1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "components/policy/core/common/cloud/user_cloud_policy_store.h" 6 7#include "base/file_util.h" 8#include "base/files/scoped_temp_dir.h" 9#include "base/message_loop/message_loop.h" 10#include "base/message_loop/message_loop_proxy.h" 11#include "base/run_loop.h" 12#include "components/policy/core/common/cloud/mock_cloud_external_data_manager.h" 13#include "components/policy/core/common/cloud/mock_cloud_policy_store.h" 14#include "components/policy/core/common/cloud/policy_builder.h" 15#include "net/url_request/url_request_context_getter.h" 16#include "policy/policy_constants.h" 17#include "testing/gmock/include/gmock/gmock.h" 18#include "testing/gtest/include/gtest/gtest.h" 19 20using testing::AllOf; 21using testing::Eq; 22using testing::Mock; 23using testing::Property; 24using testing::Sequence; 25 26namespace policy { 27 28namespace { 29 30void RunUntilIdle() { 31 base::RunLoop run_loop; 32 run_loop.RunUntilIdle(); 33} 34 35class UserCloudPolicyStoreTest : public testing::Test { 36 public: 37 UserCloudPolicyStoreTest() : loop_(base::MessageLoop::TYPE_UI) {} 38 39 virtual void SetUp() OVERRIDE { 40 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); 41 store_.reset( 42 new UserCloudPolicyStore(policy_file(), loop_.message_loop_proxy())); 43 external_data_manager_.reset(new MockCloudExternalDataManager); 44 external_data_manager_->SetPolicyStore(store_.get()); 45 store_->SetSigninUsername(PolicyBuilder::kFakeUsername); 46 store_->AddObserver(&observer_); 47 48 policy_.payload().mutable_passwordmanagerenabled()->set_value(true); 49 policy_.payload().mutable_urlblacklist()->mutable_value()->add_entries( 50 "chromium.org"); 51 52 policy_.Build(); 53 } 54 55 virtual void TearDown() OVERRIDE { 56 store_->RemoveObserver(&observer_); 57 external_data_manager_.reset(); 58 store_.reset(); 59 RunUntilIdle(); 60 } 61 62 base::FilePath policy_file() { 63 return tmp_dir_.path().AppendASCII("policy"); 64 } 65 66 // Verifies that store_->policy_map() has the appropriate entries. 67 void VerifyPolicyMap(CloudPolicyStore* store) { 68 EXPECT_EQ(2U, store->policy_map().size()); 69 const PolicyMap::Entry* entry = 70 store->policy_map().Get(key::kPasswordManagerEnabled); 71 ASSERT_TRUE(entry); 72 EXPECT_TRUE(base::FundamentalValue(true).Equals(entry->value)); 73 ASSERT_TRUE(store->policy_map().Get(key::kURLBlacklist)); 74 } 75 76 // Install an expectation on |observer_| for an error code. 77 void ExpectError(CloudPolicyStore* store, CloudPolicyStore::Status error) { 78 EXPECT_CALL(observer_, 79 OnStoreError(AllOf(Eq(store), 80 Property(&CloudPolicyStore::status, 81 Eq(error))))); 82 } 83 84 UserPolicyBuilder policy_; 85 MockCloudPolicyStoreObserver observer_; 86 scoped_ptr<UserCloudPolicyStore> store_; 87 scoped_ptr<MockCloudExternalDataManager> external_data_manager_; 88 89 // CloudPolicyValidator() requires a FILE thread so declare one here. Both 90 // |ui_thread_| and |file_thread_| share the same MessageLoop |loop_| so 91 // callers can use RunLoop to manage both virtual threads. 92 base::MessageLoop loop_; 93 94 base::ScopedTempDir tmp_dir_; 95 96 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreTest); 97}; 98 99TEST_F(UserCloudPolicyStoreTest, LoadWithNoFile) { 100 EXPECT_FALSE(store_->policy()); 101 EXPECT_TRUE(store_->policy_map().empty()); 102 103 Sequence s; 104 EXPECT_CALL(*external_data_manager_, OnPolicyStoreLoaded()).InSequence(s); 105 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())).InSequence(s); 106 store_->Load(); 107 RunUntilIdle(); 108 109 EXPECT_FALSE(store_->policy()); 110 EXPECT_TRUE(store_->policy_map().empty()); 111} 112 113TEST_F(UserCloudPolicyStoreTest, LoadWithInvalidFile) { 114 EXPECT_FALSE(store_->policy()); 115 EXPECT_TRUE(store_->policy_map().empty()); 116 117 // Create a bogus file. 118 ASSERT_TRUE(base::CreateDirectory(policy_file().DirName())); 119 std::string bogus_data = "bogus_data"; 120 int size = bogus_data.size(); 121 ASSERT_EQ(size, file_util::WriteFile(policy_file(), 122 bogus_data.c_str(), 123 bogus_data.size())); 124 125 ExpectError(store_.get(), CloudPolicyStore::STATUS_LOAD_ERROR); 126 store_->Load(); 127 RunUntilIdle(); 128 129 EXPECT_FALSE(store_->policy()); 130 EXPECT_TRUE(store_->policy_map().empty()); 131} 132 133TEST_F(UserCloudPolicyStoreTest, LoadImmediatelyWithNoFile) { 134 EXPECT_FALSE(store_->policy()); 135 