blob: cff21e226ca41c7e0449eff38931f118f2583fc7 [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "google_apis/gaia/gaia_auth_util.h"
#include "base/base64url.h"
#include "base/optional.h"
#include "google_apis/gaia/oauth2_mint_token_consent_result.pb.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
namespace gaia {
namespace {
const char kGaiaId[] = "fake_gaia_id";
std::string GenerateOAuth2MintTokenConsentResult(
base::Optional<bool> approved,
const base::Optional<std::string>& encrypted_approval_data,
const base::Optional<std::string>& obfuscated_id,
base::Base64UrlEncodePolicy encode_policy =
base::Base64UrlEncodePolicy::OMIT_PADDING) {
OAuth2MintTokenConsentResult consent_result;
if (approved.has_value())
consent_result.set_approved(approved.value());
if (encrypted_approval_data.has_value())
consent_result.set_encrypted_approval_data(encrypted_approval_data.value());
if (obfuscated_id.has_value())
consent_result.set_obfuscated_id(obfuscated_id.value());
std::string serialized_consent = consent_result.SerializeAsString();
std::string encoded_consent;
base::Base64UrlEncode(serialized_consent, encode_policy, &encoded_consent);
return encoded_consent;
}
} // namespace
TEST(GaiaAuthUtilTest, EmailAddressNoOp) {
const char lower_case[] = "user@what.com";
EXPECT_EQ(lower_case, CanonicalizeEmail(lower_case));
}
TEST(GaiaAuthUtilTest, InvalidEmailAddress) {
const char invalid_email1[] = "user";
const char invalid_email2[] = "user@@what.com";
EXPECT_EQ(invalid_email1, CanonicalizeEmail(invalid_email1));
EXPECT_EQ(invalid_email2, CanonicalizeEmail(invalid_email2));
EXPECT_EQ("user", CanonicalizeEmail("USER"));
}
TEST(GaiaAuthUtilTest, EmailAddressIgnoreCaps) {
EXPECT_EQ(CanonicalizeEmail("user@what.com"),
CanonicalizeEmail("UsEr@what.com"));
}
TEST(GaiaAuthUtilTest, EmailAddressIgnoreDomainCaps) {
EXPECT_EQ(CanonicalizeEmail("user@what.com"),
CanonicalizeEmail("UsEr@what.COM"));
}
TEST(GaiaAuthUtilTest, EmailAddressRejectOneUsernameDot) {
EXPECT_NE(CanonicalizeEmail("u.ser@what.com"),
CanonicalizeEmail("UsEr@what.com"));
}
TEST(GaiaAuthUtilTest, EmailAddressMatchWithOneUsernameDot) {
EXPECT_EQ(CanonicalizeEmail("u.ser@what.com"),
CanonicalizeEmail("U.sEr@what.com"));
}
TEST(GaiaAuthUtilTest, EmailAddressIgnoreOneUsernameDot) {
EXPECT_EQ(CanonicalizeEmail("us.er@gmail.com"),
CanonicalizeEmail("UsEr@gmail.com"));
}
TEST(GaiaAuthUtilTest, EmailAddressIgnoreOneUsernameDotAndIgnoreCaps) {
EXPECT_EQ(CanonicalizeEmail("user@gmail.com"),
CanonicalizeEmail("US.ER@GMAIL.COM"));
}
TEST(GaiaAuthUtilTest, EmailAddressIgnoreManyUsernameDots) {
