1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include <string>
6
7#include "base/compiler_specific.h"
8#include "base/memory/scoped_ptr.h"
9#include "base/message_loop/message_loop.h"
10#include "base/values.h"
11#include "chrome/browser/chrome_notification_types.h"
12#include "chrome/browser/extensions/active_tab_permission_granter.h"
13#include "chrome/browser/extensions/tab_helper.h"
14#include "chrome/browser/profiles/profile.h"
15#include "chrome/browser/sessions/session_tab_helper.h"
16#include "chrome/common/extensions/features/feature_channel.h"
17#include "chrome/test/base/chrome_render_view_host_test_harness.h"
18#include "content/public/browser/browser_thread.h"
19#include "content/public/browser/navigation_details.h"
20#include "content/public/browser/navigation_entry.h"
21#include "content/public/browser/notification_service.h"
22#include "content/public/browser/notification_types.h"
23#include "content/public/browser/web_contents.h"
24#include "content/public/common/frame_navigate_params.h"
25#include "content/public/test/test_browser_thread.h"
26#include "extensions/browser/extension_registry.h"
27#include "extensions/common/extension.h"
28#include "extensions/common/extension_builder.h"
29#include "extensions/common/features/feature.h"
30#include "extensions/common/permissions/permissions_data.h"
31#include "extensions/common/value_builder.h"
32
33using base::DictionaryValue;
34using base::ListValue;
35using content::BrowserThread;
36using content::NavigationController;
37
38namespace extensions {
39namespace {
40
41scoped_refptr<const Extension> CreateTestExtension(
42    const std::string& id,
43    bool has_active_tab_permission,
44    bool has_tab_capture_permission) {
45  ListBuilder permissions;
46  if (has_active_tab_permission)
47    permissions.Append("activeTab");
48  if (has_tab_capture_permission)
49    permissions.Append("tabCapture");
50  return ExtensionBuilder()
51      .SetManifest(DictionaryBuilder()
52          .Set("name", "Extension with ID " + id)
53          .Set("version", "1.0")
54          .Set("manifest_version", 2)
55          .Set("permissions", permissions))
56      .SetID(id)
57      .Build();
58}
59
60enum PermittedFeature {
61  PERMITTED_NONE,
62  PERMITTED_SCRIPT_ONLY,
63  PERMITTED_CAPTURE_ONLY,
64  PERMITTED_BOTH
65};
66
67class ActiveTabTest : public ChromeRenderViewHostTestHarness {
68 protected:
69  ActiveTabTest()
70      : current_channel(chrome::VersionInfo::CHANNEL_DEV),
71        extension(CreateTestExtension("deadbeef", true, false)),
72        another_extension(CreateTestExtension("feedbeef", true, false)),
73        extension_without_active_tab(CreateTestExtension("badbeef",
74                                                         false,
75                                                         false)),
76        extension_with_tab_capture(CreateTestExtension("cafebeef",
77                                                       true,
78                                                       true)) {}
79
80  virtual void SetUp() OVERRIDE {
81    ChromeRenderViewHostTestHarness::SetUp();
82    TabHelper::CreateForWebContents(web_contents());
83  }
84
85  int tab_id() {
86    return SessionTabHelper::IdForTab(web_contents());
87  }
88
89  ActiveTabPermissionGranter* active_tab_permission_granter() {
90    return extensions::TabHelper::FromWebContents(web_contents())->
91        active_tab_permission_granter();
92  }
93
94  bool IsAllowed(const scoped_refptr<const Extension>& extension,
95                 const GURL& url) {
96    return IsAllowed(extension, url, PERMITTED_BOTH, tab_id());
97  }
98
99  bool IsAllowed(const scoped_refptr<const Extension>& extension,
100                 const GURL& url,
101                 PermittedFeature feature) {
102    return IsAllowed(extension, url, feature, tab_id());
103  }
104
105  bool IsAllowed(const scoped_refptr<const Extension>& extension,
106                 const GURL& url,
107                 PermittedFeature feature,
108                 int tab_id) {
109    const PermissionsData* permissions_data = extension->permissions_data();
