1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/chromeos/policy/device_cloud_policy_invalidator.h"
6
7#include <string>
8
9#include "base/memory/ref_counted.h"
10#include "base/message_loop/message_loop_proxy.h"
11#include "base/run_loop.h"
12#include "chrome/browser/browser_process_platform_part.h"
13#include "chrome/browser/chrome_notification_types.h"
14#include "chrome/browser/chromeos/login/users/fake_user_manager.h"
15#include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h"
16#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
17#include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
18#include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
19#include "chrome/browser/chromeos/policy/device_policy_builder.h"
20#include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h"
21#include "chrome/browser/chromeos/settings/cros_settings.h"
22#include "chrome/browser/chromeos/settings/device_oauth2_token_service_factory.h"
23#include "chrome/browser/chromeos/settings/device_settings_service.h"
24#include "chrome/browser/chromeos/settings/device_settings_test_helper.h"
25#include "chrome/browser/invalidation/fake_invalidation_service.h"
26#include "chrome/browser/invalidation/profile_invalidation_provider_factory.h"
27#include "chrome/browser/policy/cloud/cloud_policy_invalidator.h"
28#include "chrome/browser/profiles/profile.h"
29#include "chrome/test/base/testing_browser_process.h"
30#include "chrome/test/base/testing_profile_manager.h"
31#include "chromeos/cryptohome/system_salt_getter.h"
32#include "chromeos/dbus/dbus_thread_manager.h"
33#include "components/invalidation/invalidation_service.h"
34#include "components/invalidation/invalidator_state.h"
35#include "components/invalidation/profile_invalidation_provider.h"
36#include "components/invalidation/ticl_invalidation_service.h"
37#include "components/keyed_service/core/keyed_service.h"
38#include "components/ownership/mock_owner_key_util.h"
39#include "components/policy/core/common/cloud/cloud_policy_client.h"
40#include "components/policy/core/common/cloud/cloud_policy_constants.h"
41#include "components/policy/core/common/cloud/cloud_policy_core.h"
42#include "components/policy/core/common/cloud/mock_cloud_policy_client.h"
43#include "content/public/browser/browser_context.h"
44#include "content/public/browser/notification_details.h"
45#include "content/public/browser/notification_service.h"
46#include "content/public/test/test_browser_thread_bundle.h"
47#include "net/url_request/url_request_context_getter.h"
48#include "net/url_request/url_request_test_util.h"
49#include "policy/proto/device_management_backend.pb.h"
50#include "testing/gmock/include/gmock/gmock.h"
51#include "testing/gtest/include/gtest/gtest.h"
52
53namespace policy {
54
55namespace {
56
57const char kAffiliatedUserID1[] = "test_1@example.com";
58const char kAffiliatedUserID2[] = "test_2@example.com";
59const char kUnaffiliatedUserID[] = "test_2@other_domain.test";
60
61KeyedService* BuildProfileInvalidationProvider(
62    content::BrowserContext* context) {
63  scoped_ptr<invalidation::FakeInvalidationService> invalidation_service(
64      new invalidation::FakeInvalidationService);
65  invalidation_service->SetInvalidatorState(
66      syncer::TRANSIENT_INVALIDATION_ERROR);
67  return new invalidation::ProfileInvalidationProvider(
68      invalidation_service.PassAs<invalidation::InvalidationService>());
69}
70
71}  // namespace
72
73class DeviceCloudPolicyInvalidatorTest : public testing::Test {
74 public:
75  DeviceCloudPolicyInvalidatorTest();
76  virtual ~DeviceCloudPolicyInvalidatorTest();
77
78  // testing::Test:
79  virtual void SetUp() OVERRIDE;
80  virtual void TearDown() OVERRIDE;
81
82  // Ownership is not passed. The Profile is owned by the global ProfileManager.
