0
代码
代码
Issues
Pull Requests
讨论
Wiki
分析
0
ohci1ohci1add
910e62b5创建于 1月15日历史提交
// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "base/command_line.h"
#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/files/scoped_temp_dir.h"
#include "base/functional/bind.h"
#include "base/json/json_writer.h"
#include "base/process/launch.h"
#include "base/strings/stringprintf.h"
#include "base/values.h"
#include "base/win/windows_version.h"
#include "chrome/browser/ui/startup/credential_provider_signin_dialog_win_test_data.h"
#include "chrome/credential_provider/common/gcp_strings.h"
#include "chrome/credential_provider/gaiacp/gcp_utils.h"
#include "google_apis/gaia/gaia_id.h"
#include "google_apis/gaia/gaia_switches.h"
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "net/test/embedded_test_server/http_request.h"
#include "net/test/embedded_test_server/http_response.h"
#include "services/network/public/cpp/network_switches.h"
#include "testing/gtest/include/gtest/gtest.h"

namespace credential_provider {

class GcpUsingChromeTest : public ::testing::Test {
 public:
  GcpUsingChromeTest(const GcpUsingChromeTest&) = delete;
  GcpUsingChromeTest& operator=(const GcpUsingChromeTest&) = delete;

 protected:
  struct TestGoogleApiResponse {
    TestGoogleApiResponse()
        : info_code_(net::HTTP_BAD_REQUEST), response_given_(false) {}
    TestGoogleApiResponse(net::HttpStatusCode info_code,
                          const std::string& data)
        : info_code_(info_code), data_(data), response_given_(false) {}

    net::HttpStatusCode info_code_;
    std::string data_;
    bool response_given_;
  };

  GcpUsingChromeTest() = default;

  void SetUp() override;
  void TearDown() override;

  void SetPasswordForSignin(const std::string& password) {
    test_data_storage_.SetSigninPassword(password);
  }
  void SetUserInfoResponse(TestGoogleApiResponse response) {
    user_info_response_ = response;
  }
  void SetTokenInfoResponse(TestGoogleApiResponse response) {
    token_info_response_ = response;
  }
  void SetMdmTokenResponse(TestGoogleApiResponse response) {
    mdm_token_response_ = response;
  }
  void SetSigninTokenResponse(TestGoogleApiResponse response) {
    signin_token_response_ = response;
  }

  std::string MakeInlineSigninCompletionScript(const std::string& email,
                                               const std::string& password,
                                               const GaiaId& gaia_id) const;

  std::string RunChromeAndExtractOutput() const;
  base::CommandLine GetCommandLineForChromeGls(
      const base::FilePath& user_data_dir) const;
  std::string RunProcessAndExtractOutput(
      const base::CommandLine& command_line) const;

  std::unique_ptr<net::test_server::HttpResponse> GaiaHtmlResponseHandler(
      const net::test_server::HttpRequest& request);
  std::unique_ptr<net::test_server::HttpResponse> GoogleApisHtmlResponseHandler(
      const net::test_server::HttpRequest& request);

  CredentialProviderSigninDialogTestDataStorage test_data_storage_;
  net::test_server::EmbeddedTestServer gaia_server_;
  net::test_server::EmbeddedTestServer google_apis_server_;

  TestGoogleApiResponse signin_token_response_;
  TestGoogleApiResponse user_info_response_;
  TestGoogleApiResponse token_info_response_;
  TestGoogleApiResponse mdm_token_response_;
};

void GcpUsingChromeTest::SetUp() {
  // Redirect connections to signin related pages to a handler that will
  // generate the needed headers and content to move the signin flow
  // forward automatically.
  gaia_server_.RegisterRequestHandler(base::BindRepeating(
      &GcpUsingChromeTest::GaiaHtmlResponseHandler, base::Unretained(this)));
  EXPECT_TRUE(gaia_server_.Start());

  google_apis_server_.RegisterRequestHandler(
      base::BindRepeating(&GcpUsingChromeTest::GoogleApisHtmlResponseHandler,
                          base::Unretained(this)));
  EXPECT_TRUE(google_apis_server_.Start());
}

void GcpUsingChromeTest::TearDown() {
  EXPECT_TRUE(gaia_server_.ShutdownAndWaitUntilComplete());
  EXPECT_TRUE(google_apis_server_.ShutdownAndWaitUntilComplete());
}

std::string GcpUsingChromeTest::RunChromeAndExtractOutput() const {
  base::ScopedTempDir user_data_dir;
  EXPECT_TRUE(user_data_dir.CreateUniqueTempDir());
  return RunProcessAndExtractOutput(
      GetCommandLineForChromeGls(user_data_dir.GetPath()));
}

base::CommandLine GcpUsingChromeTest::GetCommandLineForChromeGls(
    const base::FilePath& user_data_dir) const {
  auto* process_command_line = base::CommandLine::ForCurrentProcess();
  base::CommandLine command_line(
      process_command_line->GetProgram().DirName().Append(L"chrome.exe"));

