device_local_account_policy_service_unittest.cc revision 1320f92c476a1ad9d19dba2a48c72b75566198e9
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" 6 7#include <algorithm> 8 9#include "base/bind.h" 10#include "base/bind_helpers.h" 11#include "base/callback.h" 12#include "base/files/file_path.h" 13#include "base/files/file_util.h" 14#include "base/files/scoped_temp_dir.h" 15#include "base/message_loop/message_loop.h" 16#include "base/message_loop/message_loop_proxy.h" 17#include "base/path_service.h" 18#include "base/run_loop.h" 19#include "base/strings/string_number_conversions.h" 20#include "base/strings/stringprintf.h" 21#include "base/test/scoped_path_override.h" 22#include "base/test/test_simple_task_runner.h" 23#include "chrome/browser/chromeos/policy/device_local_account.h" 24#include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h" 25#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" 26#include "chrome/browser/chromeos/settings/cros_settings.h" 27#include "chrome/browser/chromeos/settings/device_settings_service.h" 28#include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 29#include "chrome/common/chrome_paths.h" 30#include "chromeos/chromeos_paths.h" 31#include "chromeos/dbus/power_policy_controller.h" 32#include "components/policy/core/common/cloud/cloud_policy_client.h" 33#include "components/policy/core/common/cloud/cloud_policy_constants.h" 34#include "components/policy/core/common/cloud/cloud_policy_service.h" 35#include "components/policy/core/common/cloud/mock_device_management_service.h" 36#include "components/policy/core/common/cloud/policy_builder.h" 37#include "components/policy/core/common/external_data_fetcher.h" 38#include "components/policy/core/common/mock_configuration_policy_provider.h" 39#include "components/policy/core/common/policy_bundle.h" 40#include "components/policy/core/common/policy_map.h" 41#include "components/policy/core/common/schema_registry.h" 42#include "net/url_request/url_request_context_getter.h" 43#include "net/url_request/url_request_test_util.h" 44#include "policy/policy_constants.h" 45#include "policy/proto/cloud_policy.pb.h" 46#include "policy/proto/device_management_backend.pb.h" 47#include "testing/gtest/include/gtest/gtest.h" 48 49using testing::AnyNumber; 50using testing::AtLeast; 51using testing::Mock; 52using testing::SaveArg; 53using testing::_; 54 55namespace em = enterprise_management; 56 57namespace policy { 58 59namespace { 60 61const char kAccount1[] = "account1@localhost"; 62const char kAccount2[] = "account2@localhost"; 63const char kAccount3[] = "account3@localhost"; 64 65const char kExtensionID[] = "kbmnembihfiondgfjekmnmcbddelicoi"; 66const char kExtensionVersion[] = "1.0.0.0"; 67const char kExtensionCRXPath[] = "extensions/hosted_app.crx"; 68const char kUpdateURL[] = "https://clients2.google.com/service/update2/crx"; 69 70} // namespace 71 72class MockDeviceLocalAccountPolicyServiceObserver 73 : public DeviceLocalAccountPolicyService::Observer { 74 public: 75 MOCK_METHOD1(OnPolicyUpdated, void(const std::string&)); 76 MOCK_METHOD0(OnDeviceLocalAccountsChanged, void(void)); 77}; 78 79class DeviceLocalAccountPolicyServiceTestBase 80 : public chromeos::DeviceSettingsTestBase { 81 public: 82 DeviceLocalAccountPolicyServiceTestBase(); 83 84 virtual void SetUp() OVERRIDE; 85 virtual void TearDown() OVERRIDE; 86 87 void CreatePolicyService(); 88 89 void InstallDeviceLocalAccountPolicy(const std::string& account_id); 90 void AddDeviceLocalAccountToPolicy(const std::string& account_id); 91 virtual void InstallDevicePolicy(); 92 93 const std::string account_1_user_id_; 94 const std::string account_2_user_id_; 95 96 PolicyMap expected_policy_map_; 97 UserPolicyBuilder device_local_account_policy_; 98 chromeos::CrosSettings cros_settings_; 99 scoped_refptr<base::TestSimpleTaskRunner> extension_cache_task_runner_; 100 MockDeviceManagementService mock_device_management_service_; 101 scoped_ptr<DeviceLocalAccountPolicyService> service_; 102 103 private: 104 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTestBase); 105}; 106 107class DeviceLocalAccountPolicyServiceTest 108 : public DeviceLocalAccountPolicyServiceTestBase { 109 public: 110 MOCK_METHOD1(OnRefreshDone, void(bool)); 111 112 protected: 113 DeviceLocalAccountPolicyServiceTest(); 114 115 virtual void SetUp() OVERRIDE; 116 virtual void TearDown() OVERRIDE; 117 118 void InstallDevicePolicy() OVERRIDE; 119 120 MockDeviceLocalAccountPolicyServiceObserver service_observer_; 121 122 private: 123 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTest); 124}; 125 126DeviceLocalAccountPolicyServiceTestBase:: 127 DeviceLocalAccountPolicyServiceTestBase() 128 : account_1_user_id_(GenerateDeviceLocalAccountUserId( 129 kAccount1, 130 DeviceLocalAccount::TYPE_PUBLIC_SESSION)), 131 account_2_user_id_(GenerateDeviceLocalAccountUserId( 132 