1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <string> 6 7 #include "base/compiler_specific.h" 8 #include "base/run_loop.h" 9 #include "base/strings/utf_string_conversions.h" 10 #include "base/threading/sequenced_worker_pool.h" 11 #include "chrome/browser/chrome_notification_types.h" 12 #include "chrome/browser/chromeos/login/login_manager_test.h" 13 #include "chrome/browser/chromeos/login/managed/managed_user_test_base.h" 14 #include "chrome/browser/chromeos/login/managed/supervised_user_authentication.h" 15 #include "chrome/browser/chromeos/login/startup_utils.h" 16 #include "chrome/browser/chromeos/login/ui/login_display_host_impl.h" 17 #include "chrome/browser/chromeos/login/ui/webui_login_view.h" 18 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h" 19 #include "chrome/browser/chromeos/net/network_portal_detector_test_impl.h" 20 #include "chrome/browser/chromeos/settings/stub_cros_settings_provider.h" 21 #include "chrome/browser/supervised_user/supervised_user_constants.h" 22 #include "chrome/browser/supervised_user/supervised_user_registration_utility.h" 23 #include "chrome/browser/supervised_user/supervised_user_registration_utility_stub.h" 24 #include "chrome/browser/supervised_user/supervised_user_shared_settings_service.h" 25 #include "chrome/browser/supervised_user/supervised_user_shared_settings_service_factory.h" 26 #include "chrome/browser/supervised_user/supervised_user_sync_service.h" 27 #include "chrome/browser/supervised_user/supervised_user_sync_service_factory.h" 28 #include "chromeos/cryptohome/mock_async_method_caller.h" 29 #include "chromeos/cryptohome/mock_homedir_methods.h" 30 #include "content/public/browser/notification_service.h" 31 #include "content/public/test/browser_test_utils.h" 32 #include "content/public/test/test_utils.h" 33 #include "sync/api/attachments/attachment_service_proxy_for_test.h" 34 #include "sync/api/fake_sync_change_processor.h" 35 #include "sync/api/sync_change.h" 36 #include "sync/api/sync_error_factory_mock.h" 37 #include "sync/protocol/sync.pb.h" 38 39 using testing::_; 40 using chromeos::ManagedUserTestBase; 41 using chromeos::kTestSupervisedUserDisplayName; 42 using chromeos::kTestManager; 43 44 namespace chromeos { 45 46 class SupervisedUserPasswordTest : public ManagedUserTestBase { 47 public: 48 SupervisedUserPasswordTest() : ManagedUserTestBase() {} 49 50 private: 51 DISALLOW_COPY_AND_ASSIGN(SupervisedUserPasswordTest); 52 }; 53 54 class SupervisedUserPasswordManagerTest : public ManagedUserTestBase { 55 public: 56 SupervisedUserPasswordManagerTest() : ManagedUserTestBase() {} 57 58 private: 59 DISALLOW_COPY_AND_ASSIGN(SupervisedUserPasswordManagerTest); 60 }; 61 62 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest, 63 DISABLED_PRE_PRE_PRE_PasswordChangeFromUserTest) { 64 PrepareUsers(); 65 } 66 67 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest, 68 DISABLED_PRE_PRE_PasswordChangeFromUserTest) { 69 StartFlowLoginAsManager(); 70 FillNewUserData(kTestSupervisedUserDisplayName); 71 StartUserCreation("managed-user-creation-next-button", 72 kTestSupervisedUserDisplayName); 73 } 74 75 // Supervised user signs in, get sync notification about password update, and 76 // schedules password migration. 