device_local_account_policy_service_unittest.cc revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" 6 7#include "base/bind.h" 8#include "base/bind_helpers.h" 9#include "base/callback.h" 10#include "base/file_util.h" 11#include "base/files/file_path.h" 12#include "base/files/scoped_temp_dir.h" 13#include "base/message_loop/message_loop.h" 14#include "base/message_loop/message_loop_proxy.h" 15#include "base/path_service.h" 16#include "base/run_loop.h" 17#include "base/strings/string_number_conversions.h" 18#include "base/strings/stringprintf.h" 19#include "base/test/scoped_path_override.h" 20#include "base/test/test_simple_task_runner.h" 21#include "chrome/browser/chromeos/policy/device_local_account.h" 22#include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h" 23#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" 24#include "chrome/browser/chromeos/settings/cros_settings.h" 25#include "chrome/browser/chromeos/settings/device_settings_service.h" 26#include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 27#include "chrome/common/chrome_paths.h" 28#include "chromeos/chromeos_paths.h" 29#include "chromeos/dbus/power_policy_controller.h" 30#include "components/policy/core/common/cloud/cloud_policy_client.h" 31#include "components/policy/core/common/cloud/cloud_policy_constants.h" 32#include "components/policy/core/common/cloud/cloud_policy_service.h" 33#include "components/policy/core/common/cloud/mock_device_management_service.h" 34#include "components/policy/core/common/cloud/policy_builder.h" 35#include "components/policy/core/common/external_data_fetcher.h" 36#include "components/policy/core/common/mock_configuration_policy_provider.h" 37#include "components/policy/core/common/schema_registry.h" 38#include "net/url_request/url_request_context_getter.h" 39#include "net/url_request/url_request_test_util.h" 40#include "policy/policy_constants.h" 41#include "policy/proto/cloud_policy.pb.h" 42#include "testing/gtest/include/gtest/gtest.h" 43 44using testing::AnyNumber; 45using testing::AtLeast; 46using testing::Mock; 47using testing::SaveArg; 48using testing::_; 49 50namespace em = enterprise_management; 51 52namespace policy { 53 54namespace { 55 56const char kAccount1[] = "account1@localhost"; 57const char kAccount2[] = "account2@localhost"; 58const char kAccount3[] = "account3@localhost"; 59 60const char kExtensionID[] = "kbmnembihfiondgfjekmnmcbddelicoi"; 61const char kExtensionVersion[] = "1.0.0.0"; 62const char kExtensionCRXPath[] = "extensions/hosted_app.crx"; 63const char kUpdateURL[] = "https://clients2.google.com/service/update2/crx"; 64 65} // namespace 66 67class MockDeviceLocalAccountPolicyServiceObserver 68 : public DeviceLocalAccountPolicyService::Observer { 69 public: 70 MOCK_METHOD1(OnPolicyUpdated, void(const std::string&)); 71 MOCK_METHOD0(OnDeviceLocalAccountsChanged, void(void)); 72}; 73 74class DeviceLocalAccountPolicyServiceTestBase 75 : public chromeos::DeviceSettingsTestBase { 76 public: 77 DeviceLocalAccountPolicyServiceTestBase(); 78 79 virtual void SetUp() OVERRIDE; 80 virtual void TearDown() OVERRIDE; 81 82 void CreatePolicyService(); 83 84 void InstallDeviceLocalAccountPolicy(const std::string& account_id); 85 void AddDeviceLocalAccountToPolicy(const std::string& account_id); 86 virtual void InstallDevicePolicy(); 87 88 const std::string account_1_user_id_; 89 const std::string account_2_user_id_; 90 91 PolicyMap expected_policy_map_; 92 UserPolicyBuilder device_local_account_policy_; 93 chromeos::CrosSettings cros_settings_; 94 scoped_refptr<base::TestSimpleTaskRunner> extension_cache_task_runner_; 95 MockDeviceManagementService mock_device_management_service_; 96 scoped_ptr<DeviceLocalAccountPolicyService> service_; 97 98 private: 99 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTestBase); 100}; 101 102class DeviceLocalAccountPolicyServiceTest 103 : public DeviceLocalAccountPolicyServiceTestBase { 104 public: 105 MOCK_METHOD1(OnRefreshDone, void(bool)); 106 107 protected: 108 DeviceLocalAccountPolicyServiceTest(); 109 110 virtual void SetUp() OVERRIDE; 111 virtual void TearDown() OVERRIDE; 112 113 void InstallDevicePolicy() OVERRIDE; 114 115 MockDeviceLocalAccountPolicyServiceObserver service_observer_; 116 117 private: 118 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTest); 119}; 120 121DeviceLocalAccountPolicyServiceTestBase:: 122 DeviceLocalAccountPolicyServiceTestBase() 123 : account_1_user_id_(GenerateDeviceLocalAccountUserId( 124 kAccount1, 125 DeviceLocalAccount::TYPE_PUBLIC_SESSION)), 126 account_2_user_id_(GenerateDeviceLocalAccountUserId( 127 kAccount2, 128 DeviceLocalAccount::TYPE_PUBLIC_SESSION)), 129 cros_settings_(&device_settings_service_), 130 extension_cache_task_runner_(new base::TestSimpleTaskRunner) { 131} 132 133void DeviceLocalAccountPolicyServiceTestBase::SetUp() { 134 chromeos::DeviceSettingsTestBase::SetUp(); 135 136 // Values implicitly enforced for public accounts. 