Commit 81218bf0 authored by Andreea Costinas's avatar Andreea Costinas Committed by Chromium LUCI CQ

Allow System-proxy credentials reuse for MGS/Kiosk

MGS and Kiosk are pre-configured browsing sessions that aren’t tied to
a user. This CL enables reusing the proxy credentials set via device
policy SystemProxySettings to authenticate MGS/Kiosk devices to a
remote proxy.

go/system-proxy-share-policy-credentials

Bug: 1132840
Tests: unittests, browsertests
Change-Id: I197ec95bfd7da138aff5dd02caf2fe0921ed9df4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2596344Reviewed-by: default avatarAndreea-Elena Costinas <acostinas@google.com>
Reviewed-by: default avatarPavol Marko <pmarko@chromium.org>
Commit-Queue: Andreea-Elena Costinas <acostinas@google.com>
Cr-Commit-Position: refs/heads/master@{#841447}
parent 501cde7e
......@@ -408,6 +408,7 @@
#include "ash/public/cpp/tablet_mode.h"
#include "chrome/app/chrome_crash_reporter_client.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/browser_process_platform_part.h"
#include "chrome/browser/chromeos/arc/fileapi/arc_content_file_system_backend_delegate.h"
#include "chrome/browser/chromeos/arc/fileapi/arc_documents_provider_backend_delegate.h"
#include "chrome/browser/chromeos/chrome_browser_main_chromeos.h"
......@@ -425,6 +426,7 @@
#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
#include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
#include "chrome/browser/chromeos/policy/system_features_disable_list_policy_handler.h"
#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
#include "chrome/browser/chromeos/profiles/profile_helper.h"
#include "chrome/browser/chromeos/smb_client/fileapi/smbfs_file_system_backend_delegate.h"
#include "chrome/browser/chromeos/system/input_device_settings.h"
......@@ -5095,6 +5097,21 @@ ChromeContentBrowserClient::CreateLoginDelegate(
scoped_refptr<net::HttpResponseHeaders> response_headers,
bool first_auth_attempt,
LoginAuthRequiredCallback auth_required_callback) {
#if BUILDFLAG(IS_CHROMEOS_ASH)
policy::SystemProxyManager* system_proxy_manager =
g_browser_process->platform_part()
->browser_policy_connector_chromeos()
->GetSystemProxyManager();
// For Managed Guest Session and Kiosk devices, the credentials configured
// via the policy SystemProxySettings may be used for proxy authentication.
// Note: |system_proxy_manager| may be missing in tests.
if (system_proxy_manager && system_proxy_manager->CanUsePolicyCredentials(
auth_info, first_auth_attempt)) {
return system_proxy_manager->CreateLoginDelegate(
std::move(auth_required_callback));
}
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
// For subresources, create a LoginHandler directly, which may show a login
// prompt to the user. Main frame resources go through LoginTabHelper, which
// manages a more complicated flow to avoid confusion about which website is
......
......@@ -5,6 +5,8 @@
#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
#include "base/bind.h"
#include "base/containers/contains.h"
#include "base/memory/weak_ptr.h"
#include "base/strings/string16.h"
#include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h"
......@@ -17,8 +19,10 @@
#include "chrome/browser/ui/browser.h"
#include "chrome/browser/ui/browser_finder.h"
#include "chrome/browser/ui/browser_window.h"
#include "chrome/browser/ui/login/login_handler.h"
#include "chrome/common/pref_names.h"
#include "chromeos/dbus/system_proxy/system_proxy_client.h"
#include "chromeos/login/login_state/login_state.h"
#include "chromeos/network/network_event_log.h"
#include "chromeos/network/network_state.h"
#include "chromeos/network/network_state_handler.h"
......@@ -46,6 +50,40 @@
namespace {
const char kSystemProxyService[] = "system-proxy-service";
// A `content::LoginDelegate` implementation that returns to the caller the
// proxy credentials set by the policy `SystemProxySettings`.