83  Profile *LogInAndReturnProfile(const std::string& user_id);
84
85  invalidation::TiclInvalidationService* GetDeviceInvalidationService();
86  bool HasDeviceInvalidationServiceObserver() const;
87
88  invalidation::FakeInvalidationService* GetProfileInvalidationService(
89      Profile* profile);
90  int GetProfileInvalidationServiceObserverCount() const;
91
92  const invalidation::InvalidationService* GetInvalidationService() const;
93  CloudPolicyInvalidator* GetCloudPolicyInvalidator() const;
94
95  void ConnectDeviceInvalidationService();
96
97 protected:
98  DevicePolicyBuilder device_policy_;
99
100 private:
101  content::TestBrowserThreadBundle thread_bundle_;
102  scoped_refptr<net::URLRequestContextGetter> system_request_context_;
103  TestingProfileManager profile_manager_;
104  chromeos::FakeUserManager* fake_user_manager_;
105  chromeos::ScopedUserManagerEnabler user_manager_enabler_;
106  ScopedStubEnterpriseInstallAttributes install_attributes_;
107  scoped_ptr<chromeos::ScopedTestDeviceSettingsService>
108      test_device_settings_service_;
109  scoped_ptr<chromeos::ScopedTestCrosSettings> test_cros_settings_;
110  chromeos::DeviceSettingsTestHelper device_settings_test_helper_;
111
112  scoped_ptr<DeviceCloudPolicyInvalidator> invalidator_;
113};
114
115DeviceCloudPolicyInvalidatorTest::DeviceCloudPolicyInvalidatorTest()
116    : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP),
117      system_request_context_(new net::TestURLRequestContextGetter(
118          base::MessageLoopProxy::current())),
119      profile_manager_(TestingBrowserProcess::GetGlobal()),
120      fake_user_manager_(new chromeos::FakeUserManager),
121      user_manager_enabler_(fake_user_manager_),
122      install_attributes_("example.com",
123                          "user@example.com",
124                          "device_id",
125                          DEVICE_MODE_ENTERPRISE) {
126}
127
128DeviceCloudPolicyInvalidatorTest::~DeviceCloudPolicyInvalidatorTest() {
129}
130
131void DeviceCloudPolicyInvalidatorTest::SetUp() {
132  chromeos::SystemSaltGetter::Initialize();
133  chromeos::DBusThreadManager::Initialize();
134  chromeos::DeviceOAuth2TokenServiceFactory::Initialize();
135  TestingBrowserProcess::GetGlobal()->SetSystemRequestContext(
136      system_request_context_.get());
137  ASSERT_TRUE(profile_manager_.SetUp());
138
139  test_device_settings_service_.reset(new
140      chromeos::ScopedTestDeviceSettingsService);
141  test_cros_settings_.reset(new chromeos::ScopedTestCrosSettings);
142  scoped_refptr<ownership::MockOwnerKeyUtil> owner_key_util(
143      new ownership::MockOwnerKeyUtil);
144  owner_key_util->SetPublicKeyFromPrivateKey(
145      *device_policy_.GetSigningKey());
146  chromeos::DeviceSettingsService::Get()->SetSessionManager(
147      &device_settings_test_helper_,
148      owner_key_util);
149
150  device_policy_.policy_data().set_invalidation_source(123);
151  device_policy_.policy_data().set_invalidation_name("invalidation");
152  device_policy_.Build();
153  device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob());
154  device_settings_test_helper_.Flush();
155
156  scoped_ptr<MockCloudPolicyClient> policy_client(new MockCloudPolicyClient);
157  EXPECT_CALL(*policy_client, SetupRegistration("token", "device-id"));
158  CloudPolicyCore* core = TestingBrowserProcess::GetGlobal()->platform_part()->
159      browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()->
160          core();
161  core->Connect(policy_client.PassAs<CloudPolicyClient>());
162  core->StartRefreshScheduler();
163
164  invalidation::ProfileInvalidationProviderFactory::GetInstance()->
165      RegisterTestingFactory(BuildProfileInvalidationProvider);
166
167  invalidator_.reset(new DeviceCloudPolicyInvalidator);
168}
169
170void DeviceCloudPolicyInvalidatorTest::TearDown() {
171  invalidator_.reset();
172  base::RunLoop().RunUntilIdle();
173
174  invalidation::ProfileInvalidationProviderFactory::GetInstance()->
175      RegisterTestingFactory(NULL);
