1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/ui/ash/session_state_delegate_chromeos.h" 6 7 #include <string> 8 #include <vector> 9 10 #include "base/run_loop.h" 11 #include "chrome/browser/chromeos/login/users/fake_user_manager.h" 12 #include "chrome/browser/chromeos/login/users/multi_profile_user_controller.h" 13 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h" 14 #include "chrome/browser/chromeos/policy/policy_cert_service.h" 15 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" 16 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" 17 #include "chrome/browser/chromeos/profiles/profile_helper.h" 18 #include "chrome/common/pref_names.h" 19 #include "chrome/test/base/testing_browser_process.h" 20 #include "chrome/test/base/testing_profile_manager.h" 21 #include "components/user_manager/user_manager.h" 22 #include "content/public/test/test_browser_thread_bundle.h" 23 #include "net/cert/x509_certificate.h" 24 #include "testing/gtest/include/gtest/gtest.h" 25 26 namespace chromeos { 27 28 namespace { 29 30 const char* kUser = "user (at) test.com"; 31 32 // Weak ptr to PolicyCertVerifier - object is freed in test destructor once 33 // we've ensured the profile has been shut down. 34 policy::PolicyCertVerifier* g_policy_cert_verifier_for_factory = NULL; 35 36 KeyedService* CreateTestPolicyCertService(content::BrowserContext* context) { 37 return policy::PolicyCertService::CreateForTesting( 38 kUser, 39 g_policy_cert_verifier_for_factory, 40 user_manager::UserManager::Get()).release(); 41 } 42 43 } // namespace 44 45 class SessionStateDelegateChromeOSTest : public testing::Test { 46 protected: 47 SessionStateDelegateChromeOSTest() : user_manager_(NULL) { 48 } 49 50 virtual ~SessionStateDelegateChromeOSTest() { 51 } 52 53 virtual void SetUp() OVERRIDE { 54 // Initialize the UserManager singleton to a fresh FakeUserManager instance. 55 user_manager_ = new chromeos::FakeUserManager; 56 user_manager_enabler_.reset( 57 new chromeos::ScopedUserManagerEnabler(user_manager_)); 58 59 // Create our SessionStateDelegate to experiment with. 60 session_state_delegate_.reset(new SessionStateDelegateChromeos()); 61 testing::Test::SetUp(); 62 } 63 64 virtual void TearDown() OVERRIDE { 65 testing::Test::TearDown(); 66 session_state_delegate_.reset(); 67 user_manager_enabler_.reset(); 68 user_manager_ = NULL; 69 // Clear our cached pointer to the PolicyCertVerifier. 70 g_policy_cert_verifier_for_factory = NULL; 71 profile_manager_.reset(); 72 73 // We must ensure that the PolicyCertVerifier outlives the 74 // PolicyCertService so shutdown the profile here. Additionally, we need 75 // to run the message loop between freeing the PolicyCertService and 76 // freeing the PolicyCertVerifier (see 77 // PolicyCertService::OnTrustAnchorsChanged() which is called from 78 // PolicyCertService::Shutdown()). 79 base::RunLoop().RunUntilIdle(); 80 } 81 82 // Add and log in a user to the session. 83 void UserAddedToSession(std::string user) { 84 user_manager()->AddUser(user); 85 user_manager()->LoginUser(user); 86 } 87 88 // Get the active user. 89 const std::string& GetActiveUser() { 90 return user_manager::UserManager::Get()->GetActiveUser()->email(); 91 } 92 93 chromeos::FakeUserManager* user_manager() { return user_manager_; } 94 SessionStateDelegateChromeos* session_state_delegate() { 95 return session_state_delegate_.get(); 96 } 97 98 void InitForMultiProfile() { 99 profile_manager_.reset( 100 new TestingProfileManager(TestingBrowserProcess::GetGlobal())); 101 ASSERT_TRUE(profile_manager_->SetUp()); 102 103 const std::string user_email(kUser); 104 const user_manager::User* user = user_manager()->AddUser(user_email); 105 106 // Note that user profiles are created after user login in reality. 