1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
10 #include "base/bind_helpers.h"
11 #include "base/callback.h"
12 #include "base/files/file_path.h"
13 #include "base/files/file_util.h"
14 #include "base/files/scoped_temp_dir.h"
15 #include "base/message_loop/message_loop.h"
16 #include "base/message_loop/message_loop_proxy.h"
17 #include "base/path_service.h"
18 #include "base/run_loop.h"
19 #include "base/strings/string_number_conversions.h"
20 #include "base/strings/stringprintf.h"
21 #include "base/test/scoped_path_override.h"
22 #include "base/test/test_simple_task_runner.h"
23 #include "chrome/browser/chromeos/policy/device_local_account.h"
24 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h"
25 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
26 #include "chrome/browser/chromeos/settings/cros_settings.h"
27 #include "chrome/browser/chromeos/settings/device_settings_service.h"
28 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
29 #include "chrome/common/chrome_paths.h"
30 #include "chromeos/chromeos_paths.h"
31 #include "chromeos/dbus/power_policy_controller.h"
32 #include "components/policy/core/common/cloud/cloud_policy_client.h"
33 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
34 #include "components/policy/core/common/cloud/cloud_policy_service.h"
35 #include "components/policy/core/common/cloud/mock_device_management_service.h"
36 #include "components/policy/core/common/cloud/policy_builder.h"
37 #include "components/policy/core/common/external_data_fetcher.h"
38 #include "components/policy/core/common/mock_configuration_policy_provider.h"
39 #include "components/policy/core/common/policy_bundle.h"
40 #include "components/policy/core/common/policy_map.h"
41 #include "components/policy/core/common/schema_registry.h"
42 #include "net/url_request/url_request_context_getter.h"
43 #include "net/url_request/url_request_test_util.h"
44 #include "policy/policy_constants.h"
45 #include "policy/proto/cloud_policy.pb.h"
46 #include "policy/proto/device_management_backend.pb.h"
47 #include "testing/gtest/include/gtest/gtest.h"
49 using testing::AnyNumber
;
50 using testing::AtLeast
;
52 using testing::SaveArg
;
55 namespace em
= enterprise_management
;
61 const char kAccount1
[] = "account1@localhost";
62 const char kAccount2
[] = "account2@localhost";
63 const char kAccount3
[] = "account3@localhost";
65 const char kExtensionID
[] = "kbmnembihfiondgfjekmnmcbddelicoi";
66 const char kExtensionVersion
[] = "1.0.0.0";
67 const char kExtensionCRXPath
[] = "extensions/hosted_app.crx";
68 const char kUpdateURL
[] = "https://clients2.google.com/service/update2/crx";
72 class MockDeviceLocalAccountPolicyServiceObserver
73 : public DeviceLocalAccountPolicyService::Observer
{
75 MOCK_METHOD1(OnPolicyUpdated
, void(const std::string
&));
76 MOCK_METHOD0(OnDeviceLocalAccountsChanged
, void(void));
79 class DeviceLocalAccountPolicyServiceTestBase
80 : public chromeos::DeviceSettingsTestBase
{
82 DeviceLocalAccountPolicyServiceTestBase();
84 void SetUp() override
;
85 void TearDown() override
;
87 void CreatePolicyService();
89 void InstallDeviceLocalAccountPolicy(const std::string
& account_id
);
90 void AddDeviceLocalAccountToPolicy(const std::string
& account_id
);
91 virtual void InstallDevicePolicy();
93 const std::string account_1_user_id_
;
94 const std::string account_2_user_id_
;
96 PolicyMap expected_policy_map_
;
97 UserPolicyBuilder device_local_account_policy_
;
98 chromeos::CrosSettings cros_settings_
;
99 scoped_refptr
<base::TestSimpleTaskRunner
> extension_cache_task_runner_
;
100 MockDeviceManagementService mock_device_management_service_
;
101 scoped_ptr
<DeviceLocalAccountPolicyService
> service_
;
104 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTestBase
);
107 class DeviceLocalAccountPolicyServiceTest
108 : public DeviceLocalAccountPolicyServiceTestBase
{
110 MOCK_METHOD1(OnRefreshDone
, void(bool));
113 DeviceLocalAccountPolicyServiceTest();
115 virtual void SetUp() override
;
116 virtual void TearDown() override
;
118 void InstallDevicePolicy() override
;
120 MockDeviceLocalAccountPolicyServiceObserver service_observer_
;
123 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTest
);
126 DeviceLocalAccountPolicyServiceTestBase::
127 DeviceLocalAccountPolicyServiceTestBase()
128 : account_1_user_id_(GenerateDeviceLocalAccountUserId(
130 DeviceLocalAccount::TYPE_PUBLIC_SESSION
)),
131 account_2_user_id_(GenerateDeviceLocalAccountUserId(
133 DeviceLocalAccount::TYPE_PUBLIC_SESSION
)),
134 cros_settings_(&device_settings_service_
),
135 extension_cache_task_runner_(new base::TestSimpleTaskRunner