176  chromeos::DeviceSettingsService::Get()->UnsetSessionManager();
177  TestingBrowserProcess::GetGlobal()->SetBrowserPolicyConnector(NULL);
178  chromeos::DeviceOAuth2TokenServiceFactory::Shutdown();
179  chromeos::DBusThreadManager::Shutdown();
180  chromeos::SystemSaltGetter::Shutdown();
181}
182
183Profile *DeviceCloudPolicyInvalidatorTest::LogInAndReturnProfile(
184    const std::string& user_id) {
185  fake_user_manager_->AddUser(user_id);
186  Profile* profile = profile_manager_.CreateTestingProfile(user_id);
187  content::NotificationService::current()->Notify(
188      chrome::NOTIFICATION_LOGIN_USER_PROFILE_PREPARED,
189      content::NotificationService::AllSources(),
190      content::Details<Profile>(profile));
191  return profile;
192}
193
194invalidation::TiclInvalidationService*
195DeviceCloudPolicyInvalidatorTest::GetDeviceInvalidationService() {
196  return invalidator_->device_invalidation_service_.get();
197}
198
199bool DeviceCloudPolicyInvalidatorTest::HasDeviceInvalidationServiceObserver(
200    ) const {
201  return invalidator_->device_invalidation_service_observer_.get();
202}
203
204invalidation::FakeInvalidationService*
205DeviceCloudPolicyInvalidatorTest::GetProfileInvalidationService(
206    Profile* profile) {
207  invalidation::ProfileInvalidationProvider* invalidation_provider =
208      static_cast<invalidation::ProfileInvalidationProvider*>(
209          invalidation::ProfileInvalidationProviderFactory::GetInstance()->
210              GetServiceForBrowserContext(profile, false));
211  if (!invalidation_provider)
212    return NULL;
213  return static_cast<invalidation::FakeInvalidationService*>(
214      invalidation_provider->GetInvalidationService());
215}
216
217int DeviceCloudPolicyInvalidatorTest::
218        GetProfileInvalidationServiceObserverCount() const {
219  return invalidator_->profile_invalidation_service_observers_.size();
220}
221
222const invalidation::InvalidationService*
223DeviceCloudPolicyInvalidatorTest::GetInvalidationService() const {
224  return invalidator_->invalidation_service_;
225}
226
227CloudPolicyInvalidator*
228DeviceCloudPolicyInvalidatorTest::GetCloudPolicyInvalidator() const {
229  return invalidator_->invalidator_.get();
230}
231
232void DeviceCloudPolicyInvalidatorTest::ConnectDeviceInvalidationService() {
233  const int per_profile_invalidation_service_observer_count =
234      GetProfileInvalidationServiceObserverCount();
235
236  // Verify that a device-global invalidation service has been created.
237  ASSERT_TRUE(GetDeviceInvalidationService());
238  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
239
240  // Verify that no new per-profile invalidation service observers have been
241  // created.
242  EXPECT_EQ(per_profile_invalidation_service_observer_count,
243            GetProfileInvalidationServiceObserverCount());
244
245  // Verify that no invalidator exists yet
246  EXPECT_FALSE(GetCloudPolicyInvalidator());
247  EXPECT_FALSE(GetInvalidationService());
248
249  // Indicate that the device-global invalidation service has connected.
250  GetDeviceInvalidationService()->OnInvalidatorStateChange(
251      syncer::INVALIDATIONS_ENABLED);
252  base::RunLoop().RunUntilIdle();
253
254  // Verify that the device-global invalidation service still exists.
255  EXPECT_TRUE(GetDeviceInvalidationService());
256  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
257
258  // Verify that an invalidator backed by the device-global invalidation service
259  // has been created.
260  EXPECT_TRUE(GetCloudPolicyInvalidator());
261  EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
262}
263
264// Verifies that a DeviceCloudPolicyInvalidator backed by a device-global
265// invalidation service is created/destroyed as the service
266// connects/disconnects.
267TEST_F(DeviceCloudPolicyInvalidatorTest, UseDeviceInvalidationService) {
268  // Verify that an invalidator backed by the device-global invalidation service
269  // is created when the service connects.
