Home | History | Annotate | Download | only in users 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/chromeos/login/users/multi_profile_user_controller.h"
      6 
      7 #include "base/memory/scoped_ptr.h"
      8 #include "base/run_loop.h"
      9 #include "base/strings/utf_string_conversions.h"
     10 #include "chrome/browser/chromeos/login/users/fake_user_manager.h"
     11 #include "chrome/browser/chromeos/login/users/multi_profile_user_controller_delegate.h"
     12 #include "chrome/browser/chromeos/login/users/user_manager.h"
     13 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
     14 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
     15 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
     16 #include "chrome/browser/prefs/browser_prefs.h"
     17 #include "chrome/common/pref_names.h"
     18 #include "chrome/test/base/scoped_testing_local_state.h"
     19 #include "chrome/test/base/testing_browser_process.h"
     20 #include "chrome/test/base/testing_pref_service_syncable.h"
     21 #include "chrome/test/base/testing_profile.h"
     22 #include "chrome/test/base/testing_profile_manager.h"
     23 #include "content/public/test/test_browser_thread_bundle.h"
     24 #include "net/cert/x509_certificate.h"
     25 #include "testing/gtest/include/gtest/gtest.h"
     26 
     27 namespace chromeos {
     28 
     29 namespace {
     30 
     31 const char* kUsers[] = {"a (at) gmail.com", "b (at) gmail.com" };
     32 
     33 struct BehaviorTestCase {
     34   const char* primary;
     35   const char* secondary;
     36   MultiProfileUserController::UserAllowedInSessionResult expected_allowed;
     37 };
     38 
     39 const BehaviorTestCase kBehaviorTestCases[] = {
     40   {
     41     MultiProfileUserController::kBehaviorUnrestricted,
     42     MultiProfileUserController::kBehaviorUnrestricted,
     43     MultiProfileUserController::ALLOWED,
     44   },
     45   {
     46     MultiProfileUserController::kBehaviorUnrestricted,
     47     MultiProfileUserController::kBehaviorPrimaryOnly,
     48     MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS,
     49   },
     50   {
     51     MultiProfileUserController::kBehaviorUnrestricted,
     52     MultiProfileUserController::kBehaviorNotAllowed,
     53     MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS,
     54   },
     55   {
     56     MultiProfileUserController::kBehaviorPrimaryOnly,
     57     MultiProfileUserController::kBehaviorUnrestricted,
     58     MultiProfileUserController::ALLOWED,
     59   },
     60   {
     61     MultiProfileUserController::kBehaviorPrimaryOnly,
     62     MultiProfileUserController::kBehaviorPrimaryOnly,
     63     MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS,
     64   },
     65   {
     66     MultiProfileUserController::kBehaviorPrimaryOnly,
     67     MultiProfileUserController::kBehaviorNotAllowed,
     68     MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS,
     69   },
     70   {
     71     MultiProfileUserController::kBehaviorNotAllowed,
     72     MultiProfileUserController::kBehaviorUnrestricted,
     73     MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS,
     74   },
     75   {
     76     MultiProfileUserController::kBehaviorNotAllowed,
     77     MultiProfileUserController::kBehaviorPrimaryOnly,
     78     MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS,
     79   },
     80   {
     81     MultiProfileUserController::kBehaviorNotAllowed,
     82     MultiProfileUserController::kBehaviorNotAllowed,
     83     MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS,
     84   },
     85 };
     86 
     87 // Weak ptr to PolicyCertVerifier - object is freed in test destructor once
     88 // we've ensured the profile has been shut down.
     89 policy::PolicyCertVerifier* g_policy_cert_verifier_for_factory = NULL;
     90 
     91 KeyedService* TestPolicyCertServiceFactory(content::BrowserContext* context) {
     92   return policy::PolicyCertService::CreateForTesting(
     93       kUsers[0], g_policy_cert_verifier_for_factory, UserManager::Get())
     94       .release();
     95 }
     96 
     97 }  // namespace
     98 
     99 class MultiProfileUserControllerTest
    100     : public testing::Test,
    101       public MultiProfileUserControllerDelegate {
    102  public:
    103   MultiProfileUserControllerTest()
    104       : fake_user_manager_(new FakeUserManager),
    105         user_manager_enabler_(fake_user_manager_),
    106         user_not_allowed_count_(0) {}
    107   virtual ~MultiProfileUserControllerTest() {}
    108 
    109   virtual void SetUp() OVERRIDE {
    110     profile_manager_.reset(
    111         new TestingProfileManager(TestingBrowserProcess::GetGlobal()));
    112     ASSERT_TRUE(profile_manager_->SetUp());
    113     controller_.reset(new MultiProfileUserController(
    114         this, TestingBrowserProcess::GetGlobal()->local_state()));
    115 
    116     for (size_t i = 0; i < arraysize(kUsers); ++i) {
    117       const std::string user_email(kUsers[i]);
    118       const User* user = fake_user_manager_->AddUser(user_email);
    119 
    120       // Note that user profiles are created after user login in reality.
