src/chrome/browser/extensions/active_tab_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include <string>
   6
   7 #include "base/compiler_specific.h"
   8 #include "base/memory/scoped_ptr.h"
   9 #include "base/message_loop/message_loop.h"
  10 #include "base/values.h"
  11 #include "chrome/browser/chrome_notification_types.h"
  12 #include "chrome/browser/extensions/active_tab_permission_granter.h"
  13 #include "chrome/browser/extensions/tab_helper.h"
  14 #include "chrome/browser/profiles/profile.h"
  15 #include "chrome/browser/sessions/session_id.h"
  16 #include "chrome/common/extensions/features/feature_channel.h"
  17 #include "chrome/test/base/chrome_render_view_host_test_harness.h"
  18 #include "content/public/browser/browser_thread.h"
  19 #include "content/public/browser/navigation_details.h"
  20 #include "content/public/browser/navigation_entry.h"
  21 #include "content/public/browser/notification_service.h"
  22 #include "content/public/browser/notification_types.h"
  23 #include "content/public/browser/web_contents.h"
  24 #include "content/public/common/frame_navigate_params.h"
  25 #include "content/public/common/page_transition_types.h"
  26 #include "content/public/test/test_browser_thread.h"
  27 #include "extensions/browser/extension_registry.h"
  28 #include "extensions/common/extension.h"
  29 #include "extensions/common/extension_builder.h"
  30 #include "extensions/common/features/feature.h"
  31 #include "extensions/common/permissions/permissions_data.h"
  32 #include "extensions/common/value_builder.h"
  33
  34 using base::DictionaryValue;
  35 using base::ListValue;
  36 using content::BrowserThread;
  37 using content::NavigationController;
  38
  39 namespace extensions {
  40 namespace {
  41
  42 scoped_refptr<const Extension> CreateTestExtension(
  43     const std::string& id,
  44     bool has_active_tab_permission,
  45     bool has_tab_capture_permission) {
  46   ListBuilder permissions;
  47   if (has_active_tab_permission)
  48     permissions.Append("activeTab");
  49   if (has_tab_capture_permission)
  50     permissions.Append("tabCapture");
  51   return ExtensionBuilder()
  52       .SetManifest(DictionaryBuilder()
  53           .Set("name", "Extension with ID " + id)
  54           .Set("version", "1.0")
  55           .Set("manifest_version", 2)
  56           .Set("permissions", permissions))
  57       .SetID(id)
  58       .Build();
  59 }
  60
  61 enum PermittedFeature {
  62   PERMITTED_NONE,
  63   PERMITTED_SCRIPT_ONLY,
  64   PERMITTED_CAPTURE_ONLY,
  65   PERMITTED_BOTH
  66 };
  67
  68 class ActiveTabTest : public ChromeRenderViewHostTestHarness {
  69  protected:
  70   ActiveTabTest()
  71       : current_channel(chrome::VersionInfo::CHANNEL_DEV),
  72         extension(CreateTestExtension("deadbeef", true, false)),
  73         another_extension(CreateTestExtension("feedbeef", true, false)),
  74         extension_without_active_tab(CreateTestExtension("badbeef",
  75                                                          false,
  76                                                          false)),
  77         extension_with_tab_capture(CreateTestExtension("cafebeef",
  78                                                        true,
  79                                                        true)) {}
  80
  81   virtual void SetUp() OVERRIDE {
  82     ChromeRenderViewHostTestHarness::SetUp();
  83     TabHelper::CreateForWebContents(web_contents());
  84   }
  85
  86   int tab_id() {
  87     return SessionID::IdForTab(web_contents());
  88   }
  89
  90   ActiveTabPermissionGranter* active_tab_permission_granter() {
  91     return extensions::TabHelper::FromWebContents(web_contents())->
  92         active_tab_permission_granter();
  93   }
  94
  95   bool IsAllowed(const scoped_refptr<const Extension>& extension,
  96                  const GURL& url) {
  97     return IsAllowed(extension, url, PERMITTED_BOTH, tab_id());
  98   }
  99
 100   bool IsAllowed(const scoped_refptr<const Extension>& extension,
 101                  const GURL& url,
 102                  PermittedFeature feature) {
 103     return IsAllowed(extension, url, feature, tab_id());
 104   }
 105
 106   bool IsAllowed(const scoped_refptr<const Extension>& extension,
 107                  const GURL& url,
 108                  PermittedFeature feature,