137 expected_policy_map_.Set(key::kLidCloseAction, 138 POLICY_LEVEL_MANDATORY, 139 POLICY_SCOPE_USER, 140 base::Value::CreateIntegerValue( 141 chromeos::PowerPolicyController:: 142 ACTION_STOP_SESSION), 143 NULL); 144 expected_policy_map_.Set(key::kShelfAutoHideBehavior, 145 POLICY_LEVEL_MANDATORY, 146 POLICY_SCOPE_USER, 147 Value::CreateStringValue("Never"), 148 NULL); 149 expected_policy_map_.Set(key::kShowLogoutButtonInTray, 150 POLICY_LEVEL_MANDATORY, 151 POLICY_SCOPE_USER, 152 Value::CreateBooleanValue(true), 153 NULL); 154 expected_policy_map_.Set(key::kFullscreenAllowed, 155 POLICY_LEVEL_MANDATORY, 156 POLICY_SCOPE_USER, 157 Value::CreateBooleanValue(false), 158 NULL); 159 160 // Explicitly set value. 161 expected_policy_map_.Set(key::kDisableSpdy, 162 POLICY_LEVEL_MANDATORY, 163 POLICY_SCOPE_USER, 164 Value::CreateBooleanValue(true), 165 NULL); 166 167 device_local_account_policy_.payload().mutable_disablespdy()->set_value( 168 true); 169 device_local_account_policy_.policy_data().set_policy_type( 170 dm_protocol::kChromePublicAccountPolicyType); 171} 172 173void DeviceLocalAccountPolicyServiceTestBase::TearDown() { 174 service_->Shutdown(); 175 service_.reset(); 176 extension_cache_task_runner_->RunUntilIdle(); 177 chromeos::DeviceSettingsTestBase::TearDown(); 178} 179 180void DeviceLocalAccountPolicyServiceTestBase::CreatePolicyService() { 181 service_.reset(new DeviceLocalAccountPolicyService( 182 &device_settings_test_helper_, 183 &device_settings_service_, 184 &cros_settings_, 185 loop_.message_loop_proxy(), 186 extension_cache_task_runner_, 187 loop_.message_loop_proxy(), 188 loop_.message_loop_proxy(), 189 new net::TestURLRequestContextGetter( 190 base::MessageLoop::current()->message_loop_proxy()))); 191} 192 193void DeviceLocalAccountPolicyServiceTestBase:: 194 InstallDeviceLocalAccountPolicy(const std::string& account_id) { 195 device_local_account_policy_.policy_data().set_settings_entity_id(account_id); 196 device_local_account_policy_.policy_data().set_username(account_id); 197 device_local_account_policy_.Build(); 198 device_settings_test_helper_.set_device_local_account_policy_blob( 199 account_id, device_local_account_policy_.GetBlob()); 200} 201 202void DeviceLocalAccountPolicyServiceTestBase::AddDeviceLocalAccountToPolicy( 203 const std::string& account_id) { 204 em::DeviceLocalAccountInfoProto* account = 205 device_policy_.payload().mutable_device_local_accounts()->add_account(); 206 account->set_account_id(account_id); 207 account->set_type( 208 em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION); 209} 210 211void DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy() { 212 device_policy_.Build(); 213 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 214 ReloadDeviceSettings(); 215} 216 217DeviceLocalAccountPolicyServiceTest::DeviceLocalAccountPolicyServiceTest() { 218 CreatePolicyService(); 219} 220 221void DeviceLocalAccountPolicyServiceTest::SetUp() { 222 DeviceLocalAccountPolicyServiceTestBase::SetUp(); 223 service_->AddObserver(&service_observer_); 224} 225 226void DeviceLocalAccountPolicyServiceTest::TearDown() { 227 service_->RemoveObserver(&service_observer_); 228 DeviceLocalAccountPolicyServiceTestBase::TearDown(); 229} 230 231void DeviceLocalAccountPolicyServiceTest::InstallDevicePolicy() { 232 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged()); 233 DeviceLocalAccountPolicyServiceTestBase::InstallDevicePolicy(); 234 Mock::VerifyAndClearExpectations(&service_observer_); 235} 236 237TEST_F(DeviceLocalAccountPolicyServiceTest, NoAccounts) { 238 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_)); 239} 240 241TEST_F(DeviceLocalAccountPolicyServiceTest, GetBroker) { 242 InstallDeviceLocalAccountPolicy(kAccount1); 243 AddDeviceLocalAccountToPolicy(kAccount1); 244 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 245 InstallDevicePolicy(); 246 247 DeviceLocalAccountPolicyBroker* broker = 248 service_->GetBrokerForUser(account_1_user_id_); 249 ASSERT_TRUE(broker); 250 EXPECT_EQ(account_1_user_id_, broker->user_id()); 251 ASSERT_TRUE(broker->core()->store()); 252 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 253 EXPECT_FALSE(broker->core()->client()); 254 EXPECT_FALSE(broker->core()->store()->policy_map().empty()); 255} 256 257TEST_F(DeviceLocalAccountPolicyServiceTest, LoadNoPolicy) { 258 AddDeviceLocalAccountToPolicy(kAccount1); 259 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 260 InstallDevicePolicy(); 261 262 DeviceLocalAccountPolicyBroker* broker = 263 service_->GetBrokerForUser(account_1_user_id_); 