1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 # Use of this source code is governed by a BSD-style license that can be 3 # found in the LICENSE file. 4 5 import pyauto_functional # Must come before pyauto (and thus, policy_base). 6 import policy_base 7 8 9 class ChromeosDevicePolicy(policy_base.PolicyTestBase): 10 """Tests various ChromeOS device policies.""" 11 12 # Cache user credentials for easy lookup. 13 private_info = policy_base.PolicyTestBase.GetPrivateInfo() 14 credentials = (private_info['prod_enterprise_test_user'], 15 private_info['prod_enterprise_executive_user'], 16 private_info['prod_enterprise_sales_user']) 17 _usernames = [credential['username'] for credential in credentials] 18 _passwords = [credential['password'] for credential in credentials] 19 20 def LoginAsGuest(self): 21 self.assertFalse(self.GetLoginInfo()['is_logged_in'], 22 msg='Expected to be logged out.') 23 policy_base.PolicyTestBase.LoginAsGuest(self) 24 self.assertTrue(self.GetLoginInfo()['is_logged_in'], 25 msg='Expected to be logged in.') 26 27 def _Login(self, user_index, expect_success): 28 self.assertFalse(self.GetLoginInfo()['is_logged_in'], 29 msg='Expected to be logged out.') 30 policy_base.PolicyTestBase.Login(self, 31 self._usernames[user_index], 32 self._passwords[user_index]) 33 if expect_success: 34 self.assertTrue(self.GetLoginInfo()['is_logged_in'], 35 msg='Expected to be logged in.') 36 else: 37 self.assertFalse(self.GetLoginInfo()['is_logged_in'], 38 msg='Expected to not be logged in.') 39 40 def _CheckGuestModeAvailableInLoginWindow(self): 41 return self.ExecuteJavascriptInOOBEWebUI( 42 """window.domAutomationController.send( 43 !document.getElementById('guestSignin').hidden); 44 """) 45 46 def _CheckGuestModeAvailableInAccountPicker(self): 47 return self.ExecuteJavascriptInOOBEWebUI( 48 """window.domAutomationController.send( 49 !!document.getElementById('pod-row').getPodWithUsername_('')); 50 """) 51 52 def _CheckPodVisible(self, username): 53 javascript = """ 54 var pod = document.getElementById('pod-row').getPodWithUsername_('%s'); 55 window.domAutomationController.send(!!pod && !pod.hidden); 56 """ 57 return self.ExecuteJavascriptInOOBEWebUI(javascript % username) 58 59 def _WaitForPodVisibility(self, username, visible): 60 self.assertTrue( 61 self.WaitUntil(function=lambda: self._CheckPodVisible(username), 62 expect_retval=visible), 63 msg='Expected pod for user %s to %s be visible.' % 64 (username, '' if visible else 'not')) 65 66 def testGuestModeEnabled(self): 67 """Checks that guest mode login can be enabled/disabled.""" 68 self.SetDevicePolicy({'guest_mode_enabled': True}) 69 self.assertTrue(self._CheckGuestModeAvailableInLoginWindow(), 70 msg='Expected guest mode to be available.') 71 self.LoginAsGuest() 72 self.Logout() 73 74 self.SetDevicePolicy({'guest_mode_enabled': False}) 75 self.assertFalse(self._CheckGuestModeAvailableInLoginWindow(), 76 msg='Expected guest mode to not be available.') 77 78 # Log in as a regular so that the pod row contains at least one pod and the 79 # account picker is shown. 80 self._Login(user_index=0, expect_success=True) 81 self.Logout() 82 83 self.SetDevicePolicy({'guest_mode_enabled': True}) 84 self.assertTrue(self._CheckGuestModeAvailableInAccountPicker(), 85 msg='Expected guest mode to be available.') 86 self.LoginAsGuest() 87 self.Logout() 88 89 self.SetDevicePolicy({'guest_mode_enabled': False}) 90 self.assertFalse(self._CheckGuestModeAvailableInAccountPicker(), 91 msg='Expected guest mode to not be available.') 92 93 def testShowUserNamesOnSignin(self): 94 """Checks that the account picker can be enabled/disabled.""" 95 # Log in as a regular user so that the pod row contains at least one pod and 96 # the account picker can be shown. 97 self._Login(user_index=0, expect_success=True) 98 self.Logout() 99 100 self.SetDevicePolicy({'show_user_names': False}) 101 self._WaitForLoginScreenId('gaia-signin') 102 103 self.SetDevicePolicy({'show_user_names': True}) 104 self._WaitForLoginScreenId('account-picker') 105 106 def testUserWhitelistAndAllowNewUsers(self): 107 """Checks that login can be (dis)allowed by whitelist and allow-new-users. 