 109                  int tab_id) {
 110     bool script = PermissionsData::CanExecuteScriptOnPage(
 111                extension.get(), url, url, tab_id, NULL, -1, NULL);
 112     bool capture = HasTabsPermission(extension, tab_id) &&
 113         PermissionsData::CanCaptureVisiblePage(extension.get(), tab_id, NULL);
 114     switch (feature) {
 115       case PERMITTED_SCRIPT_ONLY:
 116         return script && !capture;
 117       case PERMITTED_CAPTURE_ONLY:
 118         return capture && !script;
 119       case PERMITTED_BOTH:
 120         return script && capture;
 121       case PERMITTED_NONE:
 122         return !script && !capture;
 123     }
 124     NOTREACHED();
 125     return false;
 126   }
 127
 128   bool IsBlocked(const scoped_refptr<const Extension>& extension,
 129                  const GURL& url) {
 130     return IsBlocked(extension, url, tab_id());
 131   }
 132
 133   bool IsBlocked(const scoped_refptr<const Extension>& extension,
 134                  const GURL& url,
 135                  int tab_id) {
 136     return IsAllowed(extension, url, PERMITTED_NONE, tab_id);
 137   }
 138
 139   bool HasTabsPermission(const scoped_refptr<const Extension>& extension) {
 140     return HasTabsPermission(extension, tab_id());
 141   }
 142
 143   bool HasTabsPermission(const scoped_refptr<const Extension>& extension,
 144                          int tab_id) {
 145     return PermissionsData::HasAPIPermissionForTab(
 146         extension.get(), tab_id, APIPermission::kTab);
 147   }
 148
 149   bool IsGrantedForTab(const Extension* extension,
 150                        const content::WebContents* web_contents) {
 151     return PermissionsData::HasAPIPermissionForTab(
 152         extension,
 153         SessionID::IdForTab(web_contents),
 154         APIPermission::kTab);
 155   }
 156
 157   // TODO(justinlin): Remove when tabCapture is moved to stable.
 158   ScopedCurrentChannel current_channel;
 159
 160   // An extension with the activeTab permission.
 161   scoped_refptr<const Extension> extension;
 162
 163   // Another extension with activeTab (for good measure).
 164   scoped_refptr<const Extension> another_extension;
 165
 166   // An extension without the activeTab permission.
 167   scoped_refptr<const Extension> extension_without_active_tab;
 168
 169   // An extension with both the activeTab and tabCapture permission.
 170   scoped_refptr<const Extension> extension_with_tab_capture;
 171 };
 172
 173 TEST_F(ActiveTabTest, GrantToSinglePage) {
 174   GURL google("http://www.google.com");
 175   NavigateAndCommit(google);
 176
 177   // No access unless it's been granted.
 178   EXPECT_TRUE(IsBlocked(extension, google));
 179   EXPECT_TRUE(IsBlocked(another_extension, google));
 180   EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
 181
 182   EXPECT_FALSE(HasTabsPermission(extension));
 183   EXPECT_FALSE(HasTabsPermission(another_extension));
 184   EXPECT_FALSE(HasTabsPermission(extension_without_active_tab));
 185
 186   active_tab_permission_granter()->GrantIfRequested(extension.get());
 187   active_tab_permission_granter()->GrantIfRequested(
 188       extension_without_active_tab.get());
 189
 190   // Granted to extension and extension_without_active_tab, but the latter
 191   // doesn't have the activeTab permission so not granted.
 192   EXPECT_TRUE(IsAllowed(extension, google));
 193   EXPECT_TRUE(IsBlocked(another_extension, google));
 194   EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
 195
 196   // Other subdomains shouldn't be given access.
 197   GURL mail_google("http://mail.google.com");
 198   EXPECT_TRUE(IsAllowed(extension, mail_google, PERMITTED_CAPTURE_ONLY));
 199   EXPECT_TRUE(IsBlocked(another_extension, mail_google));
 200   EXPECT_TRUE(IsBlocked(extension_without_active_tab, mail_google));
 201
 202   // Reloading the page should clear the active permissions.
 203   Reload();
 204
 205   EXPECT_TRUE(IsBlocked(extension, google));
 206   EXPECT_TRUE(IsBlocked(another_extension, google));
 207   EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
 208
 209   EXPECT_FALSE(HasTabsPermission(extension));
 210   EXPECT_FALSE(HasTabsPermission(another_extension));
 211   EXPECT_FALSE(HasTabsPermission(extension_without_active_tab));
 212
 213   // But they should still be able to be granted again.
