1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/extensions/api/permissions/permissions_api.h"
6#include "chrome/browser/extensions/extension_apitest.h"
7#include "chrome/browser/profiles/profile.h"
8#include "chrome/browser/ui/browser.h"
9#include "extensions/browser/extension_prefs.h"
10#include "extensions/common/permissions/permission_set.h"
11#include "extensions/common/switches.h"
12#include "net/dns/mock_host_resolver.h"
13
14namespace extensions {
15
16namespace {
17
18static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
19  int schemes = URLPattern::SCHEME_ALL;
20  extent->AddPattern(URLPattern(schemes, pattern));
21}
22
23}  // namespace
24
25class ExperimentalApiTest : public ExtensionApiTest {
26public:
27  virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
28    ExtensionApiTest::SetUpCommandLine(command_line);
29    command_line->AppendSwitch(switches::kEnableExperimentalExtensionApis);
30  }
31};
32
33IN_PROC_BROWSER_TEST_F(ExtensionApiTest, PermissionsFail) {
34  ASSERT_TRUE(RunExtensionTest("permissions/disabled")) << message_;
35
36  // Since the experimental APIs require a flag, this will fail even though
37  // it's enabled.
38  // TODO(erikkay) This test is currently broken because LoadExtension in
39  // ExtensionBrowserTest doesn't actually fail, it just times out.  To fix this
40  // I'll need to add an EXTENSION_LOAD_ERROR notification, which is probably
41  // too much for the branch.  I'll enable this on trunk later.
42  //ASSERT_FALSE(RunExtensionTest("permissions/enabled"))) << message_;
43}
44
45IN_PROC_BROWSER_TEST_F(ExperimentalApiTest, PermissionsSucceed) {
46  ASSERT_TRUE(RunExtensionTest("permissions/enabled")) << message_;
47}
48
49IN_PROC_BROWSER_TEST_F(ExtensionApiTest, ExperimentalPermissionsFail) {
50  // At the time this test is being created, there is no experimental
51  // function that will not be graduating soon, and does not require a
52  // tab id as an argument.  So, we need the tab permission to get
53  // a tab id.
54  ASSERT_TRUE(RunExtensionTest("permissions/experimental_disabled"))
55      << message_;
56}
57
58IN_PROC_BROWSER_TEST_F(ExtensionApiTest, FaviconPermission) {
59  ASSERT_TRUE(RunExtensionTest("permissions/favicon")) << message_;
60}
61
62// Test functions and APIs that are always allowed (even if you ask for no
63// permissions).
64// Disabled: http://crbug.com/125193
65IN_PROC_BROWSER_TEST_F(ExtensionApiTest, DISABLED_AlwaysAllowed) {
66  ASSERT_TRUE(RunExtensionTest("permissions/always_allowed")) << message_;
67}
68
69// Tests that the optional permissions API works correctly.
70IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGranted) {
71  // Mark all the tested APIs as granted to bypass the confirmation UI.
72  APIPermissionSet apis;
73  apis.insert(APIPermission::kBookmark);
74  ManifestPermissionSet manifest_permissions;
75  URLPatternSet explicit_hosts;
76  AddPattern(&explicit_hosts, "http://*.c.com/*");
77  scoped_refptr<PermissionSet> granted_permissions =
78      new PermissionSet(apis, manifest_permissions,
79                        explicit_hosts, URLPatternSet());
80
81  ExtensionPrefs* prefs = ExtensionPrefs::Get(browser()->profile());
82  prefs->AddGrantedPermissions("kjmkgkdkpedkejedfhmfcenooemhbpbo",
83                               granted_permissions.get());
84
85  PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
86  host_resolver()->AddRule("*.com", "127.0.0.1");
87  ASSERT_TRUE(StartEmbeddedTestServer());
88  EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_;
89}
90
91// Tests that the optional permissions API works correctly.
92IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsAutoConfirm) {
93  // Rather than setting the granted permissions, set the UI autoconfirm flag
94  // and run the same tests.
95  PermissionsRequestFunction::SetAutoConfirmForTests(true);
96  PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
97  host_resolver()->AddRule("*.com", "127.0.0.1");
98  ASSERT_TRUE(StartEmbeddedTestServer());
99  EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_;
100}
101
102// Test that denying the optional permissions confirmation dialog works.
103IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsDeny) {
104  PermissionsRequestFunction::SetAutoConfirmForTests(false);
105  PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
106  host_resolver()->AddRule("*.com", "127.0.0.1");
107  ASSERT_TRUE(StartEmbeddedTestServer());
108  EXPECT_TRUE(RunExtensionTest("permissions/optional_deny")) << message_;
109}
110
111// Tests that the permissions.request function must be called from within a
112// user gesture.
113IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGesture) {
114  PermissionsRequestFunction::SetIgnoreUserGestureForTests(false);
115  host_resolver()->AddRule("*.com", "127.0.0.1");
116  ASSERT_TRUE(StartEmbeddedTestServer());
117  EXPECT_TRUE(RunExtensionTest("permissions/optional_gesture")) << message_;
118}
119
120// Tests that the user gesture is retained in the permissions.request function
121// callback.
122IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsRetainGesture) {
123  PermissionsRequestFunction::SetAutoConfirmForTests(true);
124  PermissionsRequestFunction::SetIgnoreUserGestureForTests(false);
125  host_resolver()->AddRule("*.com", "127.0.0.1");
126  ASSERT_TRUE(StartEmbeddedTestServer());
127  EXPECT_TRUE(RunExtensionTest("permissions/optional_retain_gesture"))
128      << message_;
129}
130
131// Tests that an extension can't gain access to file: URLs without the checkbox
132// entry in prefs. There shouldn't be a warning either.
133IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsFileAccess) {
134  // There shouldn't be a warning, so we shouldn't need to autoconfirm.
135  PermissionsRequestFunction::SetAutoConfirmForTests(false);
136  PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
137
138  ExtensionPrefs* prefs = ExtensionPrefs::Get(browser()->profile());
139
140  EXPECT_TRUE(
141      RunExtensionTestNoFileAccess("permissions/file_access_no")) << message_;
142  EXPECT_FALSE(prefs->AllowFileAccess("dgloelfbnddbdacakahpogklfdcccbib"));
143
144  EXPECT_TRUE(RunExtensionTest("permissions/file_access_yes")) << message_;
145  // TODO(kalman): ugh, it would be nice to test this condition, but it seems
146  // like there's somehow a race here where the prefs aren't updated in time
147  // with the "allow file access" bit, so we'll just have to trust that
148  // RunExtensionTest (unlike RunExtensionTestNoFileAccess) does indeed
149  // not set the allow file access bit. Otherwise this test doesn't mean
150  // a whole lot (i.e. file access works - but it'd better not be the case
151  // that the extension actually has file access, since that'd be the bug
152  // that this is supposed to be testing).
153  //EXPECT_TRUE(prefs->AllowFileAccess("hlonmbgfjccgolnaboonlakjckinmhmd"));
154}
155
156// Test requesting, querying, and removing host permissions for host
157// permissions that are a subset of the optional permissions.
158IN_PROC_BROWSER_TEST_F(ExtensionApiTest, HostSubsets) {
159  PermissionsRequestFunction::SetAutoConfirmForTests(true);
160  PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
161  EXPECT_TRUE(RunExtensionTest("permissions/host_subsets")) << message_;
162}
163
164}  // namespace extensions
165