kAccount2, 133 DeviceLocalAccount::TYPE_PUBLIC_SESSION)), 134 cros_settings_(&device_settings_service_), 135 extension_cache_task_runner_(new base::TestSimpleTaskRunner) { 136} 137 138void DeviceLocalAccountPolicyServiceTestBase::SetUp() { 139 chromeos::DeviceSettingsTestBase::SetUp(); 140 141 expected_policy_map_.Set(key::kDisableSpdy, 142 POLICY_LEVEL_MANDATORY, 143 POLICY_SCOPE_USER, 144 new base::FundamentalValue(true), 145 NULL); 146 147 device_local_account_policy_.payload().mutable_disablespdy()->set_value( 148 true); 149 device_local_account_policy_.policy_data().set_policy_type( 150 dm_protocol::kChromePublicAccountPolicyType); 151} 152 153void DeviceLocalAccountPolicyServiceTestBase::TearDown() { 154 service_->Shutdown(); 155 service_.reset(); 156 extension_cache_task_runner_->RunUntilIdle(); 157 chromeos::DeviceSettingsTestBase::TearDown(); 158} 159 160void DeviceLocalAccountPolicyServiceTestBase::CreatePolicyService() { 161 service_.reset(new DeviceLocalAccountPolicyService( 162 &device_settings_test_helper_, 163 &device_settings_service_, 164 &cros_settings_, 165 base::MessageLoopProxy::current(), 166 extension_cache_task_runner_, 167 base::MessageLoopProxy::current(), 168 base::MessageLoopProxy::current(), 169 new net::TestURLRequestContextGetter(base::MessageLoopProxy::current()))); 170} 171 172void DeviceLocalAccountPolicyServiceTestBase:: 173 InstallDeviceLocalAccountPolicy(const std::string& account_id) { 174 device_local_account_policy_.policy_data().set_settings_entity_id(account_id); 175 device_local_account_policy_.policy_data().set_username(account_id); 176 device_local_account_policy_.Build(); 177 device_settings_test_helper_.set_device_local_account_policy_blob( 178 account_id, device_local_account_policy_.GetBlob()); 179} 180 181void DeviceLocalAccountPolicyServiceTestBase::AddDeviceLocalAccountToPolicy( 182 const std::string& account_id) { 183 em::DeviceLocalAccountInfoProto* account = 184 device_policy_.payload().mutable_device_local_accounts()->add_account(); 185 account->set_account_id(account_id); 186 account->set_type( 187 em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION); 188} 189 190void DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy() { 191 device_policy_.Build(); 192 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 193 ReloadDeviceSettings(); 194} 195 196DeviceLocalAccountPolicyServiceTest::DeviceLocalAccountPolicyServiceTest() { 197 CreatePolicyService(); 198} 199 200void DeviceLocalAccountPolicyServiceTest::SetUp() { 201 DeviceLocalAccountPolicyServiceTestBase::SetUp(); 202 service_->AddObserver(&service_observer_); 203} 204 205void DeviceLocalAccountPolicyServiceTest::TearDown() { 206 service_->RemoveObserver(&service_observer_); 207 DeviceLocalAccountPolicyServiceTestBase::TearDown(); 208} 209 210void DeviceLocalAccountPolicyServiceTest::InstallDevicePolicy() { 211 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged()); 212 DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy(); 213 Mock::VerifyAndClearExpectations(&service_observer_); 214} 215 216TEST_F(DeviceLocalAccountPolicyServiceTest, NoAccounts) { 217 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_)); 218} 219 220TEST_F(DeviceLocalAccountPolicyServiceTest, GetBroker) { 221 InstallDeviceLocalAccountPolicy(kAccount1); 222 AddDeviceLocalAccountToPolicy(kAccount1); 223 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 224 InstallDevicePolicy(); 225 226 DeviceLocalAccountPolicyBroker* broker = 227 service_->GetBrokerForUser(account_1_user_id_); 228 ASSERT_TRUE(broker); 229 EXPECT_EQ(account_1_user_id_, broker->user_id()); 230 ASSERT_TRUE(broker->core()->store()); 231 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 232 EXPECT_FALSE(broker->core()->client()); 233 EXPECT_FALSE(broker->core()->store()->policy_map().empty()); 234} 235 236TEST_F(DeviceLocalAccountPolicyServiceTest, LoadNoPolicy) { 237 AddDeviceLocalAccountToPolicy(kAccount1); 238 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 239 InstallDevicePolicy(); 240 241 DeviceLocalAccountPolicyBroker* broker = 242 service_->GetBrokerForUser(account_1_user_id_); 243 ASSERT_TRUE(broker); 244 EXPECT_EQ(account_1_user_id_, broker->user_id()); 245 ASSERT_TRUE(broker->core()->store()); 246 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, 247 broker->core()->store()->status()); 248 EXPECT_TRUE(broker->core()->store()->policy_map().empty()); 249 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 250} 251 252TEST_F(DeviceLocalAccountPolicyServiceTest, LoadValidationFailure) { 253 device_local_account_policy_.policy_data().set_policy_type( 254 dm_protocol::kChromeUserPolicyType); 255 InstallDeviceLocalAccountPolicy(kAccount1); 256 AddDeviceLocalAccountToPolicy(kAccount1); 257 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 258 InstallDevicePolicy(); 259 260 