Convert UserPolicySigninService to use OAuth2TokenService

chrome/browser/policy/cloud/user_policy_signin_service_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/prefs/pref_service.h"
 #include "base/run_loop.h"
 #include "base/time/time.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/policy/browser_policy_connector.h"
 #include "chrome/browser/policy/cloud/cloud_policy_constants.h"
 #include "chrome/browser/policy/cloud/mock_device_management_service.h"
 #include "chrome/browser/policy/cloud/mock_user_cloud_policy_store.h"
 #include "chrome/browser/policy/cloud/user_cloud_policy_manager.h"
 #include "chrome/browser/policy/cloud/user_policy_signin_service_factory.h"
 #include "chrome/browser/prefs/browser_prefs.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/fake_signin_manager.h"
+#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/test/base/testing_browser_process.h"
 #include "chrome/test/base/testing_pref_service_syncable.h"
 #include "chrome/test/base/testing_profile.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/notification_details.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_source.h"
 #include "content/public/test/test_browser_thread_bundle.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "net/http/http_status_code.h"
 #include "net/url_request/test_url_fetcher_factory.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "net/url_request/url_request_status.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 #if defined(OS_ANDROID)
 #include "chrome/browser/policy/cloud/user_policy_signin_service_android.h"
 #include "chrome/browser/signin/android_profile_oauth2_token_service.h"
-#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #else
 #include "chrome/browser/policy/cloud/user_policy_signin_service.h"
-#include "chrome/browser/signin/token_service.h"
-#include "chrome/browser/signin/token_service_factory.h"
+#include "chrome/browser/signin/fake_profile_oauth2_token_service.h"
 #endif
 
 namespace em = enterprise_management;
 
 using testing::AnyNumber;
 using testing::Mock;
 using testing::_;
 
 namespace policy {
 
 namespace {
 
 const char kTestUser[] = "testuser@test.com";
 
 const char kValidTokenResponse[] =
     "{"
     "  \"access_token\": \"at1\","
     "  \"expires_in\": 3600,"
     "  \"token_type\": \"Bearer\""
     "}";
 
 const char kHostedDomainResponse[] =
     "{"
     "  \"hd\": \"test.com\""
     "}";
 
-const char kCombinedScopes[] =
-    "https://www.googleapis.com/auth/chromeosdevicemanagement "
-    "https://www.googleapis.com/auth/userinfo.email";
-
 class SigninManagerFake : public FakeSigninManager {
  public:
   explicit SigninManagerFake(Profile* profile)
       : FakeSigninManager(profile) {
     Initialize(profile, NULL);
   }
 
   void ForceSignOut() {
     // Allow signing out now.
     prohibit_signout_ = false;
     SignOut();
   }
 
   static BrowserContextKeyedService* Build(content::BrowserContext* profile) {
     return new SigninManagerFake(static_cast<Profile*>(profile));
   }
 };
 
 #if defined(OS_ANDROID)
-
-class FakeProfileOAuth2TokenService : public AndroidProfileOAuth2TokenService {
+// TODO(atwilson): Remove this when ProfileOAuth2TokenService supports
+// usernames.
+class FakeAndroidProfileOAuth2TokenService
+    : public AndroidProfileOAuth2TokenService {
  public:
-  explicit FakeProfileOAuth2TokenService(Profile* profile) {
+  explicit FakeAndroidProfileOAuth2TokenService(Profile* profile) {
     Initialize(profile);
   }
 
   static BrowserContextKeyedService* Build(content::BrowserContext* profile) {
-    return new FakeProfileOAuth2TokenService(static_cast<Profile*>(profile));
+    return new FakeAndroidProfileOAuth2TokenService(
+        static_cast<Profile*>(profile));
   }
 
