search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update {virtual,override,final} to follow C++11 style in chrome/browser/chromeos...
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / device_local_account_policy_service_unittest.cc
blob155e2e3732a78923a62eca261283dca34d82645f
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
6
7 #include <algorithm>
8
9 #include "base/bind.h"
10 #include "base/bind_helpers.h"
11 #include "base/callback.h"
12 #include "base/files/file_path.h"
13 #include "base/files/file_util.h"
14 #include "base/files/scoped_temp_dir.h"
15 #include "base/message_loop/message_loop.h"
16 #include "base/message_loop/message_loop_proxy.h"
17 #include "base/path_service.h"
18 #include "base/run_loop.h"
19 #include "base/strings/string_number_conversions.h"
20 #include "base/strings/stringprintf.h"
21 #include "base/test/scoped_path_override.h"
22 #include "base/test/test_simple_task_runner.h"
23 #include "chrome/browser/chromeos/policy/device_local_account.h"
24 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h"
25 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
26 #include "chrome/browser/chromeos/settings/cros_settings.h"
27 #include "chrome/browser/chromeos/settings/device_settings_service.h"
28 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
29 #include "chrome/common/chrome_paths.h"
30 #include "chromeos/chromeos_paths.h"
31 #include "chromeos/dbus/power_policy_controller.h"
32 #include "components/policy/core/common/cloud/cloud_policy_client.h"
33 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
34 #include "components/policy/core/common/cloud/cloud_policy_service.h"
35 #include "components/policy/core/common/cloud/mock_device_management_service.h"
36 #include "components/policy/core/common/cloud/policy_builder.h"
37 #include "components/policy/core/common/external_data_fetcher.h"
38 #include "components/policy/core/common/mock_configuration_policy_provider.h"
39 #include "components/policy/core/common/policy_bundle.h"
40 #include "components/policy/core/common/policy_map.h"
41 #include "components/policy/core/common/schema_registry.h"
42 #include "net/url_request/url_request_context_getter.h"
43 #include "net/url_request/url_request_test_util.h"
44 #include "policy/policy_constants.h"
45 #include "policy/proto/cloud_policy.pb.h"
46 #include "policy/proto/device_management_backend.pb.h"
47 #include "testing/gtest/include/gtest/gtest.h"
48
49 using testing::AnyNumber;
50 using testing::AtLeast;
51 using testing::Mock;
52 using testing::SaveArg;
53 using testing::_;
54
55 namespace em = enterprise_management;
56
57 namespace policy {
58
59 namespace {
60
61 const char kAccount1[] = "account1@localhost";
62 const char kAccount2[] = "account2@localhost";
63 const char kAccount3[] = "account3@localhost";
64
65 const char kExtensionID[] = "kbmnembihfiondgfjekmnmcbddelicoi";
66 const char kExtensionVersion[] = "1.0.0.0";
67 const char kExtensionCRXPath[] = "extensions/hosted_app.crx";
68 const char kUpdateURL[] = "https://clients2.google.com/service/update2/crx";
69
70 } // namespace
71
72 class MockDeviceLocalAccountPolicyServiceObserver
73 : public DeviceLocalAccountPolicyService::Observer {
74 public:
75 MOCK_METHOD1(OnPolicyUpdated, void(const std::string&));
76 MOCK_METHOD0(OnDeviceLocalAccountsChanged, void(void));
77 };
78
79 class DeviceLocalAccountPolicyServiceTestBase
80 : public chromeos::DeviceSettingsTestBase {
81 public:
82 DeviceLocalAccountPolicyServiceTestBase();
83
84 void SetUp() override;
85 void TearDown() override;
86
87 void CreatePolicyService();
88
89 void InstallDeviceLocalAccountPolicy(const std::string& account_id);
90 void AddDeviceLocalAccountToPolicy(const std::string& account_id);
91 virtual void InstallDevicePolicy();
92
93 const std::string account_1_user_id_;
94 const std::string account_2_user_id_;
95
96 PolicyMap expected_policy_map_;
97 UserPolicyBuilder device_local_account_policy_;
98 chromeos::CrosSettings cros_settings_;
99 scoped_refptr<base::TestSimpleTaskRunner> extension_cache_task_runner_;
100 MockDeviceManagementService mock_device_management_service_;
101 scoped_ptr<DeviceLocalAccountPolicyService> service_;
102
103 private:
104 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTestBase);
105 };
106
107 class DeviceLocalAccountPolicyServiceTest
108 : public DeviceLocalAccountPolicyServiceTestBase {
109 public:
110 MOCK_METHOD1(OnRefreshDone, void(bool));
111
112 protected:
113 DeviceLocalAccountPolicyServiceTest();
114
115 virtual void SetUp() override;
116 virtual void TearDown() override;
117
118 void InstallDevicePolicy() override;
119
120 MockDeviceLocalAccountPolicyServiceObserver service_observer_;
121
122 private:
123 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTest);
124 };
125
126 DeviceLocalAccountPolicyServiceTestBase::
