device_local_account_policy_service_unittest.cc revision 6d86b77056ed63eb6871182f42a9fd5f07550f90
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" 6 7#include "base/bind.h" 8#include "base/bind_helpers.h" 9#include "base/callback.h" 10#include "base/file_util.h" 11#include "base/files/file_path.h" 12#include "base/files/scoped_temp_dir.h" 13#include "base/message_loop/message_loop.h" 14#include "base/message_loop/message_loop_proxy.h" 15#include "base/path_service.h" 16#include "base/run_loop.h" 17#include "base/strings/string_number_conversions.h" 18#include "base/strings/stringprintf.h" 19#include "base/test/scoped_path_override.h" 20#include "base/test/test_simple_task_runner.h" 21#include "chrome/browser/chromeos/policy/device_local_account.h" 22#include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h" 23#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" 24#include "chrome/browser/chromeos/settings/cros_settings.h" 25#include "chrome/browser/chromeos/settings/device_settings_service.h" 26#include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 27#include "chrome/common/chrome_paths.h" 28#include "chromeos/chromeos_paths.h" 29#include "chromeos/dbus/power_policy_controller.h" 30#include "components/policy/core/common/cloud/cloud_policy_client.h" 31#include "components/policy/core/common/cloud/cloud_policy_constants.h" 32#include "components/policy/core/common/cloud/cloud_policy_service.h" 33#include "components/policy/core/common/cloud/mock_device_management_service.h" 34#include "components/policy/core/common/cloud/policy_builder.h" 35#include "components/policy/core/common/external_data_fetcher.h" 36#include "components/policy/core/common/mock_configuration_policy_provider.h" 37#include "components/policy/core/common/policy_bundle.h" 38#include "components/policy/core/common/policy_map.h" 39#include "components/policy/core/common/schema_registry.h" 40#include "net/url_request/url_request_context_getter.h" 41#include "net/url_request/url_request_test_util.h" 42#include "policy/policy_constants.h" 43#include "policy/proto/cloud_policy.pb.h" 44#include "testing/gtest/include/gtest/gtest.h" 45 46using testing::AnyNumber; 47using testing::AtLeast; 48using testing::Mock; 49using testing::SaveArg; 50using testing::_; 51 52namespace em = enterprise_management; 53 54namespace policy { 55 56namespace { 57 58const char kAccount1[] = "account1@localhost"; 59const char kAccount2[] = "account2@localhost"; 60const char kAccount3[] = "account3@localhost"; 61 62const char kExtensionID[] = "kbmnembihfiondgfjekmnmcbddelicoi"; 63const char kExtensionVersion[] = "1.0.0.0"; 64const char kExtensionCRXPath[] = "extensions/hosted_app.crx"; 65const char kUpdateURL[] = "https://clients2.google.com/service/update2/crx"; 66 67} // namespace 68 69class MockDeviceLocalAccountPolicyServiceObserver 70 : public DeviceLocalAccountPolicyService::Observer { 71 public: 72 MOCK_METHOD1(OnPolicyUpdated, void(const std::string&)); 73 MOCK_METHOD0(OnDeviceLocalAccountsChanged, void(void)); 74}; 75 76class DeviceLocalAccountPolicyServiceTestBase 77 : public chromeos::DeviceSettingsTestBase { 78 public: 79 DeviceLocalAccountPolicyServiceTestBase(); 80 81 virtual void SetUp() OVERRIDE; 82 virtual void TearDown() OVERRIDE; 83 84 void CreatePolicyService(); 85 86 void InstallDeviceLocalAccountPolicy(const std::string& account_id); 87 void AddDeviceLocalAccountToPolicy(const std::string& account_id); 88 virtual void InstallDevicePolicy(); 89 90 const std::string account_1_user_id_; 91 const std::string account_2_user_id_; 92 93 PolicyMap expected_policy_map_; 94 UserPolicyBuilder device_local_account_policy_; 95 chromeos::CrosSettings cros_settings_; 96 scoped_refptr<base::TestSimpleTaskRunner> extension_cache_task_runner_; 97 MockDeviceManagementService mock_device_management_service_; 98 scoped_ptr<DeviceLocalAccountPolicyService> service_; 99 100 private: 101 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTestBase); 102}; 103 104class DeviceLocalAccountPolicyServiceTest 105 : public DeviceLocalAccountPolicyServiceTestBase { 106 public: 107 MOCK_METHOD1(OnRefreshDone, void(bool)); 108 109 protected: 110 DeviceLocalAccountPolicyServiceTest(); 111 112 virtual void SetUp() OVERRIDE; 113 virtual void TearDown() OVERRIDE; 114 115 void InstallDevicePolicy() OVERRIDE; 116 117 MockDeviceLocalAccountPolicyServiceObserver service_observer_; 118 119 private: 120 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTest); 121}; 122 123DeviceLocalAccountPolicyServiceTestBase:: 124 DeviceLocalAccountPolicyServiceTestBase() 125 : account_1_user_id_(GenerateDeviceLocalAccountUserId( 126 kAccount1, 127 DeviceLocalAccount::TYPE_PUBLIC_SESSION)), 128 account_2_user_id_(GenerateDeviceLocalAccountUserId( 129 kAccount2, 130 