1cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// found in the LICENSE file. 468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 5cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "chrome/browser/chromeos/login/users/multi_profile_user_controller.h" 668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 85d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "base/run_loop.h" 968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)#include "base/strings/utf_string_conversions.h" 10cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "chrome/browser/chromeos/login/users/fake_user_manager.h" 11cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "chrome/browser/chromeos/login/users/multi_profile_user_controller_delegate.h" 126e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)#include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h" 135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/policy_cert_service.h" 145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" 155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "chrome/browser/chromeos/policy/policy_cert_verifier.h" 16116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch#include "chrome/browser/chromeos/profiles/profile_helper.h" 1768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)#include "chrome/browser/prefs/browser_prefs.h" 1868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)#include "chrome/common/pref_names.h" 1968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)#include "chrome/test/base/scoped_testing_local_state.h" 2068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)#include "chrome/test/base/testing_browser_process.h" 2168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)#include "chrome/test/base/testing_pref_service_syncable.h" 2268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)#include "chrome/test/base/testing_profile.h" 2368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)#include "chrome/test/base/testing_profile_manager.h" 246e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles)#include "components/user_manager/user_manager.h" 255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "content/public/test/test_browser_thread_bundle.h" 265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "net/cert/x509_certificate.h" 2768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)#include "testing/gtest/include/gtest/gtest.h" 2868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 2968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)namespace chromeos { 3068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 3168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)namespace { 3268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 3368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)const char* kUsers[] = {"a@gmail.com", "b@gmail.com" }; 3468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 3568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)struct BehaviorTestCase { 3668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) const char* primary; 3768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) const char* secondary; 386e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::UserAllowedInSessionReason 396e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) expected_primary_policy; 406e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::UserAllowedInSessionReason 416e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) expected_secondary_allowed; 4268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)}; 4368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 4468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)const BehaviorTestCase kBehaviorTestCases[] = { 456e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) { 466e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorUnrestricted, 476e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorUnrestricted, 486e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::ALLOWED, MultiProfileUserController::ALLOWED, 496e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) }, 506e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) { 516e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorUnrestricted, 526e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorPrimaryOnly, 536e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::ALLOWED, 546e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS, 556e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) }, 566e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) { 576e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorUnrestricted, 586e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorNotAllowed, 596e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::ALLOWED, 606e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS, 616e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) }, 626e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) { 636e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorPrimaryOnly, 646e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorUnrestricted, 656e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::ALLOWED, MultiProfileUserController::ALLOWED, 666e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) }, 676e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) { 686e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorPrimaryOnly, 696e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorPrimaryOnly, 706e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::ALLOWED, 716e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS, 726e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) }, 736e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) { 746e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorPrimaryOnly, 756e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorNotAllowed, 766e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::ALLOWED, 776e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS, 786e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) }, 796e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) { 806e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorNotAllowed, 816e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorUnrestricted, 826e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, 836e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, 846e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) }, 856e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) { 866e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorNotAllowed, 876e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorPrimaryOnly, 886e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, 896e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, 906e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) }, 916e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) { 926e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorNotAllowed, 936e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::kBehaviorNotAllowed, 946e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, 956e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, 966e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) }, 9768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)}; 9868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Weak ptr to PolicyCertVerifier - object is freed in test destructor once 1005d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// we've ensured the profile has been shut down. 1015d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)policy::PolicyCertVerifier* g_policy_cert_verifier_for_factory = NULL; 1025d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 103a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)KeyedService* TestPolicyCertServiceFactory(content::BrowserContext* context) { 1045d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return policy::PolicyCertService::CreateForTesting( 1056e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) kUsers[0], 1066e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) g_policy_cert_verifier_for_factory, 1076e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) user_manager::UserManager::Get()).release(); 1085d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 1095d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 11068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)} // namespace 11168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 11268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)class MultiProfileUserControllerTest 11368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) : public testing::Test, 11468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) public MultiProfileUserControllerDelegate { 11568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) public: 11668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) MultiProfileUserControllerTest() 1175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) : fake_user_manager_(new FakeUserManager), 11868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) user_manager_enabler_(fake_user_manager_), 11968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) user_not_allowed_count_(0) {} 12068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) virtual ~MultiProfileUserControllerTest() {} 12168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 12268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) virtual void SetUp() OVERRIDE { 1235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) profile_manager_.reset( 1245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) new TestingProfileManager(TestingBrowserProcess::GetGlobal())); 1255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(profile_manager_->SetUp()); 12668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) controller_.reset(new MultiProfileUserController( 12768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) this, TestingBrowserProcess::GetGlobal()->local_state())); 12868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 12968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) for (size_t i = 0; i < arraysize(kUsers); ++i) { 13068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) const std::string user_email(kUsers[i]); 1315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const user_manager::User* user = fake_user_manager_->AddUser(user_email); 13268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 13368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) // Note that user profiles are created after user login in reality. 