127 DeviceLocalAccountPolicyServiceTestBase()
128 : account_1_user_id_(GenerateDeviceLocalAccountUserId(
129 kAccount1,
130 DeviceLocalAccount::TYPE_PUBLIC_SESSION)),
131 account_2_user_id_(GenerateDeviceLocalAccountUserId(
132 kAccount2,
133 DeviceLocalAccount::TYPE_PUBLIC_SESSION)),
134 cros_settings_(&device_settings_service_),
135 extension_cache_task_runner_(new base::TestSimpleTaskRunner) {
136 }
137
138 void DeviceLocalAccountPolicyServiceTestBase::SetUp() {
139 chromeos::DeviceSettingsTestBase::SetUp();
140
141 expected_policy_map_.Set(key::kDisableSpdy,
142 POLICY_LEVEL_MANDATORY,
143 POLICY_SCOPE_USER,
144 new base::FundamentalValue(true),
145 NULL);
146
147 device_local_account_policy_.payload().mutable_disablespdy()->set_value(
148 true);
149 device_local_account_policy_.policy_data().set_policy_type(
150 dm_protocol::kChromePublicAccountPolicyType);
151 }
152
153 void DeviceLocalAccountPolicyServiceTestBase::TearDown() {
154 service_->Shutdown();
155 service_.reset();
156 extension_cache_task_runner_->RunUntilIdle();
157 chromeos::DeviceSettingsTestBase::TearDown();
158 }
159
160 void DeviceLocalAccountPolicyServiceTestBase::CreatePolicyService() {
161 service_.reset(new DeviceLocalAccountPolicyService(
162 &device_settings_test_helper_,
163 &device_settings_service_,
164 &cros_settings_,
165 base::MessageLoopProxy::current(),
166 extension_cache_task_runner_,
167 base::MessageLoopProxy::current(),
168 base::MessageLoopProxy::current(),
169 new net::TestURLRequestContextGetter(base::MessageLoopProxy::current())));
170 }
171
172 void DeviceLocalAccountPolicyServiceTestBase::
173 InstallDeviceLocalAccountPolicy(const std::string& account_id) {
174 device_local_account_policy_.policy_data().set_settings_entity_id(account_id);
175 device_local_account_policy_.policy_data().set_username(account_id);
176 device_local_account_policy_.Build();
177 device_settings_test_helper_.set_device_local_account_policy_blob(
178 account_id, device_local_account_policy_.GetBlob());
179 }
180
181 void DeviceLocalAccountPolicyServiceTestBase::AddDeviceLocalAccountToPolicy(
182 const std::string& account_id) {
183 em::DeviceLocalAccountInfoProto* account =
184 device_policy_.payload().mutable_device_local_accounts()->add_account();
185 account->set_account_id(account_id);
186 account->set_type(
187 em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION);
188 }
189
190 void DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy() {
191 device_policy_.Build();
192 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
193 ReloadDeviceSettings();
194 }
195
196 DeviceLocalAccountPolicyServiceTest::DeviceLocalAccountPolicyServiceTest() {
197 CreatePolicyService();
198 }
199
200 void DeviceLocalAccountPolicyServiceTest::SetUp() {
201 DeviceLocalAccountPolicyServiceTestBase::SetUp();
202 service_->AddObserver(&service_observer_);
203 }
204
205 void DeviceLocalAccountPolicyServiceTest::TearDown() {
206 service_->RemoveObserver(&service_observer_);
207 DeviceLocalAccountPolicyServiceTestBase::TearDown();
208 }
209
210 void DeviceLocalAccountPolicyServiceTest::InstallDevicePolicy() {
211 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged());
212 DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy();
213 Mock::VerifyAndClearExpectations(&service_observer_);
214 }
215
216 TEST_F(DeviceLocalAccountPolicyServiceTest, NoAccounts) {
217 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_));
218 }
219
220 TEST_F(DeviceLocalAccountPolicyServiceTest, GetBroker) {
221 InstallDeviceLocalAccountPolicy(kAccount1);
222 AddDeviceLocalAccountToPolicy(kAccount1);
223 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
224 InstallDevicePolicy();
225
226 DeviceLocalAccountPolicyBroker* broker =
227 service_->GetBrokerForUser(account_1_user_id_);
228 ASSERT_TRUE(broker);
229 EXPECT_EQ(account_1_user_id_, broker->user_id());
230 ASSERT_TRUE(broker->core()->store());
231 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
232 EXPECT_FALSE(broker->core()->client());
233 EXPECT_FALSE(broker->core()->store()->policy_map().empty());
234 }
235
236 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadNoPolicy) {
237 AddDeviceLocalAccountToPolicy(kAccount1);
238 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
239 InstallDevicePolicy();
240
241 DeviceLocalAccountPolicyBroker* broker =
242 service_->GetBrokerForUser(account_1_user_id_);
243 ASSERT_TRUE(broker);
244 EXPECT_EQ(account_1_user_id_, broker->user_id());
245 ASSERT_TRUE(broker->core()->store());
246 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR,
247 broker->core()->store()->status());
248 EXPECT_TRUE(broker->core()->store()->policy_map().empty());
249 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_));
250 }
251
252 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadValidationFailure) {
