1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" 6 7 #include "base/bind.h" 8 #include "base/bind_helpers.h" 9 #include "base/callback.h" 10 #include "base/memory/scoped_ptr.h" 11 #include "chrome/browser/chromeos/policy/device_local_account.h" 12 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h" 13 #include "chrome/browser/chromeos/settings/cros_settings.h" 14 #include "chrome/browser/chromeos/settings/device_settings_service.h" 15 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" 16 #include "chrome/browser/policy/cloud/cloud_policy_client.h" 17 #include "chrome/browser/policy/cloud/cloud_policy_constants.h" 18 #include "chrome/browser/policy/cloud/cloud_policy_service.h" 19 #include "chrome/browser/policy/cloud/mock_device_management_service.h" 20 #include "chrome/browser/policy/cloud/policy_builder.h" 21 #include "chrome/browser/policy/external_data_fetcher.h" 22 #include "chrome/browser/policy/mock_configuration_policy_provider.h" 23 #include "chrome/browser/policy/proto/chromeos/chrome_device_policy.pb.h" 24 #include "chromeos/dbus/power_policy_controller.h" 25 #include "policy/policy_constants.h" 26 #include "testing/gtest/include/gtest/gtest.h" 27 28 using testing::AnyNumber; 29 using testing::AtLeast; 30 using testing::Mock; 31 using testing::SaveArg; 32 using testing::_; 33 34 namespace em = enterprise_management; 35 36 namespace policy { 37 38 class MockDeviceLocalAccountPolicyServiceObserver 39 : public DeviceLocalAccountPolicyService::Observer { 40 public: 41 MOCK_METHOD1(OnPolicyUpdated, void(const std::string&)); 42 MOCK_METHOD0(OnDeviceLocalAccountsChanged, void(void)); 43 }; 44 45 class DeviceLocalAccountPolicyServiceTest 46 : public chromeos::DeviceSettingsTestBase { 47 public: 48 DeviceLocalAccountPolicyServiceTest() 49 : public_session_user_id_(GenerateDeviceLocalAccountUserId( 50 PolicyBuilder::kFakeUsername, 51 DeviceLocalAccount::TYPE_PUBLIC_SESSION)), 52 cros_settings_(&device_settings_service_), 53 service_(&device_settings_test_helper_, 54 &device_settings_service_, 55 &cros_settings_) {} 56 57 virtual void SetUp() OVERRIDE { 58 DeviceSettingsTestBase::SetUp(); 59 60 // Values implicitly enforced for public accounts. 61 expected_policy_map_.Set(key::kLidCloseAction, 62 POLICY_LEVEL_MANDATORY, 63 POLICY_SCOPE_USER, 64 base::Value::CreateIntegerValue( 65 chromeos::PowerPolicyController:: 66 ACTION_STOP_SESSION), 67 NULL); 68 expected_policy_map_.Set(key::kShelfAutoHideBehavior, 69 POLICY_LEVEL_MANDATORY, 70 POLICY_SCOPE_USER, 71 Value::CreateStringValue("Never"), 72 NULL); 73 expected_policy_map_.Set(key::kShowLogoutButtonInTray, 74 POLICY_LEVEL_MANDATORY, 75 POLICY_SCOPE_USER, 76 Value::CreateBooleanValue(true), 77 NULL); 78 scoped_ptr<base::ListValue> allowed_extension_types(new base::ListValue()); 79 allowed_extension_types->AppendString("hosted_app"); 80 expected_policy_map_.Set(key::kExtensionAllowedTypes, 81 POLICY_LEVEL_MANDATORY, 82 POLICY_SCOPE_USER, 83 allowed_extension_types.release(), 84 NULL); 85 86 // Explicitly set value. 87 expected_policy_map_.Set(key::kDisableSpdy, 88 POLICY_LEVEL_MANDATORY, 89 POLICY_SCOPE_USER, 90 Value::CreateBooleanValue(true), 91 NULL); 92 93 device_local_account_policy_.payload().mutable_disablespdy()->set_value( 94 true); 95 device_local_account_policy_.policy_data().set_policy_type( 96 dm_protocol::kChromePublicAccountPolicyType); 97 device_local_account_policy_.policy_data().set_settings_entity_id( 98 PolicyBuilder::kFakeUsername); 99 device_local_account_policy_.Build(); 100 101 em::DeviceLocalAccountInfoProto* account = 102 device_policy_.payload().mutable_device_local_accounts()->add_account(); 103 account->set_account_id(PolicyBuilder::kFakeUsername); 104 account->set_type( 105 em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION); 106 device_policy_.Build(); 107 108 service_.AddObserver(&service_observer_); 109 } 110 111 virtual void TearDown() OVERRIDE { 112 service_.RemoveObserver(&service_observer_); 