77 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest, 78 DISABLED_PRE_PasswordChangeFromUserTest) { 79 SigninAsSupervisedUser(true, 0, kTestSupervisedUserDisplayName); 80 81 const User* user = UserManager::Get()->GetUsers().at(0); 82 std::string sync_id = 83 UserManager::Get()->GetSupervisedUserManager()->GetUserSyncId( 84 user->email()); 85 base::DictionaryValue password; 86 password.SetIntegerWithoutPathExpansion( 87 kSchemaVersion, SupervisedUserAuthentication::SCHEMA_SALT_HASHED); 88 password.SetIntegerWithoutPathExpansion(kPasswordRevision, 2); 89 90 password.SetStringWithoutPathExpansion(kPasswordSignature, "signature"); 91 password.SetStringWithoutPathExpansion(kEncryptedPassword, 92 "new-encrypted-password"); 93 94 shared_settings_adapter_->AddChange( 95 sync_id, supervised_users::kChromeOSPasswordData, password, true, false); 96 content::RunAllPendingInMessageLoop(); 97 } 98 99 // Supervised user signs in for second time, and actual password migration takes 100 // place. 101 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest, 102 DISABLED_PasswordChangeFromUserTest) { 103 EXPECT_CALL(*mock_homedir_methods_, MountEx(_, _, _, _)).Times(1); 104 EXPECT_CALL(*mock_homedir_methods_, UpdateKeyEx(_, _, _, _, _)).Times(1); 105 SigninAsSupervisedUser(false, 0, kTestSupervisedUserDisplayName); 106 testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_); 107 } 108 109 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest, 110 DISABLED_PRE_PRE_PRE_PasswordChangeFromManagerTest) { 111 PrepareUsers(); 112 } 113 114 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest, 115 DISABLED_PRE_PRE_PasswordChangeFromManagerTest) { 116 StartFlowLoginAsManager(); 117 FillNewUserData(kTestSupervisedUserDisplayName); 118 StartUserCreation("managed-user-creation-next-button", 119 kTestSupervisedUserDisplayName); 120 } 121 122 // Manager signs in, gets sync notification about supervised user password 123 // update, and performs migration. 124 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest, 125 DISABLED_PRE_PasswordChangeFromManagerTest) { 126 const User* managed_user = UserManager::Get()->GetUsers().at(0); 127 128 SigninAsManager(1); 129 130 EXPECT_CALL(*mock_homedir_methods_, AddKeyEx(_, _, _, _, _)).Times(1); 131 132 std::string sync_id = 133 UserManager::Get()->GetSupervisedUserManager()->GetUserSyncId( 134 managed_user->email()); 135 136 ::sync_pb::ManagedUserSpecifics managed_user_proto; 137 138 managed_user_proto.set_id(sync_id); 139 managed_user_proto.set_name(kTestSupervisedUserDisplayName); 140 managed_user_proto.set_acknowledged(true); 141 managed_user_proto.set_master_key("master key"); 142 managed_user_proto.set_password_signature_key("signature_key"); 143 managed_user_proto.set_password_encryption_key("encryption_key"); 144 145 managed_users_adapter_->AddChange(managed_user_proto, false); 146 content::RunAllPendingInMessageLoop(); 147 148 base::DictionaryValue password; 149 password.SetIntegerWithoutPathExpansion( 150 kSchemaVersion, SupervisedUserAuthentication::SCHEMA_SALT_HASHED); 151 password.SetIntegerWithoutPathExpansion(kPasswordRevision, 2); 152 153 password.SetStringWithoutPathExpansion(kPasswordSignature, "signature"); 154 password.SetStringWithoutPathExpansion(kEncryptedPassword, 155 "new-encrypted-password"); 156 shared_settings_adapter_->AddChange( 157 sync_id, supervised_users::kChromeOSPasswordData, password, true, false); 158 content::RunAllPendingInMessageLoop(); 159 160 testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_); 161 } 162 163 // After that supervised user signs in, and no password change happens. 