| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/users/multi_profile_user_controller.h" | 5 #include "chrome/browser/chromeos/login/users/multi_profile_user_controller.h" |
| 6 | 6 |
| 7 #include "base/memory/scoped_ptr.h" | 7 #include "base/memory/scoped_ptr.h" |
| 8 #include "base/run_loop.h" | 8 #include "base/run_loop.h" |
| 9 #include "base/strings/utf_string_conversions.h" | 9 #include "base/strings/utf_string_conversions.h" |
| 10 #include "chrome/browser/chromeos/login/users/fake_user_manager.h" | 10 #include "chrome/browser/chromeos/login/users/fake_user_manager.h" |
| (...skipping 16 matching lines...) Expand all Loading... |
| 27 | 27 |
| 28 namespace chromeos { | 28 namespace chromeos { |
| 29 | 29 |
| 30 namespace { | 30 namespace { |
| 31 | 31 |
| 32 const char* kUsers[] = {"a@gmail.com", "b@gmail.com" }; | 32 const char* kUsers[] = {"a@gmail.com", "b@gmail.com" }; |
| 33 | 33 |
| 34 struct BehaviorTestCase { | 34 struct BehaviorTestCase { |
| 35 const char* primary; | 35 const char* primary; |
| 36 const char* secondary; | 36 const char* secondary; |
| 37 MultiProfileUserController::UserAllowedInSessionResult expected_allowed; | 37 MultiProfileUserController::UserAllowedInSessionReason expected_allowed; |
| 38 }; | 38 }; |
| 39 | 39 |
| 40 const BehaviorTestCase kBehaviorTestCases[] = { | 40 const BehaviorTestCase kBehaviorTestCases[] = { |
| 41 { | 41 { |
| 42 MultiProfileUserController::kBehaviorUnrestricted, | 42 MultiProfileUserController::kBehaviorUnrestricted, |
| 43 MultiProfileUserController::kBehaviorUnrestricted, | 43 MultiProfileUserController::kBehaviorUnrestricted, |
| 44 MultiProfileUserController::ALLOWED, | 44 MultiProfileUserController::ALLOWED, |
| 45 }, | 45 }, |
| 46 { | 46 { |
| 47 MultiProfileUserController::kBehaviorUnrestricted, | 47 MultiProfileUserController::kBehaviorUnrestricted, |
| (...skipping 157 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 205 | 205 |
| 206 // Tests that everyone is allowed before a session starts. | 206 // Tests that everyone is allowed before a session starts. |
| 207 TEST_F(MultiProfileUserControllerTest, AllAllowedBeforeLogin) { | 207 TEST_F(MultiProfileUserControllerTest, AllAllowedBeforeLogin) { |
| 208 const char* kTestCases[] = { | 208 const char* kTestCases[] = { |
| 209 MultiProfileUserController::kBehaviorUnrestricted, | 209 MultiProfileUserController::kBehaviorUnrestricted, |
| 210 MultiProfileUserController::kBehaviorPrimaryOnly, | 210 MultiProfileUserController::kBehaviorPrimaryOnly, |
| 211 MultiProfileUserController::kBehaviorNotAllowed, | 211 MultiProfileUserController::kBehaviorNotAllowed, |
| 212 }; | 212 }; |
| 213 for (size_t i = 0; i < arraysize(kTestCases); ++i) { | 213 for (size_t i = 0; i < arraysize(kTestCases); ++i) { |
| 214 SetCachedBehavior(0, kTestCases[i]); | 214 SetCachedBehavior(0, kTestCases[i]); |
| 215 EXPECT_EQ(MultiProfileUserController::ALLOWED, | 215 MultiProfileUserController::UserAllowedInSessionReason reason; |
| 216 controller()->IsUserAllowedInSession(kUsers[0])) | 216 EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[0], &reason)) |
| 217 << "Case " << i; | 217 << "Case " << i; |
| 218 EXPECT_EQ(MultiProfileUserController::ALLOWED, reason) << "Case " << i; |
| 218 } | 219 } |
| 219 } | 220 } |
| 220 | 221 |
| 221 // Tests that invalid cache value would become the default "unrestricted". | 222 // Tests that invalid cache value would become the default "unrestricted". |
| 222 TEST_F(MultiProfileUserControllerTest, InvalidCacheBecomesDefault) { | 223 TEST_F(MultiProfileUserControllerTest, InvalidCacheBecomesDefault) { |
| 223 const char kBad[] = "some invalid value"; | 224 const char kBad[] = "some invalid value"; |
| 224 SetCachedBehavior(0, kBad); | 225 SetCachedBehavior(0, kBad); |
| 225 EXPECT_EQ(MultiProfileUserController::kBehaviorUnrestricted, | 226 EXPECT_EQ(MultiProfileUserController::kBehaviorUnrestricted, |