113 114 DeviceSettingsTestBase::TearDown(); 115 } 116 117 void InstallDevicePolicy() { 118 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged()); 119 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 120 ReloadDeviceSettings(); 121 Mock::VerifyAndClearExpectations(&service_observer_); 122 } 123 124 MOCK_METHOD1(OnRefreshDone, void(bool)); 125 126 const std::string public_session_user_id_; 127 128 PolicyMap expected_policy_map_; 129 UserPolicyBuilder device_local_account_policy_; 130 chromeos::CrosSettings cros_settings_; 131 MockDeviceLocalAccountPolicyServiceObserver service_observer_; 132 MockDeviceManagementService mock_device_management_service_; 133 DeviceLocalAccountPolicyService service_; 134 135 private: 136 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyServiceTest); 137 }; 138 139 TEST_F(DeviceLocalAccountPolicyServiceTest, NoAccounts) { 140 EXPECT_FALSE(service_.GetBrokerForUser(public_session_user_id_)); 141 } 142 143 TEST_F(DeviceLocalAccountPolicyServiceTest, GetBroker) { 144 InstallDevicePolicy(); 145 146 DeviceLocalAccountPolicyBroker* broker = 147 service_.GetBrokerForUser(public_session_user_id_); 148 ASSERT_TRUE(broker); 149 EXPECT_EQ(public_session_user_id_, broker->user_id()); 150 ASSERT_TRUE(broker->core()->store()); 151 EXPECT_EQ(CloudPolicyStore::STATUS_OK, broker->core()->store()->status()); 152 EXPECT_FALSE(broker->core()->client()); 153 EXPECT_TRUE(broker->core()->store()->policy_map().empty()); 154 } 155 156 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadNoPolicy) { 157 InstallDevicePolicy(); 158 159 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 160 DeviceLocalAccountPolicyBroker* broker = 161 service_.GetBrokerForUser(public_session_user_id_); 162 ASSERT_TRUE(broker); 163 FlushDeviceSettings(); 164 Mock::VerifyAndClearExpectations(&service_observer_); 165 166 ASSERT_TRUE(broker->core()->store()); 167 EXPECT_EQ(CloudPolicyStore::STATUS_LOAD_ERROR, 168 broker->core()->store()->status()); 169 EXPECT_TRUE(broker->core()->store()->policy_map().empty()); 170 EXPECT_FALSE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 171 } 172 173 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadValidationFailure) { 174 device_local_account_policy_.policy_data().set_policy_type( 175 dm_protocol::kChromeUserPolicyType); 176 device_local_account_policy_.Build(); 177 device_settings_test_helper_.set_device_local_account_policy_blob( 178 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 179 InstallDevicePolicy(); 180 181 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 182 DeviceLocalAccountPolicyBroker* broker = 183 service_.GetBrokerForUser(public_session_user_id_); 184 ASSERT_TRUE(broker); 185 FlushDeviceSettings(); 186 Mock::VerifyAndClearExpectations(&service_observer_); 187 188 ASSERT_TRUE(broker->core()->store()); 189 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, 190 broker->core()->store()->status()); 191 EXPECT_TRUE(broker->core()->store()->policy_map().empty()); 192 EXPECT_FALSE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 193 } 194 195 TEST_F(DeviceLocalAccountPolicyServiceTest, LoadPolicy) { 196 device_settings_test_helper_.set_device_local_account_policy_blob( 197 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 198 InstallDevicePolicy(); 199 200 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 201 DeviceLocalAccountPolicyBroker* broker = 202 service_.GetBrokerForUser(public_session_user_id_); 203 ASSERT_TRUE(broker); 204 FlushDeviceSettings(); 205 Mock::VerifyAndClearExpectations(&service_observer_); 206 207 ASSERT_TRUE(broker->core()->store()); 208 EXPECT_EQ(CloudPolicyStore::STATUS_OK, 209 broker->core()->store()->status()); 210 ASSERT_TRUE(broker->core()->store()->policy()); 211 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 212 broker->core()->store()->policy()->SerializeAsString()); 213 EXPECT_TRUE(expected_policy_map_.Equals( 214 broker->core()->store()->policy_map())); 