1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include "base/compiler_specific.h"
8 #include "base/run_loop.h"
9 #include "base/strings/utf_string_conversions.h"
10 #include "base/threading/sequenced_worker_pool.h"
11 #include "chrome/browser/chrome_notification_types.h"
12 #include "chrome/browser/chromeos/login/login_display_host_impl.h"
13 #include "chrome/browser/chromeos/login/login_manager_test.h"
14 #include "chrome/browser/chromeos/login/managed/managed_user_test_base.h"
15 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h"
16 #include "chrome/browser/chromeos/login/startup_utils.h"
17 #include "chrome/browser/chromeos/login/supervised_user_manager.h"
18 #include "chrome/browser/chromeos/login/webui_login_view.h"
19 #include "chrome/browser/chromeos/net/network_portal_detector_test_impl.h"
20 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h"
21 #include "chrome/browser/managed_mode/managed_user_constants.h"
22 #include "chrome/browser/managed_mode/managed_user_registration_utility.h"
23 #include "chrome/browser/managed_mode/managed_user_registration_utility_stub.h"
24 #include "chrome/browser/managed_mode/managed_user_shared_settings_service.h"
25 #include "chrome/browser/managed_mode/managed_user_shared_settings_service_factory.h"
26 #include "chrome/browser/managed_mode/managed_user_sync_service.h"
27 #include "chrome/browser/managed_mode/managed_user_sync_service_factory.h"
28 #include "chromeos/cryptohome/mock_async_method_caller.h"
29 #include "chromeos/cryptohome/mock_homedir_methods.h"
30 #include "content/public/browser/notification_service.h"
31 #include "content/public/test/browser_test_utils.h"
32 #include "content/public/test/test_utils.h"
33 #include "sync/api/attachments/attachment_service_proxy_for_test.h"
34 #include "sync/api/fake_sync_change_processor.h"
35 #include "sync/api/sync_change.h"
36 #include "sync/api/sync_error_factory_mock.h"
37 #include "sync/protocol/sync.pb.h"
40 using chromeos::ManagedUserTestBase
;
41 using chromeos::kTestSupervisedUserDisplayName
;
42 using chromeos::kTestManager
;
46 class SupervisedUserPasswordTest
: public ManagedUserTestBase
{
48 SupervisedUserPasswordTest() : ManagedUserTestBase() {}
51 DISALLOW_COPY_AND_ASSIGN(SupervisedUserPasswordTest
);
54 class SupervisedUserPasswordManagerTest
: public ManagedUserTestBase
{
56 SupervisedUserPasswordManagerTest() : ManagedUserTestBase() {}
59 DISALLOW_COPY_AND_ASSIGN(SupervisedUserPasswordManagerTest
);
62 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest
,
63 PRE_PRE_PRE_PasswordChangeFromUserTest
) {
67 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest
,
68 PRE_PRE_PasswordChangeFromUserTest
) {
69 StartFlowLoginAsManager();
70 FillNewUserData(kTestSupervisedUserDisplayName
);
71 StartUserCreation("managed-user-creation-next-button",
72 kTestSupervisedUserDisplayName
);
75 // Supervised user signs in, get sync notification about password update, and
76 // schedules password migration.
77 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest
,
78 PRE_PasswordChangeFromUserTest
) {
79 SigninAsSupervisedUser(true, 0, kTestSupervisedUserDisplayName
);
81 const User
* user
= UserManager::Get()->GetUsers().at(0);
83 UserManager::Get()->GetSupervisedUserManager()->GetUserSyncId(
85 base::DictionaryValue password
;
86 password
.SetIntegerWithoutPathExpansion(
87 kSchemaVersion
, SupervisedUserAuthentication::SCHEMA_SALT_HASHED
);
88 password
.SetIntegerWithoutPathExpansion(kPasswordRevision
, 2);
90 password
.SetStringWithoutPathExpansion(kPasswordSignature
, "signature");
91 password
.SetStringWithoutPathExpansion(kEncryptedPassword
,
92 "new-encrypted-password");
94 shared_settings_adapter_
->AddChange(
95 sync_id
, managed_users::kChromeOSPasswordData
, password
, true, false);
96 content::RunAllPendingInMessageLoop();
99 // Supervised user signs in for second time, and actual password migration takes
101 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest
, PasswordChangeFromUserTest
) {
102 EXPECT_CALL(*mock_homedir_methods_
, MountEx(_
, _
, _
, _
)).Times(1);
103 EXPECT_CALL(*mock_homedir_methods_
, UpdateKeyEx(_
, _
, _
, _
, _
)).Times(1);
104 SigninAsSupervisedUser(false, 0, kTestSupervisedUserDisplayName
);
105 testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_
);
108 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest
,
109 PRE_PRE_PRE_PasswordChangeFromManagerTest
) {
113 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest
,
114 PRE_PRE_PasswordChangeFromManagerTest
) {
115 StartFlowLoginAsManager();
116 FillNewUserData(kTestSupervisedUserDisplayName
);
117 StartUserCreation("managed-user-creation-next-button",
118 kTestSupervisedUserDisplayName
);
121 // Manager signs in, gets sync notification about supervised user password
122 // update, and performs migration.
