device_local_account_policy_service_unittest.cc revision 90dce4d38c5ff5333bea97d859d4e484e27edf0c
170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine// Copyright (c) 2012 The Chromium Authors. All rights reserved. 270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine// Use of this source code is governed by a BSD-style license that can be 370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine// found in the LICENSE file. 470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" 670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "base/bind.h" 870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "base/bind_helpers.h" 970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "base/memory/scoped_ptr.h" 1070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chrome/browser/chromeos/policy/device_local_account.h" 1170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h" 1270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chrome/browser/chromeos/settings/cros_settings.h" 1370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chrome/browser/chromeos/settings/device_settings_service.h" 1470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 1570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chrome/browser/policy/cloud/cloud_policy_client.h" 1670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chrome/browser/policy/cloud/cloud_policy_constants.h" 1770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chrome/browser/policy/cloud/cloud_policy_service.h" 1870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chrome/browser/policy/cloud/mock_device_management_service.h" 1970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chrome/browser/policy/cloud/policy_builder.h" 2070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chrome/browser/policy/mock_configuration_policy_provider.h" 2170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chrome/browser/policy/proto/chromeos/chrome_device_policy.pb.h" 2270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "chromeos/dbus/power_policy_controller.h" 2370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "policy/policy_constants.h" 2470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine#include "testing/gtest/include/gtest/gtest.h" 2570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 2670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkineusing testing::AnyNumber; 2770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkineusing testing::AtLeast; 2870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkineusing testing::Mock; 2970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkineusing testing::SaveArg; 3070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkineusing testing::_; 3170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 3270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkinenamespace em = enterprise_management; 3370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 3470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkinenamespace policy { 3570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 3670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkineclass MockDeviceLocalAccountPolicyServiceObserver 3770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine : public DeviceLocalAccountPolicyService::Observer { 3870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine public: 3970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine MOCK_METHOD1(OnPolicyUpdated, void(const std::string&)); 4070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine MOCK_METHOD0(OnDeviceLocalAccountsChanged, void(void)); 4170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine}; 4270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 4370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkineclass DeviceLocalAccountPolicyServiceTest 4470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine : public chromeos::DeviceSettingsTestBase { 4570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine public: 4670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine DeviceLocalAccountPolicyServiceTest() 4770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine : public_session_user_id_(GenerateDeviceLocalAccountUserId( 4870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine PolicyBuilder::kFakeUsername, 4970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine DeviceLocalAccount::TYPE_PUBLIC_SESSION)), 5070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine cros_settings_(&device_settings_service_), 5170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine service_(&device_settings_test_helper_, 5270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine &device_settings_service_, 5370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine &cros_settings_) {} 5470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 5570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine virtual void SetUp() OVERRIDE { 5670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine DeviceSettingsTestBase::SetUp(); 5770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 5870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine // Values implicitly enforced for public accounts. 