EXPECT_TRUE(store_->policy_map().empty()); 136 137 Sequence s; 138 EXPECT_CALL(*external_data_manager_, OnPolicyStoreLoaded()).InSequence(s); 139 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())).InSequence(s); 140 store_->LoadImmediately(); // Should load without running the message loop. 141 142 EXPECT_FALSE(store_->policy()); 143 EXPECT_TRUE(store_->policy_map().empty()); 144} 145 146TEST_F(UserCloudPolicyStoreTest, LoadImmediatelyWithInvalidFile) { 147 EXPECT_FALSE(store_->policy()); 148 EXPECT_TRUE(store_->policy_map().empty()); 149 150 // Create a bogus file. 151 ASSERT_TRUE(base::CreateDirectory(policy_file().DirName())); 152 std::string bogus_data = "bogus_data"; 153 int size = bogus_data.size(); 154 ASSERT_EQ(size, file_util::WriteFile(policy_file(), 155 bogus_data.c_str(), 156 bogus_data.size())); 157 158 ExpectError(store_.get(), CloudPolicyStore::STATUS_LOAD_ERROR); 159 store_->LoadImmediately(); // Should load without running the message loop. 160 161 EXPECT_FALSE(store_->policy()); 162 EXPECT_TRUE(store_->policy_map().empty()); 163} 164 165TEST_F(UserCloudPolicyStoreTest, Store) { 166 EXPECT_FALSE(store_->policy()); 167 EXPECT_TRUE(store_->policy_map().empty()); 168 169 // Store a simple policy and make sure it ends up as the currently active 170 // policy. 171 Sequence s; 172 EXPECT_CALL(*external_data_manager_, OnPolicyStoreLoaded()).InSequence(s); 173 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())).InSequence(s); 174 store_->Store(policy_.policy()); 175 RunUntilIdle(); 176 177 // Policy should be decoded and stored. 178 ASSERT_TRUE(store_->policy()); 179 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 180 store_->policy()->SerializeAsString()); 181 VerifyPolicyMap(store_.get()); 182 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 183} 184 185TEST_F(UserCloudPolicyStoreTest, StoreThenClear) { 186 EXPECT_FALSE(store_->policy()); 187 EXPECT_TRUE(store_->policy_map().empty()); 188 189 // Store a simple policy and make sure the file exists. 190 // policy. 191 Sequence s1; 192 EXPECT_CALL(*external_data_manager_, OnPolicyStoreLoaded()).InSequence(s1); 193 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())).InSequence(s1); 194 store_->Store(policy_.policy()); 195 RunUntilIdle(); 196 197 EXPECT_TRUE(store_->policy()); 198 EXPECT_FALSE(store_->policy_map().empty()); 199 200 Mock::VerifyAndClearExpectations(external_data_manager_.get()); 201 Mock::VerifyAndClearExpectations(&observer_); 202 203 // Policy file should exist. 204 ASSERT_TRUE(base::PathExists(policy_file())); 205 206 Sequence s2; 207 EXPECT_CALL(*external_data_manager_, OnPolicyStoreLoaded()).InSequence(s2); 208 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())).InSequence(s2); 209 store_->Clear(); 210 RunUntilIdle(); 211 212 // Policy file should not exist. 213 ASSERT_TRUE(!base::PathExists(policy_file())); 214 215 // Policy should be gone. 216 EXPECT_FALSE(store_->policy()); 217 EXPECT_TRUE(store_->policy_map().empty()); 218 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 219} 220 221TEST_F(UserCloudPolicyStoreTest, StoreTwoTimes) { 222 EXPECT_FALSE(store_->policy()); 223 EXPECT_TRUE(store_->policy_map().empty()); 224 225 // Store a simple policy then store a second policy before the first one 226 // finishes validating, and make sure the second policy ends up as the active 227 // policy. 228 Sequence s1; 229 EXPECT_CALL(*external_data_manager_, OnPolicyStoreLoaded()).InSequence(s1); 230 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())).InSequence(s1); 231 232 UserPolicyBuilder first_policy; 233 first_policy.payload().mutable_passwordmanagerenabled()->set_value(false); 234 first_policy.Build(); 235 store_->Store(first_policy.policy()); 236 RunUntilIdle(); 237 238 Mock::VerifyAndClearExpectations(external_data_manager_.get()); 239 Mock::VerifyAndClearExpectations(&observer_); 240 241 Sequence s2; 242 EXPECT_CALL(*external_data_manager_, OnPolicyStoreLoaded()).InSequence(s2); 243 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())).InSequence(s2); 244 245 store_->Store(policy_.policy()); 246 RunUntilIdle(); 247 248 // Policy should be decoded and stored. 249 ASSERT_TRUE(store_->policy()); 250 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 251 store_->policy()->SerializeAsString()); 252 VerifyPolicyMap(store_.get()); 253 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 254} 255 256TEST_F(UserCloudPolicyStoreTest, StoreThenLoad) { 257 // Store a simple policy and make sure it can be read back in. 258 // policy. 