Skip to content

GitLab

T
tangled
Commit 073cdcb1 authored by Aya ElAttar's avatar Aya ElAttar Committed by Commit Bot
Browse files
Options

Split the browsertests of safe browsing & content settings policies 

Moved the browsertests of safe browsing policies  and content settings policies and all related stuff from policy_browsertests to separate files.

Bug: 1002483
Change-Id: If7a659bb7256ef3593802bb12cc89735bd636cfe
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1929225
Commit-Queue: Aya Elsayed <ayaelattar@google.com>
Reviewed-by: default avatarSergey Poromov <poromov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#718577}
parent fb163d29
Hide whitespace changes
Inline Side-by-side
Showing with 668 additions and 612 deletions
chrome/browser/policy/content_settings_policy_browsertest.cc 0 → 100644
View file @ 073cdcb1
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <string>
#include "base/command_line.h"
#include "base/strings/strcat.h"
#include "base/values.h"
#include "chrome/app/chrome_command_ids.h"
#include "chrome/browser/content_settings/host_content_settings_map_factory.h"
#include "chrome/browser/policy/policy_test_utils.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/ui/browser.h"
#include "chrome/browser/ui/browser_commands.h"
#include "chrome/browser/usb/usb_chooser_context.h"
#include "chrome/browser/usb/usb_chooser_context_factory.h"
#include "chrome/common/webui_url_constants.h"
#include "chrome/test/base/ui_test_utils.h"
#include "components/content_settings/core/browser/host_content_settings_map.h"
#include "components/policy/core/common/policy_map.h"
#include "components/policy/policy_constants.h"
#include "content/public/browser/web_contents.h"
#include "content/public/common/content_switches.h"
#include "content/public/test/browser_test_utils.h"
#include "device/bluetooth/bluetooth_adapter_factory.h"
#include "device/bluetooth/test/mock_bluetooth_adapter.h"
#include "services/device/public/cpp/test/fake_usb_device_info.h"
#include "url/gurl.h"
#include "url/origin.h"
namespace policy {
namespace {
const char kURL[] = "http://example.com";
const char kCookieValue[] = "converted=true";
// Assigned to Philip J. Fry to fix eventually.
// TODO(maksims): use year 3000 when we get rid off the 32-bit
// versions. https://crbug.com/619828
const char kCookieOptions[] = ";expires=Wed Jan 01 2038 00:00:00 GMT";
bool IsJavascriptEnabled(content::WebContents* contents) {
base::Value value =
content::ExecuteScriptAndGetValue(contents->GetMainFrame(), "123");
return value.is_int() && value.GetInt() == 123;
}
} // namespace
IN_PROC_BROWSER_TEST_F(PolicyTest, PRE_PRE_DefaultCookiesSetting) {
// Verifies that cookies are deleted on shutdown. This test is split in 3
// parts because it spans 2 browser restarts.
Profile* profile = browser()->profile();
GURL url(kURL);
// No cookies at startup.
EXPECT_TRUE(content::GetCookies(profile, url).empty());
// Set a cookie now.
std::string value = base::StrCat({kCookieValue, kCookieOptions});
EXPECT_TRUE(content::SetCookie(profile, url, value));
// Verify it was set.
EXPECT_EQ(kCookieValue, GetCookies(profile, url));
}
IN_PROC_BROWSER_TEST_F(PolicyTest, PRE_DefaultCookiesSetting) {
// Verify that the cookie persists across restarts.
EXPECT_EQ(kCookieValue, GetCookies(browser()->profile(), GURL(kURL)));
// Now set the policy and the cookie should be gone after another restart.
PolicyMap policies;
policies.Set(key::kDefaultCookiesSetting, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(CONTENT_SETTING_SESSION_ONLY),
nullptr);
UpdateProviderPolicy(policies);
}
IN_PROC_BROWSER_TEST_F(PolicyTest, DefaultCookiesSetting) {
// Verify that the cookie is gone.
EXPECT_TRUE(GetCookies(browser()->profile(), GURL(kURL)).empty());
}
IN_PROC_BROWSER_TEST_F(PolicyTest, PRE_PRE_WebsiteCookiesSetting) {
// Verifies that cookies are deleted on shutdown. This test is split in 3
// parts because it spans 2 browser restarts.
Profile* profile = browser()->profile();
GURL url(kURL);
// No cookies at startup.
EXPECT_TRUE(content::GetCookies(profile, url).empty());
// Set a cookie now.
std::string value = base::StrCat({kCookieValue, kCookieOptions});
EXPECT_TRUE(content::SetCookie(profile, url, value));
// Verify it was set.
EXPECT_EQ(kCookieValue, GetCookies(profile, url));
}
IN_PROC_BROWSER_TEST_F(PolicyTest, PRE_WebsiteCookiesSetting) {
// Verify that the cookie persists across restarts.
EXPECT_EQ(kCookieValue, GetCookies(browser()->profile(), GURL(kURL)));
// Now set the policy and the cookie should be gone after another restart.
HostContentSettingsMapFactory::GetForProfile(browser()->profile())
->SetWebsiteSettingDefaultScope(
GURL(kURL), GURL(kURL), ContentSettingsType::COOKIES, std::string(),
std::make_unique<base::Value>(CONTENT_SETTING_SESSION_ONLY));
}
IN_PROC_BROWSER_TEST_F(PolicyTest, WebsiteCookiesSetting) {
// Verify that the cookie is gone.
EXPECT_TRUE(GetCookies(browser()->profile(), GURL(kURL)).empty());
}
IN_PROC_BROWSER_TEST_F(PolicyTest, Javascript) {
// Verifies that Javascript can be disabled.
content::WebContents* contents =
browser()->tab_strip_model()->GetActiveWebContents();
EXPECT_TRUE(IsJavascriptEnabled(contents));
EXPECT_TRUE(chrome::IsCommandEnabled(browser(), IDC_DEV_TOOLS));
EXPECT_TRUE(chrome::IsCommandEnabled(browser(), IDC_DEV_TOOLS_CONSOLE));
EXPECT_TRUE(chrome::IsCommandEnabled(browser(), IDC_DEV_TOOLS_DEVICES));
// Disable Javascript via policy.
PolicyMap policies;
policies.Set(key::kJavascriptEnabled, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(false), nullptr);
UpdateProviderPolicy(policies);
// Reload the page.
ui_test_utils::NavigateToURL(browser(), GURL(url::kAboutBlankURL));
EXPECT_FALSE(IsJavascriptEnabled(contents));
// Developer tools still work when javascript is disabled.
EXPECT_TRUE(chrome::IsCommandEnabled(browser(), IDC_DEV_TOOLS));
EXPECT_TRUE(chrome::IsCommandEnabled(browser(), IDC_DEV_TOOLS_CONSOLE));
EXPECT_TRUE(chrome::IsCommandEnabled(browser(), IDC_DEV_TOOLS_DEVICES));
// Javascript is always enabled for the internal pages.
ui_test_utils::NavigateToURL(browser(), GURL(chrome::kChromeUIAboutURL));
EXPECT_TRUE(IsJavascriptEnabled(contents));
// The javascript content setting policy overrides the javascript policy.
ui_test_utils::NavigateToURL(browser(), GURL(url::kAboutBlankURL));
EXPECT_FALSE(IsJavascriptEnabled(contents));
policies.Set(key::kDefaultJavaScriptSetting, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(CONTENT_SETTING_ALLOW), nullptr);
UpdateProviderPolicy(policies);
ui_test_utils::NavigateToURL(browser(), GURL(url::kAboutBlankURL));
EXPECT_TRUE(IsJavascriptEnabled(contents));
}
class WebBluetoothPolicyTest : public PolicyTest {
void SetUpCommandLine(base::CommandLine* command_line) override {
// TODO(juncai): Remove this switch once Web Bluetooth is supported on Linux
// and Windows.
// https://crbug.com/570344
// https://crbug.com/507419
command_line->AppendSwitch(
switches::kEnableExperimentalWebPlatformFeatures);
PolicyTest::SetUpCommandLine(command_line);
}
};
IN_PROC_BROWSER_TEST_F(WebBluetoothPolicyTest, Block) {
// Fake the BluetoothAdapter to say it's present.
scoped_refptr<device::MockBluetoothAdapter> adapter =
new testing::NiceMock<device::MockBluetoothAdapter>;
EXPECT_CALL(*adapter, IsPresent()).WillRepeatedly(testing::Return(true));
auto bt_global_values =
device::BluetoothAdapterFactory::Get().InitGlobalValuesForTesting();
bt_global_values->SetLESupported(true);
device::BluetoothAdapterFactory::SetAdapterForTesting(adapter);
// Navigate to a secure context.
embedded_test_server()->ServeFilesFromSourceDirectory("content/test/data");
ASSERT_TRUE(embedded_test_server()->Start());
ui_test_utils::NavigateToURL(
browser(),
embedded_test_server()->GetURL("localhost", "/simple_page.html"));
content::WebContents* const web_contents =
browser()->tab_strip_model()->GetActiveWebContents();
EXPECT_THAT(
web_contents->GetMainFrame()->GetLastCommittedOrigin().Serialize(),
testing::StartsWith("http://localhost:"));
// Set the policy to block Web Bluetooth.