 214   active_tab_permission_granter()->GrantIfRequested(extension.get());
 215
 216   EXPECT_TRUE(IsAllowed(extension, google));
 217   EXPECT_TRUE(IsBlocked(another_extension, google));
 218   EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
 219
 220   // And grant a few more times redundantly for good measure.
 221   active_tab_permission_granter()->GrantIfRequested(extension.get());
 222   active_tab_permission_granter()->GrantIfRequested(extension.get());
 223   active_tab_permission_granter()->GrantIfRequested(another_extension.get());
 224   active_tab_permission_granter()->GrantIfRequested(another_extension.get());
 225   active_tab_permission_granter()->GrantIfRequested(another_extension.get());
 226   active_tab_permission_granter()->GrantIfRequested(extension.get());
 227   active_tab_permission_granter()->GrantIfRequested(extension.get());
 228   active_tab_permission_granter()->GrantIfRequested(another_extension.get());
 229   active_tab_permission_granter()->GrantIfRequested(another_extension.get());
 230
 231   EXPECT_TRUE(IsAllowed(extension, google));
 232   EXPECT_TRUE(IsAllowed(another_extension, google));
 233   EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
 234
 235   // Navigating to a new URL should clear the active permissions.
 236   GURL chromium("http://www.chromium.org");
 237   NavigateAndCommit(chromium);
 238
 239   EXPECT_TRUE(IsBlocked(extension, google));
 240   EXPECT_TRUE(IsBlocked(another_extension, google));
 241   EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
 242
 243   EXPECT_TRUE(IsBlocked(extension, chromium));
 244   EXPECT_TRUE(IsBlocked(another_extension, chromium));
 245   EXPECT_TRUE(IsBlocked(extension_without_active_tab, chromium));
 246
 247   EXPECT_FALSE(HasTabsPermission(extension));
 248   EXPECT_FALSE(HasTabsPermission(another_extension));
 249   EXPECT_FALSE(HasTabsPermission(extension_without_active_tab));
 250
 251   // Should be able to grant to multiple extensions at the same time (if they
 252   // have the activeTab permission, of course).
 253   active_tab_permission_granter()->GrantIfRequested(extension.get());
 254   active_tab_permission_granter()->GrantIfRequested(another_extension.get());
 255   active_tab_permission_granter()->GrantIfRequested(
 256       extension_without_active_tab.get());
 257
 258   EXPECT_TRUE(IsAllowed(extension, google, PERMITTED_CAPTURE_ONLY));
 259   EXPECT_TRUE(IsAllowed(another_extension, google, PERMITTED_CAPTURE_ONLY));
 260   EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
 261
 262   EXPECT_TRUE(IsAllowed(extension, chromium));
 263   EXPECT_TRUE(IsAllowed(another_extension, chromium));
 264   EXPECT_TRUE(IsBlocked(extension_without_active_tab, chromium));
 265
 266   // Should be able to go back to URLs that were previously cleared.
 267   NavigateAndCommit(google);
 268
 269   active_tab_permission_granter()->GrantIfRequested(extension.get());
 270   active_tab_permission_granter()->GrantIfRequested(another_extension.get());
 271   active_tab_permission_granter()->GrantIfRequested(
 272       extension_without_active_tab.get());
 273
 274   EXPECT_TRUE(IsAllowed(extension, google));
 275   EXPECT_TRUE(IsAllowed(another_extension, google));
 276   EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
 277
 278   EXPECT_TRUE(IsAllowed(extension, chromium, PERMITTED_CAPTURE_ONLY));
 279   EXPECT_TRUE(IsAllowed(another_extension, chromium, PERMITTED_CAPTURE_ONLY));
 280   EXPECT_TRUE(IsBlocked(extension_without_active_tab, chromium));
 281 };
 282
 283 TEST_F(ActiveTabTest, Uninstalling) {
 284   // Some semi-arbitrary setup.
 285   GURL google("http://www.google.com");
 286   NavigateAndCommit(google);
 287
 288   active_tab_permission_granter()->GrantIfRequested(extension.get());
 289
 290   EXPECT_TRUE(IsGrantedForTab(extension.get(), web_contents()));
 291   EXPECT_TRUE(IsAllowed(extension, google));
 292
 293   // Uninstalling the extension should clear its tab permissions.
