15d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 25d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// found in the LICENSE file. 45d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 55f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/bind.h" 65f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/bind_helpers.h" 75f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/callback.h" 85d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/command_line.h" 95d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/files/file_path.h" 101320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "base/files/file_util.h" 115f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/location.h" 125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/memory/ref_counted.h" 135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/path_service.h" 155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/run_loop.h" 16cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "base/strings/string16.h" 175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/strings/string_util.h" 185f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/strings/stringprintf.h" 195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/strings/utf_string_conversions.h" 205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/values.h" 215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chrome_notification_types.h" 225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/login/existing_user_controller.h" 235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/login/test/https_forwarder.h" 245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/login/test/oobe_screen_waiter.h" 25cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "chrome/browser/chromeos/login/ui/login_display_host_impl.h" 26cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "chrome/browser/chromeos/login/ui/webui_login_display.h" 275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/login/wizard_controller.h" 285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/browser/chromeos/policy/device_policy_builder.h" 295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/browser/chromeos/policy/device_policy_cros_browser_test.h" 305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" 315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/browser/chromeos/profiles/profile_helper.h" 325f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/browser/chromeos/settings/cros_settings.h" 335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/lifetime/application_lifetime.h" 345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/browser/profiles/profile.h" 356e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)#include "chrome/browser/ui/webui/signin/inline_login_ui.h" 365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/common/chrome_paths.h" 375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/common/chrome_switches.h" 386e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)#include "chrome/grit/generated_resources.h" 395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/test/base/in_process_browser_test.h" 405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chromeos/chromeos_switches.h" 415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chromeos/dbus/dbus_thread_manager.h" 425f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chromeos/dbus/fake_session_manager_client.h" 435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chromeos/dbus/session_manager_client.h" 445f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chromeos/settings/cros_settings_names.h" 455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "components/policy/core/browser/browser_policy_connector.h" 465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "components/policy/core/common/mock_configuration_policy_provider.h" 475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "components/policy/core/common/policy_map.h" 485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "components/policy/core/common/policy_types.h" 495f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "components/user_manager/user.h" 506e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)#include "components/user_manager/user_manager.h" 515f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "content/public/browser/browser_thread.h" 525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "content/public/browser/web_contents.h" 535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "content/public/test/browser_test_utils.h" 545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "content/public/test/test_utils.h" 555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "google_apis/gaia/fake_gaia.h" 565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "google_apis/gaia/gaia_switches.h" 575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "net/base/url_util.h" 585f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "net/cookies/canonical_cookie.h" 595f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "net/cookies/cookie_monster.h" 605f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "net/cookies/cookie_store.h" 615d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "net/dns/mock_host_resolver.h" 625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "net/test/embedded_test_server/embedded_test_server.h" 635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "net/test/embedded_test_server/http_request.h" 645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "net/test/embedded_test_server/http_response.h" 655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "net/url_request/url_request_context.h" 665f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "net/url_request/url_request_context_getter.h" 675d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "policy/policy_constants.h" 685f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "policy/proto/device_management_backend.pb.h" 695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "testing/gmock/include/gmock/gmock.h" 705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "testing/gtest/include/gtest/gtest.h" 71cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "ui/base/l10n/l10n_util.h" 725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "url/gurl.h" 735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 745f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)namespace em = enterprise_management; 755f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)using net::test_server::BasicHttpResponse; 775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)using net::test_server::HttpRequest; 785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)using net::test_server::HttpResponse; 795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)using testing::_; 805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)using testing::Return; 815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 825d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)namespace chromeos { 835d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 845d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)namespace { 855d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 866e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)const char kGAIASIDCookieName[] = "SID"; 876e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)const char kGAIALSIDCookieName[] = "LSID"; 886e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 896e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)const char kTestAuthSIDCookie1[] = "fake-auth-SID-cookie-1"; 906e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)const char kTestAuthSIDCookie2[] = "fake-auth-SID-cookie-2"; 916e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)const char kTestAuthLSIDCookie1[] = "fake-auth-LSID-cookie-1"; 926e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)const char kTestAuthLSIDCookie2[] = "fake-auth-LSID-cookie-2"; 935d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 945d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)const char kFirstSAMLUserEmail[] = "bob@example.com"; 955d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)const char kSecondSAMLUserEmail[] = "alice@example.com"; 965d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)const char kHTTPSAMLUserEmail[] = "carol@example.com"; 975d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)const char kNonSAMLUserEmail[] = "dan@example.com"; 985f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)const char kDifferentDomainSAMLUserEmail[] = "eve@example.test"; 995f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1006e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)const char kSAMLIdPCookieName[] = "saml"; 1015f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)const char kSAMLIdPCookieValue1[] = "value-1"; 1025f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)const char kSAMLIdPCookieValue2[] = "value-2"; 1035d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1045d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)const char kRelayState[] = "RelayState"; 1055d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1065d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// FakeSamlIdp serves IdP auth form and the form submission. The form is 1075d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// served with the template's RelayState placeholder expanded to the real 1085d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// RelayState parameter from request. The form submission redirects back to 1095d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// FakeGaia with the same RelayState. 