Inline sign in extracts gaia id from HTTP header and seeds account tracker

chrome/browser/chromeos/login/saml/saml_browsertest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
@@ skipping 73 matching lines @@
 namespace {
 
 const char kGAIASIDCookieName[] = "SID";
 const char kGAIALSIDCookieName[] = "LSID";
 
 const char kTestAuthSIDCookie1[] = "fake-auth-SID-cookie-1";
 const char kTestAuthSIDCookie2[] = "fake-auth-SID-cookie-2";
 const char kTestAuthLSIDCookie1[] = "fake-auth-LSID-cookie-1";
 const char kTestAuthLSIDCookie2[] = "fake-auth-LSID-cookie-2";
 
+const char kTestGaiaId[] = "12345";
+
 const char kFirstSAMLUserEmail[] = "bob@example.com";
 const char kSecondSAMLUserEmail[] = "alice@example.com";
 const char kHTTPSAMLUserEmail[] = "carol@example.com";
 const char kNonSAMLUserEmail[] = "dan@example.com";
 const char kDifferentDomainSAMLUserEmail[] = "eve@example.test";
 
 const char kSAMLIdPCookieName[] = "saml";
 const char kSAMLIdPCookieValue1[] = "value-1";
 const char kSAMLIdPCookieValue2[] = "value-2";
 
@@ skipping 185 matching lines @@
     fake_gaia_.RegisterSamlUser(kSecondSAMLUserEmail, saml_idp_url);
     fake_gaia_.RegisterSamlUser(
         kHTTPSAMLUserEmail,
         embedded_test_server()->base_url().Resolve("/SAML"));
     fake_gaia_.RegisterSamlUser(kDifferentDomainSAMLUserEmail, saml_idp_url);
 
     fake_gaia_.Initialize();
   }
 
   virtual void SetUpOnMainThread() override {
-    fake_gaia_.SetFakeMergeSessionParams(kFirstSAMLUserEmail,
+    fake_gaia_.SetFakeMergeSessionParams(kTestGaiaId,
+                                         kFirstSAMLUserEmail,
                                          kTestAuthSIDCookie1,
                                          kTestAuthLSIDCookie1);
 
     embedded_test_server()->RegisterRequestHandler(
         base::Bind(&FakeGaia::HandleRequest, base::Unretained(&fake_gaia_)));
     embedded_test_server()->RegisterRequestHandler(base::Bind(
         &FakeSamlIdp::HandleRequest, base::Unretained(&fake_saml_idp_)));
 
     // Restart the thread as the sandbox host process has already been spawned.
     embedded_test_server()->RestartThreadAndListen();
@@ skipping 225 matching lines @@
   EXPECT_EQ(l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_NO_PASSWORD),
             WaitForAndGetFatalErrorMessage());
 }
 
 // Types |bob@example.com| into the GAIA login form but then authenticates as
 // |alice@example.com| via SAML. Verifies that the logged-in user is correctly
 // identified as Alice.
 IN_PROC_BROWSER_TEST_F(SamlTest, UseAutenticatedUserEmailAddress) {
   fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");
   // Type |bob@example.com| into the GAIA login form.
-  StartSamlAndWaitForIdpPageLoad(kSecondSAMLUserEmail);
+  StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail);
 
   // Authenticate as alice@example.com via SAML (the |Email| provided here is
   // irrelevant - the authenticated user's e-mail address that FakeGAIA
   // reports was set via |SetFakeMergeSessionParams|.
   SetSignFormField("Email", "fake_user");
   SetSignFormField("Password", "fake_password");
   ExecuteJsInSigninFrame("document.getElementById('Submit').click();");
 
   OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait();
 
   SendConfirmPassword("fake_password");
   content::WindowedNotificationObserver(
       chrome::NOTIFICATION_SESSION_STARTED,
       content::NotificationService::AllSources()).Wait();
   const user_manager::User* user =
       user_manager::UserManager::Get()->GetActiveUser();
   ASSERT_TRUE(user);
   EXPECT_EQ(kFirstSAMLUserEmail, user->email());

[bartfab (slow), 2014/10/17 09:54:55]

This test actually has even more typos in it :(.

1) The comments said: Type Bob into the GAIA form, then log in as Alice via
SAML.

2) What the test acutally did was: Type Alice into the GAIA form, then log in as
Bob via SAML.

3) What the test does now: Type Bob into the GAIA form, then log in as Bob via
SAML.

While 2) was wrong, it was correct in spirit. I had just swapped Alice and Bob.
The current behavior, 3), is wrong. The test now uses the same e-mail address
for GAIA and SAML. The very point of this test is to use different e-mail
addresses. I think the easiest fix is to restore line 548 to what it was and
adjust the comments.