class SystemProxyLoginHandler : public content::LoginDelegate {
public:
SystemProxyLoginHandler() = default;
~SystemProxyLoginHandler() override = default;
SystemProxyLoginHandler(const SystemProxyLoginHandler&) = delete;
SystemProxyLoginHandler& operator=(const SystemProxyLoginHandler&) = delete;
void AuthenticateWithCredentials(
const std::string& username,
const std::string& password,
LoginAuthRequiredCallback auth_required_callback) {
base::ThreadTaskRunnerHandle::Get()->PostTask(
FROM_HERE,
base::BindOnce(&SystemProxyLoginHandler::InvokeWithCredentials,
weak_factory_.GetWeakPtr(), username, password,
std::move(auth_required_callback)));
}
private:
void InvokeWithCredentials(const std::string& username,
const std::string& password,
LoginAuthRequiredCallback auth_required_callback) {
std::move(auth_required_callback)
.Run(base::make_optional<net::AuthCredentials>(
base::UTF8ToUTF16(username), base::UTF8ToUTF16(password)));
}
base::WeakPtrFactory<SystemProxyLoginHandler> weak_factory_{this};
};
} // namespace
namespace policy {
......@@ -380,6 +418,47 @@ void SystemProxyManager::RegisterProfilePrefs(PrefRegistrySimple* registry) {
/*default_value=*/std::string());
}
bool SystemProxyManager::CanUsePolicyCredentials(
const net::AuthChallengeInfo& auth_info,
bool first_auth_attempt) {
if (!auth_info.is_proxy || !first_auth_attempt)
return false;
if (!chromeos::LoginState::IsInitialized() ||
(!chromeos::LoginState::Get()->IsPublicSessionUser() &&
!chromeos::LoginState::Get()->IsKioskApp())) {
VLOG(1) << "Only kiosk app and MGS can reuse the policy provided proxy "
"credentials for authentication";
return false;
}
if (!system_proxy_enabled_ || system_services_username_.empty() ||
system_services_password_.empty()) {
return false;
}
if (!IsManagedProxyConfigured()) {
return false;
}
if (!policy_credentials_auth_schemes_.empty()) {
if (!base::Contains(policy_credentials_auth_schemes_, auth_info.scheme)) {
VLOG(1) << "Auth scheme not allowed by policy";
return false;
}
}
return true;
}
std::unique_ptr<content::LoginDelegate> SystemProxyManager::CreateLoginDelegate(
LoginAuthRequiredCallback auth_required_callback) {
auto login_delegate = std::make_unique<SystemProxyLoginHandler>();
login_delegate->AuthenticateWithCredentials(
system_services_username_, system_services_password_,
std::move(auth_required_callback));
return std::move(login_delegate);
}
void SystemProxyManager::OnSetAuthenticationDetails(
const system_proxy::SetAuthenticationDetailsResponse& response) {
if (response.has_error_message()) {
......
......@@ -17,6 +17,8 @@
#include "chrome/browser/extensions/api/settings_private/prefs_util.h"
#include "chromeos/dbus/system_proxy/system_proxy_service.pb.h"
#include "chromeos/network/network_state_handler_observer.h"
#include "components/user_manager/user_manager.h"
#include "content/public/browser/content_browser_client.h"
#include "net/base/auth.h"
namespace chromeos {
......@@ -25,6 +27,10 @@ class RequestSystemProxyCredentialsView;
class SystemProxyNotification;
} // namespace chromeos
namespace content {
class LoginDelegate;
}
namespace system_proxy {
class SetAuthenticationDetailsResponse;
class ShutDownResponse;
......@@ -81,6 +87,23 @@ class SystemProxyManager : public chromeos::NetworkStateHandlerObserver {
// Registers prefs stored in user profiles.
static void RegisterProfilePrefs(PrefRegistrySimple* registry);
// Indicates whether the credentials set via the device policy
// SystemProxySettings can be used for proxy authentication in Chrome. The
// following conditions must be true:
// - the current session must be Managed Guest Session (MGS) or Kiosk app;
// - the proxy is set via policy;
// - System-proxy is enabled and credentials are set via policy;
// - `first_auth_attempt` is true;
// - `auth_info.scheme` must be allowed by the SystemProxySettings policy.
bool CanUsePolicyCredentials(const net::AuthChallengeInfo& auth_info,
bool first_auth_attempt);
// Returns a login delegate that posts `auth_required_callback` with the
// credentials provided by the policy SystemProxySettings. Callers must verify
// that `CanUsePolicyCredentials` is true before calling this method.
std::unique_ptr<content::LoginDelegate> CreateLoginDelegate(
LoginAuthRequiredCallback auth_required_callback);
private:
// NetworkStateHandlerObserver implementation
void DefaultNetworkChanged(const chromeos::NetworkState* network) override;
......