13468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) TestingProfile* user_profile = 1355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) profile_manager_->CreateTestingProfile(user_email); 13668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) user_profile->set_profile_name(user_email); 13768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) user_profiles_.push_back(user_profile); 1385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 139116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch ProfileHelper::Get()->SetUserToProfileMappingForTesting(user, 140116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch user_profile); 14168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 14268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 14368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 1445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual void TearDown() OVERRIDE { 1455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Clear our cached pointer to the PolicyCertVerifier. 1465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) g_policy_cert_verifier_for_factory = NULL; 1475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 1485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // We must ensure that the PolicyCertVerifier outlives the 1495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // PolicyCertService so shutdown the profile here. Additionally, we need 1505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // to run the message loop between freeing the PolicyCertService and 1515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // freeing the PolicyCertVerifier (see 1525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // PolicyCertService::OnTrustAnchorsChanged() which is called from 1535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // PolicyCertService::Shutdown()). 1545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) controller_.reset(); 1555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) profile_manager_.reset(); 1565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 1575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 1585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 15968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) void LoginUser(size_t user_index) { 16068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) ASSERT_LT(user_index, arraysize(kUsers)); 16168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) fake_user_manager_->LoginUser(kUsers[user_index]); 16268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) controller_->StartObserving(user_profiles_[user_index]); 16368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 16468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 16568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) void SetOwner(size_t user_index) { 16668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) fake_user_manager_->set_owner_email(kUsers[user_index]); 16768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 16868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 16968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) PrefService* GetUserPrefs(size_t user_index) { 17068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) return user_profiles_[user_index]->GetPrefs(); 17168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 17268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 17368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) void SetPrefBehavior(size_t user_index, const std::string& behavior) { 17468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) GetUserPrefs(user_index)->SetString(prefs::kMultiProfileUserBehavior, 17568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) behavior); 17668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 17768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 17868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) std::string GetCachedBehavior(size_t user_index) { 17968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) return controller_->GetCachedValue(kUsers[user_index]); 18068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 18168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 18268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) void SetCachedBehavior(size_t user_index, 18368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) const std::string& behavior) { 18468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) controller_->SetCachedValue(kUsers[user_index], behavior); 18568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 18668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 18768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) void ResetCounts() { 18868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) user_not_allowed_count_ = 0; 18968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 19068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 19168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) // MultiProfileUserControllerDeleagte overrides: 1925d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual void OnUserNotAllowed(const std::string& user_email) OVERRIDE { 19368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) ++user_not_allowed_count_; 19468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 19568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 19668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) MultiProfileUserController* controller() { return controller_.get(); } 19768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) int user_not_allowed_count() const { return user_not_allowed_count_; } 19868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 1995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) TestingProfile* profile(int index) { 2005d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) return user_profiles_[index]; 2015d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 2025d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2035d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) content::TestBrowserThreadBundle threads_; 2045d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<policy::PolicyCertVerifier> cert_verifier_; 2055d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<TestingProfileManager> profile_manager_; 20668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) FakeUserManager* fake_user_manager_; // Not owned 20768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) ScopedUserManagerEnabler user_manager_enabler_; 20868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 20968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) scoped_ptr<MultiProfileUserController> controller_; 21068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 21168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) std::vector<TestingProfile*> user_profiles_; 21268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 21368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) int user_not_allowed_count_; 21468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 21568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(MultiProfileUserControllerTest); 21668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)}; 21768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 21868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// Tests that everyone is allowed before a session starts. 