215 EXPECT_TRUE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 216 } 217 218 TEST_F(DeviceLocalAccountPolicyServiceTest, StoreValidationFailure) { 219 device_local_account_policy_.policy_data().set_policy_type( 220 dm_protocol::kChromeUserPolicyType); 221 device_local_account_policy_.Build(); 222 InstallDevicePolicy(); 223 224 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 225 DeviceLocalAccountPolicyBroker* broker = 226 service_.GetBrokerForUser(public_session_user_id_); 227 ASSERT_TRUE(broker); 228 ASSERT_TRUE(broker->core()->store()); 229 broker->core()->store()->Store(device_local_account_policy_.policy()); 230 FlushDeviceSettings(); 231 Mock::VerifyAndClearExpectations(&service_observer_); 232 233 ASSERT_TRUE(broker->core()->store()); 234 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, 235 broker->core()->store()->status()); 236 EXPECT_EQ(CloudPolicyValidatorBase::VALIDATION_WRONG_POLICY_TYPE, 237 broker->core()->store()->validation_status()); 238 EXPECT_FALSE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 239 } 240 241 TEST_F(DeviceLocalAccountPolicyServiceTest, StorePolicy) { 242 InstallDevicePolicy(); 243 244 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 245 DeviceLocalAccountPolicyBroker* broker = 246 service_.GetBrokerForUser(public_session_user_id_); 247 ASSERT_TRUE(broker); 248 ASSERT_TRUE(broker->core()->store()); 249 broker->core()->store()->Store(device_local_account_policy_.policy()); 250 FlushDeviceSettings(); 251 Mock::VerifyAndClearExpectations(&service_observer_); 252 253 EXPECT_EQ(device_local_account_policy_.GetBlob(), 254 device_settings_test_helper_.device_local_account_policy_blob( 255 PolicyBuilder::kFakeUsername)); 256 EXPECT_TRUE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 257 } 258 259 TEST_F(DeviceLocalAccountPolicyServiceTest, DevicePolicyChange) { 260 device_settings_test_helper_.set_device_local_account_policy_blob( 261 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 262 InstallDevicePolicy(); 263 264 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged()); 265 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 266 device_policy_.Build(); 267 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 268 device_settings_service_.PropertyChangeComplete(true); 269 FlushDeviceSettings(); 270 EXPECT_FALSE(service_.GetBrokerForUser(public_session_user_id_)); 271 Mock::VerifyAndClearExpectations(&service_observer_); 272 } 273 274 TEST_F(DeviceLocalAccountPolicyServiceTest, DuplicateAccounts) { 275 InstallDevicePolicy(); 276 DeviceLocalAccountPolicyBroker* broker = 277 service_.GetBrokerForUser(public_session_user_id_); 278 ASSERT_TRUE(broker); 279 280 // Add a second entry with a duplicate account name to device policy. 281 em::DeviceLocalAccountInfoProto* account = 282 device_policy_.payload().mutable_device_local_accounts()->add_account(); 283 account->set_account_id(PolicyBuilder::kFakeUsername); 284 account->set_type( 285 em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION); 286 device_policy_.Build(); 287 device_settings_test_helper_.set_device_local_account_policy_blob( 288 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 289 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 290 291 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged()); 292 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 293 device_settings_service_.PropertyChangeComplete(true); 294 FlushDeviceSettings(); 295 Mock::VerifyAndClearExpectations(&service_observer_); 296 297 // Make sure the broker is accessible and policy got loaded. 