......@@ -17,7 +17,10 @@
#include "chrome/browser/chromeos/policy/system_proxy_manager.h"
#include "chrome/browser/chromeos/ui/request_system_proxy_credentials_view.h"
#include "chrome/browser/notifications/notification_display_service_tester.h"
#include "chrome/browser/prefetch/prefetch_proxy/prefetch_proxy_test_utils.h"
#include "chrome/browser/ui/browser.h"
#include "chrome/browser/ui/login/login_handler.h"
#include "chrome/browser/ui/login/login_handler_test_utils.h"
#include "chrome/common/pref_names.h"
#include "chrome/test/base/in_process_browser_test.h"
#include "chrome/test/base/testing_browser_process.h"
......@@ -29,6 +32,7 @@
#include "chromeos/dbus/shill/shill_service_client.h"
#include "chromeos/dbus/system_proxy/system_proxy_client.h"
#include "chromeos/dbus/system_proxy/system_proxy_service.pb.h"
#include "chromeos/login/login_state/login_state.h"
#include "chromeos/network/network_handler.h"
#include "chromeos/network/network_state.h"
#include "chromeos/network/network_state_handler.h"
......@@ -46,8 +50,16 @@
#include "components/proxy_config/proxy_prefs.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/notification_service.h"
#include "content/public/browser/storage_partition.h"
#include "content/public/test/browser_test.h"
#include "content/public/test/browser_test_utils.h"
#include "net/base/proxy_server.h"
#include "net/dns/mock_host_resolver.h"
#include "net/http/http_auth_cache.h"
#include "net/test/embedded_test_server/default_handlers.h"
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "net/test/spawned_test_server/spawned_test_server.h"
#include "net/url_request/url_request_context.h"
#include "ui/views/controls/label.h"
#include "ui/views/controls/textfield/textfield.h"
......@@ -618,4 +630,167 @@ IN_PROC_BROWSER_TEST_F(SystemProxyManagerPolicyCredentialsBrowserTest,
ExpectSystemCredentialsSent(kUsername, kPassword, {"ntlm"});
}
namespace {
constexpr char kProxyUsername[] = "foo";
constexpr char kProxyPassword[] = "bar";
constexpr char kBadUsername[] = "bad-username";
constexpr char kBadPassword[] = "bad-pwd";
constexpr char kOriginHostname[] = "a.test";
} // namespace
class SystemProxyCredentialsReuseBrowserTest
: public SystemProxyManagerPolicyCredentialsBrowserTest {
public:
SystemProxyCredentialsReuseBrowserTest()
: proxy_server_(std::make_unique<net::SpawnedTestServer>(
net::SpawnedTestServer::TYPE_BASIC_AUTH_PROXY,
base::FilePath())) {}
SystemProxyCredentialsReuseBrowserTest(
const SystemProxyCredentialsReuseBrowserTest&) = delete;
SystemProxyCredentialsReuseBrowserTest& operator=(
const SystemProxyCredentialsReuseBrowserTest&) = delete;
~SystemProxyCredentialsReuseBrowserTest() override = default;
void SetUpOnMainThread() override {
InProcessBrowserTest::SetUpOnMainThread();
host_resolver()->AddRule(kOriginHostname, "127.0.0.1");
proxy_server_->set_redirect_connect_to_localhost(true);
ASSERT_TRUE(proxy_server_->Start());
https_server_ = std::make_unique<net::EmbeddedTestServer>(
net::EmbeddedTestServer::TYPE_HTTPS);
https_server_->SetSSLConfig(net::EmbeddedTestServer::CERT_TEST_NAMES);
https_server_->ServeFilesFromSourceDirectory("chrome/test/data");
net::test_server::RegisterDefaultHandlers(https_server_.get());
ASSERT_TRUE(https_server_->Start());
}
protected:
content::WebContents* GetWebContents() const {
return browser()->tab_strip_model()->GetActiveWebContents();
}
void SetManagedProxy() {
// Configure a proxy via user policy.