110    bool script = permissions_data->CanAccessPage(
111        extension.get(), url, url, tab_id, -1, NULL);
112    bool capture = HasTabsPermission(extension, tab_id) &&
113                   permissions_data->CanCaptureVisiblePage(tab_id, NULL);
114    switch (feature) {
115      case PERMITTED_SCRIPT_ONLY:
116        return script && !capture;
117      case PERMITTED_CAPTURE_ONLY:
118        return capture && !script;
119      case PERMITTED_BOTH:
120        return script && capture;
121      case PERMITTED_NONE:
122        return !script && !capture;
123    }
124    NOTREACHED();
125    return false;
126  }
127
128  bool IsBlocked(const scoped_refptr<const Extension>& extension,
129                 const GURL& url) {
130    return IsBlocked(extension, url, tab_id());
131  }
132
133  bool IsBlocked(const scoped_refptr<const Extension>& extension,
134                 const GURL& url,
135                 int tab_id) {
136    return IsAllowed(extension, url, PERMITTED_NONE, tab_id);
137  }
138
139  bool HasTabsPermission(const scoped_refptr<const Extension>& extension) {
140    return HasTabsPermission(extension, tab_id());
141  }
142
143  bool HasTabsPermission(const scoped_refptr<const Extension>& extension,
144                         int tab_id) {
145    return extension->permissions_data()->HasAPIPermissionForTab(
146        tab_id, APIPermission::kTab);
147  }
148
149  bool IsGrantedForTab(const Extension* extension,
150                       const content::WebContents* web_contents) {
151    return extension->permissions_data()->HasAPIPermissionForTab(
152        SessionTabHelper::IdForTab(web_contents), APIPermission::kTab);
153  }
154
155  // TODO(justinlin): Remove when tabCapture is moved to stable.
156  ScopedCurrentChannel current_channel;
157
158  // An extension with the activeTab permission.
159  scoped_refptr<const Extension> extension;
160
161  // Another extension with activeTab (for good measure).
162  scoped_refptr<const Extension> another_extension;
163
164  // An extension without the activeTab permission.
165  scoped_refptr<const Extension> extension_without_active_tab;
166
167  // An extension with both the activeTab and tabCapture permission.
168  scoped_refptr<const Extension> extension_with_tab_capture;
169};
170
171TEST_F(ActiveTabTest, GrantToSinglePage) {
172  GURL google("http://www.google.com");
173  NavigateAndCommit(google);
174
175  // No access unless it's been granted.
176  EXPECT_TRUE(IsBlocked(extension, google));
177  EXPECT_TRUE(IsBlocked(another_extension, google));
178  EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
179
180  EXPECT_FALSE(HasTabsPermission(extension));
181  EXPECT_FALSE(HasTabsPermission(another_extension));
182  EXPECT_FALSE(HasTabsPermission(extension_without_active_tab));
183
184  active_tab_permission_granter()->GrantIfRequested(extension.get());
185  active_tab_permission_granter()->GrantIfRequested(
186      extension_without_active_tab.get());
187
188  // Granted to extension and extension_without_active_tab, but the latter
189  // doesn't have the activeTab permission so not granted.
190  EXPECT_TRUE(IsAllowed(extension, google));
191  EXPECT_TRUE(IsBlocked(another_extension, google));
192  EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
193
194  // Other subdomains shouldn't be given access.
195  GURL mail_google("http://mail.google.com");
196  EXPECT_TRUE(IsAllowed(extension, mail_google, PERMITTED_CAPTURE_ONLY));
197  EXPECT_TRUE(IsBlocked(another_extension, mail_google));
198  EXPECT_TRUE(IsBlocked(extension_without_active_tab, mail_google));
199
200  // Reloading the page should clear the active permissions.
201  Reload();
202
203  EXPECT_TRUE(IsBlocked(extension, google));
204  EXPECT_TRUE(IsBlocked(another_extension, google));
205  EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
206
207  EXPECT_FALSE(HasTabsPermission(extension));
208  EXPECT_FALSE(HasTabsPermission(another_extension));
209  EXPECT_FALSE(HasTabsPermission(extension_without_active_tab));
210
211  // But they should still be able to be granted again.
