| // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include <stddef.h> |
| |
| #include <map> |
| #include <memory> |
| #include <set> |
| #include <string> |
| #include <utility> |
| #include <vector> |
| |
| #include "ash/constants/ash_paths.h" |
| #include "ash/constants/ash_switches.h" |
| #include "ash/public/cpp/login_screen_test_api.h" |
| #include "ash/shell.h" |
| #include "ash/system/session/logout_confirmation_controller.h" |
| #include "ash/system/session/logout_confirmation_dialog.h" |
| #include "base/bind.h" |
| #include "base/callback.h" |
| #include "base/callback_helpers.h" |
| #include "base/command_line.h" |
| #include "base/cxx17_backports.h" |
| #include "base/files/file_path.h" |
| #include "base/files/file_util.h" |
| #include "base/json/json_reader.h" |
| #include "base/json/json_writer.h" |
| #include "base/location.h" |
| #include "base/memory/ref_counted.h" |
| #include "base/path_service.h" |
| #include "base/run_loop.h" |
| #include "base/scoped_observation.h" |
| #include "base/sequenced_task_runner.h" |
| #include "base/single_thread_task_runner.h" |
| #include "base/strings/string_number_conversions.h" |
| #include "base/strings/string_util.h" |
| #include "base/strings/stringprintf.h" |
| #include "base/strings/utf_string_conversions.h" |
| #include "base/synchronization/lock.h" |
| #include "base/threading/thread_restrictions.h" |
| #include "base/threading/thread_task_runner_handle.h" |
| #include "base/values.h" |
| #include "chrome/browser/apps/app_service/app_launch_params.h" |
| #include "chrome/browser/apps/app_service/app_service_proxy.h" |
| #include "chrome/browser/apps/app_service/app_service_proxy_factory.h" |
| #include "chrome/browser/apps/app_service/launch_utils.h" |
| #include "chrome/browser/ash/login/existing_user_controller.h" |
| #include "chrome/browser/ash/login/screens/base_screen.h" |
| #include "chrome/browser/ash/login/screens/terms_of_service_screen.h" |
| #include "chrome/browser/ash/login/session/user_session_manager.h" |
| #include "chrome/browser/ash/login/session/user_session_manager_test_api.h" |
| #include "chrome/browser/ash/login/signin_specifics.h" |
| #include "chrome/browser/ash/login/test/js_checker.h" |
| #include "chrome/browser/ash/login/test/local_policy_test_server_mixin.h" |
| #include "chrome/browser/ash/login/test/oobe_base_test.h" |
| #include "chrome/browser/ash/login/test/oobe_screen_waiter.h" |
| #include "chrome/browser/ash/login/test/session_manager_state_waiter.h" |
| #include "chrome/browser/ash/login/test/test_predicate_waiter.h" |
| #include "chrome/browser/ash/login/test/webview_content_extractor.h" |
| #include "chrome/browser/ash/login/ui/login_display_host.h" |
| #include "chrome/browser/ash/login/ui/webui_login_view.h" |
| #include "chrome/browser/ash/login/users/avatar/user_image_manager.h" |
| #include "chrome/browser/ash/login/users/avatar/user_image_manager_impl.h" |
| #include "chrome/browser/ash/login/users/avatar/user_image_manager_test_util.h" |
| #include "chrome/browser/ash/login/users/chrome_user_manager.h" |
| #include "chrome/browser/ash/login/users/chrome_user_manager_impl.h" |
| #include "chrome/browser/ash/login/wizard_controller.h" |
| #include "chrome/browser/ash/policy/core/browser_policy_connector_chromeos.h" |
| #include "chrome/browser/ash/policy/core/device_local_account.h" |
| #include "chrome/browser/ash/policy/core/device_local_account_policy_service.h" |
| #include "chrome/browser/ash/policy/core/device_policy_cros_browser_test.h" |
| #include "chrome/browser/ash/policy/external_data/cloud_external_data_manager_base_test_util.h" |
| #include "chrome/browser/ash/policy/networking/device_network_configuration_updater.h" |
| #include "chrome/browser/ash/profiles/profile_helper.h" |
| #include "chrome/browser/ash/system/timezone_util.h" |
| #include "chrome/browser/browser_process.h" |
| #include "chrome/browser/browser_process_platform_part.h" |
| #include "chrome/browser/chrome_notification_types.h" |
| #include "chrome/browser/chromeos/extensions/device_local_account_external_policy_loader.h" |
| #include "chrome/browser/chromeos/extensions/external_cache.h" |
| #include "chrome/browser/extensions/crx_installer.h" |
| #include "chrome/browser/extensions/extension_service.h" |
| #include "chrome/browser/extensions/updater/chromeos_extension_cache_delegate.h" |
| #include "chrome/browser/extensions/updater/extension_cache_impl.h" |
| #include "chrome/browser/extensions/updater/local_extension_cache.h" |
| #include "chrome/browser/lifetime/application_lifetime.h" |
| #include "chrome/browser/net/profile_network_context_service.h" |
| #include "chrome/browser/net/profile_network_context_service_test_utils.h" |
| #include "chrome/browser/policy/profile_policy_connector.h" |
| #include "chrome/browser/prefs/session_startup_pref.h" |
| #include "chrome/browser/profiles/profile.h" |
| #include "chrome/browser/profiles/profile_manager.h" |
| #include "chrome/browser/profiles/profile_manager_observer.h" |
| #include "chrome/browser/signin/identity_manager_factory.h" |
| #include "chrome/browser/ui/browser.h" |
| #include "chrome/browser/ui/browser_commands.h" |
| #include "chrome/browser/ui/browser_finder.h" |
| #include "chrome/browser/ui/browser_list.h" |
| #include "chrome/browser/ui/browser_list_observer.h" |
| #include "chrome/browser/ui/browser_window.h" |
| #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| #include "chrome/browser/ui/webui/chromeos/login/gaia_screen_handler.h" |
| #include "chrome/browser/ui/webui/chromeos/login/oobe_ui.h" |
| #include "chrome/browser/ui/webui/chromeos/login/signin_screen_handler.h" |
| #include "chrome/browser/ui/webui/chromeos/login/terms_of_service_screen_handler.h" |
| #include "chrome/browser/web_applications/web_app_provider.h" |
| #include "chrome/common/chrome_paths.h" |
| #include "chrome/common/extensions/extension_constants.h" |
| #include "chrome/common/pref_names.h" |
| #include "chrome/grit/chromium_strings.h" |
| #include "chrome/grit/generated_resources.h" |
| #include "chromeos/dbus/session_manager/fake_session_manager_client.h" |
| #include "chromeos/login/auth/mock_auth_status_consumer.h" |
| #include "chromeos/login/auth/user_context.h" |
| #include "chromeos/network/policy_certificate_provider.h" |
| #include "chromeos/settings/timezone_settings.h" |
| #include "components/crx_file/crx_verifier.h" |
| #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
| #include "components/policy/core/common/cloud/cloud_policy_core.h" |
| #include "components/policy/core/common/cloud/cloud_policy_store.h" |
| #include "components/policy/core/common/cloud/test/policy_builder.h" |
| #include "components/policy/core/common/external_data_fetcher.h" |
| #include "components/policy/core/common/policy_map.h" |
| #include "components/policy/core/common/policy_namespace.h" |
| #include "components/policy/core/common/policy_service.h" |
| #include "components/policy/core/common/policy_switches.h" |
| #include "components/policy/policy_constants.h" |
| #include "components/policy/proto/chrome_device_policy.pb.h" |
| #include "components/prefs/pref_change_registrar.h" |
| #include "components/prefs/pref_service.h" |
| #include "components/session_manager/core/session_manager.h" |
| #include "components/signin/public/identity_manager/identity_manager.h" |
| #include "components/user_manager/user.h" |
| #include "components/user_manager/user_manager.h" |
| #include "components/user_manager/user_type.h" |
| #include "content/public/browser/notification_details.h" |
| #include "content/public/browser/notification_service.h" |
| #include "content/public/browser/notification_source.h" |
| #include "content/public/browser/web_contents.h" |
| #include "content/public/browser/web_ui.h" |
| #include "content/public/test/browser_test.h" |
| #include "content/public/test/browser_test_utils.h" |
| #include "content/public/test/test_utils.h" |
| #include "crypto/rsa_private_key.h" |
| #include "extensions/browser/app_window/app_window.h" |
| #include "extensions/browser/app_window/app_window_registry.h" |
| #include "extensions/browser/app_window/native_app_window.h" |
| #include "extensions/browser/extension_registry.h" |
| #include "extensions/browser/extension_system.h" |
| #include "extensions/browser/install/crx_install_error.h" |
| #include "extensions/browser/management_policy.h" |
| #include "extensions/browser/notification_types.h" |
| #include "extensions/browser/sandboxed_unpacker.h" |
| #include "extensions/browser/test_extension_registry_observer.h" |
| #include "extensions/common/constants.h" |
| #include "extensions/common/extension.h" |
| #include "extensions/common/extension_builder.h" |
| #include "net/base/url_util.h" |
| #include "net/http/http_status_code.h" |
| #include "net/test/embedded_test_server/embedded_test_server.h" |
| #include "net/test/embedded_test_server/http_request.h" |
| #include "net/test/embedded_test_server/http_response.h" |
| #include "testing/gmock/include/gmock/gmock.h" |
| #include "third_party/icu/source/common/unicode/locid.h" |
| #include "ui/base/ime/chromeos/extension_ime_util.h" |
| #include "ui/base/ime/chromeos/input_method_descriptor.h" |
| #include "ui/base/ime/chromeos/input_method_manager.h" |
| #include "ui/base/ime/chromeos/input_method_util.h" |
| #include "ui/base/l10n/l10n_util.h" |
| #include "ui/base/window_open_disposition.h" |
| #include "ui/display/display.h" |
| #include "ui/display/screen.h" |
| #include "ui/gfx/image/image_skia.h" |
| #include "ui/views/widget/widget.h" |
| #include "url/gurl.h" |
| |
| namespace em = enterprise_management; |
| |
| using chromeos::test::GetOobeElementPath; |
| using testing::_; |
| using testing::InvokeWithoutArgs; |
| using testing::Return; |
| |
| namespace policy { |
| |
| namespace { |
| |
| const char16_t kDomain[] = u"example.com"; |
| const char kAccountId1[] = "dla1@example.com"; |
| const char kAccountId2[] = "dla2@example.com"; |
| const char kDisplayName1[] = "display name 1"; |
| const char kDisplayName2[] = "display name 2"; |
| const char* const kStartupURLs[] = { |
| "chrome://policy", |
| "chrome://about", |
| }; |
| const char kExistentTermsOfServicePath[] = "chromeos/enterprise/tos.txt"; |
| const char kNonexistentTermsOfServicePath[] = "chromeos/enterprise/tos404.txt"; |
| const char kRelativeUpdateURL[] = "/service/update2/crx"; |
| const char kUpdateManifestHeader[] = |
| "<?xml version='1.0' encoding='UTF-8'?>\n" |
| "<gupdate xmlns='http://www.google.com/update2/response' protocol='2.0'>\n"; |
| const char kUpdateManifestTemplate[] = |
| " <app appid='%s'>\n" |
| " <updatecheck codebase='%s' version='%s' />\n" |
| " </app>\n"; |
| const char kUpdateManifestFooter[] = "</gupdate>\n"; |
| const char kHostedAppID[] = "kbmnembihfiondgfjekmnmcbddelicoi"; |
| const char kHostedAppCRXPath[] = "extensions/hosted_app.crx"; |
| const char kHostedAppVersion[] = "1.0.0.0"; |
| const char kGoodExtensionID[] = "ldnnhddmnhbkjipkidpdiheffobcpfmf"; |
| const char16_t kGoodExtensionID16[] = u"ldnnhddmnhbkjipkidpdiheffobcpfmf"; |
| const char kGoodExtensionCRXPath[] = "extensions/good.crx"; |
| const char kGoodExtensionVersion[] = "1.0"; |
| const char kPackagedAppCRXPath[] = "extensions/platform_apps/app_window_2.crx"; |
| const char kShowManagedStorageID[] = "ongnjlefhnoajpbodoldndkbkdgfomlp"; |
| const char kShowManagedStorageCRXPath[] = "extensions/show_managed_storage.crx"; |
| const char kShowManagedStorageVersion[] = "1.0"; |
| |
| const char kExternalData[] = "External data"; |
| const char kExternalDataPath[] = "/external"; |
| |
| const char* const kSingleRecommendedLocale[] = { |
| "el", |
| }; |
| const char* const kRecommendedLocales1[] = { |
| "pl", |
| "et", |
| "en-US", |
| }; |
| const char* const kRecommendedLocales2[] = { |
| "fr", |
| "nl", |
| }; |
| const char* const kInvalidRecommendedLocale[] = { |
| "xx", |
| }; |
| const char kPublicSessionLocale[] = "de"; |
| const char kPublicSessionInputMethodIDTemplate[] = "_comp_ime_%sxkb:de:neo:ger"; |
| |
| const char kFakeOncWithCertificate[] = |
| "{\"Certificates\":[" |
| "{\"Type\":\"Authority\"," |
| "\"TrustBits\":[\"Web\"]," |
| "\"X509\":\"-----BEGIN CERTIFICATE-----\n" |
| "MIICVTCCAb6gAwIBAgIJAK8kOY/OQDsKMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV\n" |
| "BAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn\n" |
| "aXRzIFB0eSBMdGQwHhcNMTgxMjI3MTIyNjI0WhcNMTkxMjI3MTIyNjI0WjBCMQsw\n" |
| "CQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEhMB8GA1UECgwYSW50ZXJuZXQg\n" |
| "V2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbFncT\n" |
| "Q8slhRgLg7sK9DhkYZaNiD1jVbdGvuXahex3uQl+2bACyQ7Peq/MkpFLy4M75nj3\n" |
| "WrydAycw1KCDPENPz2jmdHwGl5+6P7bob0Rqe+4i/9XwGdl8EPH5GFZbaz8aSYiL\n" |
| "/aaVvOm+8IYrhbp44s3cOLriPaQDbWtZMZKCiwIDAQABo1MwUTAdBgNVHQ4EFgQU\n" |
| "26bvyiqj3uQynNcZru72m3Uv3eswHwYDVR0jBBgwFoAU26bvyiqj3uQynNcZru72\n" |
| "m3Uv3eswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQCHKz8NJg6f\n" |
| "qwkFmG+tOsfyn3JHj3NfkMGJugSV6Yf7LYJXHpc4kWmfGuseTtHt57PG/BzCjLs1\n" |
| "qTF8svVecDj5Qku/SbGQCf2Vg/tLnq8XidbMmp26nUXrLzNQnTm0MJYEk6PJRiod\n" |
| "BIrpuq5z+9r//9f27iXidR94qFbbvServw==\n" |
| "-----END CERTIFICATE-----\"," |
| "\"GUID\":\"{00f79111-51e0-e6e0-76b3b55450d80a1b}\"}" |
| "]}"; |
| |
| bool IsLogoutConfirmationDialogShowing() { |
| return !!ash::Shell::Get() |
| ->logout_confirmation_controller() |
| ->dialog_for_testing(); |
| } |
| |
| void CloseLogoutConfirmationDialog() { |
| // TODO(mash): Add mojo test API for this. |
| ash::LogoutConfirmationDialog* dialog = |
| ash::Shell::Get()->logout_confirmation_controller()->dialog_for_testing(); |
| ASSERT_TRUE(dialog); |
| dialog->GetWidget()->Close(); |
| base::RunLoop().RunUntilIdle(); |
| } |
| |
| // Helper that serves extension update manifests to Chrome. |
| class TestingUpdateManifestProvider |
| : public base::RefCountedThreadSafe<TestingUpdateManifestProvider> { |
| public: |