21968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)TEST_F(MultiProfileUserControllerTest, AllAllowedBeforeLogin) { 22068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) const char* kTestCases[] = { 22168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) MultiProfileUserController::kBehaviorUnrestricted, 22268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) MultiProfileUserController::kBehaviorPrimaryOnly, 22368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) MultiProfileUserController::kBehaviorNotAllowed, 22468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) }; 22568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) for (size_t i = 0; i < arraysize(kTestCases); ++i) { 22668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetCachedBehavior(0, kTestCases[i]); 2275f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) MultiProfileUserController::UserAllowedInSessionReason reason; 2285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[0], &reason)) 22968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) << "Case " << i; 2305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(MultiProfileUserController::ALLOWED, reason) << "Case " << i; 2316e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::ALLOWED, 2326e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::GetPrimaryUserPolicy()) 2336e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) << "Case " << i; 23468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 23568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)} 23668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 23768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// Tests that invalid cache value would become the default "unrestricted". 23868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)TEST_F(MultiProfileUserControllerTest, InvalidCacheBecomesDefault) { 23968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) const char kBad[] = "some invalid value"; 24068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetCachedBehavior(0, kBad); 24168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::kBehaviorUnrestricted, 24268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) GetCachedBehavior(0)); 24368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)} 24468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 24568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// Tests that cached behavior value changes with user pref after login. 24668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)TEST_F(MultiProfileUserControllerTest, CachedBehaviorUpdate) { 24768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) LoginUser(0); 24868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 24968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) const char* kTestCases[] = { 25068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) MultiProfileUserController::kBehaviorUnrestricted, 25168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) MultiProfileUserController::kBehaviorPrimaryOnly, 25268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) MultiProfileUserController::kBehaviorNotAllowed, 25368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) MultiProfileUserController::kBehaviorUnrestricted, 25468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) }; 25568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) for (size_t i = 0; i < arraysize(kTestCases); ++i) { 25668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetPrefBehavior(0, kTestCases[i]); 25768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) EXPECT_EQ(kTestCases[i], GetCachedBehavior(0)); 25868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 25968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)} 26068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 26168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// Tests that compromised cache value would be fixed and pref value is checked 26268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// upon login. 26368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)TEST_F(MultiProfileUserControllerTest, CompromisedCacheFixedOnLogin) { 26468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetPrefBehavior(0, MultiProfileUserController::kBehaviorPrimaryOnly); 26568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetCachedBehavior(0, MultiProfileUserController::kBehaviorUnrestricted); 26668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::kBehaviorUnrestricted, 26768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) GetCachedBehavior(0)); 26868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) LoginUser(0); 26968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::kBehaviorPrimaryOnly, 27068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) GetCachedBehavior(0)); 27168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 27268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) EXPECT_EQ(0, user_not_allowed_count()); 27368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetPrefBehavior(1, MultiProfileUserController::kBehaviorPrimaryOnly); 27468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetCachedBehavior(1, MultiProfileUserController::kBehaviorUnrestricted); 27568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::kBehaviorUnrestricted, 27668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) GetCachedBehavior(1)); 27768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) LoginUser(1); 27868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::kBehaviorPrimaryOnly, 27968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) GetCachedBehavior(1)); 28068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) EXPECT_EQ(1, user_not_allowed_count()); 28168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)} 28268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 28368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// Tests cases before the second user login. 28468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)TEST_F(MultiProfileUserControllerTest, IsSecondaryAllowed) { 28568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) LoginUser(0); 28668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 28768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) { 28868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetPrefBehavior(0, kBehaviorTestCases[i].primary); 28968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetCachedBehavior(1, kBehaviorTestCases[i].secondary); 2906e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kBehaviorTestCases[i].expected_primary_policy, 2916e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::GetPrimaryUserPolicy()) 2926e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) << "Case " << i; 2935f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) MultiProfileUserController::UserAllowedInSessionReason reason; 2945f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) controller()->IsUserAllowedInSession(kUsers[1], &reason); 2956e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kBehaviorTestCases[i].expected_secondary_allowed, reason) 2966e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) << "Case " << i; 29768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 29868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)} 29968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 30068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// Tests user behavior changes within a two-user session. 30168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)TEST_F(MultiProfileUserControllerTest, PrimaryBehaviorChange) { 30268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) LoginUser(0); 30368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) LoginUser(1); 30468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 30568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) { 30668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted); 30768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetPrefBehavior(1, MultiProfileUserController::kBehaviorUnrestricted); 30868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) ResetCounts(); 30968043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 31068043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetPrefBehavior(0, kBehaviorTestCases[i].primary); 31168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetPrefBehavior(1, kBehaviorTestCases[i].secondary); 3125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) if (user_not_allowed_count() == 0) { 3136e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(kBehaviorTestCases[i].expected_secondary_allowed, 3146e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::ALLOWED) 3156e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) << "Case " << i; 3165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } else { 3176e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_NE(kBehaviorTestCases[i].expected_secondary_allowed, 3186e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::ALLOWED) 3196e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) << "Case " << i; 3205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) } 32168043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) } 32268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)} 32368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 32468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)// Tests that owner could not be a secondary user. 32568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)TEST_F(MultiProfileUserControllerTest, NoSecondaryOwner) { 32668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) LoginUser(0); 32768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) SetOwner(1); 32868043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 3295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) MultiProfileUserController::UserAllowedInSessionReason reason; 3305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); 3315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_OWNER_AS_SECONDARY, reason); 33268043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 33368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) EXPECT_EQ(0, user_not_allowed_count()); 33468043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) LoginUser(1); 33568043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) EXPECT_EQ(1, user_not_allowed_count()); 33668043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)} 33768043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles) 3385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)TEST_F(MultiProfileUserControllerTest, 3395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) UsedPolicyCertificatesAllowedForPrimary) { 3405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Verifies that any user can sign-in as the primary user, regardless of the 3415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // tainted state. 