Make sure the device recovers from policy loss in the consumer case.

chrome/browser/chromeos/login/parallel_authenticator_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/parallel_authenticator.h"
 
 #include <string>
 
 #include "base/bind.h"
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop.h"
 #include "base/path_service.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "base/test/thread_test_helper.h"
 #include "chrome/browser/chromeos/cros/cros_library.h"
 #include "chrome/browser/chromeos/cros/mock_cryptohome_library.h"
 #include "chrome/browser/chromeos/cros/mock_library_loader.h"
+#include "chrome/browser/chromeos/cros_settings.h"
 #include "chrome/browser/chromeos/cryptohome/mock_async_method_caller.h"
+#include "chrome/browser/chromeos/dbus/mock_dbus_thread_manager.h"
+#include "chrome/browser/chromeos/dbus/mock_cryptohome_client.h"
 #include "chrome/browser/chromeos/login/mock_login_status_consumer.h"
 #include "chrome/browser/chromeos/login/mock_url_fetchers.h"
+#include "chrome/browser/chromeos/login/mock_user_manager.h"
 #include "chrome/browser/chromeos/login/test_attempt_state.h"
+#include "chrome/browser/chromeos/stub_cros_settings_provider.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/net/gaia/mock_url_fetcher_factory.h"
 #include "chrome/test/base/testing_profile.h"
 #include "content/test/test_browser_thread.h"
 #include "googleurl/src/gurl.h"
 #include "net/base/net_errors.h"
 #include "net/url_request/url_request_status.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 
 using content::BrowserThread;
 using file_util::CloseFile;
 using file_util::CreateAndOpenTemporaryFile;
 using file_util::CreateAndOpenTemporaryFileInDir;
 using file_util::Delete;
 using file_util::WriteFile;
 using ::testing::AnyNumber;
 using ::testing::DoAll;
 using ::testing::Invoke;
 using ::testing::Return;
-using ::testing::SetArgumentPointee;
+using ::testing::SetArgPointee;
 using ::testing::_;
 
 namespace chromeos {
 
 class TestOnlineAttempt : public OnlineAttempt {
  public:
   TestOnlineAttempt(AuthAttemptState* state,
                     AuthAttemptStateResolver* resolver)
       : OnlineAttempt(false, state, resolver) {
   }
 };
 
 class ParallelAuthenticatorTest : public testing::Test {
  public:
   ParallelAuthenticatorTest()
       : message_loop_(MessageLoop::TYPE_UI),
         ui_thread_(BrowserThread::UI, &message_loop_),
+        file_thread_(BrowserThread::FILE, &message_loop_),
         io_thread_(BrowserThread::IO),
         username_("me@nowhere.org"),
         password_("fakepass") {
     hash_ascii_.assign("0a010000000000a0");
     hash_ascii_.append(std::string(16, '0'));
   }
 
   ~ParallelAuthenticatorTest() {
     DCHECK(!mock_caller_);
   }
@@ skipping 10 matching lines @@
         .WillByDefault(Return(true));
     EXPECT_CALL(*loader_, Load(_))
         .Times(AnyNumber());
 
     test_api->SetLibraryLoader(loader_, true);
 
     mock_library_ = new MockCryptohomeLibrary();
     test_api->SetCryptohomeLibrary(mock_library_, true);
     io_thread_.Start();
 
+    EXPECT_CALL(*mock_user_manager_.user_manager(), LoadKeyStore())
+        .Times(AnyNumber());
+
     auth_ = new ParallelAuthenticator(&consumer_);
     auth_->set_using_oauth(false);
     state_.reset(new TestAttemptState(username_,
                                       password_,
                                       hash_ascii_,
                                       "",
                                       "",
                                       false));
   }
 
@@ skipping 87 matching lines @@
   void SetAttemptState(ParallelAuthenticator* auth, TestAttemptState* state) {
     auth->set_attempt_state(state);
   }
 
   ParallelAuthenticator::AuthState SetAndResolveState(
       ParallelAuthenticator* auth, TestAttemptState* state) {
     auth->set_attempt_state(state);
     return auth->ResolveState();
   }
 
+  void SetOwnerState(bool owner_check_finished, bool check_result) {
+    auth_->SetOwnerState(owner_check_finished, check_result);
+  }
+
   void FakeOnlineAttempt() {
     auth_->set_online_attempt(new TestOnlineAttempt(state_.get(), auth_.get()));
   }
 
   MessageLoop message_loop_;
   content::TestBrowserThread ui_thread_;
+  content::TestBrowserThread file_thread_;
   content::TestBrowserThread io_thread_;
 
   std::string username_;
   std::string password_;
   std::string hash_ascii_;
 
   // Initializes / shuts down a stub CrosLibrary.
   chromeos::ScopedStubCrosEnabler stub_cros_enabler_;
 
   // Mocks, destroyed by CrosLibrary class.
   MockCryptohomeLibrary* mock_library_;
   MockLibraryLoader* loader_;
+  ScopedMockUserManagerEnabler mock_user_manager_;
 
   cryptohome::MockAsyncMethodCaller* mock_caller_;
 
   MockConsumer consumer_;
   scoped_refptr<ParallelAuthenticator> auth_;
   scoped_ptr<TestAttemptState> state_;
 };
 
 TEST_F(ParallelAuthenticatorTest, OnLoginSuccess) {
   EXPECT_CALL(consumer_, OnLoginSuccess(username_, password_, false, false))
@@ skipping 43 matching lines @@
   // Set up state as though a cryptohome mount attempt has occurred
   // and been rejected because of unmatched key; additionally,
   // an online auth attempt has completed successfully.
   state_->PresetCryptohomeStatus(false, cryptohome::MOUNT_ERROR_KEY_FAILURE);
   state_->PresetOnlineLoginStatus(LoginFailure::None());
 
