Make sure the device recovers from policy loss in the consumer case.

chrome/browser/chromeos/login/parallel_authenticator_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/parallel_authenticator.h"
 
 #include <string>
 
 #include "base/bind.h"
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop.h"
 #include "base/path_service.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "base/test/thread_test_helper.h"
 #include "chrome/browser/chromeos/cros/cros_library.h"
 #include "chrome/browser/chromeos/cros/mock_cryptohome_library.h"
 #include "chrome/browser/chromeos/cros/mock_library_loader.h"
+#include "chrome/browser/chromeos/cros_settings.h"
 #include "chrome/browser/chromeos/cryptohome/mock_async_method_caller.h"
+#include "chrome/browser/chromeos/dbus/mock_dbus_thread_manager.h"
+#include "chrome/browser/chromeos/dbus/mock_cryptohome_client.h"
 #include "chrome/browser/chromeos/login/mock_login_status_consumer.h"
 #include "chrome/browser/chromeos/login/mock_url_fetchers.h"
+#include "chrome/browser/chromeos/login/mock_user_manager.h"
 #include "chrome/browser/chromeos/login/test_attempt_state.h"
+#include "chrome/browser/chromeos/stub_cros_settings_provider.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/net/gaia/mock_url_fetcher_factory.h"
 #include "chrome/test/base/testing_profile.h"
 #include "content/test/test_browser_thread.h"
 #include "googleurl/src/gurl.h"
 #include "net/base/net_errors.h"
 #include "net/url_request/url_request_status.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 
 using content::BrowserThread;
 using file_util::CloseFile;
 using file_util::CreateAndOpenTemporaryFile;
 using file_util::CreateAndOpenTemporaryFileInDir;
 using file_util::Delete;
 using file_util::WriteFile;
 using ::testing::AnyNumber;
 using ::testing::DoAll;
 using ::testing::Invoke;
 using ::testing::Return;
-using ::testing::SetArgumentPointee;
+using ::testing::SetArgPointee;
 using ::testing::_;
 
 namespace chromeos {
 
 class TestOnlineAttempt : public OnlineAttempt {
  public:
   TestOnlineAttempt(AuthAttemptState* state,
                     AuthAttemptStateResolver* resolver)
       : OnlineAttempt(false, state, resolver) {
   }
 };
 
 class ParallelAuthenticatorTest : public testing::Test {
  public:
   ParallelAuthenticatorTest()
       : message_loop_(MessageLoop::TYPE_UI),
         ui_thread_(BrowserThread::UI, &message_loop_),
+        file_thread_(BrowserThread::FILE, &message_loop_),
         io_thread_(BrowserThread::IO),
         username_("me@nowhere.org"),
         password_("fakepass") {
     hash_ascii_.assign("0a010000000000a0");
     hash_ascii_.append(std::string(16, '0'));
   }
 
   ~ParallelAuthenticatorTest() {
     DCHECK(!mock_caller_);
   }
@@ skipping 10 matching lines @@
         .WillByDefault(Return(true));
     EXPECT_CALL(*loader_, Load(_))
         .Times(AnyNumber());
 
     test_api->SetLibraryLoader(loader_, true);
 
     mock_library_ = new MockCryptohomeLibrary();
     test_api->SetCryptohomeLibrary(mock_library_, true);
     io_thread_.Start();
 
+    mock_user_manager_.reset(new MockUserManager());
+    old_user_manager_ = UserManager::Set(mock_user_manager_.get());

[Chris Masone, 2012/03/22 16:18:25]

This confuses me...don't you have two pointers to the same thing, now?  And when
mock_user_manager_ goes out of scope, it'll destroy the thing old_user_manager_
is pointing to...

[pastarmovj, 2012/03/22 16:25:46]

Actually UserManager::Set *replaces* the current object in the singleton. What
it returns is the previous object so that we can restore it in the end of the
test. It is especially important for unit tests where the singleton instance is
preserved across all tests.

