[s13n] Convert AdvancedProtectionStatusManagerTest away from FakeProfileOAuth2TokenService

This CL is a continuation of [1], where AdvancedProtectionStatusManager (production code)
was migrated from SigninManager and OAuth2TokenService to IdentityManager. At this time
the respective unittests are migrated.

The CL adds the adds/changes the following testing APIs:

- IdentityTestEnvironment::WaitForAccessTokenRequestIfNecessaryAndRespondWithToken
receives an extra (optional) parameter |id_token|, and forward it to
FakeProfileOAuth2TokenService::IssueAllTokensForAccount.
This allows the body of AdvancedProtectionStatusManagerTest::MakeOAuthTokenFetchSucceed
to be migrated flawlessly.

- IdentityTestEnvironment::UpdateAccountInfoForAccount. This method updates the account
information for a given known account, by calling AccountTrackerService::SeedAccountInfo.

[1] https://crrev.com/c/1250968

BUG=887266

Change-Id: Ica84fd299794552f2ae6957dfc6c7dde6bba7afa
Reviewed-on: https://chromium-review.googlesource.com/c/1308993
Commit-Queue: Antonio Gomes <tonikitoo@igalia.com>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Reviewed-by: Nathan Parker <nparker@chromium.org>
Reviewed-by: Jialiu Lin <jialiul@chromium.org>
Cr-Commit-Position: refs/heads/master@{#606440}

chrome/browser/safe_browsing/advanced_protection_status_manager_unittest.cc

@@ -7,15 +7,11 @@
 #include "base/bind.h"
 #include "chrome/browser/safe_browsing/advanced_protection_status_manager_factory.h"
 #include "chrome/browser/signin/account_tracker_service_factory.h"
-#include "chrome/browser/signin/fake_profile_oauth2_token_service_builder.h"
-#include "chrome/browser/signin/fake_signin_manager_builder.h"
-#include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
-#include "chrome/browser/signin/signin_manager_factory.h"
+#include "chrome/browser/signin/identity_test_environment_profile_adaptor.h"
 #include "chrome/test/base/testing_profile.h"
 #include "components/prefs/pref_service.h"
 #include "components/safe_browsing/common/safe_browsing_prefs.h"
 #include "components/signin/core/browser/account_tracker_service.h"
-#include "components/signin/core/browser/fake_profile_oauth2_token_service.h"
 #include "content/public/test/test_browser_thread_bundle.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -34,76 +30,61 @@ static const char* kIdTokenAdvancedProtectionDisabled =
 class AdvancedProtectionStatusManagerTest : public testing::Test {
  public:
   AdvancedProtectionStatusManagerTest() {
-    TestingProfile::Builder builder;
-    builder.AddTestingFactory(
-        SigninManagerFactory::GetInstance(),
-        base::BindRepeating(&BuildFakeSigninManagerForTesting));
-    builder.AddTestingFactory(
-        ProfileOAuth2TokenServiceFactory::GetInstance(),
-        base::BindRepeating(&BuildFakeProfileOAuth2TokenService));
-    testing_profile_.reset(builder.Build().release());
-    fake_signin_manager_ = static_cast<FakeSigninManagerForTesting*>(
-        SigninManagerFactory::GetForProfile(testing_profile_.get()));
+    testing_profile_ = IdentityTestEnvironmentProfileAdaptor::
+        CreateProfileForIdentityTestEnvironment();
+
+    identity_test_env_adaptor_ =
+        std::make_unique<IdentityTestEnvironmentProfileAdaptor>(
+            testing_profile_.get());
+
     account_tracker_service_ =
         AccountTrackerServiceFactory::GetForProfile(testing_profile_.get());
   }
 
   ~AdvancedProtectionStatusManagerTest() override {}
 
-  std::string SignIn(const std::string& gaia_id,
-                     const std::string& email,
+  std::string SignIn(const std::string& email,
                      bool is_under_advanced_protection) {
-    AccountInfo account_info;
-    account_info.gaia = gaia_id;
-    account_info.email = email;
+    AccountInfo account_info = identity_test_env()->MakeAccountAvailable(email);
+
     account_info.is_under_advanced_protection = is_under_advanced_protection;
-    std::string account_id =
-        account_tracker_service_->SeedAccountInfo(account_info);
-#if defined(OS_CHROMEOS)
-    fake_signin_manager_->SignIn(account_id);
-#else
-    fake_signin_manager_->SignIn(gaia_id, email, "password");
-#endif
-    GetTokenService()->UpdateCredentials(account_id, "refresh_token");
-    return account_id;
-  }
+    identity_test_env()->UpdateAccountInfoForAccount(account_info);
 