DeviceLocalAccountPolicyBroker* broker = 261 service_->GetBrokerForUser(account_1_user_id_); 262 ASSERT_TRUE(broker); 263 EXPECT_EQ(account_1_user_id_, broker->user_id()); 264 ASSERT_TRUE(broker->core()->store()); 265 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, 266 broker->core()->store()->status()); 267 EXPECT_TRUE(broker->core()->store()->policy_map().empty()); 268 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 269} 270 271TEST_F(DeviceLocalAccountPolicyServiceTest, LoadPolicy) { 272 InstallDeviceLocalAccountPolicy(kAccount1); 273 AddDeviceLocalAccountToPolicy(kAccount1); 274 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 275 InstallDevicePolicy(); 276 277 DeviceLocalAccountPolicyBroker* broker = 278 service_->GetBrokerForUser(account_1_user_id_); 279 ASSERT_TRUE(broker); 280 EXPECT_EQ(account_1_user_id_, broker->user_id()); 281 ASSERT_TRUE(broker->core()->store()); 282 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 283 ASSERT_TRUE(broker->core()->store()->policy()); 284 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 285 broker->core()->store()->policy()->SerializeAsString()); 286 EXPECT_TRUE(expected_policy_map_.Equals( 287 broker->core()->store()->policy_map())); 288 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 289} 290 291TEST_F(DeviceLocalAccountPolicyServiceTest, StoreValidationFailure) { 292 AddDeviceLocalAccountToPolicy(kAccount1); 293 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 294 InstallDevicePolicy(); 295 Mock::VerifyAndClearExpectations(&service_observer_); 296 297 DeviceLocalAccountPolicyBroker* broker = 298 service_->GetBrokerForUser(account_1_user_id_); 299 ASSERT_TRUE(broker); 300 EXPECT_EQ(account_1_user_id_, broker->user_id()); 301 ASSERT_TRUE(broker->core()->store()); 302 303 device_local_account_policy_.policy_data().set_policy_type( 304 dm_protocol::kChromeUserPolicyType); 305 device_local_account_policy_.Build(); 306 broker->core()->store()->Store(device_local_account_policy_.policy()); 307 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 308 FlushDeviceSettings(); 309 310 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, 311 broker->core()->store()->status()); 312 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE, 313 broker->core()->store()->validation_status()); 314 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 315} 316 317TEST_F(DeviceLocalAccountPolicyServiceTest, StorePolicy) { 318 AddDeviceLocalAccountToPolicy(kAccount1); 319 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 320 InstallDevicePolicy(); 321 Mock::VerifyAndClearExpectations(&service_observer_); 322 323 DeviceLocalAccountPolicyBroker* broker = 324 service_->GetBrokerForUser(account_1_user_id_); 325 ASSERT_TRUE(broker); 326 EXPECT_EQ(account_1_user_id_, broker->user_id()); 327 ASSERT_TRUE(broker->core()->store()); 328 329 device_local_account_policy_.policy_data().set_settings_entity_id(kAccount1); 330 device_local_account_policy_.policy_data().set_username(kAccount1); 331 device_local_account_policy_.Build(); 332 broker->core()->store()->Store(device_local_account_policy_.policy()); 333 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 334 FlushDeviceSettings(); 335 336 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 337 ASSERT_TRUE(broker->core()->store()->policy()); 338 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 339 broker->core()->store()->policy()->SerializeAsString()); 340 EXPECT_TRUE(expected_policy_map_.Equals( 341 broker->core()->store()->policy_map())); 342 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 343} 344 345TEST_F(DeviceLocalAccountPolicyServiceTest, DevicePolicyChange) { 346 InstallDeviceLocalAccountPolicy(kAccount1); 347 AddDeviceLocalAccountToPolicy(kAccount1); 348 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 349 InstallDevicePolicy(); 350 351 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 352 InstallDevicePolicy(); 353 354 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_)); 355} 356 357TEST_F(DeviceLocalAccountPolicyServiceTest, DuplicateAccounts) { 358 InstallDeviceLocalAccountPolicy(kAccount1); 359 AddDeviceLocalAccountToPolicy(kAccount1); 360 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 361 InstallDevicePolicy(); 362 Mock::VerifyAndClearExpectations(&service_observer_); 363 364 // Add a second entry with a duplicate account name to device policy. 365 AddDeviceLocalAccountToPolicy(kAccount1); 366 InstallDevicePolicy(); 367 368 // Make sure the broker is accessible and policy got loaded. 