253 device_local_account_policy_.policy_data().set_policy_type(
254 dm_protocol::kChromeUserPolicyType);
255 InstallDeviceLocalAccountPolicy(kAccount1);
256 AddDeviceLocalAccountToPolicy(kAccount1);
257 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
258 InstallDevicePolicy();
259
260 DeviceLocalAccountPolicyBroker* broker =
261 service_->GetBrokerForUser(account_1_user_id_);
262 ASSERT_TRUE(broker);
263 EXPECT_EQ(account_1_user_id_, broker->user_id());
264 ASSERT_TRUE(broker->core()->store());
265 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR,
266 broker->core()->store()->status());
267 EXPECT_TRUE(broker->core()->store()->policy_map().empty());
268 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_));
269 }
270
271 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadPolicy) {
272 InstallDeviceLocalAccountPolicy(kAccount1);
273 AddDeviceLocalAccountToPolicy(kAccount1);
274 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
275 InstallDevicePolicy();
276
277 DeviceLocalAccountPolicyBroker* broker =
278 service_->GetBrokerForUser(account_1_user_id_);
279 ASSERT_TRUE(broker);
280 EXPECT_EQ(account_1_user_id_, broker->user_id());
281 ASSERT_TRUE(broker->core()->store());
282 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
283 ASSERT_TRUE(broker->core()->store()->policy());
284 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
285 broker->core()->store()->policy()->SerializeAsString());
286 EXPECT_TRUE(expected_policy_map_.Equals(
287 broker->core()->store()->policy_map()));
288 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
289 }
290
291 TEST_F(DeviceLocalAccountPolicyServiceTest, StoreValidationFailure) {
292 AddDeviceLocalAccountToPolicy(kAccount1);
293 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
294 InstallDevicePolicy();
295 Mock::VerifyAndClearExpectations(&service_observer_);
296
297 DeviceLocalAccountPolicyBroker* broker =
298 service_->GetBrokerForUser(account_1_user_id_);
299 ASSERT_TRUE(broker);
300 EXPECT_EQ(account_1_user_id_, broker->user_id());
301 ASSERT_TRUE(broker->core()->store());
302
303 device_local_account_policy_.policy_data().set_policy_type(
304 dm_protocol::kChromeUserPolicyType);
305 device_local_account_policy_.Build();
306 broker->core()->store()->Store(device_local_account_policy_.policy());
307 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
308 FlushDeviceSettings();
309
310 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR,
311 broker->core()->store()->status());
312 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE,
313 broker->core()->store()->validation_status());
314 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_));
315 }
316
317 TEST_F(DeviceLocalAccountPolicyServiceTest, StorePolicy) {
318 AddDeviceLocalAccountToPolicy(kAccount1);
319 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
320 InstallDevicePolicy();
321 Mock::VerifyAndClearExpectations(&service_observer_);
322
323 DeviceLocalAccountPolicyBroker* broker =
324 service_->GetBrokerForUser(account_1_user_id_);
325 ASSERT_TRUE(broker);
326 EXPECT_EQ(account_1_user_id_, broker->user_id());
327 ASSERT_TRUE(broker->core()->store());
328
329 device_local_account_policy_.policy_data().set_settings_entity_id(kAccount1);
330 device_local_account_policy_.policy_data().set_username(kAccount1);
331 device_local_account_policy_.Build();
332 broker->core()->store()->Store(device_local_account_policy_.policy());
333 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
334 FlushDeviceSettings();
335
336 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
337 ASSERT_TRUE(broker->core()->store()->policy());
338 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
339 broker->core()->store()->policy()->SerializeAsString());
340 EXPECT_TRUE(expected_policy_map_.Equals(
341 broker->core()->store()->policy_map()));
342 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
343 }
344
345 TEST_F(DeviceLocalAccountPolicyServiceTest, DevicePolicyChange) {
346 InstallDeviceLocalAccountPolicy(kAccount1);
347 AddDeviceLocalAccountToPolicy(kAccount1);
348 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
349 InstallDevicePolicy();
350
351 device_policy_.payload().mutable_device_local_accounts()->clear_account();
352 InstallDevicePolicy();
353
354 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_));
355 }
356
357 TEST_F(DeviceLocalAccountPolicyServiceTest, DuplicateAccounts) {
358 InstallDeviceLocalAccountPolicy(kAccount1);
359 AddDeviceLocalAccountToPolicy(kAccount1);
360 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
361 InstallDevicePolicy();
362 Mock::VerifyAndClearExpectations(&service_observer_);
363
364 // Add a second entry with a duplicate account name to device policy.
365 AddDeviceLocalAccountToPolicy(kAccount1);
366 InstallDevicePolicy();
367
368 // Make sure the broker is accessible and policy got loaded.