| // Update manifests will be served at |relative_update_url|. |
| explicit TestingUpdateManifestProvider( |
| const std::string& relative_update_url); |
| |
| // When an update manifest is requested for the given extension |id|, indicate |
| // that |version| of the extension can be downloaded at |crx_url|. |
| void AddUpdate(const std::string& id, |
| const std::string& version, |
| const GURL& crx_url); |
| |
| // This method must be registered with the test's EmbeddedTestServer to start |
| // serving update manifests. |
| std::unique_ptr<net::test_server::HttpResponse> HandleRequest( |
| const net::test_server::HttpRequest& request); |
| |
| private: |
| struct Update { |
| public: |
| Update(const std::string& version, const GURL& crx_url); |
| Update(); |
| |
| std::string version; |
| GURL crx_url; |
| }; |
| typedef std::map<std::string, Update> UpdateMap; |
| |
| ~TestingUpdateManifestProvider(); |
| friend class RefCountedThreadSafe<TestingUpdateManifestProvider>; |
| |
| // Protects other members against concurrent access from main thread and |
| // test server io thread. |
| base::Lock lock_; |
| |
| std::string relative_update_url_; |
| UpdateMap updates_; |
| |
| DISALLOW_COPY_AND_ASSIGN(TestingUpdateManifestProvider); |
| }; |
| |
| TestingUpdateManifestProvider::Update::Update(const std::string& version, |
| const GURL& crx_url) |
| : version(version), crx_url(crx_url) {} |
| |
| TestingUpdateManifestProvider::Update::Update() {} |
| |
| TestingUpdateManifestProvider::TestingUpdateManifestProvider( |
| const std::string& relative_update_url) |
| : relative_update_url_(relative_update_url) {} |
| |
| void TestingUpdateManifestProvider::AddUpdate(const std::string& id, |
| const std::string& version, |
| const GURL& crx_url) { |
| base::AutoLock auto_lock(lock_); |
| updates_[id] = Update(version, crx_url); |
| } |
| |
| std::unique_ptr<net::test_server::HttpResponse> |
| TestingUpdateManifestProvider::HandleRequest( |
| const net::test_server::HttpRequest& request) { |
| base::AutoLock auto_lock(lock_); |
| const GURL url("http://localhost" + request.relative_url); |
| if (url.path() != relative_update_url_) |
| return nullptr; |
| |
| std::string content = kUpdateManifestHeader; |
| for (net::QueryIterator it(url); !it.IsAtEnd(); it.Advance()) { |
| if (it.GetKey() != "x") |
| continue; |
| // Extract the extension id from the subquery. Since GetValueForKeyInQuery() |
| // expects a complete URL, dummy scheme and host must be prepended. |
| std::string id; |
| net::GetValueForKeyInQuery(GURL("http://dummy?" + it.GetUnescapedValue()), |
| "id", &id); |
| UpdateMap::const_iterator entry = updates_.find(id); |
| if (entry != updates_.end()) { |
| content += base::StringPrintf(kUpdateManifestTemplate, id.c_str(), |
| entry->second.crx_url.spec().c_str(), |
| entry->second.version.c_str()); |
| } |
| } |
| content += kUpdateManifestFooter; |
| std::unique_ptr<net::test_server::BasicHttpResponse> http_response( |
| new net::test_server::BasicHttpResponse); |
| http_response->set_code(net::HTTP_OK); |
| http_response->set_content(content); |
| http_response->set_content_type("text/xml"); |
| return std::move(http_response); |
| } |
| |
| TestingUpdateManifestProvider::~TestingUpdateManifestProvider() {} |
| |
| bool DoesInstallFailureReferToId(const std::u16string& id, |
| const content::NotificationSource& source, |
| const content::NotificationDetails& details) { |
| return content::Details<const extensions::CrxInstallError>(details) |
| ->message() |
| .find(id) != std::u16string::npos; |
| } |
| |
| bool IsSessionStarted() { |
| return session_manager::SessionManager::Get()->IsSessionStarted(); |
| } |
| |
| void PolicyChangedCallback(base::OnceClosure callback, |
| const base::Value* old_value, |
| const base::Value* new_value) { |
| std::move(callback).Run(); |
| } |
| |
| } // namespace |
| |
| class DeviceLocalAccountTest : public DevicePolicyCrosBrowserTest, |
| public user_manager::UserManager::Observer, |
| public BrowserListObserver, |
| public extensions::AppWindowRegistry::Observer { |
| protected: |
| DeviceLocalAccountTest() |
| : public_session_input_method_id_( |
| base::StringPrintf(kPublicSessionInputMethodIDTemplate, |
| chromeos::extension_ime_util::kXkbExtensionId)), |
| contents_(NULL), |
| verifier_format_override_(crx_file::VerifierFormat::CRX3) { |
| set_exit_when_last_browser_closes(false); |
| } |
| |
| ~DeviceLocalAccountTest() override {} |
| |
| void SetUp() override { |
| BrowserList::AddObserver(this); |
| |
| DevicePolicyCrosBrowserTest::SetUp(); |
| } |
| |
| void SetUpCommandLine(base::CommandLine* command_line) override { |
| DevicePolicyCrosBrowserTest::SetUpCommandLine(command_line); |
| command_line->AppendSwitch(chromeos::switches::kLoginManager); |
| command_line->AppendSwitch(chromeos::switches::kForceLoginManagerInTests); |
| command_line->AppendSwitchASCII(chromeos::switches::kLoginProfile, "user"); |
| } |
| |
| void SetUpInProcessBrowserTestFixture() override { |
| DevicePolicyCrosBrowserTest::SetUpInProcessBrowserTestFixture(); |
| |
| // Clear command-line arguments (but keep command-line switches) so the |
| // startup pages policy takes effect. |
| base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); |
| base::CommandLine::StringVector argv(command_line->argv()); |
| argv.erase(argv.begin() + argv.size() - command_line->GetArgs().size(), |
| argv.end()); |
| command_line->InitFromArgv(argv); |
| |
| InitializePolicy(); |
| } |
| |
| void SetUpOnMainThread() override { |
| DevicePolicyCrosBrowserTest::SetUpOnMainThread(); |
| |
| initial_locale_ = g_browser_process->GetApplicationLocale(); |
| initial_language_ = l10n_util::GetLanguage(initial_locale_); |
| |
| content::WindowedNotificationObserver( |
| chrome::NOTIFICATION_LOGIN_OR_LOCK_WEBUI_VISIBLE, |
| content::NotificationService::AllSources()) |
| .Wait(); |
| |
| auto* host = ash::LoginDisplayHost::default_host(); |
| contents_ = host->GetOobeWebContents(); |
| ASSERT_TRUE(contents_); |
| |
| // Wait for the login UI to be ready. |
| chromeos::OobeUI* oobe_ui = host->GetOobeUI(); |
| ASSERT_TRUE(oobe_ui); |
| base::RunLoop run_loop; |
| const bool oobe_ui_ready = oobe_ui->IsJSReady(run_loop.QuitClosure()); |
| if (!oobe_ui_ready) |
| run_loop.Run(); |
| |
| // Skip to the login screen. |
| chromeos::OobeScreenWaiter(chromeos::OobeBaseTest::GetFirstSigninScreen()) |
| .Wait(); |
| |
| ash::test::UserSessionManagerTestApi session_manager_test_api( |
| ash::UserSessionManager::GetInstance()); |
| session_manager_test_api.SetShouldObtainTokenHandleInTests(false); |
| } |
| |
| void TearDownOnMainThread() override { |
| BrowserList::RemoveObserver(this); |
| DevicePolicyCrosBrowserTest::TearDownOnMainThread(); |
| } |
| |
| // user_manager::UserManager::Observer: |
| void LocalStateChanged(user_manager::UserManager* user_manager) override { |
| if (local_state_changed_run_loop_) |
| local_state_changed_run_loop_->Quit(); |
| } |
| |
| // BrowserListObserver: |
| void OnBrowserRemoved(Browser* browser) override { |
| if (run_loop_) |
| run_loop_->Quit(); |
| } |
| |
| // extensions::AppWindowRegistry::Observer: |
| void OnAppWindowAdded(extensions::AppWindow* app_window) override { |
| if (run_loop_) |
| run_loop_->Quit(); |
| } |
| |
| void OnAppWindowRemoved(extensions::AppWindow* app_window) override { |
| if (run_loop_) |
| run_loop_->Quit(); |
| } |
| |
| void InitializePolicy() { |
| device_policy()->policy_data().set_public_key_version(1); |
| DeviceLocalAccountTestHelper::SetupDeviceLocalAccount( |
| &device_local_account_policy_, kAccountId1, kDisplayName1); |
| // Don't enable new managed sessions, use old public sessions. |
| SetManagedSessionsEnabled(/* managed_sessions_enabled */ false); |
| } |
| |
| void BuildDeviceLocalAccountPolicy() { |
| device_local_account_policy_.SetDefaultSigningKey(); |
| device_local_account_policy_.Build(); |
| } |
| |
| void UploadDeviceLocalAccountPolicy() { |
| BuildDeviceLocalAccountPolicy(); |
| ASSERT_TRUE(local_policy_mixin_.server()->UpdatePolicy( |
| dm_protocol::kChromePublicAccountPolicyType, kAccountId1, |
| device_local_account_policy_.payload().SerializeAsString())); |
| } |
| |
| void UploadAndInstallDeviceLocalAccountPolicy() { |
| UploadDeviceLocalAccountPolicy(); |
| session_manager_client()->set_device_local_account_policy( |
| kAccountId1, device_local_account_policy_.GetBlob()); |
| } |
| |
| void SetRecommendedLocales(const char* const recommended_locales[], |
| size_t array_size) { |
| em::StringListPolicyProto* session_locales_proto = |
| device_local_account_policy_.payload().mutable_sessionlocales(); |
| session_locales_proto->mutable_policy_options()->set_mode( |
| em::PolicyOptions_PolicyMode_RECOMMENDED); |
| session_locales_proto->mutable_value()->Clear(); |
| for (size_t i = 0; i < array_size; ++i) { |
| session_locales_proto->mutable_value()->add_entries( |
| recommended_locales[i]); |
| } |
| } |
| |
| void WaitForPublicSessionLocalesChange(const AccountId& account_id) { |
| std::vector<ash::LocaleItem> locales = |
| ash::LoginScreenTestApi::GetPublicSessionLocales(account_id); |
| chromeos::test::TestPredicateWaiter( |
| base::BindRepeating( |
| [](const std::vector<ash::LocaleItem>& locales, |
| const AccountId& account_id) { |
| return locales != |
| ash::LoginScreenTestApi::GetPublicSessionLocales( |
| account_id); |
| }, |
| locales, account_id)) |
| .Wait(); |
| } |
| |
| void AddPublicSessionToDevicePolicy(const std::string& username) { |
| em::ChromeDeviceSettingsProto& proto(device_policy()->payload()); |
| DeviceLocalAccountTestHelper::AddPublicSession(&proto, username); |
| RefreshDevicePolicy(); |
| ASSERT_TRUE(local_policy_mixin_.UpdateDevicePolicy(proto)); |
| } |
| |
| void SetManagedSessionsEnabled(bool managed_sessions_enabled) { |
| device_local_account_policy_.payload() |
| .mutable_devicelocalaccountmanagedsessionenabled() |
| ->set_value(managed_sessions_enabled); |
| UploadDeviceLocalAccountPolicy(); |
| } |
| |
| void EnableAutoLogin() { |
| em::ChromeDeviceSettingsProto& proto(device_policy()->payload()); |
| em::DeviceLocalAccountsProto* device_local_accounts = |
| proto.mutable_device_local_accounts(); |
| device_local_accounts->set_auto_login_id(kAccountId1); |
| device_local_accounts->set_auto_login_delay(0); |
| RefreshDevicePolicy(); |
| ASSERT_TRUE(local_policy_mixin_.UpdateDevicePolicy(proto)); |
| } |
| |
| void CheckPublicSessionPresent(const AccountId& account_id) { |
| const user_manager::User* user = |
| user_manager::UserManager::Get()->FindUser(account_id); |
| ASSERT_TRUE(user) << " account " << account_id.GetUserEmail() |
| << " not found"; |
| EXPECT_EQ(account_id, user->GetAccountId()); |
| EXPECT_EQ(user_manager::USER_TYPE_PUBLIC_ACCOUNT, user->GetType()); |
| } |
| |
| void SetSystemTimezoneAutomaticDetectionPolicy( |
| em::SystemTimezoneProto_AutomaticTimezoneDetectionType policy) { |
| em::ChromeDeviceSettingsProto& proto(device_policy()->payload()); |
| proto.mutable_system_timezone()->set_timezone_detection_type(policy); |
| RefreshDevicePolicy(); |
| |
| LocalStateValueWaiter(prefs::kSystemTimezoneAutomaticDetectionPolicy, |
| base::Value(policy)) |
| .Wait(); |
| ASSERT_TRUE(local_policy_mixin_.UpdateDevicePolicy(proto)); |
| } |
| |
| base::FilePath GetExtensionCacheDirectoryForAccountID( |
| const std::string& account_id) { |
| base::FilePath extension_cache_root_dir; |
| if (!base::PathService::Get(chromeos::DIR_DEVICE_LOCAL_ACCOUNT_EXTENSIONS, |
| &extension_cache_root_dir)) { |
| ADD_FAILURE(); |
| } |
| return extension_cache_root_dir.Append( |
| base::HexEncode(account_id.c_str(), account_id.size())); |
| } |
| |
| base::FilePath GetCacheCRXFilePath(const std::string& id, |
| const std::string& version, |
| const base::FilePath& path) { |
| return path.Append( |
| extensions::LocalExtensionCache::ExtensionFileName(id, version, "")); |
| } |
| |
| base::FilePath GetCacheCRXFile(const std::string& account_id, |
| const std::string& id, |
| const std::string& version) { |
| return GetCacheCRXFilePath( |
| id, version, GetExtensionCacheDirectoryForAccountID(account_id)); |
| } |
| |
| // Returns a profile which can be used for testing. |
| Profile* GetProfileForTest() { |
| // Any profile can be used here since this test does not test multi profile. |
| return ProfileManager::GetActiveUserProfile(); |
| } |
| |
| void WaitForDisplayName(const std::string& user_id, |
| const std::string& expected_display_name) { |
| DictionaryLocalStateValueWaiter("UserDisplayName", expected_display_name, |
| user_id) |
| .Wait(); |
| } |
| |
| void WaitForPolicy() { |
| // Wait for the display name becoming available as that indicates |
| // device-local account policy is fully loaded, which is a prerequisite for |
| // successful login. |
| WaitForDisplayName(account_id_1_.GetUserEmail(), kDisplayName1); |
| } |
| |
| void ExpandPublicSessionPod(bool expect_advanced) { |
| ASSERT_TRUE(ash::LoginScreenTestApi::ExpandPublicSessionPod(account_id_1_)); |
| ASSERT_EQ(ash::LoginScreenTestApi::IsExpandedPublicSessionAdvanced(), |
| expect_advanced); |
| // Verify that the construction of the pod's language list did not affect |
| // the current ICU locale. |
| EXPECT_EQ(initial_language_, icu::Locale::getDefault().getLanguage()); |
| } |
| |
| // GetKeyboardLayoutsForLocale() posts a task to a background task runner and |
| // handles the response on the main thread. This method flushes both the |
| // thread pool backing the background task runner and the main thread. |
| void WaitForGetKeyboardLayoutsForLocaleToFinish() { |
| content::RunAllTasksUntilIdle(); |
| |
| // Verify that the construction of the keyboard layout list did not affect |
| // the current ICU locale. |
| EXPECT_EQ(initial_language_, icu::Locale::getDefault().getLanguage()); |
| } |
| |
| void StartLogin(const std::string& locale, const std::string& input_method) { |
| // Start login into the device-local account. |