 294   ExtensionRegistry* registry =
 295       ExtensionRegistry::Get(web_contents()->GetBrowserContext());
 296   registry->TriggerOnUnloaded(extension.get(),
 297                               UnloadedExtensionInfo::REASON_DISABLE);
 298
 299   // Note: can't EXPECT_FALSE(IsAllowed) here because uninstalled extensions
 300   // are just that... considered to be uninstalled, and the manager might
 301   // just ignore them from here on.
 302
 303   // Granting the extension again should give them back.
 304   active_tab_permission_granter()->GrantIfRequested(extension.get());
 305
 306   EXPECT_TRUE(IsGrantedForTab(extension.get(), web_contents()));
 307   EXPECT_TRUE(IsAllowed(extension, google));
 308 }
 309
 310 TEST_F(ActiveTabTest, OnlyActiveTab) {
 311   GURL google("http://www.google.com");
 312   NavigateAndCommit(google);
 313
 314   active_tab_permission_granter()->GrantIfRequested(extension.get());
 315
 316   EXPECT_TRUE(IsAllowed(extension, google, PERMITTED_BOTH, tab_id()));
 317   EXPECT_TRUE(IsBlocked(extension, google, tab_id() + 1));
 318   EXPECT_FALSE(HasTabsPermission(extension, tab_id() + 1));
 319 }
 320
 321 TEST_F(ActiveTabTest, NavigateInPage) {
 322   GURL google("http://www.google.com");
 323   NavigateAndCommit(google);
 324
 325   active_tab_permission_granter()->GrantIfRequested(extension.get());
 326
 327   // Perform an in-page navigation. The extension should not lose the temporary
 328   // permission.
 329   GURL google_h1("http://www.google.com#h1");
 330   NavigateAndCommit(google_h1);
 331
 332   EXPECT_TRUE(IsAllowed(extension, google));
 333   EXPECT_TRUE(IsAllowed(extension, google_h1));
 334
 335   GURL chromium("http://www.chromium.org");
 336   NavigateAndCommit(chromium);
 337
 338   EXPECT_FALSE(IsAllowed(extension, google));
 339   EXPECT_FALSE(IsAllowed(extension, google_h1));
 340   EXPECT_FALSE(IsAllowed(extension, chromium));
 341
 342   active_tab_permission_granter()->GrantIfRequested(extension.get());
 343
 344   EXPECT_FALSE(IsAllowed(extension, google));
 345   EXPECT_FALSE(IsAllowed(extension, google_h1));
 346   EXPECT_TRUE(IsAllowed(extension, chromium));
 347
 348   GURL chromium_h1("http://www.chromium.org#h1");
 349   NavigateAndCommit(chromium_h1);
 350
 351   EXPECT_FALSE(IsAllowed(extension, google));
 352   EXPECT_FALSE(IsAllowed(extension, google_h1));
 353   EXPECT_TRUE(IsAllowed(extension, chromium));
 354   EXPECT_TRUE(IsAllowed(extension, chromium_h1));
 355
 356   Reload();
 357
 358   EXPECT_FALSE(IsAllowed(extension, google));
 359   EXPECT_FALSE(IsAllowed(extension, google_h1));
 360   EXPECT_FALSE(IsAllowed(extension, chromium));
 361   EXPECT_FALSE(IsAllowed(extension, chromium_h1));
 362 }
 363
 364 TEST_F(ActiveTabTest, ChromeUrlGrants) {
 365   GURL internal("chrome://version");
 366   NavigateAndCommit(internal);
 367   active_tab_permission_granter()->GrantIfRequested(
 368       extension_with_tab_capture.get());
 369   // Do not grant tabs/hosts permissions for tab.
 370   EXPECT_TRUE(IsAllowed(extension_with_tab_capture, internal,
 371                         PERMITTED_CAPTURE_ONLY));
 372   EXPECT_TRUE(PermissionsData::HasAPIPermissionForTab(
 373       extension_with_tab_capture.get(),
 374       tab_id(),
 375       APIPermission::kTabCaptureForTab));
 376
 377   EXPECT_TRUE(IsBlocked(extension_with_tab_capture, internal, tab_id() + 1));
 378   EXPECT_FALSE(PermissionsData::HasAPIPermissionForTab(
 379       extension_with_tab_capture.get(),
 380       tab_id() + 1,
 381       APIPermission::kTabCaptureForTab));
 382 }
 383
 384 }  // namespace
 385 }  // namespace extensions