369 DeviceLocalAccountPolicyBroker* broker =
370 service_->GetBrokerForUser(account_1_user_id_);
371 ASSERT_TRUE(broker);
372 EXPECT_EQ(account_1_user_id_, broker->user_id());
373 ASSERT_TRUE(broker->core()->store());
374 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status());
375 ASSERT_TRUE(broker->core()->store()->policy());
376 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
377 broker->core()->store()->policy()->SerializeAsString());
378 EXPECT_TRUE(expected_policy_map_.Equals(
379 broker->core()->store()->policy_map()));
380 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
381 }
382
383 TEST_F(DeviceLocalAccountPolicyServiceTest, FetchPolicy) {
384 InstallDeviceLocalAccountPolicy(kAccount1);
385 AddDeviceLocalAccountToPolicy(kAccount1);
386 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
387 InstallDevicePolicy();
388
389 DeviceLocalAccountPolicyBroker* broker =
390 service_->GetBrokerForUser(account_1_user_id_);
391 ASSERT_TRUE(broker);
392
393 service_->Connect(&mock_device_management_service_);
394 EXPECT_TRUE(broker->core()->client());
395
396 em::DeviceManagementRequest request;
397 em::DeviceManagementResponse response;
398 response.mutable_policy_response()->add_response()->CopyFrom(
399 device_local_account_policy_.policy());
400 EXPECT_CALL(mock_device_management_service_,
401 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH, _))
402 .WillOnce(mock_device_management_service_.SucceedJob(response));
403 EXPECT_CALL(mock_device_management_service_,
404 StartJob(dm_protocol::kValueRequestPolicy,
405 std::string(), std::string(),
406 device_policy_.policy_data().request_token(),
407 dm_protocol::kValueUserAffiliationManaged,
408 device_policy_.policy_data().device_id(),
409 _))
410 .WillOnce(SaveArg<6>(&request));
411 // This will be called twice, because the ComponentCloudPolicyService will
412 // also become ready after flushing all the pending tasks.
413 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)).Times(2);
414 broker->core()->client()->FetchPolicy();
415 FlushDeviceSettings();
416 Mock::VerifyAndClearExpectations(&service_observer_);
417 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
418 EXPECT_TRUE(request.has_policy_request());
419 ASSERT_EQ(2, request.policy_request().request_size());
420
421 const em::PolicyFetchRequest* public_account =
422 &request.policy_request().request(0);
423 const em::PolicyFetchRequest* extensions =
424 &request.policy_request().request(1);
425 // The order is not guarateed.
426 if (extensions->policy_type() ==
427 dm_protocol::kChromePublicAccountPolicyType) {
428 std::swap(public_account, extensions);
429 }
430
431 EXPECT_EQ(dm_protocol::kChromePublicAccountPolicyType,
432 public_account->policy_type());
433 EXPECT_FALSE(public_account->has_machine_id());
434 EXPECT_EQ(kAccount1, public_account->settings_entity_id());
435
436 EXPECT_EQ(dm_protocol::kChromeExtensionPolicyType,
437 extensions->policy_type());
438 EXPECT_FALSE(extensions->has_machine_id());
439 EXPECT_FALSE(extensions->has_settings_entity_id());
440
441 ASSERT_TRUE(broker->core()->store());
442 EXPECT_EQ(CloudPolicyStore::STATUS_OK,
443 broker->core()->store()->status());
444 ASSERT_TRUE(broker->core()->store()->policy());
445 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(),
446 broker->core()->store()->policy()->SerializeAsString());
447 EXPECT_TRUE(expected_policy_map_.Equals(
448 broker->core()->store()->policy_map()));
449 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
450 }
451
452 TEST_F(DeviceLocalAccountPolicyServiceTest, RefreshPolicy) {
453 InstallDeviceLocalAccountPolicy(kAccount1);
454 AddDeviceLocalAccountToPolicy(kAccount1);
455 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_));
456 InstallDevicePolicy();
457
458 DeviceLocalAccountPolicyBroker* broker =
459 service_->GetBrokerForUser(account_1_user_id_);
460 ASSERT_TRUE(broker);
461
462 service_->Connect(&mock_device_management_service_);
463 ASSERT_TRUE(broker->core()->service());
464
465 em::DeviceManagementResponse response;
466 response.mutable_policy_response()->add_response()->CopyFrom(
467 device_local_account_policy_.policy());
468 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _))
469 .WillOnce(mock_device_management_service_.SucceedJob(response));
470 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _));
471 EXPECT_CALL(*this, OnRefreshDone(true)).Times(1);
472 // This will be called twice, because the ComponentCloudPolicyService will
473 // also become ready after flushing all the pending tasks.