3425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]); 3435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) MultiProfileUserController::UserAllowedInSessionReason reason; 3445f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[0], &reason)); 3455f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); 3465f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); 3475f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); 3486e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::ALLOWED, 3496e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::GetPrimaryUserPolicy()); 3505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 3515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)TEST_F(MultiProfileUserControllerTest, 3535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) UsedPolicyCertificatesDisallowedForSecondary) { 3545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Verifies that if a regular user is signed-in then other regular users can 3555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // be added but tainted users can't. 3565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) LoginUser(1); 3575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // TODO(xiyuan): Remove the following SetPrefBehavor when default is 3595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // changed back to enabled. 3605d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetPrefBehavior(1, MultiProfileUserController::kBehaviorUnrestricted); 3615d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3625f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) MultiProfileUserController::UserAllowedInSessionReason reason; 3635f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[0], &reason)); 3645f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); 3655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3665d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]); 3675f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[0], &reason)); 3685d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_POLICY_CERT_TAINTED, 3695f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) reason); 3705d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 3715d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3725d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)TEST_F(MultiProfileUserControllerTest, 3735d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) UsedPolicyCertificatesDisallowsSecondaries) { 3745d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Verifies that if a tainted user is signed-in then no other users can 3755d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // be added. 3765d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]); 3775d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) LoginUser(0); 3785d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3795d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure())); 3805d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) g_policy_cert_verifier_for_factory = cert_verifier_.get(); 3815d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE( 3825d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse( 3835d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) profile(0), TestPolicyCertServiceFactory)); 3845d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3855f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) MultiProfileUserController::UserAllowedInSessionReason reason; 3865f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); 3875d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, 3885f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) reason); 3896e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, 3906e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::GetPrimaryUserPolicy()); 3915d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[1]); 3925f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); 3935d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_POLICY_CERT_TAINTED, 3945f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) reason); 3956e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, 3966e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::GetPrimaryUserPolicy()); 3975d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 3985d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Flush tasks posted to IO. 3995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 4005d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 4015d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4025d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)TEST_F(MultiProfileUserControllerTest, 4035d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) PolicyCertificatesInMemoryDisallowsSecondaries) { 4045d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Verifies that if a user is signed-in and has policy certificates installed 4055d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // then no other users can be added. 4065d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) LoginUser(0); 4075d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4085d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // TODO(xiyuan): Remove the following SetPrefBehavor when default is 4095d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // changed back to enabled. 4105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted); 4115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure())); 4135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) g_policy_cert_verifier_for_factory = cert_verifier_.get(); 4145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE( 4155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse( 4165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) profile(0), TestPolicyCertServiceFactory)); 4175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy::PolicyCertService* service = 4185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) policy::PolicyCertServiceFactory::GetForProfile(profile(0)); 4195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) ASSERT_TRUE(service); 4205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_FALSE(service->has_policy_certificates()); 4225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) MultiProfileUserController::UserAllowedInSessionReason reason; 4235f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); 4245f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); 4256e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::ALLOWED, 4266e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::GetPrimaryUserPolicy()); 4275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) net::CertificateList certificates; 4295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) certificates.push_back(new net::X509Certificate( 4305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "subject", "issuer", base::Time(), base::Time())); 4315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) service->OnTrustAnchorsChanged(certificates); 4325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_TRUE(service->has_policy_certificates()); 4335f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); 4345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, 4355f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) reason); 4366e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, 4376e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) MultiProfileUserController::GetPrimaryUserPolicy()); 4385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 4395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Flush tasks posted to IO. 4405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) base::RunLoop().RunUntilIdle(); 4415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} 4425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 44368043e1e95eeb07d5cae7aca370b26518b0867d6Torne (Richard Coles)} // namespace chromeos 444