PolicyMap policies;
policies.Set(key::kDefaultWebBluetoothGuardSetting, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(2), nullptr);
UpdateProviderPolicy(policies);
std::string rejection;
EXPECT_TRUE(content::ExecuteScriptAndExtractString(
web_contents,
"navigator.bluetooth.requestDevice({filters: [{name: 'Hello'}]})"
" .then(() => { domAutomationController.send('Success'); },"
" reason => {"
" domAutomationController.send(reason.name + ': ' + reason.message);"
" });",
&rejection));
EXPECT_THAT(rejection, testing::MatchesRegex("NotFoundError: .*policy.*"));
}
IN_PROC_BROWSER_TEST_F(PolicyTest, WebUsbDefault) {
const auto kTestOrigin = url::Origin::Create(GURL("https://foo.com:443"));
// Expect the default permission value to be 'ask'.
auto* context = UsbChooserContextFactory::GetForProfile(browser()->profile());
EXPECT_TRUE(context->CanRequestObjectPermission(kTestOrigin, kTestOrigin));
// Update policy to change the default permission value to 'block'.
PolicyMap policies;
SetPolicy(&policies, key::kDefaultWebUsbGuardSetting,
std::make_unique<base::Value>(2));
UpdateProviderPolicy(policies);
EXPECT_FALSE(context->CanRequestObjectPermission(kTestOrigin, kTestOrigin));
// Update policy to change the default permission value to 'ask'.
SetPolicy(&policies, key::kDefaultWebUsbGuardSetting,
std::make_unique<base::Value>(3));
UpdateProviderPolicy(policies);
EXPECT_TRUE(context->CanRequestObjectPermission(kTestOrigin, kTestOrigin));
}
IN_PROC_BROWSER_TEST_F(PolicyTest, WebUsbAllowDevicesForUrls) {
const auto kTestOrigin = url::Origin::Create(GURL("https://foo.com:443"));
scoped_refptr<device::FakeUsbDeviceInfo> device =
base::MakeRefCounted<device::FakeUsbDeviceInfo>(0, 0, "Google", "Gizmo",
"123ABC");
const auto& device_info = device->GetDeviceInfo();
// Expect the default permission value to be empty.
auto* context = UsbChooserContextFactory::GetForProfile(browser()->profile());
EXPECT_FALSE(
context->HasDevicePermission(kTestOrigin, kTestOrigin, device_info));
// Update policy to add an entry to the permission value to allow
// |kTestOrigin| to access the device described by |device_info|.
PolicyMap policies;
base::Value device_value(base::Value::Type::DICTIONARY);
device_value.SetKey("vendor_id", base::Value(0));
device_value.SetKey("product_id", base::Value(0));
base::Value devices_value(base::Value::Type::LIST);
devices_value.Append(std::move(device_value));
base::Value urls_value(base::Value::Type::LIST);
urls_value.Append(base::Value("https://foo.com"));
base::Value entry(base::Value::Type::DICTIONARY);
entry.SetKey("devices", std::move(devices_value));
entry.SetKey("urls", std::move(urls_value));
auto policy_value = std::make_unique<base::Value>(base::Value::Type::LIST);
policy_value->Append(std::move(entry));
SetPolicy(&policies, key::kWebUsbAllowDevicesForUrls,
std::move(policy_value));
UpdateProviderPolicy(policies);
EXPECT_TRUE(
context->HasDevicePermission(kTestOrigin, kTestOrigin, device_info));
// Remove the policy to ensure that it can be dynamically updated.
SetPolicy(&policies, key::kWebUsbAllowDevicesForUrls,
std::make_unique<base::Value>(base::Value::Type::LIST));
UpdateProviderPolicy(policies);
EXPECT_FALSE(
context->HasDevicePermission(kTestOrigin, kTestOrigin, device_info));
}
} // namespace policy
chrome/browser/policy/policy_browsertest.cc
View file @ 073cdcb1
...@@ -67,7 +67,6 @@ ...@@ -67,7 +67,6 @@
#include "chrome/browser/chromeos/login/test/session_manager_state_waiter.h" #include "chrome/browser/chromeos/login/test/session_manager_state_waiter.h"
#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
#include "chrome/browser/component_updater/chrome_component_updater_configurator.h" #include "chrome/browser/component_updater/chrome_component_updater_configurator.h"
#include "chrome/browser/content_settings/host_content_settings_map_factory.h"
#include "chrome/browser/content_settings/tab_specific_content_settings.h" #include "chrome/browser/content_settings/tab_specific_content_settings.h"
#include "chrome/browser/devtools/devtools_window_testing.h" #include "chrome/browser/devtools/devtools_window_testing.h"
#include "chrome/browser/download/download_prefs.h" #include "chrome/browser/download/download_prefs.h"
...@@ -85,7 +84,6 @@ ...@@ -85,7 +84,6 @@
#include "chrome/browser/prefs/session_startup_pref.h" #include "chrome/browser/prefs/session_startup_pref.h"
#include "chrome/browser/profiles/profile.h" #include "chrome/browser/profiles/profile.h"
#include "chrome/browser/resource_coordinator/tab_load_tracker_test_support.h" #include "chrome/browser/resource_coordinator/tab_load_tracker_test_support.h"
#include "chrome/browser/safe_browsing/chrome_password_protection_service.h"
#include "chrome/browser/search/search.h" #include "chrome/browser/search/search.h"
#include "chrome/browser/search_engines/template_url_service_factory.h" #include "chrome/browser/search_engines/template_url_service_factory.h"
#include "chrome/browser/task_manager/task_manager_interface.h" #include "chrome/browser/task_manager/task_manager_interface.h"
...@@ -102,8 +100,6 @@ ...@@ -102,8 +100,6 @@
#include "chrome/browser/ui/tabs/tab_strip_model.h" #include "chrome/browser/ui/tabs/tab_strip_model.h"
#include "chrome/browser/ui/toolbar/toolbar_actions_model.h" #include "chrome/browser/ui/toolbar/toolbar_actions_model.h"
#include "chrome/browser/ui/webui/welcome/helpers.h" #include "chrome/browser/ui/webui/welcome/helpers.h"
#include "chrome/browser/usb/usb_chooser_context.h"
#include "chrome/browser/usb/usb_chooser_context_factory.h"
#include "chrome/common/chrome_constants.h" #include "chrome/common/chrome_constants.h"
#include "chrome/common/chrome_features.h" #include "chrome/common/chrome_features.h"
#include "chrome/common/chrome_switches.h" #include "chrome/common/chrome_switches.h"
...@@ -123,7 +119,6 @@ ...@@ -123,7 +119,6 @@
#include "components/browsing_data/core/pref_names.h" #include "components/browsing_data/core/pref_names.h"
#include "components/component_updater/component_updater_service.h" #include "components/component_updater/component_updater_service.h"
#include "components/component_updater/component_updater_switches.h" #include "components/component_updater/component_updater_switches.h"
#include "components/content_settings/core/browser/host_content_settings_map.h"
#include "components/content_settings/core/common/content_settings.h" #include "components/content_settings/core/common/content_settings.h"
#include "components/content_settings/core/common/content_settings_pattern.h" #include "components/content_settings/core/common/content_settings_pattern.h"
#include "components/content_settings/core/common/pref_names.h" #include "components/content_settings/core/common/pref_names.h"
...@@ -145,8 +140,6 @@ ...@@ -145,8 +140,6 @@
#include "components/policy/core/common/policy_types.h" #include "components/policy/core/common/policy_types.h"
#include "components/policy/policy_constants.h" #include "components/policy/policy_constants.h"
#include "components/prefs/pref_service.h" #include "components/prefs/pref_service.h"
#include "components/safe_browsing/features.h"
#include "components/safe_browsing/realtime/policy_engine.h"
#include "components/search_engines/template_url.h" #include "components/search_engines/template_url.h"
#include "components/search_engines/template_url_service.h" #include "components/search_engines/template_url_service.h"
#include "components/security_interstitials/content/security_interstitial_page.h" #include "components/security_interstitials/content/security_interstitial_page.h"
...@@ -194,8 +187,6 @@ ...@@ -194,8 +187,6 @@
#include "content/public/test/signed_exchange_browser_test_helper.h" #include "content/public/test/signed_exchange_browser_test_helper.h"
#include "content/public/test/test_utils.h" #include "content/public/test/test_utils.h"
#include "content/public/test/url_loader_interceptor.h" #include "content/public/test/url_loader_interceptor.h"
#include "device/bluetooth/bluetooth_adapter_factory.h"
#include "device/bluetooth/test/mock_bluetooth_adapter.h"
#include "extensions/browser/api/messaging/messaging_delegate.h" #include "extensions/browser/api/messaging/messaging_delegate.h"
#include "extensions/browser/disable_reason.h" #include "extensions/browser/disable_reason.h"
#include "extensions/browser/extension_prefs.h" #include "extensions/browser/extension_prefs.h"
...@@ -214,7 +205,6 @@ ...@@ -214,7 +205,6 @@
#include "net/test/embedded_test_server/embedded_test_server.h" #include "net/test/embedded_test_server/embedded_test_server.h"
#include "net/test/embedded_test_server/http_request.h" #include "net/test/embedded_test_server/http_request.h"
#include "net/test/embedded_test_server/http_response.h" #include "net/test/embedded_test_server/http_response.h"
#include "services/device/public/cpp/test/fake_usb_device_info.h"
#include "services/network/public/cpp/features.h" #include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/network_switches.h" #include "services/network/public/cpp/network_switches.h"
#include "services/network/public/mojom/network_service.mojom.h" #include "services/network/public/mojom/network_service.mojom.h"
...@@ -281,7 +271,6 @@ ...@@ -281,7 +271,6 @@
#endif #endif
using content::BrowserThread; using content::BrowserThread;
using safe_browsing::ReusedPasswordAccountType;
using testing::_; using testing::_;
using testing::AtLeast; using testing::AtLeast;
using testing::Mock; using testing::Mock;
...@@ -297,13 +286,6 @@ const int kOneHourInMs = 60 * 60 * 1000; ...@@ -297,13 +286,6 @@ const int kOneHourInMs = 60 * 60 * 1000;
const int kThreeHoursInMs = 180 * 60 * 1000; const int kThreeHoursInMs = 180 * 60 * 1000;
#endif #endif
const char kURL[] = "http://example.com";
const char kCookieValue[] = "converted=true";
// Assigned to Philip J. Fry to fix eventually.