| 226 GetCachedBehavior(0)); | 227 GetCachedBehavior(0)); |
| 227 } | 228 } |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 264 EXPECT_EQ(1, user_not_allowed_count()); | 265 EXPECT_EQ(1, user_not_allowed_count()); |
| 265 } | 266 } |
| 266 | 267 |
| 267 // Tests cases before the second user login. | 268 // Tests cases before the second user login. |
| 268 TEST_F(MultiProfileUserControllerTest, IsSecondaryAllowed) { | 269 TEST_F(MultiProfileUserControllerTest, IsSecondaryAllowed) { |
| 269 LoginUser(0); | 270 LoginUser(0); |
| 270 | 271 |
| 271 for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) { | 272 for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) { |
| 272 SetPrefBehavior(0, kBehaviorTestCases[i].primary); | 273 SetPrefBehavior(0, kBehaviorTestCases[i].primary); |
| 273 SetCachedBehavior(1, kBehaviorTestCases[i].secondary); | 274 SetCachedBehavior(1, kBehaviorTestCases[i].secondary); |
| 274 EXPECT_EQ(kBehaviorTestCases[i].expected_allowed, | 275 MultiProfileUserController::UserAllowedInSessionReason reason; |
| 275 controller()->IsUserAllowedInSession(kUsers[1])) << "Case " << i; | 276 controller()->IsUserAllowedInSession(kUsers[1], &reason); |
| 277 EXPECT_EQ(kBehaviorTestCases[i].expected_allowed, reason) << "Case " << i; |
| 276 } | 278 } |
| 277 } | 279 } |
| 278 | 280 |
| 279 // Tests user behavior changes within a two-user session. | 281 // Tests user behavior changes within a two-user session. |
| 280 TEST_F(MultiProfileUserControllerTest, PrimaryBehaviorChange) { | 282 TEST_F(MultiProfileUserControllerTest, PrimaryBehaviorChange) { |
| 281 LoginUser(0); | 283 LoginUser(0); |
| 282 LoginUser(1); | 284 LoginUser(1); |
| 283 | 285 |
| 284 for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) { | 286 for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) { |
| 285 SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted); | 287 SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted); |
| (...skipping 10 matching lines...) Expand all Loading... |
| 296 MultiProfileUserController::ALLOWED) << "Case " << i; | 298 MultiProfileUserController::ALLOWED) << "Case " << i; |
| 297 } | 299 } |
| 298 } | 300 } |
| 299 } | 301 } |
| 300 | 302 |
| 301 // Tests that owner could not be a secondary user. | 303 // Tests that owner could not be a secondary user. |
| 302 TEST_F(MultiProfileUserControllerTest, NoSecondaryOwner) { | 304 TEST_F(MultiProfileUserControllerTest, NoSecondaryOwner) { |
| 303 LoginUser(0); | 305 LoginUser(0); |
| 304 SetOwner(1); | 306 SetOwner(1); |
| 305 | 307 |
| 306 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_OWNER_AS_SECONDARY, | 308 MultiProfileUserController::UserAllowedInSessionReason reason; |
| 307 controller()->IsUserAllowedInSession(kUsers[1])); | 309 EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); |
| 308 EXPECT_EQ(MultiProfileUserController::kBehaviorOwnerPrimaryOnly, | 310 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_OWNER_AS_SECONDARY, reason); |
| 309 GetCachedBehavior(1)); | |
| 310 | 311 |
| 311 EXPECT_EQ(0, user_not_allowed_count()); | 312 EXPECT_EQ(0, user_not_allowed_count()); |
| 312 LoginUser(1); | 313 LoginUser(1); |
| 313 EXPECT_EQ(1, user_not_allowed_count()); | 314 EXPECT_EQ(1, user_not_allowed_count()); |
| 314 } | 315 } |
| 315 | 316 |
| 316 TEST_F(MultiProfileUserControllerTest, | 317 TEST_F(MultiProfileUserControllerTest, |
| 317 UsedPolicyCertificatesAllowedForPrimary) { | 318 UsedPolicyCertificatesAllowedForPrimary) { |
| 318 // Verifies that any user can sign-in as the primary user, regardless of the | 319 // Verifies that any user can sign-in as the primary user, regardless of the |
| 319 // tainted state. | 320 // tainted state. |
| 320 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]); | 321 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]); |
