| Index: chrome/browser/chromeos/policy/device_cloud_policy_invalidator_unittest.cc
|
| diff --git a/chrome/browser/chromeos/policy/device_cloud_policy_invalidator_unittest.cc b/chrome/browser/chromeos/policy/device_cloud_policy_invalidator_unittest.cc
|
| index 92de7def5c2e657948ce41085365b30c2963cf46..b2c6317d2bc9585f3367178a49ff44d6052c93d9 100644
|
| --- a/chrome/browser/chromeos/policy/device_cloud_policy_invalidator_unittest.cc
|
| +++ b/chrome/browser/chromeos/policy/device_cloud_policy_invalidator_unittest.cc
|
| @@ -11,6 +11,8 @@
|
| #include "base/run_loop.h"
|
| #include "chrome/browser/browser_process_platform_part.h"
|
| #include "chrome/browser/chrome_notification_types.h"
|
| +#include "chrome/browser/chromeos/login/users/fake_user_manager.h"
|
| +#include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h"
|
| #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
|
| #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
|
| #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
|
| @@ -52,6 +54,10 @@ namespace policy {
|
|
|
| namespace {
|
|
|
| +const char kAffiliatedUserID1[] = "test_1@example.com";
|
| +const char kAffiliatedUserID2[] = "test_2@example.com";
|
| +const char kUnaffiliatedUserID[] = "test_2@other_domain.test";
|
| +
|
| KeyedService* BuildProfileInvalidationProvider(
|
| content::BrowserContext* context) {
|
| scoped_ptr<invalidation::FakeInvalidationService> invalidation_service(
|
| @@ -74,7 +80,7 @@ class DeviceCloudPolicyInvalidatorTest : public testing::Test {
|
| virtual void TearDown() OVERRIDE;
|
|
|
| // Ownership is not passed. The Profile is owned by the global ProfileManager.
|
| - Profile *CreateProfile(const std::string& profile_name);
|
| + Profile *LogInAndReturnProfile(const std::string& user_id);
|
|
|
| invalidation::TiclInvalidationService* GetDeviceInvalidationService();
|
| bool HasDeviceInvalidationServiceObserver() const;
|
| @@ -95,6 +101,8 @@ class DeviceCloudPolicyInvalidatorTest : public testing::Test {
|
| content::TestBrowserThreadBundle thread_bundle_;
|
| scoped_refptr<net::URLRequestContextGetter> system_request_context_;
|
| TestingProfileManager profile_manager_;
|
| + chromeos::FakeUserManager* fake_user_manager_;
|
| + chromeos::ScopedUserManagerEnabler user_manager_enabler_;
|
| ScopedStubEnterpriseInstallAttributes install_attributes_;
|
| scoped_ptr<chromeos::ScopedTestDeviceSettingsService>
|
| test_device_settings_service_;
|
| @@ -109,6 +117,8 @@ DeviceCloudPolicyInvalidatorTest::DeviceCloudPolicyInvalidatorTest()
|
| system_request_context_(new net::TestURLRequestContextGetter(
|
| base::MessageLoopProxy::current())),
|
| profile_manager_(TestingBrowserProcess::GetGlobal()),
|
| + fake_user_manager_(new chromeos::FakeUserManager),
|
| + user_manager_enabler_(fake_user_manager_),
|
| install_attributes_("example.com",
|
| "user@example.com",
|
| "device_id",
|
| @@ -170,9 +180,10 @@ void DeviceCloudPolicyInvalidatorTest::TearDown() {
|
| chromeos::SystemSaltGetter::Shutdown();
|
| }
|
|
|
| -Profile *DeviceCloudPolicyInvalidatorTest::CreateProfile(
|
| - const std::string& profile_name) {
|
| - Profile* profile = profile_manager_.CreateTestingProfile(profile_name);
|
| +Profile *DeviceCloudPolicyInvalidatorTest::LogInAndReturnProfile(
|
| + const std::string& user_id) {
|
| + fake_user_manager_->AddUser(user_id);
|
| + Profile* profile = profile_manager_.CreateTestingProfile(user_id);
|
| content::NotificationService::current()->Notify(
|
| chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED,
|
| content::NotificationService::AllSources(),
|
| @@ -269,12 +280,13 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, UseDeviceInvalidationService) {
|
| EXPECT_FALSE(GetInvalidationService());
|
| }
|
|
|
| -// Verifies that a DeviceCloudPolicyInvalidator backed by a per-profile
|
| -// invalidation service is created/destroyed as the service
|
| -// connects/disconnects.
|
| -TEST_F(DeviceCloudPolicyInvalidatorTest, UseProfileInvalidationService) {
|
| - // Create a user profile.
|
| - Profile* profile = CreateProfile("test");
|
| +// Verifies that when the per-profile invalidation service for an affiliated
|
| +// user connect/disconnects, a DeviceCloudPolicyInvalidator backed by it is
|
| +// created/destroyed.
|
| +TEST_F(DeviceCloudPolicyInvalidatorTest,
|
| + UseAffiliatedProfileInvalidationService) {
|
| + // Log in as an affiliated user.
|
| + Profile* profile = LogInAndReturnProfile(kAffiliatedUserID1);
|
| ASSERT_TRUE(profile);
|
|
|
| // Verify that a device-global invalidation service has been created.
|
| @@ -287,7 +299,7 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, UseProfileInvalidationService) {
|
| ASSERT_TRUE(profile_invalidation_service);
|
| EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
|
|
|
| - // Verify that no invalidator exists yet
|
| + // Verify that no invalidator exists yet.
|
| EXPECT_FALSE(GetCloudPolicyInvalidator());
|
| EXPECT_FALSE(GetInvalidationService());
|
|
|
| @@ -327,6 +339,47 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, UseProfileInvalidationService) {
|
| EXPECT_FALSE(GetInvalidationService());
|
| }
|
|
|
| +// Verifies that even if the per-profile invalidation service for an
|
| +// unaffiliated user connects, no DeviceCloudPolicyInvalidator backed by it is
|
| +// created.
|
| +TEST_F(DeviceCloudPolicyInvalidatorTest,
|
| + DoNotUseUnaffiliatedProfileInvalidationService) {
|
| + // Log in as an unaffiliated user.
|
| + Profile* profile = LogInAndReturnProfile(kUnaffiliatedUserID);
|
| + ASSERT_TRUE(profile);
|
| +
|
| + // Verify that a device-global invalidation service has been created.
|
| + EXPECT_TRUE(GetDeviceInvalidationService());
|
| + EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
|
| +
|
| + // Verify that a per-profile invalidation service has been created.
|
| + invalidation::FakeInvalidationService* profile_invalidation_service =
|
| + GetProfileInvalidationService(profile);
|
| + ASSERT_TRUE(profile_invalidation_service);
|
| + EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount());
|
| +
|
| + // Verify that no invalidator exists yet.
|
| + EXPECT_FALSE(GetCloudPolicyInvalidator());
|
| + EXPECT_FALSE(GetInvalidationService());
|
| +
|
| + // Indicate that the per-profile invalidation service has connected.
|
| + profile_invalidation_service->SetInvalidatorState(
|
| + syncer::INVALIDATIONS_ENABLED);
|
| +
|
| + // Verify that the device-global invalidator still exists.
|
| + EXPECT_TRUE(GetDeviceInvalidationService());
|
| + EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
|
| +
|
| + // Verify that a per-profile invalidation service still exists.
|
| + profile_invalidation_service = GetProfileInvalidationService(profile);
|
| + EXPECT_TRUE(profile_invalidation_service);
|
| + EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount());
|
| +
|
| + // Verify that no invalidator has been created.
|
| + EXPECT_FALSE(GetCloudPolicyInvalidator());
|
| + EXPECT_FALSE(GetInvalidationService());
|
| +}
|
| +
|
| // Verifies that a DeviceCloudPolicyInvalidator exists whenever a connected
|
| // invalidation service is available, automatically switching between
|
| // device-global and per-profile invalidation services as they
|
| @@ -351,8 +404,8 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| // out as zero.
|
| EXPECT_EQ(0, invalidator->highest_handled_invalidation_version());
|
|
|
| - // Create a first user profile.
|
| - Profile* profile_1 = CreateProfile("test_1");
|
| + // Log in as a first affiliated user.
|
| + Profile* profile_1 = LogInAndReturnProfile(kAffiliatedUserID1);
|
| ASSERT_TRUE(profile_1);
|
|
|
| // Verify that the device-global invalidation service still exists.
|
| @@ -360,7 +413,7 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
|
|
|
| // Verify that a per-profile invalidation service has been created for the
|
| - // first user profile.
|
| + // first user.
|
| invalidation::FakeInvalidationService* profile_1_invalidation_service =
|
| GetProfileInvalidationService(profile_1);
|
| ASSERT_TRUE(profile_1_invalidation_service);
|
| @@ -371,7 +424,7 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| EXPECT_TRUE(GetCloudPolicyInvalidator());
|
| EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
|
|
|
| - // Indicate that the first user profile's per-profile invalidation service has
|
| + // Indicate that the first user's per-profile invalidation service has
|
| // connected.
|
| profile_1_invalidation_service->SetInvalidatorState(
|
| syncer::INVALIDATIONS_ENABLED);
|
| @@ -381,13 +434,13 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
|
|
|
| // Verify that a per-profile invalidation service still exists for the first
|
| - // user profile.
|
| + // user.
|
| profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
|
| EXPECT_TRUE(profile_1_invalidation_service);
|
| EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
|
|
|
| // Verify that an invalidator backed by the per-profile invalidation service
|
| - // for the first user profile has been created.
|
| + // for the first user has been created.
|
| invalidator = GetCloudPolicyInvalidator();
|
| ASSERT_TRUE(invalidator);
|
| EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService());
|
| @@ -402,8 +455,8 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| invalidator->OnStoreLoaded(store);
|
| EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
|
|
|
| - // Create a second user profile.
|
| - Profile* profile_2 = CreateProfile("test_2");
|
| + // Log in as a second affiliated user.
|
| + Profile* profile_2 = LogInAndReturnProfile(kAffiliatedUserID2);
|
| ASSERT_TRUE(profile_2);
|
|
|
| // Verify that the device-global invalidator still does not exist.
|
| @@ -411,7 +464,7 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
|
|
|
| // Verify that a per-profile invalidation service still exists for the first
|
| - // user profile and one has been created for the second user profile.
|
| + // user and one has been created for the second user.
|
| profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
|
| EXPECT_TRUE(profile_1_invalidation_service);
|
| invalidation::FakeInvalidationService* profile_2_invalidation_service =
|
| @@ -420,12 +473,12 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
|
|
|
| // Verify that an invalidator backed by the per-profile invalidation service
|
| - // for the first user profile still exists.
|
| + // for the first user still exists.
|
| EXPECT_TRUE(GetCloudPolicyInvalidator());
|
| EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService());
|
|
|
| - // Indicate that the second user profile's per-profile invalidation service
|
| - // has connected.
|
| + // Indicate that the second user's per-profile invalidation service has
|
| + // connected.
|
| profile_2_invalidation_service->SetInvalidatorState(
|
| syncer::INVALIDATIONS_ENABLED);
|
|
|
| @@ -433,8 +486,7 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| EXPECT_FALSE(GetDeviceInvalidationService());
|
| EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
|
|
|
| - // Verify that per-profile invalidation services still exist for both user
|
| - // profiles.
|
| + // Verify that per-profile invalidation services still exist for both users.
|
| profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
|
| ASSERT_TRUE(profile_1_invalidation_service);
|
| profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
|
| @@ -442,12 +494,12 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
|
|
|
| // Verify that an invalidator backed by the per-profile invalidation service
|
| - // for the first user profile still exists.
|
| + // for the first user still exists.
|
| EXPECT_TRUE(GetCloudPolicyInvalidator());
|
| EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService());
|
|
|
| - // Indicate that the per-profile invalidation service for the first user
|
| - // profile has disconnected.
|
| + // Indicate that the per-profile invalidation service for the first user has
|
| + // disconnected.
|
| profile_1_invalidation_service->SetInvalidatorState(
|
| syncer::INVALIDATION_CREDENTIALS_REJECTED);
|
|
|
| @@ -455,8 +507,7 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| EXPECT_FALSE(GetDeviceInvalidationService());
|
| EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
|
|
|
| - // Verify that per-profile invalidation services still exist for both user
|
| - // profiles.
|
| + // Verify that per-profile invalidation services still exist for both users.
|
| profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
|
| EXPECT_TRUE(profile_1_invalidation_service);
|
| profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
|
| @@ -464,7 +515,7 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
|
|
|
| // Verify that an invalidator backed by the per-profile invalidation service
|
| - // for the second user profile has been created.
|
| + // for the second user has been created.
|
| invalidator = GetCloudPolicyInvalidator();
|
| ASSERT_TRUE(invalidator);
|
| EXPECT_EQ(profile_2_invalidation_service, GetInvalidationService());
|
| @@ -479,6 +530,52 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| invalidator->OnStoreLoaded(store);
|
| EXPECT_EQ(2, invalidator->highest_handled_invalidation_version());
|
|
|
| + // Log in as an unaffiliated user.
|
| + Profile* profile_3 = LogInAndReturnProfile(kUnaffiliatedUserID);
|
| + ASSERT_TRUE(profile_3);
|
| +
|
| + // Verify that the device-global invalidator still does not exist.
|
| + EXPECT_FALSE(GetDeviceInvalidationService());
|
| + EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
|
| +
|
| + // Verify that a per-profile invalidation service still exists for the two
|
| + // affiliated user sand one has been created for the unaffiliated user.
|
| + profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
|
| + EXPECT_TRUE(profile_1_invalidation_service);
|
| + profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
|
| + ASSERT_TRUE(profile_2_invalidation_service);
|
| + invalidation::FakeInvalidationService* profile_3_invalidation_service =
|
| + GetProfileInvalidationService(profile_3);
|
| + EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
|
| +
|
| + // Verify that an invalidator backed by the per-profile invalidation service
|
| + // for the second affiliated user still exists.
|
| + EXPECT_TRUE(GetCloudPolicyInvalidator());
|
| + EXPECT_EQ(profile_2_invalidation_service, GetInvalidationService());
|
| +
|
| + // Indicate that the unaffiliated user's per-profile invalidation service has
|
| + // connected.
|
| + profile_3_invalidation_service->SetInvalidatorState(
|
| + syncer::INVALIDATIONS_ENABLED);
|
| +
|
| + // Verify that the device-global invalidator still does not exist.
|
| + EXPECT_FALSE(GetDeviceInvalidationService());
|
| + EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
|
| +
|
| + // Verify that per-profile invalidation services still exist for all three
|
| + // users.
|
| + profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
|
| + ASSERT_TRUE(profile_1_invalidation_service);
|
| + profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
|
| + EXPECT_TRUE(profile_2_invalidation_service);
|
| + profile_3_invalidation_service = GetProfileInvalidationService(profile_3);
|
| + EXPECT_TRUE(profile_3_invalidation_service);
|
| + EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
|
| +
|
| + // Verify that an invalidator backed by the per-profile invalidation service
|
| + // for the second affiliated user still exists.
|
| + EXPECT_TRUE(GetCloudPolicyInvalidator());
|
| +
|
| // Indicate that the per-profile invalidation service for the second user
|
| // profile has disconnected.
|
| profile_2_invalidation_service->SetInvalidatorState(
|
| @@ -488,12 +585,14 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| ASSERT_TRUE(GetDeviceInvalidationService());
|
| EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
|
|
|
| - // Verify that per-profile invalidation services still exist for both user
|
| - // profiles.
|
| + // Verify that per-profile invalidation services still exist for all three
|
| + // users.
|
| profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
|
| - EXPECT_TRUE(profile_1_invalidation_service);
|
| + ASSERT_TRUE(profile_1_invalidation_service);
|
| profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
|
| EXPECT_TRUE(profile_2_invalidation_service);
|
| + profile_3_invalidation_service = GetProfileInvalidationService(profile_3);
|
| + EXPECT_TRUE(profile_3_invalidation_service);
|
| EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
|
|
|
| // Verify that the invalidator has been destroyed.
|
| @@ -509,12 +608,14 @@ TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchInvalidationServices) {
|
| EXPECT_TRUE(GetDeviceInvalidationService());
|
| EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
|
|
|
| - // Verify that per-profile invalidation services still exist for both user
|
| - // profiles.
|
| + // Verify that per-profile invalidation services still exist for all three
|
| + // users.
|
| profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
|
| - EXPECT_TRUE(profile_1_invalidation_service);
|
| + ASSERT_TRUE(profile_1_invalidation_service);
|
| profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
|
| EXPECT_TRUE(profile_2_invalidation_service);
|
| + profile_3_invalidation_service = GetProfileInvalidationService(profile_3);
|
| + EXPECT_TRUE(profile_3_invalidation_service);
|
| EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
|
|
|
| // Verify that an invalidator backed by the device-global invalidation service
|
|
|
Chromium Code Reviews
Issue 567393006:
Do not use unaffiliated users' connections for device policy pushing (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master