107 user_profile_ = profile_manager_->CreateTestingProfile(user_email); 108 user_profile_->set_profile_name(user_email); 109 chromeos::ProfileHelper::Get()->SetUserToProfileMappingForTesting( 110 user, user_profile_); 111 } 112 113 content::TestBrowserThreadBundle threads_; 114 scoped_ptr<policy::PolicyCertVerifier> cert_verifier_; 115 scoped_ptr<TestingProfileManager> profile_manager_; 116 TestingProfile* user_profile_; 117 118 private: 119 scoped_ptr<chromeos::ScopedUserManagerEnabler> user_manager_enabler_; 120 scoped_ptr<SessionStateDelegateChromeos> session_state_delegate_; 121 122 // Not owned. 123 chromeos::FakeUserManager* user_manager_; 124 125 DISALLOW_COPY_AND_ASSIGN(SessionStateDelegateChromeOSTest); 126 }; 127 128 // Make sure that cycling one user does not cause any harm. 129 TEST_F(SessionStateDelegateChromeOSTest, CyclingOneUser) { 130 UserAddedToSession("firstuser (at) test.com"); 131 132 EXPECT_EQ("firstuser (at) test.com", GetActiveUser()); 133 session_state_delegate()->CycleActiveUser( 134 ash::SessionStateDelegate::CYCLE_TO_NEXT_USER); 135 EXPECT_EQ("firstuser (at) test.com", GetActiveUser()); 136 session_state_delegate()->CycleActiveUser( 137 ash::SessionStateDelegate::CYCLE_TO_PREVIOUS_USER); 138 EXPECT_EQ("firstuser (at) test.com", GetActiveUser()); 139 } 140 141 // Cycle three users forwards and backwards to see that it works. 142 TEST_F(SessionStateDelegateChromeOSTest, CyclingThreeUsers) { 143 UserAddedToSession("firstuser (at) test.com"); 144 UserAddedToSession("seconduser (at) test.com"); 145 UserAddedToSession("thirduser (at) test.com"); 146 const ash::SessionStateDelegate::CycleUser forward = 147 ash::SessionStateDelegate::CYCLE_TO_NEXT_USER; 148 149 // Cycle forward. 150 EXPECT_EQ("firstuser (at) test.com", GetActiveUser()); 151 session_state_delegate()->CycleActiveUser(forward); 152 EXPECT_EQ("seconduser (at) test.com", GetActiveUser()); 153 session_state_delegate()->CycleActiveUser(forward); 154 EXPECT_EQ("thirduser (at) test.com", GetActiveUser()); 155 session_state_delegate()->CycleActiveUser(forward); 156 EXPECT_EQ("firstuser (at) test.com", GetActiveUser()); 157 158 // Cycle backwards. 159 const ash::SessionStateDelegate::CycleUser backward = 160 ash::SessionStateDelegate::CYCLE_TO_PREVIOUS_USER; 161 session_state_delegate()->CycleActiveUser(backward); 162 EXPECT_EQ("thirduser (at) test.com", GetActiveUser()); 163 session_state_delegate()->CycleActiveUser(backward); 164 EXPECT_EQ("seconduser (at) test.com", GetActiveUser()); 165 session_state_delegate()->CycleActiveUser(backward); 166 EXPECT_EQ("firstuser (at) test.com", GetActiveUser()); 167 } 168 169 // Make sure MultiProfile disabled by primary user policy. 170 TEST_F(SessionStateDelegateChromeOSTest, MultiProfileDisallowedByUserPolicy) { 171 InitForMultiProfile(); 172 EXPECT_TRUE( 173 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); 174 const std::string user_email(kUser); 175 user_manager()->LoginUser(user_email); 176 EXPECT_TRUE( 177 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); 178 179 user_profile_->GetPrefs()->SetString( 180 prefs::kMultiProfileUserBehavior, 181 chromeos::MultiProfileUserController::kBehaviorNotAllowed); 182 EXPECT_FALSE( 183 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); 184 } 185 186 // Make sure MultiProfile disabled by primary user policy certificates. 187 TEST_F(SessionStateDelegateChromeOSTest, 188 MultiProfileDisallowedByPolicyCertificates) { 189 InitForMultiProfile(); 190 const std::string user_email(kUser); 191 user_manager()->LoginUser(user_email); 192 EXPECT_TRUE( 193 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); 194 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(user_email); 195 EXPECT_FALSE( 196 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); 197 198 // Flush tasks posted to IO. 199 base::RunLoop().RunUntilIdle(); 200 } 201 202 // Make sure MultiProfile disabled by primary user certificates in memory. 