Btw I have a CL in review which automates this work. You can see it here :
http://codereview.chromium.org/9826010/

+    EXPECT_CALL(*mock_user_manager_, LoadKeyStore())
+        .Times(AnyNumber());
+
     auth_ = new ParallelAuthenticator(&consumer_);
     auth_->set_using_oauth(false);
     state_.reset(new TestAttemptState(username_,
                                       password_,
                                       hash_ascii_,
                                       "",
                                       "",
                                       false));
   }
 
   // Tears down the test fixture.
   virtual void TearDown() {
     // Prevent bogus gMock leak check from firing.
     chromeos::CrosLibrary::TestApi* test_api =
         chromeos::CrosLibrary::Get()->GetTestApi();
     test_api->SetLibraryLoader(NULL, false);
     test_api->SetCryptohomeLibrary(NULL, false);
 
+    UserManager::Set(old_user_manager_);
+
     cryptohome::AsyncMethodCaller::Shutdown();
     mock_caller_ = NULL;
   }
 
   FilePath PopulateTempFile(const char* data, int data_len) {
     FilePath out;
     FILE* tmp_file = CreateAndOpenTemporaryFile(&out);
     EXPECT_NE(tmp_file, static_cast<FILE*>(NULL));
     EXPECT_EQ(WriteFile(out, data, data_len), data_len);
     EXPECT_TRUE(CloseFile(tmp_file));
@@ skipping 69 matching lines @@
   void SetAttemptState(ParallelAuthenticator* auth, TestAttemptState* state) {
     auth->set_attempt_state(state);
   }
 
   ParallelAuthenticator::AuthState SetAndResolveState(
       ParallelAuthenticator* auth, TestAttemptState* state) {
     auth->set_attempt_state(state);
     return auth->ResolveState();
   }
 
+  void SetOwnerState(bool owner_check_finished, bool check_result) {
+    auth_->SetOwnerState(owner_check_finished, check_result);
+  }
+
   void FakeOnlineAttempt() {
     auth_->set_online_attempt(new TestOnlineAttempt(state_.get(), auth_.get()));
   }
 
   MessageLoop message_loop_;
   content::TestBrowserThread ui_thread_;
+  content::TestBrowserThread file_thread_;
   content::TestBrowserThread io_thread_;
 
   std::string username_;
   std::string password_;
   std::string hash_ascii_;
 
   // Initializes / shuts down a stub CrosLibrary.
   chromeos::ScopedStubCrosEnabler stub_cros_enabler_;
 
   // Mocks, destroyed by CrosLibrary class.
   MockCryptohomeLibrary* mock_library_;
   MockLibraryLoader* loader_;
+  scoped_ptr<MockUserManager> mock_user_manager_;
+  UserManager* old_user_manager_;
 
   cryptohome::MockAsyncMethodCaller* mock_caller_;
 
   MockConsumer consumer_;
   scoped_refptr<ParallelAuthenticator> auth_;
   scoped_ptr<TestAttemptState> state_;
 };
 
 TEST_F(ParallelAuthenticatorTest, OnLoginSuccess) {
   EXPECT_CALL(consumer_, OnLoginSuccess(username_, password_, false, false))
@@ skipping 43 matching lines @@
   // Set up state as though a cryptohome mount attempt has occurred
   // and been rejected because of unmatched key; additionally,
   // an online auth attempt has completed successfully.
   state_->PresetCryptohomeStatus(false, cryptohome::MOUNT_ERROR_KEY_FAILURE);
   state_->PresetOnlineLoginStatus(LoginFailure::None());
 
   EXPECT_EQ(ParallelAuthenticator::NEED_OLD_PW,
             SetAndResolveState(auth_, state_.release()));
 }
 