   // AndroidProfileOAuth2TokenService overrides:
-  virtual void FetchOAuth2Token(
+  virtual void FetchOAuth2TokenWithUsername(
+      RequestImpl* request,
       const std::string& username,
-      const std::string& scope,
-      const FetchOAuth2TokenCallback& callback) OVERRIDE {
+      const OAuth2TokenService::ScopeSet& scope) OVERRIDE {
     ASSERT_TRUE(!HasPendingRequest());
     ASSERT_EQ(kTestUser, username);
-    ASSERT_EQ(kCombinedScopes, scope);
-    pending_callback_ = callback;
+    ASSERT_EQ(2U, scope.size());
+    EXPECT_EQ(1U, scope.count(GaiaConstants::kDeviceManagementServiceOAuth));
+    EXPECT_EQ(1U, scope.count(
+        "https://www.googleapis.com/auth/userinfo.email"));
+    pending_request_ = request->AsWeakPtr();
   }
 
   void IssueToken(const std::string& token) {
     ASSERT_TRUE(HasPendingRequest());
     GoogleServiceAuthError error = GoogleServiceAuthError::AuthErrorNone();
     if (token.empty())
       error = GoogleServiceAuthError::FromServiceError("fail");
-    pending_callback_.Run(
-        error, token, base::Time::Now() + base::TimeDelta::FromDays(1));
-    pending_callback_.Reset();
+    if (pending_request_) {
+      pending_request_->InformConsumer(
+          error,
+          token,
+          base::Time::Now() + base::TimeDelta::FromDays(1));
+    }
+    pending_request_.reset();
   }
 
   bool HasPendingRequest() const {
-    return !pending_callback_.is_null();
+    return pending_request_;
   }
 
  private:
-  FetchOAuth2TokenCallback pending_callback_;
+  base::WeakPtr<RequestImpl> pending_request_;
 };
 
 #endif
 
 class UserPolicySigninServiceTest : public testing::Test {
  public:
   UserPolicySigninServiceTest()
       : thread_bundle_(content::TestBrowserThreadBundle::IO_MAINLOOP),
         register_completed_(false) {}
 
@@ skipping 27 matching lines @@
     g_browser_process->browser_policy_connector()->Init(
         local_state_.get(), system_request_context);
 
     // Create a testing profile with cloud-policy-on-signin enabled, and bring
     // up a UserCloudPolicyManager with a MockUserCloudPolicyStore.
     scoped_ptr<TestingPrefServiceSyncable> prefs(
         new TestingPrefServiceSyncable());
     chrome::RegisterUserProfilePrefs(prefs->registry());
     TestingProfile::Builder builder;
     builder.SetPrefService(scoped_ptr<PrefServiceSyncable>(prefs.Pass()));
+    builder.AddTestingFactory(SigninManagerFactory::GetInstance(),
+                              SigninManagerFake::Build);
+#if defined(OS_ANDROID)
+    builder.AddTestingFactory(ProfileOAuth2TokenServiceFactory::GetInstance(),
+                              FakeAndroidProfileOAuth2TokenService::Build);
+#else
+    builder.AddTestingFactory(ProfileOAuth2TokenServiceFactory::GetInstance(),
+                              FakeProfileOAuth2TokenService::Build);
+#endif
+
     profile_ = builder.Build().Pass();
+    signin_manager_ = static_cast<SigninManagerFake*>(
+        SigninManagerFactory::GetForProfile(profile_.get()));
 
     mock_store_ = new MockUserCloudPolicyStore();
     EXPECT_CALL(*mock_store_, Load()).Times(AnyNumber());
     manager_.reset(new UserCloudPolicyManager(
         profile_.get(), scoped_ptr<UserCloudPolicyStore>(mock_store_)));
-    signin_manager_ = static_cast<SigninManagerFake*>(
-        SigninManagerFactory::GetInstance()->SetTestingFactoryAndUse(
-            profile_.get(), SigninManagerFake::Build));
 
