT_TRUE(content::ExecuteScript(frame, js)); |
| 442 } | 420 } |
| 443 | 421 |
| 444 FakeSamlIdp* fake_saml_idp() { return &fake_saml_idp_; } | 422 FakeSamlIdp* fake_saml_idp() { return &fake_saml_idp_; } |
| 445 | 423 |
| 446 protected: | 424 protected: |
| 447 scoped_ptr<content::WindowedNotificationObserver> login_screen_load_observer_; | 425 scoped_ptr<content::WindowedNotificationObserver> login_screen_load_observer_; |
| 426 FakeGaia fake_gaia_; |
| 448 | 427 |
| 449 private: | 428 private: |
| 450 FakeGaia fake_gaia_; | |
| 451 FakeSamlIdp fake_saml_idp_; | 429 FakeSamlIdp fake_saml_idp_; |
| 452 scoped_ptr<HTTPSForwarder> gaia_https_forwarder_; | 430 scoped_ptr<HTTPSForwarder> gaia_https_forwarder_; |
| 453 scoped_ptr<HTTPSForwarder> saml_https_forwarder_; | 431 scoped_ptr<HTTPSForwarder> saml_https_forwarder_; |
| 454 | 432 |
| 455 bool saml_load_injected_; | 433 bool saml_load_injected_; |
| 456 | 434 |
| 457 DISALLOW_COPY_AND_ASSIGN(SamlTest); | 435 DISALLOW_COPY_AND_ASSIGN(SamlTest); |
| 458 }; | 436 }; |
| 459 | 437 |
| 460 // Tests that signin frame should have 'saml' class and 'cancel' button is | 438 // Tests that signin frame should have 'saml' class and 'cancel' button is |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 561 // Types |bob@example.com| into the GAIA login form but then authenticates as | 539 // Types |bob@example.com| into the GAIA login form but then authenticates as |
| 562 // |alice@example.com| via SAML. Verifies that the logged-in user is correctly | 540 // |alice@example.com| via SAML. Verifies that the logged-in user is correctly |
| 563 // identified as Alice. | 541 // identified as Alice. |
| 564 IN_PROC_BROWSER_TEST_F(SamlTest, UseAutenticatedUserEmailAddress) { | 542 IN_PROC_BROWSER_TEST_F(SamlTest, UseAutenticatedUserEmailAddress) { |
| 565 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); | 543 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); |
| 566 // Type |bob@example.com| into the GAIA login form. | 544 // Type |bob@example.com| into the GAIA login form. |
| 567 StartSamlAndWaitForIdpPageLoad(kSecondSAMLUserEmail); | 545 StartSamlAndWaitForIdpPageLoad(kSecondSAMLUserEmail); |
| 568 | 546 |
| 569 // Authenticate as alice@example.com via SAML (the |Email| provided here is | 547 // Authenticate as alice@example.com via SAML (the |Email| provided here is |
| 570 // irrelevant - the authenticated user's e-mail address that FakeGAIA | 548 // irrelevant - the authenticated user's e-mail address that FakeGAIA |
| 571 // reports was set via SetMergeSessionParams()). | 549 // reports was set via |SetFakeMergeSessionParams|. |
| 572 SetSignFormField("Email", "fake_user"); | 550 SetSignFormField("Email", "fake_user"); |
| 573 SetSignFormField("Password", "fake_password"); | 551 SetSignFormField("Password", "fake_password"); |
| 574 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); | 552 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); |
| 575 | 553 |
| 576 OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); | 554 OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); |
| 577 | 555 |
| 578 SendConfirmPassword("fake_password"); | 556 SendConfirmPassword("fake_password"); |
| 579 content::WindowedNotificationObserver( | 557 content::WindowedNotificationObserver( |
| 580 chrome::NOTIFICATION_SESSION_STARTED, | 558 chrome::NOTIFICATION_SESSION_STARTED, |
| 581 content::NotificationService::AllSources()).Wait(); | 559 content::NotificationService::AllSources()).Wait(); |
| 582 const user_manager::User* user = | 560 const user_manager::User* user = |
| 583 user_manager::UserManager::Get()->GetActiveUser(); | 561 user_manager::UserManager::Get()->GetActiveUser(); |
| 584 ASSERT_TRUE(user); | 562 ASSERT_TRUE(user); |
| 585 EXPECT_EQ(kFirstSAMLUserEmail, user->email()); | 563 EXPECT_EQ(kFirstSAMLUserEmail, user->email()); |
| 586 } | 564 } |
| 587 | 565 |
| 588 // Verifies that if the authenticated user's e-mail address cannot be retrieved, | 566 // Verifies that if the authenticated user's e-mail address cannot be retrieved, |
| 589 // an error message is shown. | 567 // an error message is shown. |