// TODO(maksims): use year 3000 when we get rid off the 32-bit
// versions. https://crbug.com/619828
const char kCookieOptions[] = ";expires=Wed Jan 01 2038 00:00:00 GMT";
#if !defined(OS_MACOSX) #if !defined(OS_MACOSX)
const base::FilePath::CharType kUnpackedFullscreenAppName[] = const base::FilePath::CharType kUnpackedFullscreenAppName[] =
FILE_PATH_LITERAL("fullscreen_app"); FILE_PATH_LITERAL("fullscreen_app");
...@@ -429,12 +411,6 @@ bool IsWebGLEnabled(content::WebContents* contents) { ...@@ -429,12 +411,6 @@ bool IsWebGLEnabled(content::WebContents* contents) {
return result; return result;
} }
bool IsJavascriptEnabled(content::WebContents* contents) {
base::Value value =
content::ExecuteScriptAndGetValue(contents->GetMainFrame(), "123");
return value.is_int() && value.GetInt() == 123;
}
bool IsNetworkPredictionEnabled(PrefService* prefs) { bool IsNetworkPredictionEnabled(PrefService* prefs) {
return chrome_browser_net::CanPrefetchAndPrerenderUI(prefs) == return chrome_browser_net::CanPrefetchAndPrerenderUI(prefs) ==
chrome_browser_net::NetworkPredictionStatus::ENABLED; chrome_browser_net::NetworkPredictionStatus::ENABLED;
...@@ -551,23 +527,6 @@ extensions::MessagingDelegate::PolicyPermission IsNativeMessagingHostAllowed( ...@@ -551,23 +527,6 @@ extensions::MessagingDelegate::PolicyPermission IsNativeMessagingHostAllowed(
} }
#endif #endif
class MockPasswordProtectionService
: public safe_browsing::ChromePasswordProtectionService {
public:
MockPasswordProtectionService(safe_browsing::SafeBrowsingService* sb_service,
Profile* profile)
: safe_browsing::ChromePasswordProtectionService(sb_service, profile) {}
~MockPasswordProtectionService() override {}
MOCK_CONST_METHOD0(IsPrimaryAccountGmail, bool());
AccountInfo GetAccountInfo() const override {
AccountInfo info;
info.email = "user@mycompany.com";
return info;
}
};
} // namespace } // namespace
#if defined(OS_WIN) #if defined(OS_WIN)
...@@ -855,68 +814,6 @@ IN_PROC_BROWSER_TEST_F(PolicyTest, BookmarkBarEnabled) { ...@@ -855,68 +814,6 @@ IN_PROC_BROWSER_TEST_F(PolicyTest, BookmarkBarEnabled) {
EXPECT_EQ(BookmarkBar::SHOW, browser()->bookmark_bar_state()); EXPECT_EQ(BookmarkBar::SHOW, browser()->bookmark_bar_state());
} }
IN_PROC_BROWSER_TEST_F(PolicyTest, PRE_PRE_DefaultCookiesSetting) {
// Verifies that cookies are deleted on shutdown. This test is split in 3
// parts because it spans 2 browser restarts.
Profile* profile = browser()->profile();
GURL url(kURL);
// No cookies at startup.
EXPECT_TRUE(content::GetCookies(profile, url).empty());
// Set a cookie now.
std::string value = base::StrCat({kCookieValue, kCookieOptions});
EXPECT_TRUE(content::SetCookie(profile, url, value));
// Verify it was set.
EXPECT_EQ(kCookieValue, GetCookies(profile, url));
}
IN_PROC_BROWSER_TEST_F(PolicyTest, PRE_DefaultCookiesSetting) {
// Verify that the cookie persists across restarts.
EXPECT_EQ(kCookieValue, GetCookies(browser()->profile(), GURL(kURL)));
// Now set the policy and the cookie should be gone after another restart.
PolicyMap policies;
policies.Set(key::kDefaultCookiesSetting, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(CONTENT_SETTING_SESSION_ONLY),
nullptr);
UpdateProviderPolicy(policies);
}
IN_PROC_BROWSER_TEST_F(PolicyTest, DefaultCookiesSetting) {
// Verify that the cookie is gone.
EXPECT_TRUE(GetCookies(browser()->profile(), GURL(kURL)).empty());
}
IN_PROC_BROWSER_TEST_F(PolicyTest, PRE_PRE_WebsiteCookiesSetting) {
// Verifies that cookies are deleted on shutdown. This test is split in 3
// parts because it spans 2 browser restarts.
Profile* profile = browser()->profile();
GURL url(kURL);
// No cookies at startup.
EXPECT_TRUE(content::GetCookies(profile, url).empty());
// Set a cookie now.
std::string value = base::StrCat({kCookieValue, kCookieOptions});
EXPECT_TRUE(content::SetCookie(profile, url, value));
// Verify it was set.
EXPECT_EQ(kCookieValue, GetCookies(profile, url));
}
IN_PROC_BROWSER_TEST_F(PolicyTest, PRE_WebsiteCookiesSetting) {
// Verify that the cookie persists across restarts.
EXPECT_EQ(kCookieValue, GetCookies(browser()->profile(), GURL(kURL)));
// Now set the policy and the cookie should be gone after another restart.
HostContentSettingsMapFactory::GetForProfile(browser()->profile())
->SetWebsiteSettingDefaultScope(
GURL(kURL), GURL(kURL), ContentSettingsType::COOKIES, std::string(),
std::make_unique<base::Value>(CONTENT_SETTING_SESSION_ONLY));
}
IN_PROC_BROWSER_TEST_F(PolicyTest, WebsiteCookiesSetting) {
// Verify that the cookie is gone.
EXPECT_TRUE(GetCookies(browser()->profile(), GURL(kURL)).empty());
}
IN_PROC_BROWSER_TEST_F(PolicyTest, DefaultSearchProvider) { IN_PROC_BROWSER_TEST_F(PolicyTest, DefaultSearchProvider) {
// Verifies that a default search is made using the provider configured via // Verifies that a default search is made using the provider configured via
// policy. Also checks that default search can be completely disabled. // policy. Also checks that default search can be completely disabled.
...@@ -1656,43 +1553,6 @@ IN_PROC_BROWSER_TEST_F(PolicyTest, MAYBE_IncognitoEnabled) { ...@@ -1656,43 +1553,6 @@ IN_PROC_BROWSER_TEST_F(PolicyTest, MAYBE_IncognitoEnabled) {
EXPECT_TRUE(BrowserList::IsIncognitoSessionActive()); EXPECT_TRUE(BrowserList::IsIncognitoSessionActive());
} }
IN_PROC_BROWSER_TEST_F(PolicyTest, Javascript) {
// Verifies that Javascript can be disabled.
content::WebContents* contents =
browser()->tab_strip_model()->GetActiveWebContents();
EXPECT_TRUE(IsJavascriptEnabled(contents));
EXPECT_TRUE(chrome::IsCommandEnabled(browser(), IDC_DEV_TOOLS));
EXPECT_TRUE(chrome::IsCommandEnabled(browser(), IDC_DEV_TOOLS_CONSOLE));
EXPECT_TRUE(chrome::IsCommandEnabled(browser(), IDC_DEV_TOOLS_DEVICES));
// Disable Javascript via policy.
PolicyMap policies;
policies.Set(key::kJavascriptEnabled, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(false), nullptr);
UpdateProviderPolicy(policies);
// Reload the page.
ui_test_utils::NavigateToURL(browser(), GURL(url::kAboutBlankURL));
EXPECT_FALSE(IsJavascriptEnabled(contents));
// Developer tools still work when javascript is disabled.