-#if defined(OS_ANDROID)
-    ProfileOAuth2TokenServiceFactory* factory =
-        ProfileOAuth2TokenServiceFactory::GetInstance();
-    token_service_ = static_cast<FakeProfileOAuth2TokenService*>(
-        factory->SetTestingFactoryAndUse(profile_.get(),
-                                         FakeProfileOAuth2TokenService::Build));
-#endif
-
-    // Make sure the UserPolicySigninService is created.
-    UserPolicySigninServiceFactory::GetForProfile(profile_.get());
     Mock::VerifyAndClearExpectations(mock_store_);
     url_factory_.set_remove_fetcher_on_delete(true);
   }
 
   virtual void TearDown() OVERRIDE {
     UserPolicySigninServiceFactory::SetDeviceManagementServiceForTesting(NULL);
     // Free the profile before we clear out the browser prefs.
     profile_.reset();
     TestingBrowserProcess* testing_browser_process =
         TestingBrowserProcess::GetGlobal();
     testing_browser_process->SetLocalState(NULL);
     local_state_.reset();
     testing_browser_process->SetBrowserPolicyConnector(NULL);
     base::RunLoop run_loop;
     run_loop.RunUntilIdle();
   }
 
+#if defined(OS_ANDROID)
+  FakeAndroidProfileOAuth2TokenService* GetTokenService() {
+    ProfileOAuth2TokenService* service =
+        ProfileOAuth2TokenServiceFactory::GetForProfile(profile_.get());
+    return static_cast<FakeAndroidProfileOAuth2TokenService*>(service);
+  }
+#else
+  FakeProfileOAuth2TokenService* GetTokenService() {
+    ProfileOAuth2TokenService* service =
+        ProfileOAuth2TokenServiceFactory::GetForProfile(profile_.get());
+    return static_cast<FakeProfileOAuth2TokenService*>(service);
+  }
+#endif
+
   bool IsRequestActive() {
 #if defined(OS_ANDROID)
-    if (token_service_->HasPendingRequest())
+    if (GetTokenService()->HasPendingRequest())
+      return true;
+#else
+    if (!GetTokenService()->GetPendingRequests().empty())
       return true;
 #endif
     return url_factory_.GetFetcherByID(0);
   }
 
   void MakeOAuthTokenFetchSucceed() {
 #if defined(OS_ANDROID)
-    ASSERT_TRUE(token_service_->HasPendingRequest());
-    token_service_->IssueToken("fake_token");
+    ASSERT_TRUE(GetTokenService()->HasPendingRequest());
+    GetTokenService()->IssueToken("fake_token");
 #else
     ASSERT_TRUE(IsRequestActive());
     net::TestURLFetcher* fetcher = url_factory_.GetFetcherByID(0);
     fetcher->set_response_code(net::HTTP_OK);
     fetcher->SetResponseString(kValidTokenResponse);
     fetcher->delegate()->OnURLFetchComplete(fetcher);
 #endif
   }
 
   void ReportHostedDomainStatus(bool is_hosted_domain) {
@@ skipping 91 matching lines @@
   MockUserCloudPolicyStore* mock_store_;
   scoped_ptr<UserCloudPolicyManager> manager_;
 
   // BrowserPolicyConnector and UrlFetcherFactory want to initialize and free
   // various components asynchronously via tasks, so create fake threads here.
   content::TestBrowserThreadBundle thread_bundle_;
 
   net::TestURLFetcherFactory url_factory_;
 
   SigninManagerFake* signin_manager_;
-#if defined(OS_ANDROID)
-  FakeProfileOAuth2TokenService* token_service_;  // Not owned.
-#endif
 
   // Used in conjunction with OnRegisterCompleted() to test client registration
   // callbacks.
   scoped_ptr<CloudPolicyClient> created_client_;
 
   // True if OnRegisterCompleted() was called.
   bool register_completed_;
 
   // Weak ptr to the MockDeviceManagementService (object is owned by the
   // BrowserPolicyConnector).
@@ skipping 37 matching lines @@
   // UserCloudPolicyManager should be initialized.
   ASSERT_TRUE(manager_->core()->service());
 
   // Complete initialization of the store.
   mock_store_->NotifyStoreLoaded();
 
   // No oauth access token yet, so client registration should be deferred.
   ASSERT_FALSE(IsRequestActive());
 