164 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest, 165 DISABLED_PasswordChangeFromManagerTest) { 166 EXPECT_CALL(*mock_homedir_methods_, MountEx(_, _, _, _)).Times(1); 167 EXPECT_CALL(*mock_homedir_methods_, UpdateKeyEx(_, _, _, _, _)).Times(0); 168 SigninAsSupervisedUser(false, 1, kTestSupervisedUserDisplayName); 169 testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_); 170 } 171 172 IN_PROC_BROWSER_TEST_F( 173 SupervisedUserPasswordTest, 174 DISABLED_PRE_PRE_PRE_PRE_PasswordChangeUserAndManagerTest) { 175 PrepareUsers(); 176 } 177 178 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest, 179 DISABLED_PRE_PRE_PRE_PasswordChangeUserAndManagerTest) { 180 StartFlowLoginAsManager(); 181 FillNewUserData(kTestSupervisedUserDisplayName); 182 StartUserCreation("managed-user-creation-next-button", 183 kTestSupervisedUserDisplayName); 184 } 185 186 // Supervised user signs in, get sync notification about password update, and 187 // schedules password migration. 188 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest, 189 DISABLED_PRE_PRE_PasswordChangeUserAndManagerTest) { 190 SigninAsSupervisedUser(true, 0, kTestSupervisedUserDisplayName); 191 192 const User* user = UserManager::Get()->GetUsers().at(0); 193 std::string sync_id = 194 UserManager::Get()->GetSupervisedUserManager()->GetUserSyncId( 195 user->email()); 196 base::DictionaryValue password; 197 password.SetIntegerWithoutPathExpansion( 198 kSchemaVersion, SupervisedUserAuthentication::SCHEMA_SALT_HASHED); 199 password.SetIntegerWithoutPathExpansion(kPasswordRevision, 2); 200 201 password.SetStringWithoutPathExpansion(kPasswordSignature, "signature"); 202 password.SetStringWithoutPathExpansion(kEncryptedPassword, 203 "new-encrypted-password"); 204 205 shared_settings_adapter_->AddChange( 206 sync_id, supervised_users::kChromeOSPasswordData, password, true, false); 207 content::RunAllPendingInMessageLoop(); 208 } 209 210 // After that manager signs in, and also detects password change. Manager 211 // performs the migration. 212 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest, 213 DISABLED_PRE_PasswordChangeUserAndManagerTest) { 214 const User* managed_user = UserManager::Get()->GetUsers().at(0); 215 216 SigninAsManager(1); 217 218 EXPECT_CALL(*mock_homedir_methods_, AddKeyEx(_, _, _, _, _)).Times(1); 219 220 std::string sync_id = 221 UserManager::Get()->GetSupervisedUserManager()->GetUserSyncId( 222 managed_user->email()); 223 224 ::sync_pb::ManagedUserSpecifics managed_user_proto; 225 226 managed_user_proto.set_id(sync_id); 227 managed_user_proto.set_name(kTestSupervisedUserDisplayName); 228 managed_user_proto.set_acknowledged(true); 229 managed_user_proto.set_master_key("master key"); 230 managed_user_proto.set_password_signature_key("signature_key"); 231 managed_user_proto.set_password_encryption_key("encryption_key"); 232 233 managed_users_adapter_->AddChange(managed_user_proto, false); 234 content::RunAllPendingInMessageLoop(); 235 236 base::DictionaryValue password; 237 password.SetIntegerWithoutPathExpansion( 238 kSchemaVersion, SupervisedUserAuthentication::SCHEMA_SALT_HASHED); 239 password.SetIntegerWithoutPathExpansion(kPasswordRevision, 2); 240 241 password.SetStringWithoutPathExpansion(kPasswordSignature, "signature"); 242 password.SetStringWithoutPathExpansion(kEncryptedPassword, 243 "new-encrypted-password"); 244 shared_settings_adapter_->AddChange( 245 sync_id, supervised_users::kChromeOSPasswordData, password, true, false); 246 content::RunAllPendingInMessageLoop(); 247 248 testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_); 249 } 250 251 // When supervised user signs in, password is already migrated, so no migration 252 // should be attempted. 253 IN_PROC_BROWSER_TEST_F(SupervisedUserPasswordTest, 254 DISABLED_PasswordChangeUserAndManagerTest) { 255 EXPECT_CALL(*mock_homedir_methods_, MountEx(_, _, _, _)).Times(1); 256 EXPECT_CALL(*mock_homedir_methods_, UpdateKeyEx(_, _, _, _, _)).Times(0); 257 SigninAsSupervisedUser(false, 1, kTestSupervisedUserDisplayName); 258 testing::Mock::VerifyAndClearExpectations(mock_homedir_methods_); 259 } 260 261 } // namespace chromeos 262