[DurableStorage] Don't grant durable if origin cannot write cookies.

R=michaeln@chromium.org, jww@chromium.org BUG=521183,652853,521082 Review-Url: https://codereview.chromium.org/2385653005 Cr-Commit-Position: refs/heads/master@{#423072}

[DurableStorage] Don't grant durable if origin cannot write cookies.
R=michaeln@chromium.org, jww@chromium.org BUG=521183,652853,521082 Review-Url: https://codereview.chromium.org/2385653005 Cr-Commit-Position: refs/heads/master@{#423072}
49882a41 · dmurph · Commit bot · 106d4825 · 49882a41 · 49882a41
Commit 49882a41 authored Oct 04, 2016 by dmurph Committed by Commit bot Oct 05, 2016
3 changed files
--- a/chrome/browser/storage/durable_storage_permission_context.cc
+++ b/chrome/browser/storage/durable_storage_permission_context.cc
@@ -8,11 +8,13 @@
 #include "base/logging.h"
 #include "chrome/browser/bookmarks/bookmark_model_factory.h"
+#include "chrome/browser/content_settings/cookie_settings_factory.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
 #include "chrome/browser/content_settings/tab_specific_content_settings.h"
 #include "chrome/browser/permissions/permission_request_id.h"
 #include "chrome/browser/profiles/profile.h"
 #include "components/bookmarks/browser/bookmark_model.h"
+#include "components/content_settings/core/browser/cookie_settings.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/content_settings/core/browser/website_settings_registry.h"
 #include "content/public/browser/browser_thread.h"
@@ -37,9 +39,30 @@ void DurableStoragePermissionContext::DecidePermission(
    bool user_gesture,
    const BrowserPermissionCallback& callback) {
  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+  DCHECK_NE(CONTENT_SETTING_ALLOW,
+            GetPermissionStatus(requesting_origin, embedding_origin));
+  DCHECK_NE(CONTENT_SETTING_BLOCK,
+            GetPermissionStatus(requesting_origin, embedding_origin));
-  // TODO(dgrogan): Remove bookmarks check in favor of site engagement. In the
+  // Durable is only allowed to be granted to the top-level origin. Embedding
-  // meantime maybe grant permission to A2HS origins as well.
+  // origin is the last committed navigation origin to the web contents.
+  if (requesting_origin != embedding_origin) {
+    NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,
+                        false /* persist */, CONTENT_SETTING_DEFAULT);
+    return;
+  }
+  // Don't grant durable if we can't write cookies.
+  scoped_refptr<content_settings::CookieSettings> cookie_settings =
+      CookieSettingsFactory::GetForProfile(profile());
+  if (!cookie_settings->IsSettingCookieAllowed(requesting_origin,
+                                               requesting_origin)) {
+    NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,
+                        false /* persist */, CONTENT_SETTING_DEFAULT);
+    return;
+  }
+  // TODO(dmurph): Remove bookmarks check in favor of important sites.
  BookmarkModel* model =
      BookmarkModelFactory::GetForBrowserContextIfExists(profile());
  if (model) {

--- a/chrome/browser/storage/durable_storage_permission_context.h
+++ b/chrome/browser/storage/durable_storage_permission_context.h
@@ -17,7 +17,7 @@ class DurableStoragePermissionContext : public PermissionContextBase {
  ~DurableStoragePermissionContext() override = default;
  // PermissionContextBase implementation.
-  // Grant if requesting_origin is bookmarked or already granted.
+  // Grant if requesting_origin is bookmarked.
