OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" | 5 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_factory.h" |
6 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage_factory.h" | 6 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_storage.h" |
7 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" | 7 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" |
8 #include "chrome/common/pref_names.h" | 8 #include "chrome/common/pref_names.h" |
9 #include "chrome/test/base/testing_profile.h" | 9 #include "chrome/test/base/testing_profile.h" |
10 #include "components/prefs/pref_service.h" | 10 #include "components/prefs/pref_service.h" |
11 #include "components/prefs/scoped_user_pref_update.h" | 11 #include "components/prefs/scoped_user_pref_update.h" |
12 #include "content/public/test/test_browser_thread_bundle.h" | 12 #include "content/public/test/test_browser_thread_bundle.h" |
13 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
14 | 14 |
15 namespace chromeos { | 15 namespace chromeos { |
16 namespace { | 16 namespace { |
17 | 17 |
18 void SetConfirmationFrequency( | |
19 PrefService* pref_service, | |
20 quick_unlock::PasswordConfirmationFrequency frequency) { | |
21 pref_service->SetInteger(prefs::kQuickUnlockTimeout, | |
22 static_cast<int>(frequency)); | |
23 } | |
24 | |
25 class PinStorageUnitTest : public testing::Test { | 18 class PinStorageUnitTest : public testing::Test { |
26 protected: | 19 protected: |
27 PinStorageUnitTest() : profile_(new TestingProfile()) {} | 20 PinStorageUnitTest() : profile_(new TestingProfile()) {} |
28 ~PinStorageUnitTest() override {} | 21 ~PinStorageUnitTest() override {} |
29 | 22 |
30 // testing::Test: | 23 // testing::Test: |
31 void SetUp() override { quick_unlock::EnableForTesting(); } | 24 void SetUp() override { quick_unlock::EnableForTesting(); } |
32 | 25 |
33 content::TestBrowserThreadBundle thread_bundle_; | 26 content::TestBrowserThreadBundle thread_bundle_; |
34 std::unique_ptr<TestingProfile> profile_; | 27 std::unique_ptr<TestingProfile> profile_; |
35 | 28 |
36 DISALLOW_COPY_AND_ASSIGN(PinStorageUnitTest); | 29 DISALLOW_COPY_AND_ASSIGN(PinStorageUnitTest); |
37 }; | 30 }; |
38 | 31 |
39 } // namespace | 32 } // namespace |
40 | 33 |
41 // Provides test-only PinStorage APIs. | 34 // Provides test-only PinStorage APIs. |
42 class PinStorageTestApi { | 35 class PinStorageTestApi { |
43 public: | 36 public: |
44 // Does *not* take ownership over |pin_storage|. | 37 // Does *not* take ownership over |pin_storage|. |
45 explicit PinStorageTestApi(quick_unlock::PinStorage* pin_storage) | 38 explicit PinStorageTestApi(quick_unlock::PinStorage* pin_storage) |
46 : pin_storage_(pin_storage) {} | 39 : pin_storage_(pin_storage) {} |
47 | 40 |
48 // Reduces the amount of strong auth time available by |time_delta|. | |
49 void ReduceRemainingStrongAuthTimeBy(const base::TimeDelta& time_delta) { | |
50 pin_storage_->last_strong_auth_ -= time_delta; | |
51 } | |
52 | |
53 bool HasStrongAuthInfo() { | |
54 return !pin_storage_->last_strong_auth_.is_null(); | |
55 } | |
56 | |
57 std::string PinSalt() const { return pin_storage_->PinSalt(); } | 41 std::string PinSalt() const { return pin_storage_->PinSalt(); } |
58 | 42 |
59 std::string PinSecret() const { return pin_storage_->PinSecret(); } | 43 std::string PinSecret() const { return pin_storage_->PinSecret(); } |
60 | 44 |
| 45 bool IsPinAuthenticationAvailable() const { |
| 46 return pin_storage_->IsPinAuthenticationAvailable(); |
| 47 } |
| 48 bool TryAuthenticatePin(const std::string& pin) { |
| 49 return pin_storage_->TryAuthenticatePin(pin); |
| 50 } |
| 51 |
61 private: | 52 private: |
62 quick_unlock::PinStorage* pin_storage_; | 53 quick_unlock::PinStorage* pin_storage_; |
63 | 54 |
