src/chrome/browser/password_manager/chrome_password_manager_client_unittest.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "base/command_line.h"
   6
   7 #include "chrome/browser/password_manager/chrome_password_manager_client.h"
   8
   9 #include "chrome/common/chrome_version_info.h"
  10 #include "chrome/test/base/chrome_render_view_host_test_harness.h"
  11 #include "chrome/test/base/testing_profile.h"
  12 #include "components/autofill/content/common/autofill_messages.h"
  13 #include "components/password_manager/content/browser/password_manager_internals_service_factory.h"
  14 #include "components/password_manager/core/browser/log_receiver.h"
  15 #include "components/password_manager/core/browser/password_manager_internals_service.h"
  16 #include "components/password_manager/core/common/password_manager_switches.h"
  17 #include "content/public/browser/browser_context.h"
  18 #include "content/public/browser/web_contents.h"
  19 #include "content/public/test/mock_render_process_host.h"
  20 #include "testing/gmock/include/gmock/gmock.h"
  21 #include "testing/gtest/include/gtest/gtest.h"
  22
  23 using content::BrowserContext;
  24 using content::WebContents;
  25
  26 namespace {
  27
  28 const char kTestText[] = "abcd1234";
  29
  30 class MockLogReceiver : public password_manager::LogReceiver {
  31  public:
  32   MOCK_METHOD1(LogSavePasswordProgress, void(const std::string&));
  33 };
  34
  35 class TestChromePasswordManagerClient : public ChromePasswordManagerClient {
  36  public:
  37   explicit TestChromePasswordManagerClient(content::WebContents* web_contents)
  38       : ChromePasswordManagerClient(web_contents, NULL),
  39         is_sync_account_credential_(false) {}
  40   virtual ~TestChromePasswordManagerClient() {}
  41
  42   virtual bool IsSyncAccountCredential(
  43       const std::string& username,
  44       const std::string& origin) const OVERRIDE {
  45     return is_sync_account_credential_;
  46   }
  47
  48   void set_is_sync_account_credential(bool is_sync_account_credential) {
  49     is_sync_account_credential_ = is_sync_account_credential;
  50   }
  51
  52  private:
  53   bool is_sync_account_credential_;
  54
  55   DISALLOW_COPY_AND_ASSIGN(TestChromePasswordManagerClient);
  56 };
  57
  58 }  // namespace
  59
  60 class ChromePasswordManagerClientTest : public ChromeRenderViewHostTestHarness {
  61  public:
  62   ChromePasswordManagerClientTest();
  63
  64   virtual void SetUp() OVERRIDE;
  65
  66  protected:
  67   ChromePasswordManagerClient* GetClient();
  68
  69   // If the test IPC sink contains an AutofillMsg_SetLoggingState message, then
  70   // copies its argument into |activation_flag| and returns true. Otherwise
  71   // returns false.
  72   bool WasLoggingActivationMessageSent(bool* activation_flag);
  73
  74   password_manager::PasswordManagerInternalsService* service_;
  75
  76   testing::StrictMock<MockLogReceiver> receiver_;
  77 };
  78
  79 ChromePasswordManagerClientTest::ChromePasswordManagerClientTest()
  80     : service_(NULL) {
  81 }
  82
  83 void ChromePasswordManagerClientTest::SetUp() {
  84   ChromeRenderViewHostTestHarness::SetUp();
  85   ChromePasswordManagerClient::CreateForWebContentsWithAutofillClient(
  86       web_contents(), NULL);
  87   service_ = password_manager::PasswordManagerInternalsServiceFactory::
  88       GetForBrowserContext(profile());
  89   ASSERT_TRUE(service_);
  90 }
  91
  92 ChromePasswordManagerClient* ChromePasswordManagerClientTest::GetClient() {
  93   return ChromePasswordManagerClient::FromWebContents(web_contents());
  94 }
  95
  96 bool ChromePasswordManagerClientTest::WasLoggingActivationMessageSent(
  97     bool* activation_flag) {
  98   const uint32 kMsgID = AutofillMsg_SetLoggingState::ID;
  99   const IPC::Message* message =
 100       process()->sink().GetFirstMessageMatching(kMsgID);
 101   if (!message)
 102     return false;
 103   Tuple1<bool> param;
 104   AutofillMsg_SetLoggingState::Read(message, &param);
 105   *activation_flag = param.a;
 106   process()->sink().ClearMessages();
 107   return true;
 108 }
 109
 110 TEST_F(ChromePasswordManagerClientTest, LogSavePasswordProgressNoReceiver) {
 111   ChromePasswordManagerClient* client = GetClient();
 112
 113   EXPECT_CALL(receiver_, LogSavePasswordProgress(kTestText)).Times(0);
 114   // Before attaching the receiver, no text should be passed.