123 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest
,
124 PRE_PasswordChangeFromManagerTest
) {
125 const User
* managed_user
= UserManager::Get()->GetUsers().at(0);
129 EXPECT_CALL(*mock_homedir_methods_
, AddKeyEx(_
, _
, _
, _
, _
)).Times(1);
131 std::string sync_id
=
132 UserManager::Get()->GetSupervisedUserManager()->GetUserSyncId(
133 managed_user
->email());
135 ::sync_pb::ManagedUserSpecifics managed_user_proto
;
137 managed_user_proto
.set_id(sync_id
);
138 managed_user_proto
.set_name(kTestSupervisedUserDisplayName
);
139 managed_user_proto
.set_acknowledged(true);
140 managed_user_proto
.set_master_key("master key");
141 managed_user_proto
.set_password_signature_key("signature_key");
142 managed_user_proto
.set_password_encryption_key("encryption_key");
144 managed_users_adapter_
->AddChange(managed_user_proto
, false);
145 content::RunAllPendingInMessageLoop();
147 base::DictionaryValue password
;
148 password
.SetIntegerWithoutPathExpansion(
149 kSchemaVersion
, SupervisedUserAuthentication::SCHEMA_SALT_HASHED
);
150 password
.SetIntegerWithoutPathExpansion(kPasswordRevision
, 2);
152 password
.SetStringWithoutPathExpansion(kPasswordSignature
, "signature");
153 password
.SetStringWithoutPathExpansion(kEncryptedPassword
,
154 "new-encrypted-password");
155 shared_settings_adapter_
->AddChange(
156 sync_id
, managed_users::kChromeOSPasswordData
, password
, true, false);
157 content::RunAllPendingInMessageLoop();
159 testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_
);
162 // After that supervised user signs in, and no password change happens.
163 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest
,
164 PasswordChangeFromManagerTest
) {
165 EXPECT_CALL(*mock_homedir_methods_
, MountEx(_
, _
, _
, _
)).Times(1);
166 EXPECT_CALL(*mock_homedir_methods_
, UpdateKeyEx(_
, _
, _
, _
, _
)).Times(0);
167 SigninAsSupervisedUser(false, 1, kTestSupervisedUserDisplayName
);
168 testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_
);
171 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest
,
172 PRE_PRE_PRE_PRE_PasswordChangeUserAndManagerTest
) {
176 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest
,
177 PRE_PRE_PRE_PasswordChangeUserAndManagerTest
) {
178 StartFlowLoginAsManager();
179 FillNewUserData(kTestSupervisedUserDisplayName
);
180 StartUserCreation("managed-user-creation-next-button",
181 kTestSupervisedUserDisplayName
);
184 // Supervised user signs in, get sync notification about password update, and
185 // schedules password migration.
186 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest
,
187 PRE_PRE_PasswordChangeUserAndManagerTest
) {
188 SigninAsSupervisedUser(true, 0, kTestSupervisedUserDisplayName
);
190 const User
* user
= UserManager::Get()->GetUsers().at(0);
191 std::string sync_id
=
192 UserManager::Get()->GetSupervisedUserManager()->GetUserSyncId(
194 base::DictionaryValue password
;
195 password
.SetIntegerWithoutPathExpansion(
196 kSchemaVersion
, SupervisedUserAuthentication::SCHEMA_SALT_HASHED
);
197 password
.SetIntegerWithoutPathExpansion(kPasswordRevision
, 2);
199 password
.SetStringWithoutPathExpansion(kPasswordSignature
, "signature");
200 password
.SetStringWithoutPathExpansion(kEncryptedPassword
,
201 "new-encrypted-password");
203 shared_settings_adapter_
->AddChange(
204 sync_id
, managed_users::kChromeOSPasswordData
, password
, true, false);
205 content::RunAllPendingInMessageLoop();
208 // After that manager signs in, and also detects password change. Manager
209 // performs the migration.
210 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest
,
211 PRE_PasswordChangeUserAndManagerTest
) {
212 const User
* managed_user
= UserManager::Get()->GetUsers().at(0);
216 EXPECT_CALL(*mock_homedir_methods_
, AddKeyEx(_
, _
, _
, _
, _
)).Times(1);
218 std::string sync_id
=
219 UserManager::Get()->GetSupervisedUserManager()->GetUserSyncId(
220 managed_user
->email());
222 ::sync_pb::ManagedUserSpecifics managed_user_proto
;
224 managed_user_proto
.set_id(sync_id
);
225 managed_user_proto
.set_name(kTestSupervisedUserDisplayName
);
226 managed_user_proto
.set_acknowledged(true);
227 managed_user_proto
.set_master_key("master key");
228 managed_user_proto
.set_password_signature_key("signature_key");
229 managed_user_proto
.set_password_encryption_key("encryption_key");
231 managed_users_adapter_
->AddChange(managed_user_proto
, false);
232 content::RunAllPendingInMessageLoop();
234 base::DictionaryValue password
;
235 password
.SetIntegerWithoutPathExpansion(
236 kSchemaVersion
, SupervisedUserAuthentication::SCHEMA_SALT_HASHED
);
237 password
.SetIntegerWithoutPathExpansion(kPasswordRevision
, 2);
239 password
.SetStringWithoutPathExpansion(kPasswordSignature
, "signature");
240 password
.SetStringWithoutPathExpansion(kEncryptedPassword
,
241 "new-encrypted-password");
242 shared_settings_adapter_
->AddChange(
243 sync_id
, managed_users::kChromeOSPasswordData
, password
, true, false);
244 content::RunAllPendingInMessageLoop();
246 testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_
);
249 // When supervised user signs in, password is already migrated, so no migration
250 // should be attempted.
251 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest
,
252 PasswordChangeUserAndManagerTest
) {
253 EXPECT_CALL(*mock_homedir_methods_
, MountEx(_
, _
, _
, _
)).Times(1);
254 EXPECT_CALL(*mock_homedir_methods_
, UpdateKeyEx(_
, _
, _
, _
, _
)).Times(0);
255 SigninAsSupervisedUser(false, 1, kTestSupervisedUserDisplayName
);
256 testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_
);
259 } // namespace chromeos