264 ASSERT_TRUE(broker); 265 EXPECT_EQ(account_1_user_id_, broker->user_id()); 266 ASSERT_TRUE(broker->core()->store()); 267 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, 268 broker->core()->store()->status()); 269 EXPECT_TRUE(broker->core()->store()->policy_map().empty()); 270 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 271} 272 273TEST_F(DeviceLocalAccountPolicyServiceTest, LoadValidationFailure) { 274 device_local_account_policy_.policy_data().set_policy_type( 275 dm_protocol::kChromeUserPolicyType); 276 InstallDeviceLocalAccountPolicy(kAccount1); 277 AddDeviceLocalAccountToPolicy(kAccount1); 278 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 279 InstallDevicePolicy(); 280 281 DeviceLocalAccountPolicyBroker* broker = 282 service_->GetBrokerForUser(account_1_user_id_); 283 ASSERT_TRUE(broker); 284 EXPECT_EQ(account_1_user_id_, broker->user_id()); 285 ASSERT_TRUE(broker->core()->store()); 286 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, 287 broker->core()->store()->status()); 288 EXPECT_TRUE(broker->core()->store()->policy_map().empty()); 289 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 290} 291 292TEST_F(DeviceLocalAccountPolicyServiceTest, LoadPolicy) { 293 InstallDeviceLocalAccountPolicy(kAccount1); 294 AddDeviceLocalAccountToPolicy(kAccount1); 295 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 296 InstallDevicePolicy(); 297 298 DeviceLocalAccountPolicyBroker* broker = 299 service_->GetBrokerForUser(account_1_user_id_); 300 ASSERT_TRUE(broker); 301 EXPECT_EQ(account_1_user_id_, broker->user_id()); 302 ASSERT_TRUE(broker->core()->store()); 303 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 304 ASSERT_TRUE(broker->core()->store()->policy()); 305 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 306 broker->core()->store()->policy()->SerializeAsString()); 307 EXPECT_TRUE(expected_policy_map_.Equals( 308 broker->core()->store()->policy_map())); 309 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 310} 311 312TEST_F(DeviceLocalAccountPolicyServiceTest, StoreValidationFailure) { 313 AddDeviceLocalAccountToPolicy(kAccount1); 314 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 315 InstallDevicePolicy(); 316 Mock::VerifyAndClearExpectations(&service_observer_); 317 318 DeviceLocalAccountPolicyBroker* broker = 319 service_->GetBrokerForUser(account_1_user_id_); 320 ASSERT_TRUE(broker); 321 EXPECT_EQ(account_1_user_id_, broker->user_id()); 322 ASSERT_TRUE(broker->core()->store()); 323 324 device_local_account_policy_.policy_data().set_policy_type( 325 dm_protocol::kChromeUserPolicyType); 326 device_local_account_policy_.Build(); 327 broker->core()->store()->Store(device_local_account_policy_.policy()); 328 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 329 FlushDeviceSettings(); 330 331 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, 332 broker->core()->store()->status()); 333 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE, 334 broker->core()->store()->validation_status()); 335 EXPECT_FALSE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 336} 337 338TEST_F(DeviceLocalAccountPolicyServiceTest, StorePolicy) { 339 AddDeviceLocalAccountToPolicy(kAccount1); 340 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 341 InstallDevicePolicy(); 342 Mock::VerifyAndClearExpectations(&service_observer_); 343 344 DeviceLocalAccountPolicyBroker* broker = 345 service_->GetBrokerForUser(account_1_user_id_); 346 ASSERT_TRUE(broker); 347 EXPECT_EQ(account_1_user_id_, broker->user_id()); 348 ASSERT_TRUE(broker->core()->store()); 349 350 device_local_account_policy_.policy_data().set_settings_entity_id(kAccount1); 351 device_local_account_policy_.policy_data().set_username(kAccount1); 352 device_local_account_policy_.Build(); 353 broker->core()->store()->Store(device_local_account_policy_.policy()); 354 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 355 FlushDeviceSettings(); 356 357 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 358 ASSERT_TRUE(broker->core()->store()->policy()); 359 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 360 broker->core()->store()->policy()->SerializeAsString()); 361 EXPECT_TRUE(expected_policy_map_.Equals( 362 broker->core()->store()->policy_map())); 363 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 364} 365 366TEST_F(DeviceLocalAccountPolicyServiceTest, DevicePolicyChange) { 367 InstallDeviceLocalAccountPolicy(kAccount1); 368 AddDeviceLocalAccountToPolicy(kAccount1); 369 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 370 InstallDevicePolicy(); 371 372 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 373 InstallDevicePolicy(); 374 375 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_)); 376} 377 378TEST_F(DeviceLocalAccountPolicyServiceTest, DuplicateAccounts) { 379 InstallDeviceLocalAccountPolicy(kAccount1); 380 AddDeviceLocalAccountToPolicy(kAccount1); 381 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 382 InstallDevicePolicy(); 383 Mock::VerifyAndClearExpectations(&service_observer_); 384 385 // Add a second entry with a duplicate account name to device policy. 