) {
138 void DeviceLocalAccountPolicyServiceTestBase::SetUp() {
139 chromeos::DeviceSettingsTestBase::SetUp();
141 expected_policy_map_
.Set(key::kDisableSpdy
,
142 POLICY_LEVEL_MANDATORY
,
144 new base::FundamentalValue(true),
147 device_local_account_policy_
.payload().mutable_disablespdy()->set_value(
149 device_local_account_policy_
.policy_data().set_policy_type(
150 dm_protocol::kChromePublicAccountPolicyType
);
153 void DeviceLocalAccountPolicyServiceTestBase::TearDown() {
154 service_
->Shutdown();
156 extension_cache_task_runner_
->RunUntilIdle();
157 chromeos::DeviceSettingsTestBase::TearDown();
160 void DeviceLocalAccountPolicyServiceTestBase::CreatePolicyService() {
161 service_
.reset(new DeviceLocalAccountPolicyService(
162 &device_settings_test_helper_
,
163 &device_settings_service_
,
165 base::MessageLoopProxy::current(),
166 extension_cache_task_runner_
,
167 base::MessageLoopProxy::current(),
168 base::MessageLoopProxy::current(),
169 new net::TestURLRequestContextGetter(base::MessageLoopProxy::current())));
172 void DeviceLocalAccountPolicyServiceTestBase::
173 InstallDeviceLocalAccountPolicy(const std::string
& account_id
) {
174 device_local_account_policy_
.policy_data().set_settings_entity_id(account_id
);
175 device_local_account_policy_
.policy_data().set_username(account_id
);
176 device_local_account_policy_
.Build();
177 device_settings_test_helper_
.set_device_local_account_policy_blob(
178 account_id
, device_local_account_policy_
.GetBlob());
181 void DeviceLocalAccountPolicyServiceTestBase::AddDeviceLocalAccountToPolicy(
182 const std::string
& account_id
) {
183 em::DeviceLocalAccountInfoProto
* account
=
184 device_policy_
.payload().mutable_device_local_accounts()->add_account();
185 account
->set_account_id(account_id
);
187 em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION
);
190 void DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy() {
191 device_policy_
.Build();
192 device_settings_test_helper_
.set_policy_blob(device_policy_
.GetBlob());
193 ReloadDeviceSettings();
196 DeviceLocalAccountPolicyServiceTest::DeviceLocalAccountPolicyServiceTest() {
197 CreatePolicyService();
200 void DeviceLocalAccountPolicyServiceTest::SetUp() {
201 DeviceLocalAccountPolicyServiceTestBase::SetUp();
202 service_
->AddObserver(&service_observer_
);
205 void DeviceLocalAccountPolicyServiceTest::TearDown() {
206 service_
->RemoveObserver(&service_observer_
);
207 DeviceLocalAccountPolicyServiceTestBase::TearDown();
210 void DeviceLocalAccountPolicyServiceTest::InstallDevicePolicy() {
211 EXPECT_CALL(service_observer_
, OnDeviceLocalAccountsChanged());
212 DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy();
213 Mock::VerifyAndClearExpectations(&service_observer_
);
216 TEST_F(DeviceLocalAccountPolicyServiceTest
, NoAccounts
) {
217 EXPECT_FALSE(service_
->GetBrokerForUser(account_1_user_id_
));
220 TEST_F(DeviceLocalAccountPolicyServiceTest
, GetBroker
) {
221 InstallDeviceLocalAccountPolicy(kAccount1
);
222 AddDeviceLocalAccountToPolicy(kAccount1
);
223 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
));
224 InstallDevicePolicy();
226 DeviceLocalAccountPolicyBroker
* broker
=
227 service_
->GetBrokerForUser(account_1_user_id_
);
229 EXPECT_EQ(account_1_user_id_
, broker
->user_id());
230 ASSERT_TRUE(broker
->core()->store());
231 EXPECT_EQ(CloudPolicyStore::STATUS_OK
, broker
->core()->store()->status());
232 EXPECT_FALSE(broker
->core()->client());
233 EXPECT_FALSE(broker
->core()->store()->policy_map().empty());
236 TEST_F(DeviceLocalAccountPolicyServiceTest
, LoadNoPolicy
) {
237 AddDeviceLocalAccountToPolicy(kAccount1
);
238 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
));
239 InstallDevicePolicy();
241 DeviceLocalAccountPolicyBroker
* broker
=
242 service_
->GetBrokerForUser(account_1_user_id_
);
244 EXPECT_EQ(account_1_user_id_
, broker
->user_id());
245 ASSERT_TRUE(broker
->core()->store());
246 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR
,
247 broker
->core()->store()->status());
248 EXPECT_TRUE(broker
->core()->store()->policy_map().empty());
249 EXPECT_FALSE(service_
->IsPolicyAvailableForUser(account_1_user_id_
));
252 TEST_F(DeviceLocalAccountPolicyServiceTest
, LoadValidationFailure
) {
253 device_local_account_policy_
.policy_data().set_policy_type(
254 dm_protocol::kChromeUserPolicyType
);
255 InstallDeviceLocalAccountPolicy(kAccount1
);
256 AddDeviceLocalAccountToPolicy(kAccount1
);
257 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
));
258 InstallDevicePolicy();
260 DeviceLocalAccountPolicyBroker
