| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" | 5 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_factory.h" |
| 6 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage_factory.h" | 6 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_storage.h" |
| 7 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" | 7 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" |
| 8 #include "chrome/common/pref_names.h" | 8 #include "chrome/common/pref_names.h" |
| 9 #include "chrome/test/base/testing_profile.h" | 9 #include "chrome/test/base/testing_profile.h" |
| 10 #include "components/prefs/pref_service.h" | 10 #include "components/prefs/pref_service.h" |
| 11 #include "components/prefs/scoped_user_pref_update.h" | 11 #include "components/prefs/scoped_user_pref_update.h" |
| 12 #include "content/public/test/test_browser_thread_bundle.h" | 12 #include "content/public/test/test_browser_thread_bundle.h" |
| 13 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
| 14 | 14 |
| 15 namespace chromeos { | 15 namespace chromeos { |
| 16 namespace { | 16 namespace { |
| 17 | 17 |
| 18 void SetConfirmationFrequency( | |
| 19 PrefService* pref_service, | |
| 20 quick_unlock::PasswordConfirmationFrequency frequency) { | |
| 21 pref_service->SetInteger(prefs::kQuickUnlockTimeout, | |
| 22 static_cast<int>(frequency)); | |
| 23 } | |
| 24 | |
| 25 class PinStorageUnitTest : public testing::Test { | 18 class PinStorageUnitTest : public testing::Test { |
| 26 protected: | 19 protected: |
| 27 PinStorageUnitTest() : profile_(new TestingProfile()) {} | 20 PinStorageUnitTest() : profile_(new TestingProfile()) {} |
| 28 ~PinStorageUnitTest() override {} | 21 ~PinStorageUnitTest() override {} |
| 29 | 22 |
| 30 // testing::Test: | 23 // testing::Test: |
| 31 void SetUp() override { quick_unlock::EnableForTesting(); } | 24 void SetUp() override { quick_unlock::EnableForTesting(); } |
| 32 | 25 |
| 33 content::TestBrowserThreadBundle thread_bundle_; | 26 content::TestBrowserThreadBundle thread_bundle_; |
| 34 std::unique_ptr<TestingProfile> profile_; | 27 std::unique_ptr<TestingProfile> profile_; |
| 35 | 28 |
| 36 DISALLOW_COPY_AND_ASSIGN(PinStorageUnitTest); | 29 DISALLOW_COPY_AND_ASSIGN(PinStorageUnitTest); |
| 37 }; | 30 }; |
| 38 | 31 |
| 39 } // namespace | 32 } // namespace |
| 40 | 33 |
| 41 // Provides test-only PinStorage APIs. | 34 // Provides test-only PinStorage APIs. |
| 42 class PinStorageTestApi { | 35 class PinStorageTestApi { |
| 43 public: | 36 public: |
| 44 // Does *not* take ownership over |pin_storage|. | 37 // Does *not* take ownership over |pin_storage|. |
| 45 explicit PinStorageTestApi(quick_unlock::PinStorage* pin_storage) | 38 explicit PinStorageTestApi(quick_unlock::PinStorage* pin_storage) |
| 46 : pin_storage_(pin_storage) {} | 39 : pin_storage_(pin_storage) {} |
| 47 | 40 |
| 48 // Reduces the amount of strong auth time available by |time_delta|. | |
| 49 void ReduceRemainingStrongAuthTimeBy(const base::TimeDelta& time_delta) { | |
| 50 pin_storage_->last_strong_auth_ -= time_delta; | |
| 51 } | |
| 52 | |
| 53 bool HasStrongAuthInfo() { | |
| 54 return !pin_storage_->last_strong_auth_.is_null(); | |
| 55 } | |
| 56 | |
| 57 std::string PinSalt() const { return pin_storage_->PinSalt(); } | 41 std::string PinSalt() const { return pin_storage_->PinSalt(); } |
| 58 | 42 |
| 59 std::string PinSecret() const { return pin_storage_->PinSecret(); } | 43 std::string PinSecret() const { return pin_storage_->PinSecret(); } |
| 60 | 44 |
| 45 bool IsPinAuthenticationAvailable() const { |
| 46 return pin_storage_->IsPinAuthenticationAvailable(); |
| 47 } |
| 48 bool TryAuthenticatePin(const std::string& pin) { |
| 49 return pin_storage_->TryAuthenticatePin(pin); |
| 50 } |
| 51 |
| 61 private: | 52 private: |
| 62 quick_unlock::PinStorage* pin_storage_; | 53 quick_unlock::PinStorage* pin_storage_; |
| 63 | 54 |
