| Index: chrome/browser/webdata/logins_table_unittest.cc
|
| ===================================================================
|
| --- chrome/browser/webdata/logins_table_unittest.cc (revision 133948)
|
| +++ chrome/browser/webdata/logins_table_unittest.cc (working copy)
|
| @@ -1,279 +0,0 @@
|
| -// Copyright (c) 2011 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "base/file_util.h"
|
| -#include "base/path_service.h"
|
| -#include "base/string_number_conversions.h"
|
| -#include "base/time.h"
|
| -#include "base/utf_string_conversions.h"
|
| -#include "chrome/browser/webdata/logins_table.h"
|
| -#include "chrome/browser/webdata/web_database.h"
|
| -#include "chrome/common/chrome_paths.h"
|
| -#include "testing/gtest/include/gtest/gtest.h"
|
| -#include "webkit/forms/password_form.h"
|
| -
|
| -using base::Time;
|
| -using base::TimeDelta;
|
| -using webkit::forms::PasswordForm;
|
| -
|
| -class LoginsTableTest : public testing::Test {
|
| - public:
|
| - LoginsTableTest() {}
|
| - virtual ~LoginsTableTest() {}
|
| -
|
| - protected:
|
| - virtual void SetUp() {
|
| - PathService::Get(chrome::DIR_TEST_DATA, &file_);
|
| - const std::string test_db = "TestWebDatabase" +
|
| - base::Int64ToString(Time::Now().ToTimeT()) +
|
| - ".db";
|
| - file_ = file_.AppendASCII(test_db);
|
| - file_util::Delete(file_, false);
|
| - }
|
| -
|
| - virtual void TearDown() {
|
| - file_util::Delete(file_, false);
|
| - }
|
| -
|
| - FilePath file_;
|
| -
|
| - private:
|
| - DISALLOW_COPY_AND_ASSIGN(LoginsTableTest);
|
| -};
|
| -
|
| -TEST_F(LoginsTableTest, Logins) {
|
| - WebDatabase db;
|
| -
|
| - ASSERT_EQ(sql::INIT_OK, db.Init(file_));
|
| -
|
| - std::vector<PasswordForm*> result;
|
| -
|
| - // Verify the database is empty.
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetAllLogins(&result, true));
|
| - EXPECT_EQ(0U, result.size());
|
| -
|
| - // Example password form.
|
| - PasswordForm form;
|
| - form.origin = GURL("http://www.google.com/accounts/LoginAuth");
|
| - form.action = GURL("http://www.google.com/accounts/Login");
|
| - form.username_element = ASCIIToUTF16("Email");
|
| - form.username_value = ASCIIToUTF16("test@gmail.com");
|
| - form.password_element = ASCIIToUTF16("Passwd");
|
| - form.password_value = ASCIIToUTF16("test");
|
| - form.submit_element = ASCIIToUTF16("signIn");
|
| - form.signon_realm = "http://www.google.com/";
|
| - form.ssl_valid = false;
|
| - form.preferred = false;
|
| - form.scheme = PasswordForm::SCHEME_HTML;
|
| -
|
| - // Add it and make sure it is there.
|
| - EXPECT_TRUE(db.GetLoginsTable()->AddLogin(form));
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetAllLogins(&result, true));
|
| - EXPECT_EQ(1U, result.size());
|
| - delete result[0];
|
| - result.clear();
|
| -
|
| - // Match against an exact copy.
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetLogins(form, &result));
|
| - EXPECT_EQ(1U, result.size());
|
| - delete result[0];
|
| - result.clear();
|
| -
|
| - // The example site changes...
|
| - PasswordForm form2(form);
|
| - form2.origin = GURL("http://www.google.com/new/accounts/LoginAuth");
|
| - form2.submit_element = ASCIIToUTF16("reallySignIn");
|
| -
|
| - // Match against an inexact copy
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetLogins(form2, &result));
|
| - EXPECT_EQ(1U, result.size());
|
| - delete result[0];
|
| - result.clear();
|
| -
|
| - // Uh oh, the site changed origin & action URL's all at once!
|
| - PasswordForm form3(form2);
|
| - form3.action = GURL("http://www.google.com/new/accounts/Login");
|
| -
|
| - // signon_realm is the same, should match.