386 AddDeviceLocalAccountToPolicy(kAccount1); 387 InstallDevicePolicy(); 388 389 // Make sure the broker is accessible and policy got loaded. 390 DeviceLocalAccountPolicyBroker* broker = 391 service_->GetBrokerForUser(account_1_user_id_); 392 ASSERT_TRUE(broker); 393 EXPECT_EQ(account_1_user_id_, broker->user_id()); 394 ASSERT_TRUE(broker->core()->store()); 395 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 396 ASSERT_TRUE(broker->core()->store()->policy()); 397 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 398 broker->core()->store()->policy()->SerializeAsString()); 399 EXPECT_TRUE(expected_policy_map_.Equals( 400 broker->core()->store()->policy_map())); 401 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 402} 403 404TEST_F(DeviceLocalAccountPolicyServiceTest, FetchPolicy) { 405 InstallDeviceLocalAccountPolicy(kAccount1); 406 AddDeviceLocalAccountToPolicy(kAccount1); 407 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 408 InstallDevicePolicy(); 409 410 DeviceLocalAccountPolicyBroker* broker = 411 service_->GetBrokerForUser(account_1_user_id_); 412 ASSERT_TRUE(broker); 413 414 service_->Connect(&mock_device_management_service_); 415 EXPECT_TRUE(broker->core()->client()); 416 417 em::DeviceManagementRequest request; 418 em::DeviceManagementResponse response; 419 response.mutable_policy_response()->add_response()->CopyFrom( 420 device_local_account_policy_.policy()); 421 EXPECT_CALL(mock_device_management_service_, 422 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH, _)) 423 .WillOnce(mock_device_management_service_.SucceedJob(response)); 424 EXPECT_CALL(mock_device_management_service_, 425 StartJob(dm_protocol::kValueRequestPolicy, 426 std::string(), std::string(), 427 device_policy_.policy_data().request_token(), 428 dm_protocol::kValueUserAffiliationManaged, 429 device_policy_.policy_data().device_id(), 430 _)) 431 .WillOnce(SaveArg<6>(&request)); 432 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 433 broker->core()->client()->FetchPolicy(); 434 FlushDeviceSettings(); 435 Mock::VerifyAndClearExpectations(&service_observer_); 436 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 437 EXPECT_TRUE(request.has_policy_request()); 438 EXPECT_EQ(1, request.policy_request().request_size()); 439 EXPECT_EQ(dm_protocol::kChromePublicAccountPolicyType, 440 request.policy_request().request(0).policy_type()); 441 EXPECT_FALSE(request.policy_request().request(0).has_machine_id()); 442 EXPECT_EQ(kAccount1, 443 request.policy_request().request(0).settings_entity_id()); 444 445 ASSERT_TRUE(broker->core()->store()); 446 EXPECT_EQ(CloudPolicyStore::STATUS_OK, 447 broker->core()->store()->status()); 448 ASSERT_TRUE(broker->core()->store()->policy()); 449 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 450 broker->core()->store()->policy()->SerializeAsString()); 451 EXPECT_TRUE(expected_policy_map_.Equals( 452 broker->core()->store()->policy_map())); 453 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 454} 455 456TEST_F(DeviceLocalAccountPolicyServiceTest, RefreshPolicy) { 457 InstallDeviceLocalAccountPolicy(kAccount1); 458 AddDeviceLocalAccountToPolicy(kAccount1); 459 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 460 InstallDevicePolicy(); 461 462 DeviceLocalAccountPolicyBroker* broker = 463 service_->GetBrokerForUser(account_1_user_id_); 464 ASSERT_TRUE(broker); 465 466 service_->Connect(&mock_device_management_service_); 467 ASSERT_TRUE(broker->core()->service()); 468 469 em::DeviceManagementResponse response; 470 response.mutable_policy_response()->add_response()->CopyFrom( 471 device_local_account_policy_.policy()); 472 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _)) 473 .WillOnce(mock_device_management_service_.SucceedJob(response)); 474 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)); 475 EXPECT_CALL(*this, OnRefreshDone(true)).Times(1); 476 EXPECT_CALL(service_observer_, OnPolicyUpdated(account_1_user_id_)); 477 broker->core()->service()->RefreshPolicy( 478 base::Bind(&DeviceLocalAccountPolicyServiceTest::OnRefreshDone, 479 base::Unretained(this))); 480 FlushDeviceSettings(); 481 Mock::VerifyAndClearExpectations(&service_observer_); 482 Mock::VerifyAndClearExpectations(this); 483 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 484 485 ASSERT_TRUE(broker->core()->store()); 486 EXPECT_EQ(CloudPolicyStore::STATUS_OK, 