| 64 DISALLOW_COPY_AND_ASSIGN(PinStorageTestApi); | 55 DISALLOW_COPY_AND_ASSIGN(PinStorageTestApi); |
| 65 }; | 56 }; |
| 66 | 57 |
| 67 // Verifies that: | 58 // Verifies that: |
| 68 // 1. Prefs are initially empty | 59 // 1. Prefs are initially empty |
| 69 // 2. Setting a PIN will update the pref system. | 60 // 2. Setting a PIN will update the pref system. |
| 70 // 3. Removing a PIN clears prefs. | 61 // 3. Removing a PIN clears prefs. |
| 71 TEST_F(PinStorageUnitTest, PinStorageWritesToPrefs) { | 62 TEST_F(PinStorageUnitTest, PinStorageWritesToPrefs) { |
| 72 PrefService* prefs = profile_->GetPrefs(); | 63 PrefService* prefs = profile_->GetPrefs(); |
| 73 | 64 |
| 74 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSalt)); | 65 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSalt)); |
| 75 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSecret)); | 66 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSecret)); |
| 76 | 67 |
| 77 quick_unlock::PinStorage* pin_storage = | 68 quick_unlock::PinStorage* pin_storage = |
| 78 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | 69 quick_unlock::QuickUnlockFactory::GetForProfile(profile_.get()) |
| 70 ->pin_storage(); |
| 79 PinStorageTestApi pin_storage_test(pin_storage); | 71 PinStorageTestApi pin_storage_test(pin_storage); |
| 80 | 72 |
| 81 pin_storage->SetPin("1111"); | 73 pin_storage->SetPin("1111"); |
| 82 EXPECT_TRUE(pin_storage->IsPinSet()); | 74 EXPECT_TRUE(pin_storage->IsPinSet()); |
| 83 EXPECT_EQ(pin_storage_test.PinSalt(), | 75 EXPECT_EQ(pin_storage_test.PinSalt(), |
| 84 prefs->GetString(prefs::kQuickUnlockPinSalt)); | 76 prefs->GetString(prefs::kQuickUnlockPinSalt)); |
| 85 EXPECT_EQ(pin_storage_test.PinSecret(), | 77 EXPECT_EQ(pin_storage_test.PinSecret(), |
| 86 prefs->GetString(prefs::kQuickUnlockPinSecret)); | 78 prefs->GetString(prefs::kQuickUnlockPinSecret)); |
| 87 EXPECT_NE("", pin_storage_test.PinSalt()); | 79 EXPECT_NE("", pin_storage_test.PinSalt()); |
| 88 EXPECT_NE("", pin_storage_test.PinSecret()); | 80 EXPECT_NE("", pin_storage_test.PinSecret()); |
| 89 | 81 |
| 90 pin_storage->RemovePin(); | 82 pin_storage->RemovePin(); |
| 91 EXPECT_FALSE(pin_storage->IsPinSet()); | 83 EXPECT_FALSE(pin_storage->IsPinSet()); |
| 92 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSalt)); | 84 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSalt)); |
| 93 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSecret)); | 85 EXPECT_EQ("", prefs->GetString(prefs::kQuickUnlockPinSecret)); |
| 94 } | 86 } |
| 95 | 87 |
| 96 // Verifies that: | 88 // Verifies that: |
| 97 // 1. Initial unlock attempt count is zero. | 89 // 1. Initial unlock attempt count is zero. |
| 98 // 2. Attempting unlock attempts correctly increases unlock attempt count. | 90 // 2. Attempting unlock attempts correctly increases unlock attempt count. |
| 99 // 3. Resetting unlock attempt count correctly sets attempt count to 0. | 91 // 3. Resetting unlock attempt count correctly sets attempt count to 0. |
| 100 TEST_F(PinStorageUnitTest, UnlockAttemptCount) { | 92 TEST_F(PinStorageUnitTest, UnlockAttemptCount) { |
| 101 quick_unlock::PinStorage* pin_storage = | 93 quick_unlock::PinStorage* pin_storage = |
| 102 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | 94 quick_unlock::QuickUnlockFactory::GetForProfile(profile_.get()) |
| 95 ->pin_storage(); |
| 103 | 96 |
| 104 EXPECT_EQ(0, pin_storage->unlock_attempt_count()); | 97 EXPECT_EQ(0, pin_storage->unlock_attempt_count()); |
| 105 | 98 |
| 106 pin_storage->AddUnlockAttempt(); | 99 pin_storage->AddUnlockAttempt(); |
| 107 pin_storage->AddUnlockAttempt(); | 100 pin_storage->AddUnlockAttempt(); |
| 108 pin_storage->AddUnlockAttempt(); | 101 pin_storage->AddUnlockAttempt(); |
| 109 EXPECT_EQ(3, pin_storage->unlock_attempt_count()); | 102 EXPECT_EQ(3, pin_storage->unlock_attempt_count()); |
| 110 | 103 |
| 111 pin_storage->ResetUnlockAttemptCount(); | 104 pin_storage->ResetUnlockAttemptCount(); |