DeviceLocalAccount::TYPE_PUBLIC_SESSION)), 131 cros_settings_(&device_settings_service_), 132 extension_cache_task_runner_(new base::TestSimpleTaskRunner) { 133} 134 135void DeviceLocalAccountPolicyServiceTestBase::SetUp() { 136 chromeos::DeviceSettingsTestBase::SetUp(); 137 138 expected_policy_map_.Set(key::kDisableSpdy, 139 POLICY_LEVEL_MANDATORY, 140 POLICY_SCOPE_USER, 141 new base::FundamentalValue(true), 142 NULL); 143 144 device_local_account_policy_.payload().mutable_disablespdy()->set_value( 145 true); 146 device_local_account_policy_.policy_data().set_policy_type( 147 dm_protocol::kChromePublicAccountPolicyType); 148} 149 150void DeviceLocalAccountPolicyServiceTestBase::TearDown() { 151 service_->Shutdown(); 152 service_.reset(); 153 extension_cache_task_runner_->RunUntilIdle(); 154 chromeos::DeviceSettingsTestBase::TearDown(); 155} 156 157void DeviceLocalAccountPolicyServiceTestBase::CreatePolicyService() { 158 service_.reset(new DeviceLocalAccountPolicyService( 159 &device_settings_test_helper_, 160 &device_settings_service_, 161 &cros_settings_, 162 base::MessageLoopProxy::current(), 163 extension_cache_task_runner_, 164 base::MessageLoopProxy::current(), 165 base::MessageLoopProxy::current(), 166 new net::TestURLRequestContextGetter(base::MessageLoopProxy::current()))); 167} 168 169void DeviceLocalAccountPolicyServiceTestBase:: 170 InstallDeviceLocalAccountPolicy(const std::string& account_id) { 171 device_local_account_policy_.policy_data().set_settings_entity_id(account_id); 172 device_local_account_policy_.policy_data().set_username(account_id); 173 device_local_account_policy_.Build(); 174 device_settings_test_helper_.set_device_local_account_policy_blob( 175 account_id, device_local_account_policy_.GetBlob()); 176} 177 178void DeviceLocalAccountPolicyServiceTestBase::AddDeviceLocalAccountToPolicy( 179 const std::string& account_id) { 180 em::DeviceLocalAccountInfoProto* account = 181 device_policy_.payload().mutable_device_local_accounts()->add_account(); 182 account->set_account_id(account_id); 183 account->set_type( 184 em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION); 185} 186 187void DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy() { 188 device_policy_.Build(); 189 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 190 ReloadDeviceSettings(); 191} 192 193DeviceLocalAccountPolicyServiceTest::DeviceLocalAccountPolicyServiceTest() { 194 CreatePolicyService(); 195} 196 197void DeviceLocalAccountPolicyServiceTest::SetUp() { 198 DeviceLocalAccountPolicyServiceTestBase::SetUp(); 199 service_->AddObserver(&service_observer_); 200} 201 202void DeviceLocalAccountPolicyServiceTest::TearDown() { 203 service_->RemoveObserver(&service_observer_); 204 DeviceLocalAccountPolicyServiceTestBase::TearDown(); 205} 206 207void DeviceLocalAccountPolicyServiceTest::InstallDevicePolicy() { 208 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged()); 209 DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy(); 210 Mock::VerifyAndClearExpectations(&service_observer_); 211} 212 213TEST_F(DeviceLocalAccountPolicyServiceTest, NoAccounts) { 214 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_)); 215} 216 217TEST_F(DeviceLocalAccountPolicyServiceTest, GetBroker) { 218 InstallDeviceLocalAccountPolicy(kAccount1); 219 AddDeviceLocalAccountToPolicy(kAccount1); 220 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 221 InstallDevicePolicy(); 222 223 DeviceLocalAccountPolicyBroker* broker = 224 service_->GetBrokerForUser(account_1_user_id_); 225 ASSERT_TRUE(broker); 226 EXPECT_EQ(account_1_user_id_, broker->user_id()); 227 ASSERT_TRUE(broker->core()->store()); 228 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 229 EXPECT_FALSE(broker->core()->client()); 230 EXPECT_FALSE(broker->core()->store()->policy_map().empty()); 231} 232 233TEST_F(DeviceLocalAccountPolicyServiceTest, LoadNoPolicy) { 234 AddDeviceLocalAccountToPolicy(kAccount1); 235 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 236 InstallDevicePolicy(); 237 238 DeviceLocalAccountPolicyBroker* broker = 239 service_->GetBrokerForUser(account_1_user_id_); 240 ASSERT_TRUE(broker); 241 EXPECT_EQ(account_1_user_id_, broker->user_id()); 242 ASSERT_TRUE(broker->core()->store()); 243 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, 244 broker->core()->store()->status()); 245 EXPECT_TRUE(broker->core()->store()->policy_map().empty()); 246 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 247} 248 249TEST_F(DeviceLocalAccountPolicyServiceTest, LoadValidationFailure) { 250 device_local_account_policy_.policy_data().set_policy_type( 251 dm_protocol::kChromeUserPolicyType); 252 InstallDeviceLocalAccountPolicy(kAccount1); 253 AddDeviceLocalAccountToPolicy(kAccount1); 254 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 