device_oauth2_token_service_unittest.cc revision 9ab5563a3196760eb381d102cbb2bc0f7abc6a50
1c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved. 2c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)// found in the LICENSE file. 4c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 5c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/browser/chromeos/settings/device_oauth2_token_service.h" 6c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 79ab5563a3196760eb381d102cbb2bc0f7abc6a50Ben Murdoch#include "base/message_loop/message_loop.h" 8c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "base/prefs/testing_pref_service.h" 9eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "base/run_loop.h" 10eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "chrome/browser/signin/oauth2_token_service_test_util.h" 11eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "chrome/common/pref_names.h" 12c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/test/base/scoped_testing_local_state.h" 13c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chrome/test/base/testing_browser_process.h" 14c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "chromeos/cryptohome/mock_cryptohome_library.h" 15c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "content/public/browser/browser_thread.h" 16c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "content/public/test/test_browser_thread.h" 17eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "google_apis/gaia/gaia_oauth_client.h" 18eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "net/http/http_status_code.h" 19eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "net/url_request/test_url_fetcher_factory.h" 20eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "net/url_request/url_fetcher_delegate.h" 21c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/url_request/url_request_test_util.h" 22c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "testing/gmock/include/gmock/gmock.h" 23c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "testing/gtest/include/gtest/gtest.h" 24c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 25c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)using ::testing::_; 26c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)using ::testing::AnyNumber; 27c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)using ::testing::Return; 28c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)using ::testing::StrEq; 29c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)using ::testing::StrictMock; 30c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 31c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)namespace chromeos { 32c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 33eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochstatic const int kOAuthTokenServiceUrlFetcherId = 0; 34eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochstatic const int kValidatorUrlFetcherId = gaia::GaiaOAuthClient::kUrlFetcherId; 35eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 36eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochclass TestDeviceOAuth2TokenService : public DeviceOAuth2TokenService { 37eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch public: 38eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch explicit TestDeviceOAuth2TokenService(net::URLRequestContextGetter* getter, 39eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch PrefService* local_state) 40eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch : DeviceOAuth2TokenService(getter, local_state) { 41eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch } 42eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch void SetRobotAccountIdPolicyValue(const std::string& id) { 43eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch robot_account_id_ = id; 44eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch } 45eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 46eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch protected: 47eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Skip calling into the policy subsystem and return our test value. 48eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch virtual std::string GetRobotAccountId() OVERRIDE { 49eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch return robot_account_id_; 50eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch } 51eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 52eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch private: 53eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch std::string robot_account_id_; 54eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch DISALLOW_COPY_AND_ASSIGN(TestDeviceOAuth2TokenService); 55eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch}; 56eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 57c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)class DeviceOAuth2TokenServiceTest : public testing::Test { 58c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) public: 59c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DeviceOAuth2TokenServiceTest() 60c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) : ui_thread_(content::BrowserThread::UI, &message_loop_), 61eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_testing_local_state_(TestingBrowserProcess::GetGlobal()), 62eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch request_context_getter_(new net::TestURLRequestContextGetter( 63eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch message_loop_.message_loop_proxy())), 647dbb3d5cf0c15f500944d211057644d6a2f37371Ben Murdoch oauth2_service_(request_context_getter_.get(), 65eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_testing_local_state_.Get()) { 66eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch oauth2_service_.max_refresh_token_validation_retries_ = 0; 67eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch oauth2_service_.set_max_authorization_token_fetch_retries_for_testing(0); 68eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch } 69c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) virtual ~DeviceOAuth2TokenServiceTest() {} 70c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 71eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Most tests just want a noop crypto impl with a dummy refresh token value in 72eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Local State (if the value is an empty string, it will be ignored). 73eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch void SetUpDefaultValues() { 74eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch cryptohome_library_.reset(chromeos::CryptohomeLibrary::GetTestImpl()); 75eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch chromeos::CryptohomeLibrary::SetForTest(cryptohome_library_.get()); 76eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch SetDeviceRefreshTokenInLocalState("device_refresh_token_4_test"); 77eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch oauth2_service_.SetRobotAccountIdPolicyValue("service_acct@g.com"); 78eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch AssertConsumerTokensAndErrors(0, 0); 79eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch } 80eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 81eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_ptr<OAuth2TokenService::Request> StartTokenRequest() { 82eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch return oauth2_service_.StartRequest(std::set<std::string>(), &consumer_); 83c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 84c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 85c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) virtual void TearDown() OVERRIDE { 86eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch CryptohomeLibrary::SetForTest(NULL); 87eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch base::RunLoop().RunUntilIdle(); 88eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch } 89eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 90eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Utility method to set a value in Local State for the device refresh token 91eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // (it must have a non-empty value or it won't be used). 92eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch void SetDeviceRefreshTokenInLocalState(const std::string& refresh_token) { 93eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_testing_local_state_.Get()->SetManagedPref( 94eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch prefs::kDeviceRobotAnyApiRefreshToken, 95eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch Value::CreateStringValue(refresh_token)); 96c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) } 97c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 98eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch std::string GetValidTokenInfoResponse(const std::string email) { 99eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch return "{ \"email\": \"" + email + "\"," 100eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch " \"user_id\": \"1234567890\" }"; 101eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch } 102eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 103eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // A utility method to return fake URL results, for testing the refresh token 104eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // validation logic. For a successful validation attempt, this method will be 105eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // called three times for the steps listed below (steps 1 and 2 happen in 106eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // parallel). 107eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // 108eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Step 1a: fetch the access token for the tokeninfo API. 109eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Step 1b: call the tokeninfo API. 110eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Step 2: Fetch the access token for the requested scope 111eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // (in this case, cloudprint). 112eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch void ReturnOAuthUrlFetchResults(int fetcher_id, 113eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HttpStatusCode response_code, 114eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const std::string& response_string); 115eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 116eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch void AssertConsumerTokensAndErrors(int num_tokens, int num_errors); 117eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 118c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) protected: 11990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) base::MessageLoop message_loop_; 120c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) content::TestBrowserThread ui_thread_; 121c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) ScopedTestingLocalState scoped_testing_local_state_; 122eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_refptr<net::TestURLRequestContextGetter> request_context_getter_; 123eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::TestURLFetcherFactory factory_; 124eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch TestDeviceOAuth2TokenService oauth2_service_; 125eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch TestingOAuth2TokenServiceConsumer consumer_; 126eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_ptr<chromeos::CryptohomeLibrary> cryptohome_library_; 127eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 128c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)}; 129c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 130eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochvoid DeviceOAuth2TokenServiceTest::ReturnOAuthUrlFetchResults( 131eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch int fetcher_id, 132eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HttpStatusCode response_code, 133eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const std::string& response_string) { 134eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 135eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::TestURLFetcher* fetcher = factory_.GetFetcherByID(fetcher_id); 136eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ASSERT_TRUE(fetcher); 137eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch fetcher->set_response_code(response_code); 138eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch fetcher->SetResponseString(response_string); 139eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch fetcher->delegate()->OnURLFetchComplete(fetcher); 140eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 141eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 142eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochvoid DeviceOAuth2TokenServiceTest::AssertConsumerTokensAndErrors( 143eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch int num_tokens, 144eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch int num_errors) { 145eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ASSERT_EQ(num_tokens, consumer_.number_of_successful_tokens_); 146eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ASSERT_EQ(num_errors, consumer_.number_of_errors_); 147eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 148eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 149c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)TEST_F(DeviceOAuth2TokenServiceTest, SaveEncryptedToken) { 150c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) StrictMock<MockCryptohomeLibrary> mock_cryptohome_library; 151c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) CryptohomeLibrary::SetForTest(&mock_cryptohome_library); 152c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 153c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_CALL(mock_cryptohome_library, DecryptWithSystemSalt(StrEq(""))) 154c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) .Times(1) 155c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) .WillOnce(Return("")); 156c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_CALL(mock_cryptohome_library, 157c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EncryptWithSystemSalt(StrEq("test-token"))) 158c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) .Times(1) 159c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) .WillOnce(Return("encrypted")); 160c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) EXPECT_CALL(mock_cryptohome_library, 161c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) DecryptWithSystemSalt(StrEq("encrypted"))) 162c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) .Times(1) 163c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) .WillOnce(Return("test-token")); 164c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 165eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ASSERT_EQ("", oauth2_service_.GetRefreshToken()); 166eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch oauth2_service_.SetAndSaveRefreshToken("test-token"); 167eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ASSERT_EQ("test-token", oauth2_service_.GetRefreshToken()); 168c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 169c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) // This call won't invoke decrypt again, since the value is cached. 170eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ASSERT_EQ("test-token", oauth2_service_.GetRefreshToken()); 171eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 172eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 173eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen MurdochTEST_F(DeviceOAuth2TokenServiceTest, RefreshTokenValidation_Success) { 174eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch SetUpDefaultValues(); 175eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_ptr<OAuth2TokenService::Request> request = StartTokenRequest(); 176eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 177eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 178eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 179eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 180eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenResponse("tokeninfo_access_token", 3600)); 181eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 182eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 183eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 184eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 185eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenInfoResponse("service_acct@g.com")); 186eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 187eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 188eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kOAuthTokenServiceUrlFetcherId, 189eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 190eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenResponse("scoped_access_token", 3600)); 191eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 192eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch AssertConsumerTokensAndErrors(1, 0); 193eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 194eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch EXPECT_EQ("scoped_access_token", consumer_.last_token_); 195eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 196eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 197eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen MurdochTEST_F(DeviceOAuth2TokenServiceTest, 198eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch RefreshTokenValidation_Failure_TokenInfoAccessTokenHttpError) { 199eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch SetUpDefaultValues(); 200eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_ptr<OAuth2TokenService::Request> request = StartTokenRequest(); 201eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 202eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 203eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 204eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_UNAUTHORIZED, 205eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ""); 206eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 207eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // TokenInfo API call skipped (error returned in previous step). 208eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 209eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // CloudPrint access token fetch is successful, but consumer still given error 210eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // due to bad refresh token. 211eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 212eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kOAuthTokenServiceUrlFetcherId, 213eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 214eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenResponse("ignored_scoped_access_token", 3600)); 215eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 216eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch AssertConsumerTokensAndErrors(0, 1); 217eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 218eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 219eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen MurdochTEST_F(DeviceOAuth2TokenServiceTest, 220eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch RefreshTokenValidation_Failure_TokenInfoAccessTokenInvalidResponse) { 221eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch SetUpDefaultValues(); 222eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_ptr<OAuth2TokenService::Request> request = StartTokenRequest(); 223eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 224eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 225eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 226eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 227eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch "invalid response"); 228eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 229eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // TokenInfo API call skipped (error returned in previous step). 230eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 231eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 232eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kOAuthTokenServiceUrlFetcherId, 233eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 234eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenResponse("ignored_scoped_access_token", 3600)); 235eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 236eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // CloudPrint access token fetch is successful, but consumer still given error 237eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // due to bad refresh token. 238eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch AssertConsumerTokensAndErrors(0, 1); 239eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 240eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 241eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen MurdochTEST_F(DeviceOAuth2TokenServiceTest, 242eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch RefreshTokenValidation_Failure_TokenInfoApiCallHttpError) { 243eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch SetUpDefaultValues(); 244eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_ptr<OAuth2TokenService::Request> request = StartTokenRequest(); 245eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 246eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 247eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 248eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 249eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenResponse("tokeninfo_access_token", 3600)); 250eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 251eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 252eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 253eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_INTERNAL_SERVER_ERROR, 254eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ""); 255eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 256eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 257eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kOAuthTokenServiceUrlFetcherId, 258eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 259eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenResponse("ignored_scoped_access_token", 3600)); 260eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 261eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // CloudPrint access token fetch is successful, but consumer still given error 262eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // due to bad refresh token. 263eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch AssertConsumerTokensAndErrors(0, 1); 264eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 265eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 266eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen MurdochTEST_F(DeviceOAuth2TokenServiceTest, 267eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch RefreshTokenValidation_Failure_TokenInfoApiCallInvalidResponse) { 268eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch SetUpDefaultValues(); 269eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_ptr<OAuth2TokenService::Request> request = StartTokenRequest(); 270eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 271eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 272eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 273eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 274eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenResponse("tokeninfo_access_token", 3600)); 275eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 276eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 277eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 278eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 279eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch "invalid response"); 280eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 281eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 282eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kOAuthTokenServiceUrlFetcherId, 283eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 284eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenResponse("ignored_scoped_access_token", 3600)); 285eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 286eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // CloudPrint access token fetch is successful, but consumer still given error 287eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // due to bad refresh token. 288eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch AssertConsumerTokensAndErrors(0, 1); 289eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 290eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 291eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen MurdochTEST_F(DeviceOAuth2TokenServiceTest, 292eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch RefreshTokenValidation_Failure_CloudPrintAccessTokenHttpError) { 293eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch SetUpDefaultValues(); 294eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_ptr<OAuth2TokenService::Request> request = StartTokenRequest(); 295eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 296eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 297eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 298eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 299eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenResponse("tokeninfo_access_token", 3600)); 300eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 301eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 302eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 303eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 304eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenInfoResponse("service_acct@g.com")); 305eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 306eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 307eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kOAuthTokenServiceUrlFetcherId, 308eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_BAD_REQUEST, 309eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ""); 310eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 311eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch AssertConsumerTokensAndErrors(0, 1); 312eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 313eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 314eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen MurdochTEST_F(DeviceOAuth2TokenServiceTest, 315eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch RefreshTokenValidation_Failure_CloudPrintAccessTokenInvalidResponse) { 316eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch SetUpDefaultValues(); 317eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_ptr<OAuth2TokenService::Request> request = StartTokenRequest(); 318eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 319eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 320eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 321eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 322eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenResponse("tokeninfo_access_token", 3600)); 323eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 324eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 325eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 326eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 327eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenInfoResponse("service_acct@g.com")); 328eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 329eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 330eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kOAuthTokenServiceUrlFetcherId, 331eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 332eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch "invalid request"); 333eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 334eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch AssertConsumerTokensAndErrors(0, 1); 335eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} 336eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 337eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen MurdochTEST_F(DeviceOAuth2TokenServiceTest, RefreshTokenValidation_Failure_BadOwner) { 338eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch SetUpDefaultValues(); 339eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_ptr<OAuth2TokenService::Request> request = StartTokenRequest(); 340eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 341eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch oauth2_service_.SetRobotAccountIdPolicyValue("WRONG_service_acct@g.com"); 342eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 343eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // The requested token comes in before any of the validation calls complete, 344eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // but the consumer still gets an error, since the results don't get returned 345eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // until validation is over. 346eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 347eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kOAuthTokenServiceUrlFetcherId, 348eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 349eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenResponse("ignored_scoped_access_token", 3600)); 350eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch AssertConsumerTokensAndErrors(0, 0); 351eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 352eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 353eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 354eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 355eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenResponse("tokeninfo_access_token", 3600)); 356eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch AssertConsumerTokensAndErrors(0, 0); 357eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 358eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch ReturnOAuthUrlFetchResults( 359eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch kValidatorUrlFetcherId, 360eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch net::HTTP_OK, 361eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch GetValidTokenInfoResponse("service_acct@g.com")); 362eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 363eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // All fetches were successful, but consumer still given error since 364eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // the token owner doesn't match the policy value. 365eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch AssertConsumerTokensAndErrors(0, 1); 366c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} 367c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles) 368c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)} // namespace chromeos 369