| auto* host = ash::LoginDisplayHost::default_host(); |
| ASSERT_TRUE(host); |
| host->StartSignInScreen(); |
| chromeos::ExistingUserController* controller = |
| chromeos::ExistingUserController::current_controller(); |
| ASSERT_TRUE(controller); |
| |
| chromeos::UserContext user_context(user_manager::USER_TYPE_PUBLIC_ACCOUNT, |
| account_id_1_); |
| user_context.SetPublicSessionLocale(locale); |
| user_context.SetPublicSessionInputMethod(input_method); |
| controller->Login(user_context, chromeos::SigninSpecifics()); |
| } |
| |
| void WaitForSessionStart() { |
| if (IsSessionStarted()) |
| return; |
| ash::WizardController::SkipPostLoginScreensForTesting(); |
| chromeos::test::WaitForPrimaryUserSessionStart(); |
| } |
| |
| void WaitUntilLocalStateChanged() { |
| local_state_changed_run_loop_ = std::make_unique<base::RunLoop>(); |
| user_manager::UserManager::Get()->AddObserver(this); |
| local_state_changed_run_loop_->Run(); |
| user_manager::UserManager::Get()->RemoveObserver(this); |
| } |
| |
| static std::string GetDefaultKeyboardIdFromLanguageCode( |
| const std::string& language_code) { |
| chromeos::input_method::InputMethodManager* input_method_manager = |
| chromeos::input_method::InputMethodManager::Get(); |
| std::vector<std::string> layouts_from_locale; |
| input_method_manager->GetInputMethodUtil() |
| ->GetInputMethodIdsFromLanguageCode( |
| language_code, chromeos::input_method::kKeyboardLayoutsOnly, |
| &layouts_from_locale); |
| EXPECT_FALSE(layouts_from_locale.empty()); |
| if (layouts_from_locale.empty()) |
| return std::string(); |
| return layouts_from_locale.front(); |
| } |
| void VerifyKeyboardLayoutMatchesLocale() { |
| chromeos::input_method::InputMethodManager* input_method_manager = |
| chromeos::input_method::InputMethodManager::Get(); |
| EXPECT_EQ(GetDefaultKeyboardIdFromLanguageCode( |
| g_browser_process->GetApplicationLocale()), |
| input_method_manager->GetActiveIMEState() |
| ->GetCurrentInputMethod() |
| .id()); |
| } |
| |
| void RunWithRecommendedLocale(const char* const locales[], |
| size_t locales_size) { |
| SetRecommendedLocales(locales, locales_size); |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| EnableAutoLogin(); |
| |
| WaitForPolicy(); |
| |
| WaitForSessionStart(); |
| |
| EXPECT_EQ(locales[0], g_browser_process->GetApplicationLocale()); |
| EXPECT_EQ(l10n_util::GetLanguage(locales[0]), |
| icu::Locale::getDefault().getLanguage()); |
| VerifyKeyboardLayoutMatchesLocale(); |
| } |
| |
| const AccountId account_id_1_ = |
| AccountId::FromUserEmail(GenerateDeviceLocalAccountUserId( |
| kAccountId1, |
| DeviceLocalAccount::TYPE_PUBLIC_SESSION)); |
| const AccountId account_id_2_ = |
| AccountId::FromUserEmail(GenerateDeviceLocalAccountUserId( |
| kAccountId2, |
| DeviceLocalAccount::TYPE_PUBLIC_SESSION)); |
| const std::string public_session_input_method_id_; |
| |
| std::string initial_locale_; |
| std::string initial_language_; |
| |
| std::unique_ptr<base::RunLoop> run_loop_; |
| |
| // Specifically exists to assist with waiting for a LocalStateChanged() |
| // invocation. |
| std::unique_ptr<base::RunLoop> local_state_changed_run_loop_; |
| |
| UserPolicyBuilder device_local_account_policy_; |
| chromeos::LocalPolicyTestServerMixin local_policy_mixin_{&mixin_host_}; |
| |
| content::WebContents* contents_; |
| |
| // These are member variables so they're guaranteed that the destructors |
| // (which may delete a directory) run in a scope where file IO is allowed. |
| base::ScopedTempDir temp_dir_; |
| base::ScopedTempDir cache_dir_; |
| |
| private: |
| extensions::SandboxedUnpacker::ScopedVerifierFormatOverrideForTest |
| verifier_format_override_; |
| DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountTest); |
| }; |
| |
| static bool IsKnownUser(const AccountId& account_id) { |
| return user_manager::UserManager::Get()->IsKnownUser(account_id); |
| } |
| |
| // Helper that listen extension installation when new profile is created. |
| class ExtensionInstallObserver : public ProfileManagerObserver, |
| public extensions::ExtensionRegistryObserver { |
| public: |
| explicit ExtensionInstallObserver(const std::string& extension_id) |
| : registry_(nullptr), |
| waiting_extension_id_(extension_id), |
| observed_(false) { |
| profile_manager_observer_.Observe(g_browser_process->profile_manager()); |
| } |
| |
| ~ExtensionInstallObserver() override { |
| if (registry_ != nullptr) |
| registry_->RemoveObserver(this); |
| } |
| |
| // Wait until an extension with |extension_id| is installed. |
| void Wait() { |
| if (!observed_) |
| run_loop_.Run(); |
| } |
| |
| private: |
| // extensions::ExtensionRegistryObserver: |
| void OnExtensionWillBeInstalled(content::BrowserContext* browser_context, |
| const extensions::Extension* extension, |
| bool is_update, |
| const std::string& old_name) override { |
| if (waiting_extension_id_ == extension->id()) { |
| observed_ = true; |
| run_loop_.Quit(); |
| } |
| } |
| |
| // ProfileManagerObserver: |
| void OnProfileAdded(Profile* profile) override { |
| // Ignore lock screen apps profile. |
| if (chromeos::ProfileHelper::IsLockScreenAppProfile(profile)) |
| return; |
| registry_ = extensions::ExtensionRegistry::Get(profile); |
| profile_manager_observer_.Reset(); |
| |
| // Check if extension is already installed with newly created profile. |
| if (registry_->GetInstalledExtension(waiting_extension_id_)) { |
| observed_ = true; |
| run_loop_.Quit(); |
| return; |
| } |
| |
| // Start listening for extension installation. |
| registry_->AddObserver(this); |
| } |
| |
| extensions::ExtensionRegistry* registry_; |
| base::RunLoop run_loop_; |
| base::ScopedObservation<ProfileManager, ProfileManagerObserver> |
| profile_manager_observer_{this}; |
| std::string waiting_extension_id_; |
| bool observed_; |
| |
| DISALLOW_COPY_AND_ASSIGN(ExtensionInstallObserver); |
| }; |
| |
| // Tests that the data associated with a device local account is removed when |
| // that local account is no longer part of policy. |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, PRE_DataIsRemoved) { |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| WaitUntilLocalStateChanged(); |
| |
| EXPECT_TRUE(IsKnownUser(account_id_1_)); |
| CheckPublicSessionPresent(account_id_1_); |
| |
| // Data for the account is normally added after successful authentication. |
| // Shortcut that here. |
| DictionaryPrefUpdate given_name_update(g_browser_process->local_state(), |
| "UserGivenName"); |
| given_name_update->SetKey(account_id_1_.GetUserEmail(), |
| base::Value("Elaine")); |
| |
| // Add some arbitrary data to make sure the "UserGivenName" dictionary isn't |
| // cleaning up itself. |
| given_name_update->SetKey("sanity.check@example.com", base::Value("Anne")); |
| } |
| |
| // Disabled on ASan and LSAn builds due to a consistent failure. See |
| // crbug.com/1004228 |
| #if defined(ADDRESS_SANITIZER) || defined(LEAK_SANITIZER) |
| #define MAYBE_DataIsRemoved DISABLED_DataIsRemoved |
| #else |
| #define MAYBE_DataIsRemoved DataIsRemoved |
| #endif |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, MAYBE_DataIsRemoved) { |
| // The device local account should have been removed. |
| EXPECT_FALSE(g_browser_process->local_state() |
| ->GetDictionary("UserGivenName") |
| ->FindKey(account_id_1_.GetUserEmail())); |
| |
| // The arbitrary data remains. |
| const std::string* value = g_browser_process->local_state() |
| ->GetDictionary("UserGivenName") |
| ->FindStringKey("sanity.check@example.com"); |
| ASSERT_TRUE(value); |
| EXPECT_EQ("Anne", *value); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, LoginScreen) { |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| AddPublicSessionToDevicePolicy(kAccountId2); |
| |
| WaitUntilLocalStateChanged(); |
| EXPECT_TRUE(IsKnownUser(account_id_1_)); |
| EXPECT_TRUE(IsKnownUser(account_id_2_)); |
| |
| CheckPublicSessionPresent(account_id_1_); |
| CheckPublicSessionPresent(account_id_2_); |
| |
| ASSERT_TRUE(user_manager::UserManager::Get()->FindUser(account_id_1_)); |
| EXPECT_TRUE(user_manager::UserManager::Get() |
| ->FindUser(account_id_1_) |
| ->IsAffiliated()); |
| |
| ASSERT_TRUE(user_manager::UserManager::Get()->FindUser(account_id_2_)); |
| EXPECT_TRUE(user_manager::UserManager::Get() |
| ->FindUser(account_id_2_) |
| ->IsAffiliated()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, DisplayName) { |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| // Verify that the display name is shown in the UI. |
| std::string display_name = |
| ash::LoginScreenTestApi::GetDisplayedName(account_id_1_); |
| EXPECT_EQ(kDisplayName1, display_name); |
| // Click on the pod to expand it. |
| ASSERT_TRUE(ash::LoginScreenTestApi::ExpandPublicSessionPod(account_id_1_)); |
| // Change the display name. |
| device_local_account_policy_.payload().mutable_userdisplayname()->set_value( |
| kDisplayName2); |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| policy::BrowserPolicyConnectorChromeOS* connector = |
| g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| DeviceLocalAccountPolicyBroker* broker = |
| connector->GetDeviceLocalAccountPolicyService()->GetBrokerForUser( |
| account_id_1_.GetUserEmail()); |
| ASSERT_TRUE(broker); |
| broker->core()->client()->FetchPolicy(); |
| WaitForDisplayName(account_id_1_.GetUserEmail(), kDisplayName2); |
| |
| // Verify that the new display name is shown in the UI. |
| display_name = ash::LoginScreenTestApi::GetDisplayedName(account_id_1_); |
| EXPECT_EQ(kDisplayName2, display_name); |
| // Verify that the pod is still expanded. This indicates that the UI updated |
| // without reloading and losing state. |
| EXPECT_TRUE(ash::LoginScreenTestApi::IsPublicSessionExpanded()); |
| } |
| |
| // Tests that display name is saved in kUserDisplayName pref in local state. |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, CachedDisplayName) { |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForDisplayName(account_id_1_.GetUserEmail(), kDisplayName1); |
| auto* dict = g_browser_process->local_state()->GetDictionary( |
| policy::key::kUserDisplayName); |
| ASSERT_TRUE(dict); |
| ASSERT_TRUE(dict->HasKey(account_id_1_.GetUserEmail())); |
| EXPECT_EQ(kDisplayName1, *dict->FindStringKey(account_id_1_.GetUserEmail())); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, PolicyDownload) { |
| UploadDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| // Sanity check: The policy should be present now. |
| ASSERT_FALSE(session_manager_client() |
| ->device_local_account_policy(kAccountId1) |
| .empty()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, AccountListChange) { |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| AddPublicSessionToDevicePolicy(kAccountId2); |
| |
| WaitUntilLocalStateChanged(); |
| EXPECT_TRUE(IsKnownUser(account_id_1_)); |
| EXPECT_TRUE(IsKnownUser(account_id_2_)); |
| |
| // Update policy to remove kAccountId2. |
| em::ChromeDeviceSettingsProto& proto(device_policy()->payload()); |
| proto.mutable_device_local_accounts()->clear_account(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| em::ChromeDeviceSettingsProto policy; |
| policy.mutable_show_user_names()->set_show_user_names(true); |
| em::DeviceLocalAccountInfoProto* account1 = |
| policy.mutable_device_local_accounts()->add_account(); |
| account1->set_account_id(kAccountId1); |
| account1->set_type( |
| em::DeviceLocalAccountInfoProto::ACCOUNT_TYPE_PUBLIC_SESSION); |
| |
| local_policy_mixin_.UpdateDevicePolicy(policy); |
| g_browser_process->policy_service()->RefreshPolicies(base::OnceClosure()); |
| |
| // Make sure the second device-local account disappears. |
| WaitUntilLocalStateChanged(); |
| EXPECT_FALSE(IsKnownUser(account_id_2_)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, StartSession) { |
| // Specify startup pages. |
| device_local_account_policy_.payload().mutable_restoreonstartup()->set_value( |
| SessionStartupPref::kPrefValueURLs); |
| em::StringListPolicyProto* startup_urls_proto = |
| device_local_account_policy_.payload().mutable_restoreonstartupurls(); |
| for (size_t i = 0; i < base::size(kStartupURLs); ++i) |
| startup_urls_proto->mutable_value()->add_entries(kStartupURLs[i]); |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| WaitForSessionStart(); |
| |
| // Check that the startup pages specified in policy were opened. |
| BrowserList* browser_list = BrowserList::GetInstance(); |
| EXPECT_EQ(1U, browser_list->size()); |
| Browser* browser = browser_list->get(0); |
| ASSERT_TRUE(browser); |
| |
| TabStripModel* tabs = browser->tab_strip_model(); |
| ASSERT_TRUE(tabs); |
| int expected_tab_count = static_cast<int>(base::size(kStartupURLs)); |
| EXPECT_EQ(expected_tab_count, tabs->count()); |
| for (int i = 0; i < expected_tab_count && i < tabs->count(); ++i) { |
| EXPECT_EQ(GURL(kStartupURLs[i]), |
| tabs->GetWebContentsAt(i)->GetVisibleURL()); |
| } |
| |
| // Verify that the session is not considered to be logged in with a GAIA |
| // account. |
| Profile* profile = GetProfileForTest(); |
| ASSERT_TRUE(profile); |
| EXPECT_FALSE( |
| IdentityManagerFactory::GetForProfile(profile)->HasPrimaryAccount( |
| signin::ConsentLevel::kSignin)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, FullscreenAllowed) { |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| WaitForSessionStart(); |
| |
| BrowserList* browser_list = BrowserList::GetInstance(); |
| EXPECT_EQ(1U, browser_list->size()); |
| Browser* browser = browser_list->get(0); |
| ASSERT_TRUE(browser); |
| BrowserWindow* browser_window = browser->window(); |
| ASSERT_TRUE(browser_window); |
| |
| // Verify that an attempt to enter fullscreen mode is allowed. |
| EXPECT_FALSE(browser_window->IsFullscreen()); |
| chrome::ToggleFullscreenMode(browser); |
| EXPECT_TRUE(browser_window->IsFullscreen()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, ExtensionsUncached) { |
| // Make it possible to force-install a hosted app and an extension. |