    121       TestingProfile* user_profile =
    122           profile_manager_->CreateTestingProfile(user_email);
    123       user_profile->set_profile_name(user_email);
    124       user_profiles_.push_back(user_profile);
    125 
    126       fake_user_manager_->SetProfileForUser(user, user_profile);
    127     }
    128   }
    129 
    130   virtual void TearDown() OVERRIDE {
    131     // Clear our cached pointer to the PolicyCertVerifier.
    132     g_policy_cert_verifier_for_factory = NULL;
    133 
    134     // We must ensure that the PolicyCertVerifier outlives the
    135     // PolicyCertService so shutdown the profile here. Additionally, we need
    136     // to run the message loop between freeing the PolicyCertService and
    137     // freeing the PolicyCertVerifier (see
    138     // PolicyCertService::OnTrustAnchorsChanged() which is called from
    139     // PolicyCertService::Shutdown()).
    140     controller_.reset();
    141     profile_manager_.reset();
    142     base::RunLoop().RunUntilIdle();
    143   }
    144 
    145   void LoginUser(size_t user_index) {
    146     ASSERT_LT(user_index, arraysize(kUsers));
    147     fake_user_manager_->LoginUser(kUsers[user_index]);
    148     controller_->StartObserving(user_profiles_[user_index]);
    149   }
    150 
    151   void SetOwner(size_t user_index) {
    152     fake_user_manager_->set_owner_email(kUsers[user_index]);
    153   }
    154 
    155   PrefService* GetUserPrefs(size_t user_index) {
    156     return user_profiles_[user_index]->GetPrefs();
    157   }
    158 
    159   void SetPrefBehavior(size_t user_index, const std::string& behavior) {
    160     GetUserPrefs(user_index)->SetString(prefs::kMultiProfileUserBehavior,
    161                                         behavior);
    162   }
    163 
    164   std::string GetCachedBehavior(size_t user_index) {
    165     return controller_->GetCachedValue(kUsers[user_index]);
    166   }
    167 
    168   void SetCachedBehavior(size_t user_index,
    169                          const std::string& behavior) {
    170     controller_->SetCachedValue(kUsers[user_index], behavior);
    171   }
    172 
    173   void ResetCounts() {
    174     user_not_allowed_count_ = 0;
    175   }
    176 
    177   // MultiProfileUserControllerDeleagte overrides:
    178   virtual void OnUserNotAllowed(const std::string& user_email) OVERRIDE {
    179     ++user_not_allowed_count_;
    180   }
    181 
    182   MultiProfileUserController* controller() { return controller_.get(); }
    183   int user_not_allowed_count() const { return user_not_allowed_count_; }
    184 
    185   TestingProfile* profile(int index) {
    186     return user_profiles_[index];
    187   }
    188 
    189   content::TestBrowserThreadBundle threads_;
    190   scoped_ptr<policy::PolicyCertVerifier> cert_verifier_;
    191   scoped_ptr<TestingProfileManager> profile_manager_;
    192   FakeUserManager* fake_user_manager_;  // Not owned
    193   ScopedUserManagerEnabler user_manager_enabler_;
    194 
    195   scoped_ptr<MultiProfileUserController> controller_;
    196 
    197   std::vector<TestingProfile*> user_profiles_;
    198 
    199   int user_not_allowed_count_;
    200 
    201   DISALLOW_COPY_AND_ASSIGN(MultiProfileUserControllerTest);
    202 };
    203 
    204 // Tests that everyone is allowed before a session starts.
    205 TEST_F(MultiProfileUserControllerTest, AllAllowedBeforeLogin) {
    206   const char* kTestCases[] = {
    207     MultiProfileUserController::kBehaviorUnrestricted,
    208     MultiProfileUserController::kBehaviorPrimaryOnly,
    209     MultiProfileUserController::kBehaviorNotAllowed,
    210   };
    211   for (size_t i = 0; i < arraysize(kTestCases); ++i) {
    212     SetCachedBehavior(0, kTestCases[i]);
    213     EXPECT_EQ(MultiProfileUserController::ALLOWED,
    214               controller()->IsUserAllowedInSession(kUsers[0]))
    215         << "Case " << i;
    216   }
    217 }
    218 
    219 // Tests that invalid cache value would become the default "unrestricted".