369 DeviceLocalAccountPolicyBroker* broker = 370 service_->GetBrokerForUser(account_1_user_id_); 371 ASSERT_TRUE(broker); 372 EXPECT_EQ(account_1_user_id_, broker->user_id()); 373 ASSERT_TRUE(broker->core()->store()); 374 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 375 ASSERT_TRUE(broker->core()->store()->policy()); 376 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 377 broker->core()->store()->policy()->SerializeAsString()); 378 EXPECT_TRUE(expected_policy_map_.Equals( 379 broker->core()->store()->policy_map())); 380 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 381} 382 383TEST_F(DeviceLocalAccountPolicyServiceTest, FetchPolicy) { 384 InstallDeviceLocalAccountPolicy(kAccount1); 385 AddDeviceLocalAccountToPolicy(kAccount1); 386 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 387 InstallDevicePolicy(); 388 389 DeviceLocalAccountPolicyBroker* broker = 390 service_->GetBrokerForUser(account_1_user_id_); 391 ASSERT_TRUE(broker); 392 393 service_->Connect(&mock_device_management_service_); 394 EXPECT_TRUE(broker->core()->client()); 395 396 em::DeviceManagementRequest request; 397 em::DeviceManagementResponse response; 398 response.mutable_policy_response()->add_response()->CopyFrom( 399 device_local_account_policy_.policy()); 400 EXPECT_CALL(mock_device_management_service_, 401 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH, _)) 402 .WillOnce(mock_device_management_service_.SucceedJob(response)); 403 EXPECT_CALL(mock_device_management_service_, 404 StartJob(dm_protocol::kValueRequestPolicy, 405 std::string(), std::string(), 406 device_policy_.policy_data().request_token(), 407 dm_protocol::kValueUserAffiliationManaged, 408 device_policy_.policy_data().device_id(), 409 _)) 410 .WillOnce(SaveArg<6>(&request)); 411 // This will be called twice, because the ComponentCloudPolicyService will 412 // also become ready after flushing all the pending tasks. 413 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)).Times(2); 414 broker->core()->client()->FetchPolicy(); 415 FlushDeviceSettings(); 416 Mock::VerifyAndClearExpectations(&service_observer_); 417 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 418 EXPECT_TRUE(request.has_policy_request()); 419 ASSERT_EQ(2, request.policy_request().request_size()); 420 421 const em::PolicyFetchRequest* public_account = 422 &request.policy_request().request(0); 423 const em::PolicyFetchRequest* extensions = 424 &request.policy_request().request(1); 425 // The order is not guarateed. 426 if (extensions->policy_type() == 427 dm_protocol::kChromePublicAccountPolicyType) { 428 std::swap(public_account, extensions); 429 } 430 431 EXPECT_EQ(dm_protocol::kChromePublicAccountPolicyType, 432 public_account->policy_type()); 433 EXPECT_FALSE(public_account->has_machine_id()); 434 EXPECT_EQ(kAccount1, public_account->settings_entity_id()); 435 436 EXPECT_EQ(dm_protocol::kChromeExtensionPolicyType, 437 extensions->policy_type()); 438 EXPECT_FALSE(extensions->has_machine_id()); 439 EXPECT_FALSE(extensions->has_settings_entity_id()); 440 441 ASSERT_TRUE(broker->core()->store()); 442 EXPECT_EQ(CloudPolicyStore::STATUS_OK, 443 broker->core()->store()->status()); 444 ASSERT_TRUE(broker->core()->store()->policy()); 445 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 446 broker->core()->store()->policy()->SerializeAsString()); 447 EXPECT_TRUE(expected_policy_map_.Equals( 448 broker->core()->store()->policy_map())); 449 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 450} 451 452TEST_F(DeviceLocalAccountPolicyServiceTest, RefreshPolicy) { 453 InstallDeviceLocalAccountPolicy(kAccount1); 454 AddDeviceLocalAccountToPolicy(kAccount1); 455 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 456 InstallDevicePolicy(); 457 458 DeviceLocalAccountPolicyBroker* broker = 459 service_->GetBrokerForUser(account_1_user_id_); 460 ASSERT_TRUE(broker); 461 462 service_->Connect(&mock_device_management_service_); 463 ASSERT_TRUE(broker->core()->service()); 464 465 em::DeviceManagementResponse response; 466 response.mutable_policy_response()->add_response()->CopyFrom( 467 device_local_account_policy_.policy()); 468 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _)) 469 .WillOnce(mock_device_management_service_.SucceedJob(response)); 470 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)); 471 EXPECT_CALL(*this, OnRefreshDone(true)).Times(1); 472 // This will be called twice, because the ComponentCloudPolicyService will 473 // also become ready after flushing all the pending tasks. 