EXPECT_TRUE(chrome::IsCommandEnabled(browser(), IDC_DEV_TOOLS));
EXPECT_TRUE(chrome::IsCommandEnabled(browser(), IDC_DEV_TOOLS_CONSOLE));
EXPECT_TRUE(chrome::IsCommandEnabled(browser(), IDC_DEV_TOOLS_DEVICES));
// Javascript is always enabled for the internal pages.
ui_test_utils::NavigateToURL(browser(), GURL(chrome::kChromeUIAboutURL));
EXPECT_TRUE(IsJavascriptEnabled(contents));
// The javascript content setting policy overrides the javascript policy.
ui_test_utils::NavigateToURL(browser(), GURL(url::kAboutBlankURL));
EXPECT_FALSE(IsJavascriptEnabled(contents));
policies.Set(key::kDefaultJavaScriptSetting, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(CONTENT_SETTING_ALLOW), nullptr);
UpdateProviderPolicy(policies);
ui_test_utils::NavigateToURL(browser(), GURL(url::kAboutBlankURL));
EXPECT_TRUE(IsJavascriptEnabled(contents));
}
IN_PROC_BROWSER_TEST_F(PolicyTest, NetworkPrediction) { IN_PROC_BROWSER_TEST_F(PolicyTest, NetworkPrediction) {
PrefService* prefs = browser()->profile()->GetPrefs(); PrefService* prefs = browser()->profile()->GetPrefs();
...@@ -2972,59 +2832,6 @@ INSTANTIATE_TEST_SUITE_P(MediaStreamDevicesControllerBrowserTestInstance, ...@@ -2972,59 +2832,6 @@ INSTANTIATE_TEST_SUITE_P(MediaStreamDevicesControllerBrowserTestInstance,
MediaStreamDevicesControllerBrowserTest, MediaStreamDevicesControllerBrowserTest,
testing::Bool()); testing::Bool());
class WebBluetoothPolicyTest : public PolicyTest {
void SetUpCommandLine(base::CommandLine* command_line)override {
// TODO(juncai): Remove this switch once Web Bluetooth is supported on Linux
// and Windows.
// https://crbug.com/570344
// https://crbug.com/507419
command_line->AppendSwitch(
switches::kEnableExperimentalWebPlatformFeatures);
PolicyTest::SetUpCommandLine(command_line);
}
};
IN_PROC_BROWSER_TEST_F(WebBluetoothPolicyTest, Block) {
// Fake the BluetoothAdapter to say it's present.
scoped_refptr<device::MockBluetoothAdapter> adapter =
new testing::NiceMock<device::MockBluetoothAdapter>;
EXPECT_CALL(*adapter, IsPresent()).WillRepeatedly(testing::Return(true));
auto bt_global_values =
device::BluetoothAdapterFactory::Get().InitGlobalValuesForTesting();
bt_global_values->SetLESupported(true);
device::BluetoothAdapterFactory::SetAdapterForTesting(adapter);
// Navigate to a secure context.
embedded_test_server()->ServeFilesFromSourceDirectory("content/test/data");
ASSERT_TRUE(embedded_test_server()->Start());
ui_test_utils::NavigateToURL(
browser(),
embedded_test_server()->GetURL("localhost", "/simple_page.html"));
content::WebContents* const web_contents =
browser()->tab_strip_model()->GetActiveWebContents();
EXPECT_THAT(
web_contents->GetMainFrame()->GetLastCommittedOrigin().Serialize(),
testing::StartsWith("http://localhost:"));
// Set the policy to block Web Bluetooth.
PolicyMap policies;
policies.Set(key::kDefaultWebBluetoothGuardSetting, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(2), nullptr);
UpdateProviderPolicy(policies);
std::string rejection;
EXPECT_TRUE(content::ExecuteScriptAndExtractString(
web_contents,
"navigator.bluetooth.requestDevice({filters: [{name: 'Hello'}]})"
" .then(() => { domAutomationController.send('Success'); },"
" reason => {"
" domAutomationController.send(reason.name + ': ' + reason.message);"
" });",
&rejection));
EXPECT_THAT(rejection, testing::MatchesRegex("NotFoundError: .*policy.*"));
}
class CertificateTransparencyPolicyTest : public PolicyTest { class CertificateTransparencyPolicyTest : public PolicyTest {
public: public:
CertificateTransparencyPolicyTest() : PolicyTest() { CertificateTransparencyPolicyTest() : PolicyTest() {
...@@ -3155,88 +2962,6 @@ IN_PROC_BROWSER_TEST_F(CertificateTransparencyPolicyTest, ...@@ -3155,88 +2962,6 @@ IN_PROC_BROWSER_TEST_F(CertificateTransparencyPolicyTest,
browser()->tab_strip_model()->GetActiveWebContents()->GetTitle()); browser()->tab_strip_model()->GetActiveWebContents()->GetTitle());
} }
// Test that when extended reporting opt-in is disabled by policy, the
// opt-in checkbox does not appear on SSL blocking pages.
// Note: SafeBrowsingExtendedReportingOptInAllowed policy is being deprecated.
IN_PROC_BROWSER_TEST_F(PolicyTest, SafeBrowsingExtendedReportingOptInAllowed) {
net::EmbeddedTestServer https_server_expired(
net::EmbeddedTestServer::TYPE_HTTPS);
https_server_expired.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
https_server_expired.ServeFilesFromSourceDirectory("chrome/test/data");
ASSERT_TRUE(https_server_expired.Start());
// First, navigate to an SSL error page and make sure the checkbox appears by
// default.
ui_test_utils::NavigateToURL(browser(), https_server_expired.GetURL("/"));
EXPECT_EQ(security_interstitials::CMD_TEXT_FOUND,
IsExtendedReportingCheckboxVisibleOnInterstitial());
// Set the enterprise policy to disallow opt-in.
const PrefService* const prefs = browser()->profile()->GetPrefs();
EXPECT_TRUE(
prefs->GetBoolean(prefs::kSafeBrowsingExtendedReportingOptInAllowed));
PolicyMap policies;
policies.Set(key::kSafeBrowsingExtendedReportingOptInAllowed,
POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
base::WrapUnique(new base::Value(false)), nullptr);
UpdateProviderPolicy(policies);
EXPECT_FALSE(
prefs->GetBoolean(prefs::kSafeBrowsingExtendedReportingOptInAllowed));
// Navigate to an SSL error page, the checkbox should not appear.
ui_test_utils::NavigateToURL(browser(), https_server_expired.GetURL("/"));
EXPECT_EQ(security_interstitials::CMD_TEXT_NOT_FOUND,
IsExtendedReportingCheckboxVisibleOnInterstitial());
}
// Test that when extended reporting is managed by policy, the opt-in checkbox
// does not appear on SSL blocking pages.
IN_PROC_BROWSER_TEST_F(PolicyTest, SafeBrowsingExtendedReportingPolicyManaged) {
net::EmbeddedTestServer https_server_expired(
net::EmbeddedTestServer::TYPE_HTTPS);
https_server_expired.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
https_server_expired.ServeFilesFromSourceDirectory("chrome/test/data");
ASSERT_TRUE(https_server_expired.Start());
// Set the extended reporting pref to True and ensure the enterprise policy
// can overwrite it.
PrefService* prefs = browser()->profile()->GetPrefs();
prefs->SetBoolean(prefs::kSafeBrowsingScoutReportingEnabled, true);
// First, navigate to an SSL error page and make sure the checkbox appears by
// default.
ui_test_utils::NavigateToURL(browser(), https_server_expired.GetURL("/"));
EXPECT_EQ(security_interstitials::CMD_TEXT_FOUND,
IsExtendedReportingCheckboxVisibleOnInterstitial());
// Set the enterprise policy to disable extended reporting.
EXPECT_TRUE(
prefs->GetBoolean(prefs::kSafeBrowsingExtendedReportingOptInAllowed));
PolicyMap policies;
policies.Set(key::kSafeBrowsingExtendedReportingEnabled,
POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
base::WrapUnique(new base::Value(false)), nullptr);
UpdateProviderPolicy(policies);
// Policy should have overwritten the pref, and it should be managed.
EXPECT_FALSE(prefs->GetBoolean(prefs::kSafeBrowsingScoutReportingEnabled));
EXPECT_TRUE(
prefs->IsManagedPreference(prefs::kSafeBrowsingScoutReportingEnabled));
// Also make sure the SafeBrowsing prefs helper functions agree with the
// policy.
EXPECT_TRUE(safe_browsing::IsExtendedReportingPolicyManaged(*prefs));
// Note that making SBER policy managed does NOT affect the SBEROptInAllowed
// setting, which is intentionally kept distinct for now. When the latter is
// deprecated, then SBER's policy management will imply whether the checkbox
// is visible.