64 DISALLOW_COPY_AND_ASSIGN(PinStorageTestApi); | 55 DISALLOW_COPY_AND_ASSIGN(PinStorageTestApi); |
65 }; | 56 }; |
66 | 57 |
67 // Verifies that: | 58 // Verifies that: |
68 // 1. Prefs are initially empty | 59 // 1. Prefs are initially empty |
69 // 2. Setting a PIN will update the pref system. | 60 // 2. Setting a PIN will update the pref system. |
70 // 3. Removing a PIN clears prefs. | 61 // 3. Removing a PIN clears prefs. |
71 TEST_F(PinStorageUnitTest, PinStorageWritesToPrefs) { | 62 TEST_F(PinStorageUnitTest, PinStorageWritesToPrefs) { |
72 PrefService* prefs = profile_->GetPrefs(); | 63 PrefService* prefs = profile_->GetPrefs(); |
73 | 64 |
74 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSalt)); | 65 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSalt)); |
75 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSecret)); | 66 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSecret)); |
76 | 67 |
77 quick_unlock::PinStorage* pin_storage = | 68 quick_unlock::PinStorage* pin_storage = |
78 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | 69 quick_unlock::QuickUnlockFactory::GetForProfile(profile_.get()) |
| 70 ->pin_storage(); |
79 PinStorageTestApi pin_storage_test(pin_storage); | 71 PinStorageTestApi pin_storage_test(pin_storage); |
80 | 72 |
81 pin_storage->SetPin("1111"); | 73 pin_storage->SetPin("1111"); |
82 EXPECT_TRUE(pin_storage->IsPinSet()); | 74 EXPECT_TRUE(pin_storage->IsPinSet()); |
83 EXPECT_EQ(pin_storage_test.PinSalt(), | 75 EXPECT_EQ(pin_storage_test.PinSalt(), |
84 prefs->GetString(prefs::kQuickUnlockPinSalt)); | 76 prefs->GetString(prefs::kQuickUnlockPinSalt)); |
85 EXPECT_EQ(pin_storage_test.PinSecret(), | 77 EXPECT_EQ(pin_storage_test.PinSecret(), |
86 prefs->GetString(prefs::kQuickUnlockPinSecret)); | 78 prefs->GetString(prefs::kQuickUnlockPinSecret)); |
87 EXPECT_NE("", pin_storage_test.PinSalt()); | 79 EXPECT_NE("", pin_storage_test.PinSalt()); |
88 EXPECT_NE("", pin_storage_test.PinSecret()); | 80 EXPECT_NE("", pin_storage_test.PinSecret()); |
89 | 81 |
90 pin_storage->RemovePin(); | 82 pin_storage->RemovePin(); |
91 EXPECT_FALSE(pin_storage->IsPinSet()); | 83 EXPECT_FALSE(pin_storage->IsPinSet()); |
92 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSalt)); | 84 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSalt)); |
93 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSecret)); | 85 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSecret)); |
94 } | 86 } |
95 | 87 |
96 // Verifies that: | 88 // Verifies that: |
97 // 1. Initial unlock attempt count is zero. | 89 // 1. Initial unlock attempt count is zero. |
98 // 2. Attempting unlock attempts correctly increases unlock attempt count. | 90 // 2. Attempting unlock attempts correctly increases unlock attempt count. |
99 // 3. Resetting unlock attempt count correctly sets attempt count to 0. | 91 // 3. Resetting unlock attempt count correctly sets attempt count to 0. |
100 TEST_F(PinStorageUnitTest, UnlockAttemptCount) { | 92 TEST_F(PinStorageUnitTest, UnlockAttemptCount) { |
101 quick_unlock::PinStorage* pin_storage = | 93 quick_unlock::PinStorage* pin_storage = |
102 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | 94 quick_unlock::QuickUnlockFactory::GetForProfile(profile_.get()) |
| 95 ->pin_storage(); |
103 | 96 |
104 EXPECT_EQ(0, pin_storage->unlock_attempt_count()); | 97 EXPECT_EQ(0, pin_storage->unlock_attempt_count()); |
105 | 98 |
106 pin_storage->AddUnlockAttempt(); | 99 pin_storage->AddUnlockAttempt(); |
107 pin_storage->AddUnlockAttempt(); | 100 pin_storage->AddUnlockAttempt(); |
108 pin_storage->AddUnlockAttempt(); | 101 pin_storage->AddUnlockAttempt(); |
109 EXPECT_EQ(3, pin_storage->unlock_attempt_count()); | 102 EXPECT_EQ(3, pin_storage->unlock_attempt_count()); |
110 | 103 |