* broker
=
261 service_
->GetBrokerForUser(account_1_user_id_
);
263 EXPECT_EQ(account_1_user_id_
, broker
->user_id());
264 ASSERT_TRUE(broker
->core()->store());
265 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR
,
266 broker
->core()->store()->status());
267 EXPECT_TRUE(broker
->core()->store()->policy_map().empty());
268 EXPECT_FALSE(service_
->IsPolicyAvailableForUser(account_1_user_id_
));
271 TEST_F(DeviceLocalAccountPolicyServiceTest
, LoadPolicy
) {
272 InstallDeviceLocalAccountPolicy(kAccount1
);
273 AddDeviceLocalAccountToPolicy(kAccount1
);
274 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
));
275 InstallDevicePolicy();
277 DeviceLocalAccountPolicyBroker
* broker
=
278 service_
->GetBrokerForUser(account_1_user_id_
);
280 EXPECT_EQ(account_1_user_id_
, broker
->user_id());
281 ASSERT_TRUE(broker
->core()->store());
282 EXPECT_EQ(CloudPolicyStore::STATUS_OK
, broker
->core()->store()->status());
283 ASSERT_TRUE(broker
->core()->store()->policy());
284 EXPECT_EQ(device_local_account_policy_
.policy_data().SerializeAsString(),
285 broker
->core()->store()->policy()->SerializeAsString());
286 EXPECT_TRUE(expected_policy_map_
.Equals(
287 broker
->core()->store()->policy_map()));
288 EXPECT_TRUE(service_
->IsPolicyAvailableForUser(account_1_user_id_
));
291 TEST_F(DeviceLocalAccountPolicyServiceTest
, StoreValidationFailure
) {
292 AddDeviceLocalAccountToPolicy(kAccount1
);
293 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
));
294 InstallDevicePolicy();
295 Mock::VerifyAndClearExpectations(&service_observer_
);
297 DeviceLocalAccountPolicyBroker
* broker
=
298 service_
->GetBrokerForUser(account_1_user_id_
);
300 EXPECT_EQ(account_1_user_id_
, broker
->user_id());
301 ASSERT_TRUE(broker
->core()->store());
303 device_local_account_policy_
.policy_data().set_policy_type(
304 dm_protocol::kChromeUserPolicyType
);
305 device_local_account_policy_
.Build();
306 broker
->core()->store()->Store(device_local_account_policy_
.policy());
307 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
));
308 FlushDeviceSettings();
310 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR
,
311 broker
->core()->store()->status());
312 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE
,
313 broker
->core()->store()->validation_status());
314 EXPECT_FALSE(service_
->IsPolicyAvailableForUser(account_1_user_id_
));
317 TEST_F(DeviceLocalAccountPolicyServiceTest
, StorePolicy
) {
318 AddDeviceLocalAccountToPolicy(kAccount1
);
319 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
));
320 InstallDevicePolicy();
321 Mock::VerifyAndClearExpectations(&service_observer_
);
323 DeviceLocalAccountPolicyBroker
* broker
=
324 service_
->GetBrokerForUser(account_1_user_id_
);
326 EXPECT_EQ(account_1_user_id_
, broker
->user_id());
327 ASSERT_TRUE(broker
->core()->store());
329 device_local_account_policy_
.policy_data().set_settings_entity_id(kAccount1
);
330 device_local_account_policy_
.policy_data().set_username(kAccount1
);
331 device_local_account_policy_
.Build();
332 broker
->core()->store()->Store(device_local_account_policy_
.policy());
333 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
));
334 FlushDeviceSettings();
336 EXPECT_EQ(CloudPolicyStore::STATUS_OK
, broker
->core()->store()->status());
337 ASSERT_TRUE(broker
->core()->store()->policy());
338 EXPECT_EQ(device_local_account_policy_
.policy_data().SerializeAsString(),
339 broker
->core()->store()->policy()->SerializeAsString());
340 EXPECT_TRUE(expected_policy_map_
.Equals(
341 broker
->core()->store()->policy_map()));
342 EXPECT_TRUE(service_
->IsPolicyAvailableForUser(account_1_user_id_
));
345 TEST_F(DeviceLocalAccountPolicyServiceTest
, DevicePolicyChange
) {
346 InstallDeviceLocalAccountPolicy(kAccount1
);
347 AddDeviceLocalAccountToPolicy(kAccount1
);
348 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
));
349 InstallDevicePolicy();
351 device_policy_
.payload().mutable_device_local_accounts()->clear_account();
352 InstallDevicePolicy();
354 EXPECT_FALSE(service_
->GetBrokerForUser(account_1_user_id_
));
357 TEST_F(DeviceLocalAccountPolicyServiceTest
, DuplicateAccounts
) {
358 InstallDeviceLocalAccountPolicy(kAccount1
);
359 AddDeviceLocalAccountToPolicy(kAccount1
);
360 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
));
361 InstallDevicePolicy();
362 Mock::VerifyAndClearExpectations(&service_observer_
);
364 // Add a second entry with a duplicate account name to device policy.
365 AddDeviceLocalAccountToPolicy(kAccount1
);
366 InstallDevicePolicy();
368 // Make sure the broker is accessible and policy got loaded.