EXPECT_EQ(CanonicalizeEmail("u.ser@gmail.com"),
CanonicalizeEmail("Us.E.r@gmail.com"));
}
TEST(GaiaAuthUtilTest, EmailAddressIgnoreConsecutiveUsernameDots) {
EXPECT_EQ(CanonicalizeEmail("use.r@gmail.com"),
CanonicalizeEmail("Us....E.r@gmail.com"));
}
TEST(GaiaAuthUtilTest, EmailAddressDifferentOnesRejected) {
EXPECT_NE(CanonicalizeEmail("who@what.com"),
CanonicalizeEmail("Us....E.r@what.com"));
}
TEST(GaiaAuthUtilTest, GooglemailNotCanonicalizedToGmail) {
const char googlemail[] = "user@googlemail.com";
EXPECT_EQ(googlemail, CanonicalizeEmail(googlemail));
}
TEST(GaiaAuthUtilTest, CanonicalizeDomain) {
const char domain[] = "example.com";
EXPECT_EQ(domain, CanonicalizeDomain("example.com"));
EXPECT_EQ(domain, CanonicalizeDomain("EXAMPLE.cOm"));
}
TEST(GaiaAuthUtilTest, ExtractDomainName) {
const char domain[] = "example.com";
EXPECT_EQ(domain, ExtractDomainName("who@example.com"));
EXPECT_EQ(domain, ExtractDomainName("who@EXAMPLE.cOm"));
}
TEST(GaiaAuthUtilTest, IsGoogleInternalAccountEmail) {
EXPECT_TRUE(IsGoogleInternalAccountEmail("hello@google.com"));
EXPECT_FALSE(IsGoogleInternalAccountEmail("internal@gmail.com"));
EXPECT_FALSE(IsGoogleInternalAccountEmail(" "));
}
TEST(GaiaAuthUtilTest, SanitizeMissingDomain) {
EXPECT_EQ("nodomain@gmail.com", SanitizeEmail("nodomain"));
}
TEST(GaiaAuthUtilTest, SanitizeExistingDomain) {
const char existing[] = "test@example.com";
EXPECT_EQ(existing, SanitizeEmail(existing));
}
TEST(GaiaAuthUtilTest, AreEmailsSame) {
EXPECT_TRUE(AreEmailsSame("foo", "foo"));
EXPECT_TRUE(AreEmailsSame("foo", "foo@gmail.com"));
EXPECT_TRUE(AreEmailsSame("foo@gmail.com", "Foo@Gmail.com"));
EXPECT_FALSE(AreEmailsSame("foo@gmail.com", "foo@othermail.com"));
EXPECT_FALSE(AreEmailsSame("user@gmail.com", "foo@gmail.com"));
}
TEST(GaiaAuthUtilTest, GmailAndGooglemailAreSame) {
EXPECT_TRUE(AreEmailsSame("foo@gmail.com", "foo@googlemail.com"));
EXPECT_FALSE(AreEmailsSame("bar@gmail.com", "foo@googlemail.com"));
}
TEST(GaiaAuthUtilTest, IsGaiaSignonRealm) {
// Only https versions of Gaia URLs should be considered valid.
EXPECT_TRUE(IsGaiaSignonRealm(GURL("https://accounts.google.com/")));
EXPECT_FALSE(IsGaiaSignonRealm(GURL("http://accounts.google.com/")));
// Other Google URLs are not valid.
EXPECT_FALSE(IsGaiaSignonRealm(GURL("https://www.google.com/")));
EXPECT_FALSE(IsGaiaSignonRealm(GURL("http://www.google.com/")));
EXPECT_FALSE(IsGaiaSignonRealm(GURL("https://google.com/")));
EXPECT_FALSE(IsGaiaSignonRealm(GURL("https://mail.google.com/")));
// Other https URLs are not valid.