298 broker = service_.GetBrokerForUser(public_session_user_id_); 299 ASSERT_TRUE(broker); 300 EXPECT_EQ(public_session_user_id_, broker->user_id()); 301 EXPECT_TRUE(broker->core()->store()->policy()); 302 } 303 304 TEST_F(DeviceLocalAccountPolicyServiceTest, FetchPolicy) { 305 device_settings_test_helper_.set_device_local_account_policy_blob( 306 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 307 InstallDevicePolicy(); 308 309 DeviceLocalAccountPolicyBroker* broker = 310 service_.GetBrokerForUser(public_session_user_id_); 311 ASSERT_TRUE(broker); 312 313 service_.Connect(&mock_device_management_service_); 314 EXPECT_TRUE(broker->core()->client()); 315 316 em::DeviceManagementRequest request; 317 em::DeviceManagementResponse response; 318 response.mutable_policy_response()->add_response()->CopyFrom( 319 device_local_account_policy_.policy()); 320 EXPECT_CALL(mock_device_management_service_, 321 CreateJob(DeviceManagementRequestJob::TYPE_POLICY_FETCH)) 322 .WillOnce(mock_device_management_service_.SucceedJob(response)); 323 EXPECT_CALL(mock_device_management_service_, 324 StartJob(dm_protocol::kValueRequestPolicy, 325 std::string(), std::string(), 326 device_policy_.policy_data().request_token(), 327 dm_protocol::kValueUserAffiliationManaged, 328 device_policy_.policy_data().device_id(), 329 _)) 330 .WillOnce(SaveArg<6>(&request)); 331 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 332 broker->core()->client()->FetchPolicy(); 333 FlushDeviceSettings(); 334 Mock::VerifyAndClearExpectations(&service_observer_); 335 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 336 EXPECT_TRUE(request.has_policy_request()); 337 EXPECT_EQ(1, request.policy_request().request_size()); 338 EXPECT_EQ(dm_protocol::kChromePublicAccountPolicyType, 339 request.policy_request().request(0).policy_type()); 340 EXPECT_FALSE(request.policy_request().request(0).has_machine_id()); 341 EXPECT_EQ(PolicyBuilder::kFakeUsername, 342 request.policy_request().request(0).settings_entity_id()); 343 344 ASSERT_TRUE(broker->core()->store()); 345 EXPECT_EQ(CloudPolicyStore::STATUS_OK, 346 broker->core()->store()->status()); 347 ASSERT_TRUE(broker->core()->store()->policy()); 348 EXPECT_EQ(device_local_account_policy_.policy_data().SerializeAsString(), 349 broker->core()->store()->policy()->SerializeAsString()); 350 EXPECT_TRUE(expected_policy_map_.Equals( 351 broker->core()->store()->policy_map())); 352 EXPECT_TRUE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 353 354 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)) 355 .Times(0); 356 service_.Disconnect(); 357 EXPECT_FALSE(broker->core()->client()); 358 Mock::VerifyAndClearExpectations(&service_observer_); 359 EXPECT_TRUE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 360 } 361 362 TEST_F(DeviceLocalAccountPolicyServiceTest, RefreshPolicy) { 363 device_settings_test_helper_.set_device_local_account_policy_blob( 364 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 365 InstallDevicePolicy(); 366 367 DeviceLocalAccountPolicyBroker* broker = 368 service_.GetBrokerForUser(public_session_user_id_); 369 ASSERT_TRUE(broker); 370 371 service_.Connect(&mock_device_management_service_); 372 ASSERT_TRUE(broker->core()->service()); 373 374 em::DeviceManagementResponse response; 375 response.mutable_policy_response()->add_response()->CopyFrom( 376 device_local_account_policy_.policy()); 377 EXPECT_CALL(mock_device_management_service_, CreateJob(_)) 378 .WillOnce(mock_device_management_service_.SucceedJob(response)); 379 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)); 380 EXPECT_CALL(*this, OnRefreshDone(true)).Times(1); 381 EXPECT_CALL(service_observer_, OnPolicyUpdated(public_session_user_id_)); 382 broker->core()->service()->RefreshPolicy( 383 base::Bind(&DeviceLocalAccountPolicyServiceTest::OnRefreshDone, 384 base::Unretained(this))); 385 FlushDeviceSettings(); 386 Mock::VerifyAndClearExpectations(&service_observer_); 387 Mock::VerifyAndClearExpectations(this); 388 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 389 390 ASSERT_TRUE(broker->core()->store()); 391 EXPECT_EQ(CloudPolicyStore::STATUS_OK, 392 broker->core()->store()->status()); 393 EXPECT_TRUE(expected_policy_map_.Equals( 394 broker->core()->store()->policy_map())); 395 EXPECT_TRUE(service_.IsPolicyAvailableForUser(public_session_user_id_)); 