+TEST_F(ParallelAuthenticatorTest, ResolveOwnerNeededDirectFailedMount) {
+  // Set up state as though a cryptohome mount attempt has occurred
+  // and succeeded but we are in safe mode and the current user is not owner.
+  // This is a high level test to verify the proper transitioning in this mode
+  // only. It is not testing that we properly verify that the user is an owner
+  // or that we really are in "safe-mode".
+  state_->PresetCryptohomeStatus(true, cryptohome::MOUNT_ERROR_NONE);
+  SetOwnerState(true, false);
+
+  EXPECT_EQ(ParallelAuthenticator::OWNER_REQUIRED,
+            SetAndResolveState(auth_, state_.release()));
+}
+
+TEST_F(ParallelAuthenticatorTest, ResolveOwnerNeededMount) {
+  // Set up state as though a cryptohome mount attempt has occurred
+  // and succeeded but we are in safe mode and the current user is not owner.
+  // This test will check that the "safe-mode" policy is not set and will let
+  // the mount finish successfully.
+  state_->PresetCryptohomeStatus(true, cryptohome::MOUNT_ERROR_NONE);
+  SetOwnerState(false, false);
+  // and test that the mount has succeeded.
+  state_.reset(new TestAttemptState(username_,
+                                    password_,
+                                    hash_ascii_,
+                                    "",
+                                    "",
+                                    false));
+  state_->PresetCryptohomeStatus(true, cryptohome::MOUNT_ERROR_NONE);
+  EXPECT_EQ(ParallelAuthenticator::OFFLINE_LOGIN,
+            SetAndResolveState(auth_, state_.release()));
+}
+
+TEST_F(ParallelAuthenticatorTest, ResolveOwnerNeededFailedMount) {
+  MockDBusThreadManager* mock_dbus_thread_manager =
+      new MockDBusThreadManager;
+  DBusThreadManager::InitializeForTesting(mock_dbus_thread_manager);
+  EXPECT_CALL(*mock_dbus_thread_manager->mock_cryptohome_client(), Unmount(_))
+      .WillOnce(DoAll(SetArgPointee<0>(true), Return(true)));
+
+  CrosSettingsProvider* device_settings_provider;
+  StubCrosSettingsProvider stub_settings_provider;
+  // Set up state as though a cryptohome mount attempt has occurred
+  // and succeeded but we are in safe mode and the current user is not owner.
+  state_->PresetCryptohomeStatus(true, cryptohome::MOUNT_ERROR_NONE);
+  SetOwnerState(false, false);
+  // Remove the real DeviceSettingsProvider and replace it with a stub.
+  device_settings_provider =
+      CrosSettings::Get()->GetProvider(chromeos::kReportDeviceVersionInfo);
+  EXPECT_TRUE(device_settings_provider != NULL);
+  EXPECT_TRUE(
+      CrosSettings::Get()->RemoveSettingsProvider(device_settings_provider));
+  CrosSettings::Get()->AddSettingsProvider(&stub_settings_provider);
+  CrosSettings::Get()->SetBoolean(kPolicyMissingMitigationMode, true);
+
+  EXPECT_EQ(ParallelAuthenticator::CONTINUE,
+            SetAndResolveState(auth_, state_.release()));
+  // Let the owner verification run on the FILE thread...
+  message_loop_.RunAllPending();
+  // and test that the mount has succeeded.
+  state_.reset(new TestAttemptState(username_,
+                                    password_,
+                                    hash_ascii_,
+                                    "",
+                                    "",
+                                    false));
+  state_->PresetCryptohomeStatus(true, cryptohome::MOUNT_ERROR_NONE);
+  EXPECT_EQ(ParallelAuthenticator::OWNER_REQUIRED,
+            SetAndResolveState(auth_, state_.release()));
+
+  EXPECT_TRUE(
+      CrosSettings::Get()->RemoveSettingsProvider(&stub_settings_provider));
+  CrosSettings::Get()->AddSettingsProvider(device_settings_provider);
+  DBusThreadManager::Get()->Shutdown();
+}
+
 TEST_F(ParallelAuthenticatorTest, DriveFailedMount) {
   FailOnLoginSuccess();
   ExpectLoginFailure(LoginFailure(LoginFailure::COULD_NOT_MOUNT_CRYPTOHOME));
 
   // Set up state as though a cryptohome mount attempt has occurred
   // and failed.
   state_->PresetCryptohomeStatus(false, cryptohome::MOUNT_ERROR_NONE);
   SetAttemptState(auth_, state_.release());
 
   RunResolve(auth_.get());
@@ skipping 380 matching lines @@
       .RetiresOnSaturation();
   EXPECT_CALL(*mock_library_, HashPassword(_))
       .WillOnce(Return(std::string()))
       .RetiresOnSaturation();
 
   auth_->AuthenticateToUnlock(username_, "");
   message_loop_.Run();
 }
 
 }  // namespace chromeos