-  FakeProfileOAuth2TokenService* GetTokenService() {
-    ProfileOAuth2TokenService* service =
-        ProfileOAuth2TokenServiceFactory::GetForProfile(testing_profile_.get());
-    return static_cast<FakeProfileOAuth2TokenService*>(service);
-  }
+    identity_test_env()->SetPrimaryAccount(account_info.email);
 
-  bool IsRequestActive() {
-    return !GetTokenService()->GetPendingRequests().empty();
+    return account_info.account_id;
   }
 
   void MakeOAuthTokenFetchSucceed(const std::string& account_id,
                                   bool is_under_advanced_protection) {
-    ASSERT_TRUE(IsRequestActive());
-    GetTokenService()->IssueAllTokensForAccount(
-        account_id,
-        OAuth2AccessTokenConsumer::TokenResponse(
-            "access_token", base::Time::Now() + base::TimeDelta::FromHours(1),
+    identity_test_env()
+        ->WaitForAccessTokenRequestIfNecessaryAndRespondWithToken(
+            account_id, "access_token",
+            base::Time::Now() + base::TimeDelta::FromHours(1),
             is_under_advanced_protection ? kIdTokenAdvancedProtectionEnabled
-                                         : kIdTokenAdvancedProtectionDisabled));
+                                         : kIdTokenAdvancedProtectionDisabled);
   }
 
   void MakeOAuthTokenFetchFail(const std::string& account_id,
                                bool is_transient_error) {
-    ASSERT_TRUE(IsRequestActive());
-    GetTokenService()->IssueErrorForAllPendingRequestsForAccount(
-        account_id,
-        GoogleServiceAuthError(
-            is_transient_error
-                ? GoogleServiceAuthError::CONNECTION_FAILED
-                : GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
+    identity_test_env()
+        ->WaitForAccessTokenRequestIfNecessaryAndRespondWithError(
+            account_id,
+            GoogleServiceAuthError(
+                is_transient_error
+                    ? GoogleServiceAuthError::CONNECTION_FAILED
+                    : GoogleServiceAuthError::INVALID_GAIA_CREDENTIALS));
+  }
+
+  identity::IdentityTestEnvironment* identity_test_env() {
+    return identity_test_env_adaptor_->identity_test_env();
   }
 
  protected:
   content::TestBrowserThreadBundle thread_bundle;
   std::unique_ptr<TestingProfile> testing_profile_;
-  FakeSigninManagerForTesting* fake_signin_manager_;
+  std::unique_ptr<IdentityTestEnvironmentProfileAdaptor>
+      identity_test_env_adaptor_;
   AccountTrackerService* account_tracker_service_;
 };
 
@@ -132,16 +113,14 @@ TEST_F(AdvancedProtectionStatusManagerTest,
   // Simulates the situation where user signed in long time ago, thus
   // has no advanced protection status.
   std::string account_id =
-      SignIn("gaia_id", "email", /* is_under_advanced_protection = */ false);
+      SignIn("test@test.com", /* is_under_advanced_protection = */ false);
   AdvancedProtectionStatusManager aps_manager(
       testing_profile_.get(), base::TimeDelta() /*no min delay*/);
   base::RunLoop().RunUntilIdle();
   ASSERT_FALSE(aps_manager.GetPrimaryAccountId().empty());
 
-  // An OAuth2 access token request should be sent.
-  ASSERT_TRUE(IsRequestActive());
-  // Simulates receiving access token, and this user is not under advanced
-  // protection.
+  // Waits for access token request and respond with an error without advanced
+  // protection set.
   MakeOAuthTokenFetchFail(account_id, /* is_transient_error = */ true);
 
   EXPECT_FALSE(aps_manager.is_under_advanced_protection());
@@ -158,16 +137,14 @@ TEST_F(AdvancedProtectionStatusManagerTest,
   // Simulates the situation where user signed in long time ago, thus
   // has no advanced protection status.
   std::string account_id =
-      SignIn("gaia_id", "email", /* is_under_advanced_protection = */ false);
+      SignIn("test@test.com", /* is_under_advanced_protection = */ false);
   AdvancedProtectionStatusManager aps_manager(
       testing_profile_.get(), base::TimeDelta() /*no min delay*/);
   base::RunLoop().RunUntilIdle();
   ASSERT_FALSE(aps_manager.GetPrimaryAccountId().empty());
 
-  // An OAuth2 access token request should be sent.
-  ASSERT_TRUE(IsRequestActive());
-  // Simulates receiving access token, and this user is not under advanced
-  // protection.
+  // Waits for access token request and respond with an error without advanced
+  // protection set.
   MakeOAuthTokenFetchFail(account_id, /* is_transient_error = */ false);
 