1105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)class FakeSamlIdp { 1115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) public: 1125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) FakeSamlIdp(); 1135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ~FakeSamlIdp(); 1145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void SetUp(const std::string& base_path, const GURL& gaia_url); 1165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void SetLoginHTMLTemplate(const std::string& template_file); 1185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void SetLoginAuthHTMLTemplate(const std::string& template_file); 119c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch void SetRefreshURL(const GURL& refresh_url); 1205f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) void SetCookieValue(const std::string& cookie_value); 1215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<HttpResponse> HandleRequest(const HttpRequest& request); 1235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) private: 1255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<HttpResponse> BuildHTMLResponse(const std::string& html_template, 1265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& relay_state, 1275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& next_path); 1285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::FilePath html_template_dir_; 1305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string login_path_; 1325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string login_auth_path_; 1335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string login_html_template_; 1355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string login_auth_html_template_; 1365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) GURL gaia_assertion_url_; 137c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch GURL refresh_url_; 1385f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) std::string cookie_value_; 1395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(FakeSamlIdp); 1415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}; 1425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)FakeSamlIdp::FakeSamlIdp() { 1445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 1455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)FakeSamlIdp::~FakeSamlIdp() { 1475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 1485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void FakeSamlIdp::SetUp(const std::string& base_path, const GURL& gaia_url) { 1505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::FilePath test_data_dir; 1515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &test_data_dir)); 1525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) html_template_dir_ = test_data_dir.Append("login"); 1535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) login_path_= base_path; 1555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) login_auth_path_ = base_path + "Auth"; 1565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) gaia_assertion_url_ = gaia_url.Resolve("/SSO"); 1575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 1585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void FakeSamlIdp::SetLoginHTMLTemplate(const std::string& template_file) { 1605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(base::ReadFileToString( 1615d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) html_template_dir_.Append(template_file), 1625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) &login_html_template_)); 1635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 1645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1655d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void FakeSamlIdp::SetLoginAuthHTMLTemplate(const std::string& template_file) { 1665d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(base::ReadFileToString( 1675d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) html_template_dir_.Append(template_file), 1685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) &login_auth_html_template_)); 1695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 1705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 171c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdochvoid FakeSamlIdp::SetRefreshURL(const GURL& refresh_url) { 172c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch refresh_url_ = refresh_url; 173c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch} 174c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch 1755f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)void FakeSamlIdp::SetCookieValue(const std::string& cookie_value) { 1765f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) cookie_value_ = cookie_value; 1775f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 1785f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)scoped_ptr<HttpResponse> FakeSamlIdp::HandleRequest( 1805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const HttpRequest& request) { 1815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // The scheme and host of the URL is actually not important but required to 1825d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // get a valid GURL in order to parse |request.relative_url|. 1835d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) GURL request_url = GURL("http://localhost").Resolve(request.relative_url); 1845d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string request_path = request_url.path(); 1855d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1865d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) if (request_path == login_path_) { 1875d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string relay_state; 1885d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) net::GetValueForKeyInQuery(request_url, kRelayState, &relay_state); 1895d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return BuildHTMLResponse(login_html_template_, 1905d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) relay_state, 1915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) login_auth_path_); 1925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 1935d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1945d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) if (request_path != login_auth_path_) { 1955d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Request not understood. 1965d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return scoped_ptr<HttpResponse>(); 1975d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 1985d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string relay_state; 2005d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) FakeGaia::GetQueryParameter(request.content, kRelayState, &relay_state); 2015d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) GURL redirect_url = gaia_assertion_url_; 2025d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2035d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) if (!login_auth_html_template_.empty()) { 2045d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return BuildHTMLResponse(login_auth_html_template_, 2055d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) relay_state, 2065d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) redirect_url.spec()); 2075d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 2085d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2095d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) redirect_url = net::AppendQueryParameter( 2105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) redirect_url, "SAMLResponse", "fake_response"); 2115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) redirect_url = net::AppendQueryParameter( 2125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) redirect_url, kRelayState, relay_state); 2135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse()); 2155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) http_response->set_code(net::HTTP_TEMPORARY_REDIRECT); 2165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) http_response->AddCustomHeader("Location", redirect_url.spec()); 2175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) http_response->AddCustomHeader( 2185f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Set-cookie", 2195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::StringPrintf("saml=%s", cookie_value_.c_str())); 2205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return http_response.PassAs<HttpResponse>(); 2215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 2225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)scoped_ptr<HttpResponse> FakeSamlIdp::BuildHTMLResponse( 2245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& html_template, 2255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& relay_state, 2265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& next_path) { 2275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string response_html = html_template; 2285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ReplaceSubstringsAfterOffset(&response_html, 0, "$RelayState", relay_state); 2295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ReplaceSubstringsAfterOffset(&response_html, 0, "$Post", next_path); 230c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch ReplaceSubstringsAfterOffset( 231c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch &response_html, 0, "$Refresh", refresh_url_.spec()); 2325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<BasicHttpResponse> http_response(new BasicHttpResponse()); 2345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) http_response->set_code(net::HTTP_OK); 2355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) http_response->set_content(response_html); 2365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) http_response->set_content_type("text/html"); 2375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return http_response.PassAs<HttpResponse>(); 2395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 2405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} // namespace 2425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)class SamlTest : public InProcessBrowserTest { 2445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) public: 2455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SamlTest() : saml_load_injected_(false) {} 2465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual ~SamlTest() {} 2475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual void SetUp() OVERRIDE { 2495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(embedded_test_server()->InitializeAndWaitUntilReady()); 2505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Start the GAIA https wrapper here so that the GAIA URLs can be pointed at 2525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // it in SetUpCommandLine(). 