 115   client->LogSavePasswordProgress(kTestText);
 116   EXPECT_FALSE(client->IsLoggingActive());
 117 }
 118
 119 TEST_F(ChromePasswordManagerClientTest, LogSavePasswordProgressAttachReceiver) {
 120   ChromePasswordManagerClient* client = GetClient();
 121   EXPECT_FALSE(client->IsLoggingActive());
 122
 123   // After attaching the logger, text should be passed.
 124   service_->RegisterReceiver(&receiver_);
 125   EXPECT_TRUE(client->IsLoggingActive());
 126   EXPECT_CALL(receiver_, LogSavePasswordProgress(kTestText)).Times(1);
 127   client->LogSavePasswordProgress(kTestText);
 128   service_->UnregisterReceiver(&receiver_);
 129   EXPECT_FALSE(client->IsLoggingActive());
 130 }
 131
 132 TEST_F(ChromePasswordManagerClientTest, LogSavePasswordProgressDetachReceiver) {
 133   ChromePasswordManagerClient* client = GetClient();
 134
 135   service_->RegisterReceiver(&receiver_);
 136   EXPECT_TRUE(client->IsLoggingActive());
 137   service_->UnregisterReceiver(&receiver_);
 138   EXPECT_FALSE(client->IsLoggingActive());
 139
 140   // After detaching the logger, no text should be passed.
 141   EXPECT_CALL(receiver_, LogSavePasswordProgress(kTestText)).Times(0);
 142   client->LogSavePasswordProgress(kTestText);
 143 }
 144
 145 TEST_F(ChromePasswordManagerClientTest, LogSavePasswordProgressNotifyRenderer) {
 146   ChromePasswordManagerClient* client = GetClient();
 147   bool logging_active = false;
 148
 149   // Initially, the logging should be off, so no IPC messages.
 150   EXPECT_FALSE(WasLoggingActivationMessageSent(&logging_active));
 151
 152   service_->RegisterReceiver(&receiver_);
 153   EXPECT_TRUE(client->IsLoggingActive());
 154   EXPECT_TRUE(WasLoggingActivationMessageSent(&logging_active));
 155   EXPECT_TRUE(logging_active);
 156
 157   service_->UnregisterReceiver(&receiver_);
 158   EXPECT_FALSE(client->IsLoggingActive());
 159   EXPECT_TRUE(WasLoggingActivationMessageSent(&logging_active));
 160   EXPECT_FALSE(logging_active);
 161 }
 162
 163 TEST_F(ChromePasswordManagerClientTest, AnswerToPingsAboutLoggingState_Active) {
 164   service_->RegisterReceiver(&receiver_);
 165
 166   process()->sink().ClearMessages();
 167
 168   // Ping the client for logging activity update.
 169   AutofillHostMsg_PasswordAutofillAgentConstructed msg(0);
 170   static_cast<IPC::Listener*>(GetClient())->OnMessageReceived(msg);
 171
 172   bool logging_active = false;
 173   EXPECT_TRUE(WasLoggingActivationMessageSent(&logging_active));
 174   EXPECT_TRUE(logging_active);
 175
 176   service_->UnregisterReceiver(&receiver_);
 177 }
 178
 179 TEST_F(ChromePasswordManagerClientTest,
 180        AnswerToPingsAboutLoggingState_Inactive) {
 181   process()->sink().ClearMessages();
 182
 183   // Ping the client for logging activity update.