369 DeviceLocalAccountPolicyBroker
* broker
=
370 service_
->GetBrokerForUser(account_1_user_id_
);
372 EXPECT_EQ(account_1_user_id_
, broker
->user_id());
373 ASSERT_TRUE(broker
->core()->store());
374 EXPECT_EQ(CloudPolicyStore::STATUS_OK
, broker
->core()->store()->status());
375 ASSERT_TRUE(broker
->core()->store()->policy());
376 EXPECT_EQ(device_local_account_policy_
.policy_data().SerializeAsString(),
377 broker
->core()->store()->policy()->SerializeAsString());
378 EXPECT_TRUE(expected_policy_map_
.Equals(
379 broker
->core()->store()->policy_map()));
380 EXPECT_TRUE(service_
->IsPolicyAvailableForUser(account_1_user_id_
));
383 TEST_F(DeviceLocalAccountPolicyServiceTest
, FetchPolicy
) {
384 InstallDeviceLocalAccountPolicy(kAccount1
);
385 AddDeviceLocalAccountToPolicy(kAccount1
);
386 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
));
387 InstallDevicePolicy();
389 DeviceLocalAccountPolicyBroker
* broker
=
390 service_
->GetBrokerForUser(account_1_user_id_
);
393 service_
->Connect(&mock_device_management_service_
);
394 EXPECT_TRUE(broker
->core()->client());
396 em::DeviceManagementRequest request
;
397 em::DeviceManagementResponse response
;
398 response
.mutable_policy_response()->add_response()->CopyFrom(
399 device_local_account_policy_
.policy());
400 EXPECT_CALL(mock_device_management_service_
,
401 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH
, _
))
402 .WillOnce(mock_device_management_service_
.SucceedJob(response
));
403 EXPECT_CALL(mock_device_management_service_
,
404 StartJob(dm_protocol::kValueRequestPolicy
,
405 std::string(), std::string(),
406 device_policy_
.policy_data().request_token(),
407 dm_protocol::kValueUserAffiliationManaged
,
408 device_policy_
.policy_data().device_id(),
410 .WillOnce(SaveArg
<6>(&request
));
411 // This will be called twice, because the ComponentCloudPolicyService will
412 // also become ready after flushing all the pending tasks.
413 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
)).Times(2);
414 broker
->core()->client()->FetchPolicy();
415 FlushDeviceSettings();
416 Mock::VerifyAndClearExpectations(&service_observer_
);
417 Mock::VerifyAndClearExpectations(&mock_device_management_service_
);
418 EXPECT_TRUE(request
.has_policy_request());
419 ASSERT_EQ(2, request
.policy_request().request_size());
421 const em::PolicyFetchRequest
* public_account
=
422 &request
.policy_request().request(0);
423 const em::PolicyFetchRequest
* extensions
=
424 &request
.policy_request().request(1);
425 // The order is not guarateed.
426 if (extensions
->policy_type() ==
427 dm_protocol::kChromePublicAccountPolicyType
) {
428 std::swap(public_account
, extensions
);
431 EXPECT_EQ(dm_protocol::kChromePublicAccountPolicyType
,
432 public_account
->policy_type());
433 EXPECT_FALSE(public_account
->has_machine_id());
434 EXPECT_EQ(kAccount1
, public_account
->settings_entity_id());
436 EXPECT_EQ(dm_protocol::kChromeExtensionPolicyType
,
437 extensions
->policy_type());
438 EXPECT_FALSE(extensions
->has_machine_id());
439 EXPECT_FALSE(extensions
->has_settings_entity_id());
441 ASSERT_TRUE(broker
->core()->store());
442 EXPECT_EQ(CloudPolicyStore::STATUS_OK
,
443 broker
->core()->store()->status());
444 ASSERT_TRUE(broker
->core()->store()->policy());
445 EXPECT_EQ(device_local_account_policy_
.policy_data().SerializeAsString(),
446 broker
->core()->store()->policy()->SerializeAsString());
447 EXPECT_TRUE(expected_policy_map_
.Equals(
448 broker
->core()->store()->policy_map()));
449 EXPECT_TRUE(service_
->IsPolicyAvailableForUser(account_1_user_id_
));
452 TEST_F(DeviceLocalAccountPolicyServiceTest
, RefreshPolicy
) {
453 InstallDeviceLocalAccountPolicy(kAccount1
);
454 AddDeviceLocalAccountToPolicy(kAccount1
);
455 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
));
456 InstallDevicePolicy();
458 DeviceLocalAccountPolicyBroker
* broker
=
459 service_
->GetBrokerForUser(account_1_user_id_
);
462 service_
->Connect(&mock_device_management_service_
);
463 ASSERT_TRUE(broker
->core()->service());
465 em::DeviceManagementResponse response
;
466 response
.mutable_policy_response()->add_response()->CopyFrom(
467 device_local_account_policy_
.policy());
468 EXPECT_CALL(mock_device_management_service_
, CreateJob(_
, _
))
469 .WillOnce(mock_device_management_service_
.SucceedJob(response
));
470 EXPECT_CALL(mock_device_management_service_
, StartJob(_
, _
, _
, _
, _
, _
, _
));
471 EXPECT_CALL(*this, OnRefreshDone(true)).Times(1);
472 // This will be called twice, because the ComponentCloudPolicyService will
473 // also become ready after flushing all the pending tasks.
