// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome/browser/policy/cloud_policy_controller.h" #include "base/memory/scoped_temp_dir.h" #include "base/message_loop.h" #include "chrome/browser/policy/device_management_service.h" #include "chrome/browser/policy/device_token_fetcher.h" #include "chrome/browser/policy/mock_configuration_policy_store.h" #include "chrome/browser/policy/mock_device_management_backend.h" #include "chrome/browser/policy/mock_device_management_service.h" #include "chrome/browser/policy/policy_notifier.h" #include "chrome/browser/policy/proto/device_management_backend.pb.h" #include "chrome/browser/policy/user_policy_cache.h" #include "content/browser/browser_thread.h" #include "policy/policy_constants.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" const char kTestToken[] = "cloud_policy_controller_test_auth_token"; namespace policy { namespace em = enterprise_management; using ::testing::_; using ::testing::AtLeast; using ::testing::InSequence; using ::testing::Mock; using ::testing::Return; class MockCloudPolicyIdentityStrategy : public CloudPolicyIdentityStrategy { public: MockCloudPolicyIdentityStrategy() {} virtual ~MockCloudPolicyIdentityStrategy() {} MOCK_METHOD0(GetDeviceToken, std::string()); MOCK_METHOD0(GetDeviceID, std::string()); MOCK_METHOD0(GetMachineID, std::string()); MOCK_METHOD0(GetMachineModel, std::string()); MOCK_METHOD0(GetPolicyType, std::string()); MOCK_METHOD0(GetPolicyRegisterType, em::DeviceRegisterRequest_Type()); MOCK_METHOD2(GetCredentials, bool(std::string*, std::string*)); virtual void OnDeviceTokenAvailable(const std::string&) {} private: DISALLOW_COPY_AND_ASSIGN(MockCloudPolicyIdentityStrategy); }; ACTION_P2(MockCloudPolicyIdentityStrategyGetCredentials, username, auth_token) { *arg0 = username; *arg1 = auth_token; return true; } class MockDeviceTokenFetcher : public DeviceTokenFetcher { public: explicit MockDeviceTokenFetcher(CloudPolicyCacheBase* cache) : DeviceTokenFetcher(NULL, cache, NULL) {} virtual ~MockDeviceTokenFetcher() {} MOCK_METHOD0(GetDeviceToken, const std::string&()); MOCK_METHOD5(FetchToken, void(const std::string&, const std::string&, em::DeviceRegisterRequest_Type, const std::string&, const std::string&)); MOCK_METHOD0(SetUnmanagedState, void()); private: DISALLOW_COPY_AND_ASSIGN(MockDeviceTokenFetcher); }; class CloudPolicyControllerTest : public testing::Test { public: CloudPolicyControllerTest() : ui_thread_(BrowserThread::UI, &loop_), file_thread_(BrowserThread::FILE, &loop_) {} virtual ~CloudPolicyControllerTest() {} virtual void SetUp() { ASSERT_TRUE(temp_user_data_dir_.CreateUniqueTempDir()); cache_.reset(new UserPolicyCache( temp_user_data_dir_.path().AppendASCII("CloudPolicyControllerTest"))); token_fetcher_.reset(new MockDeviceTokenFetcher(cache_.get())); service_.set_backend(&backend_); } virtual void TearDown() { controller_.reset(); // Unregisters observers. } // Takes ownership of |backend|. void CreateNewController() { controller_.reset(new CloudPolicyController( &service_, cache_.get(), token_fetcher_.get(), &identity_strategy_, ¬ifier_)); } void CreateNewController(int64 policy_refresh_rate_ms, int policy_refresh_deviation_factor_percent, int64 policy_refresh_deviation_max_ms, int64 policy_refresh_error_delay_ms) { controller_.reset(new CloudPolicyController( &service_, cache_.get(), token_fetcher_.get(), &identity_strategy_, ¬ifier_, policy_refresh_rate_ms, policy_refresh_deviation_factor_percent, policy_refresh_deviation_max_ms, policy_refresh_error_delay_ms)); } void ExpectHasSpdyPolicy() { MockConfigurationPolicyStore store; EXPECT_CALL(store, Apply(_, _)).Times(AtLeast(1)); cache_->GetManagedPolicyProvider()->Provide(&store); FundamentalValue expected(true); ASSERT_TRUE(store.Get(kPolicyDisableSpdy) != NULL); EXPECT_TRUE(store.Get(kPolicyDisableSpdy)->Equals(&expected)); } void SetupIdentityStrategy( const std::string& device_token, const std::string& device_id, const std::string& machine_id, const std::string& machine_model, const std::string& policy_type, const em::DeviceRegisterRequest_Type& policy_register_type, const std::string& user_name, const std::string& auth_token) { EXPECT_CALL(identity_strategy_, GetDeviceToken()).WillRepeatedly( Return(device_token)); EXPECT_CALL(identity_strategy_, GetDeviceID()).WillRepeatedly( Return(device_id)); EXPECT_CALL(identity_strategy_, GetMachineID()).WillRepeatedly( Return(machine_id)); EXPECT_CALL(identity_strategy_, GetMachineModel()).WillRepeatedly( Return(machine_model)); EXPECT_CALL(identity_strategy_, GetPolicyType()).WillRepeatedly( Return(policy_type)); EXPECT_CALL(identity_strategy_, GetPolicyRegisterType()).WillRepeatedly( Return(policy_register_type)); if (!user_name.empty()) { EXPECT_CALL(identity_strategy_, GetCredentials(_, _)).WillRepeatedly( MockCloudPolicyIdentityStrategyGetCredentials(user_name, auth_token)); } } protected: scoped_ptr<CloudPolicyCacheBase> cache_; scoped_ptr<CloudPolicyController> controller_; scoped_ptr<MockDeviceTokenFetcher> token_fetcher_; MockCloudPolicyIdentityStrategy