270  ConnectDeviceInvalidationService();
271  ASSERT_TRUE(GetDeviceInvalidationService());
272  EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
273
274  // Indicate that the device-global invalidation service has disconnected.
275  GetDeviceInvalidationService()->OnInvalidatorStateChange(
276      syncer::INVALIDATION_CREDENTIALS_REJECTED);
277  base::RunLoop().RunUntilIdle();
278
279  // Verify that the device-global invalidation service still exists.
280  EXPECT_TRUE(GetDeviceInvalidationService());
281  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
282
283  // Verify that the invalidator has been destroyed.
284  EXPECT_FALSE(GetCloudPolicyInvalidator());
285  EXPECT_FALSE(GetInvalidationService());
286}
287
288// Verifies that when the per-profile invalidation service for an affiliated
289// user connect/disconnects, a DeviceCloudPolicyInvalidator backed by it is
290// created/destroyed.
291TEST_F(DeviceCloudPolicyInvalidatorTest,
292       UseAffiliatedProfileInvalidationService) {
293  // Log in as an affiliated user.
294  Profile* profile = LogInAndReturnProfile(kAffiliatedUserID1);
295  ASSERT_TRUE(profile);
296
297  // Verify that a device-global invalidation service has been created.
298  EXPECT_TRUE(GetDeviceInvalidationService());
299  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
300
301  // Verify that a per-profile invalidation service has been created.
302  invalidation::FakeInvalidationService* profile_invalidation_service =
303      GetProfileInvalidationService(profile);
304  ASSERT_TRUE(profile_invalidation_service);
305  EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
306
307  // Verify that no invalidator exists yet.
308  EXPECT_FALSE(GetCloudPolicyInvalidator());
309  EXPECT_FALSE(GetInvalidationService());
310
311  // Indicate that the per-profile invalidation service has connected.
312  profile_invalidation_service->SetInvalidatorState(
313      syncer::INVALIDATIONS_ENABLED);
314
315  // Verify that the device-global invalidator has been destroyed.
316  EXPECT_FALSE(GetDeviceInvalidationService());
317  EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
318
319  // Verify that a per-profile invalidation service still exists.
320  profile_invalidation_service = GetProfileInvalidationService(profile);
321  ASSERT_TRUE(profile_invalidation_service);
322  EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
323
324  // Verify that an invalidator backed by the per-profile invalidation service
325  // has been created.
326  EXPECT_TRUE(GetCloudPolicyInvalidator());
327  EXPECT_EQ(profile_invalidation_service, GetInvalidationService());
328
329  // Indicate that the per-profile invalidation service has disconnected.
330  profile_invalidation_service->SetInvalidatorState(
331      syncer::INVALIDATION_CREDENTIALS_REJECTED);
332
333  // Verify that a device-global invalidation service has been created.
334  EXPECT_TRUE(GetDeviceInvalidationService());
335  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
336
337  // Verify that a per-profile invalidation service still exists.
338  profile_invalidation_service = GetProfileInvalidationService(profile);
339  EXPECT_TRUE(profile_invalidation_service);
340  EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
341
342  // Verify that the invalidator has been destroyed.
343  EXPECT_FALSE(GetCloudPolicyInvalidator());
344  EXPECT_FALSE(GetInvalidationService());
345}
346
347// Verifies that even if the per-profile invalidation service for an
348// unaffiliated user connects, no DeviceCloudPolicyInvalidator backed by it is
349// created.
350TEST_F(DeviceCloudPolicyInvalidatorTest,
351       DoNotUseUnaffiliatedProfileInvalidationService) {
352  // Log in as an unaffiliated user.
353  Profile* profile = LogInAndReturnProfile(kUnaffiliatedUserID);
354  ASSERT_TRUE(profile);
355
356  // Verify that a device-global invalidation service has been created.
357  EXPECT_TRUE(GetDeviceInvalidationService());
358  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
359
360  // Verify that a per-profile invalidation service has been created.
361  invalidation::FakeInvalidationService* profile_invalidation_service =
362      GetProfileInvalidationService(profile);
363  ASSERT_TRUE(profile_invalidation_service);
364  EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount());
365
366  // Verify that no invalidator exists yet.