EXPECT_TRUE(safe_browsing::IsExtendedReportingOptInAllowed(*prefs));
// Navigate to an SSL error page, the checkbox should not appear.
ui_test_utils::NavigateToURL(browser(), https_server_expired.GetURL("/"));
EXPECT_EQ(security_interstitials::CMD_TEXT_NOT_FOUND,
IsExtendedReportingCheckboxVisibleOnInterstitial());
}
// Test that when SSL error overriding is allowed by policy (default), the // Test that when SSL error overriding is allowed by policy (default), the
// proceed link appears on SSL blocking pages. // proceed link appears on SSL blocking pages.
IN_PROC_BROWSER_TEST_F(PolicyTest, SSLErrorOverridingAllowed) { IN_PROC_BROWSER_TEST_F(PolicyTest, SSLErrorOverridingAllowed) {
...@@ -3330,248 +3055,6 @@ IN_PROC_BROWSER_TEST_F(PolicyTest, TaskManagerEndProcessEnabled) { ...@@ -3330,248 +3055,6 @@ IN_PROC_BROWSER_TEST_F(PolicyTest, TaskManagerEndProcessEnabled) {
EXPECT_TRUE(task_manager::TaskManagerInterface::IsEndProcessEnabled()); EXPECT_TRUE(task_manager::TaskManagerInterface::IsEndProcessEnabled());
} }
// Test that when password protection warning trigger is set for users who are
// not signed-into Chrome, Chrome password protection service gets the correct
// value.
IN_PROC_BROWSER_TEST_F(PolicyTest,
PasswordProtectionWarningTriggerNotLoggedIn) {
MockPasswordProtectionService mock_service(
g_browser_process->safe_browsing_service(), browser()->profile());
// If user is not signed-in, |GetPasswordProtectionWarningTriggerPref(...)|
// should return |PHISHING_REUSE| unless specified by policy.
const PrefService* const prefs = browser()->profile()->GetPrefs();
EXPECT_FALSE(prefs->FindPreference(prefs::kPasswordProtectionWarningTrigger)
->IsManaged());
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(
ReusedPasswordAccountType()));
// Sets the enterprise policy to 1 (a.k.a PASSWORD_REUSE).
PolicyMap policies;
policies.Set(key::kPasswordProtectionWarningTrigger, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(1), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(prefs->FindPreference(prefs::kPasswordProtectionWarningTrigger)
->IsManaged());
EXPECT_EQ(safe_browsing::PASSWORD_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(
ReusedPasswordAccountType()));
// Sets the enterprise policy to 2 (a.k.a PHISHING_REUSE).
policies.Set(key::kPasswordProtectionWarningTrigger, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(2), nullptr);
UpdateProviderPolicy(policies);
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(
ReusedPasswordAccountType()));
}
// Test that when password protection warning trigger is set for Gmail users,
// Chrome password protection service gets the correct
// value.
IN_PROC_BROWSER_TEST_F(PolicyTest, PasswordProtectionWarningTriggerGmail) {
MockPasswordProtectionService mock_service(
g_browser_process->safe_browsing_service(), browser()->profile());
// If user is a Gmail user, |GetPasswordProtectionWarningTriggerPref(...)|
// should return |PHISHING_REUSE| unless specified by policy.
EXPECT_CALL(mock_service, IsPrimaryAccountGmail())
.WillRepeatedly(Return(true));
const PrefService* const prefs = browser()->profile()->GetPrefs();
EXPECT_FALSE(prefs->FindPreference(prefs::kPasswordProtectionWarningTrigger)
->IsManaged());
ReusedPasswordAccountType account_type;
account_type.set_account_type(ReusedPasswordAccountType::GMAIL);
account_type.set_is_account_syncing(true);
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(account_type));
// Sets the enterprise policy to 1 (a.k.a PASSWORD_REUSE). Gmail accounts
// should always return PHISHING_REUSE regardless of what the policy is set
// to.
PolicyMap policies;
policies.Set(key::kPasswordProtectionWarningTrigger, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(1), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(prefs->FindPreference(prefs::kPasswordProtectionWarningTrigger)
->IsManaged());
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(account_type));
// Sets the enterprise policy to 2 (a.k.a PHISHING_REUSE).
policies.Set(key::kPasswordProtectionWarningTrigger, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(2), nullptr);
UpdateProviderPolicy(policies);
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(account_type));
}
// Test that when password protection warning trigger is set for GSuite users,
// Chrome password protection service gets the correct value.
IN_PROC_BROWSER_TEST_F(PolicyTest, PasswordProtectionWarningTriggerGSuite) {
MockPasswordProtectionService mock_service(
g_browser_process->safe_browsing_service(), browser()->profile());
const PrefService* const prefs = browser()->profile()->GetPrefs();
PolicyMap policies;
// If user is a GSuite user, |GetPasswordProtectionWarningTriggerPref(...)|
// should return |PHISHING_REUSE| unless specified by policy.
EXPECT_FALSE(prefs->FindPreference(prefs::kPasswordProtectionWarningTrigger)
->IsManaged());
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(
ReusedPasswordAccountType()));
// Sets the enterprise policy to 1 (a.k.a PASSWORD_REUSE).
policies.Set(key::kPasswordProtectionWarningTrigger, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(1), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(prefs->FindPreference(prefs::kPasswordProtectionWarningTrigger)
->IsManaged());
EXPECT_EQ(safe_browsing::PASSWORD_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(
ReusedPasswordAccountType()));
// Sets the enterprise policy to 2 (a.k.a PHISHING_REUSE).
policies.Set(key::kPasswordProtectionWarningTrigger, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(2), nullptr);
UpdateProviderPolicy(policies);
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(
ReusedPasswordAccountType()));
}
// Test that when safe browsing whitelist domains are set by policy, safe
// browsing service gets the correct value.
IN_PROC_BROWSER_TEST_F(PolicyTest, SafeBrowsingWhitelistDomains) {
// Without setting up the enterprise policy,
// |GetSafeBrowsingDomainsPref(..) should return empty list.
const PrefService* const prefs = browser()->profile()->GetPrefs();
EXPECT_FALSE(
prefs->FindPreference(prefs::kSafeBrowsingWhitelistDomains)->IsManaged());
std::vector<std::string> canonicalized_domains;
safe_browsing::GetSafeBrowsingWhitelistDomainsPref(*prefs,
&canonicalized_domains);
EXPECT_TRUE(canonicalized_domains.empty());
// Add 2 whitelisted domains to this policy.
PolicyMap policies;
base::ListValue whitelist_domains;
whitelist_domains.AppendString("mydomain.com");
whitelist_domains.AppendString("mydomain.net");
policies.Set(key::kSafeBrowsingWhitelistDomains, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
whitelist_domains.CreateDeepCopy(), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(
prefs->FindPreference(prefs::kSafeBrowsingWhitelistDomains)->IsManaged());
safe_browsing::GetSafeBrowsingWhitelistDomainsPref(*prefs,
&canonicalized_domains);
EXPECT_EQ(2u, canonicalized_domains.size());
EXPECT_EQ("mydomain.com", canonicalized_domains[0]);
EXPECT_EQ("mydomain.net", canonicalized_domains[1]);
// Invalid domains will be skipped.
whitelist_domains.Clear();
whitelist_domains.AppendString(std::string("%EF%BF%BDzyx.com"));
policies.Set(key::kSafeBrowsingWhitelistDomains, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
whitelist_domains.CreateDeepCopy(), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(
prefs->FindPreference(prefs::kSafeBrowsingWhitelistDomains)->IsManaged());
canonicalized_domains.clear();
safe_browsing::GetSafeBrowsingWhitelistDomainsPref(*prefs,
&canonicalized_domains);
EXPECT_TRUE(canonicalized_domains.empty());
}
// Test that when password protection login URLs are set by policy, password
// protection service gets the correct value.
IN_PROC_BROWSER_TEST_F(PolicyTest, PasswordProtectionLoginURLs) {
// Without setting up the enterprise policy,
// |GetPasswordProtectionLoginURLsPref(..) should return empty list.
const PrefService* const prefs = browser()->profile()->GetPrefs();
EXPECT_FALSE(
prefs->FindPreference(prefs::kPasswordProtectionLoginURLs)->IsManaged());
std::vector<GURL> login_urls;
safe_browsing::GetPasswordProtectionLoginURLsPref(*prefs, &login_urls);
EXPECT_TRUE(login_urls.empty());
// Add 2 login URLs to this enterprise policy .
PolicyMap policies;
base::ListValue login_url_values;
login_url_values.AppendString("https://login.mydomain.com");
login_url_values.AppendString("https://mydomian.com/login.html");
policies.Set(key::kPasswordProtectionLoginURLs, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
login_url_values.CreateDeepCopy(), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(
prefs->FindPreference(prefs::kPasswordProtectionLoginURLs)->IsManaged());
safe_browsing::GetPasswordProtectionLoginURLsPref(*prefs, &login_urls);
EXPECT_EQ(2u, login_urls.size());
EXPECT_EQ(GURL("https://login.mydomain.com"), login_urls[0]);
EXPECT_EQ(GURL("https://mydomian.com/login.html"), login_urls[1]);
// Verify non-http/https schemes, or invalid URLs will be skipped.
login_url_values.Clear();
login_url_values.AppendString(std::string("invalid"));
login_url_values.AppendString(std::string("ftp://login.mydomain.com"));
policies.Set(key::kPasswordProtectionLoginURLs, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
login_url_values.CreateDeepCopy(), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(
prefs->FindPreference(prefs::kPasswordProtectionLoginURLs)->IsManaged());
login_urls.clear();
safe_browsing::GetPasswordProtectionLoginURLsPref(*prefs, &login_urls);
EXPECT_TRUE(login_urls.empty());
}
// Test that when password protection change password URL is set by policy,
// password protection service gets the correct value.