474 EXPECT_CALL(service_observer_
, OnPolicyUpdated(account_1_user_id_
)).Times(2);
475 broker
->core()->service()->RefreshPolicy(
476 base::Bind(&DeviceLocalAccountPolicyServiceTest::OnRefreshDone
,
477 base::Unretained(this)));
478 FlushDeviceSettings();
479 Mock::VerifyAndClearExpectations(&service_observer_
);
480 Mock::VerifyAndClearExpectations(this);
481 Mock::VerifyAndClearExpectations(&mock_device_management_service_
);
483 ASSERT_TRUE(broker
->core()->store());
484 EXPECT_EQ(CloudPolicyStore::STATUS_OK
,
485 broker
->core()->store()->status());
486 EXPECT_TRUE(expected_policy_map_
.Equals(
487 broker
->core()->store()->policy_map()));
488 EXPECT_TRUE(service_
->IsPolicyAvailableForUser(account_1_user_id_
));
491 class DeviceLocalAccountPolicyExtensionCacheTest
492 : public DeviceLocalAccountPolicyServiceTestBase
{
494 DeviceLocalAccountPolicyExtensionCacheTest();
496 void SetUp() override
;
498 base::FilePath
GetCacheDirectoryForAccountID(const std::string
& account_id
);
500 base::ScopedTempDir cache_root_dir_
;
501 scoped_ptr
<base::ScopedPathOverride
> cache_root_dir_override_
;
503 base::FilePath cache_dir_1_
;
504 base::FilePath cache_dir_2_
;
505 base::FilePath cache_dir_3_
;
508 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyExtensionCacheTest
);
511 DeviceLocalAccountPolicyExtensionCacheTest::
512 DeviceLocalAccountPolicyExtensionCacheTest() {
515 void DeviceLocalAccountPolicyExtensionCacheTest::SetUp() {
516 DeviceLocalAccountPolicyServiceTestBase::SetUp();
517 ASSERT_TRUE(cache_root_dir_
.CreateUniqueTempDir());
518 cache_root_dir_override_
.reset(new base::ScopedPathOverride(
519 chromeos::DIR_DEVICE_LOCAL_ACCOUNT_EXTENSIONS
,
520 cache_root_dir_
.path()));
522 cache_dir_1_
= GetCacheDirectoryForAccountID(kAccount1
);
523 cache_dir_2_
= GetCacheDirectoryForAccountID(kAccount2
);
524 cache_dir_3_
= GetCacheDirectoryForAccountID(kAccount3
);
526 em::StringList
* forcelist
= device_local_account_policy_
.payload()
527 .mutable_extensioninstallforcelist()->mutable_value();
528 forcelist
->add_entries(base::StringPrintf("%s;%s", kExtensionID
, kUpdateURL
));
531 base::FilePath
DeviceLocalAccountPolicyExtensionCacheTest::
532 GetCacheDirectoryForAccountID(const std::string
& account_id
) {
533 return cache_root_dir_
.path().Append(base::HexEncode(account_id
.c_str(),
537 // Verifies that during startup, orphaned cache directories are deleted,
538 // cache directories belonging to an existing account are preserved and missing
539 // cache directories are created. Also verifies that when startup is complete,
540 // the caches for all existing accounts are running.
541 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest
, Startup
) {
542 base::FilePath test_data_dir
;
543 ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA
, &test_data_dir
));
544 const base::FilePath source_crx_file
=
545 test_data_dir
.Append(kExtensionCRXPath
);
546 const std::string target_crx_file_name
=
547 base::StringPrintf("%s-%s.crx", kExtensionID
, kExtensionVersion
);
549 // Create and pre-populate a cache directory for account 1.
550 EXPECT_TRUE(base::CreateDirectory(cache_dir_1_
));
551 EXPECT_TRUE(CopyFile(source_crx_file
,
552 cache_dir_1_
.Append(target_crx_file_name
)));
554 // Create and pre-populate a cache directory for account 3.
555 EXPECT_TRUE(base::CreateDirectory(cache_dir_3_
));
556 EXPECT_TRUE(CopyFile(source_crx_file
,
557 cache_dir_3_
.Append(target_crx_file_name
)));
559 // Add accounts 1 and 2 to device policy.
560 InstallDeviceLocalAccountPolicy(kAccount1
);
561 InstallDeviceLocalAccountPolicy(kAccount2
);
562 AddDeviceLocalAccountToPolicy(kAccount1
);
563 AddDeviceLocalAccountToPolicy(kAccount2
);
564 InstallDevicePolicy();
566 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
567 // deletion of orphaned cache directories.
568 CreatePolicyService();
569 FlushDeviceSettings();
570 extension_cache_task_runner_
->RunUntilIdle();
572 // Verify that the cache directory for account 1 and its contents still exist.
573 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_
));
574 EXPECT_TRUE(ContentsEqual(source_crx_file
,
575 cache_dir_1_
.Append(target_crx_file_name
)));
577 // Verify that a cache directory for account 2 was created.
578 EXPECT_TRUE(base::DirectoryExists(cache_dir_2_
));
580 // Verify that the cache directory for account 3 was deleted.
581 EXPECT_FALSE(base::DirectoryExists(cache_dir_3_
));
583 // Verify that the cache for account 1 has been started.
584 DeviceLocalAccountPolicyBroker
* broker
=
585 service_
->GetBrokerForUser(account_1_user_id_
);
587 EXPECT_TRUE(broker
->extension_loader()->IsCacheRunning());
589 // Verify that the cache for account 2 has been started.
590 broker
= service_
->GetBrokerForUser(account_2_user_id_
);
592 EXPECT_TRUE(broker
->extension_loader()->IsCacheRunning());
595 // Verifies that while the deletion of orphaned cache directories is in
596 // progress, the caches for accounts which existed before the deletion started
597 // are running but caches for newly added accounts are not started.
598 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest
, RaceAgainstOrphanDeletion
) {
599 // Add account 1 to device policy.
600 InstallDeviceLocalAccountPolicy(kAccount1
);
601 AddDeviceLocalAccountToPolicy(kAccount1
);
602 InstallDevicePolicy();
604 // Create the DeviceLocalAccountPolicyService, triggering the deletion of
605 // orphaned cache directories.
606 CreatePolicyService();
607 FlushDeviceSettings();
609 // Verify that the cache for account 1 has been started as it is unaffected by
610 // the orphan deletion.