base::Value proxy_config(base::Value::Type::DICTIONARY);
proxy_config.SetKey("mode",
base::Value(ProxyPrefs::kFixedServersProxyModeName));
proxy_config.SetKey(
"server", base::Value(proxy_server_->host_port_pair().ToString()));
browser()->profile()->GetPrefs()->Set(proxy_config::prefs::kProxy,
proxy_config);
RunUntilIdle();
}
GURL GetServerUrl(const std::string& page) {
return https_server_->GetURL(kOriginHostname, page);
}
// Navigates to the test page "/simple.html" and authenticates in the proxy
// login dialog with `username` and `password`.
void LoginWithDialog(const std::string& username,
const std::string& password) {
LoginPromptBrowserTestObserver login_observer;
login_observer.Register(content::Source<content::NavigationController>(
&GetWebContents()->GetController()));
WindowedAuthNeededObserver auth_needed(&GetWebContents()->GetController());
ui_test_utils::NavigateToURL(browser(), GetServerUrl("/simple.html"));
auth_needed.Wait();
WindowedAuthSuppliedObserver auth_supplied(
&GetWebContents()->GetController());
LoginHandler* login_handler = login_observer.handlers().front();
login_handler->SetAuth(base::ASCIIToUTF16(username),
base::ASCIIToUTF16(password));
auth_supplied.Wait();
EXPECT_EQ(1, login_observer.auth_supplied_count());
}
void CheckEntryInHttpAuthCache(const std::string& auth_scheme,
const std::string& expected_username,
const std::string& expected_password) {
network::mojom::NetworkContext* network_context =
content::BrowserContext::GetDefaultStoragePartition(
browser()->profile())
->GetNetworkContext();
std::string username;
std::string password;
base::RunLoop loop;
network_context->LookupProxyAuthCredentials(
net::ProxyServer(net::ProxyServer::SCHEME_HTTP,
proxy_server_->host_port_pair()),
auth_scheme, "MyRealm1",
base::BindOnce(
[](std::string* username, std::string* password,
base::OnceClosure closure,
const base::Optional<net::AuthCredentials>& credentials) {
if (credentials) {
*username = base::UTF16ToUTF8(credentials->username());
*password = base::UTF16ToUTF8(credentials->password());
}
std::move(closure).Run();
},
&username, &password, loop.QuitClosure()));
loop.Run();
EXPECT_EQ(username, expected_username);
EXPECT_EQ(password, expected_password);
}
SystemProxyManager* GetSystemProxyManager() {
return g_browser_process->platform_part()
->browser_policy_connector_chromeos()
->GetSystemProxyManager();
}
std::unique_ptr<net::EmbeddedTestServer> https_server_;
// A proxy server which requires authentication using the 'Basic'
// authentication method.
std::unique_ptr<net::SpawnedTestServer> proxy_server_;
};
// Verifies that the policy provided credentials are not used for regular users.
IN_PROC_BROWSER_TEST_F(SystemProxyCredentialsReuseBrowserTest, RegularUser) {
SetManagedProxy();
SetPolicyCredentials(kProxyUsername, kProxyPassword);
LoginWithDialog(kProxyUsername, kProxyPassword);
CheckEntryInHttpAuthCache("Basic", kProxyUsername, kProxyPassword);
}
// Verifies that the policy provided credentials are used for MGS.
IN_PROC_BROWSER_TEST_F(SystemProxyCredentialsReuseBrowserTest,
PolicyCredentialsUsed) {
SetManagedProxy();
chromeos::LoginState::Get()->SetLoggedInState(
chromeos::LoginState::LOGGED_IN_ACTIVE,
chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
SetPolicyCredentials(kProxyUsername, kProxyPassword);
ui_test_utils::NavigateToURL(browser(), GetServerUrl("/simple.html"));
CheckEntryInHttpAuthCache("Basic", kProxyUsername, kProxyPassword);
}
// Verifies that if the policy provided proxy credentials are not correct in a
// MGS, then the user is prompted for credentials.
IN_PROC_BROWSER_TEST_F(SystemProxyCredentialsReuseBrowserTest,
BadPolicyCredentials) {
SetManagedProxy();
chromeos::LoginState::Get()->SetLoggedInState(
chromeos::LoginState::LOGGED_IN_ACTIVE,
chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
SetPolicyCredentials(kBadUsername, kBadPassword);
LoginWithDialog(kProxyUsername, kProxyPassword);
CheckEntryInHttpAuthCache("Basic", kProxyUsername, kProxyPassword);
}
// Verifies that the policy provided proxy credentials are only used for
// authentication schemes allowed by the SystemProxySettings policy.