474 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)).Times(2); 475 broker->core()->service()->RefreshPolicy( 476 base::Bind(&DeviceLocalAccountPolicyServiceTest::OnRefreshDone, 477 base::Unretained(this))); 478 FlushDeviceSettings(); 479 Mock::VerifyAndClearExpectations(&service_observer_); 480 Mock::VerifyAndClearExpectations(this); 481 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 482 483 ASSERT_TRUE(broker->core()->store()); 484 EXPECT_EQ(CloudPolicyStore::STATUS_OK, 485 broker->core()->store()->status()); 486 EXPECT_TRUE(expected_policy_map_.Equals( 487 broker->core()->store()->policy_map())); 488 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 489} 490 491class DeviceLocalAccountPolicyExtensionCacheTest 492 : public DeviceLocalAccountPolicyServiceTestBase { 493 protected: 494 DeviceLocalAccountPolicyExtensionCacheTest(); 495 496 virtual void SetUp() OVERRIDE; 497 498 base::FilePath GetCacheDirectoryForAccountID(const std::string& account_id); 499 500 base::ScopedTempDir cache_root_dir_; 501 scoped_ptr<base::ScopedPathOverride> cache_root_dir_override_; 502 503 base::FilePath cache_dir_1_; 504 base::FilePath cache_dir_2_; 505 base::FilePath cache_dir_3_; 506 507 private: 508 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyExtensionCacheTest); 509}; 510 511DeviceLocalAccountPolicyExtensionCacheTest:: 512 DeviceLocalAccountPolicyExtensionCacheTest() { 513} 514 515void DeviceLocalAccountPolicyExtensionCacheTest::SetUp() { 516 DeviceLocalAccountPolicyServiceTestBase::SetUp(); 517 ASSERT_TRUE(cache_root_dir_.CreateUniqueTempDir()); 518 cache_root_dir_override_.reset(new base::ScopedPathOverride( 519 chromeos::DIR_DEVICE_LOCAL_ACCOUNT_EXTENSIONS, 520 cache_root_dir_.path())); 521 522 cache_dir_1_ = GetCacheDirectoryForAccountID(kAccount1); 523 cache_dir_2_ = GetCacheDirectoryForAccountID(kAccount2); 524 cache_dir_3_ = GetCacheDirectoryForAccountID(kAccount3); 525 526 em::StringList* forcelist = device_local_account_policy_.payload() 527 .mutable_extensioninstallforcelist()->mutable_value(); 528 forcelist->add_entries(base::StringPrintf("%s;%s", kExtensionID, kUpdateURL)); 529} 530 531base::FilePath DeviceLocalAccountPolicyExtensionCacheTest:: 532 GetCacheDirectoryForAccountID(const std::string& account_id) { 533 return cache_root_dir_.path().Append(base::HexEncode(account_id.c_str(), 534 account_id.size())); 535} 536 537// Verifies that during startup, orphaned cache directories are deleted, 538// cache directories belonging to an existing account are preserved and missing 539// cache directories are created. Also verifies that when startup is complete, 540// the caches for all existing accounts are running. 541TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, Startup) { 542 base::FilePath test_data_dir; 543 ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &test_data_dir)); 544 const base::FilePath source_crx_file = 545 test_data_dir.Append(kExtensionCRXPath); 546 const std::string target_crx_file_name = 547 base::StringPrintf("%s-%s.crx", kExtensionID, kExtensionVersion); 548 549 // Create and pre-populate a cache directory for account 1. 550 EXPECT_TRUE(base::CreateDirectory(cache_dir_1_)); 551 EXPECT_TRUE(CopyFile(source_crx_file, 552 cache_dir_1_.Append(target_crx_file_name))); 553 554 // Create and pre-populate a cache directory for account 3. 555 EXPECT_TRUE(base::CreateDirectory(cache_dir_3_)); 556 EXPECT_TRUE(CopyFile(source_crx_file, 557 cache_dir_3_.Append(target_crx_file_name))); 558 559 // Add accounts 1 and 2 to device policy. 560 InstallDeviceLocalAccountPolicy(kAccount1); 561 InstallDeviceLocalAccountPolicy(kAccount2); 562 AddDeviceLocalAccountToPolicy(kAccount1); 563 AddDeviceLocalAccountToPolicy(kAccount2); 564 InstallDevicePolicy(); 565 566 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 567 // deletion of orphaned cache directories. 568 CreatePolicyService(); 569 FlushDeviceSettings(); 570 extension_cache_task_runner_->RunUntilIdle(); 571 572 // Verify that the cache directory for account 1 and its contents still exist. 573 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_)); 574 EXPECT_TRUE(ContentsEqual(source_crx_file, 575 cache_dir_1_.Append(target_crx_file_name))); 576 577 // Verify that a cache directory for account 2 was created. 578 EXPECT_TRUE(base::DirectoryExists(cache_dir_2_)); 579 580 // Verify that the cache directory for account 3 was deleted. 581 EXPECT_FALSE(base::DirectoryExists(cache_dir_3_)); 582 583 // Verify that the cache for account 1 has been started. 584 DeviceLocalAccountPolicyBroker* broker = 585 service_->GetBrokerForUser(account_1_user_id_); 586 ASSERT_TRUE(broker); 587 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 588 589 // Verify that the cache for account 2 has been started. 590 broker = service_->GetBrokerForUser(account_2_user_id_); 591 ASSERT_TRUE(broker); 592 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 593} 594 595// Verifies that while the deletion of orphaned cache directories is in 596// progress, the caches for accounts which existed before the deletion started 597// are running but caches for newly added accounts are not started. 598TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstOrphanDeletion) { 599 // Add account 1 to device policy. 600 InstallDeviceLocalAccountPolicy(kAccount1); 601 AddDeviceLocalAccountToPolicy(kAccount1); 602 InstallDevicePolicy(); 603 604 // Create the DeviceLocalAccountPolicyService, triggering the deletion of 605 // orphaned cache directories. 