108 109 The test verifies that these two interrelated policies behave as documented 110 in the chrome/browser/policy/proto/chrome_device_policy.proto file. Cases 111 for which the current behavior is marked as "broken" are intentionally 112 ommitted since the broken behavior should be fixed rather than protected by 113 tests. 114 """ 115 # No whitelist 116 self.SetDevicePolicy({'allow_new_users': True}) 117 self._Login(user_index=0, expect_success=True) 118 self.Logout() 119 120 # Empty whitelist 121 self.SetDevicePolicy({'user_whitelist': []}) 122 self._Login(user_index=0, expect_success=True) 123 self.Logout() 124 125 self.SetDevicePolicy({'allow_new_users': True, 126 'user_whitelist': []}) 127 self._Login(user_index=0, expect_success=True) 128 self.Logout() 129 130 # Populated whitelist 131 self.SetDevicePolicy({'user_whitelist': [self._usernames[0]]}) 132 self._Login(user_index=0, expect_success=True) 133 self.Logout() 134 self._Login(user_index=1, expect_success=False) 135 136 self.SetDevicePolicy({'allow_new_users': True, 137 'user_whitelist': [self._usernames[0]]}) 138 self._Login(user_index=0, expect_success=True) 139 self.Logout() 140 self._Login(user_index=1, expect_success=True) 141 self.Logout() 142 143 # New users not allowed, populated whitelist 144 self.SetDevicePolicy({'allow_new_users': False, 145 'user_whitelist': [self._usernames[0]]}) 146 self._Login(user_index=0, expect_success=True) 147 self.Logout() 148 self._Login(user_index=1, expect_success=False) 149 150 def testUserWhitelistInAccountPicker(self): 151 """Checks that setting a whitelist removes non-whitelisted user pods.""" 152 # Disable the account picker so that the login form is shown and the Login() 153 # automation call can be used. 154 self.PrepareToWaitForLoginFormReload() 155 self.SetDevicePolicy({'show_user_names': False}) 156 self.WaitForLoginFormReload() 157 158 # Log in to populate the list of existing users. 159 self._Login(user_index=0, expect_success=True) 160 self.Logout() 161 self._Login(user_index=1, expect_success=True) 162 self.Logout() 163 164 # Enable the account picker. 165 self.SetDevicePolicy({'show_user_names': True}) 166 self._WaitForLoginScreenId('account-picker') 167 168 # Check pod visibility with and without a whitelist. 169 self._WaitForPodVisibility(username=self._usernames[0], visible=True) 170 self._WaitForPodVisibility(username=self._usernames[1], visible=True) 171 172 self.SetDevicePolicy({'show_user_names': True, 173 'user_whitelist': [self._usernames[1]]}) 174 self._WaitForPodVisibility(username=self._usernames[0], visible=False) 175 self._WaitForPodVisibility(username=self._usernames[1], visible=True) 176 177 self.SetDevicePolicy({'show_user_names': True}) 178 self._WaitForPodVisibility(username=self._usernames[0], visible=True) 179 self._WaitForPodVisibility(username=self._usernames[1], visible=True) 180 181 _timezones = ['America/Barbados', 'Europe/Helsinki'] 182 183 def testTimezoneSettingWithoutPolicy(self): 184 """Without timezone policy, timezone changes by user are persistent.""" 185 self.SetDevicePolicy(refresh=False) 186 187 for timezone in self._timezones: 188 self._Login(user_index=1, expect_success=True) 189 self.SetTimezone(timezone) 190 self.assertEqual(timezone, self.GetTimeInfo()['timezone']) 191 192 self.Logout() 193 self.assertEqual(timezone, self.GetTimeInfo()['timezone']) 194 195 196 def testTimezoneSettingWithPolicy(self): 197 """With timezone policy, timezone changes by user are reset on logout.""" 198 self.SetDevicePolicy({'timezone': self._timezones[0]}, refresh=True) 199 200 # Timezones are set on startup, i.e. everytime when loading the login 201 # screen. Something like a browser restart may work, too. 202 self._Login(user_index=1, expect_success=True) 203 self.Logout() 204 205 self.assertEqual(self._timezones[0], self.GetTimeInfo()['timezone']) 206 207 self._Login(user_index=1, expect_success=True) 208 self.SetTimezone(self._timezones[1]) 209 self.assertEqual(self._timezones[1], self.GetTimeInfo()['timezone']) 210 211 self.Logout() 212 self.assertEqual(self._timezones[0], self.GetTimeInfo()['timezone']) 213 214 215 if __name__ == '__main__': 216 pyauto_functional.Main() 217