Home | History | Annotate | Download | only in permissions 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/extensions/api/permissions/permissions_api.h"
      6 #include "chrome/browser/extensions/extension_apitest.h"
      7 #include "chrome/browser/extensions/extension_prefs.h"
      8 #include "chrome/browser/extensions/extension_service.h"
      9 #include "chrome/browser/profiles/profile.h"
     10 #include "chrome/browser/ui/browser.h"
     11 #include "extensions/common/permissions/permission_set.h"
     12 #include "extensions/common/switches.h"
     13 #include "net/dns/mock_host_resolver.h"
     14 
     15 namespace extensions {
     16 
     17 namespace {
     18 
     19 static void AddPattern(URLPatternSet* extent, const std::string& pattern) {
     20   int schemes = URLPattern::SCHEME_ALL;
     21   extent->AddPattern(URLPattern(schemes, pattern));
     22 }
     23 
     24 }  // namespace
     25 
     26 class ExperimentalApiTest : public ExtensionApiTest {
     27 public:
     28   virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
     29     ExtensionApiTest::SetUpCommandLine(command_line);
     30     command_line->AppendSwitch(switches::kEnableExperimentalExtensionApis);
     31   }
     32 };
     33 
     34 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, PermissionsFail) {
     35   ASSERT_TRUE(RunExtensionTest("permissions/disabled")) << message_;
     36 
     37   // Since the experimental APIs require a flag, this will fail even though
     38   // it's enabled.
     39   // TODO(erikkay) This test is currently broken because LoadExtension in
     40   // ExtensionBrowserTest doesn't actually fail, it just times out.  To fix this
     41   // I'll need to add an EXTENSION_LOAD_ERROR notification, which is probably
     42   // too much for the branch.  I'll enable this on trunk later.
     43   //ASSERT_FALSE(RunExtensionTest("permissions/enabled"))) << message_;
     44 }
     45 
     46 IN_PROC_BROWSER_TEST_F(ExperimentalApiTest, PermissionsSucceed) {
     47   ASSERT_TRUE(RunExtensionTest("permissions/enabled")) << message_;
     48 }
     49 
     50 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, ExperimentalPermissionsFail) {
     51   // At the time this test is being created, there is no experimental
     52   // function that will not be graduating soon, and does not require a
     53   // tab id as an argument.  So, we need the tab permission to get
     54   // a tab id.
     55   ASSERT_TRUE(RunExtensionTest("permissions/experimental_disabled"))
     56       << message_;
     57 }
     58 
     59 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, FaviconPermission) {
     60   ASSERT_TRUE(RunExtensionTest("permissions/favicon")) << message_;
     61 }
     62 
     63 // Test functions and APIs that are always allowed (even if you ask for no
     64 // permissions).
     65 // Disabled: http://crbug.com/125193
     66 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, DISABLED_AlwaysAllowed) {
     67   ASSERT_TRUE(RunExtensionTest("permissions/always_allowed")) << message_;
     68 }
     69 
     70 // Tests that the optional permissions API works correctly.
     71 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGranted) {
     72   // Mark all the tested APIs as granted to bypass the confirmation UI.
     73   APIPermissionSet apis;
     74   apis.insert(APIPermission::kBookmark);
     75   ManifestPermissionSet manifest_permissions;
     76   URLPatternSet explicit_hosts;
     77   AddPattern(&explicit_hosts, "http://*.c.com/*");
     78   scoped_refptr<PermissionSet> granted_permissions =
     79       new PermissionSet(apis, manifest_permissions,
     80                         explicit_hosts, URLPatternSet());
     81 
     82   ExtensionPrefs* prefs =
     83       browser()->profile()->GetExtensionService()->extension_prefs();
     84   prefs->AddGrantedPermissions("kjmkgkdkpedkejedfhmfcenooemhbpbo",
     85                                granted_permissions.get());
     86 
     87   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
     88   host_resolver()->AddRule("*.com", "127.0.0.1");
     89   ASSERT_TRUE(StartEmbeddedTestServer());
     90   EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_;
     91 }
     92 
     93 // Tests that the optional permissions API works correctly.
     94 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsAutoConfirm) {
     95   // Rather than setting the granted permissions, set the UI autoconfirm flag
     96   // and run the same tests.
     97   PermissionsRequestFunction::SetAutoConfirmForTests(true);
     98   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
     99   host_resolver()->AddRule("*.com", "127.0.0.1");
    100   ASSERT_TRUE(StartEmbeddedTestServer());
    101   EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_;
    102 }
    103 
    104 // Test that denying the optional permissions confirmation dialog works.
    105 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsDeny) {
    106   PermissionsRequestFunction::SetAutoConfirmForTests(false);
    107   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
    108   host_resolver()->AddRule("*.com", "127.0.0.1");
    109   ASSERT_TRUE(StartEmbeddedTestServer());
    110   EXPECT_TRUE(RunExtensionTest("permissions/optional_deny")) << message_;
    111 }
    112 
    113 // Tests that the permissions.request function must be called from within a
    114 // user gesture.
    115 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGesture) {
    116   PermissionsRequestFunction::SetIgnoreUserGestureForTests(false);
    117   host_resolver()->AddRule("*.com", "127.0.0.1");
    118   ASSERT_TRUE(StartEmbeddedTestServer());
    119   EXPECT_TRUE(RunExtensionTest("permissions/optional_gesture")) << message_;
    120 }
    121 
    122 // Tests that an extension can't gain access to file: URLs without the checkbox
    123 // entry in prefs. There shouldn't be a warning either.
    124 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsFileAccess) {
    125   // There shouldn't be a warning, so we shouldn't need to autoconfirm.
    126   PermissionsRequestFunction::SetAutoConfirmForTests(false);
    127   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
    128 
    129   ExtensionPrefs* prefs =
    130       browser()->profile()->GetExtensionService()->extension_prefs();
    131 
    132   EXPECT_TRUE(
    133       RunExtensionTestNoFileAccess("permissions/file_access_no")) << message_;
    134   EXPECT_FALSE(prefs->AllowFileAccess("dgloelfbnddbdacakahpogklfdcccbib"));
    135 
    136   EXPECT_TRUE(RunExtensionTest("permissions/file_access_yes")) << message_;
    137   // TODO(kalman): ugh, it would be nice to test this condition, but it seems
    138   // like there's somehow a race here where the prefs aren't updated in time
    139   // with the "allow file access" bit, so we'll just have to trust that
    140   // RunExtensionTest (unlike RunExtensionTestNoFileAccess) does indeed
    141   // not set the allow file access bit. Otherwise this test doesn't mean
    142   // a whole lot (i.e. file access works - but it'd better not be the case
    143   // that the extension actually has file access, since that'd be the bug
    144   // that this is supposed to be testing).
    145   //EXPECT_TRUE(prefs->AllowFileAccess("hlonmbgfjccgolnaboonlakjckinmhmd"));
    146 }
    147 
    148 // Test requesting, querying, and removing host permissions for host
    149 // permissions that are a subset of the optional permissions.
    150 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, HostSubsets) {
    151   PermissionsRequestFunction::SetAutoConfirmForTests(true);
    152   PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
    153   EXPECT_TRUE(RunExtensionTest("permissions/host_subsets")) << message_;
    154 }
    155 
    156 }  // namespace extensions
    157