606 CreatePolicyService(); 607 FlushDeviceSettings(); 608 609 // Verify that the cache for account 1 has been started as it is unaffected by 610 // the orphan deletion. 611 DeviceLocalAccountPolicyBroker* broker = 612 service_->GetBrokerForUser(account_1_user_id_); 613 ASSERT_TRUE(broker); 614 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 615 616 // Add account 2 to device policy. 617 InstallDeviceLocalAccountPolicy(kAccount2); 618 AddDeviceLocalAccountToPolicy(kAccount2); 619 InstallDevicePolicy(); 620 621 // Verify that the cache for account 2 has not been started yet as the orphan 622 // deletion is still in progress. 623 broker = service_->GetBrokerForUser(account_2_user_id_); 624 ASSERT_TRUE(broker); 625 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning()); 626 627 // Allow the orphan deletion to finish. 628 extension_cache_task_runner_->RunUntilIdle(); 629 base::RunLoop().RunUntilIdle(); 630 631 // Verify that the cache for account 2 has been started. 632 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 633} 634 635// Verifies that while the shutdown of a cache is in progress, no new cache is 636// started if an account with the same ID is re-added. 637TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstCacheShutdown) { 638 // Add account 1 to device policy. 639 InstallDeviceLocalAccountPolicy(kAccount1); 640 AddDeviceLocalAccountToPolicy(kAccount1); 641 InstallDevicePolicy(); 642 643 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 644 // deletion of orphaned cache directories. 645 CreatePolicyService(); 646 FlushDeviceSettings(); 647 extension_cache_task_runner_->RunUntilIdle(); 648 649 // Remove account 1 from device policy, triggering a shutdown of its cache. 650 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 651 InstallDevicePolicy(); 652 653 // Re-add account 1 to device policy. 654 AddDeviceLocalAccountToPolicy(kAccount1); 655 InstallDevicePolicy(); 656 657 // Verify that the cache for account 1 has not been started yet as the 658 // shutdown of a previous cache for this account ID is still in progress. 659 DeviceLocalAccountPolicyBroker* broker = 660 service_->GetBrokerForUser(account_1_user_id_); 661 ASSERT_TRUE(broker); 662 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning()); 663 664 // Allow the cache shutdown to finish. 665 extension_cache_task_runner_->RunUntilIdle(); 666 base::RunLoop().RunUntilIdle(); 667 668 // Verify that the cache directory for account 1 still exists. 669 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_)); 670 671 // Verify that the cache for account 1 has been started, reusing the existing 672 // cache directory. 673 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 674} 675 676// Verifies that while the deletion of an obsolete cache directory is in 677// progress, no new cache is started if an account with the same ID is re-added. 678TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, 679 RaceAgainstObsoleteDeletion) { 680 // Add account 1 to device policy. 681 InstallDeviceLocalAccountPolicy(kAccount1); 682 AddDeviceLocalAccountToPolicy(kAccount1); 683 InstallDevicePolicy(); 684 685 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 686 // deletion of orphaned cache directories. 687 CreatePolicyService(); 688 FlushDeviceSettings(); 689 extension_cache_task_runner_->RunUntilIdle(); 690 691 // Remove account 1 from device policy, allowing the shutdown of its cache to 692 // finish and the deletion of its now obsolete cache directory to begin. 693 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 694 InstallDevicePolicy(); 695 extension_cache_task_runner_->RunUntilIdle(); 696 base::RunLoop().RunUntilIdle(); 697 698 // Re-add account 1 to device policy. 699 AddDeviceLocalAccountToPolicy(kAccount1); 700 InstallDevicePolicy(); 701 702 // Verify that the cache for account 1 has not been started yet as the 703 // deletion of the cache directory for this account ID is still in progress. 704 DeviceLocalAccountPolicyBroker* broker = 705 service_->GetBrokerForUser(account_1_user_id_); 706 ASSERT_TRUE(broker); 707 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning()); 708 709 // Allow the deletion to finish. 710 extension_cache_task_runner_->RunUntilIdle(); 711 base::RunLoop().RunUntilIdle(); 712 713 // Verify that the cache directory for account 1 was deleted. 714 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_)); 715 716 // Verify that the cache for account 1 has been started. 717 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 718} 719 720// Verifies that when an account is added and no deletion of cache directories 721// affecting this account is in progress, its cache is started immediately. 722TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, AddAccount) { 723 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 724 // deletion of orphaned cache directories. 