255 InstallDevicePolicy(); 256 257 DeviceLocalAccountPolicyBroker* broker = 258 service_->GetBrokerForUser(account_1_user_id_); 259 ASSERT_TRUE(broker); 260 EXPECT_EQ(account_1_user_id_, broker->user_id()); 261 ASSERT_TRUE(broker->core()->store()); 262 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, 263 broker->core()->store()->status()); 264 EXPECT_TRUE(broker->core()->store()->policy_map().empty()); 265 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 266} 267 268TEST_F(DeviceLocalAccountPolicyServiceTest, LoadPolicy) { 269 InstallDeviceLocalAccountPolicy(kAccount1); 270 AddDeviceLocalAccountToPolicy(kAccount1); 271 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 272 InstallDevicePolicy(); 273 274 DeviceLocalAccountPolicyBroker* broker = 275 service_->GetBrokerForUser(account_1_user_id_); 276 ASSERT_TRUE(broker); 277 EXPECT_EQ(account_1_user_id_, broker->user_id()); 278 ASSERT_TRUE(broker->core()->store()); 279 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 280 ASSERT_TRUE(broker->core()->store()->policy()); 281 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 282 broker->core()->store()->policy()->SerializeAsString()); 283 EXPECT_TRUE(expected_policy_map_.Equals( 284 broker->core()->store()->policy_map())); 285 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 286} 287 288TEST_F(DeviceLocalAccountPolicyServiceTest, StoreValidationFailure) { 289 AddDeviceLocalAccountToPolicy(kAccount1); 290 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 291 InstallDevicePolicy(); 292 Mock::VerifyAndClearExpectations(&service_observer_); 293 294 DeviceLocalAccountPolicyBroker* broker = 295 service_->GetBrokerForUser(account_1_user_id_); 296 ASSERT_TRUE(broker); 297 EXPECT_EQ(account_1_user_id_, broker->user_id()); 298 ASSERT_TRUE(broker->core()->store()); 299 300 device_local_account_policy_.policy_data().set_policy_type( 301 dm_protocol::kChromeUserPolicyType); 302 device_local_account_policy_.Build(); 303 broker->core()->store()->Store(device_local_account_policy_.policy()); 304 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 305 FlushDeviceSettings(); 306 307 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, 308 broker->core()->store()->status()); 309 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE, 310 broker->core()->store()->validation_status()); 311 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 312} 313 314TEST_F(DeviceLocalAccountPolicyServiceTest, StorePolicy) { 315 AddDeviceLocalAccountToPolicy(kAccount1); 316 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 317 InstallDevicePolicy(); 318 Mock::VerifyAndClearExpectations(&service_observer_); 319 320 DeviceLocalAccountPolicyBroker* broker = 321 service_->GetBrokerForUser(account_1_user_id_); 322 ASSERT_TRUE(broker); 323 EXPECT_EQ(account_1_user_id_, broker->user_id()); 324 ASSERT_TRUE(broker->core()->store()); 325 326 device_local_account_policy_.policy_data().set_settings_entity_id(kAccount1); 327 device_local_account_policy_.policy_data().set_username(kAccount1); 328 device_local_account_policy_.Build(); 329 broker->core()->store()->Store(device_local_account_policy_.policy()); 330 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 331 FlushDeviceSettings(); 332 333 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 334 ASSERT_TRUE(broker->core()->store()->policy()); 335 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 336 broker->core()->store()->policy()->SerializeAsString()); 337 EXPECT_TRUE(expected_policy_map_.Equals( 338 broker->core()->store()->policy_map())); 339 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 340} 341 342TEST_F(DeviceLocalAccountPolicyServiceTest, DevicePolicyChange) { 343 InstallDeviceLocalAccountPolicy(kAccount1); 344 AddDeviceLocalAccountToPolicy(kAccount1); 345 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 346 InstallDevicePolicy(); 347 348 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 349 InstallDevicePolicy(); 350 351 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_)); 352} 353 354TEST_F(DeviceLocalAccountPolicyServiceTest, DuplicateAccounts) { 355 InstallDeviceLocalAccountPolicy(kAccount1); 356 AddDeviceLocalAccountToPolicy(kAccount1); 357 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 358 InstallDevicePolicy(); 359 Mock::VerifyAndClearExpectations(&service_observer_); 360 361 // Add a second entry with a duplicate account name to device policy. 362 AddDeviceLocalAccountToPolicy(kAccount1); 363 InstallDevicePolicy(); 364 365 // Make sure the broker is accessible and policy got loaded. 366 DeviceLocalAccountPolicyBroker* broker = 367 service_->GetBrokerForUser(account_1_user_id_); 368 ASSERT_TRUE(broker); 369 EXPECT_EQ(account_1_user_id_, broker->user_id()); 370 ASSERT_TRUE(broker->core()->store()); 371 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 372 ASSERT_TRUE(broker->core()->store()->policy()); 373 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 374 broker->core()->store()->policy()->SerializeAsString()); 375 EXPECT_TRUE(expected_policy_map_.Equals( 376 broker->core()->store()->policy_map())); 377 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 378} 379 380TEST_F(DeviceLocalAccountPolicyServiceTest, FetchPolicy) { 381 InstallDeviceLocalAccountPolicy(kAccount1); 382 AddDeviceLocalAccountToPolicy(kAccount1); 383 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 384 InstallDevicePolicy(); 385 386 DeviceLocalAccountPolicyBroker* broker = 387 service_->GetBrokerForUser(account_1_user_id_); 388 ASSERT_TRUE(broker); 389 390 service_->Connect(&mock_device_management_service_); 391 EXPECT_TRUE(broker->core()->client()); 392 393 em::DeviceManagementRequest request; 394 em::DeviceManagementResponse response; 395 response.mutable_policy_response()->add_response()->CopyFrom( 396 device_local_account_policy_.policy()); 397 EXPECT_CALL(mock_device_management_service_, 398 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH, _)) 399 .WillOnce(mock_device_management_service_.SucceedJob(response)); 400 EXPECT_CALL(mock_device_management_service_, 401 StartJob(dm_protocol::kValueRequestPolicy, 402 std::string(), std::string(), 403 device_policy_.policy_data().request_token(), 404 dm_protocol::kValueUserAffiliationManaged, 405 device_policy_.policy_data().device_id(), 406 _)) 407 .WillOnce(SaveArg<6>(&request)); 408 // This will be called twice, because the ComponentCloudPolicyService will 409 // also become ready after flushing all the pending tasks. 410 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)).Times(2); 411 broker->core()->client()->FetchPolicy(); 412 FlushDeviceSettings(); 413 Mock::VerifyAndClearExpectations(&service_observer_); 414 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 415 EXPECT_TRUE(request.has_policy_request()); 416 EXPECT_EQ(1, request.policy_request().request_size()); 417 EXPECT_EQ(dm_protocol::kChromePublicAccountPolicyType, 418 request.policy_request().request(0).policy_type()); 419 EXPECT_FALSE(request.policy_request().request(0).has_machine_id()); 420 EXPECT_EQ(kAccount1, 421 request.policy_request().request(0).settings_entity_id()); 422 423 ASSERT_TRUE(broker->core()->store()); 424 EXPECT_EQ(CloudPolicyStore::STATUS_OK, 425 broker->core()->store()->status()); 426 ASSERT_TRUE(broker->core()->store()->policy()); 427 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 428 broker->core()->store()->policy()->SerializeAsString()); 429 EXPECT_TRUE(expected_policy_map_.Equals( 430 broker->core()->store()->policy_map())); 431 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 432} 433 434TEST_F(DeviceLocalAccountPolicyServiceTest, RefreshPolicy) { 435 InstallDeviceLocalAccountPolicy(kAccount1); 436 AddDeviceLocalAccountToPolicy(kAccount1); 437 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 438 InstallDevicePolicy(); 439 440 DeviceLocalAccountPolicyBroker* broker = 441 service_->GetBrokerForUser(account_1_user_id_); 442 ASSERT_TRUE(broker); 443 444 service_->Connect(&mock_device_management_service_); 445 ASSERT_TRUE(broker->core()->service()); 446 447 em::DeviceManagementResponse response; 448 response.mutable_policy_response()->add_response()->CopyFrom( 449 device_local_account_policy_.policy()); 450 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _)) 451 .WillOnce(mock_device_management_service_.SucceedJob(response)); 452 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)); 453 EXPECT_CALL(*this, OnRefreshDone(true)).Times(1); 454 // This will be called twice, because the ComponentCloudPolicyService will 455 // also become ready after flushing all the pending tasks. 456 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)).Times(2); 457 broker->core()->service()->RefreshPolicy( 458 base::Bind(&DeviceLocalAccountPolicyServiceTest::OnRefreshDone, 459 base::Unretained(this))); 460 FlushDeviceSettings(); 461 Mock::VerifyAndClearExpectations(&service_observer_); 462 Mock::VerifyAndClearExpectations(this); 463 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 464 465 ASSERT_TRUE(broker->core()->store()); 466 EXPECT_EQ(CloudPolicyStore::STATUS_OK, 467 broker->core()->store()->status()); 468 EXPECT_TRUE(expected_policy_map_.Equals( 469 broker->core()->store()->policy_map())); 470 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 471} 472 473class DeviceLocalAccountPolicyExtensionCacheTest 474 : public DeviceLocalAccountPolicyServiceTestBase { 475 protected: 476 DeviceLocalAccountPolicyExtensionCacheTest(); 477 478 virtual void SetUp() OVERRIDE; 479 480 base::FilePath GetCacheDirectoryForAccountID(const std::string& account_id); 481 482 base::ScopedTempDir cache_root_dir_; 483 scoped_ptr<base::ScopedPathOverride> cache_root_dir_override_; 484 485 base::FilePath cache_dir_1_; 486 base::FilePath cache_dir_2_; 487 base::FilePath cache_dir_3_; 488 489 private: 490 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyExtensionCacheTest); 491}; 492 493DeviceLocalAccountPolicyExtensionCacheTest:: 494 DeviceLocalAccountPolicyExtensionCacheTest() { 495} 496 497void DeviceLocalAccountPolicyExtensionCacheTest::SetUp() { 498 DeviceLocalAccountPolicyServiceTestBase::SetUp(); 499 ASSERT_TRUE(cache_root_dir_.CreateUniqueTempDir()); 500 cache_root_dir_override_.reset(new base::ScopedPathOverride( 501 chromeos::DIR_DEVICE_LOCAL_ACCOUNT_EXTENSIONS, 502 cache_root_dir_.path())); 503 504 cache_dir_1_ = GetCacheDirectoryForAccountID(kAccount1); 505 cache_dir_2_ = GetCacheDirectoryForAccountID(kAccount2); 506 cache_dir_3_ = GetCacheDirectoryForAccountID(kAccount3); 507 508 em::StringList* forcelist = device_local_account_policy_.payload() 509 .mutable_extensioninstallforcelist()->mutable_value(); 510 forcelist->add_entries(base::StringPrintf("%s;%s", kExtensionID, kUpdateURL)); 511} 512 513base::FilePath DeviceLocalAccountPolicyExtensionCacheTest:: 514 GetCacheDirectoryForAccountID(const std::string& account_id) { 515 return cache_root_dir_.path().Append(base::HexEncode(account_id.c_str(), 516 account_id.size())); 517} 518 519// Verifies that during startup, orphaned cache directories are deleted, 520// cache directories belonging to an existing account are preserved and missing 521// cache directories are created. Also verifies that when startup is complete, 522// the caches for all existing accounts are running. 523TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, Startup) { 524 base::FilePath test_data_dir; 525 ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &test_data_dir)); 526 const base::FilePath source_crx_file = 527 test_data_dir.Append(kExtensionCRXPath); 528 const std::string target_crx_file_name = 529 base::StringPrintf("%s-%s.crx", kExtensionID, kExtensionVersion); 530 531 // Create and pre-populate a cache directory for account 1. 532 EXPECT_TRUE(base::CreateDirectory(cache_dir_1_)); 533 EXPECT_TRUE(CopyFile(source_crx_file, 534 cache_dir_1_.Append(target_crx_file_name))); 535 536 // Create and pre-populate a cache directory for account 3. 537 EXPECT_TRUE(base::CreateDirectory(cache_dir_3_)); 538 EXPECT_TRUE(CopyFile(source_crx_file, 539 cache_dir_3_.Append(target_crx_file_name))); 540 541 // Add accounts 1 and 2 to device policy. 542 InstallDeviceLocalAccountPolicy(kAccount1); 543 InstallDeviceLocalAccountPolicy(kAccount2); 544 AddDeviceLocalAccountToPolicy(kAccount1); 545 AddDeviceLocalAccountToPolicy(kAccount2); 546 InstallDevicePolicy(); 547 548 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 549 // deletion of orphaned cache directories. 550 CreatePolicyService(); 551 FlushDeviceSettings(); 552 extension_cache_task_runner_->RunUntilIdle(); 553 554 // Verify that the cache directory for account 1 and its contents still exist. 555 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_)); 556 EXPECT_TRUE(ContentsEqual(source_crx_file, 557 cache_dir_1_.Append(target_crx_file_name))); 558 559 // Verify that a cache directory for account 2 was created. 560 EXPECT_TRUE(base::DirectoryExists(cache_dir_2_)); 561 562 // Verify that the cache directory for account 3 was deleted. 563 EXPECT_FALSE(base::DirectoryExists(cache_dir_3_)); 564 565 // Verify that the cache for account 1 has been started. 566 DeviceLocalAccountPolicyBroker* broker = 567 service_->GetBrokerForUser(account_1_user_id_); 568 ASSERT_TRUE(broker); 569 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 570 571 // Verify that the cache for account 2 has been started. 572 broker = service_->GetBrokerForUser(account_2_user_id_); 573 ASSERT_TRUE(broker); 574 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 575} 576 577// Verifies that while the deletion of orphaned cache directories is in 578// progress, the caches for accounts which existed before the deletion started 579// are running but caches for newly added accounts are not started. 580TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstOrphanDeletion) { 581 // Add account 1 to device policy. 582 InstallDeviceLocalAccountPolicy(kAccount1); 583 AddDeviceLocalAccountToPolicy(kAccount1); 584 InstallDevicePolicy(); 585 586 // Create the DeviceLocalAccountPolicyService, triggering the deletion of 587 // orphaned cache directories. 588 CreatePolicyService(); 589 FlushDeviceSettings(); 590 591 // Verify that the cache for account 1 has been started as it is unaffected by 592 // the orphan deletion. 593 DeviceLocalAccountPolicyBroker* broker = 594 service_->GetBrokerForUser(account_1_user_id_); 595 ASSERT_TRUE(broker); 596 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 597 598 // Add account 2 to device policy. 599 InstallDeviceLocalAccountPolicy(kAccount2); 600 AddDeviceLocalAccountToPolicy(kAccount2); 601 InstallDevicePolicy(); 602 603 // Verify that the cache for account 2 has not been started yet as the orphan 604 // deletion is still in progress. 605 broker = service_->GetBrokerForUser(account_2_user_id_); 606 ASSERT_TRUE(broker); 607 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning()); 608 609 // Allow the orphan deletion to finish. 610 extension_cache_task_runner_->RunUntilIdle(); 611 base::RunLoop().RunUntilIdle(); 612 613 // Verify that the cache for account 2 has been started. 614 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 615} 616 617// Verifies that while the shutdown of a cache is in progress, no new cache is 618// started if an account with the same ID is re-added. 619TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstCacheShutdown) { 620 // Add account 1 to device policy. 621 InstallDeviceLocalAccountPolicy(kAccount1); 622 AddDeviceLocalAccountToPolicy(kAccount1); 623 InstallDevicePolicy(); 624 625 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 626 // deletion of orphaned cache directories. 627 CreatePolicyService(); 628 FlushDeviceSettings(); 629 extension_cache_task_runner_->RunUntilIdle(); 630 631 // Remove account 1 from device policy, triggering a shutdown of its cache. 632 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 633 InstallDevicePolicy(); 634 635 // Re-add account 1 to device policy. 636 AddDeviceLocalAccountToPolicy(kAccount1); 637 InstallDevicePolicy(); 638 639 // Verify that the cache for account 1 has not been started yet as the 640 // shutdown of a previous cache for this account ID is still in progress. 641 DeviceLocalAccountPolicyBroker* broker = 642 service_->GetBrokerForUser(account_1_user_id_); 643 ASSERT_TRUE(broker); 644 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning()); 645 646 // Allow the cache shutdown to finish. 647 extension_cache_task_runner_->RunUntilIdle(); 648 base::RunLoop().RunUntilIdle(); 649 650 // Verify that the cache directory for account 1 still exists. 651 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_)); 652 653 // Verify that the cache for account 1 has been started, reusing the existing 654 // cache directory. 655 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 656} 657 658// Verifies that while the deletion of an obsolete cache directory is in 659// progress, no new cache is started if an account with the same ID is re-added. 660TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, 661 RaceAgainstObsoleteDeletion) { 662 // Add account 1 to device policy. 663 InstallDeviceLocalAccountPolicy(kAccount1); 664 AddDeviceLocalAccountToPolicy(kAccount1); 665 InstallDevicePolicy(); 666 667 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 668 // deletion of orphaned cache directories. 669 CreatePolicyService(); 670 FlushDeviceSettings(); 671 extension_cache_task_runner_->RunUntilIdle(); 672 673 // Remove account 1 from device policy, allowing the shutdown of its cache to 674 // finish and the deletion of its now obsolete cache directory to begin. 675 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 676 InstallDevicePolicy(); 677 extension_cache_task_runner_->RunUntilIdle(); 678 base::RunLoop().RunUntilIdle(); 679 680 // Re-add account 1 to device policy. 681 AddDeviceLocalAccountToPolicy(kAccount1); 682 InstallDevicePolicy(); 683 684 // Verify that the cache for account 1 has not been started yet as the 685 // deletion of the cache directory for this account ID is still in progress. 686 DeviceLocalAccountPolicyBroker* broker = 687 service_->GetBrokerForUser(account_1_user_id_); 688 ASSERT_TRUE(broker); 689 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning()); 690 691 // Allow the deletion to finish. 692 extension_cache_task_runner_->RunUntilIdle(); 693 base::RunLoop().RunUntilIdle(); 694 695 // Verify that the cache directory for account 1 was deleted. 696 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_)); 697 698 // Verify that the cache for account 1 has been started. 699 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 700} 701 702// Verifies that when an account is added and no deletion of cache directories 703// affecting this account is in progress, its cache is started immediately. 704TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, AddAccount) { 705 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 706 // deletion of orphaned cache directories. 707 InstallDevicePolicy(); 708 CreatePolicyService(); 709 FlushDeviceSettings(); 710 extension_cache_task_runner_->RunUntilIdle(); 711 712 // Add account 1 to device policy. 