5970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine expected_policy_map_.Set(key::kLidCloseAction, 6070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine POLICY_LEVEL_MANDATORY, 6170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine POLICY_SCOPE_USER, 6270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine base::Value::CreateIntegerValue( 6370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine chromeos::PowerPolicyController:: 6470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine ACTION_STOP_SESSION)); 6570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine expected_policy_map_.Set(key::kShelfAutoHideBehavior, 6670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine POLICY_LEVEL_MANDATORY, 6770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine POLICY_SCOPE_USER, 6870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine Value::CreateStringValue("Never")); 6970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine expected_policy_map_.Set(key::kShowLogoutButtonInTray, 7070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine POLICY_LEVEL_MANDATORY, 7170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine POLICY_SCOPE_USER, 7270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine Value::CreateBooleanValue(true)); 7370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine scoped_ptr<base::ListValue> allowed_extension_types(new base::ListValue()); 7470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine allowed_extension_types->AppendString("hosted_app"); 7570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine expected_policy_map_.Set(key::kExtensionAllowedTypes, 7670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine POLICY_LEVEL_MANDATORY, 7770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine POLICY_SCOPE_USER, 7870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine allowed_extension_types.release()); 7970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 8070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine // Explicitly set value. 8170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine expected_policy_map_.Set(key::kDisableSpdy, 8270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine POLICY_LEVEL_MANDATORY, 8370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine POLICY_SCOPE_USER, 8470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine Value::CreateBooleanValue(true)); 8570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 8670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine device_local_account_policy_.payload().mutable_disablespdy()->set_value( 8770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine true); 8870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine device_local_account_policy_.policy_data().set_policy_type( 8970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine dm_protocol::kChromePublicAccountPolicyType); 9070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine device_local_account_policy_.policy_data().set_settings_entity_id( 9170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine PolicyBuilder::kFakeUsername); 9270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine device_local_account_policy_.Build(); 9370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 9470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine em::DeviceLocalAccountInfoProto* account = 9570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine device_policy_.payload().mutable_device_local_accounts()->add_account(); 9670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine account->set_account_id(PolicyBuilder::kFakeUsername); 9770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine account->set_type( 9870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION); 9970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine device_policy_.Build(); 10070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 10170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine service_.AddObserver(&service_observer_); 10270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine } 10370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 10470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine virtual void TearDown() OVERRIDE { 10570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine service_.RemoveObserver(&service_observer_); 10670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 10770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine DeviceSettingsTestBase::TearDown(); 10870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine } 10970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 11070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine void InstallDevicePolicy() { 11170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged()); 11270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 11370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine ReloadDeviceSettings(); 11470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine Mock::VerifyAndClearExpectations(&service_observer_); 11570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine } 11670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 11770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine MOCK_METHOD1(OnRefreshDone, void(bool)); 11870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 11970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine const std::string