1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/extensions/api/permissions/permissions_api.h" 6 #include "chrome/browser/extensions/extension_apitest.h" 7 #include "chrome/browser/profiles/profile.h" 8 #include "chrome/browser/ui/browser.h" 9 #include "extensions/browser/extension_prefs.h" 10 #include "extensions/common/permissions/permission_set.h" 11 #include "extensions/common/switches.h" 12 #include "net/dns/mock_host_resolver.h" 13 14 namespace extensions { 15 16 namespace { 17 18 static void AddPattern(URLPatternSet* extent, const std::string& pattern) { 19 int schemes = URLPattern::SCHEME_ALL; 20 extent->AddPattern(URLPattern(schemes, pattern)); 21 } 22 23 } // namespace 24 25 class ExperimentalApiTest : public ExtensionApiTest { 26 public: 27 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 28 ExtensionApiTest::SetUpCommandLine(command_line); 29 command_line->AppendSwitch(switches::kEnableExperimentalExtensionApis); 30 } 31 }; 32 33 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, PermissionsFail) { 34 ASSERT_TRUE(RunExtensionTest("permissions/disabled")) << message_; 35 36 // Since the experimental APIs require a flag, this will fail even though 37 // it's enabled. 38 // TODO(erikkay) This test is currently broken because LoadExtension in 39 // ExtensionBrowserTest doesn't actually fail, it just times out. To fix this 40 // I'll need to add an EXTENSION_LOAD_ERROR notification, which is probably 41 // too much for the branch. I'll enable this on trunk later. 42 //ASSERT_FALSE(RunExtensionTest("permissions/enabled"))) << message_; 43 } 44 45 IN_PROC_BROWSER_TEST_F(ExperimentalApiTest, PermissionsSucceed) { 46 ASSERT_TRUE(RunExtensionTest("permissions/enabled")) << message_; 47 } 48 49 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, ExperimentalPermissionsFail) { 50 // At the time this test is being created, there is no experimental 51 // function that will not be graduating soon, and does not require a 52 // tab id as an argument. So, we need the tab permission to get 53 // a tab id. 54 ASSERT_TRUE(RunExtensionTest("permissions/experimental_disabled")) 55 << message_; 56 } 57 58 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, FaviconPermission) { 59 ASSERT_TRUE(RunExtensionTest("permissions/favicon")) << message_; 60 } 61 62 // Test functions and APIs that are always allowed (even if you ask for no 63 // permissions). 64 // Disabled: http://crbug.com/125193 65 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, DISABLED_AlwaysAllowed) { 66 ASSERT_TRUE(RunExtensionTest("permissions/always_allowed")) << message_; 67 } 68 69 // Tests that the optional permissions API works correctly. 70 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGranted) { 71 // Mark all the tested APIs as granted to bypass the confirmation UI. 72 APIPermissionSet apis; 73 apis.insert(APIPermission::kBookmark); 74 ManifestPermissionSet manifest_permissions; 75 URLPatternSet explicit_hosts; 76 AddPattern(&explicit_hosts, "http://*.c.com/*"); 77 scoped_refptr<PermissionSet> granted_permissions = 78 new PermissionSet(apis, manifest_permissions, 79 explicit_hosts, URLPatternSet()); 80 81 ExtensionPrefs* prefs = ExtensionPrefs::Get(browser()->profile()); 82 prefs->AddGrantedPermissions("kjmkgkdkpedkejedfhmfcenooemhbpbo", 83 granted_permissions.get()); 84 85 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); 86 host_resolver()->AddRule("*.com", "127.0.0.1"); 87 ASSERT_TRUE(StartEmbeddedTestServer()); 88 EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_; 89 } 90 91 // Tests that the optional permissions API works correctly. 92 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsAutoConfirm) { 93 // Rather than setting the granted permissions, set the UI autoconfirm flag 94 // and run the same tests. 95 PermissionsRequestFunction::SetAutoConfirmForTests(true); 96 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); 97 host_resolver()->AddRule("*.com", "127.0.0.1"); 98 ASSERT_TRUE(StartEmbeddedTestServer()); 99 EXPECT_TRUE(RunExtensionTest("permissions/optional")) << message_; 100 } 101 102 // Test that denying the optional permissions confirmation dialog works. 103 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsDeny) { 104 PermissionsRequestFunction::SetAutoConfirmForTests(false); 105 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); 106 host_resolver()->AddRule("*.com", "127.0.0.1"); 107 ASSERT_TRUE(StartEmbeddedTestServer()); 108 EXPECT_TRUE(RunExtensionTest("permissions/optional_deny")) << message_; 109 } 110 111 // Tests that the permissions.request function must be called from within a 112 // user gesture. 113 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsGesture) { 114 PermissionsRequestFunction::SetIgnoreUserGestureForTests(false); 115 host_resolver()->AddRule("*.com", "127.0.0.1"); 116 ASSERT_TRUE(StartEmbeddedTestServer()); 117 EXPECT_TRUE(RunExtensionTest("permissions/optional_gesture")) << message_; 118 } 119 120 // Tests that the user gesture is retained in the permissions.request function 121 // callback. 122 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsRetainGesture) { 123 PermissionsRequestFunction::SetAutoConfirmForTests(true); 124 PermissionsRequestFunction::SetIgnoreUserGestureForTests(false); 125 host_resolver()->AddRule("*.com", "127.0.0.1"); 126 ASSERT_TRUE(StartEmbeddedTestServer()); 127 EXPECT_TRUE(RunExtensionTest("permissions/optional_retain_gesture")) 128 << message_; 129 } 130 131 // Tests that an extension can't gain access to file: URLs without the checkbox 132 // entry in prefs. There shouldn't be a warning either. 133 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, OptionalPermissionsFileAccess) { 134 // There shouldn't be a warning, so we shouldn't need to autoconfirm. 135 PermissionsRequestFunction::SetAutoConfirmForTests(false); 136 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); 137 138 ExtensionPrefs* prefs = ExtensionPrefs::Get(browser()->profile()); 139 140 EXPECT_TRUE( 141 RunExtensionTestNoFileAccess("permissions/file_access_no")) << message_; 142 EXPECT_FALSE(prefs->AllowFileAccess("dgloelfbnddbdacakahpogklfdcccbib")); 143 144 EXPECT_TRUE(RunExtensionTest("permissions/file_access_yes")) << message_; 145 // TODO(kalman): ugh, it would be nice to test this condition, but it seems 146 // like there's somehow a race here where the prefs aren't updated in time 147 // with the "allow file access" bit, so we'll just have to trust that 148 // RunExtensionTest (unlike RunExtensionTestNoFileAccess) does indeed 149 // not set the allow file access bit. Otherwise this test doesn't mean 150 // a whole lot (i.e. file access works - but it'd better not be the case 151 // that the extension actually has file access, since that'd be the bug 152 // that this is supposed to be testing). 153 //EXPECT_TRUE(prefs->AllowFileAccess("hlonmbgfjccgolnaboonlakjckinmhmd")); 154 } 155 156 // Test requesting, querying, and removing host permissions for host 157 // permissions that are a subset of the optional permissions. 158 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, HostSubsets) { 159 PermissionsRequestFunction::SetAutoConfirmForTests(true); 160 PermissionsRequestFunction::SetIgnoreUserGestureForTests(true); 161 EXPECT_TRUE(RunExtensionTest("permissions/host_subsets")) << message_; 162 } 163 164 } // namespace extensions 165