 184   AutofillHostMsg_PasswordAutofillAgentConstructed msg(0);
 185   static_cast<IPC::Listener*>(GetClient())->OnMessageReceived(msg);
 186
 187   bool logging_active = true;
 188   EXPECT_TRUE(WasLoggingActivationMessageSent(&logging_active));
 189   EXPECT_FALSE(logging_active);
 190 }
 191
 192 TEST_F(ChromePasswordManagerClientTest,
 193        IsAutomaticPasswordSavingEnabledDefaultBehaviourTest) {
 194   EXPECT_FALSE(GetClient()->IsAutomaticPasswordSavingEnabled());
 195 }
 196
 197 TEST_F(ChromePasswordManagerClientTest,
 198        IsAutomaticPasswordSavingEnabledWhenFlagIsSetTest) {
 199   CommandLine::ForCurrentProcess()->AppendSwitch(
 200       password_manager::switches::kEnableAutomaticPasswordSaving);
 201   if (chrome::VersionInfo::GetChannel() == chrome::VersionInfo::CHANNEL_UNKNOWN)
 202     EXPECT_TRUE(GetClient()->IsAutomaticPasswordSavingEnabled());
 203   else
 204     EXPECT_FALSE(GetClient()->IsAutomaticPasswordSavingEnabled());
 205 }
 206
 207 TEST_F(ChromePasswordManagerClientTest, LogToAReceiver) {
 208   ChromePasswordManagerClient* client = GetClient();
 209   service_->RegisterReceiver(&receiver_);
 210   EXPECT_TRUE(client->IsLoggingActive());
 211
 212   EXPECT_CALL(receiver_, LogSavePasswordProgress(kTestText)).Times(1);
 213   client->LogSavePasswordProgress(kTestText);
 214
 215   service_->UnregisterReceiver(&receiver_);
 216   EXPECT_FALSE(client->IsLoggingActive());
 217 }
 218
 219 TEST_F(ChromePasswordManagerClientTest, ShouldFilterAutofillResult_Reauth) {
 220   // Make client disallow only reauth requests.
 221   CommandLine* command_line = CommandLine::ForCurrentProcess();
 222   command_line->AppendSwitch(
 223       password_manager::switches::kDisallowAutofillSyncCredentialForReauth);
 224   scoped_ptr<TestChromePasswordManagerClient> client(
 225       new TestChromePasswordManagerClient(web_contents()));
 226   autofill::PasswordForm form;
 227
 228   client->set_is_sync_account_credential(false);
 229   NavigateAndCommit(
 230       GURL("https://accounts.google.com/login?rart=123&continue=blah"));
 231   EXPECT_FALSE(client->ShouldFilterAutofillResult(form));
 232
 233   client->set_is_sync_account_credential(true);
 234   NavigateAndCommit(
 235       GURL("https://accounts.google.com/login?rart=123&continue=blah"));
 236   EXPECT_TRUE(client->ShouldFilterAutofillResult(form));
 237
 238   // This counts as a reauth url, though a valid URL should have a value for
 239   // "rart"
 240   NavigateAndCommit(GURL("https://accounts.google.com/addlogin?rart"));
 241   EXPECT_TRUE(client->ShouldFilterAutofillResult(form));
 242
 243   NavigateAndCommit(GURL("https://accounts.google.com/login?param=123"));
 244   EXPECT_FALSE(client->ShouldFilterAutofillResult(form));
 245
 246   NavigateAndCommit(GURL("https://site.com/login?rart=678"));
 247   EXPECT_FALSE(client->ShouldFilterAutofillResult(form));
 248 }
 249
 250 TEST_F(ChromePasswordManagerClientTest, ShouldFilterAutofillResult) {
 251   // Normally the client should allow any credentials through, even if they
 252   // are the sync credential.