IN_PROC_BROWSER_TEST_F(PolicyTest, PasswordProtectionChangePasswordURL) {
// Without setting up the enterprise policy,
// |GetEnterpriseChangePasswordURL(..) should return default GAIA change
// password URL.
const PrefService* const prefs = browser()->profile()->GetPrefs();
const safe_browsing::ChromePasswordProtectionService* const service =
safe_browsing::ChromePasswordProtectionService::
GetPasswordProtectionService(browser()->profile());
EXPECT_FALSE(
prefs->FindPreference(prefs::kPasswordProtectionChangePasswordURL)
->IsManaged());
EXPECT_FALSE(prefs->HasPrefPath(prefs::kPasswordProtectionChangePasswordURL));
EXPECT_TRUE(service->GetEnterpriseChangePasswordURL().DomainIs(
"accounts.google.com"));
// Add change password URL to this enterprise policy .
PolicyMap policies;
policies.Set(
key::kPasswordProtectionChangePasswordURL, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
base::WrapUnique(new base::Value("https://changepassword.mydomain.com")),
nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(prefs->FindPreference(prefs::kPasswordProtectionChangePasswordURL)
->IsManaged());
EXPECT_EQ(GURL("https://changepassword.mydomain.com"),
service->GetEnterpriseChangePasswordURL());
// Verify non-http/https change password URL will be skipped.
policies.Set(key::kPasswordProtectionChangePasswordURL,
POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
base::WrapUnique(new base::Value("data:text/html,login page")),
nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(prefs->FindPreference(prefs::kPasswordProtectionChangePasswordURL)
->IsManaged());
EXPECT_TRUE(service->GetEnterpriseChangePasswordURL().DomainIs(
"accounts.google.com"));
}
// Sets the proper policy before the browser is started. // Sets the proper policy before the browser is started.
template<bool enable> template<bool enable>
class MediaRouterPolicyTest : public PolicyTest { class MediaRouterPolicyTest : public PolicyTest {
...@@ -4383,76 +3866,6 @@ IN_PROC_BROWSER_TEST_F(NoteTakingOnLockScreenPolicyTest, ...@@ -4383,76 +3866,6 @@ IN_PROC_BROWSER_TEST_F(NoteTakingOnLockScreenPolicyTest,
#endif // defined(OS_CHROMEOS) #endif // defined(OS_CHROMEOS)
IN_PROC_BROWSER_TEST_F(PolicyTest, WebUsbDefault) {
const auto kTestOrigin = url::Origin::Create(GURL("https://foo.com:443"));
// Expect the default permission value to be 'ask'.
auto* context = UsbChooserContextFactory::GetForProfile(browser()->profile());
EXPECT_TRUE(context->CanRequestObjectPermission(kTestOrigin, kTestOrigin));
// Update policy to change the default permission value to 'block'.
PolicyMap policies;
SetPolicy(&policies, key::kDefaultWebUsbGuardSetting,
std::make_unique<base::Value>(2));
UpdateProviderPolicy(policies);
EXPECT_FALSE(context->CanRequestObjectPermission(kTestOrigin, kTestOrigin));
// Update policy to change the default permission value to 'ask'.
SetPolicy(&policies, key::kDefaultWebUsbGuardSetting,
std::make_unique<base::Value>(3));
UpdateProviderPolicy(policies);
EXPECT_TRUE(context->CanRequestObjectPermission(kTestOrigin, kTestOrigin));
}
IN_PROC_BROWSER_TEST_F(PolicyTest, WebUsbAllowDevicesForUrls) {
const auto kTestOrigin = url::Origin::Create(GURL("https://foo.com:443"));
scoped_refptr<device::FakeUsbDeviceInfo> device =
base::MakeRefCounted<device::FakeUsbDeviceInfo>(0, 0, "Google", "Gizmo",
"123ABC");
const auto& device_info = device->GetDeviceInfo();
// Expect the default permission value to be empty.
auto* context = UsbChooserContextFactory::GetForProfile(browser()->profile());
EXPECT_FALSE(
context->HasDevicePermission(kTestOrigin, kTestOrigin, device_info));
// Update policy to add an entry to the permission value to allow
// |kTestOrigin| to access the device described by |device_info|.
PolicyMap policies;
base::Value device_value(base::Value::Type::DICTIONARY);
device_value.SetKey("vendor_id", base::Value(0));
device_value.SetKey("product_id", base::Value(0));
base::Value devices_value(base::Value::Type::LIST);
devices_value.Append(std::move(device_value));
base::Value urls_value(base::Value::Type::LIST);
urls_value.Append(base::Value("https://foo.com"));
base::Value entry(base::Value::Type::DICTIONARY);
entry.SetKey("devices", std::move(devices_value));
entry.SetKey("urls", std::move(urls_value));
auto policy_value = std::make_unique<base::Value>(base::Value::Type::LIST);
policy_value->Append(std::move(entry));
SetPolicy(&policies, key::kWebUsbAllowDevicesForUrls,
std::move(policy_value));
UpdateProviderPolicy(policies);
EXPECT_TRUE(
context->HasDevicePermission(kTestOrigin, kTestOrigin, device_info));
// Remove the policy to ensure that it can be dynamically updated.
SetPolicy(&policies, key::kWebUsbAllowDevicesForUrls,
std::make_unique<base::Value>(base::Value::Type::LIST));
UpdateProviderPolicy(policies);
EXPECT_FALSE(
context->HasDevicePermission(kTestOrigin, kTestOrigin, device_info));
}
// Handler for embedded http-server, returns a small page with javascript // Handler for embedded http-server, returns a small page with javascript
// variable and a link to increment it. It's for JavascriptBlacklistable test. // variable and a link to increment it. It's for JavascriptBlacklistable test.
std::unique_ptr<net::test_server::HttpResponse> JSIncrementerPageHandler( std::unique_ptr<net::test_server::HttpResponse> JSIncrementerPageHandler(
...@@ -4879,31 +4292,6 @@ IN_PROC_BROWSER_TEST_F(SignedExchangePolicyTest, SignedExchangeEnabled) { ...@@ -4879,31 +4292,6 @@ IN_PROC_BROWSER_TEST_F(SignedExchangePolicyTest, SignedExchangeEnabled) {
ASSERT_TRUE(HadSignedExchangeInAcceptHeader(url)); ASSERT_TRUE(HadSignedExchangeInAcceptHeader(url));
} }
class PolicyTestWithRealTimeUrlLookupFetchAllowList : public PolicyTest {
public:
PolicyTestWithRealTimeUrlLookupFetchAllowList() {
feature_list_.InitWithFeatures({safe_browsing::kRealTimeUrlLookupEnabled},
{});
}
private:
base::test::ScopedFeatureList feature_list_;
};
IN_PROC_BROWSER_TEST_F(PolicyTestWithRealTimeUrlLookupFetchAllowList,
CheckURLsInRealTime) {
EXPECT_FALSE(safe_browsing::RealTimePolicyEngine::CanPerformFullURLLookup(
browser()->profile()));
PolicyMap policies;
SetPolicy(&policies, key::kSafeBrowsingRealTimeLookupEnabled,
std::make_unique<base::Value>(true));
UpdateProviderPolicy(policies);
EXPECT_TRUE(safe_browsing::RealTimePolicyEngine::CanPerformFullURLLookup(
browser()->profile()));
}
class HSTSPolicyTest : public PolicyTest { class HSTSPolicyTest : public PolicyTest {
void SetUpInProcessBrowserTestFixture() override { void SetUpInProcessBrowserTestFixture() override {
PolicyTest::SetUpInProcessBrowserTestFixture(); PolicyTest::SetUpInProcessBrowserTestFixture();
......
chrome/browser/policy/safe_browsing_policy_browsertest.cc 0 → 100644
View file @ 073cdcb1
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <string>
#include <vector>
#include "base/memory/ptr_util.h"
#include "base/values.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/policy/policy_test_utils.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/safe_browsing/chrome_password_protection_service.h"
#include "chrome/browser/ui/browser.h"
#include "chrome/test/base/ui_test_utils.h"
#include "components/policy/core/common/policy_map.h"
#include "components/policy/policy_constants.h"
#include "components/prefs/pref_service.h"
#include "components/safe_browsing/features.h"
#include "components/safe_browsing/realtime/policy_engine.h"
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "url/gurl.h"
using safe_browsing::ReusedPasswordAccountType;
using testing::Return;
namespace policy {
// Test that when extended reporting opt-in is disabled by policy, the
// opt-in checkbox does not appear on SSL blocking pages.