| ASSERT_TRUE(embedded_test_server()->InitializeAndListen()); |
| scoped_refptr<TestingUpdateManifestProvider> testing_update_manifest_provider( |
| new TestingUpdateManifestProvider(kRelativeUpdateURL)); |
| testing_update_manifest_provider->AddUpdate( |
| kHostedAppID, kHostedAppVersion, |
| embedded_test_server()->GetURL(std::string("/") + kHostedAppCRXPath)); |
| testing_update_manifest_provider->AddUpdate( |
| kGoodExtensionID, kGoodExtensionVersion, |
| embedded_test_server()->GetURL(std::string("/") + kGoodExtensionCRXPath)); |
| embedded_test_server()->RegisterRequestHandler( |
| base::BindRepeating(&TestingUpdateManifestProvider::HandleRequest, |
| testing_update_manifest_provider)); |
| embedded_test_server()->StartAcceptingConnections(); |
| |
| // Specify policy to force-install the hosted app and the extension. |
| em::StringList* forcelist = device_local_account_policy_.payload() |
| .mutable_extensioninstallforcelist() |
| ->mutable_value(); |
| forcelist->add_entries(base::StringPrintf( |
| "%s;%s", kHostedAppID, |
| embedded_test_server()->GetURL(kRelativeUpdateURL).spec().c_str())); |
| forcelist->add_entries(base::StringPrintf( |
| "%s;%s", kGoodExtensionID, |
| embedded_test_server()->GetURL(kRelativeUpdateURL).spec().c_str())); |
| |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| // Start listening for app/extension installation results. |
| ExtensionInstallObserver install_observer(kHostedAppID); |
| content::WindowedNotificationObserver extension_observer( |
| extensions::NOTIFICATION_EXTENSION_INSTALL_ERROR, |
| base::BindRepeating(DoesInstallFailureReferToId, kGoodExtensionID16)); |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| |
| // Wait for the hosted app installation to succeed and the extension |
| // installation to fail (because hosted apps are whitelisted for use in |
| // device-local accounts and extensions are not). |
| install_observer.Wait(); |
| extension_observer.Wait(); |
| |
| // Verify that the hosted app was installed. |
| Profile* profile = GetProfileForTest(); |
| ASSERT_TRUE(profile); |
| extensions::ExtensionRegistry* extension_registry = |
| extensions::ExtensionRegistry::Get(profile); |
| EXPECT_TRUE(extension_registry->enabled_extensions().GetByID(kHostedAppID)); |
| |
| // Verify that the extension was not installed. |
| EXPECT_FALSE(extension_registry->GetExtensionById( |
| kGoodExtensionID, extensions::ExtensionRegistry::EVERYTHING)); |
| |
| // Verify that the app was downloaded to the account's extension cache. |
| base::FilePath test_dir; |
| ASSERT_TRUE(base::PathService::Get(chrome::DIR_TEST_DATA, &test_dir)); |
| EXPECT_TRUE(ContentsEqual( |
| GetCacheCRXFile(kAccountId1, kHostedAppID, kHostedAppVersion), |
| test_dir.Append(kHostedAppCRXPath))); |
| |
| // Verify that the extension was removed from the account's extension cache |
| // after the installation failure. |
| DeviceLocalAccountPolicyBroker* broker = |
| g_browser_process->platform_part() |
| ->browser_policy_connector_chromeos() |
| ->GetDeviceLocalAccountPolicyService() |
| ->GetBrokerForUser(account_id_1_.GetUserEmail()); |
| ASSERT_TRUE(broker); |
| chromeos::ExternalCache* cache = |
| broker->extension_loader()->GetExternalCacheForTesting(); |
| ASSERT_TRUE(cache); |
| EXPECT_FALSE(cache->GetExtension(kGoodExtensionID, NULL, NULL)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, ExtensionsCached) { |
| ASSERT_TRUE(embedded_test_server()->Start()); |
| |
| // Pre-populate the device local account's extension cache with a hosted app |
| // and an extension. |
| { |
| base::ScopedAllowBlockingForTesting allow_blocking; |
| EXPECT_TRUE(base::CreateDirectory( |
| GetExtensionCacheDirectoryForAccountID(kAccountId1))); |
| } |
| base::FilePath test_dir; |
| ASSERT_TRUE(base::PathService::Get(chrome::DIR_TEST_DATA, &test_dir)); |
| const base::FilePath cached_hosted_app = |
| GetCacheCRXFile(kAccountId1, kHostedAppID, kHostedAppVersion); |
| { |
| base::ScopedAllowBlockingForTesting allow_blocking; |
| EXPECT_TRUE( |
| CopyFile(test_dir.Append(kHostedAppCRXPath), cached_hosted_app)); |
| EXPECT_TRUE(CopyFile( |
| test_dir.Append(kGoodExtensionCRXPath), |
| GetCacheCRXFile(kAccountId1, kGoodExtensionID, kGoodExtensionVersion))); |
| } |
| |
| // Specify policy to force-install the hosted app. |
| em::StringList* forcelist = device_local_account_policy_.payload() |
| .mutable_extensioninstallforcelist() |
| ->mutable_value(); |
| forcelist->add_entries(base::StringPrintf( |
| "%s;%s", kHostedAppID, |
| embedded_test_server()->GetURL(kRelativeUpdateURL).spec().c_str())); |
| forcelist->add_entries(base::StringPrintf( |
| "%s;%s", kGoodExtensionID, |
| embedded_test_server()->GetURL(kRelativeUpdateURL).spec().c_str())); |
| |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| // Start listening for app/extension installation results. |
| ExtensionInstallObserver install_observer(kHostedAppID); |
| content::WindowedNotificationObserver extension_observer( |
| extensions::NOTIFICATION_EXTENSION_INSTALL_ERROR, |
| base::BindRepeating(DoesInstallFailureReferToId, kGoodExtensionID16)); |
| |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| |
| // Wait for the hosted app installation to succeed and the extension |
| // installation to fail. |
| install_observer.Wait(); |
| extension_observer.Wait(); |
| |
| // Verify that the hosted app was installed. |
| Profile* profile = GetProfileForTest(); |
| ASSERT_TRUE(profile); |
| extensions::ExtensionRegistry* extension_registry = |
| extensions::ExtensionRegistry::Get(profile); |
| EXPECT_TRUE(extension_registry->enabled_extensions().GetByID(kHostedAppID)); |
| |
| // Verify that the extension was not installed. |
| EXPECT_FALSE(extension_registry->GetExtensionById( |
| kGoodExtensionID, extensions::ExtensionRegistry::EVERYTHING)); |
| |
| // Verify that the app is still in the account's extension cache. |
| { |
| base::ScopedAllowBlockingForTesting allow_blocking; |
| EXPECT_TRUE(PathExists(cached_hosted_app)); |
| } |
| |
| // Verify that the extension was removed from the account's extension cache. |
| DeviceLocalAccountPolicyBroker* broker = |
| g_browser_process->platform_part() |
| ->browser_policy_connector_chromeos() |
| ->GetDeviceLocalAccountPolicyService() |
| ->GetBrokerForUser(account_id_1_.GetUserEmail()); |
| ASSERT_TRUE(broker); |
| chromeos::ExternalCache* cache = |
| broker->extension_loader()->GetExternalCacheForTesting(); |
| ASSERT_TRUE(cache); |
| EXPECT_FALSE(cache->GetExtension(kGoodExtensionID, NULL, NULL)); |
| } |
| |
| static void OnPutExtension(std::unique_ptr<base::RunLoop>* run_loop, |
| const base::FilePath& file_path, |
| bool file_ownership_passed) { |
| ASSERT_TRUE(*run_loop); |
| (*run_loop)->Quit(); |
| } |
| |
| static void OnExtensionCacheImplInitialized( |
| std::unique_ptr<base::RunLoop>* run_loop) { |
| ASSERT_TRUE(*run_loop); |
| (*run_loop)->Quit(); |
| } |
| |
| static void CreateFile(const base::FilePath& file, |
| size_t size, |
| const base::Time& timestamp) { |
| base::ScopedAllowBlockingForTesting allow_blocking; |
| std::string data(size, 0); |
| EXPECT_TRUE(base::WriteFile(file, data)); |
| EXPECT_TRUE(base::TouchFile(file, timestamp, timestamp)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, ExtensionCacheImplTest) { |
| // Make it possible to force-install a hosted app and an extension. |
| ASSERT_TRUE(embedded_test_server()->InitializeAndListen()); |
| scoped_refptr<TestingUpdateManifestProvider> testing_update_manifest_provider( |
| new TestingUpdateManifestProvider(kRelativeUpdateURL)); |
| testing_update_manifest_provider->AddUpdate( |
| kHostedAppID, kHostedAppVersion, |
| embedded_test_server()->GetURL(std::string("/") + kHostedAppCRXPath)); |
| testing_update_manifest_provider->AddUpdate( |
| kGoodExtensionID, kGoodExtensionVersion, |
| embedded_test_server()->GetURL(std::string("/") + kGoodExtensionCRXPath)); |
| embedded_test_server()->RegisterRequestHandler( |
| base::BindRepeating(&TestingUpdateManifestProvider::HandleRequest, |
| testing_update_manifest_provider)); |
| embedded_test_server()->StartAcceptingConnections(); |
| // Create and initialize local cache. |
| base::FilePath impl_path; |
| { |
| base::ScopedAllowBlockingForTesting allow_blocking; |
| EXPECT_TRUE(cache_dir_.CreateUniqueTempDir()); |
| impl_path = cache_dir_.GetPath(); |
| EXPECT_TRUE(base::CreateDirectory(impl_path)); |
| } |
| CreateFile(impl_path.Append( |
| extensions::LocalExtensionCache::kCacheReadyFlagFileName), |
| 0, base::Time::Now()); |
| extensions::ExtensionCacheImpl cache_impl( |
| std::make_unique<extensions::ChromeOSExtensionCacheDelegate>(impl_path)); |
| auto run_loop = std::make_unique<base::RunLoop>(); |
| cache_impl.Start(base::BindOnce(&OnExtensionCacheImplInitialized, &run_loop)); |
| run_loop->Run(); |
| |
| // Put extension in the local cache. |
| base::FilePath temp_path; |
| { |
| base::ScopedAllowBlockingForTesting allow_blocking; |
| EXPECT_TRUE(temp_dir_.CreateUniqueTempDir()); |
| temp_path = temp_dir_.GetPath(); |
| EXPECT_TRUE(base::CreateDirectory(temp_path)); |
| } |
| const base::FilePath temp_file = |
| GetCacheCRXFilePath(kGoodExtensionID, kGoodExtensionVersion, temp_path); |
| base::FilePath test_dir; |
| std::string hash; |
| ASSERT_TRUE(base::PathService::Get(chrome::DIR_TEST_DATA, &test_dir)); |
| { |
| base::ScopedAllowBlockingForTesting allow_blocking; |
| EXPECT_TRUE(CopyFile(test_dir.Append(kGoodExtensionCRXPath), temp_file)); |
| } |
| cache_impl.AllowCaching(kGoodExtensionID); |
| run_loop = std::make_unique<base::RunLoop>(); |
| cache_impl.PutExtension(kGoodExtensionID, hash, temp_file, |
| kGoodExtensionVersion, |
| base::BindOnce(&OnPutExtension, &run_loop)); |
| run_loop->Run(); |
| |
| // Verify that the extension file was added to the local cache. |
| const base::FilePath local_file = |
| GetCacheCRXFilePath(kGoodExtensionID, kGoodExtensionVersion, impl_path); |
| { |
| base::ScopedAllowBlockingForTesting allow_blocking; |
| EXPECT_TRUE(PathExists(local_file)); |
| } |
| |
| // Specify policy to force-install the hosted app and the extension. |
| em::StringList* forcelist = device_local_account_policy_.payload() |
| .mutable_extensioninstallforcelist() |
| ->mutable_value(); |
| forcelist->add_entries(base::StringPrintf( |
| "%s;%s", kHostedAppID, |
| embedded_test_server()->GetURL(kRelativeUpdateURL).spec().c_str())); |
| forcelist->add_entries(base::StringPrintf( |
| "%s;%s", kGoodExtensionID, |
| embedded_test_server()->GetURL(kRelativeUpdateURL).spec().c_str())); |
| |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| // Start listening for app/extension installation results. |
| ExtensionInstallObserver install_observer(kHostedAppID); |
| content::WindowedNotificationObserver extension_observer( |
| extensions::NOTIFICATION_EXTENSION_INSTALL_ERROR, |
| base::BindRepeating(DoesInstallFailureReferToId, kGoodExtensionID16)); |
| |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| |
| // Wait for the hosted app installation to succeed and the extension |
| // installation to fail (because hosted apps are whitelisted for use in |
| // device-local accounts and extensions are not). |
| install_observer.Wait(); |
| extension_observer.Wait(); |
| |
| // Verify that the extension was kept in the local cache. |
| EXPECT_TRUE(cache_impl.GetExtension(kGoodExtensionID, hash, NULL, NULL)); |
| |
| { |
| base::ScopedAllowBlockingForTesting allow_blocking; |
| // Verify that the extension file was kept in the local cache. |
| EXPECT_TRUE(PathExists(local_file)); |
| } |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, ExternalData) { |
| // user_manager::UserManager requests an external data fetch whenever |
| // the key::kUserAvatarImage policy is set. Since this test wants to |
| // verify that the underlying policy subsystem will start a fetch |
| // without this request as well, the user_manager::UserManager must be |
| // prevented from seeing the policy change. |
| static_cast<ash::ChromeUserManagerImpl*>(user_manager::UserManager::Get()) |
| ->StopPolicyObserverForTesting(); |
| |
| UploadDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| // Start serving external data. |
| std::unique_ptr<base::RunLoop> run_loop(new base::RunLoop); |
| EXPECT_TRUE(embedded_test_server()->InitializeAndListen()); |
| embedded_test_server()->RegisterRequestHandler(base::BindRepeating( |
| [](const base::RepeatingClosure& quit_closure, |
| const net::test_server::HttpRequest& request) |
| -> std::unique_ptr<net::test_server::HttpResponse> { |
| if (request.relative_url != kExternalDataPath) |
| return nullptr; |
| |
| auto response = std::make_unique<net::test_server::BasicHttpResponse>(); |
| response->set_content(kExternalData); |
| |
| quit_closure.Run(); |
| return response; |
| }, |
| run_loop->QuitClosure())); |
| embedded_test_server()->StartAcceptingConnections(); |
| |
| // Specify an external data reference for the key::kUserAvatarImage policy. |
| std::unique_ptr<base::DictionaryValue> metadata = |
| test::ConstructExternalDataReference( |
| embedded_test_server()->GetURL(kExternalDataPath).spec(), |
| kExternalData); |
| std::string policy; |
| base::JSONWriter::Write(*metadata, &policy); |
| device_local_account_policy_.payload().mutable_useravatarimage()->set_value( |
| policy); |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| policy::BrowserPolicyConnectorChromeOS* connector = |
| g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| DeviceLocalAccountPolicyBroker* broker = |
| connector->GetDeviceLocalAccountPolicyService()->GetBrokerForUser( |
| account_id_1_.GetUserEmail()); |
| ASSERT_TRUE(broker); |
| broker->core()->store()->Load(); |
| |
| // The external data should be fetched and cached automatically. Wait for this |
| // fetch. |
| run_loop->Run(); |
| |
| // Stop serving external data. |
| EXPECT_TRUE(embedded_test_server()->ShutdownAndWaitUntilComplete()); |
| |
| const PolicyMap::Entry* policy_entry = |