212  active_tab_permission_granter()->GrantIfRequested(extension.get());
213
214  EXPECT_TRUE(IsAllowed(extension, google));
215  EXPECT_TRUE(IsBlocked(another_extension, google));
216  EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
217
218  // And grant a few more times redundantly for good measure.
219  active_tab_permission_granter()->GrantIfRequested(extension.get());
220  active_tab_permission_granter()->GrantIfRequested(extension.get());
221  active_tab_permission_granter()->GrantIfRequested(another_extension.get());
222  active_tab_permission_granter()->GrantIfRequested(another_extension.get());
223  active_tab_permission_granter()->GrantIfRequested(another_extension.get());
224  active_tab_permission_granter()->GrantIfRequested(extension.get());
225  active_tab_permission_granter()->GrantIfRequested(extension.get());
226  active_tab_permission_granter()->GrantIfRequested(another_extension.get());
227  active_tab_permission_granter()->GrantIfRequested(another_extension.get());
228
229  EXPECT_TRUE(IsAllowed(extension, google));
230  EXPECT_TRUE(IsAllowed(another_extension, google));
231  EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
232
233  // Navigating to a new URL should clear the active permissions.
234  GURL chromium("http://www.chromium.org");
235  NavigateAndCommit(chromium);
236
237  EXPECT_TRUE(IsBlocked(extension, google));
238  EXPECT_TRUE(IsBlocked(another_extension, google));
239  EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
240
241  EXPECT_TRUE(IsBlocked(extension, chromium));
242  EXPECT_TRUE(IsBlocked(another_extension, chromium));
243  EXPECT_TRUE(IsBlocked(extension_without_active_tab, chromium));
244
245  EXPECT_FALSE(HasTabsPermission(extension));
246  EXPECT_FALSE(HasTabsPermission(another_extension));
247  EXPECT_FALSE(HasTabsPermission(extension_without_active_tab));
248
249  // Should be able to grant to multiple extensions at the same time (if they
250  // have the activeTab permission, of course).
251  active_tab_permission_granter()->GrantIfRequested(extension.get());
252  active_tab_permission_granter()->GrantIfRequested(another_extension.get());
253  active_tab_permission_granter()->GrantIfRequested(
254      extension_without_active_tab.get());
255
256  EXPECT_TRUE(IsAllowed(extension, google, PERMITTED_CAPTURE_ONLY));
257  EXPECT_TRUE(IsAllowed(another_extension, google, PERMITTED_CAPTURE_ONLY));
258  EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
259
260  EXPECT_TRUE(IsAllowed(extension, chromium));
261  EXPECT_TRUE(IsAllowed(another_extension, chromium));
262  EXPECT_TRUE(IsBlocked(extension_without_active_tab, chromium));
263
264  // Should be able to go back to URLs that were previously cleared.
265  NavigateAndCommit(google);
266
267  active_tab_permission_granter()->GrantIfRequested(extension.get());
268  active_tab_permission_granter()->GrantIfRequested(another_extension.get());
269  active_tab_permission_granter()->GrantIfRequested(
270      extension_without_active_tab.get());
271
272  EXPECT_TRUE(IsAllowed(extension, google));
273  EXPECT_TRUE(IsAllowed(another_extension, google));
274  EXPECT_TRUE(IsBlocked(extension_without_active_tab, google));
275
276  EXPECT_TRUE(IsAllowed(extension, chromium, PERMITTED_CAPTURE_ONLY));
277  EXPECT_TRUE(IsAllowed(another_extension, chromium, PERMITTED_CAPTURE_ONLY));
278  EXPECT_TRUE(IsBlocked(extension_without_active_tab, chromium));
279};
280
281TEST_F(ActiveTabTest, Uninstalling) {
282  // Some semi-arbitrary setup.
283  GURL google("http://www.google.com");
284  NavigateAndCommit(google);
285
286  active_tab_permission_granter()->GrantIfRequested(extension.get());
287
288  EXPECT_TRUE(IsGrantedForTab(extension.get(), web_contents()));
289  EXPECT_TRUE(IsAllowed(extension, google));
290
291  // Uninstalling the extension should clear its tab permissions.