   // Make oauth token available.
-  TokenServiceFactory::GetForProfile(profile_.get())->IssueAuthTokenForTest(
-      GaiaConstants::kGaiaOAuth2LoginRefreshToken, "oauth_login_refresh_token");
+  GetTokenService()->IssueRefreshToken("oauth_login_refresh_token");
 
   // Client registration should be in progress since we now have an oauth token.
   ASSERT_TRUE(IsRequestActive());
 }
 
+TEST_F(UserPolicySigninServiceTest, InitWhileSignedInOAuthError) {
+  // Set the user as signed in.
+  SigninManagerFactory::GetForProfile(profile_.get())->SetAuthenticatedUsername(
+      kTestUser);
+
+  // Let the SigninService know that the profile has been created.
+  content::NotificationService::current()->Notify(
+      chrome::NOTIFICATION_PROFILE_ADDED,
+      content::Source<Profile>(profile_.get()),
+      content::NotificationService::NoDetails());
+
+  // UserCloudPolicyManager should be initialized.
+  ASSERT_TRUE(manager_->core()->service());
+
+  // Complete initialization of the store.
+  mock_store_->NotifyStoreLoaded();
+
+  // No oauth access token yet, so client registration should be deferred.
+  ASSERT_FALSE(IsRequestActive());
+
+  // Make oauth token available.
+  GetTokenService()->IssueRefreshToken("oauth_login_refresh_token");
+
+  // Client registration should be in progress since we now have an oauth token.
+  ASSERT_TRUE(IsRequestActive());
+
+  // Now fail the access token fetch.
+  GoogleServiceAuthError error(
+      GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS);
+  GetTokenService()->IssueErrorForAllPendingRequests(error);
+  ASSERT_FALSE(IsRequestActive());
+}
+
 TEST_F(UserPolicySigninServiceTest, SignInAfterInit) {
   EXPECT_CALL(*mock_store_, Clear());
   // Let the SigninService know that the profile has been created.
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_PROFILE_ADDED,
       content::Source<Profile>(profile_.get()),
       content::NotificationService::NoDetails());
 
   // UserCloudPolicyManager should not be initialized since there is no
   // signed-in user.
   ASSERT_FALSE(manager_->core()->service());
 
   // Now sign in the user.
   SigninManagerFactory::GetForProfile(profile_.get())->SetAuthenticatedUsername(
       kTestUser);
 
   // Complete initialization of the store.
   mock_store_->NotifyStoreLoaded();
 
   // Make oauth token available.
-  TokenServiceFactory::GetForProfile(profile_.get())->IssueAuthTokenForTest(
-      GaiaConstants::kGaiaOAuth2LoginRefreshToken, "oauth_login_refresh_token");
+  GetTokenService()->IssueRefreshToken("oauth_login_refresh_token");
 
   // UserCloudPolicyManager should be initialized.
   ASSERT_TRUE(manager_->core()->service());
 
   // Client registration should be in progress since we have an oauth token.
   ASSERT_TRUE(IsRequestActive());
 }
 
 TEST_F(UserPolicySigninServiceTest, SignInWithNonEnterpriseUser) {
   EXPECT_CALL(*mock_store_, Clear());
   // Let the SigninService know that the profile has been created.
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_PROFILE_ADDED,
       content::Source<Profile>(profile_.get()),
       content::NotificationService::NoDetails());
 
   // UserCloudPolicyManager should not be initialized since there is no
   // signed-in user.
   ASSERT_FALSE(manager_->core()->service());
 
   // Now sign in a non-enterprise user (blacklisted gmail.com domain).
   SigninManagerFactory::GetForProfile(profile_.get())->SetAuthenticatedUsername(
       "non_enterprise_user@gmail.com");
 
   // Complete initialization of the store.
   mock_store_->NotifyStoreLoaded();
 
   // Make oauth token available.
-  TokenServiceFactory::GetForProfile(profile_.get())->IssueAuthTokenForTest(
-      GaiaConstants::kGaiaOAuth2LoginRefreshToken, "oauth_login_refresh_token");
+  GetTokenService()->IssueRefreshToken("oauth_login_refresh_token");
 
