src/chrome/browser/chromeos/login/multi_profile_user_controller_unittest.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/login/multi_profile_user_controller.h"
   6
   7 #include "base/memory/scoped_ptr.h"
   8 #include "base/run_loop.h"
   9 #include "base/strings/utf_string_conversions.h"
  10 #include "chrome/browser/chromeos/login/fake_user_manager.h"
  11 #include "chrome/browser/chromeos/login/multi_profile_user_controller_delegate.h"
  12 #include "chrome/browser/chromeos/login/user_manager.h"
  13 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
  14 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
  15 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
  16 #include "chrome/browser/prefs/browser_prefs.h"
  17 #include "chrome/common/pref_names.h"
  18 #include "chrome/test/base/scoped_testing_local_state.h"
  19 #include "chrome/test/base/testing_browser_process.h"
  20 #include "chrome/test/base/testing_pref_service_syncable.h"
  21 #include "chrome/test/base/testing_profile.h"
  22 #include "chrome/test/base/testing_profile_manager.h"
  23 #include "content/public/test/test_browser_thread_bundle.h"
  24 #include "net/cert/x509_certificate.h"
  25 #include "testing/gtest/include/gtest/gtest.h"
  26
  27 namespace chromeos {
  28
  29 namespace {
  30
  31 const char* kUsers[] = {"a@gmail.com", "b@gmail.com" };
  32
  33 struct BehaviorTestCase {
  34   const char* primary;
  35   const char* secondary;
  36   MultiProfileUserController::UserAllowedInSessionResult expected_allowed;
  37 };
  38
  39 const BehaviorTestCase kBehaviorTestCases[] = {
  40   {
  41     MultiProfileUserController::kBehaviorUnrestricted,
  42     MultiProfileUserController::kBehaviorUnrestricted,
  43     MultiProfileUserController::ALLOWED,
  44   },
  45   {
  46     MultiProfileUserController::kBehaviorUnrestricted,
  47     MultiProfileUserController::kBehaviorPrimaryOnly,
  48     MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS,
  49   },
  50   {
  51     MultiProfileUserController::kBehaviorUnrestricted,
  52     MultiProfileUserController::kBehaviorNotAllowed,
  53     MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS,
  54   },
  55   {
  56     MultiProfileUserController::kBehaviorPrimaryOnly,
  57     MultiProfileUserController::kBehaviorUnrestricted,
  58     MultiProfileUserController::ALLOWED,
  59   },
  60   {
  61     MultiProfileUserController::kBehaviorPrimaryOnly,
  62     MultiProfileUserController::kBehaviorPrimaryOnly,
  63     MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS,
  64   },
  65   {
  66     MultiProfileUserController::kBehaviorPrimaryOnly,
  67     MultiProfileUserController::kBehaviorNotAllowed,
  68     MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS,
  69   },
  70   {
  71     MultiProfileUserController::kBehaviorNotAllowed,
  72     MultiProfileUserController::kBehaviorUnrestricted,
  73     MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS,
  74   },
  75   {
  76     MultiProfileUserController::kBehaviorNotAllowed,
  77     MultiProfileUserController::kBehaviorPrimaryOnly,
  78     MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS,
  79   },
  80   {
  81     MultiProfileUserController::kBehaviorNotAllowed,
  82     MultiProfileUserController::kBehaviorNotAllowed,
  83     MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS,
  84   },
  85 };
  86
  87 // Weak ptr to PolicyCertVerifier - object is freed in test destructor once
  88 // we've ensured the profile has been shut down.
  89 policy::PolicyCertVerifier* g_policy_cert_verifier_for_factory = NULL;
  90
  91 BrowserContextKeyedService* TestPolicyCertServiceFactory(
  92     content::BrowserContext* context) {
  93   return policy::PolicyCertService::CreateForTesting(
  94       kUsers[0], g_policy_cert_verifier_for_factory, UserManager::Get())
  95       .release();
  96 }
  97
  98 }  // namespace
  99
 100 class MultiProfileUserControllerTest
 101     : public testing::Test,
 102       public MultiProfileUserControllerDelegate {
 103  public:
 104   MultiProfileUserControllerTest()
 105       : fake_user_manager_(new FakeUserManager),
 106         user_manager_enabler_(fake_user_manager_),
 107         user_not_allowed_count_(0) {}
 108   virtual ~MultiProfileUserControllerTest() {}
 109
 110   virtual void SetUp() OVERRIDE {
 111     profile_manager_.reset(
 112         new TestingProfileManager(TestingBrowserProcess::GetGlobal()));
 113     ASSERT_TRUE(profile_manager_->SetUp());
 114     controller_.reset(new MultiProfileUserController(
 115         this, TestingBrowserProcess::GetGlobal()->local_state()));
 116
 117     for (size_t i = 0; i < arraysize(kUsers); ++i) {
 118       const std::string user_email(kUsers[i]);
 119       const User* user = fake_user_manager_->AddUser(user_email);
 120
 121       // Note that user profiles are created after user login in reality.