725 InstallDevicePolicy(); 726 CreatePolicyService(); 727 FlushDeviceSettings(); 728 extension_cache_task_runner_->RunUntilIdle(); 729 730 // Add account 1 to device policy. 731 InstallDeviceLocalAccountPolicy(kAccount1); 732 AddDeviceLocalAccountToPolicy(kAccount1); 733 InstallDevicePolicy(); 734 735 // Verify that the cache for account 1 has been started. 736 DeviceLocalAccountPolicyBroker* broker = 737 service_->GetBrokerForUser(account_1_user_id_); 738 ASSERT_TRUE(broker); 739 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 740} 741 742// Verifies that when an account is removed, its cache directory is deleted. 743TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RemoveAccount) { 744 // Add account 1 to device policy. 745 InstallDeviceLocalAccountPolicy(kAccount1); 746 AddDeviceLocalAccountToPolicy(kAccount1); 747 InstallDevicePolicy(); 748 749 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 750 // deletion of orphaned cache directories. 751 CreatePolicyService(); 752 FlushDeviceSettings(); 753 extension_cache_task_runner_->RunUntilIdle(); 754 755 // Verify that a cache directory has been created for account 1. 756 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_)); 757 758 // Remove account 1 from device policy, allowing the deletion of its now 759 // obsolete cache directory to finish. 760 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 761 InstallDevicePolicy(); 762 extension_cache_task_runner_->RunUntilIdle(); 763 base::RunLoop().RunUntilIdle(); 764 extension_cache_task_runner_->RunUntilIdle(); 765 766 // Verify that the cache directory for account 1 was deleted. 767 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_)); 768} 769 770class DeviceLocalAccountPolicyProviderTest 771 : public DeviceLocalAccountPolicyServiceTestBase { 772 protected: 773 DeviceLocalAccountPolicyProviderTest(); 774 775 virtual void SetUp() OVERRIDE; 776 virtual void TearDown() OVERRIDE; 777 778 SchemaRegistry schema_registry_; 779 scoped_ptr<DeviceLocalAccountPolicyProvider> provider_; 780 MockConfigurationPolicyObserver provider_observer_; 781 782 private: 783 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyProviderTest); 784}; 785 786DeviceLocalAccountPolicyProviderTest::DeviceLocalAccountPolicyProviderTest() { 787 CreatePolicyService(); 788 provider_ = DeviceLocalAccountPolicyProvider::Create( 789 GenerateDeviceLocalAccountUserId(kAccount1, 790 DeviceLocalAccount::TYPE_PUBLIC_SESSION), 791 service_.get()); 792} 793 794void DeviceLocalAccountPolicyProviderTest::SetUp() { 795 DeviceLocalAccountPolicyServiceTestBase::SetUp(); 796 provider_->Init(&schema_registry_); 797 provider_->AddObserver(&provider_observer_); 798 799 // Values implicitly enforced for public accounts. 800 expected_policy_map_.Set(key::kLidCloseAction, 801 POLICY_LEVEL_MANDATORY, 802 POLICY_SCOPE_MACHINE, 803 new base::FundamentalValue( 804 chromeos::PowerPolicyController:: 805 ACTION_STOP_SESSION), 806 NULL); 807 expected_policy_map_.Set(key::kShelfAutoHideBehavior, 808 POLICY_LEVEL_MANDATORY, 809 POLICY_SCOPE_MACHINE, 810 new base::StringValue("Never"), 811 NULL); 812 expected_policy_map_.Set(key::kShowLogoutButtonInTray, 813 POLICY_LEVEL_MANDATORY, 814 POLICY_SCOPE_MACHINE, 815 new base::FundamentalValue(true), 816 NULL); 817 expected_policy_map_.Set(key::kFullscreenAllowed, 818 POLICY_LEVEL_MANDATORY, 819 POLICY_SCOPE_MACHINE, 820 new base::FundamentalValue(false), 821 NULL); 822} 823 824void DeviceLocalAccountPolicyProviderTest::TearDown() { 825 provider_->RemoveObserver(&provider_observer_); 826 provider_->Shutdown(); 827 provider_.reset(); 828 DeviceLocalAccountPolicyServiceTestBase::TearDown(); 829} 830 831TEST_F(DeviceLocalAccountPolicyProviderTest, Initialization) { 832 EXPECT_FALSE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); 833 834 // Policy change should complete initialization. 835 InstallDeviceLocalAccountPolicy(kAccount1); 836 AddDeviceLocalAccountToPolicy(kAccount1); 837 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 838 .Times(AtLeast(1)); 839 InstallDevicePolicy(); 840 Mock::VerifyAndClearExpectations(&provider_observer_); 841 842 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); 843 844 // The account disappearing should *not* flip the initialization flag back. 845 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 846 .Times(AnyNumber()); 847 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 848 InstallDevicePolicy(); 849 Mock::VerifyAndClearExpectations(&provider_observer_); 850 851 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); 852} 853 854TEST_F(DeviceLocalAccountPolicyProviderTest, Policy) { 855 // Policy should load successfully. 