474 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)).Times(2);
475 broker->core()->service()->RefreshPolicy(
476 base::Bind(&DeviceLocalAccountPolicyServiceTest::OnRefreshDone,
477 base::Unretained(this)));
478 FlushDeviceSettings();
479 Mock::VerifyAndClearExpectations(&service_observer_);
480 Mock::VerifyAndClearExpectations(this);
481 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
482
483 ASSERT_TRUE(broker->core()->store());
484 EXPECT_EQ(CloudPolicyStore::STATUS_OK,
485 broker->core()->store()->status());
486 EXPECT_TRUE(expected_policy_map_.Equals(
487 broker->core()->store()->policy_map()));
488 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_));
489 }
490
491 class DeviceLocalAccountPolicyExtensionCacheTest
492 : public DeviceLocalAccountPolicyServiceTestBase {
493 protected:
494 DeviceLocalAccountPolicyExtensionCacheTest();
495
496 void SetUp() override;
497
498 base::FilePath GetCacheDirectoryForAccountID(const std::string& account_id);
499
500 base::ScopedTempDir cache_root_dir_;
501 scoped_ptr<base::ScopedPathOverride> cache_root_dir_override_;
502
503 base::FilePath cache_dir_1_;
504 base::FilePath cache_dir_2_;
505 base::FilePath cache_dir_3_;
506
507 private:
508 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyExtensionCacheTest);
509 };
510
511 DeviceLocalAccountPolicyExtensionCacheTest::
512 DeviceLocalAccountPolicyExtensionCacheTest() {
513 }
514
515 void DeviceLocalAccountPolicyExtensionCacheTest::SetUp() {
516 DeviceLocalAccountPolicyServiceTestBase::SetUp();
517 ASSERT_TRUE(cache_root_dir_.CreateUniqueTempDir());
518 cache_root_dir_override_.reset(new base::ScopedPathOverride(
519 chromeos::DIR_DEVICE_LOCAL_ACCOUNT_EXTENSIONS,
520 cache_root_dir_.path()));
521
522 cache_dir_1_ = GetCacheDirectoryForAccountID(kAccount1);
523 cache_dir_2_ = GetCacheDirectoryForAccountID(kAccount2);
524 cache_dir_3_ = GetCacheDirectoryForAccountID(kAccount3);
525
526 em::StringList* forcelist = device_local_account_policy_.payload()
527 .mutable_extensioninstallforcelist()->mutable_value();
528 forcelist->add_entries(base::StringPrintf("%s;%s", kExtensionID, kUpdateURL));
529 }
530
531 base::FilePath DeviceLocalAccountPolicyExtensionCacheTest::
532 GetCacheDirectoryForAccountID(const std::string& account_id) {
533 return cache_root_dir_.path().Append(base::HexEncode(account_id.c_str(),
534 account_id.size()));
535 }
536
537 // Verifies that during startup, orphaned cache directories are deleted,
538 // cache directories belonging to an existing account are preserved and missing
539 // cache directories are created. Also verifies that when startup is complete,
540 // the caches for all existing accounts are running.
541 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, Startup) {
542 base::FilePath test_data_dir;
543 ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &test_data_dir));
544 const base::FilePath source_crx_file =
545 test_data_dir.Append(kExtensionCRXPath);
546 const std::string target_crx_file_name =
547 base::StringPrintf("%s-%s.crx", kExtensionID, kExtensionVersion);
548
549 // Create and pre-populate a cache directory for account 1.
550 EXPECT_TRUE(base::CreateDirectory(cache_dir_1_));
551 EXPECT_TRUE(CopyFile(source_crx_file,
552 cache_dir_1_.Append(target_crx_file_name)));
553
554 // Create and pre-populate a cache directory for account 3.
555 EXPECT_TRUE(base::CreateDirectory(cache_dir_3_));
556 EXPECT_TRUE(CopyFile(source_crx_file,
557 cache_dir_3_.Append(target_crx_file_name)));
558
559 // Add accounts 1 and 2 to device policy.
560 InstallDeviceLocalAccountPolicy(kAccount1);
561 InstallDeviceLocalAccountPolicy(kAccount2);
562 AddDeviceLocalAccountToPolicy(kAccount1);
563 AddDeviceLocalAccountToPolicy(kAccount2);
564 InstallDevicePolicy();
565
566 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
567 // deletion of orphaned cache directories.
568 CreatePolicyService();
569 FlushDeviceSettings();
570 extension_cache_task_runner_->RunUntilIdle();
571
572 // Verify that the cache directory for account 1 and its contents still exist.
573 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_));
574 EXPECT_TRUE(ContentsEqual(source_crx_file,
575 cache_dir_1_.Append(target_crx_file_name)));
576
577 // Verify that a cache directory for account 2 was created.
578 EXPECT_TRUE(base::DirectoryExists(cache_dir_2_));
579
580 // Verify that the cache directory for account 3 was deleted.
581 EXPECT_FALSE(base::DirectoryExists(cache_dir_3_));
582
583 // Verify that the cache for account 1 has been started.
584 DeviceLocalAccountPolicyBroker* broker =
585 service_->GetBrokerForUser(account_1_user_id_);
586 ASSERT_TRUE(broker);
587 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
588
589 // Verify that the cache for account 2 has been started.