| 590 IN_PROC_BROWSER_TEST_F(SamlTest, FailToRetrieveAutenticatedUserEmailAddress) { | 568 IN_PROC_BROWSER_TEST_F(SamlTest, FailToRetrieveAutenticatedUserEmailAddress) { |
| 591 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); | 569 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); |
| 592 StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail); | 570 StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail); |
| 593 | 571 |
| 594 SetMergeSessionParams("", kTestAuthSIDCookie1, kTestAuthLSIDCookie1); | 572 fake_gaia_.SetFakeMergeSessionParams( |
| 573 "", kTestAuthSIDCookie1, kTestAuthLSIDCookie1); |
| 595 SetSignFormField("Email", "fake_user"); | 574 SetSignFormField("Email", "fake_user"); |
| 596 SetSignFormField("Password", "fake_password"); | 575 SetSignFormField("Password", "fake_password"); |
| 597 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); | 576 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); |
| 598 | 577 |
| 599 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_NO_EMAIL), | 578 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_NO_EMAIL), |
| 600 WaitForAndGetFatalErrorMessage()); | 579 WaitForAndGetFatalErrorMessage()); |
| 601 } | 580 } |
| 602 | 581 |
| 603 // Tests the password confirm flow: show error on the first failure and | 582 // Tests the password confirm flow: show error on the first failure and |
| 604 // fatal error on the second failure. | 583 // fatal error on the second failure. |
| (...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 784 ASSERT_TRUE(message_queue.WaitForMessage(&message)); | 763 ASSERT_TRUE(message_queue.WaitForMessage(&message)); |
| 785 EXPECT_EQ("\"ready\"", message); | 764 EXPECT_EQ("\"ready\"", message); |
| 786 } | 765 } |
| 787 | 766 |
| 788 void SAMLPolicyTest::LogInWithSAML(const std::string& user_id, | 767 void SAMLPolicyTest::LogInWithSAML(const std::string& user_id, |
| 789 const std::string& auth_sid_cookie, | 768 const std::string& auth_sid_cookie, |
| 790 const std::string& auth_lsid_cookie) { | 769 const std::string& auth_lsid_cookie) { |
| 791 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); | 770 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); |
| 792 StartSamlAndWaitForIdpPageLoad(user_id); | 771 StartSamlAndWaitForIdpPageLoad(user_id); |
| 793 | 772 |
| 794 SetMergeSessionParams(user_id, auth_sid_cookie, auth_lsid_cookie); | 773 fake_gaia_.SetFakeMergeSessionParams( |
| 774 user_id, auth_sid_cookie, auth_lsid_cookie); |
| 795 SetSignFormField("Email", "fake_user"); | 775 SetSignFormField("Email", "fake_user"); |
| 796 SetSignFormField("Password", "fake_password"); | 776 SetSignFormField("Password", "fake_password"); |
| 797 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); | 777 ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); |
| 798 | 778 |
| 799 OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); | 779 OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); |
| 800 | 780 |
| 801 SendConfirmPassword("fake_password"); | 781 SendConfirmPassword("fake_password"); |
| 802 content::WindowedNotificationObserver( | 782 content::WindowedNotificationObserver( |
| 803 chrome::NOTIFICATION_SESSION_STARTED, | 783 chrome::NOTIFICATION_SESSION_STARTED, |
| 804 content::NotificationService::AllSources()).Wait(); | 784 content::NotificationService::AllSources()).Wait(); |
| (...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 973 kTestAuthSIDCookie1, | 953 kTestAuthSIDCookie1, |
| 974 kTestAuthLSIDCookie1); | 954 kTestAuthLSIDCookie1); |
| 975 | 955 |
| 976 GetCookies(); | 956 GetCookies(); |
| 977 EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName)); | 957 EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName)); |
| 978 EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName)); | 958 EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName)); |
| 979 EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName)); | 959 EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName)); |
| 980 } | 960 } |
| 981 | 961 |
| 982 } // namespace chromeos | 962 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 418043002:
Add test for showing confirmation dialog for unsecure signin (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src