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetLogins(form3, &result));
|
| - EXPECT_EQ(1U, result.size());
|
| - delete result[0];
|
| - result.clear();
|
| -
|
| - // Imagine the site moves to a secure server for login.
|
| - PasswordForm form4(form3);
|
| - form4.signon_realm = "https://www.google.com/";
|
| - form4.ssl_valid = true;
|
| -
|
| - // We have only an http record, so no match for this.
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetLogins(form4, &result));
|
| - EXPECT_EQ(0U, result.size());
|
| -
|
| - // Let's imagine the user logs into the secure site.
|
| - EXPECT_TRUE(db.GetLoginsTable()->AddLogin(form4));
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetAllLogins(&result, true));
|
| - EXPECT_EQ(2U, result.size());
|
| - delete result[0];
|
| - delete result[1];
|
| - result.clear();
|
| -
|
| - // Now the match works
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetLogins(form4, &result));
|
| - EXPECT_EQ(1U, result.size());
|
| - delete result[0];
|
| - result.clear();
|
| -
|
| - // The user chose to forget the original but not the new.
|
| - EXPECT_TRUE(db.GetLoginsTable()->RemoveLogin(form));
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetAllLogins(&result, true));
|
| - EXPECT_EQ(1U, result.size());
|
| - delete result[0];
|
| - result.clear();
|
| -
|
| - // The old form wont match the new site (http vs https).
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetLogins(form, &result));
|
| - EXPECT_EQ(0U, result.size());
|
| -
|
| - // The user's request for the HTTPS site is intercepted
|
| - // by an attacker who presents an invalid SSL cert.
|
| - PasswordForm form5(form4);
|
| - form5.ssl_valid = 0;
|
| -
|
| - // It will match in this case.
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetLogins(form5, &result));
|
| - EXPECT_EQ(1U, result.size());
|
| - delete result[0];
|
| - result.clear();
|
| -
|
| - // User changes his password.
|
| - PasswordForm form6(form5);
|
| - form6.password_value = ASCIIToUTF16("test6");
|
| - form6.preferred = true;
|
| -
|
| - // We update, and check to make sure it matches the
|
| - // old form, and there is only one record.
|
| - EXPECT_TRUE(db.GetLoginsTable()->UpdateLogin(form6));
|
| - // matches
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetLogins(form5, &result));
|
| - EXPECT_EQ(1U, result.size());
|
| - delete result[0];
|
| - result.clear();
|
| - // Only one record.
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetAllLogins(&result, true));
|
| - EXPECT_EQ(1U, result.size());
|
| - // password element was updated.
|
| - EXPECT_EQ(form6.password_value, result[0]->password_value);
|
| - // Preferred login.
|
| - EXPECT_TRUE(form6.preferred);
|
| - delete result[0];
|
| - result.clear();
|
| -
|
| - // Make sure everything can disappear.
|
| - EXPECT_TRUE(db.GetLoginsTable()->RemoveLogin(form4));
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetAllLogins(&result, true));
|
| - EXPECT_EQ(0U, result.size());
|
| -}
|
| -
|
| -static bool AddTimestampedLogin(WebDatabase* db, std::string url,
|
| - const std::string& unique_string,
|
| - const Time& time) {
|
| - // Example password form.
|
| - PasswordForm form;
|
| - form.origin = GURL(url + std::string("/LoginAuth"));
|
| - form.username_element = ASCIIToUTF16(unique_string);
|
| - form.username_value = ASCIIToUTF16(unique_string);
|
| - form.password_element = ASCIIToUTF16(unique_string);
|
| - form.submit_element = ASCIIToUTF16("signIn");
|
| - form.signon_realm = url;
|
| - form.date_created = time;
|
| - return db->GetLoginsTable()->AddLogin(form);
|
| -}
|
| -
|
| -static void ClearResults(std::vector<PasswordForm*>* results) {
|
| - for (size_t i = 0; i < results->size(); ++i) {
|
| - delete (*results)[i];
|
| - }
|
| - results->clear();
|
| -}
|
| -
|
| -TEST_F(LoginsTableTest, ClearPrivateData_SavedPasswords) {
|
| - WebDatabase db;
|
| -
|
| - ASSERT_EQ(sql::INIT_OK, db.Init(file_));
|
| -
|
| - std::vector<PasswordForm*> result;
|
| -
|
| - // Verify the database is empty.