 122       TestingProfile* user_profile =
 123           profile_manager_->CreateTestingProfile(user_email);
 124       user_profile->set_profile_name(user_email);
 125       user_profiles_.push_back(user_profile);
 126
 127       fake_user_manager_->SetProfileForUser(user, user_profile);
 128     }
 129   }
 130
 131   virtual void TearDown() OVERRIDE {
 132     // Clear our cached pointer to the PolicyCertVerifier.
 133     g_policy_cert_verifier_for_factory = NULL;
 134
 135     // We must ensure that the PolicyCertVerifier outlives the
 136     // PolicyCertService so shutdown the profile here. Additionally, we need
 137     // to run the message loop between freeing the PolicyCertService and
 138     // freeing the PolicyCertVerifier (see
 139     // PolicyCertService::OnTrustAnchorsChanged() which is called from
 140     // PolicyCertService::Shutdown()).
 141     controller_.reset();
 142     profile_manager_.reset();
 143     base::RunLoop().RunUntilIdle();
 144   }
 145
 146   void LoginUser(size_t user_index) {
 147     ASSERT_LT(user_index, arraysize(kUsers));
 148     fake_user_manager_->LoginUser(kUsers[user_index]);
 149     controller_->StartObserving(user_profiles_[user_index]);
 150   }
 151
 152   void SetOwner(size_t user_index) {
 153     fake_user_manager_->set_owner_email(kUsers[user_index]);
 154   }
 155
 156   PrefService* GetUserPrefs(size_t user_index) {
 157     return user_profiles_[user_index]->GetPrefs();
 158   }
 159
 160   void SetPrefBehavior(size_t user_index, const std::string& behavior) {
 161     GetUserPrefs(user_index)->SetString(prefs::kMultiProfileUserBehavior,
 162                                         behavior);
 163   }
 164
 165   std::string GetCachedBehavior(size_t user_index) {
 166     return controller_->GetCachedValue(kUsers[user_index]);
 167   }
 168
 169   void SetCachedBehavior(size_t user_index,
 170                          const std::string& behavior) {
 171     controller_->SetCachedValue(kUsers[user_index], behavior);
 172   }
 173
 174   void ResetCounts() {
 175     user_not_allowed_count_ = 0;
 176   }
 177
 178   // MultiProfileUserControllerDeleagte overrides:
 179   virtual void OnUserNotAllowed(const std::string& user_email) OVERRIDE {
 180     ++user_not_allowed_count_;
 181   }
 182
 183   MultiProfileUserController* controller() { return controller_.get(); }
 184   int user_not_allowed_count() const { return user_not_allowed_count_; }
 185
 186   TestingProfile* profile(int index) {
 187     return user_profiles_[index];
 188   }
 189
 190   content::TestBrowserThreadBundle threads_;
 191   scoped_ptr<policy::PolicyCertVerifier> cert_verifier_;
 192   scoped_ptr<TestingProfileManager> profile_manager_;
 193   FakeUserManager* fake_user_manager_;  // Not owned
 194   ScopedUserManagerEnabler user_manager_enabler_;
 195
 196   scoped_ptr<MultiProfileUserController> controller_;
 197
 198   std::vector<TestingProfile*> user_profiles_;
 199
 200   int user_not_allowed_count_;
 201
 202   DISALLOW_COPY_AND_ASSIGN(MultiProfileUserControllerTest);
 203 };
 204
 205 // Tests that everyone is allowed before a session starts.