  // Redirect gaia and google api pages to the servers that are being run
  // locally.
  const GURL& gaia_url = gaia_server_.base_url();
  command_line.AppendSwitchASCII(::switches::kGaiaUrl, gaia_url.spec());
  command_line.AppendSwitchASCII(::switches::kLsoUrl, gaia_url.spec());
  const GURL& google_apis_url = google_apis_server_.base_url();
  command_line.AppendSwitchASCII(::switches::kGoogleApisUrl,
                                 google_apis_url.spec());

  command_line.AppendSwitch(kGcpwSigninSwitch);
  command_line.AppendSwitchPath("user-data-dir", user_data_dir);

  // Redirect all requests to `gaia_server_` except those made to
  // `google_apis_server_`. This results in any requests made by other Chrome
  // modules being redirected harmlessly to `gaia_server_`.
  command_line.AppendSwitchASCII(
      network::switches::kHostResolverRules,
      base::StringPrintf(
          "MAP * %s, EXCLUDE %s",
          gaia_server_.host_port_pair().ToString().c_str(),
          google_apis_server_.host_port_pair().ToString().c_str()));
  return command_line;
}

std::string GcpUsingChromeTest::RunProcessAndExtractOutput(
    const base::CommandLine& command_line) const {
  base::win::ScopedHandle read_handle;
  base::Process process;
  // The write handle is only needed until the process starts. If it is not
  // closed afterwards, it will not be possible to detect the end of the
  // output from the process since there will be more than one handle held
  // on the output pipe and it will not close when the process dies.
  {
    base::win::ScopedHandle write_handle;
    EXPECT_EQ(
        CreatePipeForChildProcess(false, false, &read_handle, &write_handle),
        S_OK);

    base::LaunchOptions options;
    options.stdin_handle = INVALID_HANDLE_VALUE;
    options.stdout_handle = write_handle.Get();
    options.stderr_handle = INVALID_HANDLE_VALUE;
    options.handles_to_inherit.push_back(write_handle.Get());

    process = base::Process(
        base::LaunchProcess(command_line.GetCommandLineString(), options));
    EXPECT_TRUE(process.IsValid());
  }

  constexpr DWORD kTimeout = 1000;
  std::string output_from_process;
  char buffer[1024];
  for (bool is_done = false; !is_done;) {
    DWORD length = std::size(buffer) - 1;

    DWORD ret = ::WaitForSingleObject(read_handle.Get(), kTimeout);
    if (ret == WAIT_OBJECT_0) {
      if (!::ReadFile(read_handle.Get(), buffer, length, &length, nullptr)) {
        break;
      }

      UNSAFE_TODO(buffer[length]) = 0;
      output_from_process += buffer;
    } else if (ret != WAIT_IO_COMPLETION) {
      break;
    }
  }

  // If the pipe is no longer readable it is expected that the process will be
  // terminating shortly.
  int exit_code;
  EXPECT_TRUE(
      process.WaitForExitWithTimeout(base::Milliseconds(kTimeout), &exit_code));
  EXPECT_EQ(exit_code, 0);

  return output_from_process;
}

std::string GcpUsingChromeTest::MakeInlineSigninCompletionScript(
    const std::string& email,
    const std::string& password,
    const GaiaId& gaia_id) const {
  // Script that sends the two messages needed by inline_signin in order to
  // continue with the signin flow.
  return "<script>"
         "let webview = null;"
         "let onMessageEventHandler = function(event) {"
         "  if (!webview) {"
         "    webview = event.source;"
         "    var attempt_login_msg = {"
         "      'method' : 'attemptLogin',"
         "      'email' : '" +
         email +
         "',"
         "      'password' : '" +
         password +
         "',"
         "      'attemptToken' : 'attemptToken'"
         "    };"
         "    webview.postMessage(attempt_login_msg, '*');"
         "    var user_info_msg = {"
         "    'method' : 'userInfo',"
         "    'email' : '" +
         email +
         "',"
         "    'gaiaId' : '" +
         gaia_id.ToString() +
         "',"
         "    'services' : []"
         "    };"
         "    webview.postMessage(user_info_msg, '*');"
         "  }"
         "};"
         "window.addEventListener('message', onMessageEventHandler);"
         "</script>";
}