2535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) gaia_https_forwarder_.reset( 2545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) new HTTPSForwarder(embedded_test_server()->base_url())); 2555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(gaia_https_forwarder_->Start()); 2565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Start the SAML IdP https wrapper here so that GAIA can be pointed at it 2585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // in SetUpCommandLine(). 2595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) saml_https_forwarder_.reset( 2605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) new HTTPSForwarder(embedded_test_server()->base_url())); 2615d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(saml_https_forwarder_->Start()); 2625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Stop IO thread here because no threads are allowed while 2645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // spawning sandbox host process. See crbug.com/322732. 2655d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) embedded_test_server()->StopThread(); 2665d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2675d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) InProcessBrowserTest::SetUp(); 2685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 2695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual void SetUpInProcessBrowserTestFixture() OVERRIDE { 2715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) host_resolver()->AddRule("*", "127.0.0.1"); 2725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 2735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2745d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 2755d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) command_line->AppendSwitch(switches::kLoginManager); 2765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) command_line->AppendSwitch(switches::kForceLoginManagerInTests); 2775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) command_line->AppendSwitch(::switches::kDisableBackgroundNetworking); 2785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) command_line->AppendSwitchASCII(switches::kLoginProfile, "user"); 2795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const GURL gaia_url = gaia_https_forwarder_->GetURL(""); 2815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) command_line->AppendSwitchASCII(::switches::kGaiaUrl, gaia_url.spec()); 2825d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) command_line->AppendSwitchASCII(::switches::kLsoUrl, gaia_url.spec()); 2835d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) command_line->AppendSwitchASCII(::switches::kGoogleApisUrl, 2845d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) gaia_url.spec()); 2855d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2865d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const GURL saml_idp_url = saml_https_forwarder_->GetURL("SAML"); 2875d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_saml_idp_.SetUp(saml_idp_url.path(), gaia_url); 2885d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_gaia_.RegisterSamlUser(kFirstSAMLUserEmail, saml_idp_url); 2895d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_gaia_.RegisterSamlUser(kSecondSAMLUserEmail, saml_idp_url); 2905d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_gaia_.RegisterSamlUser( 2915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) kHTTPSAMLUserEmail, 2925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) embedded_test_server()->base_url().Resolve("/SAML")); 2935f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_gaia_.RegisterSamlUser(kDifferentDomainSAMLUserEmail, saml_idp_url); 2945d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2955d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_gaia_.Initialize(); 2965d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 2975d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2985d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual void SetUpOnMainThread() OVERRIDE { 2991320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci fake_gaia_.SetFakeMergeSessionParams(kFirstSAMLUserEmail, 3001320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci kTestAuthSIDCookie1, 3011320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci kTestAuthLSIDCookie1); 3025d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3035d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) embedded_test_server()->RegisterRequestHandler( 3045d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::Bind(&FakeGaia::HandleRequest, base::Unretained(&fake_gaia_))); 3055d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) embedded_test_server()->RegisterRequestHandler(base::Bind( 3065d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) &FakeSamlIdp::HandleRequest, base::Unretained(&fake_saml_idp_))); 3075d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3085d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Restart the thread as the sandbox host process has already been spawned. 3095d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) embedded_test_server()->RestartThreadAndListen(); 3105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) login_screen_load_observer_.reset(new content::WindowedNotificationObserver( 3125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) chrome::NOTIFICATION_LOGIN_OR_LOCK_WEBUI_VISIBLE, 3135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::NotificationService::AllSources())); 3145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 3155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3165f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void TearDownOnMainThread() OVERRIDE { 3175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // If the login display is still showing, exit gracefully. 3185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) if (LoginDisplayHostImpl::default_host()) { 3195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::MessageLoop::current()->PostTask(FROM_HERE, 3205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::Bind(&chrome::AttemptExit)); 3215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::RunMessageLoop(); 3225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 3235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 3245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) WebUILoginDisplay* GetLoginDisplay() { 3265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ExistingUserController* controller = 3275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ExistingUserController::current_controller(); 3285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CHECK(controller); 3295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return static_cast<WebUILoginDisplay*>(controller->login_display()); 3305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 3315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void WaitForSigninScreen() { 3335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) WizardController* wizard_controller = 3345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) WizardController::default_controller(); 3355f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (wizard_controller) { 3365f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) WizardController::SkipPostLoginScreensForTesting(); 3375f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) wizard_controller->SkipToLoginForTesting(LoginScreenContext()); 3385f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 3395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) login_screen_load_observer_->Wait(); 3415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 3425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void StartSamlAndWaitForIdpPageLoad(const std::string& gaia_email) { 3445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) WaitForSigninScreen(); 3455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) if (!saml_load_injected_) { 3475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) saml_load_injected_ = true; 3485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(content::ExecuteScript( 3505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) GetLoginUI()->GetWebContents(), 3515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "$('gaia-signin').gaiaAuthHost_.addEventListener('authFlowChange'," 3525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "function() {" 3535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "window.domAutomationController.setAutomationId(0);" 3545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "window.domAutomationController.send(" 3555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "$('gaia-signin').isSAML() ? 