chrome/browser/chromeos/login/saml/saml_browsertest.cc - Issue 473153002: Inline sign in extracts gaia id from HTTP header and seeds account tracker

Side by Side Diff: chrome/browser/chromeos/login/saml/saml_browsertest.cc

Issue 473153002: Inline sign in extracts gaia id from HTTP header and seeds account tracker (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fix error message Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « chrome/app/chromeos_strings.grdp ('k') | chrome/browser/chromeos/login/session/user_session_manager.cc » ('j') | chrome/browser/resources/chromeos/login/oobe_screen_oauth_enrollment.js » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "base/bind.h"	5 #include "base/bind.h"

6 #include "base/bind_helpers.h"	6 #include "base/bind_helpers.h"

7 #include "base/callback.h"	7 #include "base/callback.h"

8 #include "base/command_line.h"	8 #include "base/command_line.h"

9 #include "base/files/file_path.h"	9 #include "base/files/file_path.h"

10 #include "base/files/file_util.h"	10 #include "base/files/file_util.h"

(...skipping 557 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
568 IN_PROC_BROWSER_TEST_F(SamlTest, FailToRetrieveAutenticatedUserEmailAddress) {	568 IN_PROC_BROWSER_TEST_F(SamlTest, FailToRetrieveAutenticatedUserEmailAddress) {

569 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");	569 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");

570 StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail);	570 StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail);

571	571

572 fake_gaia_.SetFakeMergeSessionParams(	572 fake_gaia_.SetFakeMergeSessionParams(

573 "", kTestAuthSIDCookie1, kTestAuthLSIDCookie1);	573 "", kTestAuthSIDCookie1, kTestAuthLSIDCookie1);

574 SetSignFormField("Email", "fake_user");	574 SetSignFormField("Email", "fake_user");

575 SetSignFormField("Password", "fake_password");	575 SetSignFormField("Password", "fake_password");

576 ExecuteJsInSigninFrame("document.getElementById('Submit').click();");	576 ExecuteJsInSigninFrame("document.getElementById('Submit').click();");

577	577

578 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_NO_EMAIL),	578 EXPECT_EQ(l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_NO_ACCOUNT_DETAILS),

579 WaitForAndGetFatalErrorMessage());	579 WaitForAndGetFatalErrorMessage());

580 }	580 }

581	581

582 // Tests the password confirm flow: show error on the first failure and	582 // Tests the password confirm flow: show error on the first failure and

583 // fatal error on the second failure.	583 // fatal error on the second failure.

584 IN_PROC_BROWSER_TEST_F(SamlTest, PasswordConfirmFlow) {	584 IN_PROC_BROWSER_TEST_F(SamlTest, PasswordConfirmFlow) {

585 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");	585 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");

586 StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail);	586 StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail);

587	587

588 // Fill-in the SAML IdP form and submit.	588 // Fill-in the SAML IdP form and submit.

(...skipping 259 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
848 login_screen_load_observer_->Wait();	848 login_screen_load_observer_->Wait();

849 // Verify that offline login is allowed.	849 // Verify that offline login is allowed.

850 JsExpect("window.getComputedStyle(document.querySelector("	850 JsExpect("window.getComputedStyle(document.querySelector("

851 " '#pod-row .signin-button-container')).display == 'none'");	851 " '#pod-row .signin-button-container')).display == 'none'");

852 }	852 }

853	853

854 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_SAMLNoLimit) {	854 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_SAMLNoLimit) {

855 // Remove the offline login time limit for SAML users.	855 // Remove the offline login time limit for SAML users.