| broker->core()->store()->policy_map().Get(key::kUserAvatarImage); |
| ASSERT_TRUE(policy_entry); |
| ASSERT_TRUE(policy_entry->external_data_fetcher); |
| |
| // Retrieve the external data. Although the data is no longer being served, |
| // the retrieval should succeed because the data has been cached. |
| run_loop = std::make_unique<base::RunLoop>(); |
| std::unique_ptr<std::string> fetched_external_data; |
| base::FilePath file_path; |
| policy_entry->external_data_fetcher->Fetch( |
| base::BindOnce(&test::ExternalDataFetchCallback, &fetched_external_data, |
| &file_path, run_loop->QuitClosure())); |
| run_loop->Run(); |
| |
| ASSERT_TRUE(fetched_external_data); |
| EXPECT_EQ(kExternalData, *fetched_external_data); |
| |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| WaitForSessionStart(); |
| |
| // Verify that the external data reference has propagated to the device-local |
| // account's ProfilePolicyConnector. |
| ProfilePolicyConnector* policy_connector = |
| GetProfileForTest()->GetProfilePolicyConnector(); |
| ASSERT_TRUE(policy_connector); |
| const PolicyMap& policies = policy_connector->policy_service()->GetPolicies( |
| PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())); |
| policy_entry = policies.Get(key::kUserAvatarImage); |
| ASSERT_TRUE(policy_entry); |
| EXPECT_EQ(*metadata, *policy_entry->value()); |
| ASSERT_TRUE(policy_entry->external_data_fetcher); |
| |
| // Retrieve the external data via the ProfilePolicyConnector. The retrieval |
| // should succeed because the data has been cached. |
| run_loop = std::make_unique<base::RunLoop>(); |
| fetched_external_data.reset(); |
| policy_entry->external_data_fetcher->Fetch( |
| base::BindOnce(&test::ExternalDataFetchCallback, &fetched_external_data, |
| &file_path, run_loop->QuitClosure())); |
| run_loop->Run(); |
| |
| ASSERT_TRUE(fetched_external_data); |
| EXPECT_EQ(kExternalData, *fetched_external_data); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, UserAvatarImage) { |
| ASSERT_TRUE(embedded_test_server()->Start()); |
| |
| UploadDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| base::FilePath test_dir; |
| ASSERT_TRUE(base::PathService::Get(chrome::DIR_TEST_DATA, &test_dir)); |
| std::string image_data; |
| { |
| base::ScopedAllowBlockingForTesting allow_blocking; |
| ASSERT_TRUE(base::ReadFileToString( |
| test_dir.Append(ash::test::kUserAvatarImage1RelativePath), |
| &image_data)); |
| } |
| |
| std::string policy; |
| base::JSONWriter::Write( |
| *test::ConstructExternalDataReference( |
| embedded_test_server() |
| ->GetURL(std::string("/") + |
| ash::test::kUserAvatarImage1RelativePath) |
| .spec(), |
| image_data), |
| &policy); |
| device_local_account_policy_.payload().mutable_useravatarimage()->set_value( |
| policy); |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| policy::BrowserPolicyConnectorChromeOS* connector = |
| g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| DeviceLocalAccountPolicyBroker* broker = |
| connector->GetDeviceLocalAccountPolicyService()->GetBrokerForUser( |
| account_id_1_.GetUserEmail()); |
| ASSERT_TRUE(broker); |
| |
| broker->core()->store()->Load(); |
| WaitUntilLocalStateChanged(); |
| |
| gfx::ImageSkia policy_image = |
| ash::test::ImageLoader( |
| test_dir.Append(ash::test::kUserAvatarImage1RelativePath)) |
| .Load(); |
| ASSERT_FALSE(policy_image.isNull()); |
| |
| const user_manager::User* user = |
| user_manager::UserManager::Get()->FindUser(account_id_1_); |
| ASSERT_TRUE(user); |
| |
| base::FilePath user_data_dir; |
| ASSERT_TRUE(base::PathService::Get(chrome::DIR_USER_DATA, &user_data_dir)); |
| const base::FilePath saved_image_path = |
| user_data_dir.Append(account_id_1_.GetUserEmail()).AddExtension("jpg"); |
| |
| EXPECT_FALSE(user->HasDefaultImage()); |
| EXPECT_EQ(user_manager::User::USER_IMAGE_EXTERNAL, user->image_index()); |
| EXPECT_TRUE(ash::test::AreImagesEqual(policy_image, user->GetImage())); |
| const base::DictionaryValue* images_pref = |
| g_browser_process->local_state()->GetDictionary("user_image_info"); |
| ASSERT_TRUE(images_pref); |
| const base::DictionaryValue* image_properties; |
| ASSERT_TRUE(images_pref->GetDictionaryWithoutPathExpansion( |
| account_id_1_.GetUserEmail(), &image_properties)); |
| int image_index; |
| std::string image_path; |
| ASSERT_TRUE(image_properties->GetInteger("index", &image_index)); |
| ASSERT_TRUE(image_properties->GetString("path", &image_path)); |
| EXPECT_EQ(user_manager::User::USER_IMAGE_EXTERNAL, image_index); |
| EXPECT_EQ(saved_image_path.value(), image_path); |
| |
| gfx::ImageSkia saved_image = ash::test::ImageLoader(saved_image_path).Load(); |
| ASSERT_FALSE(saved_image.isNull()); |
| |
| // Check image dimensions. Images can't be compared since JPEG is lossy. |
| EXPECT_EQ(policy_image.width(), saved_image.width()); |
| EXPECT_EQ(policy_image.height(), saved_image.height()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, LastWindowClosedLogoutReminder) { |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| WaitForSessionStart(); |
| |
| Profile* profile = GetProfileForTest(); |
| ASSERT_TRUE(profile); |
| extensions::AppWindowRegistry* app_window_registry = |
| extensions::AppWindowRegistry::Get(profile); |
| app_window_registry->AddObserver(this); |
| |
| // Verify that the logout confirmation dialog is not showing. |
| EXPECT_FALSE(IsLogoutConfirmationDialogShowing()); |
| |
| // Remove policy that allows only explicitly whitelisted apps to be installed |
| // in a public session. |
| extensions::ExtensionSystem* extension_system = |
| extensions::ExtensionSystem::Get(profile); |
| ASSERT_TRUE(extension_system); |
| extension_system->management_policy()->UnregisterAllProviders(); |
| |
| // Install and a platform app. |
| scoped_refptr<extensions::CrxInstaller> installer = |
| extensions::CrxInstaller::CreateSilent( |
| extension_system->extension_service()); |
| installer->set_allow_silent_install(true); |
| installer->set_install_cause(extension_misc::INSTALL_CAUSE_USER_DOWNLOAD); |
| installer->set_creation_flags(extensions::Extension::FROM_WEBSTORE); |
| content::WindowedNotificationObserver app_install_observer( |
| extensions::NOTIFICATION_CRX_INSTALLER_DONE, |
| content::NotificationService::AllSources()); |
| base::FilePath test_dir; |
| ASSERT_TRUE(base::PathService::Get(chrome::DIR_TEST_DATA, &test_dir)); |
| installer->InstallCrx(test_dir.Append(kPackagedAppCRXPath)); |
| app_install_observer.Wait(); |
| const extensions::Extension* app = |
| content::Details<const extensions::Extension>( |
| app_install_observer.details()) |
| .ptr(); |
| |
| // Start the platform app, causing it to open a window. |
| run_loop_ = std::make_unique<base::RunLoop>(); |
| auto* proxy = apps::AppServiceProxyFactory::GetForProfile(profile); |
| proxy->FlushMojoCallsForTesting(); |
| proxy->Launch( |
| app->id(), |
| apps::GetEventFlags(apps::mojom::LaunchContainer::kLaunchContainerWindow, |
| WindowOpenDisposition::NEW_WINDOW, |
| false /* preferred_containner */), |
| apps::mojom::LaunchSource::kFromChromeInternal, |
| apps::MakeWindowInfo( |
| display::Screen::GetScreen()->GetPrimaryDisplay().id())); |
| proxy->FlushMojoCallsForTesting(); |
| run_loop_->Run(); |
| EXPECT_EQ(1U, app_window_registry->app_windows().size()); |
| |
| // Close the only open browser window. |
| BrowserList* browser_list = BrowserList::GetInstance(); |
| EXPECT_EQ(1U, browser_list->size()); |
| Browser* browser = browser_list->get(0); |
| ASSERT_TRUE(browser); |
| BrowserWindow* browser_window = browser->window(); |
| ASSERT_TRUE(browser_window); |
| run_loop_ = std::make_unique<base::RunLoop>(); |
| browser_window->Close(); |
| browser_window = NULL; |
| run_loop_->Run(); |
| browser = NULL; |
| EXPECT_TRUE(browser_list->empty()); |
| |
| // Verify that the logout confirmation dialog is not showing because an app |
| // window is still open. |
| EXPECT_FALSE(IsLogoutConfirmationDialogShowing()); |
| |
| // Open a browser window. |
| Browser* first_browser = CreateBrowser(profile); |
| EXPECT_EQ(1U, browser_list->size()); |
| |
| // Close the app window. |
| run_loop_ = std::make_unique<base::RunLoop>(); |
| ASSERT_EQ(1U, app_window_registry->app_windows().size()); |
| app_window_registry->app_windows().front()->GetBaseWindow()->Close(); |
| run_loop_->Run(); |
| EXPECT_TRUE(app_window_registry->app_windows().empty()); |
| |
| // Verify that the logout confirmation dialog is not showing because a browser |
| // window is still open. |
| EXPECT_FALSE(IsLogoutConfirmationDialogShowing()); |
| |
| // Open a second browser window. |
| Browser* second_browser = CreateBrowser(profile); |
| EXPECT_EQ(2U, browser_list->size()); |
| |
| // Close the first browser window. |
| browser_window = first_browser->window(); |
| ASSERT_TRUE(browser_window); |
| run_loop_ = std::make_unique<base::RunLoop>(); |
| browser_window->Close(); |
| browser_window = NULL; |
| run_loop_->Run(); |
| first_browser = NULL; |
| EXPECT_EQ(1U, browser_list->size()); |
| |
| // Verify that the logout confirmation dialog is not showing because a browser |
| // window is still open. |
| EXPECT_FALSE(IsLogoutConfirmationDialogShowing()); |
| |
| // Close the second browser window. |
| browser_window = second_browser->window(); |
| ASSERT_TRUE(browser_window); |
| run_loop_ = std::make_unique<base::RunLoop>(); |
| browser_window->Close(); |
| browser_window = NULL; |
| run_loop_->Run(); |
| second_browser = NULL; |
| EXPECT_TRUE(browser_list->empty()); |
| |
| // Verify that the logout confirmation dialog is showing. |
| EXPECT_TRUE(IsLogoutConfirmationDialogShowing()); |
| |
| // Deny the logout. |
| ASSERT_NO_FATAL_FAILURE(CloseLogoutConfirmationDialog()); |
| |
| // Verify that the logout confirmation dialog is no longer showing. |
| EXPECT_FALSE(IsLogoutConfirmationDialogShowing()); |
| |
| // Open a browser window. |
| browser = CreateBrowser(profile); |
| EXPECT_EQ(1U, browser_list->size()); |
| |
| // Close the browser window. |
| browser_window = browser->window(); |
| ASSERT_TRUE(browser_window); |
| run_loop_ = std::make_unique<base::RunLoop>(); |
| browser_window->Close(); |
| browser_window = NULL; |
| run_loop_->Run(); |
| browser = NULL; |
| EXPECT_TRUE(browser_list->empty()); |
| |
| // Verify that the logout confirmation dialog is showing again. |
| EXPECT_TRUE(IsLogoutConfirmationDialogShowing()); |
| |
| // Deny the logout. |
| ASSERT_NO_FATAL_FAILURE(CloseLogoutConfirmationDialog()); |
| |
| app_window_registry->RemoveObserver(this); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, NoRecommendedLocaleNoSwitch) { |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| ExpandPublicSessionPod(false); |
| |
| // Click the enter button to start the session. |
| ash::LoginScreenTestApi::ClickPublicExpandedSubmitButton(); |
| |
| WaitForSessionStart(); |
| |
| // Verify that the locale has not changed and the first keyboard layout |
| // applicable to the locale was chosen. |
| EXPECT_EQ(initial_locale_, g_browser_process->GetApplicationLocale()); |
| EXPECT_EQ(initial_language_, icu::Locale::getDefault().getLanguage()); |
| VerifyKeyboardLayoutMatchesLocale(); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, NoRecommendedLocaleSwitch) { |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| ExpandPublicSessionPod(false); |
| |
| // Click the link that switches the pod to its advanced form. Verify that the |
| // pod switches from basic to advanced. |
| ash::LoginScreenTestApi::ClickPublicExpandedAdvancedViewButton(); |
| ASSERT_TRUE(ash::LoginScreenTestApi::IsExpandedPublicSessionAdvanced()); |
| ash::LoginScreenTestApi::SetPublicSessionLocale(kPublicSessionLocale); |
| // The UI will have requested an updated list of keyboard layouts at this |
| // point. Wait for the constructions of this list to finish. |
| WaitForGetKeyboardLayoutsForLocaleToFinish(); |
| |
| // Manually select a different keyboard layout. |
| ash::LoginScreenTestApi::SetPublicSessionKeyboard( |
| public_session_input_method_id_); |
| |
| ash::LoginScreenTestApi::ClickPublicExpandedSubmitButton(); |
| |
| WaitForSessionStart(); |
| |
| // Verify that the locale and keyboard layout have been applied. |
| EXPECT_EQ(kPublicSessionLocale, g_browser_process->GetApplicationLocale()); |
| EXPECT_EQ(l10n_util::GetLanguage(kPublicSessionLocale), |
| icu::Locale::getDefault().getLanguage()); |
| EXPECT_EQ(public_session_input_method_id_, |
| chromeos::input_method::InputMethodManager::Get() |
| ->GetActiveIMEState() |
| ->GetCurrentInputMethod() |
| .id()); |
| } |
| |
| // Tests whether or not managed guest session users can change the system |
| // timezone, which should be possible iff the timezone automatic detection |
| // policy is set to either DISABLED or USERS_DECIDE. |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, ManagedSessionTimezoneChange) { |
| SetManagedSessionsEnabled(true); |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| EnableAutoLogin(); |
| |
| WaitForPolicy(); |
| |
| WaitForSessionStart(); |
| |
| CheckPublicSessionPresent(account_id_1_); |
| |
| const user_manager::User* user = |
| user_manager::UserManager::Get()->FindUser(account_id_1_); |
| ASSERT_TRUE(user); |
| ASSERT_EQ(user->GetType(), user_manager::USER_TYPE_PUBLIC_ACCOUNT); |
| |
| std::u16string timezone_id1(u"America/Los_Angeles"); |
| std::string timezone_id2("Europe/Berlin"); |
| std::u16string timezone_id2_utf16(u"Europe/Berlin"); |
| |
| chromeos::system::TimezoneSettings* timezone_settings = |
| chromeos::system::TimezoneSettings::GetInstance(); |
| |
| timezone_settings->SetTimezoneFromID(timezone_id1); |
| SetSystemTimezoneAutomaticDetectionPolicy(em::SystemTimezoneProto::DISABLED); |
| chromeos::system::SetSystemTimezone(user, timezone_id2); |
| EXPECT_EQ(timezone_settings->GetCurrentTimezoneID(), timezone_id2_utf16); |
| |
| timezone_settings->SetTimezoneFromID(timezone_id1); |
| SetSystemTimezoneAutomaticDetectionPolicy( |
| em::SystemTimezoneProto::USERS_DECIDE); |