  void DecidePermission(content::WebContents* web_contents,
                        const PermissionRequestID& id,
                        const GURL& requesting_origin,

--- a/chrome/browser/storage/durable_storage_permission_context_unittest.cc
+++ b/chrome/browser/storage/durable_storage_permission_context_unittest.cc
@@ -4,11 +4,76 @@
 #include "chrome/browser/storage/durable_storage_permission_context.h"
+#include "base/bind.h"
 #include "base/macros.h"
+#include "base/strings/utf_string_conversions.h"
+#include "chrome/browser/bookmarks/bookmark_model_factory.h"
+#include "chrome/browser/content_settings/cookie_settings_factory.h"
+#include "chrome/browser/content_settings/host_content_settings_map_factory.h"
+#include "chrome/browser/permissions/permission_request_id.h"
+#include "chrome/browser/permissions/permission_request_manager.h"
+#include "chrome/test/base/chrome_render_view_host_test_harness.h"
+#include "chrome/test/base/testing_profile.h"
+#include "components/bookmarks/test/bookmark_test_helpers.h"
+#include "components/content_settings/core/browser/cookie_settings.h"
+#include "components/content_settings/core/browser/host_content_settings_map.h"
+#include "content/public/browser/permission_manager.h"
+#include "content/public/browser/render_process_host.h"
 #include "testing/gtest/include/gtest/gtest.h"
 using bookmarks::BookmarkModel;
+namespace {
+void DoNothing(ContentSetting content_setting) {}
+class TestDurablePermissionContext : public DurableStoragePermissionContext {
+ public:
+  explicit TestDurablePermissionContext(Profile* profile)
+      : DurableStoragePermissionContext(profile),
+        permission_set_count_(0),
+        last_permission_set_persisted_(false),
+        last_permission_set_setting_(CONTENT_SETTING_DEFAULT) {}
+  int permission_set_count() const { return permission_set_count_; }
+  bool last_permission_set_persisted() const {
+    return last_permission_set_persisted_;
+  }
+  ContentSetting last_permission_set_setting() const {
+    return last_permission_set_setting_;
+  }
+  ContentSetting GetContentSettingFromMap(const GURL& url_a,
+                                          const GURL& url_b) {
+    return HostContentSettingsMapFactory::GetForProfile(profile())
+        ->GetContentSetting(url_a.GetOrigin(), url_b.GetOrigin(),
+                            CONTENT_SETTINGS_TYPE_DURABLE_STORAGE,
+                            std::string());
+  }
+ private:
+  // NotificationPermissionContext:
+  void NotifyPermissionSet(const PermissionRequestID& id,
+                           const GURL& requesting_origin,
+                           const GURL& embedder_origin,
+                           const BrowserPermissionCallback& callback,
+                           bool persist,
+                           ContentSetting content_setting) override {
+    permission_set_count_++;
+    last_permission_set_persisted_ = persist;
+    last_permission_set_setting_ = content_setting;
+    DurableStoragePermissionContext::NotifyPermissionSet(
+        id, requesting_origin, embedder_origin, callback, persist,
+        content_setting);
+  }
+  int permission_set_count_;
+  bool last_permission_set_persisted_;
+  ContentSetting last_permission_set_setting_;
+};
+}  // namespace
 class BookmarksOriginTest : public ::testing::Test {
 protected:
  static std::vector<BookmarkModel::URLAndTitle> MakeBookmarks(
@@ -49,3 +114,166 @@ TEST_F(BookmarksOriginTest, DoesntExist) {
  EXPECT_FALSE(DurableStoragePermissionContext::IsOriginBookmarked(
      bookmarks, looking_for));
 }
+class DurableStoragePermissionContextTest
+    : public ChromeRenderViewHostTestHarness {
+ protected:
+  void SetUp() override {
+    ChromeRenderViewHostTestHarness::SetUp();
+    HostContentSettingsMapFactory::GetForProfile(profile())
+        ->ClearSettingsForOneType(CONTENT_SETTINGS_TYPE_DURABLE_STORAGE);
+  }
+  void AddBookmark(const GURL& origin) {
+    if (!model_) {
+      profile()->CreateBookmarkModel(true);
+      model_ = BookmarkModelFactory::GetForBrowserContext(profile());
+      bookmarks::test::WaitForBookmarkModelToLoad(model_);
+    }
+    model_->AddURL(model_->bookmark_bar_node(), 0,
+                   base::ASCIIToUTF16(origin.spec()), origin);
+  }
+  BookmarkModel* model_ = nullptr;
+};
+TEST_F(DurableStoragePermissionContextTest, Bookmarked) {
+  TestDurablePermissionContext permission_context(profile());
+  GURL url("https://www.google.com");
+  AddBookmark(url);
+  NavigateAndCommit(url);
+  const PermissionRequestID id(web_contents()->GetRenderProcessHost()->GetID(),
+                               web_contents()->GetMainFrame()->GetRoutingID(),
+                               -1);
+  ASSERT_EQ(0, permission_context.permission_set_count());
+  ASSERT_FALSE(permission_context.last_permission_set_persisted());
+  ASSERT_EQ(CONTENT_SETTING_DEFAULT,
+            permission_context.last_permission_set_setting());
+  permission_context.DecidePermission(web_contents(), id, url, url,
+                                      true /* user_gesture */,
+                                      base::Bind(&DoNothing));
+  // Success.
+  EXPECT_EQ(1, permission_context.permission_set_count());
+  EXPECT_TRUE(permission_context.last_permission_set_persisted());
+  EXPECT_EQ(CONTENT_SETTING_ALLOW,
+            permission_context.last_permission_set_setting());
+}
+TEST_F(DurableStoragePermissionContextTest, BookmarkAndIncognitoMode) {
+  TestDurablePermissionContext permission_context(
+      profile()->GetOffTheRecordProfile());
+  GURL url("https://www.google.com");
+  AddBookmark(url);
+  NavigateAndCommit(url);
+  const PermissionRequestID id(web_contents()->GetRenderProcessHost()->GetID(),
+                               web_contents()->GetMainFrame()->GetRoutingID(),
+                               -1);
+  ASSERT_EQ(0, permission_context.permission_set_count());
+  ASSERT_FALSE(permission_context.last_permission_set_persisted());
+  ASSERT_EQ(CONTENT_SETTING_DEFAULT,
+            permission_context.last_permission_set_setting());
+  permission_context.DecidePermission(web_contents(), id, url, url,
+                                      true /* user_gesture */,
+                                      base::Bind(&DoNothing));
+  // Success.