public_session_user_id_; 12070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 12170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine PolicyMap expected_policy_map_; 12270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine UserPolicyBuilder device_local_account_policy_; 12370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine chromeos::CrosSettings cros_settings_; 12470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine MockDeviceLocalAccountPolicyServiceObserver service_observer_; 12570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine MockDeviceManagementService mock_device_management_service_; 12670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine DeviceLocalAccountPolicyService service_; 12770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 12870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine private: 12970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTest); 13070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine}; 13170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 13270a18cd874a22452aca9e39e22275ed4538ed20bVladimir ChtchetkineTEST_F(DeviceLocalAccountPolicyServiceTest, NoAccounts) { 13370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine EXPECT_FALSE(service_.GetBrokerForUser(public_session_user_id_)); 13470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine} 13570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 13670a18cd874a22452aca9e39e22275ed4538ed20bVladimir ChtchetkineTEST_F(DeviceLocalAccountPolicyServiceTest, GetBroker) { 13770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine InstallDevicePolicy(); 13870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 13970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine DeviceLocalAccountPolicyBroker* broker = 14070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine service_.GetBrokerForUser(public_session_user_id_); 14170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine ASSERT_TRUE(broker); 14270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine EXPECT_EQ(public_session_user_id_, broker->user_id()); 14370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine ASSERT_TRUE(broker->core()->store()); 14470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 14570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine EXPECT_FALSE(broker->core()->client()); 14670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine EXPECT_TRUE(broker->core()->store()->policy_map().empty()); 14770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine} 14870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 14970a18cd874a22452aca9e39e22275ed4538ed20bVladimir ChtchetkineTEST_F(DeviceLocalAccountPolicyServiceTest, LoadNoPolicy) { 15070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine InstallDevicePolicy(); 15170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 15270a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 15370a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine DeviceLocalAccountPolicyBroker* broker = 15470a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine service_.GetBrokerForUser(public_session_user_id_); 15570a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine ASSERT_TRUE(broker); 15670a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine FlushDeviceSettings(); 15770a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine Mock::VerifyAndClearExpectations(&service_observer_); 15870a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine 15970a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine ASSERT_TRUE(broker->core()->store()); 16070a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, 16170a18cd874a22452aca9e39e22275ed4538ed20bVladimir Chtchetkine broker->core()->store()->status()); 162 EXPECT_TRUE(broker->core()->store()->policy_map().empty()); 163 EXPECT_FALSE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 164} 165 166TEST_F(DeviceLocalAccountPolicyServiceTest, LoadValidationFailure) { 167 device_local_account_policy_.policy_data().set_policy_type( 168 dm_protocol::kChromeUserPolicyType); 169 device_local_account_policy_.Build(); 170 device_settings_test_helper_.set_device_local_account_policy_blob( 171 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 172 InstallDevicePolicy(); 173 174 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 175 DeviceLocalAccountPolicyBroker* broker = 176 service_.GetBrokerForUser(public_session_user_id_); 177 ASSERT_TRUE(broker); 178 FlushDeviceSettings(); 179 Mock::VerifyAndClearExpectations(&service_observer_); 180 181 ASSERT_TRUE(broker->core()->store()); 182 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, 183 broker->core()->store()->status()); 184 EXPECT_TRUE(broker->core()->store()->policy_map().empty()); 185 EXPECT_FALSE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 186} 187 188TEST_F(DeviceLocalAccountPolicyServiceTest, LoadPolicy) { 189 device_settings_test_helper_.set_device_local_account_policy_blob( 190 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 191 InstallDevicePolicy(); 192 193 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 194 DeviceLocalAccountPolicyBroker* broker = 195 service_.GetBrokerForUser(public_session_user_id_); 196 ASSERT_TRUE(broker); 197 FlushDeviceSettings(); 198 Mock::VerifyAndClearExpectations(&service_observer_); 