'SamlLoaded' : 'GaiaLoaded');" 3565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "});")); 3575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 3585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::DOMMessageQueue message_queue; // Start observe before SAML. 3605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) GetLoginDisplay()->ShowSigninScreenForCreds(gaia_email, ""); 3615d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string message; 3635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(message_queue.WaitForMessage(&message)); 3645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_EQ("\"SamlLoaded\"", message); 3655d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 3665d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3675d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void SetSignFormField(const std::string& field_id, 3685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& field_value) { 3695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string js = 3705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "(function(){" 3715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "document.getElementById('$FieldId').value = '$FieldValue';" 3725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "var e = new Event('input');" 3735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "document.getElementById('$FieldId').dispatchEvent(e);" 3745d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "})();"; 3755d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ReplaceSubstringsAfterOffset(&js, 0, "$FieldId", field_id); 3765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ReplaceSubstringsAfterOffset(&js, 0, "$FieldValue", field_value); 3775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ExecuteJsInSigninFrame(js); 3785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 3795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void SendConfirmPassword(const std::string& password_to_confirm) { 3815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string js = 3825d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "$('confirm-password-input').value='$Password';" 3835d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "$('confirm-password').onConfirmPassword_();"; 3845d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ReplaceSubstringsAfterOffset(&js, 0, "$Password", password_to_confirm); 3855d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(content::ExecuteScript(GetLoginUI()->GetWebContents(), js)); 3865d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 3875d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3885d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void JsExpect(const std::string& js) { 3895d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) bool result; 3905d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(content::ExecuteScriptAndExtractBool( 3915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) GetLoginUI()->GetWebContents(), 3925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "window.domAutomationController.send(!!(" + js + "));", 3935d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) &result)); 3945d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(result) << js; 3955d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 3965d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 397cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) std::string WaitForAndGetFatalErrorMessage() { 398cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) OobeScreenWaiter(OobeDisplay::SCREEN_FATAL_ERROR).Wait(); 399cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) std::string error_message; 400cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) if (!content::ExecuteScriptAndExtractString( 401cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) GetLoginUI()->GetWebContents(), 402cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) "window.domAutomationController.send(" 403cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) "$('fatal-error-message').textContent);", 404cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) &error_message)) { 405cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) ADD_FAILURE(); 406cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) } 407cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) return error_message; 408cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) } 409cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 4105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::WebUI* GetLoginUI() { 41123730a6e56a168d1879203e4b3819bb36e3d8f1fTorne (Richard Coles) return static_cast<LoginDisplayHostImpl*>( 41223730a6e56a168d1879203e4b3819bb36e3d8f1fTorne (Richard Coles) LoginDisplayHostImpl::default_host())->GetOobeUI()->web_ui(); 4135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 4145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 41523730a6e56a168d1879203e4b3819bb36e3d8f1fTorne (Richard Coles) // Executes JavaScript code in the auth iframe hosted by gaia_auth extension. 4165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void ExecuteJsInSigninFrame(const std::string& js) { 4176e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) content::RenderFrameHost* frame = InlineLoginUI::GetAuthIframe( 4186e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) GetLoginUI()->GetWebContents(), GURL(), "signin-frame"); 41923730a6e56a168d1879203e4b3819bb36e3d8f1fTorne (Richard Coles) ASSERT_TRUE(content::ExecuteScript(frame, js)); 4205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 4215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) FakeSamlIdp* fake_saml_idp() { return &fake_saml_idp_; } 4235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) protected: 4255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<content::WindowedNotificationObserver> login_screen_load_observer_; 4261320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci FakeGaia fake_gaia_; 4275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) private: 4295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) FakeSamlIdp fake_saml_idp_; 4305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<HTTPSForwarder> gaia_https_forwarder_; 4315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<HTTPSForwarder> saml_https_forwarder_; 4325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) bool saml_load_injected_; 4345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(SamlTest); 4365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}; 4375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Tests that signin frame should have 'saml' class and 'cancel' button is 4395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// visible when SAML IdP page is loaded. And 'cancel' button goes back to 4405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// gaia on clicking. 4415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SamlTest, SamlUI) { 4425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); 4435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail); 4445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Saml flow UI expectations. 4465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) JsExpect("$('gaia-signin').classList.contains('saml')"); 4475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) JsExpect("!$('cancel-add-user-button').hidden"); 4485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Click on 'cancel'. 4505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::DOMMessageQueue message_queue; // Observe before 'cancel'. 4515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(content::ExecuteScript( 4525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) GetLoginUI()->GetWebContents(), 4535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "$('cancel-add-user-button').click();")); 4545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Auth flow should change back to Gaia. 4565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) std::string message; 4575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) do { 4585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(message_queue.WaitForMessage(&message)); 4595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } while (message != "\"GaiaLoaded\""); 4605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4615d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Saml flow is gone. 4625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) JsExpect("!$('gaia-signin').classList.contains('saml')"); 4635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 4645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 465cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// Tests the sign-in flow when the credentials passing API is used. 466cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SamlTest, CredentialPassingAPI) { 467cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) fake_saml_idp()->SetLoginHTMLTemplate("saml_api_login.html"); 4685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_saml_idp()->SetLoginAuthHTMLTemplate("saml_api_login_auth.html"); 4695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail); 4705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Fill-in the SAML IdP form and submit. 4725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSignFormField("Email", "fake_user"); 4735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSignFormField("Password", "fake_password"); 4745d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); 4755d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Login should finish login and a session should start. 4775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::WindowedNotificationObserver( 4785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) chrome::NOTIFICATION_SESSION_STARTED, 4795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::NotificationService::AllSources()).Wait(); 4805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 4815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4825d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Tests the single password scraped flow. 4835d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SamlTest, ScrapedSingle) { 4845d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); 4855d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail); 4865d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4875d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Fill-in the SAML IdP form and submit. 4885d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSignFormField("Email", "fake_user"); 4895d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSignFormField("Password", "fake_password"); 4905d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); 4915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Lands on confirm password screen. 4935d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); 4945d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4955d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Enter an unknown password should go back to confirm password screen. 