487 broker->core()->store()->status()); 488 EXPECT_TRUE(expected_policy_map_.Equals( 489 broker->core()->store()->policy_map())); 490 EXPECT_TRUE(service_->IsPolicyAvailableForUser(account_1_user_id_)); 491} 492 493class DeviceLocalAccountPolicyExtensionCacheTest 494 : public DeviceLocalAccountPolicyServiceTestBase { 495 protected: 496 DeviceLocalAccountPolicyExtensionCacheTest(); 497 498 virtual void SetUp() OVERRIDE; 499 500 base::FilePath GetCacheDirectoryForAccountID(const std::string& account_id); 501 502 base::ScopedTempDir cache_root_dir_; 503 scoped_ptr<base::ScopedPathOverride> cache_root_dir_override_; 504 505 base::FilePath cache_dir_1_; 506 base::FilePath cache_dir_2_; 507 base::FilePath cache_dir_3_; 508 509 private: 510 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyExtensionCacheTest); 511}; 512 513DeviceLocalAccountPolicyExtensionCacheTest:: 514 DeviceLocalAccountPolicyExtensionCacheTest() { 515} 516 517void DeviceLocalAccountPolicyExtensionCacheTest::SetUp() { 518 DeviceLocalAccountPolicyServiceTestBase::SetUp(); 519 ASSERT_TRUE(cache_root_dir_.CreateUniqueTempDir()); 520 cache_root_dir_override_.reset(new base::ScopedPathOverride( 521 chromeos::DIR_DEVICE_LOCAL_ACCOUNT_EXTENSIONS, 522 cache_root_dir_.path())); 523 524 cache_dir_1_ = GetCacheDirectoryForAccountID(kAccount1); 525 cache_dir_2_ = GetCacheDirectoryForAccountID(kAccount2); 526 cache_dir_3_ = GetCacheDirectoryForAccountID(kAccount3); 527 528 em::StringList* forcelist = device_local_account_policy_.payload() 529 .mutable_extensioninstallforcelist()->mutable_value(); 530 forcelist->add_entries(base::StringPrintf("%s;%s", kExtensionID, kUpdateURL)); 531} 532 533base::FilePath DeviceLocalAccountPolicyExtensionCacheTest:: 534 GetCacheDirectoryForAccountID(const std::string& account_id) { 535 return cache_root_dir_.path().Append(base::HexEncode(account_id.c_str(), 536 account_id.size())); 537} 538 539// Verifies that during startup, orphaned cache directories are deleted, 540// cache directories belonging to an existing account are preserved and missing 541// cache directories are created. Also verifies that when startup is complete, 542// the caches for all existing accounts are running. 543TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, Startup) { 544 base::FilePath test_data_dir; 545 ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &test_data_dir)); 546 const base::FilePath source_crx_file = 547 test_data_dir.Append(kExtensionCRXPath); 548 const std::string target_crx_file_name = 549 base::StringPrintf("%s-%s.crx", kExtensionID, kExtensionVersion); 550 551 // Create and pre-populate a cache directory for account 1. 552 EXPECT_TRUE(base::CreateDirectory(cache_dir_1_)); 553 EXPECT_TRUE(CopyFile(source_crx_file, 554 cache_dir_1_.Append(target_crx_file_name))); 555 556 // Create and pre-populate a cache directory for account 3. 557 EXPECT_TRUE(base::CreateDirectory(cache_dir_3_)); 558 EXPECT_TRUE(CopyFile(source_crx_file, 559 cache_dir_3_.Append(target_crx_file_name))); 560 561 // Add accounts 1 and 2 to device policy. 562 InstallDeviceLocalAccountPolicy(kAccount1); 563 InstallDeviceLocalAccountPolicy(kAccount2); 564 AddDeviceLocalAccountToPolicy(kAccount1); 565 AddDeviceLocalAccountToPolicy(kAccount2); 566 InstallDevicePolicy(); 567 568 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 569 // deletion of orphaned cache directories. 570 CreatePolicyService(); 571 FlushDeviceSettings(); 572 extension_cache_task_runner_->RunUntilIdle(); 573 574 // Verify that the cache directory for account 1 and its contents still exist. 575 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_)); 576 EXPECT_TRUE(ContentsEqual(source_crx_file, 577 cache_dir_1_.Append(target_crx_file_name))); 578 579 // Verify that a cache directory for account 2 was created. 580 EXPECT_TRUE(base::DirectoryExists(cache_dir_2_)); 581 582 // Verify that the cache directory for account 3 was deleted. 583 EXPECT_FALSE(base::DirectoryExists(cache_dir_3_)); 584 585 // Verify that the cache for account 1 has been started. 586 DeviceLocalAccountPolicyBroker* broker = 587 service_->GetBrokerForUser(account_1_user_id_); 588 ASSERT_TRUE(broker); 589 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 590 591 // Verify that the cache for account 2 has been started. 592 broker = service_->GetBrokerForUser(account_2_user_id_); 593 ASSERT_TRUE(broker); 594 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 595} 596 597// Verifies that while the deletion of orphaned cache directories is in 598// progress, the caches for accounts which existed before the deletion started 599// are running but caches for newly added accounts are not started. 600TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstOrphanDeletion) { 601 // Add account 1 to device policy. 602 InstallDeviceLocalAccountPolicy(kAccount1); 603 AddDeviceLocalAccountToPolicy(kAccount1); 604 InstallDevicePolicy(); 605 606 // Create the DeviceLocalAccountPolicyService, triggering the deletion of 607 // orphaned cache directories. 608 CreatePolicyService(); 609 FlushDeviceSettings(); 610 611 // Verify that the cache for account 1 has been started as it is unaffected by 612 // the orphan deletion. 613 DeviceLocalAccountPolicyBroker* broker = 614 service_->GetBrokerForUser(account_1_user_id_); 615 ASSERT_TRUE(broker); 616 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 617 618 // Add account 2 to device policy. 619 InstallDeviceLocalAccountPolicy(kAccount2); 620 AddDeviceLocalAccountToPolicy(kAccount2); 621 InstallDevicePolicy(); 622 623 // Verify that the cache for account 2 has not been started yet as the orphan 624 // deletion is still in progress. 625 broker = service_->GetBrokerForUser(account_2_user_id_); 626 ASSERT_TRUE(broker); 627 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning()); 628 629 // Allow the orphan deletion to finish. 630 extension_cache_task_runner_->RunUntilIdle(); 631 base::RunLoop().RunUntilIdle(); 632 633 // Verify that the cache for account 2 has been started. 634 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 635} 636 637// Verifies that while the shutdown of a cache is in progress, no new cache is 638// started if an account with the same ID is re-added. 639TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RaceAgainstCacheShutdown) { 640 // Add account 1 to device policy. 641 InstallDeviceLocalAccountPolicy(kAccount1); 642 AddDeviceLocalAccountToPolicy(kAccount1); 643 InstallDevicePolicy(); 644 645 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 646 // deletion of orphaned cache directories. 647 CreatePolicyService(); 648 FlushDeviceSettings(); 649 extension_cache_task_runner_->RunUntilIdle(); 650 651 // Remove account 1 from device policy, triggering a shutdown of its cache. 652 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 653 InstallDevicePolicy(); 654 655 // Re-add account 1 to device policy. 656 AddDeviceLocalAccountToPolicy(kAccount1); 657 InstallDevicePolicy(); 658 659 // Verify that the cache for account 1 has not been started yet as the 660 // shutdown of a previous cache for this account ID is still in progress. 661 DeviceLocalAccountPolicyBroker* broker = 662 service_->GetBrokerForUser(account_1_user_id_); 663 ASSERT_TRUE(broker); 664 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning()); 665 666 // Allow the cache shutdown to finish. 667 extension_cache_task_runner_->RunUntilIdle(); 668 base::RunLoop().RunUntilIdle(); 669 670 // Verify that the cache directory for account 1 still exists. 671 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_)); 672 673 // Verify that the cache for account 1 has been started, reusing the existing 674 // cache directory. 675 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 676} 677 678// Verifies that while the deletion of an obsolete cache directory is in 679// progress, no new cache is started if an account with the same ID is re-added. 680TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, 681 RaceAgainstObsoleteDeletion) { 682 // Add account 1 to device policy. 683 InstallDeviceLocalAccountPolicy(kAccount1); 684 AddDeviceLocalAccountToPolicy(kAccount1); 685 InstallDevicePolicy(); 686 687 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 688 // deletion of orphaned cache directories. 689 CreatePolicyService(); 690 FlushDeviceSettings(); 691 extension_cache_task_runner_->RunUntilIdle(); 692 693 // Remove account 1 from device policy, allowing the shutdown of its cache to 694 // finish and the deletion of its now obsolete cache directory to begin. 695 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 696 InstallDevicePolicy(); 697 extension_cache_task_runner_->RunUntilIdle(); 698 base::RunLoop().RunUntilIdle(); 699 700 // Re-add account 1 to device policy. 701 AddDeviceLocalAccountToPolicy(kAccount1); 702 InstallDevicePolicy(); 703 704 // Verify that the cache for account 1 has not been started yet as the 705 // deletion of the cache directory for this account ID is still in progress. 706 DeviceLocalAccountPolicyBroker* broker = 707 service_->GetBrokerForUser(account_1_user_id_); 708 ASSERT_TRUE(broker); 709 EXPECT_FALSE(broker->extension_loader()->IsCacheRunning()); 710 711 // Allow the deletion to finish. 712 extension_cache_task_runner_->RunUntilIdle(); 713 base::RunLoop().RunUntilIdle(); 714 715 // Verify that the cache directory for account 1 was deleted. 716 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_)); 717 718 // Verify that the cache for account 1 has been started. 