713 InstallDeviceLocalAccountPolicy(kAccount1); 714 AddDeviceLocalAccountToPolicy(kAccount1); 715 InstallDevicePolicy(); 716 717 // Verify that the cache for account 1 has been started. 718 DeviceLocalAccountPolicyBroker* broker = 719 service_->GetBrokerForUser(account_1_user_id_); 720 ASSERT_TRUE(broker); 721 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 722} 723 724// Verifies that when an account is removed, its cache directory is deleted. 725TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RemoveAccount) { 726 // Add account 1 to device policy. 727 InstallDeviceLocalAccountPolicy(kAccount1); 728 AddDeviceLocalAccountToPolicy(kAccount1); 729 InstallDevicePolicy(); 730 731 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 732 // deletion of orphaned cache directories. 733 CreatePolicyService(); 734 FlushDeviceSettings(); 735 extension_cache_task_runner_->RunUntilIdle(); 736 737 // Verify that a cache directory has been created for account 1. 738 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_)); 739 740 // Remove account 1 from device policy, allowing the deletion of its now 741 // obsolete cache directory to finish. 742 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 743 InstallDevicePolicy(); 744 extension_cache_task_runner_->RunUntilIdle(); 745 base::RunLoop().RunUntilIdle(); 746 extension_cache_task_runner_->RunUntilIdle(); 747 748 // Verify that the cache directory for account 1 was deleted. 749 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_)); 750} 751 752class DeviceLocalAccountPolicyProviderTest 753 : public DeviceLocalAccountPolicyServiceTestBase { 754 protected: 755 DeviceLocalAccountPolicyProviderTest(); 756 757 virtual void SetUp() OVERRIDE; 758 virtual void TearDown() OVERRIDE; 759 760 SchemaRegistry schema_registry_; 761 scoped_ptr<DeviceLocalAccountPolicyProvider> provider_; 762 MockConfigurationPolicyObserver provider_observer_; 763 764 private: 765 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyProviderTest); 766}; 767 768DeviceLocalAccountPolicyProviderTest::DeviceLocalAccountPolicyProviderTest() { 769 CreatePolicyService(); 770 provider_ = DeviceLocalAccountPolicyProvider::Create( 771 GenerateDeviceLocalAccountUserId(kAccount1, 772 DeviceLocalAccount::TYPE_PUBLIC_SESSION), 773 service_.get()); 774} 775 776void DeviceLocalAccountPolicyProviderTest::SetUp() { 777 DeviceLocalAccountPolicyServiceTestBase::SetUp(); 778 provider_->Init(&schema_registry_); 779 provider_->AddObserver(&provider_observer_); 780 781 // Values implicitly enforced for public accounts. 782 expected_policy_map_.Set(key::kLidCloseAction, 783 POLICY_LEVEL_MANDATORY, 784 POLICY_SCOPE_MACHINE, 785 new base::FundamentalValue( 786 chromeos::PowerPolicyController:: 787 ACTION_STOP_SESSION), 788 NULL); 789 expected_policy_map_.Set(key::kShelfAutoHideBehavior, 790 POLICY_LEVEL_MANDATORY, 791 POLICY_SCOPE_MACHINE, 792 new base::StringValue("Never"), 793 NULL); 794 expected_policy_map_.Set(key::kShowLogoutButtonInTray, 795 POLICY_LEVEL_MANDATORY, 796 POLICY_SCOPE_MACHINE, 797 new base::FundamentalValue(true), 798 NULL); 799 expected_policy_map_.Set(key::kFullscreenAllowed, 800 POLICY_LEVEL_MANDATORY, 801 POLICY_SCOPE_MACHINE, 802 new base::FundamentalValue(false), 803 NULL); 804} 805 806void DeviceLocalAccountPolicyProviderTest::TearDown() { 807 provider_->RemoveObserver(&provider_observer_); 808 provider_->Shutdown(); 809 provider_.reset(); 810 DeviceLocalAccountPolicyServiceTestBase::TearDown(); 811} 812 813TEST_F(DeviceLocalAccountPolicyProviderTest, Initialization) { 814 EXPECT_FALSE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); 815 816 // Policy change should complete initialization. 817 InstallDeviceLocalAccountPolicy(kAccount1); 818 AddDeviceLocalAccountToPolicy(kAccount1); 819 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 820 .Times(AtLeast(1)); 821 InstallDevicePolicy(); 822 Mock::VerifyAndClearExpectations(&provider_observer_); 823 824 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); 825 826 // The account disappearing should *not* flip the initialization flag back. 827 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 828 .Times(AnyNumber()); 829 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 830 InstallDevicePolicy(); 831 Mock::VerifyAndClearExpectations(&provider_observer_); 832 833 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); 834} 835 836TEST_F(DeviceLocalAccountPolicyProviderTest, Policy) { 837 // Policy should load successfully. 838 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 839 .Times(AtLeast(1)); 840 InstallDeviceLocalAccountPolicy(kAccount1); 841 AddDeviceLocalAccountToPolicy(kAccount1); 842 InstallDevicePolicy(); 843 Mock::VerifyAndClearExpectations(&provider_observer_); 844 845 PolicyBundle expected_policy_bundle; 846 expected_policy_bundle.Get(PolicyNamespace( 847 POLICY_DOMAIN_CHROME, std::string())).CopyFrom(expected_policy_map_); 848 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies())); 849 850 // Policy change should be reported. 