std::unique_ptr<net::test_server::HttpResponse>
GcpUsingChromeTest::GaiaHtmlResponseHandler(
    const net::test_server::HttpRequest& request) {
  auto http_response = std::make_unique<net::test_server::BasicHttpResponse>();
  http_response->set_code(net::HTTP_OK);
  http_response->set_content_type("text/html");
  std::string content = "<html><head>";
  // When the "/embedded/setup/chrome" is requested on the gaia web site
  // (accounts.google.com) then the embedded server can send a page with scripts
  // that can force immediate signin.
  if (request.GetURL().GetPath().find("/embedded/setup/chrome") == 0) {
    // This is the  header that is sent by Gaia that the inline sign in page
    // listens to in order to fill the information abou the email and Gaia ID.
    http_response->AddCustomHeader("google-accounts-signin",
                                   "email=\"" +
                                       test_data_storage_.GetSuccessEmail() +
                                       "\","
                                       "obfuscatedid=\"" +
                                       test_data_storage_.GetSuccessId() +
                                       "\", "
                                       "sessionindex=0");
    // On a successful signin, the oauth_code cookie must also be set for the
    // site.
    http_response->AddCustomHeader("Set-Cookie",
                                   "oauth_code=oauth_code; Path=/");
    // This header is needed to ensure that the inline_signin page does not
    // break out of the constrained dialog.
    http_response->AddCustomHeader("google-accounts-embedded", std::string());

    content += MakeInlineSigninCompletionScript(
        test_data_storage_.GetSuccessEmail(),
        test_data_storage_.GetSuccessPassword(),
        GaiaId(test_data_storage_.GetSuccessId()));
  }
  content += "</head></html>";
  http_response->set_content(content);
  return std::move(http_response);
}

std::unique_ptr<net::test_server::HttpResponse>
GcpUsingChromeTest::GoogleApisHtmlResponseHandler(
    const net::test_server::HttpRequest& request) {
  auto http_response = std::make_unique<net::test_server::BasicHttpResponse>();

  // The following Google API requests are expected in this order:
  // 1. A /oauth2/v4/token request that requests the initial access_token. This
  // request is made after the user usually has entered a valid user id and
  // password.
  // Either of the two following requests (in any order):
  // 1. A /oauth2/v2/tokeninfo to get the token handle for the user.
  // 2. A /oauth2/v4/token to get the required id token for MDM
  // registration as well as to request access to fetch the user info.
  // Finally if the second "/oauth2/v4/token" request is made to get the MDM
  // ID token then is expected that a request for "/oauth2/v1/userinfo" will
  // be made to get the full name of the user.

  // All other Google API requests will be ignored with a 404 error.

  TestGoogleApiResponse* api_response = nullptr;
  if (request.GetURL().GetPath().find("/oauth2/v2/tokeninfo") == 0) {
    api_response = &token_info_response_;
  } else if (request.GetURL().GetPath().find("/oauth2/v1/userinfo") == 0) {
    // User info should never be requested before the mdm id token request is
    // made.
    EXPECT_TRUE(mdm_token_response_.response_given_);
    api_response = &user_info_response_;
  } else if (request.GetURL().GetPath().find("/oauth2/v4/token") == 0) {
    // Does the request want an auth_code for signin or is it the second request
    // made to get the id token.
    if (request.content.find("grant_type=authorization_code") ==
        std::string::npos) {
      api_response = &mdm_token_response_;
    } else {
      api_response = &signin_token_response_;
    }
  }

  if (api_response) {
    EXPECT_FALSE(api_response->response_given_);
    api_response->response_given_ = true;
    http_response->set_content_type("text/html");
    http_response->set_content(api_response->data_);
    http_response->set_code(api_response->info_code_);
  } else {
    http_response->set_code(net::HTTP_NOT_FOUND);
  }

  return std::move(http_response);
}

// TODO(crbug.com/41428735): Enable tests again once they are all passing.
// Currently, all tests are flaky on all bots except win-asan.
TEST_F(GcpUsingChromeTest, DISABLED_VerifyMissingSigninInfoOutput) {
  SetPasswordForSignin(std::string());
  SetTokenInfoResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulTokenInfoFetchResult()});
  SetUserInfoResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulUserInfoFetchResult()});
  SetMdmTokenResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulMdmTokenFetchResult()});
  SetSigninTokenResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulSigninTokenFetchResult()});

  std::string output_from_chrome = RunChromeAndExtractOutput();