590 broker = service_->GetBrokerForUser(account_2_user_id_);
591 ASSERT_TRUE(broker);
592 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
593 }
594
595 // Verifies that while the deletion of orphaned cache directories is in
596 // progress, the caches for accounts which existed before the deletion started
597 // are running but caches for newly added accounts are not started.
598 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstOrphanDeletion) {
599 // Add account 1 to device policy.
600 InstallDeviceLocalAccountPolicy(kAccount1);
601 AddDeviceLocalAccountToPolicy(kAccount1);
602 InstallDevicePolicy();
603
604 // Create the DeviceLocalAccountPolicyService, triggering the deletion of
605 // orphaned cache directories.
606 CreatePolicyService();
607 FlushDeviceSettings();
608
609 // Verify that the cache for account 1 has been started as it is unaffected by
610 // the orphan deletion.
611 DeviceLocalAccountPolicyBroker* broker =
612 service_->GetBrokerForUser(account_1_user_id_);
613 ASSERT_TRUE(broker);
614 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
615
616 // Add account 2 to device policy.
617 InstallDeviceLocalAccountPolicy(kAccount2);
618 AddDeviceLocalAccountToPolicy(kAccount2);
619 InstallDevicePolicy();
620
621 // Verify that the cache for account 2 has not been started yet as the orphan
622 // deletion is still in progress.
623 broker = service_->GetBrokerForUser(account_2_user_id_);
624 ASSERT_TRUE(broker);
625 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning());
626
627 // Allow the orphan deletion to finish.
628 extension_cache_task_runner_->RunUntilIdle();
629 base::RunLoop().RunUntilIdle();
630
631 // Verify that the cache for account 2 has been started.
632 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
633 }
634
635 // Verifies that while the shutdown of a cache is in progress, no new cache is
636 // started if an account with the same ID is re-added.
637 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstCacheShutdown) {
638 // Add account 1 to device policy.
639 InstallDeviceLocalAccountPolicy(kAccount1);
640 AddDeviceLocalAccountToPolicy(kAccount1);
641 InstallDevicePolicy();
642
643 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
644 // deletion of orphaned cache directories.
645 CreatePolicyService();
646 FlushDeviceSettings();
647 extension_cache_task_runner_->RunUntilIdle();
648
649 // Remove account 1 from device policy, triggering a shutdown of its cache.
650 device_policy_.payload().mutable_device_local_accounts()->clear_account();
651 InstallDevicePolicy();
652
653 // Re-add account 1 to device policy.
654 AddDeviceLocalAccountToPolicy(kAccount1);
655 InstallDevicePolicy();
656
657 // Verify that the cache for account 1 has not been started yet as the
658 // shutdown of a previous cache for this account ID is still in progress.
659 DeviceLocalAccountPolicyBroker* broker =
660 service_->GetBrokerForUser(account_1_user_id_);
661 ASSERT_TRUE(broker);
662 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning());
663
664 // Allow the cache shutdown to finish.
665 extension_cache_task_runner_->RunUntilIdle();
666 base::RunLoop().RunUntilIdle();
667
668 // Verify that the cache directory for account 1 still exists.
669 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_));
670
671 // Verify that the cache for account 1 has been started, reusing the existing
672 // cache directory.
673 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
674 }
675
676 // Verifies that while the deletion of an obsolete cache directory is in
677 // progress, no new cache is started if an account with the same ID is re-added.
678 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest,
679 RaceAgainstObsoleteDeletion) {
680 // Add account 1 to device policy.
681 InstallDeviceLocalAccountPolicy(kAccount1);
682 AddDeviceLocalAccountToPolicy(kAccount1);
683 InstallDevicePolicy();
684
685 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
686 // deletion of orphaned cache directories.
687 CreatePolicyService();
688 FlushDeviceSettings();
689 extension_cache_task_runner_->RunUntilIdle();
690
691 // Remove account 1 from device policy, allowing the shutdown of its cache to
692 // finish and the deletion of its now obsolete cache directory to begin.
693 device_policy_.payload().mutable_device_local_accounts()->clear_account();
694 InstallDevicePolicy();
695 extension_cache_task_runner_->RunUntilIdle();
696 base::RunLoop().RunUntilIdle();
697
698 // Re-add account 1 to device policy.
699 AddDeviceLocalAccountToPolicy(kAccount1);
700 InstallDevicePolicy();
701
702 // Verify that the cache for account 1 has not been started yet as the
703 // deletion of the cache directory for this account ID is still in progress.
704 DeviceLocalAccountPolicyBroker* broker =
705 service_->GetBrokerForUser(account_1_user_id_);
706 ASSERT_TRUE(broker);
707 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning());
708
709 // Allow the deletion to finish.
710 extension_cache_task_runner_->RunUntilIdle();
711 base::RunLoop().RunUntilIdle();
712
713 // Verify that the cache directory for account 1 was deleted.
714 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_));
715
716 // Verify that the cache for account 1 has been started.
717 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
718 }
719
720 // Verifies that when an account is added and no deletion of cache directories
721 // affecting this account is in progress, its cache is started immediately.
722 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, AddAccount) {
723 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
724 // deletion of orphaned cache directories.