856 SetSAMLOfflineSigninTimeLimitPolicy(-1);	856 SetSAMLOfflineSigninTimeLimitPolicy(-1);

857	857

858 LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie1, kTestAuthLSIDCookie1);	858 LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie1,

	859 kTestAuthLSIDCookie1);
	bartfab (slow) 2014/10/21 14:47:47 Nit: You no longer need to introduce line wrapping Nit: You no longer need to introduce line wrapping here. Roger Tawa OOO till Jul 10th 2014/10/21 19:15:31 Done. Show quoted text On 2014/10/21 14:47:47, bartfab wrote: > Nit: You no longer need to introduce line wrapping here. Done.
859 }	860 }

860	861

861 // Verifies that when no offline login time limit is set, a user who	862 // Verifies that when no offline login time limit is set, a user who

862 // authenticated with SAML is allowed to log in offline.	863 // authenticated with SAML is allowed to log in offline.

863 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, SAMLNoLimit) {	864 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, SAMLNoLimit) {

864 login_screen_load_observer_->Wait();	865 login_screen_load_observer_->Wait();

865 // Verify that offline login is allowed.	866 // Verify that offline login is allowed.

866 JsExpect("window.getComputedStyle(document.querySelector("	867 JsExpect("window.getComputedStyle(document.querySelector("

867 " '#pod-row .signin-button-container')).display == 'none'");	868 " '#pod-row .signin-button-container')).display == 'none'");

868 }	869 }

869	870

870 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_SAMLZeroLimit) {	871 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_SAMLZeroLimit) {

871 // Set the offline login time limit for SAML users to zero.	872 // Set the offline login time limit for SAML users to zero.

872 SetSAMLOfflineSigninTimeLimitPolicy(0);	873 SetSAMLOfflineSigninTimeLimitPolicy(0);

873	874

874 LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie1, kTestAuthLSIDCookie1);	875 LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie1,
	bartfab (slow) 2014/10/21 14:47:47 Nit: You no longer need to introduce line wrapping Nit: You no longer need to introduce line wrapping here. Roger Tawa OOO till Jul 10th 2014/10/21 19:15:31 Done. Show quoted text On 2014/10/21 14:47:47, bartfab wrote: > Nit: You no longer need to introduce line wrapping here. Done.
	876 kTestAuthLSIDCookie1);

875 }	877 }

876	878

877 // Verifies that when the offline login time limit is exceeded for a user who	879 // Verifies that when the offline login time limit is exceeded for a user who

878 // authenticated via SAML, that user is forced to log in online the next time.	880 // authenticated via SAML, that user is forced to log in online the next time.

879 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, SAMLZeroLimit) {	881 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, SAMLZeroLimit) {

880 login_screen_load_observer_->Wait();	882 login_screen_load_observer_->Wait();

881 // Verify that offline login is not allowed.	883 // Verify that offline login is not allowed.

882 JsExpect("window.getComputedStyle(document.querySelector("	884 JsExpect("window.getComputedStyle(document.querySelector("

883 " '#pod-row .signin-button-container')).display != 'none'");	885 " '#pod-row .signin-button-container')).display != 'none'");

884 }	886 }

885	887

886 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_PRE_TransferCookiesAffiliated) {	888 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_PRE_TransferCookiesAffiliated) {

887 fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue1);	889 fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue1);

888 LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie1, kTestAuthLSIDCookie1);	890 LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie1,
	bartfab (slow) 2014/10/21 14:47:47 Nit: You no longer need to introduce line wrapping Nit: You no longer need to introduce line wrapping here. Roger Tawa OOO till Jul 10th 2014/10/21 19:15:31 Done. Show quoted text On 2014/10/21 14:47:47, bartfab wrote: > Nit: You no longer need to introduce line wrapping here. Done.
	891 kTestAuthLSIDCookie1);

889	892

890 GetCookies();	893 GetCookies();

891 EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName));	894 EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName));

892 EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName));	895 EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName));

893 EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName));	896 EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName));

894 }	897 }

895	898

896 // Verifies that when the DeviceTransferSAMLCookies policy is not enabled, SAML	899 // Verifies that when the DeviceTransferSAMLCookies policy is not enabled, SAML

897 // IdP cookies are not transferred to a user's profile on subsequent login, even	900 // IdP cookies are not transferred to a user's profile on subsequent login, even

898 // if the user belongs to the domain that the device is enrolled into. Also	901 // if the user belongs to the domain that the device is enrolled into. Also

899 // verifies that GAIA cookies are not transferred.	902 // verifies that GAIA cookies are not transferred.