292  ExtensionRegistry* registry =
293      ExtensionRegistry::Get(web_contents()->GetBrowserContext());
294  registry->TriggerOnUnloaded(extension.get(),
295                              UnloadedExtensionInfo::REASON_DISABLE);
296
297  // Note: can't EXPECT_FALSE(IsAllowed) here because uninstalled extensions
298  // are just that... considered to be uninstalled, and the manager might
299  // just ignore them from here on.
300
301  // Granting the extension again should give them back.
302  active_tab_permission_granter()->GrantIfRequested(extension.get());
303
304  EXPECT_TRUE(IsGrantedForTab(extension.get(), web_contents()));
305  EXPECT_TRUE(IsAllowed(extension, google));
306}
307
308TEST_F(ActiveTabTest, OnlyActiveTab) {
309  GURL google("http://www.google.com");
310  NavigateAndCommit(google);
311
312  active_tab_permission_granter()->GrantIfRequested(extension.get());
313
314  EXPECT_TRUE(IsAllowed(extension, google, PERMITTED_BOTH, tab_id()));
315  EXPECT_TRUE(IsBlocked(extension, google, tab_id() + 1));
316  EXPECT_FALSE(HasTabsPermission(extension, tab_id() + 1));
317}
318
319TEST_F(ActiveTabTest, NavigateInPage) {
320  GURL google("http://www.google.com");
321  NavigateAndCommit(google);
322
323  active_tab_permission_granter()->GrantIfRequested(extension.get());
324
325  // Perform an in-page navigation. The extension should not lose the temporary
326  // permission.
327  GURL google_h1("http://www.google.com#h1");
328  NavigateAndCommit(google_h1);
329
330  EXPECT_TRUE(IsAllowed(extension, google));
331  EXPECT_TRUE(IsAllowed(extension, google_h1));
332
333  GURL chromium("http://www.chromium.org");
334  NavigateAndCommit(chromium);
335
336  EXPECT_FALSE(IsAllowed(extension, google));
337  EXPECT_FALSE(IsAllowed(extension, google_h1));
338  EXPECT_FALSE(IsAllowed(extension, chromium));
339
340  active_tab_permission_granter()->GrantIfRequested(extension.get());
341
342  EXPECT_FALSE(IsAllowed(extension, google));
343  EXPECT_FALSE(IsAllowed(extension, google_h1));
344  EXPECT_TRUE(IsAllowed(extension, chromium));
345
346  GURL chromium_h1("http://www.chromium.org#h1");
347  NavigateAndCommit(chromium_h1);
348
349  EXPECT_FALSE(IsAllowed(extension, google));
350  EXPECT_FALSE(IsAllowed(extension, google_h1));
351  EXPECT_TRUE(IsAllowed(extension, chromium));
352  EXPECT_TRUE(IsAllowed(extension, chromium_h1));
353
354  Reload();
355
356  EXPECT_FALSE(IsAllowed(extension, google));
357  EXPECT_FALSE(IsAllowed(extension, google_h1));
358  EXPECT_FALSE(IsAllowed(extension, chromium));
359  EXPECT_FALSE(IsAllowed(extension, chromium_h1));
360}
361
362TEST_F(ActiveTabTest, ChromeUrlGrants) {
363  GURL internal("chrome://version");
364  NavigateAndCommit(internal);
365  active_tab_permission_granter()->GrantIfRequested(
366      extension_with_tab_capture.get());
367  // Do not grant tabs/hosts permissions for tab.
368  EXPECT_TRUE(IsAllowed(extension_with_tab_capture, internal,
369                        PERMITTED_CAPTURE_ONLY));
370  const PermissionsData* permissions_data =
371      extension_with_tab_capture->permissions_data();
372  EXPECT_TRUE(permissions_data->HasAPIPermissionForTab(
373      tab_id(), APIPermission::kTabCaptureForTab));
374
375  EXPECT_TRUE(IsBlocked(extension_with_tab_capture, internal, tab_id() + 1));
376  EXPECT_FALSE(permissions_data->HasAPIPermissionForTab(
377      tab_id() + 1, APIPermission::kTabCaptureForTab));
378}
379
380}  // namespace
381}  // namespace extensions
382