   // UserCloudPolicyManager should not be initialized and there should be no
   // DMToken request active.
   ASSERT_TRUE(!manager_->core()->service());
   ASSERT_FALSE(IsRequestActive());
 }
 
 TEST_F(UserPolicySigninServiceTest, UnregisteredClient) {
   EXPECT_CALL(*mock_store_, Clear());
   // Let the SigninService know that the profile has been created.
   content::NotificationService::current()->Notify(
       chrome::NOTIFICATION_PROFILE_ADDED,
       content::Source<Profile>(profile_.get()),
       content::NotificationService::NoDetails());
 
   // UserCloudPolicyManager should not be initialized since there is no
   // signed-in user.
   ASSERT_FALSE(manager_->core()->service());
 
   // Now sign in the user.
   SigninManagerFactory::GetForProfile(profile_.get())->SetAuthenticatedUsername(
       kTestUser);
 
   // Make oauth token available.
-  TokenServiceFactory::GetForProfile(profile_.get())->IssueAuthTokenForTest(
-      GaiaConstants::kGaiaOAuth2LoginRefreshToken, "oauth_login_refresh_token");
+  GetTokenService()->IssueRefreshToken("oauth_login_refresh_token");
 
   // UserCloudPolicyManager should be initialized.
   ASSERT_TRUE(manager_->core()->service());
 
   // Client registration should not be in progress since the store is not
   // yet initialized.
   ASSERT_FALSE(IsRequestActive());
 
   // Complete initialization of the store with no policy (unregistered client).
   mock_store_->NotifyStoreLoaded();
@@ skipping 12 matching lines @@
 
   // UserCloudPolicyManager should not be initialized since there is no
   // signed-in user.
   ASSERT_FALSE(manager_->core()->service());
 
   // Now sign in the user.
   SigninManagerFactory::GetForProfile(profile_.get())->SetAuthenticatedUsername(
       kTestUser);
 
   // Make oauth token available.
-  TokenServiceFactory::GetForProfile(profile_.get())->IssueAuthTokenForTest(
-      GaiaConstants::kGaiaOAuth2LoginRefreshToken, "oauth_login_refresh_token");
+  GetTokenService()->IssueRefreshToken("oauth_login_refresh_token");
 
   // UserCloudPolicyManager should be initialized.
   ASSERT_TRUE(manager_->core()->service());
 
   // Client registration should not be in progress since the store is not
   // yet initialized.
   ASSERT_FALSE(manager_->IsClientRegistered());
   ASSERT_FALSE(IsRequestActive());
 
   mock_store_->policy_.reset(new enterprise_management::PolicyData());
@@ skipping 39 matching lines @@
   RegisterPolicyClientWithCallback(signin_service);
   Mock::VerifyAndClearExpectations(this);
 
   // UserCloudPolicyManager should not be initialized.
   ASSERT_FALSE(manager_->core()->service());
   ASSERT_TRUE(IsRequestActive());
   EXPECT_FALSE(register_completed_);
 
   // Cause the access token fetch to fail - callback should be invoked.
 #if defined(OS_ANDROID)
-  ASSERT_TRUE(token_service_->HasPendingRequest());
-  token_service_->IssueToken("");
+  ASSERT_TRUE(GetTokenService()->HasPendingRequest());
+  GetTokenService()->IssueToken("");
 #else
   net::TestURLFetcher* fetcher = url_factory_.GetFetcherByID(0);
   fetcher->set_status(net::URLRequestStatus(net::URLRequestStatus::FAILED, -1));
   fetcher->delegate()->OnURLFetchComplete(fetcher);
 #endif
 
   EXPECT_TRUE(register_completed_);
   EXPECT_FALSE(created_client_.get());
   EXPECT_FALSE(IsRequestActive());
 }
@@ skipping 200 matching lines @@
   base::RunLoop().RunUntilIdle();
   EXPECT_FALSE(manager_->IsClientRegistered());
 #if !defined(OS_ANDROID)
   EXPECT_FALSE(signin_manager_->IsSignoutProhibited());
 #endif
 }
 
 }  // namespace
 
 }  // namespace policy