    220 TEST_F(MultiProfileUserControllerTest, InvalidCacheBecomesDefault) {
    221   const char kBad[] = "some invalid value";
    222   SetCachedBehavior(0, kBad);
    223   EXPECT_EQ(MultiProfileUserController::kBehaviorUnrestricted,
    224             GetCachedBehavior(0));
    225 }
    226 
    227 // Tests that cached behavior value changes with user pref after login.
    228 TEST_F(MultiProfileUserControllerTest, CachedBehaviorUpdate) {
    229   LoginUser(0);
    230 
    231   const char* kTestCases[] = {
    232     MultiProfileUserController::kBehaviorUnrestricted,
    233     MultiProfileUserController::kBehaviorPrimaryOnly,
    234     MultiProfileUserController::kBehaviorNotAllowed,
    235     MultiProfileUserController::kBehaviorUnrestricted,
    236   };
    237   for (size_t i = 0; i < arraysize(kTestCases); ++i) {
    238     SetPrefBehavior(0, kTestCases[i]);
    239     EXPECT_EQ(kTestCases[i], GetCachedBehavior(0));
    240   }
    241 }
    242 
    243 // Tests that compromised cache value would be fixed and pref value is checked
    244 // upon login.
    245 TEST_F(MultiProfileUserControllerTest, CompromisedCacheFixedOnLogin) {
    246   SetPrefBehavior(0, MultiProfileUserController::kBehaviorPrimaryOnly);
    247   SetCachedBehavior(0, MultiProfileUserController::kBehaviorUnrestricted);
    248   EXPECT_EQ(MultiProfileUserController::kBehaviorUnrestricted,
    249             GetCachedBehavior(0));
    250   LoginUser(0);
    251   EXPECT_EQ(MultiProfileUserController::kBehaviorPrimaryOnly,
    252             GetCachedBehavior(0));
    253 
    254   EXPECT_EQ(0, user_not_allowed_count());
    255   SetPrefBehavior(1, MultiProfileUserController::kBehaviorPrimaryOnly);
    256   SetCachedBehavior(1, MultiProfileUserController::kBehaviorUnrestricted);
    257   EXPECT_EQ(MultiProfileUserController::kBehaviorUnrestricted,
    258             GetCachedBehavior(1));
    259   LoginUser(1);
    260   EXPECT_EQ(MultiProfileUserController::kBehaviorPrimaryOnly,
    261             GetCachedBehavior(1));
    262   EXPECT_EQ(1, user_not_allowed_count());
    263 }
    264 
    265 // Tests cases before the second user login.
    266 TEST_F(MultiProfileUserControllerTest, IsSecondaryAllowed) {
    267   LoginUser(0);
    268 
    269   for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) {
    270     SetPrefBehavior(0, kBehaviorTestCases[i].primary);
    271     SetCachedBehavior(1, kBehaviorTestCases[i].secondary);
    272     EXPECT_EQ(kBehaviorTestCases[i].expected_allowed,
    273               controller()->IsUserAllowedInSession(kUsers[1])) << "Case " << i;
    274   }
    275 }
    276 
    277 // Tests user behavior changes within a two-user session.
    278 TEST_F(MultiProfileUserControllerTest, PrimaryBehaviorChange) {
    279   LoginUser(0);
    280   LoginUser(1);
    281 
    282   for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) {
    283     SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted);
    284     SetPrefBehavior(1, MultiProfileUserController::kBehaviorUnrestricted);
    285     ResetCounts();
    286 
    287     SetPrefBehavior(0, kBehaviorTestCases[i].primary);
    288     SetPrefBehavior(1, kBehaviorTestCases[i].secondary);
    289     if (user_not_allowed_count() == 0) {
    290       EXPECT_EQ(kBehaviorTestCases[i].expected_allowed,
    291                 MultiProfileUserController::ALLOWED) << "Case " << i;
    292     } else {
    293       EXPECT_NE(kBehaviorTestCases[i].expected_allowed,
    294                 MultiProfileUserController::ALLOWED) << "Case " << i;
    295     }
    296   }
    297 }
    298 
    299 // Tests that owner could not be a secondary user.
    300 TEST_F(MultiProfileUserControllerTest, NoSecondaryOwner) {
    301   LoginUser(0);
    302   SetOwner(1);
    303 
    304   EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_OWNER_AS_SECONDARY,
    305             controller()->IsUserAllowedInSession(kUsers[1]));
    306   EXPECT_EQ(MultiProfileUserController::kBehaviorOwnerPrimaryOnly,
    307             GetCachedBehavior(1));
    308 
    309   EXPECT_EQ(0, user_not_allowed_count());
    310   LoginUser(1);
    311   EXPECT_EQ(1, user_not_allowed_count());
    312 }
    313 
    314 TEST_F(MultiProfileUserControllerTest,
    315        UsedPolicyCertificatesAllowedForPrimary) {
    316   // Verifies that any user can sign-in as the primary user, regardless of the
    317   // tainted state.
    318   policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]);
    319   EXPECT_EQ(MultiProfileUserController::ALLOWED,
    320             controller()->IsUserAllowedInSession(kUsers[0]));
    321   EXPECT_EQ(MultiProfileUserController::ALLOWED,
    322             controller()->IsUserAllowedInSession(kUsers[1]));
    323 }
    324 
    325 TEST_F(MultiProfileUserControllerTest,
    326        UsedPolicyCertificatesDisallowedForSecondary) {
    327   // Verifies that if a regular user is signed-in then other regular users can
    328   // be added but tainted users can't.
    329   LoginUser(1);
    330 
    331   // TODO(xiyuan): Remove the following SetPrefBehavor when default is
    332   // changed back to enabled.
    333   SetPrefBehavior(1, MultiProfileUserController::kBehaviorUnrestricted);
    334 
    335   EXPECT_EQ(MultiProfileUserController::ALLOWED,
    336             controller()->IsUserAllowedInSession(kUsers[0]));
    337   policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]);
    338   EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_POLICY_CERT_TAINTED,
    339             controller()->IsUserAllowedInSession(kUsers[0]));
    340 }
    341 
    342 TEST_F(MultiProfileUserControllerTest,
    343        UsedPolicyCertificatesDisallowsSecondaries) {
    344   // Verifies that if a tainted user is signed-in then no other users can
    345   // be added.
    346   policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]);
    347   LoginUser(0);
    348 
    349   cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure()));
    350   g_policy_cert_verifier_for_factory = cert_verifier_.get();
    351   ASSERT_TRUE(
    352       policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse(
    353           profile(0), TestPolicyCertServiceFactory));
    354 
    355   EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED,
    356             controller()->IsUserAllowedInSession(kUsers[1]));
    357   policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[1]);
    358   EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_POLICY_CERT_TAINTED,
    359             controller()->IsUserAllowedInSession(kUsers[1]));
    360 
    361   // Flush tasks posted to IO.
    362   base::RunLoop().RunUntilIdle();
    363 }
    364 
    365 TEST_F(MultiProfileUserControllerTest,
    366        PolicyCertificatesInMemoryDisallowsSecondaries) {
    367   // Verifies that if a user is signed-in and has policy certificates installed
    368   // then no other users can be added.
    369   LoginUser(0);
    370 
    371   // TODO(xiyuan): Remove the following SetPrefBehavor when default is
    372   // changed back to enabled.
    373   SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted);
    374 
    375   cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure()));
    376   g_policy_cert_verifier_for_factory = cert_verifier_.get();
    377   ASSERT_TRUE(
    378       policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse(
    379           profile(0), TestPolicyCertServiceFactory));
    380   policy::PolicyCertService* service =
    381       policy::PolicyCertServiceFactory::GetForProfile(profile(0));
    382   ASSERT_TRUE(service);
    383 
    384   EXPECT_FALSE(service->has_policy_certificates());
    385   EXPECT_EQ(MultiProfileUserController::ALLOWED,
    386             controller()->IsUserAllowedInSession(kUsers[1]));
    387 
    388   net::CertificateList certificates;
    389   certificates.push_back(new net::X509Certificate(
    390       "subject", "issuer", base::Time(), base::Time()));
    391   service->OnTrustAnchorsChanged(certificates);
    392   EXPECT_TRUE(service->has_policy_certificates());
    393   EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED,
    394             controller()->IsUserAllowedInSession(kUsers[1]));
    395 
    396   // Flush tasks posted to IO.
    397   base::RunLoop().RunUntilIdle();
    398 }
    399 
    400 }  // namespace chromeos
    401