 206 TEST_F(MultiProfileUserControllerTest, AllAllowedBeforeLogin) {
 207   const char* kTestCases[] = {
 208     MultiProfileUserController::kBehaviorUnrestricted,
 209     MultiProfileUserController::kBehaviorPrimaryOnly,
 210     MultiProfileUserController::kBehaviorNotAllowed,
 211   };
 212   for (size_t i = 0; i < arraysize(kTestCases); ++i) {
 213     SetCachedBehavior(0, kTestCases[i]);
 214     EXPECT_EQ(MultiProfileUserController::ALLOWED,
 215               controller()->IsUserAllowedInSession(kUsers[0]))
 216         << "Case " << i;
 217   }
 218 }
 219
 220 // Tests that invalid cache value would become the default "unrestricted".
 221 TEST_F(MultiProfileUserControllerTest, InvalidCacheBecomesDefault) {
 222   const char kBad[] = "some invalid value";
 223   SetCachedBehavior(0, kBad);
 224   EXPECT_EQ(MultiProfileUserController::kBehaviorUnrestricted,
 225             GetCachedBehavior(0));
 226 }
 227
 228 // Tests that cached behavior value changes with user pref after login.
 229 TEST_F(MultiProfileUserControllerTest, CachedBehaviorUpdate) {
 230   LoginUser(0);
 231
 232   const char* kTestCases[] = {
 233     MultiProfileUserController::kBehaviorUnrestricted,
 234     MultiProfileUserController::kBehaviorPrimaryOnly,
 235     MultiProfileUserController::kBehaviorNotAllowed,
 236     MultiProfileUserController::kBehaviorUnrestricted,
 237   };
 238   for (size_t i = 0; i < arraysize(kTestCases); ++i) {
 239     SetPrefBehavior(0, kTestCases[i]);
 240     EXPECT_EQ(kTestCases[i], GetCachedBehavior(0));
 241   }
 242 }
 243
 244 // Tests that compromised cache value would be fixed and pref value is checked
 245 // upon login.
 246 TEST_F(MultiProfileUserControllerTest, CompromisedCacheFixedOnLogin) {
 247   SetPrefBehavior(0, MultiProfileUserController::kBehaviorPrimaryOnly);
 248   SetCachedBehavior(0, MultiProfileUserController::kBehaviorUnrestricted);
 249   EXPECT_EQ(MultiProfileUserController::kBehaviorUnrestricted,
 250             GetCachedBehavior(0));
 251   LoginUser(0);
 252   EXPECT_EQ(MultiProfileUserController::kBehaviorPrimaryOnly,
 253             GetCachedBehavior(0));
 254
 255   EXPECT_EQ(0, user_not_allowed_count());
 256   SetPrefBehavior(1, MultiProfileUserController::kBehaviorPrimaryOnly);
 257   SetCachedBehavior(1, MultiProfileUserController::kBehaviorUnrestricted);
 258   EXPECT_EQ(MultiProfileUserController::kBehaviorUnrestricted,
 259             GetCachedBehavior(1));
 260   LoginUser(1);
 261   EXPECT_EQ(MultiProfileUserController::kBehaviorPrimaryOnly,
 262             GetCachedBehavior(1));
 263   EXPECT_EQ(1, user_not_allowed_count());
 264 }
 265
 266 // Tests cases before the second user login.
 267 TEST_F(MultiProfileUserControllerTest, IsSecondaryAllowed) {
 268   LoginUser(0);
 269
 270   for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) {
 271     SetPrefBehavior(0, kBehaviorTestCases[i].primary);
 272     SetCachedBehavior(1, kBehaviorTestCases[i].secondary);
 273     EXPECT_EQ(kBehaviorTestCases[i].expected_allowed,
 274               controller()->IsUserAllowedInSession(kUsers[1])) << "Case " << i;
 275   }
 276 }
 277
 278 // Tests user behavior changes within a two-user session.
 279 TEST_F(MultiProfileUserControllerTest, PrimaryBehaviorChange) {
 280   LoginUser(0);
 281   LoginUser(1);
 282
 283   for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) {
 284     SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted);
 285     SetPrefBehavior(1, MultiProfileUserController::kBehaviorUnrestricted);
 286     ResetCounts();
 287
 288     SetPrefBehavior(0, kBehaviorTestCases[i].primary);
 289     SetPrefBehavior(1, kBehaviorTestCases[i].secondary);
 290     if (user_not_allowed_count() == 0) {
 291       EXPECT_EQ(kBehaviorTestCases[i].expected_allowed,
 292                 MultiProfileUserController::ALLOWED) << "Case " << i;
 293     } else {
 294       EXPECT_NE(kBehaviorTestCases[i].expected_allowed,
 295                 MultiProfileUserController::ALLOWED) << "Case " << i;
 296     }
 297   }
 298 }
 299
 300 // Tests that owner could not be a secondary user.