4965d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SendConfirmPassword("wrong_password"); 4975d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); 4985d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Enter a known password should finish login and start session. 5005d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SendConfirmPassword("fake_password"); 5015d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::WindowedNotificationObserver( 5025d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) chrome::NOTIFICATION_SESSION_STARTED, 5035d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::NotificationService::AllSources()).Wait(); 5045d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 5055d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5065d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Tests the multiple password scraped flow. 5075d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SamlTest, ScrapedMultiple) { 5085d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_saml_idp()->SetLoginHTMLTemplate("saml_login_two_passwords.html"); 5095d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail); 5115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSignFormField("Email", "fake_user"); 5135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSignFormField("Password", "fake_password"); 5145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSignFormField("Password1", "password1"); 5155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); 5165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); 5185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Either scraped password should be able to sign-in. 5205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SendConfirmPassword("password1"); 5215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::WindowedNotificationObserver( 5225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) chrome::NOTIFICATION_SESSION_STARTED, 5235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::NotificationService::AllSources()).Wait(); 5245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 5255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Tests the no password scraped flow. 5275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SamlTest, ScrapedNone) { 5285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_saml_idp()->SetLoginHTMLTemplate("saml_login_no_passwords.html"); 5295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail); 5315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSignFormField("Email", "fake_user"); 5335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); 5345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 535cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) EXPECT_EQ(l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_NO_PASSWORD), 536cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) WaitForAndGetFatalErrorMessage()); 5375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 5385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Types |bob@example.com| into the GAIA login form but then authenticates as 5405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// |alice@example.com| via SAML. Verifies that the logged-in user is correctly 5415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// identified as Alice. 5425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SamlTest, UseAutenticatedUserEmailAddress) { 5435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); 5445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Type |bob@example.com| into the GAIA login form. 5455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) StartSamlAndWaitForIdpPageLoad(kSecondSAMLUserEmail); 5465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Authenticate as alice@example.com via SAML (the |Email| provided here is 5485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // irrelevant - the authenticated user's e-mail address that FakeGAIA 5491320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // reports was set via |SetFakeMergeSessionParams|. 5505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSignFormField("Email", "fake_user"); 5515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSignFormField("Password", "fake_password"); 5525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); 5535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); 5555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SendConfirmPassword("fake_password"); 5575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::WindowedNotificationObserver( 5585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) chrome::NOTIFICATION_SESSION_STARTED, 5595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::NotificationService::AllSources()).Wait(); 5606e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) const user_manager::User* user = 5616e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) user_manager::UserManager::Get()->GetActiveUser(); 5625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(user); 5635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_EQ(kFirstSAMLUserEmail, user->email()); 5645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 5655d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 566effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch// Verifies that if the authenticated user's e-mail address cannot be retrieved, 567effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch// an error message is shown. 568effb81e5f8246d0db0270817048dc992db66e9fbBen MurdochIN_PROC_BROWSER_TEST_F(SamlTest, FailToRetrieveAutenticatedUserEmailAddress) { 569effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); 570effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail); 571effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 5721320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci fake_gaia_.SetFakeMergeSessionParams( 5731320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "", kTestAuthSIDCookie1, kTestAuthLSIDCookie1); 574effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch SetSignFormField("Email", "fake_user"); 575effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch SetSignFormField("Password", "fake_password"); 576effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); 577effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 578cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) EXPECT_EQ(l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_NO_EMAIL), 579cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) WaitForAndGetFatalErrorMessage()); 580effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch} 581effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 5825d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Tests the password confirm flow: show error on the first failure and 5835d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// fatal error on the second failure. 5845d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SamlTest, PasswordConfirmFlow) { 5855d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); 5865d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) StartSamlAndWaitForIdpPageLoad(kFirstSAMLUserEmail); 5875d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5885d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Fill-in the SAML IdP form and submit. 5895d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSignFormField("Email", "fake_user"); 5905d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSignFormField("Password", "fake_password"); 5915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); 5925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5935d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Lands on confirm password screen with no error message. 5945d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); 5955d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) JsExpect("!$('confirm-password').classList.contains('error')"); 5965d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 5975d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Enter an unknown password for the first time should go back to confirm 5985d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // password screen with error message. 5995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SendConfirmPassword("wrong_password"); 6005d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); 6015d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) JsExpect("$('confirm-password').classList.contains('error')"); 6025d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 603cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // Enter an unknown password 2nd time should go back fatal error message. 6045d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SendConfirmPassword("wrong_password"); 605cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) EXPECT_EQ( 606cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) l10n_util::GetStringUTF8(IDS_LOGIN_FATAL_ERROR_PASSWORD_VERIFICATION), 607cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) WaitForAndGetFatalErrorMessage()); 6085d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 6095d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 6105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Verifies that when GAIA attempts to redirect to a SAML IdP served over http, 611c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch// not https, the redirect is blocked and an error message is shown. 