   EXPECT_FALSE(aps_manager.is_under_advanced_protection());
@@ -184,15 +161,13 @@ TEST_F(AdvancedProtectionStatusManagerTest, SignedInLongTimeAgoNotUnderAP) {
   // Simulates the situation where user signed in long time ago, thus
   // has no advanced protection status.
   std::string account_id =
-      SignIn("gaia_id", "email", /* is_under_advanced_protection = */ false);
+      SignIn("test@test.com", /* is_under_advanced_protection = */ false);
   AdvancedProtectionStatusManager aps_manager(
       testing_profile_.get(), base::TimeDelta() /*no min delay*/);
   ASSERT_FALSE(aps_manager.GetPrimaryAccountId().empty());
   base::RunLoop().RunUntilIdle();
-  // An OAuth2 access token request should be sent.
-  ASSERT_TRUE(IsRequestActive());
-  // Simulates receiving access token, and this user is not under advanced
-  // protection.
+  // Waits for access token request and respond with a token without advanced
+  // protection set.
   MakeOAuthTokenFetchSucceed(account_id,
                              /* is_under_advanced_protection = */ false);
 
@@ -207,12 +182,12 @@ TEST_F(AdvancedProtectionStatusManagerTest, SignedInLongTimeAgoUnderAP) {
   // Simulates the situation where user signed in long time ago, thus
   // has no advanced protection status yet.
   std::string account_id =
-      SignIn("gaia_id", "email", /* is_under_advanced_protection = */ false);
+      SignIn("test@test.com", /* is_under_advanced_protection = */ false);
   AdvancedProtectionStatusManager aps_manager(
       testing_profile_.get(), base::TimeDelta() /*no min delay*/);
   base::RunLoop().RunUntilIdle();
-  // Simulates receiving access token, and this user is not under advanced
-  // protection.
+  // Waits for access token request and respond with a token without advanced
+  // protection set.
   MakeOAuthTokenFetchSucceed(account_id,
                              /* is_under_advanced_protection = */ true);
 
@@ -231,14 +206,12 @@ TEST_F(AdvancedProtectionStatusManagerTest, AlreadySignedInAndUnderAP) {
   // Simulates the situation where the user has already signed in and is
   // under advanced protection.
   std::string account_id =
-      SignIn("gaia_id", "email", /* is_under_advanced_protection = */ true);
+      SignIn("test@test.com", /* is_under_advanced_protection = */ true);
   AdvancedProtectionStatusManager aps_manager(
       testing_profile_.get(), base::TimeDelta() /*no min delay*/);
   ASSERT_FALSE(aps_manager.GetPrimaryAccountId().empty());
   ASSERT_TRUE(aps_manager.is_under_advanced_protection());
 
-  // Since user is already under advanced protection, no need to refresh.
-  EXPECT_FALSE(IsRequestActive());
   // A refresh is scheduled in the future.
   EXPECT_TRUE(aps_manager.IsRefreshScheduled());
   aps_manager.UnsubscribeFromSigninEvents();
@@ -253,7 +226,7 @@ TEST_F(AdvancedProtectionStatusManagerTest,
   // Simulates the situation where the user has already signed in and is
   // under advanced protection.
   std::string account_id =
-      SignIn("gaia_id", "email", /* is_under_advanced_protection = */ true);
+      SignIn("test@test.com", /* is_under_advanced_protection = */ true);
   AdvancedProtectionStatusManagerFactory::GetForBrowserContext(
       Profile::FromBrowserContext(testing_profile_.get()))
       ->MaybeRefreshOnStartUp();
@@ -275,7 +248,7 @@ TEST_F(AdvancedProtectionStatusManagerTest,
   // Simulates the situation where the user has already signed in and is
   // NOT under advanced protection.
   std::string account_id =
-      SignIn("gaia_id", "email", /* is_under_advanced_protection = */ false);
+      SignIn("test@test.com", /* is_under_advanced_protection = */ false);
   AdvancedProtectionStatusManagerFactory::GetForBrowserContext(
       Profile::FromBrowserContext(testing_profile_.get()))
       ->MaybeRefreshOnStartUp();
@@ -295,7 +268,7 @@ TEST_F(AdvancedProtectionStatusManagerTest, StayInAdvancedProtection) {
       last_update.ToDeltaSinceWindowsEpoch().InMicroseconds());
 
   std::string account_id =
-      SignIn("gaia_id", "email", /* is_under_advanced_protection = */ true);
+      SignIn("test@test.com", /* is_under_advanced_protection = */ true);
   AdvancedProtectionStatusManager aps_manager(
       testing_profile_.get(), base::TimeDelta() /*no min delay*/);
   ASSERT_FALSE(aps_manager.GetPrimaryAccountId().empty());
@@ -320,11 +293,11 @@ TEST_F(AdvancedProtectionStatusManagerTest, SignInAndSignOutEvent) {
   ASSERT_FALSE(aps_manager.is_under_advanced_protection());
   ASSERT_TRUE(aps_manager.GetPrimaryAccountId().empty());
 
-  SignIn("gaia_id", "email", /* is_under_advanced_protection = */ true);
+  SignIn("test@test.com", /* is_under_advanced_protection = */ true);
   EXPECT_TRUE(aps_manager.is_under_advanced_protection());
   EXPECT_TRUE(aps_manager.IsRefreshScheduled());
 
-  fake_signin_manager_->ForceSignOut();
+  identity_test_env()->ClearPrimaryAccount();
   EXPECT_FALSE(aps_manager.is_under_advanced_protection());
   EXPECT_TRUE(testing_profile_->GetPrefs()->HasPrefPath(
       prefs::kAdvancedProtectionLastRefreshInUs));
@@ -340,7 +313,7 @@ TEST_F(AdvancedProtectionStatusManagerTest, AccountRemoval) {
   ASSERT_TRUE(aps_manager.GetPrimaryAccountId().empty());
 
   std::string account_id =
-      SignIn("gaia_id", "email", /* is_under_advanced_protection = */ false);
+      SignIn("test@test.com", /* is_under_advanced_protection = */ false);
   EXPECT_FALSE(aps_manager.is_under_advanced_protection());
   EXPECT_FALSE(aps_manager.IsRefreshScheduled());
 

services/identity/public/cpp/identity_test_environment.cc

@@ -294,9 +294,12 @@ void IdentityTestEnvironment::
     WaitForAccessTokenRequestIfNecessaryAndRespondWithToken(
         const std::string& account_id,
         const std::string& token,
-        const base::Time& expiration) {
+        const base::Time& expiration,
+        const std::string& id_token) {
   WaitForAccessTokenRequestIfNecessary(account_id);
-  token_service_->IssueAllTokensForAccount(account_id, token, expiration);
+  token_service_->IssueAllTokensForAccount(
+      account_id,
+      OAuth2AccessTokenConsumer::TokenResponse(token, expiration, id_token));
 }
 
 void IdentityTestEnvironment::
@@ -399,4 +402,9 @@ void IdentityTestEnvironment::WaitForAccessTokenRequestIfNecessary(
   run_loop.Run();
 }
 
+void IdentityTestEnvironment::UpdateAccountInfoForAccount(
+    AccountInfo account_info) {
+  identity::UpdateAccountInfoForAccount(account_tracker_service_, account_info);
+}
+
 }  // namespace identity

services/identity/public/cpp/identity_test_environment.h

@@ -170,7 +170,8 @@ class IdentityTestEnvironment : public IdentityManager::DiagnosticsObserver {
   void WaitForAccessTokenRequestIfNecessaryAndRespondWithToken(
       const std::string& account_id,
       const std::string& token,
-      const base::Time& expiration);
+      const base::Time& expiration,
+      const std::string& id_token = std::string());
 
   // Issues |error| in response to any access token request that either has (a)
   // already occurred and has not been matched by a previous call to this or
@@ -204,6 +205,10 @@ class IdentityTestEnvironment : public IdentityManager::DiagnosticsObserver {
   // passing in a null callback, before the Wait* methods can be used again.
   void SetCallbackForNextAccessTokenRequest(base::OnceClosure callback);
 
+  // Updates the info for |account_info.account_id|, which must be a known
+  // account.
+  void UpdateAccountInfoForAccount(AccountInfo account_info);
+
  private:
   friend class ::IdentityTestEnvironmentChromeBrowserStateAdaptor;
   friend class ::IdentityTestEnvironmentProfileAdaptor;

services/identity/public/cpp/identity_test_utils.cc

@@ -326,4 +326,13 @@ void SetCookieAccounts(FakeGaiaCookieManagerService* cookie_manager,
   run_loop.Run();
 }
 
+void UpdateAccountInfoForAccount(AccountTrackerService* account_tracker_service,
+                                 AccountInfo account_info) {
+  // Make sure the account being updated is a known account.
+  DCHECK(!account_tracker_service->GetAccountInfo(account_info.account_id)
+              .account_id.empty());
+
+  account_tracker_service->SeedAccountInfo(account_info);
+}
+
 }  // namespace identity

services/identity/public/cpp/identity_test_utils.h

@@ -143,6 +143,11 @@ void SetCookieAccounts(FakeGaiaCookieManagerService* cookie_manager,
                        IdentityManager* identity_manager,
                        const std::vector<CookieParams>& cookie_accounts);
 
+// Updates the info for |account_info.account_id|, which must be a known
+// account.
+void UpdateAccountInfoForAccount(AccountTrackerService* account_tracker_service,
+                                 AccountInfo account_info);
+
 }  // namespace identity
 
 #endif  // SERVICES_IDENTITY_PUBLIC_CPP_IDENTITY_TEST_UTILS_H_