At that point, the test will start failing but that is because FakeGaia is
actually wrong: It returns the e-mail address typed into the GAIA login form in
HandleServiceLoginAuth(). For SAML users, the e-mail address should be returned
by HandleSSO() instead, based on the user who actually authenticated. Once
FakaGaia has been fixed, the test should start passing again.

[Roger Tawa OOO till Jul 10th, 2014/10/20 16:04:00]

This test is even more complex than that.  It uses 3 emails: bob@ to start,
"fake_user" in the form, and then alice@ at the last step.  I'd suggest *not*
using constants like kFirstSAMLUserEmail and kSecondSAMLUserEmail and explicitly
putting the strings in the test.  Then even the comments go away since the code
if self commenting.  The only thing that should go into constants are things
that affect the outcome of the test itself.

[bartfab (slow), 2014/10/21 14:47:46]

Agreed.

 }
 
 // Verifies that if the authenticated user's e-mail address cannot be retrieved,
 // an error message is shown.
 IN_PROC_BROWSER_TEST_F(SamlTest, FailToRetrieveAutenticatedUserEmailAddress) {
   fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");
+  fake_gaia_.SetFakeMergeSessionParams(

[bartfab (slow), 2014/10/17 09:54:55]

Once FakeGaia has been fixed to return the e-mail address and GAIA ID for SAML
users from HandleSSO(), this can move back to where it was.

[Roger Tawa OOO till Jul 10th, 2014/10/20 16:04:00]

Done.

+      "", "", kTestAuthSIDCookie1, kTestAuthLSIDCookie1);
+
   StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail);
 
-  fake_gaia_.SetFakeMergeSessionParams(
-      "", kTestAuthSIDCookie1, kTestAuthLSIDCookie1);
   SetSignFormField("Email", "fake_user");
   SetSignFormField("Password", "fake_password");
   ExecuteJsInSigninFrame("document.getElementById('Submit').click();");
 
   EXPECT_EQ(l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_NO_EMAIL),
             WaitForAndGetFatalErrorMessage());
 }
 
 // Tests the password confirm flow: show error on the first failure and
 // fatal error on the second failure.
@@ skipping 61 matching lines @@
   virtual ~SAMLPolicyTest();
 
   // SamlTest:
   virtual void SetUpInProcessBrowserTestFixture() override;
   virtual void SetUpOnMainThread() override;
 
   void SetSAMLOfflineSigninTimeLimitPolicy(int limit);
   void EnableTransferSAMLCookiesPolicy();
 
   void ShowGAIALoginForm();
-  void LogInWithSAML(const std::string& user_id,
+  void LogInWithSAML(const std::string& gaia_id,
+                     const std::string& user_id,
                      const std::string& auth_sid_cookie,
                      const std::string& auth_lsid_cookie);
 
   std::string GetCookieValue(const std::string& name);
 
   void GetCookies();
 
  protected:
   void GetCookiesOnIOThread(
       const scoped_refptr<net::URLRequestContextGetter>& request_context,
@@ skipping 91 matching lines @@
       "  window.domAutomationController.setAutomationId(0);"
       "  window.domAutomationController.send('ready');"
       "});"
       "$('add-user-button').click();"));
   content::DOMMessageQueue message_queue;
   std::string message;
   ASSERT_TRUE(message_queue.WaitForMessage(&message));
   EXPECT_EQ("\"ready\"", message);
 }
 
-void SAMLPolicyTest::LogInWithSAML(const std::string& user_id,
+void SAMLPolicyTest::LogInWithSAML(const std::string& gaia_id,
+                                   const std::string& user_id,
                                    const std::string& auth_sid_cookie,
                                    const std::string& auth_lsid_cookie) {
   fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");
   StartSamlAndWaitForIdpPageLoad(user_id);
 
   fake_gaia_.SetFakeMergeSessionParams(
-      user_id, auth_sid_cookie, auth_lsid_cookie);
+      gaia_id, user_id, auth_sid_cookie, auth_lsid_cookie);
   SetSignFormField("Email", "fake_user");
   SetSignFormField("Password", "fake_password");
   ExecuteJsInSigninFrame("document.getElementById('Submit').click();");
 
   OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait();
 
   SendConfirmPassword("fake_password");
   content::WindowedNotificationObserver(
       chrome::NOTIFICATION_SESSION_STARTED,
       content::NotificationService::AllSources()).Wait();
@@ skipping 63 matching lines @@
   login_screen_load_observer_->Wait();
   // Verify that offline login is allowed.
   JsExpect("window.getComputedStyle(document.querySelector("
            "    '#pod-row .signin-button-container')).display == 'none'");
 }
 