856 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 857 .Times(AtLeast(1)); 858 InstallDeviceLocalAccountPolicy(kAccount1); 859 AddDeviceLocalAccountToPolicy(kAccount1); 860 InstallDevicePolicy(); 861 Mock::VerifyAndClearExpectations(&provider_observer_); 862 863 PolicyBundle expected_policy_bundle; 864 expected_policy_bundle.Get(PolicyNamespace( 865 POLICY_DOMAIN_CHROME, std::string())).CopyFrom(expected_policy_map_); 866 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies())); 867 868 // Policy change should be reported. 869 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 870 .Times(AtLeast(1)); 871 device_local_account_policy_.payload().mutable_disablespdy()->set_value( 872 false); 873 InstallDeviceLocalAccountPolicy(kAccount1); 874 DeviceLocalAccountPolicyBroker* broker = 875 service_->GetBrokerForUser(account_1_user_id_); 876 ASSERT_TRUE(broker); 877 broker->core()->store()->Load(); 878 FlushDeviceSettings(); 879 Mock::VerifyAndClearExpectations(&provider_observer_); 880 881 expected_policy_bundle.Get( 882 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())) 883 .Set(key::kDisableSpdy, 884 POLICY_LEVEL_MANDATORY, 885 POLICY_SCOPE_USER, 886 new base::FundamentalValue(false), 887 NULL); 888 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies())); 889 890 // Any values set for the |ShelfAutoHideBehavior|, |ShowLogoutButtonInTray| 891 // and |ExtensionAllowedTypes| policies should be overridden. 892 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 893 .Times(AtLeast(1)); 894 device_local_account_policy_.payload().mutable_shelfautohidebehavior()-> 895 set_value("Always"); 896 device_local_account_policy_.payload().mutable_showlogoutbuttonintray()-> 897 set_value(false); 898 InstallDeviceLocalAccountPolicy(kAccount1); 899 broker->core()->store()->Load(); 900 FlushDeviceSettings(); 901 Mock::VerifyAndClearExpectations(&provider_observer_); 902 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies())); 903 904 // Account disappears, policy should stay in effect. 905 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 906 .Times(AnyNumber()); 907 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 908 InstallDevicePolicy(); 909 Mock::VerifyAndClearExpectations(&provider_observer_); 910 911 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies())); 912} 913 914TEST_F(DeviceLocalAccountPolicyProviderTest, RefreshPolicies) { 915 // If there's no device policy, the refresh completes immediately. 916 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_)); 917 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 918 .Times(AtLeast(1)); 919 provider_->RefreshPolicies(); 920 Mock::VerifyAndClearExpectations(&provider_observer_); 921 922 // Make device settings appear. 923 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 924 .Times(AnyNumber()); 925 AddDeviceLocalAccountToPolicy(kAccount1); 926 InstallDevicePolicy(); 927 EXPECT_TRUE(service_->GetBrokerForUser(account_1_user_id_)); 928 929 // If there's no cloud connection, refreshes are still immediate. 930 DeviceLocalAccountPolicyBroker* broker = 931 service_->GetBrokerForUser(account_1_user_id_); 932 ASSERT_TRUE(broker); 933 EXPECT_FALSE(broker->core()->client()); 934 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 935 .Times(AtLeast(1)); 936 provider_->RefreshPolicies(); 937 Mock::VerifyAndClearExpectations(&provider_observer_); 938 939 // Bring up the cloud connection. The refresh scheduler may fire refreshes at 940 // this point which are not relevant for the test. 941 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _)) 942 .WillRepeatedly( 943 mock_device_management_service_.FailJob(DM_STATUS_REQUEST_FAILED)); 944 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)) 945 .Times(AnyNumber()); 946 service_->Connect(&mock_device_management_service_); 947 FlushDeviceSettings(); 948 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 949 950 // No callbacks until the refresh completes. 951 EXPECT_CALL(provider_observer_, OnUpdatePolicy(_)).Times(0); 952 MockDeviceManagementJob* request_job; 953 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _)) 954 .WillOnce(mock_device_management_service_.CreateAsyncJob(&request_job)); 955 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)); 956 provider_->RefreshPolicies(); 957 ReloadDeviceSettings(); 958 Mock::VerifyAndClearExpectations(&provider_observer_); 959 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 960 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); 961 962 // When the response comes in, it should propagate and fire the notification. 963 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 964 .Times(AtLeast(1)); 965 ASSERT_TRUE(request_job); 966 em::DeviceManagementResponse response; 967 device_local_account_policy_.Build(); 968 response.mutable_policy_response()->add_response()->CopyFrom( 969 device_local_account_policy_.policy()); 970 request_job->SendResponse(DM_STATUS_SUCCESS, response); 971 FlushDeviceSettings(); 972 Mock::VerifyAndClearExpectations(&provider_observer_); 973} 974 975} // namespace policy 976