1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/extensions/api/permissions/permissions_api.h" 6#include "chrome/browser/extensions/extension_apitest.h" 7#include "chrome/browser/extensions/extension_prefs.h" 8#include "chrome/browser/extensions/extension_service.h" 9#include "chrome/browser/profiles/profile.h" 10#include "chrome/browser/ui/browser.h" 11#include "extensions/common/permissions/permission_set.h" 12#include "extensions/common/switches.h" 13#include "net/dns/mock_host_resolver.h" 14 15namespace extensions { 16 17namespace { 18 19static void AddPattern(URLPatternSet* extent, const std::string& pattern) { 20 int schemes = URLPattern::SCHEME_ALL; 21 extent->AddPattern(URLPattern(schemes, pattern)); 22} 23 24} // namespace 25 26class ExperimentalApiTest : public ExtensionApiTest { 27public: 28 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 29 ExtensionApiTest::SetUpCommandLine(command_line); 30 command_line->AppendSwitch(switches::kEnableExperimentalExtensionApis); 31 } 32}; 33 34IN_PROC_BROWSER_TEST_F(ExtensionApiTest, PermissionsFail) { 35 ASSERT_TRUE(RunExtensionTest("permissions/disabled")) << message_; 36 37 // Since the experimental APIs require a flag, this will fail even though 38 // it's enabled. 39 // TODO(erikkay) This test is currently broken because LoadExtension in 40 // ExtensionBrowserTest doesn't actually fail, it just times out. To fix this 41 // I'll need to add an EXTENSION_LOAD_ERROR notification, which is probably 42 // too much for the branch. I'll enable this on trunk later. 43 //ASSERT_FALSE(RunExtensionTest("permissions/enabled"))) << message_; 44} 45 46IN_PROC_BROWSER_TEST_F(ExperimentalApiTest, PermissionsSucceed) { 47 ASSERT_TRUE(RunExtensionTest("permissions/enabled")) << message_; 48} 49 50IN_PROC_BROWSER_TEST_F(ExtensionApiTest, ExperimentalPermissionsFail) { 51 // At the time this test is being created, there is no experimental 52 // function that will not be graduating soon, and does not require a 53 // tab id as an argument. So, we need the tab permission to get 54 // a tab id. 55 ASSERT_TRUE(RunExtensionTest("permissions/experimental_disabled")) 56 << message_; 57} 58 59IN_PROC_BROWSER_TEST_F(ExtensionApiTest, FaviconPermission) { 60 ASSERT_TRUE(RunExtensionTest("permissions/favicon")) << message_; 61} 62 63// Test functions and APIs that are always allowed (even if you ask for no 64// permissions). 65// Disabled: http://crbug.com/125193 66IN_PROC_BROWSER_TEST_F(ExtensionApiTest, DISABLED_AlwaysAllowed) { 67 ASSERT_TRUE(RunExtensionTest("permissions/always_allowed")) << message_; 68} 69 70// Tests that the optional permissions API works correctly. 71IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGranted) { 72 // Mark all the tested APIs as granted to bypass the confirmation UI. 73 APIPermissionSet apis; 74 apis.insert(APIPermission::kBookmark); 75 ManifestPermissionSet manifest_permissions; 76 URLPatternSet explicit_hosts; 77 AddPattern(&explicit_hosts, "http://*.c.com/*"); 78 scoped_refptr<PermissionSet> granted_permissions = 79 new PermissionSet(apis, manifest_permissions, 80 explicit_hosts, URLPatternSet()); 81 82 ExtensionPrefs* prefs = 83 browser()->profile()->GetExtensionService()->extension_prefs(); 84 prefs->AddGrantedPermissions("kjmkgkdkpedkejedfhmfcenooemhbpbo", 85 granted_permissions.get()); 86 87 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); 88 host_resolver()->AddRule("*.com", "127.0.0.1"); 89 ASSERT_TRUE(StartEmbeddedTestServer()); 90 EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_; 91} 92 93// Tests that the optional permissions API works correctly. 94IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsAutoConfirm) { 95 // Rather than setting the granted permissions, set the UI autoconfirm flag 96 // and run the same tests. 97 PermissionsRequestFunction::SetAutoConfirmForTests(true); 98 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); 99 host_resolver()->AddRule("*.com", "127.0.0.1"); 100 ASSERT_TRUE(StartEmbeddedTestServer()); 101 EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_; 102} 103 104// Test that denying the optional permissions confirmation dialog works. 105IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsDeny) { 106 PermissionsRequestFunction::SetAutoConfirmForTests(false); 107 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); 108 host_resolver()->AddRule("*.com", "127.0.0.1"); 109 ASSERT_TRUE(StartEmbeddedTestServer()); 110 EXPECT_TRUE(RunExtensionTest("permissions/optional_deny")) << message_; 111} 112 113// Tests that the permissions.request function must be called from within a 114// user gesture. 115IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGesture) { 116 PermissionsRequestFunction::SetIgnoreUserGestureForTests(false); 117 host_resolver()->AddRule("*.com", "127.0.0.1"); 118 ASSERT_TRUE(StartEmbeddedTestServer()); 119 EXPECT_TRUE(RunExtensionTest("permissions/optional_gesture")) << message_; 120} 121 122// Tests that an extension can't gain access to file: URLs without the checkbox 123// entry in prefs. There shouldn't be a warning either. 124IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsFileAccess) { 125 // There shouldn't be a warning, so we shouldn't need to autoconfirm. 126 PermissionsRequestFunction::SetAutoConfirmForTests(false); 127 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); 128 129 ExtensionPrefs* prefs = 130 browser()->profile()->GetExtensionService()->extension_prefs(); 131 132 EXPECT_TRUE( 133 RunExtensionTestNoFileAccess("permissions/file_access_no")) << message_; 134 EXPECT_FALSE(prefs->AllowFileAccess("dgloelfbnddbdacakahpogklfdcccbib")); 135 136 EXPECT_TRUE(RunExtensionTest("permissions/file_access_yes")) << message_; 137 // TODO(kalman): ugh, it would be nice to test this condition, but it seems 138 // like there's somehow a race here where the prefs aren't updated in time 139 // with the "allow file access" bit, so we'll just have to trust that 140 // RunExtensionTest (unlike RunExtensionTestNoFileAccess) does indeed 141 // not set the allow file access bit. Otherwise this test doesn't mean 142 // a whole lot (i.e. file access works - but it'd better not be the case 143 // that the extension actually has file access, since that'd be the bug 144 // that this is supposed to be testing). 145 //EXPECT_TRUE(prefs->AllowFileAccess("hlonmbgfjccgolnaboonlakjckinmhmd")); 146} 147 148// Test requesting, querying, and removing host permissions for host 149// permissions that are a subset of the optional permissions. 150IN_PROC_BROWSER_TEST_F(ExtensionApiTest, HostSubsets) { 151 PermissionsRequestFunction::SetAutoConfirmForTests(true); 152 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); 153 EXPECT_TRUE(RunExtensionTest("permissions/host_subsets")) << message_; 154} 155 156} // namespace extensions 157