 253   scoped_ptr<TestChromePasswordManagerClient> client(
 254       new TestChromePasswordManagerClient(web_contents()));
 255   autofill::PasswordForm form;
 256   client->set_is_sync_account_credential(true);
 257   NavigateAndCommit(GURL("https://accounts.google.com/Login"));
 258   EXPECT_FALSE(client->ShouldFilterAutofillResult(form));
 259
 260   // Adding disallow switch should cause sync credential to be filtered.
 261   CommandLine* command_line = CommandLine::ForCurrentProcess();
 262   command_line->AppendSwitch(
 263       password_manager::switches::kDisallowAutofillSyncCredential);
 264   client.reset(new TestChromePasswordManagerClient(web_contents()));
 265   client->set_is_sync_account_credential(true);
 266   NavigateAndCommit(GURL("https://accounts.google.com/Login"));
 267   EXPECT_TRUE(client->ShouldFilterAutofillResult(form));
 268 }
 269
 270 TEST_F(ChromePasswordManagerClientTest,
 271        IsPasswordManagerEnabledForCurrentPage) {
 272   ChromePasswordManagerClient* client = GetClient();
 273   NavigateAndCommit(
 274       GURL("https://accounts.google.com/ServiceLogin?continue="
 275            "https://passwords.google.com/settings&rart=123"));
 276   EXPECT_FALSE(client->IsPasswordManagerEnabledForCurrentPage());
 277
 278   // Password site is inaccesible via HTTP, but because of HSTS the following
 279   // link should still continue to https://passwords.google.com.
 280   NavigateAndCommit(
 281       GURL("https://accounts.google.com/ServiceLogin?continue="
 282            "http://passwords.google.com/settings&rart=123"));
 283   EXPECT_FALSE(client->IsPasswordManagerEnabledForCurrentPage());
 284
 285   // Specifying default port still passes.
 286   NavigateAndCommit(
 287       GURL("https://accounts.google.com/ServiceLogin?continue="
 288            "https://passwords.google.com:443/settings&rart=123"));
 289   EXPECT_FALSE(client->IsPasswordManagerEnabledForCurrentPage());
 290
 291   // Encoded URL is considered the same.
 292   NavigateAndCommit(
 293       GURL("https://accounts.google.com/ServiceLogin?continue="
 294            "https://passwords.%67oogle.com/settings&rart=123"));
 295   EXPECT_FALSE(client->IsPasswordManagerEnabledForCurrentPage());
 296
 297   // Fully qualified domain name is considered a different hostname by GURL.
 298   // Ideally this would not be the case, but this quirk can be avoided by
 299   // verification on the server. This test is simply documentation of this
 300   // behavior.
 301   NavigateAndCommit(
 302       GURL("https://accounts.google.com/ServiceLogin?continue="
 303            "https://passwords.google.com./settings&rart=123"));
 304   EXPECT_TRUE(client->IsPasswordManagerEnabledForCurrentPage());
 305
 306   // Not a transactional reauth page.
 307   NavigateAndCommit(
 308       GURL("https://accounts.google.com/ServiceLogin?continue="
 309            "https://passwords.google.com/settings"));
 310   EXPECT_TRUE(client->IsPasswordManagerEnabledForCurrentPage());
 311
 312   // Should be enabled for other transactional reauth pages.
 313   NavigateAndCommit(
 314       GURL("https://accounts.google.com/ServiceLogin?continue="
 315            "https://mail.google.com&rart=234"));
 316   EXPECT_TRUE(client->IsPasswordManagerEnabledForCurrentPage());
 317
 318   // Reauth pages are only on accounts.google.com
 319   NavigateAndCommit(
 320       GURL("https://other.site.com/ServiceLogin?continue="
 321            "https://passwords.google.com&rart=234"));
 322   EXPECT_TRUE(client->IsPasswordManagerEnabledForCurrentPage());
 323 }