| 112 EXPECT_EQ(0, pin_storage->unlock_attempt_count()); | 105 EXPECT_EQ(0, pin_storage->unlock_attempt_count()); |
| 113 } | 106 } |
| 114 | 107 |
| 115 // Verifies that marking the strong auth makes TimeSinceLastStrongAuth a > zero | |
| 116 // value. | |
| 117 TEST_F(PinStorageUnitTest, TimeSinceLastStrongAuthReturnsPositiveValue) { | |
| 118 quick_unlock::PinStorage* pin_storage = | |
| 119 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | |
| 120 PinStorageTestApi pin_storage_test(pin_storage); | |
| 121 | |
| 122 EXPECT_FALSE(pin_storage_test.HasStrongAuthInfo()); | |
| 123 | |
| 124 pin_storage->MarkStrongAuth(); | |
| 125 | |
| 126 EXPECT_TRUE(pin_storage_test.HasStrongAuthInfo()); | |
| 127 pin_storage_test.ReduceRemainingStrongAuthTimeBy( | |
| 128 base::TimeDelta::FromSeconds(60)); | |
| 129 | |
| 130 EXPECT_TRUE(pin_storage->TimeSinceLastStrongAuth() >= | |
| 131 base::TimeDelta::FromSeconds(30)); | |
| 132 } | |
| 133 | |
| 134 // Verifies that by altering the password confirmation preference, the pin | |
| 135 // storage will request password reconfirmation as expected. | |
| 136 TEST_F(PinStorageUnitTest, QuickUnlockPasswordConfirmationFrequencyPreference) { | |
| 137 quick_unlock::PinStorage* pin_storage = | |
| 138 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | |
| 139 PrefService* pref_service = profile_->GetPrefs(); | |
| 140 PinStorageTestApi test_api(pin_storage); | |
| 141 | |
| 142 // The default is one day, so verify moving the last strong auth time back 13 | |
| 143 // hours should not request strong auth. | |
| 144 pin_storage->MarkStrongAuth(); | |
| 145 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(13)); | |
| 146 EXPECT_TRUE(pin_storage->HasStrongAuth()); | |
| 147 | |
| 148 // Verify moving the last strong auth time back another 13 hours should | |
| 149 // request strong auth. | |
| 150 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(13)); | |
| 151 EXPECT_FALSE(pin_storage->HasStrongAuth()); | |
| 152 | |
| 153 // Verify that by changing the frequency of required password confirmation to | |
| 154 // six hours, moving the last strong auth interval back by 4 hours will not | |
| 155 // trigger a request for strong auth, but moving it by an additional 4 hours | |
| 156 // will. | |
| 157 pin_storage->MarkStrongAuth(); | |
| 158 SetConfirmationFrequency( | |
| 159 pref_service, quick_unlock::PasswordConfirmationFrequency::SIX_HOURS); | |
| 160 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(4)); | |
| 161 EXPECT_TRUE(pin_storage->HasStrongAuth()); | |
| 162 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(4)); | |
| 163 EXPECT_FALSE(pin_storage->HasStrongAuth()); | |
| 164 | |
| 165 // A valid strong auth becomes invalid if the confirmation frequency is | |
| 166 // shortened to less than the expiration time. | |
| 167 pin_storage->MarkStrongAuth(); | |
| 168 SetConfirmationFrequency( | |
| 169 pref_service, quick_unlock::PasswordConfirmationFrequency::TWELVE_HOURS); | |
| 170 EXPECT_TRUE(pin_storage->HasStrongAuth()); | |
| 171 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(8)); | |
| 172 EXPECT_TRUE(pin_storage->HasStrongAuth()); | |
| 173 SetConfirmationFrequency( | |
| 174 pref_service, quick_unlock::PasswordConfirmationFrequency::SIX_HOURS); | |
| 175 EXPECT_FALSE(pin_storage->HasStrongAuth()); | |
| 176 | |
| 177 // An expired strong auth becomes usable if the confirmation frequency gets | |
| 178 // extended past the expiration time. | |
| 179 pin_storage->MarkStrongAuth(); | |
| 180 SetConfirmationFrequency( | |
| 181 pref_service, quick_unlock::PasswordConfirmationFrequency::SIX_HOURS); | |
| 182 EXPECT_TRUE(pin_storage->HasStrongAuth()); | |
| 183 test_api.ReduceRemainingStrongAuthTimeBy(base::TimeDelta::FromHours(8)); | |
| 184 EXPECT_FALSE(pin_storage->HasStrongAuth()); | |
| 185 SetConfirmationFrequency( | |
| 186 pref_service, quick_unlock::PasswordConfirmationFrequency::TWELVE_HOURS); | |