367  EXPECT_FALSE(GetCloudPolicyInvalidator());
368  EXPECT_FALSE(GetInvalidationService());
369
370  // Indicate that the per-profile invalidation service has connected.
371  profile_invalidation_service->SetInvalidatorState(
372      syncer::INVALIDATIONS_ENABLED);
373
374  // Verify that the device-global invalidator still exists.
375  EXPECT_TRUE(GetDeviceInvalidationService());
376  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
377
378  // Verify that a per-profile invalidation service still exists.
379  profile_invalidation_service = GetProfileInvalidationService(profile);
380  EXPECT_TRUE(profile_invalidation_service);
381  EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount());
382
383  // Verify that no invalidator has been created.
384  EXPECT_FALSE(GetCloudPolicyInvalidator());
385  EXPECT_FALSE(GetInvalidationService());
386}
387
388// Verifies that when the per-profile invalidation service for an affiliated
389// user connects, a DeviceCloudPolicyInvalidator backed by it replaces the
390// current DeviceCloudPolicyInvalidator backed by a device-global invalidation
391// service. Also verifies that the device-global invalidation service is
392// destroyed at this point and the highest handled invalidation version is
393// preserved when switching invalidation services.
394TEST_F(DeviceCloudPolicyInvalidatorTest,
395       SwitchToAffiliatedProfileInvalidationService) {
396  CloudPolicyStore* store = static_cast<CloudPolicyStore*>(
397      TestingBrowserProcess::GetGlobal()->platform_part()->
398          browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()->
399              device_store());
400  ASSERT_TRUE(store);
401
402  // Verify that an invalidator backed by the device-global invalidation service
403  // is created when the service connects.
404  ConnectDeviceInvalidationService();
405  CloudPolicyInvalidator* invalidator = GetCloudPolicyInvalidator();
406  ASSERT_TRUE(invalidator);
407  EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
408
409  // Verify that the invalidator's highest handled invalidation version starts
410  // out as zero.
411  EXPECT_EQ(0, invalidator->highest_handled_invalidation_version());
412
413  // Handle an invalidation with version 1. Verify that the invalidator's
414  // highest handled invalidation version is updated accordingly.
415  store->Store(device_policy_.policy(), 1);
416  invalidator->OnStoreLoaded(store);
417  EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
418
419  // Log in as an affiliated user.
420  Profile* profile = LogInAndReturnProfile(kAffiliatedUserID1);
421  ASSERT_TRUE(profile);
422
423  // Verify that the device-global invalidation service still exists.
424  EXPECT_TRUE(GetDeviceInvalidationService());
425  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
426
427  // Verify that a per-profile invalidation service has been created.
428  invalidation::FakeInvalidationService* profile_invalidation_service =
429      GetProfileInvalidationService(profile);
430  ASSERT_TRUE(profile_invalidation_service);
431  EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
432
433  // Verify that an invalidator backed by the device-global invalidation service
434  // still exists.
435  EXPECT_TRUE(GetCloudPolicyInvalidator());
436  EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
437
438  // Indicate that the per-profile invalidation service has connected.
439  profile_invalidation_service->SetInvalidatorState(
440      syncer::INVALIDATIONS_ENABLED);
441
442  // Verify that the device-global invalidator has been destroyed.
443  EXPECT_FALSE(GetDeviceInvalidationService());
444  EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
445
446  // Verify that a per-profile invalidation service still exists.
447  profile_invalidation_service = GetProfileInvalidationService(profile);
448  EXPECT_TRUE(profile_invalidation_service);
449  EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
450
451  // Verify that an invalidator backed by the per-profile invalidation service
452  // has been created.
453  invalidator = GetCloudPolicyInvalidator();
454  ASSERT_TRUE(invalidator);
455  EXPECT_EQ(profile_invalidation_service, GetInvalidationService());
456
457  // Verify that the invalidator's highest handled invalidation version starts
458  // out as one.
459  EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
460}
461
462// Verifies that when the per-profile invalidation service for an unaffiliated
463// user connects, the current DeviceCloudPolicyInvalidator backed by a
464// device-global invalidation service is not destroyed and replaced.