719 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 720} 721 722// Verifies that when an account is added and no deletion of cache directories 723// affecting this account is in progress, its cache is started immediately. 724TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, AddAccount) { 725 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 726 // deletion of orphaned cache directories. 727 InstallDevicePolicy(); 728 CreatePolicyService(); 729 FlushDeviceSettings(); 730 extension_cache_task_runner_->RunUntilIdle(); 731 732 // Add account 1 to device policy. 733 InstallDeviceLocalAccountPolicy(kAccount1); 734 AddDeviceLocalAccountToPolicy(kAccount1); 735 InstallDevicePolicy(); 736 737 // Verify that the cache for account 1 has been started. 738 DeviceLocalAccountPolicyBroker* broker = 739 service_->GetBrokerForUser(account_1_user_id_); 740 ASSERT_TRUE(broker); 741 EXPECT_TRUE(broker->extension_loader()->IsCacheRunning()); 742} 743 744// Verifies that when an account is removed, its cache directory is deleted. 745TEST_F(DeviceLocalAccountPolicyExtensionCacheTest, RemoveAccount) { 746 // Add account 1 to device policy. 747 InstallDeviceLocalAccountPolicy(kAccount1); 748 AddDeviceLocalAccountToPolicy(kAccount1); 749 InstallDevicePolicy(); 750 751 // Create the DeviceLocalAccountPolicyService, allowing it to finish the 752 // deletion of orphaned cache directories. 753 CreatePolicyService(); 754 FlushDeviceSettings(); 755 extension_cache_task_runner_->RunUntilIdle(); 756 757 // Verify that a cache directory has been created for account 1. 758 EXPECT_TRUE(base::DirectoryExists(cache_dir_1_)); 759 760 // Remove account 1 from device policy, allowing the deletion of its now 761 // obsolete cache directory to finish. 762 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 763 InstallDevicePolicy(); 764 extension_cache_task_runner_->RunUntilIdle(); 765 base::RunLoop().RunUntilIdle(); 766 extension_cache_task_runner_->RunUntilIdle(); 767 768 // Verify that the cache directory for account 1 was deleted. 769 EXPECT_FALSE(base::DirectoryExists(cache_dir_1_)); 770} 771 772class DeviceLocalAccountPolicyProviderTest 773 : public DeviceLocalAccountPolicyServiceTestBase { 774 protected: 775 DeviceLocalAccountPolicyProviderTest(); 776 777 virtual void SetUp() OVERRIDE; 778 virtual void TearDown() OVERRIDE; 779 780 SchemaRegistry schema_registry_; 781 scoped_ptr<DeviceLocalAccountPolicyProvider> provider_; 782 MockConfigurationPolicyObserver provider_observer_; 783 784 private: 785 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyProviderTest); 786}; 787 788DeviceLocalAccountPolicyProviderTest::DeviceLocalAccountPolicyProviderTest() { 789 CreatePolicyService(); 790 provider_.reset(new DeviceLocalAccountPolicyProvider( 791 GenerateDeviceLocalAccountUserId(kAccount1, 792 DeviceLocalAccount::TYPE_PUBLIC_SESSION), 793 service_.get())); 794} 795 796void DeviceLocalAccountPolicyProviderTest::SetUp() { 797 DeviceLocalAccountPolicyServiceTestBase::SetUp(); 798 provider_->Init(&schema_registry_); 799 provider_->AddObserver(&provider_observer_); 800} 801 802void DeviceLocalAccountPolicyProviderTest::TearDown() { 803 provider_->RemoveObserver(&provider_observer_); 804 provider_->Shutdown(); 805 provider_.reset(); 806 DeviceLocalAccountPolicyServiceTestBase::TearDown(); 807} 808 809TEST_F(DeviceLocalAccountPolicyProviderTest, Initialization) { 810 EXPECT_FALSE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); 811 812 // Policy change should complete initialization. 813 InstallDeviceLocalAccountPolicy(kAccount1); 814 AddDeviceLocalAccountToPolicy(kAccount1); 815 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 816 .Times(AtLeast(1)); 817 InstallDevicePolicy(); 818 Mock::VerifyAndClearExpectations(&provider_observer_); 819 820 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); 821 822 // The account disappearing should *not* flip the initialization flag back. 823 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 824 .Times(AnyNumber()); 825 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 826 InstallDevicePolicy(); 827 Mock::VerifyAndClearExpectations(&provider_observer_); 828 829 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); 830} 831 832TEST_F(DeviceLocalAccountPolicyProviderTest, Policy) { 833 // Policy should load successfully. 834 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 835 .Times(AtLeast(1)); 836 InstallDeviceLocalAccountPolicy(kAccount1); 837 AddDeviceLocalAccountToPolicy(kAccount1); 838 InstallDevicePolicy(); 839 Mock::VerifyAndClearExpectations(&provider_observer_); 840 841 PolicyBundle expected_policy_bundle; 842 expected_policy_bundle.Get(PolicyNamespace( 843 POLICY_DOMAIN_CHROME, std::string())).CopyFrom(expected_policy_map_); 844 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies())); 845 846 // Policy change should be reported. 