396 } 397 398 class DeviceLocalAccountPolicyProviderTest 399 : public DeviceLocalAccountPolicyServiceTest { 400 protected: 401 DeviceLocalAccountPolicyProviderTest() 402 : provider_( 403 GenerateDeviceLocalAccountUserId( 404 PolicyBuilder::kFakeUsername, 405 DeviceLocalAccount::TYPE_PUBLIC_SESSION), 406 &service_) {} 407 408 virtual void SetUp() OVERRIDE { 409 DeviceLocalAccountPolicyServiceTest::SetUp(); 410 provider_.Init(); 411 provider_.AddObserver(&provider_observer_); 412 413 EXPECT_CALL(service_observer_, OnPolicyUpdated(_)).Times(AnyNumber()); 414 EXPECT_CALL(service_observer_, OnDeviceLocalAccountsChanged()) 415 .Times(AnyNumber()); 416 } 417 418 virtual void TearDown() OVERRIDE { 419 provider_.RemoveObserver(&provider_observer_); 420 provider_.Shutdown(); 421 DeviceLocalAccountPolicyServiceTest::TearDown(); 422 } 423 424 DeviceLocalAccountPolicyProvider provider_; 425 MockConfigurationPolicyObserver provider_observer_; 426 427 private: 428 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyProviderTest); 429 }; 430 431 TEST_F(DeviceLocalAccountPolicyProviderTest, Initialization) { 432 EXPECT_FALSE(provider_.IsInitializationComplete(POLICY_DOMAIN_CHROME)); 433 434 // Policy change should complete initialization. 435 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 436 device_settings_test_helper_.set_device_local_account_policy_blob( 437 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 438 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 439 ReloadDeviceSettings(); 440 Mock::VerifyAndClearExpectations(&provider_observer_); 441 442 EXPECT_TRUE(provider_.IsInitializationComplete(POLICY_DOMAIN_CHROME)); 443 444 // The account disappearing should *not* flip the initialization flag back. 445 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)) 446 .Times(AnyNumber()); 447 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 448 device_policy_.Build(); 449 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 450 ReloadDeviceSettings(); 451 Mock::VerifyAndClearExpectations(&provider_observer_); 452 453 EXPECT_TRUE(provider_.IsInitializationComplete(POLICY_DOMAIN_CHROME)); 454 } 455 456 TEST_F(DeviceLocalAccountPolicyProviderTest, Policy) { 457 // Policy should load successfully. 458 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 459 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 460 device_settings_test_helper_.set_device_local_account_policy_blob( 461 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 462 ReloadDeviceSettings(); 463 Mock::VerifyAndClearExpectations(&provider_observer_); 464 465 PolicyBundle expected_policy_bundle; 466 expected_policy_bundle.Get(PolicyNamespace( 467 POLICY_DOMAIN_CHROME, std::string())).CopyFrom(expected_policy_map_); 468 EXPECT_TRUE(expected_policy_bundle.Equals(provider_.policies())); 469 470 // Policy change should be reported. 471 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 472 device_local_account_policy_.payload().mutable_disablespdy()->set_value( 473 false); 474 device_local_account_policy_.Build(); 475 device_settings_test_helper_.set_device_local_account_policy_blob( 476 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 477 DeviceLocalAccountPolicyBroker* broker = 478 service_.GetBrokerForUser(public_session_user_id_); 479 ASSERT_TRUE(broker); 480 broker->core()->store()->Load(); 481 FlushDeviceSettings(); 482 Mock::VerifyAndClearExpectations(&provider_observer_); 483 484 expected_policy_bundle.Get( 485 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())) 486 .Set(key::kDisableSpdy, 487 POLICY_LEVEL_MANDATORY, 488 POLICY_SCOPE_USER, 489 Value::CreateBooleanValue(false), 490 NULL); 491 EXPECT_TRUE(expected_policy_bundle.Equals(provider_.policies())); 492 493 // Any values set for the |ShelfAutoHideBehavior|, |ShowLogoutButtonInTray| 494 // and |ExtensionAllowedTypes| policies should be overridden. 