EXPECT_FALSE(IsGaiaSignonRealm(GURL("https://www.example.com/")));
}
TEST(GaiaAuthUtilTest, ParseListAccountsData) {
std::vector<ListedAccount> accounts;
std::vector<ListedAccount> signed_out_accounts;
ASSERT_FALSE(ParseListAccountsData("", &accounts, &signed_out_accounts));
ASSERT_EQ(0u, accounts.size());
ASSERT_EQ(0u, signed_out_accounts.size());
ASSERT_FALSE(ParseListAccountsData("1", &accounts, &signed_out_accounts));
ASSERT_EQ(0u, accounts.size());
ASSERT_EQ(0u, signed_out_accounts.size());
ASSERT_FALSE(ParseListAccountsData("[]", &accounts, &signed_out_accounts));
ASSERT_EQ(0u, accounts.size());
ASSERT_EQ(0u, signed_out_accounts.size());
ASSERT_FALSE(ParseListAccountsData(
"[\"foo\", \"bar\"]", &accounts, &signed_out_accounts));
ASSERT_EQ(0u, accounts.size());
ASSERT_EQ(0u, signed_out_accounts.size());
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\", []]", &accounts, &signed_out_accounts));
ASSERT_EQ(0u, accounts.size());
ASSERT_EQ(0u, signed_out_accounts.size());
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\", [[\"bar\", 0, \"name\", 0, \"photo\", 0, 0, 0]]]",
&accounts,
&signed_out_accounts));
ASSERT_EQ(0u, accounts.size());
ASSERT_EQ(0u, signed_out_accounts.size());
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\", "
"[[\"bar\", 0, \"name\", \"u@g.c\", \"p\", 0, 0, 0, 0, 1, \"45\"]]]",
&accounts,
&signed_out_accounts));
ASSERT_EQ(1u, accounts.size());
ASSERT_EQ("u@g.c", accounts[0].email);
ASSERT_TRUE(accounts[0].valid);
ASSERT_EQ(0u, signed_out_accounts.size());
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\", "
"[[\"bar1\",0,\"name1\",\"u1@g.c\",\"photo1\",0,0,0,0,1,\"45\"], "
"[\"bar2\",0,\"name2\",\"u2@g.c\",\"photo2\",0,0,0,0,1,\"6\"]]]",
&accounts,
&signed_out_accounts));
ASSERT_EQ(2u, accounts.size());
ASSERT_EQ("u1@g.c", accounts[0].email);
ASSERT_TRUE(accounts[0].valid);
ASSERT_EQ("u2@g.c", accounts[1].email);
ASSERT_TRUE(accounts[1].valid);
ASSERT_EQ(0u, signed_out_accounts.size());
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\", "
"[[\"b1\", 0,\"name1\",\"U1@g.c\",\"photo1\",0,0,0,0,1,\"45\"], "
"[\"b2\",0,\"name2\",\"u.2@g.c\",\"photo2\",0,0,0,0,1,\"46\"]]]",
&accounts,
&signed_out_accounts));
ASSERT_EQ(2u, accounts.size());
ASSERT_EQ(CanonicalizeEmail("U1@g.c"), accounts[0].email);
ASSERT_TRUE(accounts[0].valid);
ASSERT_EQ(CanonicalizeEmail("u.2@g.c"), accounts[1].email);
ASSERT_TRUE(accounts[1].valid);
ASSERT_EQ(0u, signed_out_accounts.size());
}
TEST(GaiaAuthUtilTest, ParseListAccountsDataValidSession) {
std::vector<ListedAccount> accounts;
std::vector<ListedAccount> signed_out_accounts;
// Valid session is true means: return account.
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\", [[\"b\",0,\"n\",\"u@g.c\",\"photo\",0,0,0,0,1,\"45\"]]]",
&accounts,
&signed_out_accounts));
ASSERT_EQ(1u, accounts.size());
ASSERT_EQ("u@g.c", accounts[0].email);
ASSERT_TRUE(accounts[0].valid);
ASSERT_EQ(0u, signed_out_accounts.size());
// Valid session is false means: return account with valid bit false.
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\", [[\"b\",0,\"n\",\"u@g.c\",\"photo\",0,0,0,0,0,\"45\"]]]",
&accounts,
&signed_out_accounts));
ASSERT_EQ(1u, accounts.size());
ASSERT_FALSE(accounts[0].valid);
ASSERT_EQ(0u, signed_out_accounts.size());
}
TEST(GaiaAuthUtilTest, ParseListAccountsDataGaiaId) {
std::vector<ListedAccount> accounts;
std::vector<ListedAccount> signed_out_accounts;
// Missing gaia id means: do not return account.