| 187 EXPECT_TRUE(pin_storage->HasStrongAuth()); | |
| 188 } | |
| 189 | |
| 190 // Verifies that the correct pin can be used to authenticate. | 108 // Verifies that the correct pin can be used to authenticate. |
| 191 TEST_F(PinStorageUnitTest, AuthenticationSucceedsWithRightPin) { | 109 TEST_F(PinStorageUnitTest, AuthenticationSucceedsWithRightPin) { |
| 192 quick_unlock::PinStorage* pin_storage = | 110 quick_unlock::PinStorage* pin_storage = |
| 193 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | 111 quick_unlock::QuickUnlockFactory::GetForProfile(profile_.get()) |
| 112 ->pin_storage(); |
| 113 PinStorageTestApi pin_storage_test(pin_storage); |
| 194 | 114 |
| 195 pin_storage->SetPin("1111"); | 115 pin_storage->SetPin("1111"); |
| 196 | 116 |
| 197 pin_storage->MarkStrongAuth(); | 117 EXPECT_TRUE(pin_storage_test.TryAuthenticatePin("1111")); |
| 198 EXPECT_TRUE(pin_storage->TryAuthenticatePin("1111")); | |
| 199 } | 118 } |
| 200 | 119 |
| 201 // Verifies that the correct pin will fail to authenticate if too many | 120 // Verifies that the correct pin will fail to authenticate if too many |
| 202 // authentication attempts have been made. | 121 // authentication attempts have been made. |
| 203 TEST_F(PinStorageUnitTest, AuthenticationFailsFromTooManyAttempts) { | 122 TEST_F(PinStorageUnitTest, AuthenticationFailsFromTooManyAttempts) { |
| 204 quick_unlock::PinStorage* pin_storage = | 123 quick_unlock::PinStorage* pin_storage = |
| 205 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | 124 quick_unlock::QuickUnlockFactory::GetForProfile(profile_.get()) |
| 125 ->pin_storage(); |
| 126 PinStorageTestApi pin_storage_test(pin_storage); |
| 206 | 127 |
| 207 pin_storage->SetPin("1111"); | 128 pin_storage->SetPin("1111"); |
| 208 | 129 |
| 209 // Use up all of the authentication attempts so authentication fails. | 130 // Use up all of the authentication attempts so authentication fails. |
| 210 pin_storage->MarkStrongAuth(); | 131 EXPECT_TRUE(pin_storage_test.IsPinAuthenticationAvailable()); |
| 211 EXPECT_TRUE(pin_storage->IsPinAuthenticationAvailable()); | |
| 212 for (int i = 0; i < quick_unlock::PinStorage::kMaximumUnlockAttempts; ++i) | 132 for (int i = 0; i < quick_unlock::PinStorage::kMaximumUnlockAttempts; ++i) |
| 213 EXPECT_FALSE(pin_storage->TryAuthenticatePin("foobar")); | 133 EXPECT_FALSE(pin_storage_test.TryAuthenticatePin("foobar")); |
| 214 | 134 |
| 215 // We used up all of the attempts, so entering the right PIN will still fail. | 135 // We used up all of the attempts, so entering the right PIN will still fail. |
| 216 EXPECT_FALSE(pin_storage->IsPinAuthenticationAvailable()); | 136 EXPECT_FALSE(pin_storage_test.IsPinAuthenticationAvailable()); |
| 217 EXPECT_FALSE(pin_storage->TryAuthenticatePin("1111")); | 137 EXPECT_FALSE(pin_storage_test.TryAuthenticatePin("1111")); |
| 218 } | 138 } |
| 219 | 139 |
| 220 // Verifies that the correct pin will fail to authenticate if it has been too | |
| 221 // long since a strong-auth/password authentication. | |
| 222 TEST_F(PinStorageUnitTest, AuthenticationFailsFromTimeout) { | |
| 223 quick_unlock::PinStorage* pin_storage = | |
| 224 quick_unlock::PinStorageFactory::GetForProfile(profile_.get()); | |
| 225 PinStorageTestApi pin_storage_test(pin_storage); | |
| 226 | |
| 227 pin_storage->SetPin("1111"); | |
| 228 pin_storage->MarkStrongAuth(); | |
| 229 EXPECT_TRUE(pin_storage->IsPinAuthenticationAvailable()); | |
| 230 | |
| 231 // Remove all of the strong auth time so that we have a strong auth timeout. | |
| 232 pin_storage_test.ReduceRemainingStrongAuthTimeBy( | |
| 233 base::TimeDelta::FromDays(10)); | |
| 234 | |
| 235 EXPECT_FALSE(pin_storage->IsPinAuthenticationAvailable()); | |
| 236 } | |
| 237 } // namespace chromeos | 140 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2715823004:
Add FingerprintUnlock KeyedService for each profile (Closed)