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetAllLogins(&result, true));
|
| - EXPECT_EQ(0U, result.size());
|
| -
|
| - Time now = Time::Now();
|
| - TimeDelta one_day = TimeDelta::FromDays(1);
|
| -
|
| - // Create one with a 0 time.
|
| - EXPECT_TRUE(AddTimestampedLogin(&db, "1", "foo1", Time()));
|
| - // Create one for now and +/- 1 day.
|
| - EXPECT_TRUE(AddTimestampedLogin(&db, "2", "foo2", now - one_day));
|
| - EXPECT_TRUE(AddTimestampedLogin(&db, "3", "foo3", now));
|
| - EXPECT_TRUE(AddTimestampedLogin(&db, "4", "foo4", now + one_day));
|
| -
|
| - // Verify inserts worked.
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetAllLogins(&result, true));
|
| - EXPECT_EQ(4U, result.size());
|
| - ClearResults(&result);
|
| -
|
| - // Delete everything from today's date and on.
|
| - db.GetLoginsTable()->RemoveLoginsCreatedBetween(now, Time());
|
| -
|
| - // Should have deleted half of what we inserted.
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetAllLogins(&result, true));
|
| - EXPECT_EQ(2U, result.size());
|
| - ClearResults(&result);
|
| -
|
| - // Delete with 0 date (should delete all).
|
| - db.GetLoginsTable()->RemoveLoginsCreatedBetween(Time(), Time());
|
| -
|
| - // Verify nothing is left.
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetAllLogins(&result, true));
|
| - EXPECT_EQ(0U, result.size());
|
| -}
|
| -
|
| -TEST_F(LoginsTableTest, BlacklistedLogins) {
|
| - WebDatabase db;
|
| -
|
| - ASSERT_EQ(sql::INIT_OK, db.Init(file_));
|
| - std::vector<PasswordForm*> result;
|
| -
|
| - // Verify the database is empty.
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetAllLogins(&result, true));
|
| - ASSERT_EQ(0U, result.size());
|
| -
|
| - // Save a form as blacklisted.
|
| - PasswordForm form;
|
| - form.origin = GURL("http://www.google.com/accounts/LoginAuth");
|
| - form.action = GURL("http://www.google.com/accounts/Login");
|
| - form.username_element = ASCIIToUTF16("Email");
|
| - form.password_element = ASCIIToUTF16("Passwd");
|
| - form.submit_element = ASCIIToUTF16("signIn");
|
| - form.signon_realm = "http://www.google.com/";
|
| - form.ssl_valid = false;
|
| - form.preferred = true;
|
| - form.blacklisted_by_user = true;
|
| - form.scheme = PasswordForm::SCHEME_HTML;
|
| - EXPECT_TRUE(db.GetLoginsTable()->AddLogin(form));
|
| -
|
| - // Get all non-blacklisted logins (should be none).
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetAllLogins(&result, false));
|
| - ASSERT_EQ(0U, result.size());
|
| -
|
| - // GetLogins should give the blacklisted result.
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetLogins(form, &result));
|
| - EXPECT_EQ(1U, result.size());
|
| - ClearResults(&result);
|
| -
|
| - // So should GetAll including blacklisted.
|
| - EXPECT_TRUE(db.GetLoginsTable()->GetAllLogins(&result, true));
|
| - EXPECT_EQ(1U, result.size());
|
| - ClearResults(&result);
|
| -}
|
|
|