611 DeviceLocalAccountPolicyBroker
* broker
=
612 service_
->GetBrokerForUser(account_1_user_id_
);
614 EXPECT_TRUE(broker
->extension_loader()->IsCacheRunning());
616 // Add account 2 to device policy.
617 InstallDeviceLocalAccountPolicy(kAccount2
);
618 AddDeviceLocalAccountToPolicy(kAccount2
);
619 InstallDevicePolicy();
621 // Verify that the cache for account 2 has not been started yet as the orphan
622 // deletion is still in progress.
623 broker
= service_
->GetBrokerForUser(account_2_user_id_
);
625 EXPECT_FALSE(broker
->extension_loader()->IsCacheRunning());
627 // Allow the orphan deletion to finish.
628 extension_cache_task_runner_
->RunUntilIdle();
629 base::RunLoop().RunUntilIdle();
631 // Verify that the cache for account 2 has been started.
632 EXPECT_TRUE(broker
->extension_loader()->IsCacheRunning());
635 // Verifies that while the shutdown of a cache is in progress, no new cache is
636 // started if an account with the same ID is re-added.
637 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest
, RaceAgainstCacheShutdown
) {
638 // Add account 1 to device policy.
639 InstallDeviceLocalAccountPolicy(kAccount1
);
640 AddDeviceLocalAccountToPolicy(kAccount1
);
641 InstallDevicePolicy();
643 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
644 // deletion of orphaned cache directories.
645 CreatePolicyService();
646 FlushDeviceSettings();
647 extension_cache_task_runner_
->RunUntilIdle();
649 // Remove account 1 from device policy, triggering a shutdown of its cache.
650 device_policy_
.payload().mutable_device_local_accounts()->clear_account();
651 InstallDevicePolicy();
653 // Re-add account 1 to device policy.
654 AddDeviceLocalAccountToPolicy(kAccount1
);
655 InstallDevicePolicy();
657 // Verify that the cache for account 1 has not been started yet as the
658 // shutdown of a previous cache for this account ID is still in progress.
659 DeviceLocalAccountPolicyBroker
* broker
=
660 service_
->GetBrokerForUser(account_1_user_id_
);
662 EXPECT_FALSE(broker
->extension_loader()->IsCacheRunning());
664 // Allow the cache shutdown to finish.
665 extension_cache_task_runner_
->RunUntilIdle();
666 base::RunLoop().RunUntilIdle();
668 // Verify that the cache directory for account 1 still exists.
669 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_
));
671 // Verify that the cache for account 1 has been started, reusing the existing
673 EXPECT_TRUE(broker
->extension_loader()->IsCacheRunning());
676 // Verifies that while the deletion of an obsolete cache directory is in
677 // progress, no new cache is started if an account with the same ID is re-added.
678 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest
,
679 RaceAgainstObsoleteDeletion
) {
680 // Add account 1 to device policy.
681 InstallDeviceLocalAccountPolicy(kAccount1
);
682 AddDeviceLocalAccountToPolicy(kAccount1
);
683 InstallDevicePolicy();
685 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
686 // deletion of orphaned cache directories.
687 CreatePolicyService();
688 FlushDeviceSettings();
689 extension_cache_task_runner_
->RunUntilIdle();
691 // Remove account 1 from device policy, allowing the shutdown of its cache to
692 // finish and the deletion of its now obsolete cache directory to begin.
693 device_policy_
.payload().mutable_device_local_accounts()->clear_account();
694 InstallDevicePolicy();
695 extension_cache_task_runner_
->RunUntilIdle();
696 base::RunLoop().RunUntilIdle();
698 // Re-add account 1 to device policy.
699 AddDeviceLocalAccountToPolicy(kAccount1
);
700 InstallDevicePolicy();
702 // Verify that the cache for account 1 has not been started yet as the
703 // deletion of the cache directory for this account ID is still in progress.
704 DeviceLocalAccountPolicyBroker
* broker
=
705 service_
->GetBrokerForUser(account_1_user_id_
);
707 EXPECT_FALSE(broker
->extension_loader()->IsCacheRunning());
709 // Allow the deletion to finish.
710 extension_cache_task_runner_
->RunUntilIdle();
711 base::RunLoop().RunUntilIdle();
713 // Verify that the cache directory for account 1 was deleted.
714 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_
));
716 // Verify that the cache for account 1 has been started.
717 EXPECT_TRUE(broker
->extension_loader()->IsCacheRunning());
720 // Verifies that when an account is added and no deletion of cache directories
721 // affecting this account is in progress, its cache is started immediately.
722 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest
, AddAccount
) {
723 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
724 // deletion of orphaned cache directories.
725 InstallDevicePolicy();
726 CreatePolicyService();
727 FlushDeviceSettings();
728 extension_cache_task_runner_
->RunUntilIdle();
730 // Add account 1 to device policy.
731 InstallDeviceLocalAccountPolicy(kAccount1
);
732 AddDeviceLocalAccountToPolicy(kAccount1
);
733 InstallDevicePolicy();
735 // Verify that the cache for account 1 has been started.
736 DeviceLocalAccountPolicyBroker
* broker
=
737 service_
->GetBrokerForUser(account_1_user_id_
);
739 EXPECT_TRUE(broker
->extension_loader()->IsCacheRunning());
742 // Verifies that when an account is removed, its cache directory is deleted.
