| // Copyright 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chrome/browser/signin/local_auth.h" |
| |
| #include <stddef.h> |
| |
| #include "base/base64.h" |
| #include "build/build_config.h" |
| #include "chrome/browser/profiles/profile_attributes_entry.h" |
| #include "chrome/browser/profiles/profile_attributes_storage.h" |
| #include "chrome/test/base/testing_browser_process.h" |
| #include "chrome/test/base/testing_profile.h" |
| #include "chrome/test/base/testing_profile_manager.h" |
| #include "components/os_crypt/os_crypt_mocker.h" |
| #include "components/prefs/pref_service.h" |
| #include "components/sync_preferences/testing_pref_service_syncable.h" |
| #include "content/public/test/test_browser_thread_bundle.h" |
| |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| class LocalAuthTest : public testing::Test { |
| public: |
| LocalAuthTest() { OSCryptMocker::SetUp(); } |
| |
| ~LocalAuthTest() override { OSCryptMocker::TearDown(); } |
| |
| private: |
| content::TestBrowserThreadBundle thread_bundle_; |
| }; |
| |
| TEST_F(LocalAuthTest, SetAndCheckCredentials) { |
| TestingProfileManager testing_profile_manager( |
| TestingBrowserProcess::GetGlobal()); |
| ASSERT_TRUE(testing_profile_manager.SetUp()); |
| Profile* prof = testing_profile_manager.CreateTestingProfile("p1"); |
| ProfileAttributesEntry* entry; |
| ASSERT_TRUE(testing_profile_manager.profile_attributes_storage()-> |
| GetProfileAttributesWithPath(prof->GetPath(), &entry)); |
| EXPECT_EQ("", entry->GetLocalAuthCredentials()); |
| |
| std::string password("Some Password"); |
| EXPECT_FALSE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); |
| |
| LocalAuth::SetLocalAuthCredentials(prof, password); |
| std::string passhash = entry->GetLocalAuthCredentials(); |
| |
| // We perform basic validation on the written record to ensure bugs don't slip |
| // in that cannot be seen from the API: |
| // - The encoding exists (we can guarantee future backward compatibility). |
| // - The plaintext version of the password is not mistakenly stored anywhere. |
| EXPECT_FALSE(passhash.empty()); |
| EXPECT_EQ('2', passhash[0]); |
| EXPECT_EQ(passhash.find(password), std::string::npos); |
| |
| std::string decodedhash; |
| base::Base64Decode(passhash.substr(1), &decodedhash); |
| EXPECT_FALSE(decodedhash.empty()); |
| EXPECT_EQ(decodedhash.find(password), std::string::npos); |
| |
| EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); |
| EXPECT_FALSE(LocalAuth::ValidateLocalAuthCredentials(prof, password + "1")); |
| |
| LocalAuth::SetLocalAuthCredentials(prof, password); // makes different salt |
| EXPECT_NE(passhash, entry->GetLocalAuthCredentials()); |
| } |
| |
| TEST_F(LocalAuthTest, SetUpgradeAndCheckCredentials) { |
| TestingProfileManager testing_profile_manager( |
| TestingBrowserProcess::GetGlobal()); |
| ASSERT_TRUE(testing_profile_manager.SetUp()); |
| Profile* prof = testing_profile_manager.CreateTestingProfile("p1"); |
| |
| std::string password("Some Password"); |
| ProfileAttributesEntry* entry; |
| ASSERT_TRUE(testing_profile_manager.profile_attributes_storage()-> |
| GetProfileAttributesWithPath(prof->GetPath(), &entry)); |
| LocalAuth::SetLocalAuthCredentialsWithEncoding(entry, password, '1'); |
| |
| // Ensure we indeed persisted the correct encoding. |
| std::string oldpasshash = entry->GetLocalAuthCredentials(); |
| EXPECT_EQ('1', oldpasshash[0]); |
| |
| // Validate, ensure we can validate against the old encoding. |
| EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); |
| |
| // Ensure we updated the encoding. |
| std::string newpasshash = entry->GetLocalAuthCredentials(); |
| EXPECT_EQ('2', newpasshash[0]); |
| // Encoding '2' writes fewer bytes than encoding '1'. |
| EXPECT_LE(newpasshash.length(), oldpasshash.length()); |
| |
| // Validate, ensure we validate against the new encoding. |
| EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); |
| } |
| |
| // Test truncation where each byte is left whole. |
| TEST_F(LocalAuthTest, TruncateStringEvenly) { |
| std::string two_chars = "A6"; |
| std::string three_chars = "A6C"; |
| EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(two_chars, 16)); |
| EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(three_chars, 16)); |
| |
| EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(two_chars, 14)); |
| EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(three_chars, 14)); |
| } |
| |
| // Test truncation that affects the results within a byte. |
| TEST_F(LocalAuthTest, TruncateStringUnevenly) { |
| std::string two_chars = "Az"; |
| std::string three_chars = "AzC"; |
| // 'z' = 0x7A, ':' = 0x3A. |
| std::string two_chars_truncated = "A:"; |
| EXPECT_EQ(two_chars_truncated, |
| LocalAuth::TruncateStringByBits(two_chars, 14)); |
| EXPECT_EQ(two_chars_truncated, |
| LocalAuth::TruncateStringByBits(three_chars, 14)); |
| } |