6125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SamlTest, HTTPRedirectDisallowed) { 6135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); 6145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 6155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) WaitForSigninScreen(); 6165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) GetLoginDisplay()->ShowSigninScreenForCreds(kHTTPSAMLUserEmail, ""); 6175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 618cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) const GURL url = embedded_test_server()->base_url().Resolve("/SAML"); 619cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) EXPECT_EQ(l10n_util::GetStringFUTF8( 620cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) IDS_LOGIN_FATAL_ERROR_TEXT_INSECURE_URL, 621cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) base::UTF8ToUTF16(url.spec())), 622cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) WaitForAndGetFatalErrorMessage()); 6235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 6245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 625c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch// Verifies that when GAIA attempts to redirect to a page served over http, not 626c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch// https, via an HTML meta refresh, the redirect is blocked and an error message 627c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch// is shown. This guards against regressions of http://crbug.com/359515. 628c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen MurdochIN_PROC_BROWSER_TEST_F(SamlTest, MetaRefreshToHTTPDisallowed) { 629cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) const GURL url = embedded_test_server()->base_url().Resolve("/SSO"); 630c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch fake_saml_idp()->SetLoginHTMLTemplate("saml_login_instant_meta_refresh.html"); 631cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) fake_saml_idp()->SetRefreshURL(url); 632c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch 633c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch WaitForSigninScreen(); 634c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch GetLoginDisplay()->ShowSigninScreenForCreds(kFirstSAMLUserEmail, ""); 635c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch 636cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) EXPECT_EQ(l10n_util::GetStringFUTF8( 637cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) IDS_LOGIN_FATAL_ERROR_TEXT_INSECURE_URL, 638cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) base::UTF8ToUTF16(url.spec())), 639cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) WaitForAndGetFatalErrorMessage()); 640c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch} 641c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch 6425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)class SAMLPolicyTest : public SamlTest { 6435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) public: 6445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SAMLPolicyTest(); 6455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual ~SAMLPolicyTest(); 6465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 6475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // SamlTest: 6485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual void SetUpInProcessBrowserTestFixture() OVERRIDE; 6495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual void SetUpOnMainThread() OVERRIDE; 6505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 6515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void SetSAMLOfflineSigninTimeLimitPolicy(int limit); 6525f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) void EnableTransferSAMLCookiesPolicy(); 6535f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6545f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) void ShowGAIALoginForm(); 6556e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) void LogInWithSAML(const std::string& user_id, 6566e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) const std::string& auth_sid_cookie, 6576e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) const std::string& auth_lsid_cookie); 6586e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 6596e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) std::string GetCookieValue(const std::string& name); 6606e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 6616e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) void GetCookies(); 6625f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6636e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) protected: 6645f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) void GetCookiesOnIOThread( 6655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const scoped_refptr<net::URLRequestContextGetter>& request_context, 6665f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const base::Closure& callback); 6675f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) void StoreCookieList(const base::Closure& callback, 6685f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const net::CookieList& cookie_list); 6695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 6705f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) policy::DevicePolicyCrosTestHelper test_helper_; 6715f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6725f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // FakeDBusThreadManager uses FakeSessionManagerClient. 6735f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) FakeSessionManagerClient* fake_session_manager_client_; 6745f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) policy::DevicePolicyBuilder* device_policy_; 6755f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy::MockConfigurationPolicyProvider provider_; 6775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 6785f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) net::CookieList cookie_list_; 6795f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) private: 6815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(SAMLPolicyTest); 6825d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}; 6835d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 6845f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)SAMLPolicyTest::SAMLPolicyTest() 6851320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci : fake_session_manager_client_(new FakeSessionManagerClient), 6865f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) device_policy_(test_helper_.device_policy()) { 6875d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 6885d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 6895d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)SAMLPolicyTest::~SAMLPolicyTest() { 6905d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 6915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 6925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void SAMLPolicyTest::SetUpInProcessBrowserTestFixture() { 6931320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci DBusThreadManager::GetSetterForTesting()->SetSessionManagerClient( 6941320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci scoped_ptr<SessionManagerClient>(fake_session_manager_client_)); 6951320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 6965d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SamlTest::SetUpInProcessBrowserTestFixture(); 6975d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 6985f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Initialize device policy. 6995f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) test_helper_.InstallOwnerKey(); 7005f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) test_helper_.MarkAsEnterpriseOwned(); 7015f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) device_policy_->SetDefaultSigningKey(); 7025f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) device_policy_->Build(); 7035f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_session_manager_client_->set_device_policy(device_policy_->GetBlob()); 7045f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_session_manager_client_->OnPropertyChangeComplete(true); 7055f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7065f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Initialize user policy. 7075d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_CALL(provider_, IsInitializationComplete(_)) 7085d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) .WillRepeatedly(Return(true)); 7095d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy::BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_); 7105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 7115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 7125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void SAMLPolicyTest::SetUpOnMainThread() { 7135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SamlTest::SetUpOnMainThread(); 7145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 7155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Pretend that the test users' OAuth tokens are valid. 7166e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) user_manager::UserManager::Get()->SaveUserOAuthStatus( 7175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) kFirstSAMLUserEmail, user_manager::User::OAUTH2_TOKEN_STATUS_VALID); 7186e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) user_manager::UserManager::Get()->SaveUserOAuthStatus( 7195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) kNonSAMLUserEmail, user_manager::User::OAUTH2_TOKEN_STATUS_VALID); 7206e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) user_manager::UserManager::Get()->SaveUserOAuthStatus( 7215f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) kDifferentDomainSAMLUserEmail, 7225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) user_manager::User::OAUTH2_TOKEN_STATUS_VALID); 7235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 7245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 7255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)void SAMLPolicyTest::SetSAMLOfflineSigninTimeLimitPolicy(int limit) { 7265f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) policy::PolicyMap user_policy; 7275f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) user_policy.Set(policy::key::kSAMLOfflineSigninTimeLimit, 7285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) policy::POLICY_LEVEL_MANDATORY, 7295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) policy::POLICY_SCOPE_USER, 7305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) new base::FundamentalValue(limit), 7315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) NULL); 