465TEST_F(DeviceCloudPolicyInvalidatorTest,
466       DoNotSwitchToUnaffiliatedProfileInvalidationService) {
467  // Verify that an invalidator backed by the device-global invalidation service
468  // is created when the service connects.
469  ConnectDeviceInvalidationService();
470  CloudPolicyInvalidator* invalidator = GetCloudPolicyInvalidator();
471  ASSERT_TRUE(invalidator);
472  EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
473
474  // Verify that the invalidator's highest handled invalidation version starts
475  // out as zero.
476  EXPECT_EQ(0, invalidator->highest_handled_invalidation_version());
477
478  // Log in as an unaffiliated user.
479  Profile* profile = LogInAndReturnProfile(kUnaffiliatedUserID);
480  ASSERT_TRUE(profile);
481
482  // Verify that the device-global invalidation service still exists.
483  EXPECT_TRUE(GetDeviceInvalidationService());
484  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
485
486  // Verify that a per-profile invalidation service has been created.
487  invalidation::FakeInvalidationService* profile_invalidation_service =
488      GetProfileInvalidationService(profile);
489  ASSERT_TRUE(profile_invalidation_service);
490  EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount());
491
492  // Verify that an invalidator backed by the device-global invalidation service
493  // still exists.
494  EXPECT_TRUE(GetCloudPolicyInvalidator());
495  EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
496
497  // Indicate that the per-profile invalidation service has connected.
498  profile_invalidation_service->SetInvalidatorState(
499      syncer::INVALIDATIONS_ENABLED);
500
501  // Verify that the device-global invalidator still exists.
502  EXPECT_TRUE(GetDeviceInvalidationService());
503  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
504
505  // Verify that a per-profile invalidation service still exists.
506  profile_invalidation_service = GetProfileInvalidationService(profile);
507  EXPECT_TRUE(profile_invalidation_service);
508  EXPECT_EQ(0, GetProfileInvalidationServiceObserverCount());
509
510  // Verify that an invalidator backed by the device-global invalidation service
511  // still exists.
512  EXPECT_TRUE(GetCloudPolicyInvalidator());
513  EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
514}
515
516// Verifies that when the per-profile invalidation service backing the current
517// DeviceCloudPolicyInvalidator disconnects and no other connected invalidation
518// service is available for use, a device-global invalidation service is
519// created. Also verifies that when this service connects, a
520// DeviceCloudPolicyInvalidator backed by it is created and the highest handled
521// invalidation version is preserved when switching invalidation services.
522TEST_F(DeviceCloudPolicyInvalidatorTest, SwitchToDeviceInvalidationService) {
523  CloudPolicyStore* store = static_cast<CloudPolicyStore*>(
524      TestingBrowserProcess::GetGlobal()->platform_part()->
525          browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()->
526              device_store());
527  ASSERT_TRUE(store);
528
529  // Log in as an affiliated user.
530  Profile* profile = LogInAndReturnProfile(kAffiliatedUserID1);
531  ASSERT_TRUE(profile);
532
533  // Verify that a device-global invalidation service has been created.
534  EXPECT_TRUE(GetDeviceInvalidationService());
535  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
536
537  // Verify that a per-profile invalidation service has been created.
538  invalidation::FakeInvalidationService* profile_invalidation_service =
539      GetProfileInvalidationService(profile);
540  ASSERT_TRUE(profile_invalidation_service);
541  EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
542
543  // Verify that no invalidator exists yet.
544  EXPECT_FALSE(GetCloudPolicyInvalidator());
545  EXPECT_FALSE(GetInvalidationService());
546
547  // Indicate that the per-profile invalidation service has connected.
548  profile_invalidation_service->SetInvalidatorState(
549      syncer::INVALIDATIONS_ENABLED);
550
551  // Verify that the device-global invalidator has been destroyed.
552  EXPECT_FALSE(GetDeviceInvalidationService());
553  EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
554
555  // Verify that a per-profile invalidation service still exists.
556  profile_invalidation_service = GetProfileInvalidationService(profile);
557  ASSERT_TRUE(profile_invalidation_service);
558  EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
559
560  // Verify that an invalidator backed by the per-profile invalidation service
561  // has been created.