   EXPECT_EQ(ParallelAuthenticator::NEED_OLD_PW,
             SetAndResolveState(auth_, state_.release()));
 }
 
+TEST_F(ParallelAuthenticatorTest, ResolveOwnerNeededDirectFailedMount) {
+  // Set up state as though a cryptohome mount attempt has occurred
+  // and succeeded but we are in safe mode and the current user is not owner.
+  // This is a high level test to verify the proper transitioning in this mode
+  // only. It is not testing that we properly verify that the user is an owner
+  // or that we really are in "safe-mode".
+  state_->PresetCryptohomeStatus(true, cryptohome::MOUNT_ERROR_NONE);
+  SetOwnerState(true, false);
+
+  EXPECT_EQ(ParallelAuthenticator::OWNER_REQUIRED,
+            SetAndResolveState(auth_, state_.release()));
+}
+
+TEST_F(ParallelAuthenticatorTest, ResolveOwnerNeededMount) {
+  // Set up state as though a cryptohome mount attempt has occurred
+  // and succeeded but we are in safe mode and the current user is not owner.
+  // This test will check that the "safe-mode" policy is not set and will let
+  // the mount finish successfully.
+  state_->PresetCryptohomeStatus(true, cryptohome::MOUNT_ERROR_NONE);
+  SetOwnerState(false, false);
+  // and test that the mount has succeeded.
+  state_.reset(new TestAttemptState(username_,
+                                    password_,
+                                    hash_ascii_,
+                                    "",
+                                    "",
+                                    false));
+  state_->PresetCryptohomeStatus(true, cryptohome::MOUNT_ERROR_NONE);
+  EXPECT_EQ(ParallelAuthenticator::OFFLINE_LOGIN,
+            SetAndResolveState(auth_, state_.release()));
+}
+
+TEST_F(ParallelAuthenticatorTest, ResolveOwnerNeededFailedMount) {
+  FailOnLoginSuccess();  // Set failing on success as the default...
+  LoginFailure failure = LoginFailure(LoginFailure::OWNER_REQUIRED);
+  ExpectLoginFailure(failure);
+
+  MockDBusThreadManager* mock_dbus_thread_manager =
+      new MockDBusThreadManager;
+  DBusThreadManager::InitializeForTesting(mock_dbus_thread_manager);
+  EXPECT_CALL(*mock_dbus_thread_manager->mock_cryptohome_client(), Unmount(_))
+      .WillOnce(DoAll(SetArgPointee<0>(true), Return(true)));
+
+  CrosSettingsProvider* device_settings_provider;
+  StubCrosSettingsProvider stub_settings_provider;
+  // Set up state as though a cryptohome mount attempt has occurred
+  // and succeeded but we are in safe mode and the current user is not owner.
+  state_->PresetCryptohomeStatus(true, cryptohome::MOUNT_ERROR_NONE);
+  SetOwnerState(false, false);
+  // Remove the real DeviceSettingsProvider and replace it with a stub.
+  device_settings_provider =
+      CrosSettings::Get()->GetProvider(chromeos::kReportDeviceVersionInfo);
+  EXPECT_TRUE(device_settings_provider != NULL);
+  EXPECT_TRUE(
+      CrosSettings::Get()->RemoveSettingsProvider(device_settings_provider));
+  CrosSettings::Get()->AddSettingsProvider(&stub_settings_provider);
+  CrosSettings::Get()->SetBoolean(kPolicyMissingMitigationMode, true);
+
+  EXPECT_EQ(ParallelAuthenticator::CONTINUE,
+            SetAndResolveState(auth_, state_.release()));
+  // Let the owner verification run on the FILE thread...
+  message_loop_.RunAllPending();
+  // and test that the mount has succeeded.
+  state_.reset(new TestAttemptState(username_,
+                                    password_,
+                                    hash_ascii_,
+                                    "",
+                                    "",
+                                    false));
+  state_->PresetCryptohomeStatus(true, cryptohome::MOUNT_ERROR_NONE);
+  EXPECT_EQ(ParallelAuthenticator::OWNER_REQUIRED,
+            SetAndResolveState(auth_, state_.release()));
+
+  EXPECT_TRUE(
+      CrosSettings::Get()->RemoveSettingsProvider(&stub_settings_provider));
+  CrosSettings::Get()->AddSettingsProvider(device_settings_provider);
+  DBusThreadManager::Get()->Shutdown();
+}
+
 TEST_F(ParallelAuthenticatorTest, DriveFailedMount) {
   FailOnLoginSuccess();
   ExpectLoginFailure(LoginFailure(LoginFailure::COULD_NOT_MOUNT_CRYPTOHOME));
 
   // Set up state as though a cryptohome mount attempt has occurred
   // and failed.
   state_->PresetCryptohomeStatus(false, cryptohome::MOUNT_ERROR_NONE);
   SetAttemptState(auth_, state_.release());
 
   RunResolve(auth_.get());
@@ skipping 380 matching lines @@
       .RetiresOnSaturation();
   EXPECT_CALL(*mock_library_, HashPassword(_))
       .WillOnce(Return(std::string()))
       .RetiresOnSaturation();
 
   auth_->AuthenticateToUnlock(username_, "");
   message_loop_.Run();
 }
 
 }  // namespace chromeos