7325f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) provider_.UpdateChromePolicy(user_policy); 7335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 7345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 7355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 7365f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)void SAMLPolicyTest::EnableTransferSAMLCookiesPolicy() { 7375f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) em::ChromeDeviceSettingsProto& proto(device_policy_->payload()); 7385f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) proto.mutable_saml_settings()->set_transfer_saml_cookies(true); 7395f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7405f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::RunLoop run_loop; 7415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) scoped_ptr<CrosSettings::ObserverSubscription> observer = 7425f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) CrosSettings::Get()->AddSettingsObserver( 7435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) kAccountsPrefTransferSAMLCookies, 7445f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) run_loop.QuitClosure()); 7455f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) device_policy_->SetDefaultSigningKey(); 7465f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) device_policy_->Build(); 7475f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_session_manager_client_->set_device_policy(device_policy_->GetBlob()); 7485f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_session_manager_client_->OnPropertyChangeComplete(true); 7495f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) run_loop.Run(); 7505f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 7515f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7525f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)void SAMLPolicyTest::ShowGAIALoginForm() { 7535f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) login_screen_load_observer_->Wait(); 7545f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ASSERT_TRUE(content::ExecuteScript( 7555f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetLoginUI()->GetWebContents(), 7565f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "$('gaia-signin').gaiaAuthHost_.addEventListener('ready', function() {" 7575f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) " window.domAutomationController.setAutomationId(0);" 7585f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) " window.domAutomationController.send('ready');" 7595f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "});" 7605f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "$('add-user-button').click();")); 7615f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) content::DOMMessageQueue message_queue; 7625f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) std::string message; 7635f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ASSERT_TRUE(message_queue.WaitForMessage(&message)); 7645f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ("\"ready\"", message); 7655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 7665f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7676e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)void SAMLPolicyTest::LogInWithSAML(const std::string& user_id, 7686e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) const std::string& auth_sid_cookie, 7696e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) const std::string& auth_lsid_cookie) { 7705f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); 7715f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) StartSamlAndWaitForIdpPageLoad(user_id); 7725f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7731320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci fake_gaia_.SetFakeMergeSessionParams( 7741320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci user_id, auth_sid_cookie, auth_lsid_cookie); 7755f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) SetSignFormField("Email", "fake_user"); 7765f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) SetSignFormField("Password", "fake_password"); 7775f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ExecuteJsInSigninFrame("document.getElementById('Submit').click();"); 7785f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7795f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) OobeScreenWaiter(OobeDisplay::SCREEN_CONFIRM_PASSWORD).Wait(); 7805f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7815f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) SendConfirmPassword("fake_password"); 7825f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) content::WindowedNotificationObserver( 7835f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) chrome::NOTIFICATION_SESSION_STARTED, 7845f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) content::NotificationService::AllSources()).Wait(); 7855f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 7865f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7876e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)std::string SAMLPolicyTest::GetCookieValue(const std::string& name) { 7886e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) for (net::CookieList::const_iterator it = cookie_list_.begin(); 7896e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) it != cookie_list_.end(); ++it) { 7906e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) if (it->Name() == name) 7916e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) return it->Value(); 7926e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) } 7936e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) return std::string(); 7946e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)} 7956e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 7966e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)void SAMLPolicyTest::GetCookies() { 7976e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) Profile* profile = chromeos::ProfileHelper::Get()->GetProfileByUserUnsafe( 7986e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) user_manager::UserManager::Get()->GetActiveUser()); 7995f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ASSERT_TRUE(profile); 8005f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::RunLoop run_loop; 8015f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) content::BrowserThread::PostTask( 8025f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) content::BrowserThread::IO, 8035f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) FROM_HERE, 8045f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::Bind(&SAMLPolicyTest::GetCookiesOnIOThread, 8055f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::Unretained(this), 8065f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) scoped_refptr<net::URLRequestContextGetter>( 8075f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile->GetRequestContext()), 8085f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) run_loop.QuitClosure())); 8095f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) run_loop.Run(); 8105f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 8115f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 8125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)void SAMLPolicyTest::GetCookiesOnIOThread( 8135f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const scoped_refptr<net::URLRequestContextGetter>& request_context, 8145f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const base::Closure& callback) { 8155f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) request_context->GetURLRequestContext()->cookie_store()-> 8165f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetCookieMonster()->GetAllCookiesAsync(base::Bind( 8175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) &SAMLPolicyTest::StoreCookieList, 8185f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::Unretained(this), 8195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) callback)); 8205f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 8215f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 8225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)void SAMLPolicyTest::StoreCookieList( 8235f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const base::Closure& callback, 8245f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const net::CookieList& cookie_list) { 8255f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) cookie_list_ = cookie_list; 8265f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) content::BrowserThread::PostTask(content::BrowserThread::UI, 8275f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) FROM_HERE, 8285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) callback); 8295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 8305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 8316e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_NoSAML) { 8325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Set the offline login time limit for SAML users to zero. 8335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSAMLOfflineSigninTimeLimitPolicy(0); 8345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 8355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) WaitForSigninScreen(); 8365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 8375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Log in without SAML. 8385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) GetLoginDisplay()->ShowSigninScreenForCreds(kNonSAMLUserEmail, "password"); 8395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 8405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::WindowedNotificationObserver( 8415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) chrome::NOTIFICATION_SESSION_STARTED, 8425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::NotificationService::AllSources()).Wait(); 8435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 8445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 8455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Verifies that the offline login time limit does not affect a user who 8465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// authenticated without SAML. 8476e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, NoSAML) { 8485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) login_screen_load_observer_->Wait(); 8495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Verify that offline login is allowed. 