// Note: SafeBrowsingExtendedReportingOptInAllowed policy is being deprecated.
IN_PROC_BROWSER_TEST_F(PolicyTest, SafeBrowsingExtendedReportingOptInAllowed) {
net::EmbeddedTestServer https_server_expired(
net::EmbeddedTestServer::TYPE_HTTPS);
https_server_expired.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
https_server_expired.ServeFilesFromSourceDirectory("chrome/test/data");
ASSERT_TRUE(https_server_expired.Start());
// First, navigate to an SSL error page and make sure the checkbox appears by
// default.
ui_test_utils::NavigateToURL(browser(), https_server_expired.GetURL("/"));
EXPECT_EQ(security_interstitials::CMD_TEXT_FOUND,
IsExtendedReportingCheckboxVisibleOnInterstitial());
// Set the enterprise policy to disallow opt-in.
const PrefService* const prefs = browser()->profile()->GetPrefs();
EXPECT_TRUE(
prefs->GetBoolean(prefs::kSafeBrowsingExtendedReportingOptInAllowed));
PolicyMap policies;
policies.Set(key::kSafeBrowsingExtendedReportingOptInAllowed,
POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
base::WrapUnique(new base::Value(false)), nullptr);
UpdateProviderPolicy(policies);
EXPECT_FALSE(
prefs->GetBoolean(prefs::kSafeBrowsingExtendedReportingOptInAllowed));
// Navigate to an SSL error page, the checkbox should not appear.
ui_test_utils::NavigateToURL(browser(), https_server_expired.GetURL("/"));
EXPECT_EQ(security_interstitials::CMD_TEXT_NOT_FOUND,
IsExtendedReportingCheckboxVisibleOnInterstitial());
}
// Test that when extended reporting is managed by policy, the opt-in checkbox
// does not appear on SSL blocking pages.
IN_PROC_BROWSER_TEST_F(PolicyTest, SafeBrowsingExtendedReportingPolicyManaged) {
net::EmbeddedTestServer https_server_expired(
net::EmbeddedTestServer::TYPE_HTTPS);
https_server_expired.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
https_server_expired.ServeFilesFromSourceDirectory("chrome/test/data");
ASSERT_TRUE(https_server_expired.Start());
// Set the extended reporting pref to True and ensure the enterprise policy
// can overwrite it.
PrefService* prefs = browser()->profile()->GetPrefs();
prefs->SetBoolean(prefs::kSafeBrowsingScoutReportingEnabled, true);
// First, navigate to an SSL error page and make sure the checkbox appears by
// default.
ui_test_utils::NavigateToURL(browser(), https_server_expired.GetURL("/"));
EXPECT_EQ(security_interstitials::CMD_TEXT_FOUND,
IsExtendedReportingCheckboxVisibleOnInterstitial());
// Set the enterprise policy to disable extended reporting.
EXPECT_TRUE(
prefs->GetBoolean(prefs::kSafeBrowsingExtendedReportingOptInAllowed));
PolicyMap policies;
policies.Set(key::kSafeBrowsingExtendedReportingEnabled,
POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
base::WrapUnique(new base::Value(false)), nullptr);
UpdateProviderPolicy(policies);
// Policy should have overwritten the pref, and it should be managed.
EXPECT_FALSE(prefs->GetBoolean(prefs::kSafeBrowsingScoutReportingEnabled));
EXPECT_TRUE(
prefs->IsManagedPreference(prefs::kSafeBrowsingScoutReportingEnabled));
// Also make sure the SafeBrowsing prefs helper functions agree with the
// policy.
EXPECT_TRUE(safe_browsing::IsExtendedReportingPolicyManaged(*prefs));
// Note that making SBER policy managed does NOT affect the SBEROptInAllowed
// setting, which is intentionally kept distinct for now. When the latter is
// deprecated, then SBER's policy management will imply whether the checkbox
// is visible.
EXPECT_TRUE(safe_browsing::IsExtendedReportingOptInAllowed(*prefs));
// Navigate to an SSL error page, the checkbox should not appear.
ui_test_utils::NavigateToURL(browser(), https_server_expired.GetURL("/"));
EXPECT_EQ(security_interstitials::CMD_TEXT_NOT_FOUND,
IsExtendedReportingCheckboxVisibleOnInterstitial());
}
// Test that when safe browsing whitelist domains are set by policy, safe
// browsing service gets the correct value.
IN_PROC_BROWSER_TEST_F(PolicyTest, SafeBrowsingWhitelistDomains) {
// Without setting up the enterprise policy,
// |GetSafeBrowsingDomainsPref(..) should return empty list.
const PrefService* const prefs = browser()->profile()->GetPrefs();
EXPECT_FALSE(
prefs->FindPreference(prefs::kSafeBrowsingWhitelistDomains)->IsManaged());
std::vector<std::string> canonicalized_domains;
safe_browsing::GetSafeBrowsingWhitelistDomainsPref(*prefs,
&canonicalized_domains);
EXPECT_TRUE(canonicalized_domains.empty());
// Add 2 whitelisted domains to this policy.
PolicyMap policies;
base::ListValue whitelist_domains;
whitelist_domains.AppendString("mydomain.com");
whitelist_domains.AppendString("mydomain.net");
policies.Set(key::kSafeBrowsingWhitelistDomains, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
whitelist_domains.CreateDeepCopy(), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(
prefs->FindPreference(prefs::kSafeBrowsingWhitelistDomains)->IsManaged());
safe_browsing::GetSafeBrowsingWhitelistDomainsPref(*prefs,
&canonicalized_domains);
EXPECT_EQ(2u, canonicalized_domains.size());
EXPECT_EQ("mydomain.com", canonicalized_domains[0]);
EXPECT_EQ("mydomain.net", canonicalized_domains[1]);
// Invalid domains will be skipped.
whitelist_domains.Clear();
whitelist_domains.AppendString(std::string("%EF%BF%BDzyx.com"));
policies.Set(key::kSafeBrowsingWhitelistDomains, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
whitelist_domains.CreateDeepCopy(), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(
prefs->FindPreference(prefs::kSafeBrowsingWhitelistDomains)->IsManaged());
canonicalized_domains.clear();
safe_browsing::GetSafeBrowsingWhitelistDomainsPref(*prefs,
&canonicalized_domains);
EXPECT_TRUE(canonicalized_domains.empty());
}
// Test that when password protection login URLs are set by policy, password
// protection service gets the correct value.
IN_PROC_BROWSER_TEST_F(PolicyTest, PasswordProtectionLoginURLs) {
// Without setting up the enterprise policy,
// |GetPasswordProtectionLoginURLsPref(..) should return empty list.
const PrefService* const prefs = browser()->profile()->GetPrefs();
EXPECT_FALSE(
prefs->FindPreference(prefs::kPasswordProtectionLoginURLs)->IsManaged());
std::vector<GURL> login_urls;
safe_browsing::GetPasswordProtectionLoginURLsPref(*prefs, &login_urls);
EXPECT_TRUE(login_urls.empty());
// Add 2 login URLs to this enterprise policy .
PolicyMap policies;
base::ListValue login_url_values;
login_url_values.AppendString("https://login.mydomain.com");
login_url_values.AppendString("https://mydomian.com/login.html");
policies.Set(key::kPasswordProtectionLoginURLs, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
login_url_values.CreateDeepCopy(), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(
prefs->FindPreference(prefs::kPasswordProtectionLoginURLs)->IsManaged());
safe_browsing::GetPasswordProtectionLoginURLsPref(*prefs, &login_urls);
EXPECT_EQ(2u, login_urls.size());
EXPECT_EQ(GURL("https://login.mydomain.com"), login_urls[0]);
EXPECT_EQ(GURL("https://mydomian.com/login.html"), login_urls[1]);
// Verify non-http/https schemes, or invalid URLs will be skipped.
login_url_values.Clear();
login_url_values.AppendString(std::string("invalid"));
login_url_values.AppendString(std::string("ftp://login.mydomain.com"));
policies.Set(key::kPasswordProtectionLoginURLs, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
login_url_values.CreateDeepCopy(), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(
prefs->FindPreference(prefs::kPasswordProtectionLoginURLs)->IsManaged());
login_urls.clear();
safe_browsing::GetPasswordProtectionLoginURLsPref(*prefs, &login_urls);
EXPECT_TRUE(login_urls.empty());
}
// Test that when password protection change password URL is set by policy,
// password protection service gets the correct value.
IN_PROC_BROWSER_TEST_F(PolicyTest, PasswordProtectionChangePasswordURL) {
// Without setting up the enterprise policy,
// |GetEnterpriseChangePasswordURL(..) should return default GAIA change
// password URL.
const PrefService* const prefs = browser()->profile()->GetPrefs();
const safe_browsing::ChromePasswordProtectionService* const service =
safe_browsing::ChromePasswordProtectionService::
GetPasswordProtectionService(browser()->profile());
EXPECT_FALSE(
prefs->FindPreference(prefs::kPasswordProtectionChangePasswordURL)
->IsManaged());
EXPECT_FALSE(prefs->HasPrefPath(prefs::kPasswordProtectionChangePasswordURL));
EXPECT_TRUE(service->GetEnterpriseChangePasswordURL().DomainIs(
"accounts.google.com"));
// Add change password URL to this enterprise policy .