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\", [[\"b\", 0, \"n\", \"u@g.c\", \"photo\", 0, 0, 0, 0, 1]]]",
&accounts,
&signed_out_accounts));
ASSERT_EQ(0u, accounts.size());
ASSERT_EQ(0u, signed_out_accounts.size());
// Valid gaia session means: return gaia session
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\", "
"[[\"b\",0,\"n\",\"u@g.c\",\"photo\",0,0,0,0,1,\"9863\"]]]",
&accounts,
&signed_out_accounts));
ASSERT_EQ(1u, accounts.size());
ASSERT_EQ("u@g.c", accounts[0].email);
ASSERT_TRUE(accounts[0].valid);
ASSERT_EQ("9863", accounts[0].gaia_id);
ASSERT_EQ(0u, signed_out_accounts.size());
}
TEST(GaiaAuthUtilTest, ParseListAccountsWithSignedOutAccounts) {
std::vector<ListedAccount> accounts;
std::vector<ListedAccount> signed_out_accounts;
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\","
"[[\"b\",0,\"n\",\"u@g.c\",\"photo\",0,0,0,0,1,\"45\"],"
"[\"c\",0,\"n\",\"u.2@g.c\",\"photo\",0,0,0,0,1,\"45\","
"null,null,null,1]]]",
&accounts,
&signed_out_accounts));
ASSERT_EQ(1u, accounts.size());
ASSERT_EQ("u@g.c", accounts[0].email);
ASSERT_FALSE(accounts[0].signed_out);
ASSERT_EQ(1u, signed_out_accounts.size());
ASSERT_EQ("u.2@g.c", signed_out_accounts[0].email);
ASSERT_TRUE(signed_out_accounts[0].signed_out);
}
TEST(GaiaAuthUtilTest, ParseListAccountsVerifiedAccounts) {
std::vector<ListedAccount> accounts;
std::vector<ListedAccount> signed_out_accounts;
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\","
"[[\"a\",0,\"n\",\"a@g.c\",\"photo\",0,0,0,0,1,\"45\"],"
"[\"b\",0,\"n\",\"b@g.c\",\"photo\",0,0,0,0,1,\"45\","
"null,null,null,null,0],"
"[\"c\",0,\"n\",\"c@g.c\",\"photo\",0,0,0,0,1,\"45\","
"null,null,null,null,1]]]",
&accounts, &signed_out_accounts));
ASSERT_EQ(3u, accounts.size());
ASSERT_EQ("a@g.c", accounts[0].email);
EXPECT_TRUE(accounts[0].verified); // Accounts are verified by default.
ASSERT_EQ("b@g.c", accounts[1].email);
EXPECT_FALSE(accounts[1].verified);
ASSERT_EQ("c@g.c", accounts[2].email);
EXPECT_TRUE(accounts[2].verified);
ASSERT_EQ(0u, signed_out_accounts.size());
}
TEST(GaiaAuthUtilTest, ParseListAccountsAcceptsNull) {
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\","
"[[\"b\",0,\"n\",\"u@g.c\",\"photo\",0,0,0,0,1,\"45\"],"
"[\"c\",0,\"n\",\"u.2@g.c\",\"photo\",0,0,0,0,1,\"45\","
"null,null,null,1]]]",
nullptr,
nullptr));
std::vector<ListedAccount> accounts;
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\","
"[[\"b\",0,\"n\",\"u@g.c\",\"photo\",0,0,0,0,1,\"45\"],"
"[\"c\",0,\"n\",\"u.2@g.c\",\"photo\",0,0,0,0,1,\"45\","
"null,null,null,1]]]",
&accounts,
nullptr));
ASSERT_EQ(1u, accounts.size());
ASSERT_EQ("u@g.c", accounts[0].email);
ASSERT_FALSE(accounts[0].signed_out);
std::vector<ListedAccount> signed_out_accounts;
ASSERT_TRUE(ParseListAccountsData(
"[\"foo\","
"[[\"b\",0,\"n\",\"u@g.c\",\"photo\",0,0,0,0,1,\"45\"],"
"[\"c\",0,\"n\",\"u.2@g.c\",\"photo\",0,0,0,0,1,\"45\","
"null,null,null,1]]]",
nullptr,
&signed_out_accounts));
ASSERT_EQ(1u, signed_out_accounts.size());
ASSERT_EQ("u.2@g.c", signed_out_accounts[0].email);