725 InstallDevicePolicy();
726 CreatePolicyService();
727 FlushDeviceSettings();
728 extension_cache_task_runner_->RunUntilIdle();
729
730 // Add account 1 to device policy.
731 InstallDeviceLocalAccountPolicy(kAccount1);
732 AddDeviceLocalAccountToPolicy(kAccount1);
733 InstallDevicePolicy();
734
735 // Verify that the cache for account 1 has been started.
736 DeviceLocalAccountPolicyBroker* broker =
737 service_->GetBrokerForUser(account_1_user_id_);
738 ASSERT_TRUE(broker);
739 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning());
740 }
741
742 // Verifies that when an account is removed, its cache directory is deleted.
743 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RemoveAccount) {
744 // Add account 1 to device policy.
745 InstallDeviceLocalAccountPolicy(kAccount1);
746 AddDeviceLocalAccountToPolicy(kAccount1);
747 InstallDevicePolicy();
748
749 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
750 // deletion of orphaned cache directories.
751 CreatePolicyService();
752 FlushDeviceSettings();
753 extension_cache_task_runner_->RunUntilIdle();
754
755 // Verify that a cache directory has been created for account 1.
756 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_));
757
758 // Remove account 1 from device policy, allowing the deletion of its now
759 // obsolete cache directory to finish.
760 device_policy_.payload().mutable_device_local_accounts()->clear_account();
761 InstallDevicePolicy();
762 extension_cache_task_runner_->RunUntilIdle();
763 base::RunLoop().RunUntilIdle();
764 extension_cache_task_runner_->RunUntilIdle();
765
766 // Verify that the cache directory for account 1 was deleted.
767 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_));
768 }
769
770 class DeviceLocalAccountPolicyProviderTest
771 : public DeviceLocalAccountPolicyServiceTestBase {
772 protected:
773 DeviceLocalAccountPolicyProviderTest();
774
775 void SetUp() override;
776 void TearDown() override;
777
778 SchemaRegistry schema_registry_;
779 scoped_ptr<DeviceLocalAccountPolicyProvider> provider_;
780 MockConfigurationPolicyObserver provider_observer_;
781
782 private:
783 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyProviderTest);
784 };
785
786 DeviceLocalAccountPolicyProviderTest::DeviceLocalAccountPolicyProviderTest() {
787 CreatePolicyService();
788 provider_ = DeviceLocalAccountPolicyProvider::Create(
789 GenerateDeviceLocalAccountUserId(kAccount1,
790 DeviceLocalAccount::TYPE_PUBLIC_SESSION),
791 service_.get());
792 }
793
794 void DeviceLocalAccountPolicyProviderTest::SetUp() {
795 DeviceLocalAccountPolicyServiceTestBase::SetUp();
796 provider_->Init(&schema_registry_);
797 provider_->AddObserver(&provider_observer_);
798
799 // Values implicitly enforced for public accounts.
800 expected_policy_map_.Set(key::kLidCloseAction,
801 POLICY_LEVEL_MANDATORY,
802 POLICY_SCOPE_MACHINE,
803 new base::FundamentalValue(
804 chromeos::PowerPolicyController::
805 ACTION_STOP_SESSION),
806 NULL);
807 expected_policy_map_.Set(key::kShelfAutoHideBehavior,
808 POLICY_LEVEL_MANDATORY,
809 POLICY_SCOPE_MACHINE,
810 new base::StringValue("Never"),
811 NULL);
812 expected_policy_map_.Set(key::kShowLogoutButtonInTray,
813 POLICY_LEVEL_MANDATORY,
814 POLICY_SCOPE_MACHINE,
815 new base::FundamentalValue(true),
816 NULL);
817 expected_policy_map_.Set(key::kFullscreenAllowed,
818 POLICY_LEVEL_MANDATORY,
819 POLICY_SCOPE_MACHINE,
820 new base::FundamentalValue(false),
821 NULL);
822 }
823
824 void DeviceLocalAccountPolicyProviderTest::TearDown() {
825 provider_->RemoveObserver(&provider_observer_);
826 provider_->Shutdown();
827 provider_.reset();
828 DeviceLocalAccountPolicyServiceTestBase::TearDown();
829 }
830
831 TEST_F(DeviceLocalAccountPolicyProviderTest, Initialization) {
832 EXPECT_FALSE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
833
834 // Policy change should complete initialization.
835 InstallDeviceLocalAccountPolicy(kAccount1);
836 AddDeviceLocalAccountToPolicy(kAccount1);
837 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
838 .Times(AtLeast(1));
839 InstallDevicePolicy();
840 Mock::VerifyAndClearExpectations(&provider_observer_);
841
842 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
843
844 // The account disappearing should *not* flip the initialization flag back.
845 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
846 .Times(AnyNumber());
847 device_policy_.payload().mutable_device_local_accounts()->clear_account();
848 InstallDevicePolicy();
849 Mock::VerifyAndClearExpectations(&provider_observer_);
850
851 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
852 }
853
854 TEST_F(DeviceLocalAccountPolicyProviderTest, Policy) {
855 // Policy should load successfully.