203 TEST_F(SessionStateDelegateChromeOSTest, 204 MultiProfileDisallowedByPrimaryUserCertificatesInMemory) { 205 InitForMultiProfile(); 206 const std::string user_email(kUser); 207 user_manager()->LoginUser(user_email); 208 EXPECT_TRUE( 209 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); 210 cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure())); 211 g_policy_cert_verifier_for_factory = cert_verifier_.get(); 212 ASSERT_TRUE( 213 policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse( 214 user_profile_, CreateTestPolicyCertService)); 215 policy::PolicyCertService* service = 216 policy::PolicyCertServiceFactory::GetForProfile(user_profile_); 217 ASSERT_TRUE(service); 218 219 EXPECT_FALSE(service->has_policy_certificates()); 220 net::CertificateList certificates; 221 certificates.push_back(new net::X509Certificate( 222 "subject", "issuer", base::Time(), base::Time())); 223 service->OnTrustAnchorsChanged(certificates); 224 EXPECT_TRUE(service->has_policy_certificates()); 225 EXPECT_FALSE( 226 session_state_delegate()->IsMultiProfileAllowedByPrimaryUserPolicy()); 227 228 // Flush tasks posted to IO. 229 base::RunLoop().RunUntilIdle(); 230 } 231 232 // Make sure adding users to multiprofiles disabled by reaching maximum 233 // number of users in sessions. 234 TEST_F(SessionStateDelegateChromeOSTest, 235 AddUserToMultiprofileDisallowedByMaximumUsers) { 236 InitForMultiProfile(); 237 ash::SessionStateDelegate::AddUserError add_user_error; 238 239 EXPECT_TRUE( 240 session_state_delegate()->CanAddUserToMultiProfile(&add_user_error)); 241 const std::string user_email(kUser); 242 user_manager()->LoginUser(user_email); 243 while (session_state_delegate()->NumberOfLoggedInUsers() < 244 session_state_delegate()->GetMaximumNumberOfLoggedInUsers()) { 245 UserAddedToSession("bb (at) b.b"); 246 } 247 EXPECT_FALSE( 248 session_state_delegate()->CanAddUserToMultiProfile(&add_user_error)); 249 EXPECT_EQ(ash::SessionStateDelegate::ADD_USER_ERROR_MAXIMUM_USERS_REACHED, 250 add_user_error); 251 } 252 253 // Make sure adding users to multiprofiles disabled by logging in all possible 254 // users. 255 TEST_F(SessionStateDelegateChromeOSTest, 256 AddUserToMultiprofileDisallowedByAllUsersLogged) { 257 InitForMultiProfile(); 258 ash::SessionStateDelegate::AddUserError add_user_error; 259 260 EXPECT_TRUE( 261 session_state_delegate()->CanAddUserToMultiProfile(&add_user_error)); 262 const std::string user_email(kUser); 263 user_manager()->LoginUser(user_email); 264 UserAddedToSession("bb (at) b.b"); 265 EXPECT_FALSE( 266 session_state_delegate()->CanAddUserToMultiProfile(&add_user_error)); 267 EXPECT_EQ(ash::SessionStateDelegate::ADD_USER_ERROR_OUT_OF_USERS, 268 add_user_error); 269 } 270 271 // Make sure adding users to multiprofiles disabled by primary user policy. 272 TEST_F(SessionStateDelegateChromeOSTest, 273 AddUserToMultiprofileDisallowedByPrimaryUserPolicy) { 274 InitForMultiProfile(); 275 ash::SessionStateDelegate::AddUserError add_user_error; 276 277 EXPECT_TRUE( 278 session_state_delegate()->CanAddUserToMultiProfile(&add_user_error)); 279 const std::string user_email(kUser); 280 user_manager()->LoginUser(user_email); 281 user_profile_->GetPrefs()->SetString( 282 prefs::kMultiProfileUserBehavior, 283 chromeos::MultiProfileUserController::kBehaviorNotAllowed); 284 user_manager()->AddUser("bb (at) b.b"); 285 EXPECT_FALSE( 286 session_state_delegate()->CanAddUserToMultiProfile(&add_user_error)); 287 EXPECT_EQ(ash::SessionStateDelegate::ADD_USER_ERROR_NOT_ALLOWED_PRIMARY_USER, 288 add_user_error); 289 } 290 291 } // namespace chromeos 292