ASSERT_TRUE(signed_out_accounts[0].signed_out);
}
TEST(GaiaAuthUtilTest, ParseConsentResultApproved) {
const char kApprovedConsent[] = "CAESCUVOQ1JZUFRFRBoMZmFrZV9nYWlhX2lk";
EXPECT_EQ(kApprovedConsent,
GenerateOAuth2MintTokenConsentResult(true, "ENCRYPTED", kGaiaId));
bool approved = false;
std::string gaia_id;
ASSERT_TRUE(
ParseOAuth2MintTokenConsentResult(kApprovedConsent, &approved, &gaia_id));
EXPECT_TRUE(approved);
EXPECT_EQ(gaia_id, kGaiaId);
}
TEST(GaiaAuthUtilTest, ParseConsentResultApprovedEmptyData) {
const char kApprovedConsent[] = "CAEaDGZha2VfZ2FpYV9pZA";
EXPECT_EQ(kApprovedConsent,
GenerateOAuth2MintTokenConsentResult(true, base::nullopt, kGaiaId));
bool approved = false;
std::string gaia_id;
ASSERT_TRUE(
ParseOAuth2MintTokenConsentResult(kApprovedConsent, &approved, &gaia_id));
EXPECT_TRUE(approved);
EXPECT_EQ(gaia_id, kGaiaId);
}
TEST(GaiaAuthUtilTest, ParseConsentResultApprovedEmptyGaiaId) {
const char kApprovedConsent[] = "CAESCUVOQ1JZUFRFRA";
EXPECT_EQ(kApprovedConsent, GenerateOAuth2MintTokenConsentResult(
true, "ENCRYPTED", base::nullopt));
bool approved = false;
std::string gaia_id;
ASSERT_TRUE(
ParseOAuth2MintTokenConsentResult(kApprovedConsent, &approved, &gaia_id));
EXPECT_TRUE(approved);
EXPECT_TRUE(gaia_id.empty());
}
TEST(GaiaAuthUtilTest, ParseConsentResultNotApproved) {
const char kNoGrantConsent[] = "CAAaDGZha2VfZ2FpYV9pZA";
EXPECT_EQ(kNoGrantConsent, GenerateOAuth2MintTokenConsentResult(
false, base::nullopt, kGaiaId));
bool approved = false;
std::string gaia_id;
ASSERT_TRUE(
ParseOAuth2MintTokenConsentResult(kNoGrantConsent, &approved, &gaia_id));
EXPECT_FALSE(approved);
EXPECT_EQ(gaia_id, kGaiaId);
}
TEST(GaiaAuthUtilTest, ParseConsentResultEmpty) {
EXPECT_EQ("", GenerateOAuth2MintTokenConsentResult(
base::nullopt, base::nullopt, base::nullopt));
bool approved = false;
std::string gaia_id;
ASSERT_TRUE(ParseOAuth2MintTokenConsentResult("", &approved, &gaia_id));
// false is the default value for a bool in proto.
EXPECT_FALSE(approved);
// String is empty in proto by default.
EXPECT_TRUE(gaia_id.empty());
}
TEST(GaiaAuthUtilTest, ParseConsentResultBase64UrlDisallowedPadding) {
const char kApprovedConsentWithPadding[] = "CAE=";
EXPECT_EQ(kApprovedConsentWithPadding,
GenerateOAuth2MintTokenConsentResult(
true, base::nullopt, base::nullopt,
base::Base64UrlEncodePolicy::INCLUDE_PADDING));
bool approved = false;
std::string gaia_id;
EXPECT_FALSE(ParseOAuth2MintTokenConsentResult(kApprovedConsentWithPadding,
&approved, &gaia_id));
}
TEST(GaiaAuthUtilTest, ParseConsentResultInvalidBase64Url) {
const char kMalformedConsent[] =
"+/"; // '+' and '/' are disallowed in base64url alphabet.
bool approved = false;
std::string gaia_id;
EXPECT_FALSE(ParseOAuth2MintTokenConsentResult(kMalformedConsent, &approved,
&gaia_id));
}
TEST(GaiaAuthUtilTest, ParseConsentResultInvalidProto) {
const char kMalformedConsent[] =
"ab"; // Valid base64url string but invalid proto.
bool approved = false;
std::string gaia_id;
EXPECT_FALSE(ParseOAuth2MintTokenConsentResult(kMalformedConsent, &approved,
&gaia_id));
}
} // namespace gaia