  EXPECT_EQ(output_from_chrome, std::string());
  EXPECT_TRUE(signin_token_response_.response_given_);
  EXPECT_FALSE(user_info_response_.response_given_);
  EXPECT_FALSE(token_info_response_.response_given_);
  EXPECT_FALSE(mdm_token_response_.response_given_);
}

TEST_F(GcpUsingChromeTest, DISABLED_VerifySigninFailureOutput) {
  SetTokenInfoResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulTokenInfoFetchResult()});
  SetUserInfoResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulUserInfoFetchResult()});
  SetMdmTokenResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulMdmTokenFetchResult()});
  SetSigninTokenResponse({net::HTTP_OK,
                          CredentialProviderSigninDialogTestDataStorage::
                              kInvalidTokenFetchResponse});

  std::string output_from_chrome = RunChromeAndExtractOutput();

  EXPECT_EQ(output_from_chrome, std::string());
  EXPECT_TRUE(signin_token_response_.response_given_);
  EXPECT_FALSE(user_info_response_.response_given_);
  EXPECT_FALSE(token_info_response_.response_given_);
  EXPECT_FALSE(mdm_token_response_.response_given_);
}

TEST_F(GcpUsingChromeTest, DISABLED_VerifyTokenInfoFailureOutput) {
  SetTokenInfoResponse({net::HTTP_OK,
                        CredentialProviderSigninDialogTestDataStorage::
                            kInvalidTokenInfoResponse});
  SetUserInfoResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulUserInfoFetchResult()});
  SetMdmTokenResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulMdmTokenFetchResult()});
  SetSigninTokenResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulSigninTokenFetchResult()});

  std::string output_from_chrome = RunChromeAndExtractOutput();

  EXPECT_EQ(output_from_chrome, std::string());
  EXPECT_TRUE(signin_token_response_.response_given_);
  EXPECT_TRUE(token_info_response_.response_given_);
}

TEST_F(GcpUsingChromeTest, DISABLED_VerifyUserInfoFailureOutput) {
  SetTokenInfoResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulTokenInfoFetchResult()});
  SetUserInfoResponse({net::HTTP_OK,
                       CredentialProviderSigninDialogTestDataStorage::
                           kInvalidUserInfoResponse});
  SetMdmTokenResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulMdmTokenFetchResult()});
  SetSigninTokenResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulSigninTokenFetchResult()});

  std::string output_from_chrome = RunChromeAndExtractOutput();

  EXPECT_EQ(output_from_chrome, std::string());
  EXPECT_TRUE(signin_token_response_.response_given_);
  EXPECT_TRUE(user_info_response_.response_given_);
  EXPECT_TRUE(mdm_token_response_.response_given_);
}

TEST_F(GcpUsingChromeTest, DISABLED_VerifyMdmFailureOutput) {
  SetTokenInfoResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulTokenInfoFetchResult()});
  SetUserInfoResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulUserInfoFetchResult()});
  SetMdmTokenResponse({net::HTTP_OK,
                       CredentialProviderSigninDialogTestDataStorage::
                           kInvalidTokenFetchResponse});
  SetSigninTokenResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulSigninTokenFetchResult()});

  std::string output_from_chrome = RunChromeAndExtractOutput();

  EXPECT_EQ(output_from_chrome, std::string());
  EXPECT_TRUE(mdm_token_response_.response_given_);
  EXPECT_FALSE(user_info_response_.response_given_);
}

TEST_F(GcpUsingChromeTest, DISABLED_VerifySuccessOutput) {
  SetTokenInfoResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulTokenInfoFetchResult()});
  SetUserInfoResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulUserInfoFetchResult()});
  SetMdmTokenResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulMdmTokenFetchResult()});
  SetSigninTokenResponse(
      {net::HTTP_OK, test_data_storage_.GetSuccessfulSigninTokenFetchResult()});

  std::string output_from_chrome = RunChromeAndExtractOutput();

  std::string expected_result =
      base::WriteJson(test_data_storage_.expected_full_result()).value_or("");

  EXPECT_EQ(output_from_chrome, expected_result);
  EXPECT_TRUE(signin_token_response_.response_given_);
  EXPECT_TRUE(user_info_response_.response_given_);
  EXPECT_TRUE(token_info_response_.response_given_);
  EXPECT_TRUE(mdm_token_response_.response_given_);
}

}  // namespace credential_provider