| chromeos::system::SetSystemTimezone(user, timezone_id2); |
| EXPECT_EQ(timezone_settings->GetCurrentTimezoneID(), timezone_id2_utf16); |
| |
| timezone_settings->SetTimezoneFromID(timezone_id1); |
| SetSystemTimezoneAutomaticDetectionPolicy(em::SystemTimezoneProto::IP_ONLY); |
| chromeos::system::SetSystemTimezone(user, timezone_id2); |
| EXPECT_NE(timezone_settings->GetCurrentTimezoneID(), timezone_id2_utf16); |
| |
| timezone_settings->SetTimezoneFromID(timezone_id1); |
| SetSystemTimezoneAutomaticDetectionPolicy( |
| em::SystemTimezoneProto::SEND_WIFI_ACCESS_POINTS); |
| chromeos::system::SetSystemTimezone(user, timezone_id2); |
| EXPECT_NE(timezone_settings->GetCurrentTimezoneID(), timezone_id2_utf16); |
| |
| timezone_settings->SetTimezoneFromID(timezone_id1); |
| SetSystemTimezoneAutomaticDetectionPolicy( |
| em::SystemTimezoneProto::SEND_ALL_LOCATION_INFO); |
| chromeos::system::SetSystemTimezone(user, timezone_id2); |
| EXPECT_NE(timezone_settings->GetCurrentTimezoneID(), timezone_id2_utf16); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, OneRecommendedLocale) { |
| // Specify a recommended locale. |
| SetRecommendedLocales(kSingleRecommendedLocale, |
| base::size(kSingleRecommendedLocale)); |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| ExpandPublicSessionPod(false); |
| |
| WaitForGetKeyboardLayoutsForLocaleToFinish(); |
| |
| // Click the enter button to start the session. |
| ash::LoginScreenTestApi::ClickPublicExpandedSubmitButton(); |
| |
| WaitForSessionStart(); |
| |
| // Verify that the recommended locale has been applied and the first keyboard |
| // layout applicable to the locale was chosen. |
| EXPECT_EQ(kSingleRecommendedLocale[0], |
| g_browser_process->GetApplicationLocale()); |
| EXPECT_EQ(l10n_util::GetLanguage(kSingleRecommendedLocale[0]), |
| icu::Locale::getDefault().getLanguage()); |
| VerifyKeyboardLayoutMatchesLocale(); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, MultipleRecommendedLocales) { |
| // Specify recommended locales. |
| SetRecommendedLocales(kRecommendedLocales1, base::size(kRecommendedLocales1)); |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| AddPublicSessionToDevicePolicy(kAccountId2); |
| |
| WaitForPolicy(); |
| |
| ExpandPublicSessionPod(true); |
| |
| // Verify that the pod shows a list of locales beginning with the recommended |
| // ones, followed by others. |
| std::vector<ash::LocaleItem> locales = |
| ash::LoginScreenTestApi::GetExpandedPublicSessionLocales(); |
| EXPECT_LT(base::size(kRecommendedLocales1), locales.size()); |
| |
| // Verify that the list starts with the recommended locales, in correct order. |
| for (size_t i = 0; i < base::size(kRecommendedLocales1); ++i) { |
| EXPECT_EQ(kRecommendedLocales1[i], locales[i].language_code); |
| } |
| |
| // Verify that the recommended locales do not appear again in the remainder of |
| // the list. |
| std::set<std::string> recommended_locales; |
| for (size_t i = 0; i < base::size(kRecommendedLocales1); ++i) |
| recommended_locales.insert(kRecommendedLocales1[i]); |
| for (size_t i = base::size(kRecommendedLocales1); i < locales.size(); ++i) { |
| const std::string& locale = locales[i].language_code; |
| EXPECT_EQ(recommended_locales.end(), recommended_locales.find(locale)); |
| } |
| |
| // Verify that the first recommended locale is selected. |
| std::string selected_locale = |
| ash::LoginScreenTestApi::GetExpandedPublicSessionSelectedLocale(); |
| |
| EXPECT_EQ(kRecommendedLocales1[0], selected_locale); |
| |
| // Change the list of recommended locales. |
| SetRecommendedLocales(kRecommendedLocales2, base::size(kRecommendedLocales2)); |
| |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| policy::BrowserPolicyConnectorChromeOS* connector = |
| g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| DeviceLocalAccountPolicyBroker* broker = |
| connector->GetDeviceLocalAccountPolicyService()->GetBrokerForUser( |
| account_id_1_.GetUserEmail()); |
| ASSERT_TRUE(broker); |
| broker->core()->client()->FetchPolicy(); |
| WaitForPublicSessionLocalesChange(account_id_1_); |
| |
| // Verify that the new list of locales is shown in the UI. |
| locales = ash::LoginScreenTestApi::GetExpandedPublicSessionLocales(); |
| EXPECT_LT(base::size(kRecommendedLocales2), locales.size()); |
| for (size_t i = 0; i < base::size(kRecommendedLocales2); ++i) { |
| const std::string& locale = locales[i].language_code; |
| EXPECT_EQ(kRecommendedLocales2[i], locale); |
| } |
| |
| // Verify that the first new recommended locale is selected. |
| selected_locale = |
| ash::LoginScreenTestApi::GetExpandedPublicSessionSelectedLocale(); |
| EXPECT_EQ(kRecommendedLocales2[0], selected_locale); |
| |
| // Manually select a different locale. |
| ash::LoginScreenTestApi::SetPublicSessionLocale(kPublicSessionLocale); |
| |
| // Change the list of recommended locales. |
| SetRecommendedLocales(kRecommendedLocales1, base::size(kRecommendedLocales1)); |
| |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| broker->core()->client()->FetchPolicy(); |
| WaitForPublicSessionLocalesChange(account_id_1_); |
| |
| // Verify that the manually selected locale is still selected. |
| selected_locale = |
| ash::LoginScreenTestApi::GetExpandedPublicSessionSelectedLocale(); |
| EXPECT_EQ(kPublicSessionLocale, selected_locale); |
| |
| // The UI will request an updated list of keyboard layouts at this point. Wait |
| // for the constructions of this list to finish. |
| WaitForGetKeyboardLayoutsForLocaleToFinish(); |
| |
| // Manually select a different keyboard layout. |
| ash::LoginScreenTestApi::SetPublicSessionKeyboard( |
| public_session_input_method_id_); |
| |
| ASSERT_TRUE(ash::LoginScreenTestApi::HidePublicSessionExpandedPod()); |
| |
| // Click on a different pod, causing focus to shift away and the pod to |
| // contract. |
| ASSERT_TRUE(ash::LoginScreenTestApi::FocusUser(account_id_2_)); |
| |
| // Click on the pod again, causing it to expand again. Verify that the pod has |
| // reset all its state (the advanced form is being shown, the manually |
| // selected locale and keyboard layout are selected). |
| ASSERT_TRUE(ash::LoginScreenTestApi::FocusUser(account_id_1_)); |
| ExpandPublicSessionPod(true); |
| EXPECT_EQ(kRecommendedLocales1[0], |
| ash::LoginScreenTestApi::GetExpandedPublicSessionSelectedLocale()); |
| |
| std::string selected_keyboard_layout = |
| ash::LoginScreenTestApi::GetExpandedPublicSessionSelectedKeyboard(); |
| |
| std::string default_keyboard_id = |
| GetDefaultKeyboardIdFromLanguageCode(kRecommendedLocales1[0]); |
| EXPECT_EQ(default_keyboard_id, selected_keyboard_layout); |
| |
| ash::LoginScreenTestApi::SetPublicSessionLocale(kPublicSessionLocale); |
| WaitForGetKeyboardLayoutsForLocaleToFinish(); |
| ash::LoginScreenTestApi::SetPublicSessionKeyboard( |
| public_session_input_method_id_); |
| |
| // Click the enter button to start the session. |
| ash::LoginScreenTestApi::ClickPublicExpandedSubmitButton(); |
| |
| WaitForSessionStart(); |
| |
| // Verify that the locale and keyboard layout have been applied. |
| EXPECT_EQ(kPublicSessionLocale, g_browser_process->GetApplicationLocale()); |
| EXPECT_EQ(l10n_util::GetLanguage(kPublicSessionLocale), |
| icu::Locale::getDefault().getLanguage()); |
| EXPECT_EQ(public_session_input_method_id_, |
| chromeos::input_method::InputMethodManager::Get() |
| ->GetActiveIMEState() |
| ->GetCurrentInputMethod() |
| .id()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, InvalidRecommendedLocale) { |
| // Specify an invalid recommended locale. |
| SetRecommendedLocales(kInvalidRecommendedLocale, |
| base::size(kInvalidRecommendedLocale)); |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| // Click on the pod to expand it. Verify that the pod expands to its basic |
| // form as there is only one recommended locale. |
| ExpandPublicSessionPod(false); |
| ash::LoginScreenTestApi::ClickPublicExpandedSubmitButton(); |
| |
| WaitForSessionStart(); |
| |
| // Verify that since the recommended locale was invalid, the locale has not |
| // changed and the first keyboard layout applicable to the locale was chosen. |
| EXPECT_EQ(initial_locale_, g_browser_process->GetApplicationLocale()); |
| EXPECT_EQ(l10n_util::GetLanguage(initial_locale_), |
| icu::Locale::getDefault().getLanguage()); |
| VerifyKeyboardLayoutMatchesLocale(); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, LocaleWithIME) { |
| // Specify a locale that has real IMEs in addition to a keyboard layout one. |
| const char* const kSingleLocaleWithIME[] = {"ja"}; |
| RunWithRecommendedLocale(kSingleLocaleWithIME, |
| base::size(kSingleLocaleWithIME)); |
| |
| EXPECT_GT(chromeos::input_method::InputMethodManager::Get() |
| ->GetActiveIMEState() |
| ->GetNumActiveInputMethods(), |
| 1u); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, LocaleWithNoIME) { |
| // Specify a locale that has only keyboard layout. |
| const char* const kSingleLocaleWithNoIME[] = {"de"}; |
| RunWithRecommendedLocale(kSingleLocaleWithNoIME, |
| base::size(kSingleLocaleWithNoIME)); |
| |
| EXPECT_EQ(1u, chromeos::input_method::InputMethodManager::Get() |
| ->GetActiveIMEState() |
| ->GetNumActiveInputMethods()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, |
| AutoLoginWithoutRecommendedLocales) { |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| EnableAutoLogin(); |
| |
| WaitForPolicy(); |
| |
| WaitForSessionStart(); |
| |
| // Verify that the locale has not changed and the first keyboard layout |
| // applicable to the locale was chosen. |
| EXPECT_EQ(initial_locale_, g_browser_process->GetApplicationLocale()); |
| EXPECT_EQ(initial_language_, icu::Locale::getDefault().getLanguage()); |
| VerifyKeyboardLayoutMatchesLocale(); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, |
| AutoLoginWithRecommendedLocales) { |
| // Specify recommended locales. |
| SetRecommendedLocales(kRecommendedLocales1, base::size(kRecommendedLocales1)); |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| EnableAutoLogin(); |
| |
| WaitForPolicy(); |
| |
| WaitForSessionStart(); |
| |
| // Verify that the first recommended locale has been applied and the first |
| // keyboard layout applicable to the locale was chosen. |
| EXPECT_EQ(kRecommendedLocales1[0], g_browser_process->GetApplicationLocale()); |
| EXPECT_EQ(l10n_util::GetLanguage(kRecommendedLocales1[0]), |
| icu::Locale::getDefault().getLanguage()); |
| VerifyKeyboardLayoutMatchesLocale(); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, TermsOfServiceWithLocaleSwitch) { |
| // Specify Terms of Service URL. |
| ASSERT_TRUE(embedded_test_server()->Start()); |
| device_local_account_policy_.payload().mutable_termsofserviceurl()->set_value( |
| embedded_test_server() |
| ->GetURL(std::string("/") + kExistentTermsOfServicePath) |
| .spec()); |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| ExpandPublicSessionPod(false); |
| |
| // Select a different locale. |
| ash::LoginScreenTestApi::SetPublicSessionLocale(kPublicSessionLocale); |
| |
| // The UI will have requested an updated list of keyboard layouts at this |
| // point. Wait for the constructions of this list to finish. |
| WaitForGetKeyboardLayoutsForLocaleToFinish(); |
| |
| // Set up an observer that will quit the message loop when login has succeeded |
| // and the first wizard screen, if any, is being shown. |
| base::RunLoop login_wait_run_loop; |
| chromeos::MockAuthStatusConsumer login_status_consumer( |
| login_wait_run_loop.QuitClosure()); |
| EXPECT_CALL(login_status_consumer, OnAuthSuccess(_)) |
| .Times(1) |
| .WillOnce(InvokeWithoutArgs(&login_wait_run_loop, &base::RunLoop::Quit)); |
| chromeos::ExistingUserController* controller = |
| chromeos::ExistingUserController::current_controller(); |
| ASSERT_TRUE(controller); |
| controller->AddLoginStatusConsumer(&login_status_consumer); |
| |
| // Manually select a different keyboard layout and click the enter button to |
| // start the session. |
| ash::LoginScreenTestApi::SetPublicSessionKeyboard( |
| public_session_input_method_id_); |
| ash::LoginScreenTestApi::ClickPublicExpandedSubmitButton(); |
| |
| // Spin the loop until the login observer fires. Then, unregister the |
| // observer. |
| login_wait_run_loop.Run(); |
| controller->RemoveLoginStatusConsumer(&login_status_consumer); |
| |
| // Wait for the Terms of Service screen is being shown. |
| chromeos::OobeScreenWaiter(chromeos::TermsOfServiceScreenView::kScreenId) |
| .Wait(); |
| |
| // Wait for the Terms of Service to finish downloading. |
| chromeos::test::OobeJS() |
| .CreateWaiter(GetOobeElementPath({"terms-of-service"}) + ".isLoaded_()") |
| ->Wait(); |
| |
| // Verify that the locale and keyboard layout have been applied. |
| EXPECT_EQ(kPublicSessionLocale, g_browser_process->GetApplicationLocale()); |
| EXPECT_EQ(l10n_util::GetLanguage(kPublicSessionLocale), |
| icu::Locale::getDefault().getLanguage()); |
| EXPECT_EQ(public_session_input_method_id_, |
| chromeos::input_method::InputMethodManager::Get() |
| ->GetActiveIMEState() |
| ->GetCurrentInputMethod() |
| .id()); |
| |
| // Wait for 'tos-accept-button' to become enabled. |
| chromeos::test::OobeJS() |
| .CreateEnabledWaiter(true, {"terms-of-service", "acceptButton"}) |
| ->Wait(); |
| |
| // Click the accept button. |
| chromeos::test::OobeJS().ClickOnPath({"terms-of-service", "acceptButton"}); |
| |
| WaitForSessionStart(); |
| |
| // Verify that the locale and keyboard layout are still in force. |
| EXPECT_EQ(kPublicSessionLocale, g_browser_process->GetApplicationLocale()); |
| EXPECT_EQ(l10n_util::GetLanguage(kPublicSessionLocale), |
| icu::Locale::getDefault().getLanguage()); |
| EXPECT_EQ(public_session_input_method_id_, |
| chromeos::input_method::InputMethodManager::Get() |
| ->GetActiveIMEState() |
| ->GetCurrentInputMethod() |
| .id()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, PublicSessionWithLocaleSwitch) { |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| ExpandPublicSessionPod(false); |