850116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch JsExpect("window.getComputedStyle(document.querySelector(" 851116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch " '#pod-row .signin-button-container')).display == 'none'"); 8525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 8535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 8545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_SAMLNoLimit) { 8555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Remove the offline login time limit for SAML users. 8565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSAMLOfflineSigninTimeLimitPolicy(-1); 8575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 8586e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie1, kTestAuthLSIDCookie1); 8595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 8605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 8615d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Verifies that when no offline login time limit is set, a user who 8625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// authenticated with SAML is allowed to log in offline. 8635d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, SAMLNoLimit) { 8645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) login_screen_load_observer_->Wait(); 8655d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Verify that offline login is allowed. 866116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch JsExpect("window.getComputedStyle(document.querySelector(" 867116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch " '#pod-row .signin-button-container')).display == 'none'"); 8685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 8695d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 8705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_SAMLZeroLimit) { 8715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Set the offline login time limit for SAML users to zero. 8725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetSAMLOfflineSigninTimeLimitPolicy(0); 8735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 8746e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie1, kTestAuthLSIDCookie1); 8755d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 8765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 8775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Verifies that when the offline login time limit is exceeded for a user who 8785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// authenticated via SAML, that user is forced to log in online the next time. 8795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, SAMLZeroLimit) { 8805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) login_screen_load_observer_->Wait(); 8815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Verify that offline login is not allowed. 882116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch JsExpect("window.getComputedStyle(document.querySelector(" 883116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch " '#pod-row .signin-button-container')).display != 'none'"); 8845d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 8855d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 8866e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_PRE_TransferCookiesAffiliated) { 8875f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue1); 8886e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie1, kTestAuthLSIDCookie1); 8896e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 8906e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) GetCookies(); 8916e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName)); 8926e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName)); 8936e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName)); 8945f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 8955f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 8965f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Verifies that when the DeviceTransferSAMLCookies policy is not enabled, SAML 8975f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// IdP cookies are not transferred to a user's profile on subsequent login, even 8986e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// if the user belongs to the domain that the device is enrolled into. Also 8996e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// verifies that GAIA cookies are not transferred. 9006e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_TransferCookiesAffiliated) { 9015f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue2); 9025f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); 9035f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ShowGAIALoginForm(); 9046e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie2, kTestAuthLSIDCookie2); 9055f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 9066e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) GetCookies(); 9076e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName)); 9086e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName)); 9096e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName)); 9105f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 9115f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 9125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Verifies that when the DeviceTransferSAMLCookies policy is enabled, SAML IdP 9135f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// cookies are transferred to a user's profile on subsequent login when the user 9146e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// belongs to the domain that the device is enrolled into. Also verifies that 9156e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// GAIA cookies are not transferred. 9166e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, TransferCookiesAffiliated) { 9175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue2); 9185f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); 9195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ShowGAIALoginForm(); 9205f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 9215f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EnableTransferSAMLCookiesPolicy(); 9226e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) LogInWithSAML(kFirstSAMLUserEmail, kTestAuthSIDCookie2, kTestAuthLSIDCookie2); 9235f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 9246e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) GetCookies(); 9256e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName)); 9266e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName)); 9276e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kSAMLIdPCookieValue2, GetCookieValue(kSAMLIdPCookieName)); 9285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 9295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 9305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, PRE_TransferCookiesUnaffiliated) { 9315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue1); 9326e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) LogInWithSAML(kDifferentDomainSAMLUserEmail, 9336e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) kTestAuthSIDCookie1, 9346e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) kTestAuthLSIDCookie1); 9356e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 9366e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) GetCookies(); 9376e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName)); 9386e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName)); 9396e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName)); 9405f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 9415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 9425f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Verifies that even if the DeviceTransferSAMLCookies policy is enabled, SAML 9435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// IdP are not transferred to a user's profile on subsequent login if the user 9446e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// does not belong to the domain that the device is enrolled into. Also verifies 9456e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)// that GAIA cookies are not transferred. 9465f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)IN_PROC_BROWSER_TEST_F(SAMLPolicyTest, TransferCookiesUnaffiliated) { 9475f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_saml_idp()->SetCookieValue(kSAMLIdPCookieValue2); 9485f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_saml_idp()->SetLoginHTMLTemplate("saml_login.html"); 9495f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ShowGAIALoginForm(); 9505f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 9515f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EnableTransferSAMLCookiesPolicy(); 9526e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) LogInWithSAML(kDifferentDomainSAMLUserEmail, 9536e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) kTestAuthSIDCookie1, 9546e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) kTestAuthLSIDCookie1); 9556e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 9566e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) GetCookies(); 9576e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kTestAuthSIDCookie1, GetCookieValue(kGAIASIDCookieName)); 9586e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kTestAuthLSIDCookie1, GetCookieValue(kGAIALSIDCookieName)); 9596e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kSAMLIdPCookieValue1, GetCookieValue(kSAMLIdPCookieName)); 9605f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 9615f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 9625d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} // namespace chromeos 963