| 321 EXPECT_EQ(MultiProfileUserController::ALLOWED, | 322 MultiProfileUserController::UserAllowedInSessionReason reason; |
| 322 controller()->IsUserAllowedInSession(kUsers[0])); | 323 EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[0], &reason)); |
| 323 EXPECT_EQ(MultiProfileUserController::ALLOWED, | 324 EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); |
| 324 controller()->IsUserAllowedInSession(kUsers[1])); | 325 EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); |
| 326 EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); |
| 325 } | 327 } |
| 326 | 328 |
| 327 TEST_F(MultiProfileUserControllerTest, | 329 TEST_F(MultiProfileUserControllerTest, |
| 328 UsedPolicyCertificatesDisallowedForSecondary) { | 330 UsedPolicyCertificatesDisallowedForSecondary) { |
| 329 // Verifies that if a regular user is signed-in then other regular users can | 331 // Verifies that if a regular user is signed-in then other regular users can |
| 330 // be added but tainted users can't. | 332 // be added but tainted users can't. |
| 331 LoginUser(1); | 333 LoginUser(1); |
| 332 | 334 |
| 333 // TODO(xiyuan): Remove the following SetPrefBehavor when default is | 335 // TODO(xiyuan): Remove the following SetPrefBehavor when default is |
| 334 // changed back to enabled. | 336 // changed back to enabled. |
| 335 SetPrefBehavior(1, MultiProfileUserController::kBehaviorUnrestricted); | 337 SetPrefBehavior(1, MultiProfileUserController::kBehaviorUnrestricted); |
| 336 | 338 |
| 337 EXPECT_EQ(MultiProfileUserController::ALLOWED, | 339 MultiProfileUserController::UserAllowedInSessionReason reason; |
| 338 controller()->IsUserAllowedInSession(kUsers[0])); | 340 EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[0], &reason)); |
| 341 EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); |
| 342 |
| 339 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]); | 343 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]); |
| 344 EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[0], &reason)); |
| 340 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_POLICY_CERT_TAINTED, | 345 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_POLICY_CERT_TAINTED, |
| 341 controller()->IsUserAllowedInSession(kUsers[0])); | 346 reason); |
| 342 } | 347 } |
| 343 | 348 |
| 344 TEST_F(MultiProfileUserControllerTest, | 349 TEST_F(MultiProfileUserControllerTest, |
| 345 UsedPolicyCertificatesDisallowsSecondaries) { | 350 UsedPolicyCertificatesDisallowsSecondaries) { |
| 346 // Verifies that if a tainted user is signed-in then no other users can | 351 // Verifies that if a tainted user is signed-in then no other users can |
| 347 // be added. | 352 // be added. |
| 348 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]); | 353 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]); |
| 349 LoginUser(0); | 354 LoginUser(0); |
| 350 | 355 |
| 351 cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure())); | 356 cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure())); |
| 352 g_policy_cert_verifier_for_factory = cert_verifier_.get(); | 357 g_policy_cert_verifier_for_factory = cert_verifier_.get(); |
| 353 ASSERT_TRUE( | 358 ASSERT_TRUE( |
| 354 policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse( | 359 policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse( |
| 355 profile(0), TestPolicyCertServiceFactory)); | 360 profile(0), TestPolicyCertServiceFactory)); |
| 356 | 361 |
| 362 MultiProfileUserController::UserAllowedInSessionReason reason; |
| 363 EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); |
| 357 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, | 364 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, |
| 358 controller()->IsUserAllowedInSession(kUsers[1])); | 365 reason); |
| 359 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[1]); | 366 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[1]); |