562  CloudPolicyInvalidator* invalidator = GetCloudPolicyInvalidator();
563  ASSERT_TRUE(invalidator);
564  EXPECT_EQ(profile_invalidation_service, GetInvalidationService());
565
566  // Verify that the invalidator's highest handled invalidation version starts
567  // out as zero.
568  EXPECT_EQ(0, invalidator->highest_handled_invalidation_version());
569
570  // Handle an invalidation with version 1. Verify that the invalidator's
571  // highest handled invalidation version is updated accordingly.
572  store->Store(device_policy_.policy(), 1);
573  invalidator->OnStoreLoaded(store);
574  EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
575
576  // Indicate that the per-profile invalidation service has disconnected.
577  profile_invalidation_service->SetInvalidatorState(
578      syncer::INVALIDATION_CREDENTIALS_REJECTED);
579
580  // Verify that a device-global invalidation service has been created.
581  EXPECT_TRUE(GetDeviceInvalidationService());
582  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
583
584  // Verify that a per-profile invalidation service still exists.
585  profile_invalidation_service = GetProfileInvalidationService(profile);
586  EXPECT_TRUE(profile_invalidation_service);
587  EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
588
589  // Verify that the invalidator has been destroyed.
590  EXPECT_FALSE(GetCloudPolicyInvalidator());
591  EXPECT_FALSE(GetInvalidationService());
592
593  // Verify that an invalidator backed by the device-global invalidation service
594  // is created when the service connects.
595  ConnectDeviceInvalidationService();
596  invalidator = GetCloudPolicyInvalidator();
597  ASSERT_TRUE(invalidator);
598  EXPECT_EQ(GetDeviceInvalidationService(), GetInvalidationService());
599
600  // Verify that the invalidator's highest handled invalidation version starts
601  // out as one.
602  EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
603}
604
605// Verifies that when the per-profile invalidation service backing the current
606// DeviceCloudPolicyInvalidator disconnects and another connected per-profile
607// invalidation service is available for use, a DeviceCloudPolicyInvalidator
608// backed by that service is created. Also verifies that the highest handled
609// invalidation version is preserved when switching invalidation services.
610TEST_F(DeviceCloudPolicyInvalidatorTest,
611       SwitchBetweenAffiliatedProfileInvalidationServices) {
612  CloudPolicyStore* store = static_cast<CloudPolicyStore*>(
613      TestingBrowserProcess::GetGlobal()->platform_part()->
614          browser_policy_connector_chromeos()->GetDeviceCloudPolicyManager()->
615              device_store());
616  ASSERT_TRUE(store);
617
618  // Verify that a device-global invalidation service has been created.
619  EXPECT_TRUE(GetDeviceInvalidationService());
620  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
621
622  // Verify that no invalidator exists yet.
623  EXPECT_FALSE(GetCloudPolicyInvalidator());
624  EXPECT_FALSE(GetInvalidationService());
625
626  // Log in as a first affiliated user.
627  Profile* profile_1 = LogInAndReturnProfile(kAffiliatedUserID1);
628  ASSERT_TRUE(profile_1);
629
630  // Verify that the device-global invalidation service still exists.
631  EXPECT_TRUE(GetDeviceInvalidationService());
632  EXPECT_TRUE(HasDeviceInvalidationServiceObserver());
633
634  // Verify that a per-profile invalidation service has been created for the
635  // first user.
636  invalidation::FakeInvalidationService* profile_1_invalidation_service =
637      GetProfileInvalidationService(profile_1);
638  ASSERT_TRUE(profile_1_invalidation_service);
639  EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
640
641  // Verify that no invalidator has been created.
642  EXPECT_FALSE(GetCloudPolicyInvalidator());
643  EXPECT_FALSE(GetInvalidationService());
644
645  // Indicate that the first user's per-profile invalidation service has
646  // connected.
647  profile_1_invalidation_service->SetInvalidatorState(
648      syncer::INVALIDATIONS_ENABLED);
649
650  // Verify that the device-global invalidator has been destroyed.
