1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/extensions/api/permissions/permissions_api.h"
6#include "chrome/browser/extensions/extension_apitest.h"
7#include "chrome/browser/extensions/extension_prefs.h"
8#include "chrome/browser/extensions/extension_service.h"
9#include "chrome/browser/profiles/profile.h"
10#include "chrome/browser/ui/browser.h"
11#include "extensions/common/permissions/permission_set.h"
12#include "extensions/common/switches.h"
13#include "net/dns/mock_host_resolver.h"
14
15namespace extensions {
16
17namespace {
18
19static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
20  int schemes = URLPattern::SCHEME_ALL;
21  extent->AddPattern(URLPattern(schemes, pattern));
22}
23
24}  // namespace
25
26class ExperimentalApiTest : public ExtensionApiTest {
27public:
28  virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
29    ExtensionApiTest::SetUpCommandLine(command_line);
30    command_line->AppendSwitch(switches::kEnableExperimentalExtensionApis);
31  }
32};
33
34IN_PROC_BROWSER_TEST_F(ExtensionApiTest, PermissionsFail) {
35  ASSERT_TRUE(RunExtensionTest("permissions/disabled")) << message_;
36
37  // Since the experimental APIs require a flag, this will fail even though
38  // it's enabled.
39  // TODO(erikkay) This test is currently broken because LoadExtension in
40  // ExtensionBrowserTest doesn't actually fail, it just times out.  To fix this
41  // I'll need to add an EXTENSION_LOAD_ERROR notification, which is probably
42  // too much for the branch.  I'll enable this on trunk later.
43  //ASSERT_FALSE(RunExtensionTest("permissions/enabled"))) << message_;
44}
45
46IN_PROC_BROWSER_TEST_F(ExperimentalApiTest, PermissionsSucceed) {
47  ASSERT_TRUE(RunExtensionTest("permissions/enabled")) << message_;
48}
49
50IN_PROC_BROWSER_TEST_F(ExtensionApiTest, ExperimentalPermissionsFail) {
51  // At the time this test is being created, there is no experimental
52  // function that will not be graduating soon, and does not require a
53  // tab id as an argument.  So, we need the tab permission to get
54  // a tab id.
55  ASSERT_TRUE(RunExtensionTest("permissions/experimental_disabled"))
56      << message_;
57}
58
59IN_PROC_BROWSER_TEST_F(ExtensionApiTest, FaviconPermission) {
60  ASSERT_TRUE(RunExtensionTest("permissions/favicon")) << message_;
61}
62
63// Test functions and APIs that are always allowed (even if you ask for no
64// permissions).
65// Disabled: http://crbug.com/125193
66IN_PROC_BROWSER_TEST_F(ExtensionApiTest, DISABLED_AlwaysAllowed) {
67  ASSERT_TRUE(RunExtensionTest("permissions/always_allowed")) << message_;
68}
69
70// Tests that the optional permissions API works correctly.
71IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGranted) {
72  // Mark all the tested APIs as granted to bypass the confirmation UI.
73  APIPermissionSet apis;
74  apis.insert(APIPermission::kBookmark);
75  ManifestPermissionSet manifest_permissions;
76  URLPatternSet explicit_hosts;
77  AddPattern(&explicit_hosts, "http://*.c.com/*");
78  scoped_refptr<PermissionSet> granted_permissions =
79      new PermissionSet(apis, manifest_permissions,
80                        explicit_hosts, URLPatternSet());
81
82  ExtensionPrefs* prefs =
83      browser()->profile()->GetExtensionService()->extension_prefs();
84  prefs->AddGrantedPermissions("kjmkgkdkpedkejedfhmfcenooemhbpbo",
85                               granted_permissions.get());
86
87  PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
88  host_resolver()->AddRule("*.com", "127.0.0.1");
89  ASSERT_TRUE(StartEmbeddedTestServer());
90  EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_;
91}
92
93// Tests that the optional permissions API works correctly.
94IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsAutoConfirm) {
95  // Rather than setting the granted permissions, set the UI autoconfirm flag
96  // and run the same tests.
97  PermissionsRequestFunction::SetAutoConfirmForTests(true);
98  PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
99  host_resolver()->AddRule("*.com", "127.0.0.1");
100  ASSERT_TRUE(StartEmbeddedTestServer());
101  EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_;
102}
103
104// Test that denying the optional permissions confirmation dialog works.
105IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsDeny) {
106  PermissionsRequestFunction::SetAutoConfirmForTests(false);
107  PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
108  host_resolver()->AddRule("*.com", "127.0.0.1");
109  ASSERT_TRUE(StartEmbeddedTestServer());
110  EXPECT_TRUE(RunExtensionTest("permissions/optional_deny")) << message_;
111}
112
113// Tests that the permissions.request function must be called from within a
114// user gesture.
115IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGesture) {
116  PermissionsRequestFunction::SetIgnoreUserGestureForTests(false);
117  host_resolver()->AddRule("*.com", "127.0.0.1");
118  ASSERT_TRUE(StartEmbeddedTestServer());
119  EXPECT_TRUE(RunExtensionTest("permissions/optional_gesture")) << message_;
120}
121
122// Tests that an extension can't gain access to file: URLs without the checkbox
123// entry in prefs. There shouldn't be a warning either.
124IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsFileAccess) {
125  // There shouldn't be a warning, so we shouldn't need to autoconfirm.
126  PermissionsRequestFunction::SetAutoConfirmForTests(false);
127  PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
128
129  ExtensionPrefs* prefs =
130      browser()->profile()->GetExtensionService()->extension_prefs();
131
132  EXPECT_TRUE(
133      RunExtensionTestNoFileAccess("permissions/file_access_no")) << message_;
134  EXPECT_FALSE(prefs->AllowFileAccess("dgloelfbnddbdacakahpogklfdcccbib"));
135
136  EXPECT_TRUE(RunExtensionTest("permissions/file_access_yes")) << message_;
137  // TODO(kalman): ugh, it would be nice to test this condition, but it seems
138  // like there's somehow a race here where the prefs aren't updated in time
139  // with the "allow file access" bit, so we'll just have to trust that
140  // RunExtensionTest (unlike RunExtensionTestNoFileAccess) does indeed
141  // not set the allow file access bit. Otherwise this test doesn't mean
142  // a whole lot (i.e. file access works - but it'd better not be the case
143  // that the extension actually has file access, since that'd be the bug
144  // that this is supposed to be testing).
145  //EXPECT_TRUE(prefs->AllowFileAccess("hlonmbgfjccgolnaboonlakjckinmhmd"));
146}
147
148// Test requesting, querying, and removing host permissions for host
149// permissions that are a subset of the optional permissions.
150IN_PROC_BROWSER_TEST_F(ExtensionApiTest, HostSubsets) {
151  PermissionsRequestFunction::SetAutoConfirmForTests(true);
152  PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
153  EXPECT_TRUE(RunExtensionTest("permissions/host_subsets")) << message_;
154}
155
156}  // namespace extensions
157