| 367 EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); |
| 360 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_POLICY_CERT_TAINTED, | 368 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_POLICY_CERT_TAINTED, |
| 361 controller()->IsUserAllowedInSession(kUsers[1])); | 369 reason); |
| 362 | 370 |
| 363 // Flush tasks posted to IO. | 371 // Flush tasks posted to IO. |
| 364 base::RunLoop().RunUntilIdle(); | 372 base::RunLoop().RunUntilIdle(); |
| 365 } | 373 } |
| 366 | 374 |
| 367 TEST_F(MultiProfileUserControllerTest, | 375 TEST_F(MultiProfileUserControllerTest, |
| 368 PolicyCertificatesInMemoryDisallowsSecondaries) { | 376 PolicyCertificatesInMemoryDisallowsSecondaries) { |
| 369 // Verifies that if a user is signed-in and has policy certificates installed | 377 // Verifies that if a user is signed-in and has policy certificates installed |
| 370 // then no other users can be added. | 378 // then no other users can be added. |
| 371 LoginUser(0); | 379 LoginUser(0); |
| 372 | 380 |
| 373 // TODO(xiyuan): Remove the following SetPrefBehavor when default is | 381 // TODO(xiyuan): Remove the following SetPrefBehavor when default is |
| 374 // changed back to enabled. | 382 // changed back to enabled. |
| 375 SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted); | 383 SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted); |
| 376 | 384 |
| 377 cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure())); | 385 cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure())); |
| 378 g_policy_cert_verifier_for_factory = cert_verifier_.get(); | 386 g_policy_cert_verifier_for_factory = cert_verifier_.get(); |
| 379 ASSERT_TRUE( | 387 ASSERT_TRUE( |
| 380 policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse( | 388 policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse( |
| 381 profile(0), TestPolicyCertServiceFactory)); | 389 profile(0), TestPolicyCertServiceFactory)); |
| 382 policy::PolicyCertService* service = | 390 policy::PolicyCertService* service = |
| 383 policy::PolicyCertServiceFactory::GetForProfile(profile(0)); | 391 policy::PolicyCertServiceFactory::GetForProfile(profile(0)); |
| 384 ASSERT_TRUE(service); | 392 ASSERT_TRUE(service); |
| 385 | 393 |
| 386 EXPECT_FALSE(service->has_policy_certificates()); | 394 EXPECT_FALSE(service->has_policy_certificates()); |
| 387 EXPECT_EQ(MultiProfileUserController::ALLOWED, | 395 MultiProfileUserController::UserAllowedInSessionReason reason; |
| 388 controller()->IsUserAllowedInSession(kUsers[1])); | 396 EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); |
| 397 EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); |
| 389 | 398 |
| 390 net::CertificateList certificates; | 399 net::CertificateList certificates; |
| 391 certificates.push_back(new net::X509Certificate( | 400 certificates.push_back(new net::X509Certificate( |
| 392 "subject", "issuer", base::Time(), base::Time())); | 401 "subject", "issuer", base::Time(), base::Time())); |
| 393 service->OnTrustAnchorsChanged(certificates); | 402 service->OnTrustAnchorsChanged(certificates); |
| 394 EXPECT_TRUE(service->has_policy_certificates()); | 403 EXPECT_TRUE(service->has_policy_certificates()); |
| 404 EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); |
| 395 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, | 405 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, |
| 396 controller()->IsUserAllowedInSession(kUsers[1])); | 406 reason); |
| 397 | 407 |
| 398 // Flush tasks posted to IO. | 408 // Flush tasks posted to IO. |
| 399 base::RunLoop().RunUntilIdle(); | 409 base::RunLoop().RunUntilIdle(); |
| 400 } | 410 } |
| 401 | 411 |
| 402 } // namespace chromeos | 412 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 420243002:
Refactoring IsUserAllowedInSession and GetCachedValue (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master