851 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 852 .Times(AtLeast(1)); 853 device_local_account_policy_.payload().mutable_disablespdy()->set_value( 854 false); 855 InstallDeviceLocalAccountPolicy(kAccount1); 856 DeviceLocalAccountPolicyBroker* broker = 857 service_->GetBrokerForUser(account_1_user_id_); 858 ASSERT_TRUE(broker); 859 broker->core()->store()->Load(); 860 FlushDeviceSettings(); 861 Mock::VerifyAndClearExpectations(&provider_observer_); 862 863 expected_policy_bundle.Get( 864 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())) 865 .Set(key::kDisableSpdy, 866 POLICY_LEVEL_MANDATORY, 867 POLICY_SCOPE_USER, 868 new base::FundamentalValue(false), 869 NULL); 870 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies())); 871 872 // Any values set for the |ShelfAutoHideBehavior|, |ShowLogoutButtonInTray| 873 // and |ExtensionAllowedTypes| policies should be overridden. 874 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 875 .Times(AtLeast(1)); 876 device_local_account_policy_.payload().mutable_shelfautohidebehavior()-> 877 set_value("Always"); 878 device_local_account_policy_.payload().mutable_showlogoutbuttonintray()-> 879 set_value(false); 880 InstallDeviceLocalAccountPolicy(kAccount1); 881 broker->core()->store()->Load(); 882 FlushDeviceSettings(); 883 Mock::VerifyAndClearExpectations(&provider_observer_); 884 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies())); 885 886 // Account disappears, policy should stay in effect. 887 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 888 .Times(AnyNumber()); 889 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 890 InstallDevicePolicy(); 891 Mock::VerifyAndClearExpectations(&provider_observer_); 892 893 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies())); 894} 895 896TEST_F(DeviceLocalAccountPolicyProviderTest, RefreshPolicies) { 897 // If there's no device policy, the refresh completes immediately. 898 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_)); 899 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 900 .Times(AtLeast(1)); 901 provider_->RefreshPolicies(); 902 Mock::VerifyAndClearExpectations(&provider_observer_); 903 904 // Make device settings appear. 905 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 906 .Times(AnyNumber()); 907 AddDeviceLocalAccountToPolicy(kAccount1); 908 InstallDevicePolicy(); 909 EXPECT_TRUE(service_->GetBrokerForUser(account_1_user_id_)); 910 911 // If there's no cloud connection, refreshes are still immediate. 912 DeviceLocalAccountPolicyBroker* broker = 913 service_->GetBrokerForUser(account_1_user_id_); 914 ASSERT_TRUE(broker); 915 EXPECT_FALSE(broker->core()->client()); 916 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 917 .Times(AtLeast(1)); 918 provider_->RefreshPolicies(); 919 Mock::VerifyAndClearExpectations(&provider_observer_); 920 921 // Bring up the cloud connection. The refresh scheduler may fire refreshes at 922 // this point which are not relevant for the test. 923 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _)) 924 .WillRepeatedly( 925 mock_device_management_service_.FailJob(DM_STATUS_REQUEST_FAILED)); 926 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)) 927 .Times(AnyNumber()); 928 service_->Connect(&mock_device_management_service_); 929 FlushDeviceSettings(); 930 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 931 932 // No callbacks until the refresh completes. 933 EXPECT_CALL(provider_observer_, OnUpdatePolicy(_)).Times(0); 934 MockDeviceManagementJob* request_job; 935 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _)) 936 .WillOnce(mock_device_management_service_.CreateAsyncJob(&request_job)); 937 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)); 938 provider_->RefreshPolicies(); 939 ReloadDeviceSettings(); 940 Mock::VerifyAndClearExpectations(&provider_observer_); 941 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 942 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); 943 944 // When the response comes in, it should propagate and fire the notification. 945 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 946 .Times(AtLeast(1)); 947 ASSERT_TRUE(request_job); 948 em::DeviceManagementResponse response; 949 device_local_account_policy_.Build(); 950 response.mutable_policy_response()->add_response()->CopyFrom( 951 device_local_account_policy_.policy()); 952 request_job->SendResponse(DM_STATUS_SUCCESS, response); 953 FlushDeviceSettings(); 954 Mock::VerifyAndClearExpectations(&provider_observer_); 955} 956 957} // namespace policy 958