743 TEST_F(DeviceLocalAccountPolicyExtensionCacheTest
, RemoveAccount
) {
744 // Add account 1 to device policy.
745 InstallDeviceLocalAccountPolicy(kAccount1
);
746 AddDeviceLocalAccountToPolicy(kAccount1
);
747 InstallDevicePolicy();
749 // Create the DeviceLocalAccountPolicyService, allowing it to finish the
750 // deletion of orphaned cache directories.
751 CreatePolicyService();
752 FlushDeviceSettings();
753 extension_cache_task_runner_
->RunUntilIdle();
755 // Verify that a cache directory has been created for account 1.
756 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_
));
758 // Remove account 1 from device policy, allowing the deletion of its now
759 // obsolete cache directory to finish.
760 device_policy_
.payload().mutable_device_local_accounts()->clear_account();
761 InstallDevicePolicy();
762 extension_cache_task_runner_
->RunUntilIdle();
763 base::RunLoop().RunUntilIdle();
764 extension_cache_task_runner_
->RunUntilIdle();
766 // Verify that the cache directory for account 1 was deleted.
767 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_
));
770 class DeviceLocalAccountPolicyProviderTest
771 : public DeviceLocalAccountPolicyServiceTestBase
{
773 DeviceLocalAccountPolicyProviderTest();
775 void SetUp() override
;
776 void TearDown() override
;
778 SchemaRegistry schema_registry_
;
779 scoped_ptr
<DeviceLocalAccountPolicyProvider
> provider_
;
780 MockConfigurationPolicyObserver provider_observer_
;
783 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyProviderTest
);
786 DeviceLocalAccountPolicyProviderTest::DeviceLocalAccountPolicyProviderTest() {
787 CreatePolicyService();
788 provider_
= DeviceLocalAccountPolicyProvider::Create(
789 GenerateDeviceLocalAccountUserId(kAccount1
,
790 DeviceLocalAccount::TYPE_PUBLIC_SESSION
),
794 void DeviceLocalAccountPolicyProviderTest::SetUp() {
795 DeviceLocalAccountPolicyServiceTestBase::SetUp();
796 provider_
->Init(&schema_registry_
);
797 provider_
->AddObserver(&provider_observer_
);
799 // Values implicitly enforced for public accounts.
800 expected_policy_map_
.Set(key::kLidCloseAction
,
801 POLICY_LEVEL_MANDATORY
,
802 POLICY_SCOPE_MACHINE
,
803 new base::FundamentalValue(
804 chromeos::PowerPolicyController::
805 ACTION_STOP_SESSION
),
807 expected_policy_map_
.Set(key::kShelfAutoHideBehavior
,
808 POLICY_LEVEL_MANDATORY
,
809 POLICY_SCOPE_MACHINE
,
810 new base::StringValue("Never"),
812 expected_policy_map_
.Set(key::kShowLogoutButtonInTray
,
813 POLICY_LEVEL_MANDATORY
,
814 POLICY_SCOPE_MACHINE
,
815 new base::FundamentalValue(true),
817 expected_policy_map_
.Set(key::kFullscreenAllowed
,
818 POLICY_LEVEL_MANDATORY
,
819 POLICY_SCOPE_MACHINE
,
820 new base::FundamentalValue(false),
824 void DeviceLocalAccountPolicyProviderTest::TearDown() {
825 provider_
->RemoveObserver(&provider_observer_
);
826 provider_
->Shutdown();
828 DeviceLocalAccountPolicyServiceTestBase::TearDown();
831 TEST_F(DeviceLocalAccountPolicyProviderTest
, Initialization
) {
832 EXPECT_FALSE(provider_
->IsInitializationComplete(POLICY_DOMAIN_CHROME
));
834 // Policy change should complete initialization.
835 InstallDeviceLocalAccountPolicy(kAccount1
);
836 AddDeviceLocalAccountToPolicy(kAccount1
);
837 EXPECT_CALL(provider_observer_
, OnUpdatePolicy(provider_
.get()))
839 InstallDevicePolicy();
840 Mock::VerifyAndClearExpectations(&provider_observer_
);
842 EXPECT_TRUE(provider_
->IsInitializationComplete(POLICY_DOMAIN_CHROME
));
844 // The account disappearing should *not* flip the initialization flag back.
845 EXPECT_CALL(provider_observer_
, OnUpdatePolicy(provider_
.get()))
847 device_policy_
.payload().mutable_device_local_accounts()->clear_account();
848 InstallDevicePolicy();
849 Mock::VerifyAndClearExpectations(&provider_observer_
);
851 EXPECT_TRUE(provider_
->IsInitializationComplete(POLICY_DOMAIN_CHROME
));
854 TEST_F(DeviceLocalAccountPolicyProviderTest
, Policy
) {
855 // Policy should load successfully.
856 EXPECT_CALL(provider_observer_
, OnUpdatePolicy(provider_
.get()))
858 InstallDeviceLocalAccountPolicy(kAccount1
);
859 AddDeviceLocalAccountToPolicy(kAccount1
);
860 InstallDevicePolicy();
861 Mock::VerifyAndClearExpectations(&provider_observer_
);
863 PolicyBundle expected_policy_bundle
;
864 expected_policy_bundle
.Get(PolicyNamespace(
865 POLICY_DOMAIN_CHROME
, std::string())).CopyFrom(expected_policy_map_
);
866 EXPECT_TRUE(expected_policy_bundle
.Equals(provider_
->policies()));
868 // Policy change should be reported.