856 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
857 .Times(AtLeast(1));
858 InstallDeviceLocalAccountPolicy(kAccount1);
859 AddDeviceLocalAccountToPolicy(kAccount1);
860 InstallDevicePolicy();
861 Mock::VerifyAndClearExpectations(&provider_observer_);
862
863 PolicyBundle expected_policy_bundle;
864 expected_policy_bundle.Get(PolicyNamespace(
865 POLICY_DOMAIN_CHROME, std::string())).CopyFrom(expected_policy_map_);
866 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
867
868 // Policy change should be reported.
869 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
870 .Times(AtLeast(1));
871 device_local_account_policy_.payload().mutable_disablespdy()->set_value(
872 false);
873 InstallDeviceLocalAccountPolicy(kAccount1);
874 DeviceLocalAccountPolicyBroker* broker =
875 service_->GetBrokerForUser(account_1_user_id_);
876 ASSERT_TRUE(broker);
877 broker->core()->store()->Load();
878 FlushDeviceSettings();
879 Mock::VerifyAndClearExpectations(&provider_observer_);
880
881 expected_policy_bundle.Get(
882 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
883 .Set(key::kDisableSpdy,
884 POLICY_LEVEL_MANDATORY,
885 POLICY_SCOPE_USER,
886 new base::FundamentalValue(false),
887 NULL);
888 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
889
890 // Any values set for the |ShelfAutoHideBehavior|, |ShowLogoutButtonInTray|
891 // and |ExtensionAllowedTypes| policies should be overridden.
892 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
893 .Times(AtLeast(1));
894 device_local_account_policy_.payload().mutable_shelfautohidebehavior()->
895 set_value("Always");
896 device_local_account_policy_.payload().mutable_showlogoutbuttonintray()->
897 set_value(false);
898 InstallDeviceLocalAccountPolicy(kAccount1);
899 broker->core()->store()->Load();
900 FlushDeviceSettings();
901 Mock::VerifyAndClearExpectations(&provider_observer_);
902 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
903
904 // Account disappears, policy should stay in effect.
905 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
906 .Times(AnyNumber());
907 device_policy_.payload().mutable_device_local_accounts()->clear_account();
908 InstallDevicePolicy();
909 Mock::VerifyAndClearExpectations(&provider_observer_);
910
911 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies()));
912 }
913
914 TEST_F(DeviceLocalAccountPolicyProviderTest, RefreshPolicies) {
915 // If there's no device policy, the refresh completes immediately.
916 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_));
917 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
918 .Times(AtLeast(1));
919 provider_->RefreshPolicies();
920 Mock::VerifyAndClearExpectations(&provider_observer_);
921
922 // Make device settings appear.
923 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
924 .Times(AnyNumber());
925 AddDeviceLocalAccountToPolicy(kAccount1);
926 InstallDevicePolicy();
927 EXPECT_TRUE(service_->GetBrokerForUser(account_1_user_id_));
928
929 // If there's no cloud connection, refreshes are still immediate.
930 DeviceLocalAccountPolicyBroker* broker =
931 service_->GetBrokerForUser(account_1_user_id_);
932 ASSERT_TRUE(broker);
933 EXPECT_FALSE(broker->core()->client());
934 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
935 .Times(AtLeast(1));
936 provider_->RefreshPolicies();
937 Mock::VerifyAndClearExpectations(&provider_observer_);
938
939 // Bring up the cloud connection. The refresh scheduler may fire refreshes at
940 // this point which are not relevant for the test.
941 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _))
942 .WillRepeatedly(
943 mock_device_management_service_.FailJob(DM_STATUS_REQUEST_FAILED));
944 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _))
945 .Times(AnyNumber());
946 service_->Connect(&mock_device_management_service_);
947 FlushDeviceSettings();
948 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
949
950 // No callbacks until the refresh completes.
951 EXPECT_CALL(provider_observer_, OnUpdatePolicy(_)).Times(0);
952 MockDeviceManagementJob* request_job;
953 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _))
954 .WillOnce(mock_device_management_service_.CreateAsyncJob(&request_job));
955 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _));
956 provider_->RefreshPolicies();
957 ReloadDeviceSettings();
958 Mock::VerifyAndClearExpectations(&provider_observer_);
959 Mock::VerifyAndClearExpectations(&mock_device_management_service_);
960 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
961
962 // When the response comes in, it should propagate and fire the notification.
963 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get()))
964 .Times(AtLeast(1));
965 ASSERT_TRUE(request_job);
966 em::DeviceManagementResponse response;
967 device_local_account_policy_.Build();
968 response.mutable_policy_response()->add_response()->CopyFrom(
969 device_local_account_policy_.policy());
970 request_job->SendResponse(DM_STATUS_SUCCESS, response);
971 FlushDeviceSettings();
972 Mock::VerifyAndClearExpectations(&provider_observer_);
973 }
974
975 } // namespace policy