847 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 848 .Times(AtLeast(1)); 849 device_local_account_policy_.payload().mutable_disablespdy()->set_value( 850 false); 851 InstallDeviceLocalAccountPolicy(kAccount1); 852 DeviceLocalAccountPolicyBroker* broker = 853 service_->GetBrokerForUser(account_1_user_id_); 854 ASSERT_TRUE(broker); 855 broker->core()->store()->Load(); 856 FlushDeviceSettings(); 857 Mock::VerifyAndClearExpectations(&provider_observer_); 858 859 expected_policy_bundle.Get( 860 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())) 861 .Set(key::kDisableSpdy, 862 POLICY_LEVEL_MANDATORY, 863 POLICY_SCOPE_USER, 864 Value::CreateBooleanValue(false), 865 NULL); 866 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies())); 867 868 // Any values set for the |ShelfAutoHideBehavior|, |ShowLogoutButtonInTray| 869 // and |ExtensionAllowedTypes| policies should be overridden. 870 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 871 .Times(AtLeast(1)); 872 device_local_account_policy_.payload().mutable_shelfautohidebehavior()-> 873 set_value("Always"); 874 device_local_account_policy_.payload().mutable_showlogoutbuttonintray()-> 875 set_value(false); 876 InstallDeviceLocalAccountPolicy(kAccount1); 877 broker->core()->store()->Load(); 878 FlushDeviceSettings(); 879 Mock::VerifyAndClearExpectations(&provider_observer_); 880 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies())); 881 882 // Account disappears, policy should stay in effect. 883 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 884 .Times(AnyNumber()); 885 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 886 InstallDevicePolicy(); 887 Mock::VerifyAndClearExpectations(&provider_observer_); 888 889 EXPECT_TRUE(expected_policy_bundle.Equals(provider_->policies())); 890} 891 892TEST_F(DeviceLocalAccountPolicyProviderTest, RefreshPolicies) { 893 // If there's no device policy, the refresh completes immediately. 894 EXPECT_FALSE(service_->GetBrokerForUser(account_1_user_id_)); 895 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 896 .Times(AtLeast(1)); 897 provider_->RefreshPolicies(); 898 Mock::VerifyAndClearExpectations(&provider_observer_); 899 900 // Make device settings appear. 901 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 902 .Times(AnyNumber()); 903 AddDeviceLocalAccountToPolicy(kAccount1); 904 InstallDevicePolicy(); 905 EXPECT_TRUE(service_->GetBrokerForUser(account_1_user_id_)); 906 907 // If there's no cloud connection, refreshes are still immediate. 908 DeviceLocalAccountPolicyBroker* broker = 909 service_->GetBrokerForUser(account_1_user_id_); 910 ASSERT_TRUE(broker); 911 EXPECT_FALSE(broker->core()->client()); 912 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 913 .Times(AtLeast(1)); 914 provider_->RefreshPolicies(); 915 Mock::VerifyAndClearExpectations(&provider_observer_); 916 917 // Bring up the cloud connection. The refresh scheduler may fire refreshes at 918 // this point which are not relevant for the test. 919 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _)) 920 .WillRepeatedly( 921 mock_device_management_service_.FailJob(DM_STATUS_REQUEST_FAILED)); 922 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)) 923 .Times(AnyNumber()); 924 service_->Connect(&mock_device_management_service_); 925 FlushDeviceSettings(); 926 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 927 928 // No callbacks until the refresh completes. 929 EXPECT_CALL(provider_observer_, OnUpdatePolicy(_)).Times(0); 930 MockDeviceManagementJob* request_job; 931 EXPECT_CALL(mock_device_management_service_, CreateJob(_, _)) 932 .WillOnce(mock_device_management_service_.CreateAsyncJob(&request_job)); 933 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)); 934 provider_->RefreshPolicies(); 935 ReloadDeviceSettings(); 936 Mock::VerifyAndClearExpectations(&provider_observer_); 937 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 938 EXPECT_TRUE(provider_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); 939 940 // When the response comes in, it should propagate and fire the notification. 941 EXPECT_CALL(provider_observer_, OnUpdatePolicy(provider_.get())) 942 .Times(AtLeast(1)); 943 ASSERT_TRUE(request_job); 944 em::DeviceManagementResponse response; 945 device_local_account_policy_.Build(); 946 response.mutable_policy_response()->add_response()->CopyFrom( 947 device_local_account_policy_.policy()); 948 request_job->SendResponse(DM_STATUS_SUCCESS, response); 949 FlushDeviceSettings(); 950 Mock::VerifyAndClearExpectations(&provider_observer_); 951} 952 953} // namespace policy 954