 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_SAMLNoLimit) {
   // Remove the offline login time limit for SAML users.
   SetSAMLOfflineSigninTimeLimitPolicy(-1);
 
-  LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie1, kTestAuthLSIDCookie1);
+  LogInWithSAML(kTestGaiaId, kFirstSAMLUserEmail, kTestAuthSIDCookie1,
+                kTestAuthLSIDCookie1);
 }
 
 // Verifies that when no offline login time limit is set, a user who
 // authenticated with SAML is allowed to log in offline.
 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, SAMLNoLimit) {
   login_screen_load_observer_->Wait();
   // Verify that offline login is allowed.
   JsExpect("window.getComputedStyle(document.querySelector("
            "    '#pod-row .signin-button-container')).display == 'none'");
 }
 
 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_SAMLZeroLimit) {
   // Set the offline login time limit for SAML users to zero.
   SetSAMLOfflineSigninTimeLimitPolicy(0);
 
-  LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie1, kTestAuthLSIDCookie1);
+  LogInWithSAML(kTestGaiaId, kFirstSAMLUserEmail, kTestAuthSIDCookie1,
+                kTestAuthLSIDCookie1);
 }
 
 // Verifies that when the offline login time limit is exceeded for a user who
 // authenticated via SAML, that user is forced to log in online the next time.
 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, SAMLZeroLimit) {
   login_screen_load_observer_->Wait();
   // Verify that offline login is not allowed.
   JsExpect("window.getComputedStyle(document.querySelector("
            "    '#pod-row .signin-button-container')).display != 'none'");
 }
 
 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_PRE_TransferCookiesAffiliated) {
   fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue1);
-  LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie1, kTestAuthLSIDCookie1);
+  LogInWithSAML(kTestGaiaId, kFirstSAMLUserEmail, kTestAuthSIDCookie1,
+                kTestAuthLSIDCookie1);
 
   GetCookies();
   EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName));
   EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName));
   EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName));
 }
 
 // Verifies that when the DeviceTransferSAMLCookies policy is not enabled, SAML
 // IdP cookies are not transferred to a user's profile on subsequent login, even
 // if the user belongs to the domain that the device is enrolled into. Also
 // verifies that GAIA cookies are not transferred.
 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_TransferCookiesAffiliated) {
   fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue2);
   fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");
   ShowGAIALoginForm();
-  LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie2, kTestAuthLSIDCookie2);
+  LogInWithSAML(kTestGaiaId, kFirstSAMLUserEmail, kTestAuthSIDCookie2,
+                kTestAuthLSIDCookie2);
 
   GetCookies();
   EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName));
   EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName));
   EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName));
 }
 
 // Verifies that when the DeviceTransferSAMLCookies policy is enabled, SAML IdP
 // cookies are transferred to a user's profile on subsequent login when the user
 // belongs to the domain that the device is enrolled into. Also verifies that
 // GAIA cookies are not transferred.
 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, TransferCookiesAffiliated) {
   fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue2);
   fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");
   ShowGAIALoginForm();
 
   EnableTransferSAMLCookiesPolicy();
-  LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie2, kTestAuthLSIDCookie2);
+  LogInWithSAML(kTestGaiaId, kFirstSAMLUserEmail, kTestAuthSIDCookie2,
+                kTestAuthLSIDCookie2);
 
   GetCookies();
   EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName));
   EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName));
   EXPECT_EQ(kSAMLIdPCookieValue2, GetCookieValue(kSAMLIdPCookieName));
 }
 
 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_TransferCookiesUnaffiliated) {
   fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue1);
-  LogInWithSAML(kDifferentDomainSAMLUserEmail,
+  LogInWithSAML(kTestGaiaId,
+                kDifferentDomainSAMLUserEmail,
                 kTestAuthSIDCookie1,
                 kTestAuthLSIDCookie1);
 
   GetCookies();
   EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName));
   EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName));
   EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName));
 }
 
 // Verifies that even if the DeviceTransferSAMLCookies policy is enabled, SAML
 // IdP are not transferred to a user's profile on subsequent login if the user
 // does not belong to the domain that the device is enrolled into. Also verifies
 // that GAIA cookies are not transferred.
 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, TransferCookiesUnaffiliated) {
   fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue2);
   fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");
   ShowGAIALoginForm();
 
   EnableTransferSAMLCookiesPolicy();
-  LogInWithSAML(kDifferentDomainSAMLUserEmail,
+  LogInWithSAML(kTestGaiaId,
+                kDifferentDomainSAMLUserEmail,
                 kTestAuthSIDCookie1,
                 kTestAuthLSIDCookie1);
 
   GetCookies();
   EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName));
   EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName));
   EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName));
 }
 
 }  // namespace chromeos