 301 TEST_F(MultiProfileUserControllerTest, NoSecondaryOwner) {
 302   LoginUser(0);
 303   SetOwner(1);
 304
 305   EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_OWNER_AS_SECONDARY,
 306             controller()->IsUserAllowedInSession(kUsers[1]));
 307
 308   EXPECT_EQ(0, user_not_allowed_count());
 309   LoginUser(1);
 310   EXPECT_EQ(1, user_not_allowed_count());
 311 }
 312
 313 TEST_F(MultiProfileUserControllerTest,
 314        UsedPolicyCertificatesAllowedForPrimary) {
 315   // Verifies that any user can sign-in as the primary user, regardless of the
 316   // tainted state.
 317   policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]);
 318   EXPECT_EQ(MultiProfileUserController::ALLOWED,
 319             controller()->IsUserAllowedInSession(kUsers[0]));
 320   EXPECT_EQ(MultiProfileUserController::ALLOWED,
 321             controller()->IsUserAllowedInSession(kUsers[1]));
 322 }
 323
 324 TEST_F(MultiProfileUserControllerTest,
 325        UsedPolicyCertificatesDisallowedForSecondary) {
 326   // Verifies that if a regular user is signed-in then other regular users can
 327   // be added but tainted users can't.
 328   LoginUser(1);
 329
 330   // TODO(xiyuan): Remove the following SetPrefBehavor when default is
 331   // changed back to enabled.
 332   SetPrefBehavior(1, MultiProfileUserController::kBehaviorUnrestricted);
 333
 334   EXPECT_EQ(MultiProfileUserController::ALLOWED,
 335             controller()->IsUserAllowedInSession(kUsers[0]));
 336   policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]);
 337   EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_POLICY_CERT_TAINTED,
 338             controller()->IsUserAllowedInSession(kUsers[0]));
 339 }
 340
 341 TEST_F(MultiProfileUserControllerTest,
 342        UsedPolicyCertificatesDisallowsSecondaries) {
 343   // Verifies that if a tainted user is signed-in then no other users can
 344   // be added.
 345   policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]);
 346   LoginUser(0);
 347
 348   cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure()));
 349   g_policy_cert_verifier_for_factory = cert_verifier_.get();
 350   ASSERT_TRUE(
 351       policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse(
 352           profile(0), TestPolicyCertServiceFactory));
 353
 354   EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED,
 355             controller()->IsUserAllowedInSession(kUsers[1]));
 356   policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[1]);
 357   EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_POLICY_CERT_TAINTED,
 358             controller()->IsUserAllowedInSession(kUsers[1]));
 359
 360   // Flush tasks posted to IO.
 361   base::RunLoop().RunUntilIdle();
 362 }
 363
 364 TEST_F(MultiProfileUserControllerTest,
 365        PolicyCertificatesInMemoryDisallowsSecondaries) {
 366   // Verifies that if a user is signed-in and has policy certificates installed
 367   // then no other users can be added.
 368   LoginUser(0);
 369
 370   // TODO(xiyuan): Remove the following SetPrefBehavor when default is
 371   // changed back to enabled.
 372   SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted);
 373
 374   cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure()));
 375   g_policy_cert_verifier_for_factory = cert_verifier_.get();
 376   ASSERT_TRUE(
 377       policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse(
 378           profile(0), TestPolicyCertServiceFactory));
 379   policy::PolicyCertService* service =
 380       policy::PolicyCertServiceFactory::GetForProfile(profile(0));
 381   ASSERT_TRUE(service);
 382
 383   EXPECT_FALSE(service->has_policy_certificates());
 384   EXPECT_EQ(MultiProfileUserController::ALLOWED,
 385             controller()->IsUserAllowedInSession(kUsers[1]));
 386
 387   net::CertificateList certificates;
 388   certificates.push_back(new net::X509Certificate(
 389       "subject", "issuer", base::Time(), base::Time()));
 390   service->OnTrustAnchorsChanged(certificates);
 391   EXPECT_TRUE(service->has_policy_certificates());
 392   EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED,
 393             controller()->IsUserAllowedInSession(kUsers[1]));
 394
 395   // Flush tasks posted to IO.
 396   base::RunLoop().RunUntilIdle();
 397 }
 398
 399 }  // namespace chromeos