PolicyMap policies;
policies.Set(
key::kPasswordProtectionChangePasswordURL, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
base::WrapUnique(new base::Value("https://changepassword.mydomain.com")),
nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(prefs->FindPreference(prefs::kPasswordProtectionChangePasswordURL)
->IsManaged());
EXPECT_EQ(GURL("https://changepassword.mydomain.com"),
service->GetEnterpriseChangePasswordURL());
// Verify non-http/https change password URL will be skipped.
policies.Set(key::kPasswordProtectionChangePasswordURL,
POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
base::WrapUnique(new base::Value("data:text/html,login page")),
nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(prefs->FindPreference(prefs::kPasswordProtectionChangePasswordURL)
->IsManaged());
EXPECT_TRUE(service->GetEnterpriseChangePasswordURL().DomainIs(
"accounts.google.com"));
}
class MockPasswordProtectionService
: public safe_browsing::ChromePasswordProtectionService {
public:
MockPasswordProtectionService(safe_browsing::SafeBrowsingService* sb_service,
Profile* profile)
: safe_browsing::ChromePasswordProtectionService(sb_service, profile) {}
~MockPasswordProtectionService() override {}
MOCK_CONST_METHOD0(IsPrimaryAccountGmail, bool());
AccountInfo GetAccountInfo() const override {
AccountInfo info;
info.email = "user@mycompany.com";
return info;
}
};
// Test that when password protection warning trigger is set for users who are
// not signed-into Chrome, Chrome password protection service gets the correct
// value.
IN_PROC_BROWSER_TEST_F(PolicyTest,
PasswordProtectionWarningTriggerNotLoggedIn) {
MockPasswordProtectionService mock_service(
g_browser_process->safe_browsing_service(), browser()->profile());
// If user is not signed-in, |GetPasswordProtectionWarningTriggerPref(...)|
// should return |PHISHING_REUSE| unless specified by policy.
const PrefService* const prefs = browser()->profile()->GetPrefs();
EXPECT_FALSE(prefs->FindPreference(prefs::kPasswordProtectionWarningTrigger)
->IsManaged());
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(
ReusedPasswordAccountType()));
// Sets the enterprise policy to 1 (a.k.a PASSWORD_REUSE).
PolicyMap policies;
policies.Set(key::kPasswordProtectionWarningTrigger, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(1), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(prefs->FindPreference(prefs::kPasswordProtectionWarningTrigger)
->IsManaged());
EXPECT_EQ(safe_browsing::PASSWORD_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(
ReusedPasswordAccountType()));
// Sets the enterprise policy to 2 (a.k.a PHISHING_REUSE).
policies.Set(key::kPasswordProtectionWarningTrigger, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(2), nullptr);
UpdateProviderPolicy(policies);
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(
ReusedPasswordAccountType()));
}
// Test that when password protection warning trigger is set for Gmail users,
// Chrome password protection service gets the correct
// value.
IN_PROC_BROWSER_TEST_F(PolicyTest, PasswordProtectionWarningTriggerGmail) {
MockPasswordProtectionService mock_service(
g_browser_process->safe_browsing_service(), browser()->profile());
// If user is a Gmail user, |GetPasswordProtectionWarningTriggerPref(...)|
// should return |PHISHING_REUSE| unless specified by policy.
EXPECT_CALL(mock_service, IsPrimaryAccountGmail())
.WillRepeatedly(Return(true));
const PrefService* const prefs = browser()->profile()->GetPrefs();
EXPECT_FALSE(prefs->FindPreference(prefs::kPasswordProtectionWarningTrigger)
->IsManaged());
ReusedPasswordAccountType account_type;
account_type.set_account_type(ReusedPasswordAccountType::GMAIL);
account_type.set_is_account_syncing(true);
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(account_type));
// Sets the enterprise policy to 1 (a.k.a PASSWORD_REUSE). Gmail accounts
// should always return PHISHING_REUSE regardless of what the policy is set
// to.
PolicyMap policies;
policies.Set(key::kPasswordProtectionWarningTrigger, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(1), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(prefs->FindPreference(prefs::kPasswordProtectionWarningTrigger)
->IsManaged());
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(account_type));
// Sets the enterprise policy to 2 (a.k.a PHISHING_REUSE).
policies.Set(key::kPasswordProtectionWarningTrigger, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(2), nullptr);
UpdateProviderPolicy(policies);
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(account_type));
}
// Test that when password protection warning trigger is set for GSuite users,
// Chrome password protection service gets the correct value.
IN_PROC_BROWSER_TEST_F(PolicyTest, PasswordProtectionWarningTriggerGSuite) {
MockPasswordProtectionService mock_service(
g_browser_process->safe_browsing_service(), browser()->profile());
const PrefService* const prefs = browser()->profile()->GetPrefs();
PolicyMap policies;
// If user is a GSuite user, |GetPasswordProtectionWarningTriggerPref(...)|
// should return |PHISHING_REUSE| unless specified by policy.
EXPECT_FALSE(prefs->FindPreference(prefs::kPasswordProtectionWarningTrigger)
->IsManaged());
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(
ReusedPasswordAccountType()));
// Sets the enterprise policy to 1 (a.k.a PASSWORD_REUSE).
policies.Set(key::kPasswordProtectionWarningTrigger, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(1), nullptr);
UpdateProviderPolicy(policies);
EXPECT_TRUE(prefs->FindPreference(prefs::kPasswordProtectionWarningTrigger)
->IsManaged());
EXPECT_EQ(safe_browsing::PASSWORD_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(
ReusedPasswordAccountType()));
// Sets the enterprise policy to 2 (a.k.a PHISHING_REUSE).
policies.Set(key::kPasswordProtectionWarningTrigger, POLICY_LEVEL_MANDATORY,
POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
std::make_unique<base::Value>(2), nullptr);
UpdateProviderPolicy(policies);
EXPECT_EQ(safe_browsing::PHISHING_REUSE,
mock_service.GetPasswordProtectionWarningTriggerPref(
ReusedPasswordAccountType()));
}
class PolicyTestWithRealTimeUrlLookupFetchAllowList : public PolicyTest {
public:
PolicyTestWithRealTimeUrlLookupFetchAllowList() {
feature_list_.InitWithFeatures({safe_browsing::kRealTimeUrlLookupEnabled},
{});
}
private:
base::test::ScopedFeatureList feature_list_;
};
IN_PROC_BROWSER_TEST_F(PolicyTestWithRealTimeUrlLookupFetchAllowList,
CheckURLsInRealTime) {
EXPECT_FALSE(safe_browsing::RealTimePolicyEngine::CanPerformFullURLLookup(
browser()->profile()));
PolicyMap policies;
SetPolicy(&policies, key::kSafeBrowsingRealTimeLookupEnabled,
std::make_unique<base::Value>(true));
UpdateProviderPolicy(policies);
EXPECT_TRUE(safe_browsing::RealTimePolicyEngine::CanPerformFullURLLookup(
browser()->profile()));
}
} // namespace policy
chrome/test/BUILD.gn
View file @ 073cdcb1
...@@ -1062,6 +1062,7 @@ if (!is_android) { ...@@ -1062,6 +1062,7 @@ if (!is_android) {
"../browser/policy/cloud/cloud_policy_test_utils.h", "../browser/policy/cloud/cloud_policy_test_utils.h",
"../browser/policy/cloud/component_cloud_policy_browsertest.cc", "../browser/policy/cloud/component_cloud_policy_browsertest.cc",
"../browser/policy/cloud/device_management_service_browsertest.cc", "../browser/policy/cloud/device_management_service_browsertest.cc",
"../browser/policy/content_settings_policy_browsertest.cc",
"../browser/policy/policy_browsertest.cc", "../browser/policy/policy_browsertest.cc",
"../browser/policy/policy_initialization_browsertest.cc", "../browser/policy/policy_initialization_browsertest.cc",
"../browser/policy/policy_network_browsertest.cc", "../browser/policy/policy_network_browsertest.cc",
...@@ -1069,6 +1070,7 @@ if (!is_android) { ...@@ -1069,6 +1070,7 @@ if (!is_android) {
"../browser/policy/policy_startup_browsertest.cc", "../browser/policy/policy_startup_browsertest.cc",
"../browser/policy/policy_test_utils.cc", "../browser/policy/policy_test_utils.cc",
"../browser/policy/policy_test_utils.h", "../browser/policy/policy_test_utils.h",
"../browser/policy/safe_browsing_policy_browsertest.cc",
"../browser/policy/site_isolation_policy_browsertest.cc", "../browser/policy/site_isolation_policy_browsertest.cc",
"../browser/portal/portal_browsertest.cc", "../browser/portal/portal_browsertest.cc",
"../browser/predictors/loading_predictor_browsertest.cc", "../browser/predictors/loading_predictor_browsertest.cc",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment