src/chrome/browser/chromeos/login/managed/managed_user_password_browsertest.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include <string>
   6
   7 #include "base/compiler_specific.h"
   8 #include "base/run_loop.h"
   9 #include "base/strings/utf_string_conversions.h"
  10 #include "base/threading/sequenced_worker_pool.h"
  11 #include "chrome/browser/chrome_notification_types.h"
  12 #include "chrome/browser/chromeos/login/login_display_host_impl.h"
  13 #include "chrome/browser/chromeos/login/login_manager_test.h"
  14 #include "chrome/browser/chromeos/login/managed/managed_user_test_base.h"
  15 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h"
  16 #include "chrome/browser/chromeos/login/startup_utils.h"
  17 #include "chrome/browser/chromeos/login/supervised_user_manager.h"
  18 #include "chrome/browser/chromeos/login/webui_login_view.h"
  19 #include "chrome/browser/chromeos/net/network_portal_detector_test_impl.h"
  20 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h"
  21 #include "chrome/browser/managed_mode/managed_user_constants.h"
  22 #include "chrome/browser/managed_mode/managed_user_registration_utility.h"
  23 #include "chrome/browser/managed_mode/managed_user_registration_utility_stub.h"
  24 #include "chrome/browser/managed_mode/managed_user_shared_settings_service.h"
  25 #include "chrome/browser/managed_mode/managed_user_shared_settings_service_factory.h"
  26 #include "chrome/browser/managed_mode/managed_user_sync_service.h"
  27 #include "chrome/browser/managed_mode/managed_user_sync_service_factory.h"
  28 #include "chromeos/cryptohome/mock_async_method_caller.h"
  29 #include "chromeos/cryptohome/mock_homedir_methods.h"
  30 #include "content/public/browser/notification_service.h"
  31 #include "content/public/test/browser_test_utils.h"
  32 #include "content/public/test/test_utils.h"
  33 #include "sync/api/attachments/attachment_service_proxy_for_test.h"
  34 #include "sync/api/fake_sync_change_processor.h"
  35 #include "sync/api/sync_change.h"
  36 #include "sync/api/sync_error_factory_mock.h"
  37 #include "sync/protocol/sync.pb.h"
  38
  39 using testing::_;
  40 using chromeos::ManagedUserTestBase;
  41 using chromeos::kTestSupervisedUserDisplayName;
  42 using chromeos::kTestManager;
  43
  44 namespace chromeos {
  45
  46 class SupervisedUserPasswordTest : public ManagedUserTestBase {
  47  public:
  48   SupervisedUserPasswordTest() : ManagedUserTestBase() {}
  49
  50  private:
  51   DISALLOW_COPY_AND_ASSIGN(SupervisedUserPasswordTest);
  52 };
  53
  54 class SupervisedUserPasswordManagerTest : public ManagedUserTestBase {
  55  public:
  56   SupervisedUserPasswordManagerTest() : ManagedUserTestBase() {}
  57
  58  private:
  59   DISALLOW_COPY_AND_ASSIGN(SupervisedUserPasswordManagerTest);
  60 };
  61
  62 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest,
  63                        PRE_PRE_PRE_PasswordChangeFromUserTest) {
  64   PrepareUsers();
  65 }
  66
  67 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest,
  68                        PRE_PRE_PasswordChangeFromUserTest) {
  69   StartFlowLoginAsManager();
  70   FillNewUserData(kTestSupervisedUserDisplayName);
  71   StartUserCreation("managed-user-creation-next-button",
  72                     kTestSupervisedUserDisplayName);
  73 }
  74
  75 // Supervised user signs in, get sync notification about password update, and
  76 // schedules password migration.
  77 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest,
  78                        PRE_PasswordChangeFromUserTest) {
  79   SigninAsSupervisedUser(true, 0, kTestSupervisedUserDisplayName);
  80
  81   const User* user = UserManager::Get()->GetUsers().at(0);
  82   std::string sync_id =
  83       UserManager::Get()->GetSupervisedUserManager()->GetUserSyncId(
  84           user->email());
  85   base::DictionaryValue password;
  86   password.SetIntegerWithoutPathExpansion(
  87       kSchemaVersion, SupervisedUserAuthentication::SCHEMA_SALT_HASHED);
  88   password.SetIntegerWithoutPathExpansion(kPasswordRevision, 2);
  89
  90   password.SetStringWithoutPathExpansion(kPasswordSignature, "signature");
  91   password.SetStringWithoutPathExpansion(kEncryptedPassword,
  92                                          "new-encrypted-password");
  93
  94   shared_settings_adapter_->AddChange(
  95       sync_id, managed_users::kChromeOSPasswordData, password, true, false);
  96   content::RunAllPendingInMessageLoop();
  97 }
  98
  99 // Supervised user signs in for second time, and actual password migration takes
 100 // place.
 101 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest, PasswordChangeFromUserTest) {
 102   EXPECT_CALL(*mock_homedir_methods_, MountEx(_, _, _, _)).Times(1);
 103   EXPECT_CALL(*mock_homedir_methods_, UpdateKeyEx(_, _, _, _, _)).Times(1);
 104   SigninAsSupervisedUser(false, 0, kTestSupervisedUserDisplayName);
 105   testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_);
 106 }
 107
 108 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest,
 109                        PRE_PRE_PRE_PasswordChangeFromManagerTest) {
 110   PrepareUsers();
 111 }
 112
 113 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest,
 114                        PRE_PRE_PasswordChangeFromManagerTest) {
 115   StartFlowLoginAsManager();
 116   FillNewUserData(kTestSupervisedUserDisplayName);
 117   StartUserCreation("managed-user-creation-next-button",
 118                     kTestSupervisedUserDisplayName);
 119 }
 120
 121 // Manager signs in, gets sync notification about supervised user password
 122 // update, and performs migration.
 123 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest,
 124                        PRE_PasswordChangeFromManagerTest) {
 125   const User* managed_user = UserManager::Get()->GetUsers().at(0);
 126
 127   SigninAsManager(1);
 128
 129   EXPECT_CALL(*mock_homedir_methods_, AddKeyEx(_, _, _, _, _)).Times(1);
 130
 131   std::string sync_id =
 132       UserManager::Get()->GetSupervisedUserManager()->GetUserSyncId(
 133           managed_user->email());
 134
 135   ::sync_pb::ManagedUserSpecifics managed_user_proto;
 136
 137   managed_user_proto.set_id(sync_id);
 138   managed_user_proto.set_name(kTestSupervisedUserDisplayName);
 139   managed_user_proto.set_acknowledged(true);
 140   managed_user_proto.set_master_key("master key");
 141   managed_user_proto.set_password_signature_key("signature_key");
 142   managed_user_proto.set_password_encryption_key("encryption_key");
 143
 144   managed_users_adapter_->AddChange(managed_user_proto, false);
 145   content::RunAllPendingInMessageLoop();
 146
 147   base::DictionaryValue password;
 148   password.SetIntegerWithoutPathExpansion(
 149       kSchemaVersion, SupervisedUserAuthentication::SCHEMA_SALT_HASHED);
 150   password.SetIntegerWithoutPathExpansion(kPasswordRevision, 2);
 151
 152   password.SetStringWithoutPathExpansion(kPasswordSignature, "signature");
 153   password.SetStringWithoutPathExpansion(kEncryptedPassword,
 154                                          "new-encrypted-password");
 155   shared_settings_adapter_->AddChange(
 156       sync_id, managed_users::kChromeOSPasswordData, password, true, false);
 157   content::RunAllPendingInMessageLoop();
 158
 159   testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_);
 160 }
 161
 162 // After that supervised user signs in, and no password change happens.
 163 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest,
 164                        PasswordChangeFromManagerTest) {
 165   EXPECT_CALL(*mock_homedir_methods_, MountEx(_, _, _, _)).Times(1);
 166   EXPECT_CALL(*mock_homedir_methods_, UpdateKeyEx(_, _, _, _, _)).Times(0);
 167   SigninAsSupervisedUser(false, 1, kTestSupervisedUserDisplayName);
 168   testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_);
 169 }
 170
 171 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest,
 172                        PRE_PRE_PRE_PRE_PasswordChangeUserAndManagerTest) {
 173   PrepareUsers();
 174 }
 175
 176 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest,
 177                        PRE_PRE_PRE_PasswordChangeUserAndManagerTest) {
 178   StartFlowLoginAsManager();
 179   FillNewUserData(kTestSupervisedUserDisplayName);
 180   StartUserCreation("managed-user-creation-next-button",
 181                     kTestSupervisedUserDisplayName);
 182 }
 183
 184 // Supervised user signs in, get sync notification about password update, and
 185 // schedules password migration.
 186 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest,
 187                        PRE_PRE_PasswordChangeUserAndManagerTest) {
 188   SigninAsSupervisedUser(true, 0, kTestSupervisedUserDisplayName);
 189
 190   const User* user = UserManager::Get()->GetUsers().at(0);
 191   std::string sync_id =
 192       UserManager::Get()->GetSupervisedUserManager()->GetUserSyncId(
 193           user->email());
 194   base::DictionaryValue password;
 195   password.SetIntegerWithoutPathExpansion(
 196       kSchemaVersion, SupervisedUserAuthentication::SCHEMA_SALT_HASHED);
 197   password.SetIntegerWithoutPathExpansion(kPasswordRevision, 2);
 198
 199   password.SetStringWithoutPathExpansion(kPasswordSignature, "signature");
 200   password.SetStringWithoutPathExpansion(kEncryptedPassword,
 201                                          "new-encrypted-password");
 202
 203   shared_settings_adapter_->AddChange(
 204       sync_id, managed_users::kChromeOSPasswordData, password, true, false);
 205   content::RunAllPendingInMessageLoop();
 206 }
 207
 208 // After that manager signs in, and also detects password change. Manager
 209 // performs the migration.
 210 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest,
 211                        PRE_PasswordChangeUserAndManagerTest) {
 212   const User* managed_user = UserManager::Get()->GetUsers().at(0);
 213
 214   SigninAsManager(1);
 215
 216   EXPECT_CALL(*mock_homedir_methods_, AddKeyEx(_, _, _, _, _)).Times(1);
 217
 218   std::string sync_id =
 219       UserManager::Get()->GetSupervisedUserManager()->GetUserSyncId(
 220           managed_user->email());
 221
 222   ::sync_pb::ManagedUserSpecifics managed_user_proto;
 223
 224   managed_user_proto.set_id(sync_id);
 225   managed_user_proto.set_name(kTestSupervisedUserDisplayName);
 226   managed_user_proto.set_acknowledged(true);
 227   managed_user_proto.set_master_key("master key");
 228   managed_user_proto.set_password_signature_key("signature_key");
 229   managed_user_proto.set_password_encryption_key("encryption_key");
 230
 231   managed_users_adapter_->AddChange(managed_user_proto, false);
 232   content::RunAllPendingInMessageLoop();
 233
 234   base::DictionaryValue password;
 235   password.SetIntegerWithoutPathExpansion(
 236       kSchemaVersion, SupervisedUserAuthentication::SCHEMA_SALT_HASHED);
 237   password.SetIntegerWithoutPathExpansion(kPasswordRevision, 2);
 238
 239   password.SetStringWithoutPathExpansion(kPasswordSignature, "signature");
 240   password.SetStringWithoutPathExpansion(kEncryptedPassword,
 241                                          "new-encrypted-password");
 242   shared_settings_adapter_->AddChange(
 243       sync_id, managed_users::kChromeOSPasswordData, password, true, false);
 244   content::RunAllPendingInMessageLoop();
 245
 246   testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_);
 247 }
 248
 249 // When supervised user signs in, password is already migrated, so no migration
 250 // should be attempted.
 251 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest,
 252                        PasswordChangeUserAndManagerTest) {
 253   EXPECT_CALL(*mock_homedir_methods_, MountEx(_, _, _, _)).Times(1);
 254   EXPECT_CALL(*mock_homedir_methods_, UpdateKeyEx(_, _, _, _, _)).Times(0);
 255   SigninAsSupervisedUser(false, 1, kTestSupervisedUserDisplayName);
 256   testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_);
 257 }
 258
 259 }  // namespace chromeos