+  EXPECT_EQ(1, permission_context.permission_set_count());
+  EXPECT_TRUE(permission_context.last_permission_set_persisted());
+  EXPECT_EQ(CONTENT_SETTING_ALLOW,
+            permission_context.last_permission_set_setting());
+}
+TEST_F(DurableStoragePermissionContextTest, NoBookmark) {
+  TestDurablePermissionContext permission_context(profile());
+  GURL url("https://www.google.com");
+  NavigateAndCommit(url);
+  const PermissionRequestID id(web_contents()->GetRenderProcessHost()->GetID(),
+                               web_contents()->GetMainFrame()->GetRoutingID(),
+                               -1);
+  ASSERT_EQ(0, permission_context.permission_set_count());
+  ASSERT_FALSE(permission_context.last_permission_set_persisted());
+  ASSERT_EQ(CONTENT_SETTING_DEFAULT,
+            permission_context.last_permission_set_setting());
+  permission_context.DecidePermission(web_contents(), id, url, url,
+                                      true /* user_gesture */,
+                                      base::Bind(&DoNothing));
+  // We shouldn't be granted.
+  EXPECT_EQ(1, permission_context.permission_set_count());
+  EXPECT_FALSE(permission_context.last_permission_set_persisted());
+  EXPECT_EQ(CONTENT_SETTING_DEFAULT,
+            permission_context.last_permission_set_setting());
+}
+TEST_F(DurableStoragePermissionContextTest, CookiesNotAllowed) {
+  TestDurablePermissionContext permission_context(profile());
+  GURL url("https://www.google.com");
+  AddBookmark(url);
+  NavigateAndCommit(url);
+  scoped_refptr<content_settings::CookieSettings> cookie_settings =
+      CookieSettingsFactory::GetForProfile(profile());
+  cookie_settings->SetCookieSetting(url, CONTENT_SETTING_BLOCK);
+  const PermissionRequestID id(web_contents()->GetRenderProcessHost()->GetID(),
+                               web_contents()->GetMainFrame()->GetRoutingID(),
+                               -1);
+  ASSERT_EQ(0, permission_context.permission_set_count());
+  ASSERT_FALSE(permission_context.last_permission_set_persisted());
+  ASSERT_EQ(CONTENT_SETTING_DEFAULT,
+            permission_context.last_permission_set_setting());
+  permission_context.DecidePermission(web_contents(), id, url, url,
+                                      true /* user_gesture */,
+                                      base::Bind(&DoNothing));
+  // We shouldn't be granted.
+  EXPECT_EQ(1, permission_context.permission_set_count());
+  EXPECT_FALSE(permission_context.last_permission_set_persisted());
+  EXPECT_EQ(CONTENT_SETTING_DEFAULT,
+            permission_context.last_permission_set_setting());
+}
+TEST_F(DurableStoragePermissionContextTest, EmbeddedFrame) {
+  TestDurablePermissionContext permission_context(profile());
+  GURL url("https://www.google.com");
+  GURL requesting_url("https://www.youtube.com");
+  AddBookmark(url);
+  NavigateAndCommit(url);
+  const PermissionRequestID id(web_contents()->GetRenderProcessHost()->GetID(),
+                               web_contents()->GetMainFrame()->GetRoutingID(),
+                               -1);
+  ASSERT_EQ(0, permission_context.permission_set_count());
+  ASSERT_FALSE(permission_context.last_permission_set_persisted());
+  ASSERT_EQ(CONTENT_SETTING_DEFAULT,
+            permission_context.last_permission_set_setting());
+  permission_context.DecidePermission(web_contents(), id, requesting_url, url,
+                                      true /* user_gesture */,
+                                      base::Bind(&DoNothing));
+  // We shouldn't be granted.
+  EXPECT_EQ(1, permission_context.permission_set_count());
+  EXPECT_FALSE(permission_context.last_permission_set_persisted());
+  EXPECT_EQ(CONTENT_SETTING_DEFAULT,
+            permission_context.last_permission_set_setting());
+}
+TEST_F(DurableStoragePermissionContextTest, NonsecureOrigin) {
+  TestDurablePermissionContext permission_context(profile());
+  GURL url("http://www.google.com");
+  EXPECT_EQ(CONTENT_SETTING_BLOCK,
+            permission_context.GetPermissionStatus(url, url));
+}