199 200 ASSERT_TRUE(broker->core()->store()); 201 EXPECT_EQ(CloudPolicyStore::STATUS_OK, 202 broker->core()->store()->status()); 203 ASSERT_TRUE(broker->core()->store()->policy()); 204 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 205 broker->core()->store()->policy()->SerializeAsString()); 206 EXPECT_TRUE(expected_policy_map_.Equals( 207 broker->core()->store()->policy_map())); 208 EXPECT_TRUE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 209} 210 211TEST_F(DeviceLocalAccountPolicyServiceTest, StoreValidationFailure) { 212 device_local_account_policy_.policy_data().set_policy_type( 213 dm_protocol::kChromeUserPolicyType); 214 device_local_account_policy_.Build(); 215 InstallDevicePolicy(); 216 217 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 218 DeviceLocalAccountPolicyBroker* broker = 219 service_.GetBrokerForUser(public_session_user_id_); 220 ASSERT_TRUE(broker); 221 ASSERT_TRUE(broker->core()->store()); 222 broker->core()->store()->Store(device_local_account_policy_.policy()); 223 FlushDeviceSettings(); 224 Mock::VerifyAndClearExpectations(&service_observer_); 225 226 ASSERT_TRUE(broker->core()->store()); 227 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, 228 broker->core()->store()->status()); 229 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE, 230 broker->core()->store()->validation_status()); 231 EXPECT_FALSE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 232} 233 234TEST_F(DeviceLocalAccountPolicyServiceTest, StorePolicy) { 235 InstallDevicePolicy(); 236 237 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 238 DeviceLocalAccountPolicyBroker* broker = 239 service_.GetBrokerForUser(public_session_user_id_); 240 ASSERT_TRUE(broker); 241 ASSERT_TRUE(broker->core()->store()); 242 broker->core()->store()->Store(device_local_account_policy_.policy()); 243 FlushDeviceSettings(); 244 Mock::VerifyAndClearExpectations(&service_observer_); 245 246 EXPECT_EQ(device_local_account_policy_.GetBlob(), 247 device_settings_test_helper_.device_local_account_policy_blob( 248 PolicyBuilder::kFakeUsername)); 249 EXPECT_TRUE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 250} 251 252TEST_F(DeviceLocalAccountPolicyServiceTest, DevicePolicyChange) { 253 device_settings_test_helper_.set_device_local_account_policy_blob( 254 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 255 InstallDevicePolicy(); 256 257 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged()); 258 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 259 device_policy_.Build(); 260 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 261 device_settings_service_.PropertyChangeComplete(true); 262 FlushDeviceSettings(); 263 EXPECT_FALSE(service_.GetBrokerForUser(public_session_user_id_)); 264 Mock::VerifyAndClearExpectations(&service_observer_); 265} 266 267TEST_F(DeviceLocalAccountPolicyServiceTest, DuplicateAccounts) { 268 InstallDevicePolicy(); 269 DeviceLocalAccountPolicyBroker* broker = 270 service_.GetBrokerForUser(public_session_user_id_); 271 ASSERT_TRUE(broker); 272 273 // Add a second entry with a duplicate account name to device policy. 274 em::DeviceLocalAccountInfoProto* account = 275 device_policy_.payload().mutable_device_local_accounts()->add_account(); 276 account->set_account_id(PolicyBuilder::kFakeUsername); 277 account->set_type( 278 em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION); 279 device_policy_.Build(); 280 device_settings_test_helper_.set_device_local_account_policy_blob( 281 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 282 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 283 284 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged()); 285 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 286 device_settings_service_.PropertyChangeComplete(true); 287 FlushDeviceSettings(); 288 Mock::VerifyAndClearExpectations(&service_observer_); 289 290 // Make sure the broker is accessible and policy got loaded. 291 broker = service_.GetBrokerForUser(public_session_user_id_); 292 ASSERT_TRUE(broker); 293 EXPECT_EQ(public_session_user_id_, broker->user_id()); 294 EXPECT_TRUE(broker->core()->store()->policy()); 295} 296 297TEST_F(DeviceLocalAccountPolicyServiceTest, FetchPolicy) { 298 device_settings_test_helper_.set_device_local_account_policy_blob( 299 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 300 InstallDevicePolicy(); 301 302 DeviceLocalAccountPolicyBroker* broker = 303 service_.GetBrokerForUser(public_session_user_id_); 304 ASSERT_TRUE(broker); 305 306 service_.Connect(&mock_device_management_service_); 307 EXPECT_TRUE(broker->core()->client()); 308 309 em::DeviceManagementRequest request; 310 em::DeviceManagementResponse response; 311 response.mutable_policy_response()->add_response()->CopyFrom( 312 device_local_account_policy_.policy()); 313 EXPECT_CALL(mock_device_management_service_, 314 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH)) 315 .WillOnce(mock_device_management_service_.SucceedJob(response)); 316 EXPECT_CALL(mock_device_management_service_, 317 StartJob(dm_protocol::kValueRequestPolicy, 318 std::string(), std::string(), 319 device_policy_.policy_data().request_token(), 320 dm_protocol::kValueUserAffiliationManaged, 321 device_policy_.policy_data().device_id(), 322 _)) 323 .WillOnce(SaveArg<6>(&request)); 324 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 