identity_strategy_; MockDeviceManagementBackend backend_; MockDeviceManagementService service_; PolicyNotifier notifier_; ScopedTempDir temp_user_data_dir_; MessageLoop loop_; private: BrowserThread ui_thread_; BrowserThread file_thread_; DISALLOW_COPY_AND_ASSIGN(CloudPolicyControllerTest); }; // If a device token is present when the controller starts up, it should // fetch and apply policy. TEST_F(CloudPolicyControllerTest, StartupWithDeviceToken) { SetupIdentityStrategy("fake_device_token", "device_id", "machine_id", "machine_model", "google/chromeos/user", em::DeviceRegisterRequest::USER, "", ""); EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce( MockDeviceManagementBackendSucceedSpdyCloudPolicy()); CreateNewController(); loop_.RunAllPending(); ExpectHasSpdyPolicy(); } // If no device token is present when the controller starts up, it should // instruct the token_fetcher_ to fetch one. TEST_F(CloudPolicyControllerTest, StartupWithoutDeviceToken) { SetupIdentityStrategy("", "device_id", "machine_id", "machine_model", "google/chromeos/user", em::DeviceRegisterRequest::USER, "a@b.com", "auth_token"); EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _, _, _, _)).Times(1); CreateNewController(); loop_.RunAllPending(); } // If the current user belongs to a known non-managed domain, no token fetch // should be initiated. TEST_F(CloudPolicyControllerTest, StartupUnmanagedUser) { SetupIdentityStrategy("", "device_id", "machine_id", "machine_mode", "google/chromeos/user", em::DeviceRegisterRequest::USER, "DannoHelper@gmail.com", "auth_token"); EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _, _, _, _)).Times(0); CreateNewController(); loop_.RunAllPending(); } // After policy has been fetched successfully, a new fetch should be triggered // after the refresh interval has timed out. TEST_F(CloudPolicyControllerTest, RefreshAfterSuccessfulPolicy) { SetupIdentityStrategy("device_token", "device_id", "machine_id", "machine_model", "google/chromeos/user", em::DeviceRegisterRequest::USER, "DannoHelperDelegate@b.com", "auth_token"); EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce( MockDeviceManagementBackendSucceedSpdyCloudPolicy()).WillOnce( MockDeviceManagementBackendFailPolicy( DeviceManagementBackend::kErrorRequestFailed)); CreateNewController(0, 0, 0, 1000 * 1000); loop_.RunAllPending(); ExpectHasSpdyPolicy(); } // If policy fetching failed, it should be retried. TEST_F(CloudPolicyControllerTest, RefreshAfterError) { SetupIdentityStrategy("device_token", "device_id", "machine_id", "machine_model", "google/chromeos/user", em::DeviceRegisterRequest::USER, "DannoHelperDelegateImpl@b.com", "auth_token"); EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce( MockDeviceManagementBackendFailPolicy( DeviceManagementBackend::kErrorRequestFailed)).WillOnce( MockDeviceManagementBackendSucceedSpdyCloudPolicy()); CreateNewController(1000 * 1000, 0, 0, 0); loop_.RunAllPending(); ExpectHasSpdyPolicy(); } // If the backend reports that the device token was invalid, the controller // should instruct the token fetcher to fetch a new token. TEST_F(CloudPolicyControllerTest, InvalidToken) { SetupIdentityStrategy("device_token", "device_id", "machine_id", "machine_model", "google/chromeos/user", em::DeviceRegisterRequest::USER, "standup@ten.am", "auth"); EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce( MockDeviceManagementBackendFailPolicy( DeviceManagementBackend::kErrorServiceManagementTokenInvalid)); EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _, _, _, _)).Times(1); CreateNewController(1000 * 1000, 0, 0, 0); loop_.RunAllPending(); } // If the backend reports that the device is unknown to the server, the // controller should instruct the token fetcher to fetch a new token. TEST_F(CloudPolicyControllerTest, DeviceNotFound) { SetupIdentityStrategy("device_token", "device_id", "machine_id", "machine_model", "google/chromeos/user", em::DeviceRegisterRequest::USER, "me@you.com", "auth"); EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce( MockDeviceManagementBackendFailPolicy( DeviceManagementBackend::kErrorServiceDeviceNotFound)); EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _, _, _, _)).Times(1); CreateNewController(1000 * 1000, 0, 0, 0); loop_.RunAllPending(); } // If the backend reports that the device is no longer managed, the controller // should instruct the token fetcher to fetch a new token (which will in turn // set and persist the correct 'unmanaged' state). TEST_F(CloudPolicyControllerTest, NoLongerManaged) { SetupIdentityStrategy("device_token", "device_id", "machine_id", "machine_model", "google/chromeos/user", em::DeviceRegisterRequest::USER, "who@what.com", "auth"); EXPECT_CALL(backend_, ProcessPolicyRequest(_, _, _, _)).WillOnce( MockDeviceManagementBackendFailPolicy( DeviceManagementBackend::kErrorServiceManagementNotSupported)); EXPECT_CALL(*token_fetcher_.get(), SetUnmanagedState()).Times(1); CreateNewController(0, 0, 0, 1000 * 1000); loop_.RunAllPending(); } } // namespace policy