Home | History | Annotate | Download | only in permissions 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/extensions/api/permissions/permissions_api.h"
      6 #include "chrome/browser/extensions/extension_apitest.h"
      7 #include "chrome/browser/extensions/extension_prefs.h"
      8 #include "chrome/browser/extensions/extension_service.h"
      9 #include "chrome/browser/profiles/profile.h"
     10 #include "chrome/browser/ui/browser.h"
     11 #include "chrome/common/extensions/permissions/permission_set.h"
     12 #include "extensions/common/switches.h"
     13 #include "net/dns/mock_host_resolver.h"
     14 
     15 namespace extensions {
     16 
     17 namespace {
     18 
     19 static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
     20   int schemes = URLPattern::SCHEME_ALL;
     21   extent->AddPattern(URLPattern(schemes, pattern));
     22 }
     23 
     24 }  // namespace
     25 
     26 class ExperimentalApiTest : public ExtensionApiTest {
     27 public:
     28   virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
     29     ExtensionApiTest::SetUpCommandLine(command_line);
     30     command_line->AppendSwitch(switches::kEnableExperimentalExtensionApis);
     31   }
     32 };
     33 
     34 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, PermissionsFail) {
     35   ASSERT_TRUE(RunExtensionTest("permissions/disabled")) << message_;
     36 
     37   // Since the experimental APIs require a flag, this will fail even though
     38   // it's enabled.
     39   // TODO(erikkay) This test is currently broken because LoadExtension in
     40   // ExtensionBrowserTest doesn't actually fail, it just times out.  To fix this
     41   // I'll need to add an EXTENSION_LOAD_ERROR notification, which is probably
     42   // too much for the branch.  I'll enable this on trunk later.
     43   //ASSERT_FALSE(RunExtensionTest("permissions/enabled"))) << message_;
     44 }
     45 
     46 IN_PROC_BROWSER_TEST_F(ExperimentalApiTest, PermissionsSucceed) {
     47   ASSERT_TRUE(RunExtensionTest("permissions/enabled")) << message_;
     48 }
     49 
     50 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, ExperimentalPermissionsFail) {
     51   // At the time this test is being created, there is no experimental
     52   // function that will not be graduating soon, and does not require a
     53   // tab id as an argument.  So, we need the tab permission to get
     54   // a tab id.
     55   ASSERT_TRUE(RunExtensionTest("permissions/experimental_disabled"))
     56       << message_;
     57 }
     58 
     59 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, FaviconPermission) {
     60   ASSERT_TRUE(RunExtensionTest("permissions/favicon")) << message_;
     61 }
     62 
     63 // Test functions and APIs that are always allowed (even if you ask for no
     64 // permissions).
     65 // Disabled: http://crbug.com/125193
     66 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, DISABLED_AlwaysAllowed) {
     67   ASSERT_TRUE(RunExtensionTest("permissions/always_allowed")) << message_;
     68 }
     69 
     70 // Tests that the optional permissions API works correctly.
     71 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGranted) {
     72   // Mark all the tested APIs as granted to bypass the confirmation UI.
     73   APIPermissionSet apis;
     74   apis.insert(APIPermission::kBookmark);
     75   URLPatternSet explicit_hosts;
     76   AddPattern(&explicit_hosts, "http://*.c.com/*");
     77   scoped_refptr<PermissionSet> granted_permissions =
     78       new PermissionSet(apis, explicit_hosts, URLPatternSet());
     79 
     80   ExtensionPrefs* prefs =
     81       browser()->profile()->GetExtensionService()->extension_prefs();
     82   prefs->AddGrantedPermissions("kjmkgkdkpedkejedfhmfcenooemhbpbo",
     83                                granted_permissions.get());
     84 
     85   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
     86   host_resolver()->AddRule("*.com", "127.0.0.1");
     87   ASSERT_TRUE(StartEmbeddedTestServer());
     88   EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_;
     89 }
     90 
     91 // Tests that the optional permissions API works correctly.
     92 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsAutoConfirm) {
     93   // Rather than setting the granted permissions, set the UI autoconfirm flag
     94   // and run the same tests.
     95   PermissionsRequestFunction::SetAutoConfirmForTests(true);
     96   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
     97   host_resolver()->AddRule("*.com", "127.0.0.1");
     98   ASSERT_TRUE(StartEmbeddedTestServer());
     99   EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_;
    100 }
    101 
    102 // Test that denying the optional permissions confirmation dialog works.
    103 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsDeny) {
    104   PermissionsRequestFunction::SetAutoConfirmForTests(false);
    105   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
    106   host_resolver()->AddRule("*.com", "127.0.0.1");
    107   ASSERT_TRUE(StartEmbeddedTestServer());
    108   EXPECT_TRUE(RunExtensionTest("permissions/optional_deny")) << message_;
    109 }
    110 
    111 // Tests that the permissions.request function must be called from within a
    112 // user gesture.
    113 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGesture) {
    114   PermissionsRequestFunction::SetIgnoreUserGestureForTests(false);
    115   host_resolver()->AddRule("*.com", "127.0.0.1");
    116   ASSERT_TRUE(StartEmbeddedTestServer());
    117   EXPECT_TRUE(RunExtensionTest("permissions/optional_gesture")) << message_;
    118 }
    119 
    120 // Tests that an extension can't gain access to file: URLs without the checkbox
    121 // entry in prefs. There shouldn't be a warning either.
    122 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsFileAccess) {
    123   // There shouldn't be a warning, so we shouldn't need to autoconfirm.
    124   PermissionsRequestFunction::SetAutoConfirmForTests(false);
    125   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
    126 
    127   ExtensionPrefs* prefs =
    128       browser()->profile()->GetExtensionService()->extension_prefs();
    129 
    130   EXPECT_TRUE(
    131       RunExtensionTestNoFileAccess("permissions/file_access_no")) << message_;
    132   EXPECT_FALSE(prefs->AllowFileAccess("dgloelfbnddbdacakahpogklfdcccbib"));
    133 
    134   EXPECT_TRUE(RunExtensionTest("permissions/file_access_yes")) << message_;
    135   // TODO(kalman): ugh, it would be nice to test this condition, but it seems
    136   // like there's somehow a race here where the prefs aren't updated in time
    137   // with the "allow file access" bit, so we'll just have to trust that
    138   // RunExtensionTest (unlike RunExtensionTestNoFileAccess) does indeed
    139   // not set the allow file access bit. Otherwise this test doesn't mean
    140   // a whole lot (i.e. file access works - but it'd better not be the case
    141   // that the extension actually has file access, since that'd be the bug
    142   // that this is supposed to be testing).
    143   //EXPECT_TRUE(prefs->AllowFileAccess("hlonmbgfjccgolnaboonlakjckinmhmd"));
    144 }
    145 
    146 // Test requesting, querying, and removing host permissions for host
    147 // permissions that are a subset of the optional permissions.
    148 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, HostSubsets) {
    149   PermissionsRequestFunction::SetAutoConfirmForTests(true);
    150   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
    151   EXPECT_TRUE(RunExtensionTest("permissions/host_subsets")) << message_;
    152 }
    153 
    154 }  // namespace extensions
    155