495 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 496 device_local_account_policy_.payload().mutable_shelfautohidebehavior()-> 497 set_value("Always"); 498 device_local_account_policy_.payload().mutable_showlogoutbuttonintray()-> 499 set_value(false); 500 device_local_account_policy_.payload().mutable_extensionallowedtypes()-> 501 mutable_value()->mutable_entries()->Clear(); 502 device_local_account_policy_.Build(); 503 device_settings_test_helper_.set_device_local_account_policy_blob( 504 PolicyBuilder::kFakeUsername, device_local_account_policy_.GetBlob()); 505 broker->core()->store()->Load(); 506 FlushDeviceSettings(); 507 Mock::VerifyAndClearExpectations(&provider_observer_); 508 EXPECT_TRUE(expected_policy_bundle.Equals(provider_.policies())); 509 510 // Account disappears, policy should stay in effect. 511 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)) 512 .Times(AnyNumber()); 513 device_policy_.payload().mutable_device_local_accounts()->clear_account(); 514 device_policy_.Build(); 515 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 516 ReloadDeviceSettings(); 517 Mock::VerifyAndClearExpectations(&provider_observer_); 518 519 EXPECT_TRUE(expected_policy_bundle.Equals(provider_.policies())); 520 } 521 522 TEST_F(DeviceLocalAccountPolicyProviderTest, RefreshPolicies) { 523 // If there's no device policy, the refresh completes immediately. 524 EXPECT_FALSE(service_.GetBrokerForUser(public_session_user_id_)); 525 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 526 provider_.RefreshPolicies(); 527 Mock::VerifyAndClearExpectations(&provider_observer_); 528 529 // Make device settings appear. 530 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)) 531 .Times(AnyNumber()); 532 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); 533 ReloadDeviceSettings(); 534 Mock::VerifyAndClearExpectations(&provider_observer_); 535 EXPECT_TRUE(service_.GetBrokerForUser(public_session_user_id_)); 536 537 // If there's no cloud connection, refreshes are still immediate. 538 DeviceLocalAccountPolicyBroker* broker = 539 service_.GetBrokerForUser(public_session_user_id_); 540 ASSERT_TRUE(broker); 541 EXPECT_FALSE(broker->core()->client()); 542 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 543 provider_.RefreshPolicies(); 544 Mock::VerifyAndClearExpectations(&provider_observer_); 545 546 // Bring up the cloud connection. The refresh scheduler may fire refreshes at 547 // this point which are not relevant for the test. 548 EXPECT_CALL(mock_device_management_service_, CreateJob(_)) 549 .WillRepeatedly( 550 mock_device_management_service_.FailJob(DM_STATUS_REQUEST_FAILED)); 551 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)); 552 service_.Connect(&mock_device_management_service_); 553 FlushDeviceSettings(); 554 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 555 556 // No callbacks until the refresh completes. 557 EXPECT_CALL(provider_observer_, OnUpdatePolicy(_)).Times(0); 558 MockDeviceManagementJob* request_job; 559 EXPECT_CALL(mock_device_management_service_, CreateJob(_)) 560 .WillOnce(mock_device_management_service_.CreateAsyncJob(&request_job)); 561 EXPECT_CALL(mock_device_management_service_, StartJob(_, _, _, _, _, _, _)); 562 provider_.RefreshPolicies(); 563 ReloadDeviceSettings(); 564 Mock::VerifyAndClearExpectations(&provider_observer_); 565 Mock::VerifyAndClearExpectations(&mock_device_management_service_); 566 EXPECT_TRUE(provider_.IsInitializationComplete(POLICY_DOMAIN_CHROME)); 567 568 // When the response comes in, it should propagate and fire the notification. 569 EXPECT_CALL(provider_observer_, OnUpdatePolicy(&provider_)).Times(AtLeast(1)); 570 ASSERT_TRUE(request_job); 571 em::DeviceManagementResponse response; 572 response.mutable_policy_response()->add_response()->CopyFrom( 573 device_local_account_policy_.policy()); 574 request_job->SendResponse(DM_STATUS_SUCCESS, response); 575 FlushDeviceSettings(); 576 Mock::VerifyAndClearExpectations(&provider_observer_); 577 } 578 579 } // namespace policy 580