111 pin_storage->ResetUnlockAttemptCount(); | 104 pin_storage->ResetUnlockAttemptCount(); |
112 EXPECT_EQ(0, pin_storage->unlock_attempt_count()); | 105 EXPECT_EQ(0, pin_storage->unlock_attempt_count()); |
113 } | 106 } |
114 | 107 |
115 // Verifies that marking the strong auth makes TimeSinceLastStrongAuth a > zero | |
116 // value. | |
117 TEST_F(PinStorageUnitTest, TimeSinceLastStrongAuthReturnsPositiveValue) { | |
118 quick_unlock::PinStorage* pin_storage = | |
119 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | |
120 PinStorageTestApi pin_storage_test(pin_storage); | |
121 | |
122 EXPECT_FALSE(pin_storage_test.HasStrongAuthInfo()); | |
123 | |
124 pin_storage->MarkStrongAuth(); | |
125 | |
126 EXPECT_TRUE(pin_storage_test.HasStrongAuthInfo()); | |
127 pin_storage_test.ReduceRemainingStrongAuthTimeBy( | |
128 base::TimeDelta::FromSeconds(60)); | |
129 | |
130 EXPECT_TRUE(pin_storage->TimeSinceLastStrongAuth() >= | |
131 base::TimeDelta::FromSeconds(30)); | |
132 } | |
133 | |
134 // Verifies that by altering the password confirmation preference, the pin | |
135 // storage will request password reconfirmation as expected. | |
136 TEST_F(PinStorageUnitTest, QuickUnlockPasswordConfirmationFrequencyPreference) { | |
137 quick_unlock::PinStorage* pin_storage = | |
138 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | |
139 PrefService* pref_service = profile_->GetPrefs(); | |
140 PinStorageTestApi test_api(pin_storage); | |
141 | |
142 // The default is one day, so verify moving the last strong auth time back 13 | |
143 // hours should not request strong auth. | |
144 pin_storage->MarkStrongAuth(); | |
145 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(13)); | |
146 EXPECT_TRUE(pin_storage->HasStrongAuth()); | |
147 | |
148 // Verify moving the last strong auth time back another 13 hours should | |
149 // request strong auth. | |
150 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(13)); | |
151 EXPECT_FALSE(pin_storage->HasStrongAuth()); | |
152 | |
153 // Verify that by changing the frequency of required password confirmation to | |
154 // six hours, moving the last strong auth interval back by 4 hours will not | |
155 // trigger a request for strong auth, but moving it by an additional 4 hours | |
156 // will. | |
157 pin_storage->MarkStrongAuth(); | |
158 SetConfirmationFrequency( | |
159 pref_service, quick_unlock::PasswordConfirmationFrequency::SIX_HOURS); | |
160 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(4)); | |
161 EXPECT_TRUE(pin_storage->HasStrongAuth()); | |
162 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(4)); | |
163 EXPECT_FALSE(pin_storage->HasStrongAuth()); | |
164 | |
165 // A valid strong auth becomes invalid if the confirmation frequency is | |
166 // shortened to less than the expiration time. | |
167 pin_storage->MarkStrongAuth(); | |
168 SetConfirmationFrequency( | |
169 pref_service, quick_unlock::PasswordConfirmationFrequency::TWELVE_HOURS); | |
170 EXPECT_TRUE(pin_storage->HasStrongAuth()); | |
171 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(8)); | |
172 EXPECT_TRUE(pin_storage->HasStrongAuth()); | |
173 SetConfirmationFrequency( | |
174 pref_service, quick_unlock::PasswordConfirmationFrequency::SIX_HOURS); | |
175 EXPECT_FALSE(pin_storage->HasStrongAuth()); | |
176 | |
177 // An expired strong auth becomes usable if the confirmation frequency gets | |
178 // extended past the expiration time. | |
179 pin_storage->MarkStrongAuth(); | |
180 SetConfirmationFrequency( | |
181 pref_service, quick_unlock::PasswordConfirmationFrequency::SIX_HOURS); | |
182 EXPECT_TRUE(pin_storage->HasStrongAuth()); | |
183 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(8)); | |
184 EXPECT_FALSE(pin_storage->HasStrongAuth()); | |
185 SetConfirmationFrequency( | |