325 broker->core()->client()->FetchPolicy(); 326 FlushDeviceSettings(); 327 Mock::VerifyAndClearExpectations(&service_observer_); 328 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 329 EXPECT_TRUE(request.has_policy_request()); 330 EXPECT_EQ(1, request.policy_request().request_size()); 331 EXPECT_EQ(dm_protocol::kChromePublicAccountPolicyType, 332 request.policy_request().request(0).policy_type()); 333 EXPECT_FALSE(request.policy_request().request(0).has_machine_id()); 334 EXPECT_EQ(PolicyBuilder::kFakeUsername, 335 request.policy_request().request(0).settings_entity_id()); 336 337 ASSERT_TRUE(broker->core()->store()); 338 EXPECT_EQ(CloudPolicyStore::STATUS_OK, 339 broker->core()->store()->status()); 340 ASSERT_TRUE(broker->core()->store()->policy()); 341 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 342 broker->core()->store()->policy()->SerializeAsString()); 343 EXPECT_TRUE(expected_policy_map_.Equals( 344 broker->core()->store()->policy_map())); 345 EXPECT_TRUE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 346 347 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)) 348 .Times(0); 349 service_.Disconnect(); 350 EXPECT_FALSE(broker->core()->client()); 351 Mock::VerifyAndClearExpectations(&service_observer_); 352 EXPECT_TRUE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 353} 354 355TEST_F(DeviceLocalAccountPolicyServiceTest, RefreshPolicy) { 356 device_settings_test_helper_.set_device_local_account_policy_blob( 357 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 358 InstallDevicePolicy(); 359 360 DeviceLocalAccountPolicyBroker* broker = 361 service_.GetBrokerForUser(public_session_user_id_); 362 ASSERT_TRUE(broker); 363 364 service_.Connect(&mock_device_management_service_); 365 ASSERT_TRUE(broker->core()->service()); 366 367 em::DeviceManagementResponse response; 368 response.mutable_policy_response()->add_response()->CopyFrom( 369 device_local_account_policy_.policy()); 370 EXPECT_CALL(mock_device_management_service_, CreateJob(_)) 371 .WillOnce(mock_device_management_service_.SucceedJob(response)); 372 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)); 373 EXPECT_CALL(*this, OnRefreshDone(true)).Times(1); 374 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 375 broker->core()->service()->RefreshPolicy( 376 base::Bind(&DeviceLocalAccountPolicyServiceTest::OnRefreshDone, 377 base::Unretained(this))); 378 FlushDeviceSettings(); 379 Mock::VerifyAndClearExpectations(&service_observer_); 380 Mock::VerifyAndClearExpectations(this); 381 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 382 383 ASSERT_TRUE(broker->core()->store()); 384 EXPECT_EQ(CloudPolicyStore::STATUS_OK, 385 broker->core()->store()->status()); 386 EXPECT_TRUE(expected_policy_map_.Equals( 387 broker->core()->store()->policy_map())); 388 EXPECT_TRUE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 389} 390 391class DeviceLocalAccountPolicyProviderTest 392 : public DeviceLocalAccountPolicyServiceTest { 393 protected: 394 DeviceLocalAccountPolicyProviderTest() 395 : provider_( 396 GenerateDeviceLocalAccountUserId( 397 PolicyBuilder::kFakeUsername, 398 DeviceLocalAccount::TYPE_PUBLIC_SESSION), 399 &service_) {} 400 401 virtual void SetUp() OVERRIDE { 402 DeviceLocalAccountPolicyServiceTest::SetUp(); 403 provider_.Init(); 404 provider_.AddObserver(&provider_observer_); 405 406 EXPECT_CALL(service_observer_, OnPolicyUpdated(_)).Times(AnyNumber()); 407 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged()) 408 .Times(AnyNumber()); 409 } 410 411 virtual void TearDown() OVERRIDE { 412 provider_.RemoveObserver(&provider_observer_); 413 provider_.Shutdown(); 414 DeviceLocalAccountPolicyServiceTest::TearDown(); 415 } 416 417 DeviceLocalAccountPolicyProvider provider_; 418 MockConfigurationPolicyObserver provider_observer_; 419 420 private: 421 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyProviderTest); 422}; 423 424TEST_F(DeviceLocalAccountPolicyProviderTest, Initialization) { 425 EXPECT_FALSE(provider_.IsInitializationComplete(POLICY_DOMAIN_CHROME)); 426 427 // Policy change should complete initialization. 428 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 429 device_settings_test_helper_.set_device_local_account_policy_blob( 430 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 431 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 432 ReloadDeviceSettings(); 433 Mock::VerifyAndClearExpectations(&provider_observer_); 434 435 EXPECT_TRUE(provider_.IsInitializationComplete(POLICY_DOMAIN_CHROME)); 436 437 // The account disappearing should *not* flip the initialization flag back. 438 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)) 439 .Times(AnyNumber()); 440 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 441 device_policy_.Build(); 442 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 443 ReloadDeviceSettings(); 444 Mock::VerifyAndClearExpectations(&provider_observer_); 445 446 EXPECT_TRUE(provider_.IsInitializationComplete(POLICY_DOMAIN_CHROME)); 447} 448 449TEST_F(DeviceLocalAccountPolicyProviderTest, Policy) { 450 // Policy should load successfully. 