651  EXPECT_FALSE(GetDeviceInvalidationService());
652  EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
653
654  // Verify that a per-profile invalidation service still exists for the first
655  // user.
656  profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
657  EXPECT_TRUE(profile_1_invalidation_service);
658  EXPECT_EQ(1, GetProfileInvalidationServiceObserverCount());
659
660  // Verify that an invalidator backed by the first user's per-profile
661  // invalidation service has been created.
662  CloudPolicyInvalidator* invalidator = GetCloudPolicyInvalidator();
663  ASSERT_TRUE(invalidator);
664  EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService());
665
666  // Verify that the invalidator's highest handled invalidation version starts
667  // out as zero.
668  EXPECT_EQ(0, invalidator->highest_handled_invalidation_version());
669
670  // Handle an invalidation with version 1. Verify that the invalidator's
671  // highest handled invalidation version is updated accordingly.
672  store->Store(device_policy_.policy(), 1);
673  invalidator->OnStoreLoaded(store);
674  EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
675
676  // Log in as a second affiliated user.
677  Profile* profile_2 = LogInAndReturnProfile(kAffiliatedUserID2);
678  ASSERT_TRUE(profile_2);
679
680  // Verify that the device-global invalidator still does not exist.
681  EXPECT_FALSE(GetDeviceInvalidationService());
682  EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
683
684  // Verify that a per-profile invalidation service still exists for the first
685  // user and one has been created for the second user.
686  profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
687  EXPECT_TRUE(profile_1_invalidation_service);
688  invalidation::FakeInvalidationService* profile_2_invalidation_service =
689      GetProfileInvalidationService(profile_2);
690  ASSERT_TRUE(profile_2_invalidation_service);
691  EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
692
693  // Verify that an invalidator backed by the first user's per-profile
694  // invalidation service still exists.
695  EXPECT_TRUE(GetCloudPolicyInvalidator());
696  EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService());
697
698  // Indicate that the second user's per-profile invalidation service has
699  // connected.
700  profile_2_invalidation_service->SetInvalidatorState(
701      syncer::INVALIDATIONS_ENABLED);
702
703  // Verify that the device-global invalidator still does not exist.
704  EXPECT_FALSE(GetDeviceInvalidationService());
705  EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
706
707  // Verify that per-profile invalidation services still exist for both users.
708  profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
709  ASSERT_TRUE(profile_1_invalidation_service);
710  profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
711  EXPECT_TRUE(profile_2_invalidation_service);
712  EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
713
714  // Verify that an invalidator backed by the first user's per-profile
715  // invalidation service still exists.
716  EXPECT_TRUE(GetCloudPolicyInvalidator());
717  EXPECT_EQ(profile_1_invalidation_service, GetInvalidationService());
718
719  // Indicate that the first user's per-profile invalidation service has
720  // disconnected.
721  profile_1_invalidation_service->SetInvalidatorState(
722      syncer::INVALIDATION_CREDENTIALS_REJECTED);
723
724  // Verify that the device-global invalidator still does not exist.
725  EXPECT_FALSE(GetDeviceInvalidationService());
726  EXPECT_FALSE(HasDeviceInvalidationServiceObserver());
727
728  // Verify that per-profile invalidation services still exist for both users.
729  profile_1_invalidation_service = GetProfileInvalidationService(profile_1);
730  EXPECT_TRUE(profile_1_invalidation_service);
731  profile_2_invalidation_service = GetProfileInvalidationService(profile_2);
732  ASSERT_TRUE(profile_2_invalidation_service);
733  EXPECT_EQ(2, GetProfileInvalidationServiceObserverCount());
734
735  // Verify that an invalidator backed by the second user's per-profile
736  // invalidation service has been created.
737  invalidator = GetCloudPolicyInvalidator();
738  ASSERT_TRUE(invalidator);
739  EXPECT_EQ(profile_2_invalidation_service, GetInvalidationService());
740
741  // Verify that the invalidator's highest handled invalidation version starts
742  // out as one.
743  EXPECT_EQ(1, invalidator->highest_handled_invalidation_version());
744}
745
746}  // namespace policy
747