186 pref_service, quick_unlock::PasswordConfirmationFrequency::TWELVE_HOURS); | |
187 EXPECT_TRUE(pin_storage->HasStrongAuth()); | |
188 } | |
189 | |
190 // Verifies that the correct pin can be used to authenticate. | 108 // Verifies that the correct pin can be used to authenticate. |
191 TEST_F(PinStorageUnitTest, AuthenticationSucceedsWithRightPin) { | 109 TEST_F(PinStorageUnitTest, AuthenticationSucceedsWithRightPin) { |
192 quick_unlock::PinStorage* pin_storage = | 110 quick_unlock::PinStorage* pin_storage = |
193 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | 111 quick_unlock::QuickUnlockFactory::GetForProfile(profile_.get()) |
| 112 ->pin_storage(); |
| 113 PinStorageTestApi pin_storage_test(pin_storage); |
194 | 114 |
195 pin_storage->SetPin("1111"); | 115 pin_storage->SetPin("1111"); |
196 | 116 |
197 pin_storage->MarkStrongAuth(); | 117 EXPECT_TRUE(pin_storage_test.TryAuthenticatePin("1111")); |
198 EXPECT_TRUE(pin_storage->TryAuthenticatePin("1111")); | |
199 } | 118 } |
200 | 119 |
201 // Verifies that the correct pin will fail to authenticate if too many | 120 // Verifies that the correct pin will fail to authenticate if too many |
202 // authentication attempts have been made. | 121 // authentication attempts have been made. |
203 TEST_F(PinStorageUnitTest, AuthenticationFailsFromTooManyAttempts) { | 122 TEST_F(PinStorageUnitTest, AuthenticationFailsFromTooManyAttempts) { |
204 quick_unlock::PinStorage* pin_storage = | 123 quick_unlock::PinStorage* pin_storage = |
205 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | 124 quick_unlock::QuickUnlockFactory::GetForProfile(profile_.get()) |
| 125 ->pin_storage(); |
| 126 PinStorageTestApi pin_storage_test(pin_storage); |
206 | 127 |
207 pin_storage->SetPin("1111"); | 128 pin_storage->SetPin("1111"); |
208 | 129 |
209 // Use up all of the authentication attempts so authentication fails. | 130 // Use up all of the authentication attempts so authentication fails. |
210 pin_storage->MarkStrongAuth(); | 131 EXPECT_TRUE(pin_storage_test.IsPinAuthenticationAvailable()); |
211 EXPECT_TRUE(pin_storage->IsPinAuthenticationAvailable()); | |
212 for (int i = 0; i < quick_unlock::PinStorage::kMaximumUnlockAttempts; ++i) | 132 for (int i = 0; i < quick_unlock::PinStorage::kMaximumUnlockAttempts; ++i) |
213 EXPECT_FALSE(pin_storage->TryAuthenticatePin("foobar")); | 133 EXPECT_FALSE(pin_storage_test.TryAuthenticatePin("foobar")); |
214 | 134 |
215 // We used up all of the attempts, so entering the right PIN will still fail. | 135 // We used up all of the attempts, so entering the right PIN will still fail. |
216 EXPECT_FALSE(pin_storage->IsPinAuthenticationAvailable()); | 136 EXPECT_FALSE(pin_storage_test.IsPinAuthenticationAvailable()); |
217 EXPECT_FALSE(pin_storage->TryAuthenticatePin("1111")); | 137 EXPECT_FALSE(pin_storage_test.TryAuthenticatePin("1111")); |
218 } | 138 } |
219 | 139 |
220 // Verifies that the correct pin will fail to authenticate if it has been too | |
221 // long since a strong-auth/password authentication. | |
222 TEST_F(PinStorageUnitTest, AuthenticationFailsFromTimeout) { | |
223 quick_unlock::PinStorage* pin_storage = | |
224 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | |
225 PinStorageTestApi pin_storage_test(pin_storage); | |
226 | |
227 pin_storage->SetPin("1111"); | |
228 pin_storage->MarkStrongAuth(); | |
229 EXPECT_TRUE(pin_storage->IsPinAuthenticationAvailable()); | |
230 | |
231 // Remove all of the strong auth time so that we have a strong auth timeout. | |
232 pin_storage_test.ReduceRemainingStrongAuthTimeBy( | |
233 base::TimeDelta::FromDays(10)); | |
234 | |
235 EXPECT_FALSE(pin_storage->IsPinAuthenticationAvailable()); | |
236 } | |
237 } // namespace chromeos | 140 } // namespace chromeos |
OLD | NEW |