259 Sequence s; 260 EXPECT_CALL(*external_data_manager_, OnPolicyStoreLoaded()).InSequence(s); 261 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())).InSequence(s); 262 store_->Store(policy_.policy()); 263 RunUntilIdle(); 264 265 // Now, make sure the policy can be read back in from a second store. 266 scoped_ptr<UserCloudPolicyStore> store2( 267 new UserCloudPolicyStore(policy_file(), loop_.message_loop_proxy())); 268 store2->SetSigninUsername(PolicyBuilder::kFakeUsername); 269 store2->AddObserver(&observer_); 270 EXPECT_CALL(observer_, OnStoreLoaded(store2.get())); 271 store2->Load(); 272 RunUntilIdle(); 273 274 ASSERT_TRUE(store2->policy()); 275 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 276 store2->policy()->SerializeAsString()); 277 VerifyPolicyMap(store2.get()); 278 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store2->status()); 279 store2->RemoveObserver(&observer_); 280} 281 282TEST_F(UserCloudPolicyStoreTest, StoreThenLoadImmediately) { 283 // Store a simple policy and make sure it can be read back in. 284 // policy. 285 Sequence s; 286 EXPECT_CALL(*external_data_manager_, OnPolicyStoreLoaded()).InSequence(s); 287 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())).InSequence(s); 288 store_->Store(policy_.policy()); 289 RunUntilIdle(); 290 291 // Now, make sure the policy can be read back in from a second store. 292 scoped_ptr<UserCloudPolicyStore> store2( 293 new UserCloudPolicyStore(policy_file(), loop_.message_loop_proxy())); 294 store2->SetSigninUsername(PolicyBuilder::kFakeUsername); 295 store2->AddObserver(&observer_); 296 EXPECT_CALL(observer_, OnStoreLoaded(store2.get())); 297 store2->LoadImmediately(); // Should load without running the message loop. 298 299 ASSERT_TRUE(store2->policy()); 300 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 301 store2->policy()->SerializeAsString()); 302 VerifyPolicyMap(store2.get()); 303 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store2->status()); 304 store2->RemoveObserver(&observer_); 305} 306 307TEST_F(UserCloudPolicyStoreTest, StoreValidationError) { 308 // Create an invalid policy (no policy type). 309 policy_.policy_data().clear_policy_type(); 310 policy_.Build(); 311 312 // Store policy. 313 ExpectError(store_.get(), CloudPolicyStore::STATUS_VALIDATION_ERROR); 314 store_->Store(policy_.policy()); 315 RunUntilIdle(); 316 ASSERT_FALSE(store_->policy()); 317} 318 319TEST_F(UserCloudPolicyStoreTest, LoadValidationError) { 320 // Force a validation error by changing the username after policy is stored. 321 Sequence s; 322 EXPECT_CALL(*external_data_manager_, OnPolicyStoreLoaded()).InSequence(s); 323 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())).InSequence(s); 324 store_->Store(policy_.policy()); 325 RunUntilIdle(); 326 327 // Sign out, and sign back in as a different user, and try to load the profile 328 // data (should fail due to mismatched username). 329 scoped_ptr<UserCloudPolicyStore> store2( 330 new UserCloudPolicyStore(policy_file(), loop_.message_loop_proxy())); 331 store2->SetSigninUsername("foobar@foobar.com"); 332 store2->AddObserver(&observer_); 333 ExpectError(store2.get(), CloudPolicyStore::STATUS_VALIDATION_ERROR); 334 store2->Load(); 335 RunUntilIdle(); 336 337 ASSERT_FALSE(store2->policy()); 338 store2->RemoveObserver(&observer_); 339 340 // Sign out - we should be able to load the policy (don't check usernames 341 // when signed out). 342 scoped_ptr<UserCloudPolicyStore> store3( 343 new UserCloudPolicyStore(policy_file(), loop_.message_loop_proxy())); 344 store3->AddObserver(&observer_); 345 EXPECT_CALL(observer_, OnStoreLoaded(store3.get())); 346 store3->Load(); 347 RunUntilIdle(); 348 349 ASSERT_TRUE(store3->policy()); 350 store3->RemoveObserver(&observer_); 351 352 // Now start a signin as a different user - this should fail validation. 353 scoped_ptr<UserCloudPolicyStore> store4( 354 new UserCloudPolicyStore(policy_file(), loop_.message_loop_proxy())); 355 store4->SetSigninUsername("foobar@foobar.com"); 356 store4->AddObserver(&observer_); 357 ExpectError(store4.get(), CloudPolicyStore::STATUS_VALIDATION_ERROR); 358 store4->Load(); 359 RunUntilIdle(); 360 361 ASSERT_FALSE(store4->policy()); 362 store4->RemoveObserver(&observer_); 363} 364 365} // namespace 366 367} // namespace policy 368