869 EXPECT_CALL(provider_observer_
, OnUpdatePolicy(provider_
.get()))
871 device_local_account_policy_
.payload().mutable_disablespdy()->set_value(
873 InstallDeviceLocalAccountPolicy(kAccount1
);
874 DeviceLocalAccountPolicyBroker
* broker
=
875 service_
->GetBrokerForUser(account_1_user_id_
);
877 broker
->core()->store()->Load();
878 FlushDeviceSettings();
879 Mock::VerifyAndClearExpectations(&provider_observer_
);
881 expected_policy_bundle
.Get(
882 PolicyNamespace(POLICY_DOMAIN_CHROME
, std::string()))
883 .Set(key::kDisableSpdy
,
884 POLICY_LEVEL_MANDATORY
,
886 new base::FundamentalValue(false),
888 EXPECT_TRUE(expected_policy_bundle
.Equals(provider_
->policies()));
890 // Any values set for the |ShelfAutoHideBehavior|, |ShowLogoutButtonInTray|
891 // and |ExtensionAllowedTypes| policies should be overridden.
892 EXPECT_CALL(provider_observer_
, OnUpdatePolicy(provider_
.get()))
894 device_local_account_policy_
.payload().mutable_shelfautohidebehavior()->
896 device_local_account_policy_
.payload().mutable_showlogoutbuttonintray()->
898 InstallDeviceLocalAccountPolicy(kAccount1
);
899 broker
->core()->store()->Load();
900 FlushDeviceSettings();
901 Mock::VerifyAndClearExpectations(&provider_observer_
);
902 EXPECT_TRUE(expected_policy_bundle
.Equals(provider_
->policies()));
904 // Account disappears, policy should stay in effect.
905 EXPECT_CALL(provider_observer_
, OnUpdatePolicy(provider_
.get()))
907 device_policy_
.payload().mutable_device_local_accounts()->clear_account();
908 InstallDevicePolicy();
909 Mock::VerifyAndClearExpectations(&provider_observer_
);
911 EXPECT_TRUE(expected_policy_bundle
.Equals(provider_
->policies()));
914 TEST_F(DeviceLocalAccountPolicyProviderTest
, RefreshPolicies
) {
915 // If there's no device policy, the refresh completes immediately.
916 EXPECT_FALSE(service_
->GetBrokerForUser(account_1_user_id_
));
917 EXPECT_CALL(provider_observer_
, OnUpdatePolicy(provider_
.get()))
919 provider_
->RefreshPolicies();
920 Mock::VerifyAndClearExpectations(&provider_observer_
);
922 // Make device settings appear.
923 EXPECT_CALL(provider_observer_
, OnUpdatePolicy(provider_
.get()))
925 AddDeviceLocalAccountToPolicy(kAccount1
);
926 InstallDevicePolicy();
927 EXPECT_TRUE(service_
->GetBrokerForUser(account_1_user_id_
));
929 // If there's no cloud connection, refreshes are still immediate.
930 DeviceLocalAccountPolicyBroker
* broker
=
931 service_
->GetBrokerForUser(account_1_user_id_
);
933 EXPECT_FALSE(broker
->core()->client());
934 EXPECT_CALL(provider_observer_
, OnUpdatePolicy(provider_
.get()))
936 provider_
->RefreshPolicies();
937 Mock::VerifyAndClearExpectations(&provider_observer_
);
939 // Bring up the cloud connection. The refresh scheduler may fire refreshes at
940 // this point which are not relevant for the test.
941 EXPECT_CALL(mock_device_management_service_
, CreateJob(_
, _
))
943 mock_device_management_service_
.FailJob(DM_STATUS_REQUEST_FAILED
));
944 EXPECT_CALL(mock_device_management_service_
, StartJob(_
, _
, _
, _
, _
, _
, _
))
946 service_
->Connect(&mock_device_management_service_
);
947 FlushDeviceSettings();
948 Mock::VerifyAndClearExpectations(&mock_device_management_service_
);
950 // No callbacks until the refresh completes.
951 EXPECT_CALL(provider_observer_
, OnUpdatePolicy(_
)).Times(0);
952 MockDeviceManagementJob
* request_job
;
953 EXPECT_CALL(mock_device_management_service_
, CreateJob(_
, _
))
954 .WillOnce(mock_device_management_service_
.CreateAsyncJob(&request_job
));
955 EXPECT_CALL(mock_device_management_service_
, StartJob(_
, _
, _
, _
, _
, _
, _
));
956 provider_
->RefreshPolicies();
957 ReloadDeviceSettings();
958 Mock::VerifyAndClearExpectations(&provider_observer_
);
959 Mock::VerifyAndClearExpectations(&mock_device_management_service_
);
960 EXPECT_TRUE(provider_
->IsInitializationComplete(POLICY_DOMAIN_CHROME
));
962 // When the response comes in, it should propagate and fire the notification.
963 EXPECT_CALL(provider_observer_
, OnUpdatePolicy(provider_
.get()))
965 ASSERT_TRUE(request_job
);
966 em::DeviceManagementResponse response
;
967 device_local_account_policy_
.Build();
968 response
.mutable_policy_response()->add_response()->CopyFrom(
969 device_local_account_policy_
.policy());
970 request_job
->SendResponse(DM_STATUS_SUCCESS
, response
);
971 FlushDeviceSettings();
972 Mock::VerifyAndClearExpectations(&provider_observer_
);
975 } // namespace policy