451 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 452 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 453 device_settings_test_helper_.set_device_local_account_policy_blob( 454 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 455 ReloadDeviceSettings(); 456 Mock::VerifyAndClearExpectations(&provider_observer_); 457 458 PolicyBundle expected_policy_bundle; 459 expected_policy_bundle.Get(PolicyNamespace( 460 POLICY_DOMAIN_CHROME, std::string())).CopyFrom(expected_policy_map_); 461 EXPECT_TRUE(expected_policy_bundle.Equals(provider_.policies())); 462 463 // Policy change should be reported. 464 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 465 device_local_account_policy_.payload().mutable_disablespdy()->set_value( 466 false); 467 device_local_account_policy_.Build(); 468 device_settings_test_helper_.set_device_local_account_policy_blob( 469 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 470 DeviceLocalAccountPolicyBroker* broker = 471 service_.GetBrokerForUser(public_session_user_id_); 472 ASSERT_TRUE(broker); 473 broker->core()->store()->Load(); 474 FlushDeviceSettings(); 475 Mock::VerifyAndClearExpectations(&provider_observer_); 476 477 expected_policy_bundle.Get( 478 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())) 479 .Set(key::kDisableSpdy, 480 POLICY_LEVEL_MANDATORY, 481 POLICY_SCOPE_USER, 482 Value::CreateBooleanValue(false)); 483 EXPECT_TRUE(expected_policy_bundle.Equals(provider_.policies())); 484 485 // Any values set for the |ShelfAutoHideBehavior|, |ShowLogoutButtonInTray| 486 // and |ExtensionAllowedTypes| policies should be overridden. 487 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 488 device_local_account_policy_.payload().mutable_shelfautohidebehavior()-> 489 set_value("Always"); 490 device_local_account_policy_.payload().mutable_showlogoutbuttonintray()-> 491 set_value(false); 492 device_local_account_policy_.payload().mutable_extensionallowedtypes()-> 493 mutable_value()->mutable_entries()->Clear(); 494 device_local_account_policy_.Build(); 495 device_settings_test_helper_.set_device_local_account_policy_blob( 496 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 497 broker->core()->store()->Load(); 498 FlushDeviceSettings(); 499 Mock::VerifyAndClearExpectations(&provider_observer_); 500 EXPECT_TRUE(expected_policy_bundle.Equals(provider_.policies())); 501 502 // Account disappears, policy should stay in effect. 503 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)) 504 .Times(AnyNumber()); 505 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 506 device_policy_.Build(); 507 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 508 ReloadDeviceSettings(); 509 Mock::VerifyAndClearExpectations(&provider_observer_); 510 511 EXPECT_TRUE(expected_policy_bundle.Equals(provider_.policies())); 512} 513 514TEST_F(DeviceLocalAccountPolicyProviderTest, RefreshPolicies) { 515 // If there's no device policy, the refresh completes immediately. 516 EXPECT_FALSE(service_.GetBrokerForUser(public_session_user_id_)); 517 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 518 provider_.RefreshPolicies(); 519 Mock::VerifyAndClearExpectations(&provider_observer_); 520 521 // Make device settings appear. 522 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)) 523 .Times(AnyNumber()); 524 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 525 ReloadDeviceSettings(); 526 Mock::VerifyAndClearExpectations(&provider_observer_); 527 EXPECT_TRUE(service_.GetBrokerForUser(public_session_user_id_)); 528 529 // If there's no cloud connection, refreshes are still immediate. 530 DeviceLocalAccountPolicyBroker* broker = 531 service_.GetBrokerForUser(public_session_user_id_); 532 ASSERT_TRUE(broker); 533 EXPECT_FALSE(broker->core()->client()); 534 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 535 provider_.RefreshPolicies(); 536 Mock::VerifyAndClearExpectations(&provider_observer_); 537 538 // Bring up the cloud connection. The refresh scheduler may fire refreshes at 539 // this point which are not relevant for the test. 540 EXPECT_CALL(mock_device_management_service_, CreateJob(_)) 541 .WillRepeatedly( 542 mock_device_management_service_.FailJob(DM_STATUS_REQUEST_FAILED)); 543 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)); 544 service_.Connect(&mock_device_management_service_); 545 FlushDeviceSettings(); 546 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 547 548 // No callbacks until the refresh completes. 549 EXPECT_CALL(provider_observer_, OnUpdatePolicy(_)).Times(0); 550 MockDeviceManagementJob* request_job; 551 EXPECT_CALL(mock_device_management_service_, CreateJob(_)) 552 .WillOnce(mock_device_management_service_.CreateAsyncJob(&request_job)); 553 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)); 554 provider_.RefreshPolicies(); 555 ReloadDeviceSettings(); 556 Mock::VerifyAndClearExpectations(&provider_observer_); 557 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 558 EXPECT_TRUE(provider_.IsInitializationComplete(POLICY_DOMAIN_CHROME)); 559 560 // When the response comes in, it should propagate and fire the notification. 561 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 562 ASSERT_TRUE(request_job); 563 em::DeviceManagementResponse response; 564 response.mutable_policy_response()->add_response()->CopyFrom( 565 device_local_account_policy_.policy()); 566 request_job->SendResponse(DM_STATUS_SUCCESS, response); 567 FlushDeviceSettings(); 568 Mock::VerifyAndClearExpectations(&provider_observer_); 569} 570 571} // namespace policy 572