900 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_TransferCookiesAffiliated) {	903 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_TransferCookiesAffiliated) {

901 fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue2);	904 fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue2);

902 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");	905 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");

903 ShowGAIALoginForm();	906 ShowGAIALoginForm();

904 LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie2, kTestAuthLSIDCookie2);	907 LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie2,
	bartfab (slow) 2014/10/21 14:47:47 Nit: You no longer need to introduce line wrapping Nit: You no longer need to introduce line wrapping here. Roger Tawa OOO till Jul 10th 2014/10/21 19:15:31 Done. Show quoted text On 2014/10/21 14:47:47, bartfab wrote: > Nit: You no longer need to introduce line wrapping here. Done.
	908 kTestAuthLSIDCookie2);

905	909

906 GetCookies();	910 GetCookies();

907 EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName));	911 EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName));

908 EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName));	912 EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName));

909 EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName));	913 EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName));

910 }	914 }

911	915

912 // Verifies that when the DeviceTransferSAMLCookies policy is enabled, SAML IdP	916 // Verifies that when the DeviceTransferSAMLCookies policy is enabled, SAML IdP

913 // cookies are transferred to a user's profile on subsequent login when the user	917 // cookies are transferred to a user's profile on subsequent login when the user

914 // belongs to the domain that the device is enrolled into. Also verifies that	918 // belongs to the domain that the device is enrolled into. Also verifies that

915 // GAIA cookies are not transferred.	919 // GAIA cookies are not transferred.

916 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, TransferCookiesAffiliated) {	920 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, TransferCookiesAffiliated) {

917 fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue2);	921 fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue2);

918 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");	922 fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html");

919 ShowGAIALoginForm();	923 ShowGAIALoginForm();

920	924

921 EnableTransferSAMLCookiesPolicy();	925 EnableTransferSAMLCookiesPolicy();

922 LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie2, kTestAuthLSIDCookie2);	926 LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie2,
	bartfab (slow) 2014/10/21 14:47:47 Nit: You no longer need to introduce line wrapping Nit: You no longer need to introduce line wrapping here. Roger Tawa OOO till Jul 10th 2014/10/21 19:15:31 Done. Show quoted text On 2014/10/21 14:47:47, bartfab wrote: > Nit: You no longer need to introduce line wrapping here. Done.
	927 kTestAuthLSIDCookie2);

923	928

924 GetCookies();	929 GetCookies();

925 EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName));	930 EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName));

926 EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName));	931 EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName));

927 EXPECT_EQ(kSAMLIdPCookieValue2, GetCookieValue(kSAMLIdPCookieName));	932 EXPECT_EQ(kSAMLIdPCookieValue2, GetCookieValue(kSAMLIdPCookieName));

928 }	933 }

929	934

930 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_TransferCookiesUnaffiliated) {	935 IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_TransferCookiesUnaffiliated) {

931 fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue1);	936 fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue1);

932 LogInWithSAML(kDifferentDomainSAMLUserEmail,	937 LogInWithSAML(kDifferentDomainSAMLUserEmail,

(...skipping 20 matching lines...) Expand all Loading...
953 kTestAuthSIDCookie1,	958 kTestAuthSIDCookie1,

954 kTestAuthLSIDCookie1);	959 kTestAuthLSIDCookie1);

955	960

956 GetCookies();	961 GetCookies();

957 EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName));	962 EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName));

958 EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName));	963 EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName));

959 EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName));	964 EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName));

960 }	965 }

961	966

962 } // namespace chromeos	967 } // namespace chromeos

OLD	NEW