| |
| // Select a different locale. |
| EXPECT_NE(kPublicSessionLocale, g_browser_process->GetApplicationLocale()); |
| ash::LoginScreenTestApi::SetPublicSessionLocale(kPublicSessionLocale); |
| |
| // Submit the locale change. |
| ash::LoginScreenTestApi::ClickPublicExpandedSubmitButton(); |
| |
| WaitForSessionStart(); |
| |
| // Verify that the locale. |
| EXPECT_EQ(kPublicSessionLocale, g_browser_process->GetApplicationLocale()); |
| EXPECT_EQ(l10n_util::GetLanguage(kPublicSessionLocale), |
| icu::Locale::getDefault().getLanguage()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, PolicyForExtensions) { |
| // Set up a test update server for the Show Managed Storage app. |
| ASSERT_TRUE(embedded_test_server()->InitializeAndListen()); |
| scoped_refptr<TestingUpdateManifestProvider> testing_update_manifest_provider( |
| new TestingUpdateManifestProvider(kRelativeUpdateURL)); |
| testing_update_manifest_provider->AddUpdate( |
| kShowManagedStorageID, kShowManagedStorageVersion, |
| embedded_test_server()->GetURL(std::string("/") + |
| kShowManagedStorageCRXPath)); |
| embedded_test_server()->RegisterRequestHandler( |
| base::BindRepeating(&TestingUpdateManifestProvider::HandleRequest, |
| testing_update_manifest_provider)); |
| embedded_test_server()->StartAcceptingConnections(); |
| |
| // Force-install the Show Managed Storage app. This app can be installed in |
| // public sessions because it's whitelisted for testing purposes. |
| em::StringList* forcelist = device_local_account_policy_.payload() |
| .mutable_extensioninstallforcelist() |
| ->mutable_value(); |
| forcelist->add_entries(base::StringPrintf( |
| "%s;%s", kShowManagedStorageID, |
| embedded_test_server()->GetURL(kRelativeUpdateURL).spec().c_str())); |
| |
| // Set a policy for the app at the policy testserver. |
| // Note that the policy for the device-local account will be fetched before |
| // the session is started, so the policy for the app must be installed before |
| // the first device policy fetch. |
| ASSERT_TRUE(local_policy_mixin_.server()->UpdatePolicyData( |
| dm_protocol::kChromeExtensionPolicyType, kShowManagedStorageID, |
| "{" |
| " \"string\": {" |
| " \"Value\": \"policy test value one\"" |
| " }" |
| "}")); |
| |
| // Install and refresh the device policy now. This will also fetch the initial |
| // user policy for the device-local account now. |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| WaitForPolicy(); |
| |
| // Observe the app installation after login. |
| ExtensionInstallObserver install_observer(kShowManagedStorageID); |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| WaitForSessionStart(); |
| install_observer.Wait(); |
| |
| // Verify that the app was installed. |
| Profile* profile = GetProfileForTest(); |
| ASSERT_TRUE(profile); |
| extensions::ExtensionRegistry* extension_registry = |
| extensions::ExtensionRegistry::Get(profile); |
| EXPECT_TRUE( |
| extension_registry->enabled_extensions().GetByID(kShowManagedStorageID)); |
| |
| // Wait for the app policy if it hasn't been fetched yet. |
| ProfilePolicyConnector* connector = profile->GetProfilePolicyConnector(); |
| ASSERT_TRUE(connector); |
| PolicyService* policy_service = connector->policy_service(); |
| ASSERT_TRUE(policy_service); |
| const PolicyNamespace ns(POLICY_DOMAIN_EXTENSIONS, kShowManagedStorageID); |
| if (policy_service->GetPolicies(ns).Get("string") == nullptr) { |
| PolicyChangeRegistrar policy_registrar(policy_service, ns); |
| base::RunLoop run_loop; |
| policy_registrar.Observe( |
| "string", |
| base::BindRepeating(&PolicyChangedCallback, run_loop.QuitClosure())); |
| run_loop.Run(); |
| } |
| |
| // Verify that the app policy was set. |
| base::Value expected_value("policy test value one"); |
| EXPECT_EQ(expected_value, |
| *policy_service->GetPolicies(ns).GetValue("string")); |
| |
| // Now update the policy at the server. |
| ASSERT_TRUE(local_policy_mixin_.server()->UpdatePolicyData( |
| dm_protocol::kChromeExtensionPolicyType, kShowManagedStorageID, |
| "{" |
| " \"string\": {" |
| " \"Value\": \"policy test value two\"" |
| " }" |
| "}")); |
| |
| // And issue a policy refresh. |
| { |
| PolicyChangeRegistrar policy_registrar(policy_service, ns); |
| base::RunLoop run_loop; |
| policy_registrar.Observe( |
| "string", |
| base::BindRepeating(&PolicyChangedCallback, run_loop.QuitClosure())); |
| policy_service->RefreshPolicies(base::OnceClosure()); |
| run_loop.Run(); |
| } |
| |
| // Verify that the app policy was updated. |
| base::Value expected_new_value("policy test value two"); |
| EXPECT_EQ(expected_new_value, |
| *policy_service->GetPolicies(ns).GetValue("string")); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, LoginWarningShown) { |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| ExpandPublicSessionPod(false); |
| |
| // Click the link that switches the pod to its advanced form. Verify that the |
| // pod switches from basic to advanced. |
| ash::LoginScreenTestApi::ClickPublicExpandedAdvancedViewButton(); |
| ASSERT_TRUE(ash::LoginScreenTestApi::IsExpandedPublicSessionAdvanced()); |
| ASSERT_TRUE(ash::LoginScreenTestApi::IsPublicSessionWarningShown()); |
| } |
| |
| class DeviceLocalAccountWarnings : public DeviceLocalAccountTest { |
| void SetUpInProcessBrowserTestFixture() override { |
| DeviceLocalAccountTest::SetUpInProcessBrowserTestFixture(); |
| SetManagedSessionsWarningDisabled(); |
| } |
| |
| void SetManagedSessionsWarningDisabled() { |
| em::ChromeDeviceSettingsProto& proto(device_policy()->payload()); |
| em::ManagedGuestSessionPrivacyWarningsProto* managed_sessions_warnings = |
| proto.mutable_managed_guest_session_privacy_warnings(); |
| managed_sessions_warnings->set_enabled(false); |
| RefreshDevicePolicy(); |
| ASSERT_TRUE(local_policy_mixin_.UpdateDevicePolicy(proto)); |
| } |
| }; |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountWarnings, NoLoginWarningShown) { |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| ExpandPublicSessionPod(false); |
| |
| // Click the link that switches the pod to its advanced form. Verify that the |
| // pod switches from basic to advanced. |
| ash::LoginScreenTestApi::ClickPublicExpandedAdvancedViewButton(); |
| ASSERT_TRUE(ash::LoginScreenTestApi::IsExpandedPublicSessionAdvanced()); |
| ASSERT_FALSE(ash::LoginScreenTestApi::IsPublicSessionWarningShown()); |
| } |
| |
| class ManagedSessionsTest : public DeviceLocalAccountTest { |
| protected: |
| class CertsObserver : public chromeos::PolicyCertificateProvider::Observer { |
| public: |
| explicit CertsObserver(base::OnceClosure on_change) |
| : on_change_(std::move(on_change)) {} |
| |
| void OnPolicyProvidedCertsChanged() override { |
| std::move(on_change_).Run(); |
| } |
| |
| private: |
| base::OnceClosure on_change_; |
| }; |
| |
| void StartTestExtensionsServer() { |
| ASSERT_TRUE(embedded_test_server()->InitializeAndListen()); |
| scoped_refptr<TestingUpdateManifestProvider> |
| testing_update_manifest_provider( |
| new TestingUpdateManifestProvider(kRelativeUpdateURL)); |
| testing_update_manifest_provider->AddUpdate( |
| kGoodExtensionID, kGoodExtensionVersion, |
| embedded_test_server()->GetURL(std::string("/") + |
| kGoodExtensionCRXPath)); |
| testing_update_manifest_provider->AddUpdate( |
| kHostedAppID, kHostedAppVersion, |
| embedded_test_server()->GetURL(std::string("/") + kHostedAppCRXPath)); |
| testing_update_manifest_provider->AddUpdate( |
| kShowManagedStorageID, kShowManagedStorageVersion, |
| embedded_test_server()->GetURL(std::string("/") + |
| kShowManagedStorageCRXPath)); |
| embedded_test_server()->RegisterRequestHandler( |
| base::BindRepeating(&TestingUpdateManifestProvider::HandleRequest, |
| testing_update_manifest_provider)); |
| embedded_test_server()->StartAcceptingConnections(); |
| } |
| |
| DeviceLocalAccountPolicyBroker* GetDeviceLocalAccountPolicyBroker() { |
| return g_browser_process->platform_part() |
| ->browser_policy_connector_chromeos() |
| ->GetDeviceLocalAccountPolicyService() |
| ->GetBrokerForUser(account_id_1_.GetUserEmail()); |
| } |
| |
| void AddExtension(const char* extension_id) { |
| // Specify policy to install an extension. |
| em::StringList* forcelist = device_local_account_policy_.payload() |
| .mutable_extensioninstallforcelist() |
| ->mutable_value(); |
| forcelist->add_entries(base::StringPrintf( |
| "%s;%s", extension_id, |
| embedded_test_server()->GetURL(kRelativeUpdateURL).spec().c_str())); |
| } |
| |
| void AddForceInstalledSafeExtension() { AddExtension(kHostedAppID); } |
| |
| void AddForceInstalledUnsafeExtension() { |
| // has effective hosts: |
| // http://*.example.com/* |
| // http://*.google.com/* |
| // https://*.google.com/* |
| AddExtension(kGoodExtensionID); |
| } |
| |
| void AddForceInstalledWhitelistedExtension() { |
| AddExtension(kShowManagedStorageID); |
| } |
| |
| void WaitForCertificateUpdate() { |
| policy::DeviceNetworkConfigurationUpdater* updater = |
| g_browser_process->platform_part() |
| ->browser_policy_connector_chromeos() |
| ->GetDeviceNetworkConfigurationUpdater(); |
| base::RunLoop run_loop; |
| auto observer = std::make_unique<CertsObserver>(run_loop.QuitClosure()); |
| updater->AddPolicyProvidedCertsObserver(observer.get()); |
| run_loop.Run(); |
| updater->RemovePolicyProvidedCertsObserver(observer.get()); |
| } |
| |
| void AddNetworkCertificateToDevicePolicy() { |
| em::ChromeDeviceSettingsProto& proto(device_policy()->payload()); |
| proto.mutable_open_network_configuration()->set_open_network_configuration( |
| kFakeOncWithCertificate); |
| RefreshDevicePolicy(); |
| WaitForCertificateUpdate(); |
| } |
| }; |
| |
| IN_PROC_BROWSER_TEST_F(ManagedSessionsTest, ManagedSessionsDisabled) { |
| SetManagedSessionsEnabled(/* managed_sessions_enabled */ false); |
| |
| // Install and refresh the device policy now. This will also fetch the initial |
| // user policy for the device-local account now. |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| WaitForPolicy(); |
| |
| const user_manager::User* user = |
| user_manager::UserManager::Get()->FindUser(account_id_1_); |
| ASSERT_TRUE(user); |
| auto* broker = GetDeviceLocalAccountPolicyBroker(); |
| ASSERT_TRUE(broker); |
| |
| // Check that managed sessions mode is disabled. |
| EXPECT_FALSE( |
| ash::ChromeUserManager::Get()->IsManagedSessionEnabledForUser(*user)); |
| |
| // Check that disabled managed sessions mode hides full management disclosure |
| // warning. |
| EXPECT_FALSE( |
| ash::ChromeUserManager::Get()->IsFullManagementDisclosureNeeded(broker)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ManagedSessionsTest, ManagedSessionsEnabledNonRisky) { |
| SetManagedSessionsEnabled(/* managed_sessions_enabled */ true); |
| |
| // Install and refresh the device policy now. This will also fetch the initial |
| // user policy for the device-local account now. |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| WaitForPolicy(); |
| |
| const user_manager::User* user = |
| user_manager::UserManager::Get()->FindUser(account_id_1_); |
| ASSERT_TRUE(user); |
| auto* broker = GetDeviceLocalAccountPolicyBroker(); |
| ASSERT_TRUE(broker); |
| |
| // Check that managed sessions mode is enabled. |
| ASSERT_TRUE( |
| ash::ChromeUserManager::Get()->IsManagedSessionEnabledForUser(*user)); |
| |
| // Management disclosure warning is shown in the beginning, because |
| // kManagedSessionUseFullLoginWarning pref is set to true in the beginning. |
| ASSERT_TRUE( |
| ash::ChromeUserManager::Get()->IsFullManagementDisclosureNeeded(broker)); |
| |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| WaitForSessionStart(); |
| |
| // After the login, kManagedSessionUseFullLoginWarning pref is updated. |
| // Check that management disclosure warning is not shown when managed sessions |
| // are enabled, but policy settings are not risky. |
| ASSERT_FALSE( |
| ash::ChromeUserManager::Get()->IsFullManagementDisclosureNeeded(broker)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ManagedSessionsTest, ForceInstalledSafeExtension) { |
| SetManagedSessionsEnabled(/* managed_sessions_enabled */ true); |
| StartTestExtensionsServer(); |
| AddForceInstalledSafeExtension(); |
| |
| // Install and refresh the device policy now. This will also fetch the initial |
| // user policy for the device-local account now. |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| WaitForPolicy(); |
| |
| const user_manager::User* user = |
| user_manager::UserManager::Get()->FindUser(account_id_1_); |
| ASSERT_TRUE(user); |
| auto* broker = GetDeviceLocalAccountPolicyBroker(); |
| ASSERT_TRUE(broker); |
| |
| // Check that 'DeviceLocalAccountManagedSessionEnabled' policy was applied |
| // correctly. |
| EXPECT_TRUE( |
| ash::ChromeUserManager::Get()->IsManagedSessionEnabledForUser(*user)); |
| |
| // Management disclosure warning is shown in the beginning, because |
| // kManagedSessionUseFullLoginWarning pref is set to true in the beginning. |
| ASSERT_TRUE( |
| ash::ChromeUserManager::Get()->IsFullManagementDisclosureNeeded(broker)); |
| |
| ExtensionInstallObserver install_observer(kHostedAppID); |
| |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| WaitForSessionStart(); |
| |
| install_observer.Wait(); |
| |
| // After the login, kManagedSessionUseFullLoginWarning pref is updated. |
| // Check that force-installed extension activates managed session mode for |
| // device-local users. |
| EXPECT_FALSE( |
| ash::ChromeUserManager::Get()->IsFullManagementDisclosureNeeded(broker)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ManagedSessionsTest, ForceInstalledUnsafeExtension) { |
| SetManagedSessionsEnabled(/* managed_sessions_enabled */ true); |
| StartTestExtensionsServer(); |
| AddForceInstalledUnsafeExtension(); |
| |
| // Install and refresh the device policy now. This will also fetch the initial |
| // user policy for the device-local account now. |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| WaitForPolicy(); |
| |
| const user_manager::User* user = |
| user_manager::UserManager::Get()->FindUser(account_id_1_); |
| ASSERT_TRUE(user); |
| auto* broker = GetDeviceLocalAccountPolicyBroker(); |
| ASSERT_TRUE(broker); |
| |
| // Check that 'DeviceLocalAccountManagedSessionEnabled' policy was applied |
| // correctly. |
| EXPECT_TRUE( |
| ash::ChromeUserManager::Get()->IsManagedSessionEnabledForUser(*user)); |
| |
| // Management disclosure warning is shown in the beginning, because |
| // kManagedSessionUseFullLoginWarning pref is set to true in the beginning. |
| ASSERT_TRUE( |
| ash::ChromeUserManager::Get()->IsFullManagementDisclosureNeeded(broker)); |
| |
| ExtensionInstallObserver install_observer(kGoodExtensionID); |
| |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| WaitForSessionStart(); |
| |
| install_observer.Wait(); |
| |
| // After the login, kManagedSessionUseFullLoginWarning pref is updated. |
| // Check that force-installed extension activates managed session mode for |
| // device-local users. |
| EXPECT_TRUE( |
| ash::ChromeUserManager::Get()->IsFullManagementDisclosureNeeded(broker)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ManagedSessionsTest, WhitelistedExtension) { |
| SetManagedSessionsEnabled(/* managed_sessions_enabled */ true); |
| StartTestExtensionsServer(); |
| AddForceInstalledWhitelistedExtension(); |
| |
| // Install and refresh the device policy now. This will also fetch the initial |
| // user policy for the device-local account now. |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| WaitForPolicy(); |
| |
| const user_manager::User* user = |
| user_manager::UserManager::Get()->FindUser(account_id_1_); |
| ASSERT_TRUE(user); |
| auto* broker = GetDeviceLocalAccountPolicyBroker(); |
| ASSERT_TRUE(broker); |
| |
| // Check that 'DeviceLocalAccountManagedSessionEnabled' policy was applied |
| // correctly. |
| EXPECT_TRUE( |
| ash::ChromeUserManager::Get()->IsManagedSessionEnabledForUser(*user)); |
| |
| // Management disclosure warning is shown in the beginning, because |
| // kManagedSessionUseFullLoginWarning pref is set to true in the beginning. |
| ASSERT_TRUE( |
| ash::ChromeUserManager::Get()->IsFullManagementDisclosureNeeded(broker)); |
| |
| ExtensionInstallObserver install_observer(kShowManagedStorageID); |
| |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| WaitForSessionStart(); |
| |
| install_observer.Wait(); |
| |
| // After the login, kManagedSessionUseFullLoginWarning pref is updated. |
| // Check that white-listed extension is not considered risky and doesn't |
| // activate managed session mode. |
| EXPECT_FALSE( |
| ash::ChromeUserManager::Get()->IsFullManagementDisclosureNeeded(broker)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ManagedSessionsTest, NetworkCertificate) { |
| SetManagedSessionsEnabled(/* managed_sessions_enabled */ true); |
| |
| device_local_account_policy_.payload() |
| .mutable_opennetworkconfiguration() |
| ->set_value(kFakeOncWithCertificate); |
| |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| const user_manager::User* user = |
| user_manager::UserManager::Get()->FindUser(account_id_1_); |
| ASSERT_TRUE(user); |
| auto* broker = GetDeviceLocalAccountPolicyBroker(); |
| ASSERT_TRUE(broker); |
| |
| // Check that 'DeviceLocalAccountManagedSessionEnabled' policy was applied |
| // correctly. |
| EXPECT_TRUE( |
| ash::ChromeUserManager::Get()->IsManagedSessionEnabledForUser(*user)); |
| |
| // Check that network certificate pushed via policy activates managed sessions |
| // mode. |
| EXPECT_TRUE( |
| ash::ChromeUserManager::Get()->IsFullManagementDisclosureNeeded(broker)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ManagedSessionsTest, AllowCrossOriginAuthPrompt) { |
| SetManagedSessionsEnabled(/* managed_sessions_enabled */ true); |
| |
| device_local_account_policy_.payload() |
| .mutable_allowcrossoriginauthprompt() |
| ->set_value(true); |
| |
| // Install and refresh the device policy now. This will also fetch the initial |
| // user policy for the device-local account now. |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| WaitForPolicy(); |
| |
| const user_manager::User* user = |
| user_manager::UserManager::Get()->FindUser(account_id_1_); |
| ASSERT_TRUE(user); |
| auto* broker = GetDeviceLocalAccountPolicyBroker(); |
| ASSERT_TRUE(broker); |
| |
| // Check that 'DeviceLocalAccountManagedSessionEnabled' policy was applied |
| // correctly. |
| ASSERT_TRUE( |
| ash::ChromeUserManager::Get()->IsManagedSessionEnabledForUser(*user)); |
| |
| // Check that setting a value to 'AllowCrossOriginAuthPrompt' activates |
| // managed sessions mode. |
| ASSERT_TRUE( |
| ash::ChromeUserManager::Get()->IsFullManagementDisclosureNeeded(broker)); |
| } |
| |
| class TermsOfServiceDownloadTest : public DeviceLocalAccountTest, |
| public testing::WithParamInterface<bool> {}; |
| |
| IN_PROC_BROWSER_TEST_P(TermsOfServiceDownloadTest, TermsOfServiceScreen) { |
| // Parameterization for using valid and invalid URLs. |
| const bool use_valid_url = GetParam(); |
| |
| // Specify Terms of Service URL. |
| ASSERT_TRUE(embedded_test_server()->Start()); |
| device_local_account_policy_.payload().mutable_termsofserviceurl()->set_value( |
| embedded_test_server() |
| ->GetURL(std::string("/") + (use_valid_url |
| ? kExistentTermsOfServicePath |
| : kNonexistentTermsOfServicePath)) |
| .spec()); |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| |
| // Set up an observer that will quit the message loop when login has succeeded |
| // and the first wizard screen, if any, is being shown. |
| base::RunLoop login_wait_run_loop; |
| chromeos::MockAuthStatusConsumer login_status_consumer( |
| login_wait_run_loop.QuitClosure()); |
| EXPECT_CALL(login_status_consumer, OnAuthSuccess(_)) |
| .Times(1) |
| .WillOnce(InvokeWithoutArgs(&login_wait_run_loop, &base::RunLoop::Quit)); |
| |
| // Spin the loop until the observer fires. Then, unregister the observer. |
| chromeos::ExistingUserController* controller = |
| chromeos::ExistingUserController::current_controller(); |
| ASSERT_TRUE(controller); |
| controller->AddLoginStatusConsumer(&login_status_consumer); |
| login_wait_run_loop.Run(); |
| controller->RemoveLoginStatusConsumer(&login_status_consumer); |
| |
| // Verify that the Terms of Service screen is being shown. |
| auto* wizard_controller = ash::WizardController::default_controller(); |
| ASSERT_TRUE(wizard_controller); |
| ASSERT_TRUE(wizard_controller->current_screen()); |
| EXPECT_EQ(chromeos::TermsOfServiceScreenView::kScreenId.AsId(), |
| wizard_controller->current_screen()->screen_id()); |
| |
| // Wait for the Terms of Service to finish loading. |
| |
| if (!use_valid_url) { |
| // The Terms of Service URL was invalid. Verify that the screen is showing |
| // an error and the accept button is disabled. |
| chromeos::test::OobeJS() |
| .CreateVisibilityWaiter( |
| true, {"terms-of-service", "termsOfServiceErrorDialog"}) |
| ->Wait(); |
| |
| chromeos::test::OobeJS().ExpectTrue( |
| GetOobeElementPath({"terms-of-service"}) + ".hasError_()"); |
| |
| chromeos::test::OobeJS().ExpectDisabledPath( |
| {"terms-of-service", "acceptButton"}); |
| return; |
| } |
| |
| chromeos::test::OobeJS() |
| .CreateWaiter(GetOobeElementPath({"terms-of-service"}) + ".isLoaded_()") |
| ->Wait(); |
| |
| chromeos::test::OobeJS() |
| .CreateVisibilityWaiter(true, {"terms-of-service", "termsOfServiceFrame"}) |
| ->Wait(); |
| |
| // Get the Terms Of Service from the webview. |
| const std::string content = chromeos::test::GetWebViewContents( |
| {"terms-of-service", "termsOfServiceFrame"}); |
| |
| // Get the expected values for heading and subheading. |
| const std::string expected_heading = |
| l10n_util::GetStringFUTF8(IDS_TERMS_OF_SERVICE_SCREEN_HEADING, kDomain); |
| const std::string expected_subheading = l10n_util::GetStringFUTF8( |
| IDS_TERMS_OF_SERVICE_SCREEN_SUBHEADING, kDomain); |
| |
| // Compare heading and subheading |
| chromeos::test::OobeJS().ExpectEQ( |
| GetOobeElementPath({"terms-of-service", "tosHeading"}) + ".textContent", |
| expected_heading); |
| chromeos::test::OobeJS().ExpectEQ( |
| GetOobeElementPath({"terms-of-service", "tosSubheading"}) + |
| ".textContent", |
| expected_subheading); |
| |
| // The Terms of Service URL was valid. Verify that the screen is showing the |
| // downloaded Terms of Service and the accept button is enabled. |
| base::FilePath test_dir; |
| ASSERT_TRUE(base::PathService::Get(chrome::DIR_TEST_DATA, &test_dir)); |
| std::string terms_of_service; |
| { |
| base::ScopedAllowBlockingForTesting allow_blocking; |
| ASSERT_TRUE(base::ReadFileToString( |
| test_dir.Append(kExistentTermsOfServicePath), &terms_of_service)); |
| } |
| EXPECT_EQ(terms_of_service, content); |
| |
| chromeos::test::OobeJS().ExpectFalse( |
| GetOobeElementPath({"terms-of-service"}) + ".hasError_()"); |
| |
| chromeos::test::OobeJS().ExpectEnabledPath( |
| {"terms-of-service", "acceptButton"}); |
| |
| // Click the accept button. |
| chromeos::test::OobeJS().ClickOnPath({"terms-of-service", "acceptButton"}); |
| |
| WaitForSessionStart(); |
| } |
| |
| IN_PROC_BROWSER_TEST_P(TermsOfServiceDownloadTest, DeclineTermsOfService) { |
| // Specify Terms of Service URL. |
| ASSERT_TRUE(embedded_test_server()->Start()); |
| device_local_account_policy_.payload().mutable_termsofserviceurl()->set_value( |
| embedded_test_server() |
| ->GetURL(std::string("/") + (GetParam() |
| ? kExistentTermsOfServicePath |
| : kNonexistentTermsOfServicePath)) |
| .spec()); |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| |
| WaitForPolicy(); |
| |
| ASSERT_NO_FATAL_FAILURE(StartLogin(std::string(), std::string())); |
| |
| // Set up an observer that will quit the message loop when login has succeeded |
| // and the first wizard screen, if any, is being shown. |
| base::RunLoop login_wait_run_loop; |
| chromeos::MockAuthStatusConsumer login_status_consumer( |
| login_wait_run_loop.QuitClosure()); |
| EXPECT_CALL(login_status_consumer, OnAuthSuccess(_)) |
| .Times(1) |
| .WillOnce(InvokeWithoutArgs(&login_wait_run_loop, &base::RunLoop::Quit)); |
| |
| // Spin the loop until the observer fires. Then, unregister the observer. |
| chromeos::ExistingUserController* controller = |
| chromeos::ExistingUserController::current_controller(); |
| ASSERT_TRUE(controller); |
| controller->AddLoginStatusConsumer(&login_status_consumer); |
| login_wait_run_loop.Run(); |
| controller->RemoveLoginStatusConsumer(&login_status_consumer); |
| |
| // Verify that the Terms of Service screen is being shown. |
| auto* wizard_controller = ash::WizardController::default_controller(); |
| ASSERT_TRUE(wizard_controller); |
| ASSERT_TRUE(wizard_controller->current_screen()); |
| EXPECT_EQ(chromeos::TermsOfServiceScreenView::kScreenId.AsId(), |
| wizard_controller->current_screen()->screen_id()); |
| |
| // Click the back button. |
| chromeos::test::OobeJS().ClickOnPath({"terms-of-service", "backButton"}); |
| |
| EXPECT_TRUE(session_manager_client()->session_stopped()); |
| } |
| |
| INSTANTIATE_TEST_SUITE_P(TermsOfServiceDownloadTestInstance, |
| TermsOfServiceDownloadTest, |
| testing::Bool()); |
| |
| IN_PROC_BROWSER_TEST_F(DeviceLocalAccountTest, WebAppsInPublicSession) { |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| // Add an account with DeviceLocalAccount::Type::TYPE_PUBLIC_SESSION. |
| AddPublicSessionToDevicePolicy(kAccountId1); |
| WaitForPolicy(); |
| |
| StartLogin(std::string(), std::string()); |
| WaitForSessionStart(); |
| |
| // WebAppProvider should be enabled for TYPE_PUBLIC_SESSION user account. |
| Profile* profile = GetProfileForTest(); |
| ASSERT_TRUE(profile); |
| EXPECT_TRUE(web_app::WebAppProvider::Get(profile)); |
| } |
| |
| } // namespace policy |
| |
| class AmbientAuthenticationManagedGuestSessionTest |
| : public policy::DeviceLocalAccountTest, |
| public testing::WithParamInterface<net::AmbientAuthAllowedProfileTypes> { |
| public: |
| void SetAmbientAuthPolicy(net::AmbientAuthAllowedProfileTypes value) { |
| device_local_account_policy_.payload() |
| .mutable_ambientauthenticationinprivatemodesenabled() |
| ->set_value(static_cast<int>(value)); |
| UploadDeviceLocalAccountPolicy(); |
| } |
| |
| void IsAmbientAuthAllowedForProfilesTest() { |
| int policy_value = device_local_account_policy_.payload() |
| .ambientauthenticationinprivatemodesenabled() |
| .value(); |
| Profile* regular_profile = GetCurrentBrowser()->profile(); |
| Profile* incognito_profile = |
| regular_profile->GetPrimaryOTRProfile(/*create_if_needed=*/true); |
| |
| EXPECT_TRUE(AmbientAuthenticationTestHelper::IsAmbientAuthAllowedForProfile( |
| regular_profile)); |
| EXPECT_EQ(AmbientAuthenticationTestHelper::IsAmbientAuthAllowedForProfile( |
| incognito_profile), |
| AmbientAuthenticationTestHelper::IsIncognitoAllowedInPolicy( |
| policy_value)); |
| } |
| |
| Browser* GetCurrentBrowser() { |
| BrowserList* browser_list = BrowserList::GetInstance(); |
| EXPECT_EQ(1U, browser_list->size()); |
| Browser* browser = browser_list->get(0); |
| DCHECK(browser); |
| return browser; |
| } |
| }; |
| |
| IN_PROC_BROWSER_TEST_P(AmbientAuthenticationManagedGuestSessionTest, |
| AmbientAuthenticationInPrivateModesEnabledPolicy) { |
| SetManagedSessionsEnabled(true); |
| SetAmbientAuthPolicy(GetParam()); |
| |
| UploadAndInstallDeviceLocalAccountPolicy(); |
| AddPublicSessionToDevicePolicy(policy::kAccountId1); |
| EnableAutoLogin(); |
| |
| WaitForPolicy(); |
| |
| WaitForSessionStart(); |
| |
| CheckPublicSessionPresent(account_id_1_); |
| |
| IsAmbientAuthAllowedForProfilesTest(); |
| } |
| |
| INSTANTIATE_TEST_CASE_P( |
| AmbientAuthAllPolicyValuesTest, |
| AmbientAuthenticationManagedGuestSessionTest, |
| testing::Values(net::AmbientAuthAllowedProfileTypes::REGULAR_ONLY, |
| net::AmbientAuthAllowedProfileTypes::INCOGNITO_AND_REGULAR, |
| net::AmbientAuthAllowedProfileTypes::GUEST_AND_REGULAR, |
| net::AmbientAuthAllowedProfileTypes::ALL)); |