IN_PROC_BROWSER_TEST_F(SystemProxyCredentialsReuseBrowserTest,
RestrictedPolicyCredentials) {
SetManagedProxy();
chromeos::LoginState::Get()->SetLoggedInState(
chromeos::LoginState::LOGGED_IN_ACTIVE,
chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
SetPolicyCredentials(kProxyUsername, kProxyPassword, R"("ntlm","digest")");
LoginWithDialog(kProxyUsername, kProxyPassword);
CheckEntryInHttpAuthCache("Basic", kProxyUsername, kProxyPassword);
}
} // namespace policy
......@@ -20,6 +20,8 @@
#include "chromeos/network/network_handler.h"
#include "components/arc/arc_prefs.h"
#include "components/prefs/pref_service.h"
#include "components/proxy_config/proxy_config_pref_names.h"
#include "components/proxy_config/proxy_prefs.h"
#include "content/public/browser/network_service_instance.h"
#include "content/public/browser/storage_partition.h"
#include "content/public/test/browser_task_environment.h"
......@@ -43,6 +45,8 @@ using testing::WithArg;
namespace {
constexpr char kBrowserUsername[] = "browser_username";
constexpr char kBrowserPassword[] = "browser_password";
constexpr char kPolicyUsername[] = "policy_username";
constexpr char kPolicyPassword[] = "policy_password";
constexpr char kKerberosActivePrincipalName[] = "kerberos_princ_name";
constexpr char kProxyAuthUrl[] = "http://example.com:3128";
constexpr char kProxyAuthEmptyPath[] = "http://example.com:3128/";
......@@ -73,6 +77,22 @@ network::NetworkService* GetNetworkService() {
return network::NetworkService::GetNetworkServiceForTesting();
}
void SetManagedProxy(Profile* profile) {
// Configure a proxy via user policy.
base::Value proxy_config(base::Value::Type::DICTIONARY);
proxy_config.SetKey("mode",
base::Value(ProxyPrefs::kFixedServersProxyModeName));
proxy_config.SetKey("server", base::Value(kProxyAuthUrl));
profile->GetPrefs()->Set(proxy_config::prefs::kProxy, proxy_config);
}
net::AuthChallengeInfo GetAuthInfo() {
net::AuthChallengeInfo auth_info;
auth_info.is_proxy = true;
auth_info.scheme = kScheme;
return auth_info;
}
} // namespace
namespace policy {
......@@ -88,6 +108,7 @@ class SystemProxyManagerTest : public testing::Test {
testing::Test::SetUp();
chromeos::shill_clients::InitializeFakes();
chromeos::NetworkHandler::Initialize();
chromeos::LoginState::Initialize();
profile_ = std::make_unique<TestingProfile>();
chromeos::SystemProxyClient::InitializeFake();
......@@ -95,11 +116,14 @@ class SystemProxyManagerTest : public testing::Test {
chromeos::CrosSettings::Get(), local_state_.Get());
// Listen for pref changes for the primary profile.
system_proxy_manager_->StartObservingPrimaryProfilePrefs(profile_.get());
chromeos::NetworkHandler::Get()->InitializePrefServices(
profile_->GetPrefs(), local_state_.Get());
}
void TearDown() override {
system_proxy_manager_->StopObservingPrimaryProfilePrefs();
system_proxy_manager_.reset();
chromeos::LoginState::Shutdown();
chromeos::SystemProxyClient::Shutdown();
chromeos::NetworkHandler::Shutdown();
chromeos::shill_clients::Shutdown();
......@@ -334,4 +358,98 @@ TEST_F(SystemProxyManagerTest, ArcWorkerAddressPrefSynced) {
.empty());
}
// Verifies that only MGS and Kiosk can use the policy provided credentials.
TEST_F(SystemProxyManagerTest, CanUsePolicyCredentialsUserType) {
SetPolicy(/*system_proxy_enabled=*/true,
/*system_services_username=*/kPolicyUsername,
/*system_services_password=*/kPolicyPassword);
SetManagedProxy(profile_.get());
chromeos::LoginState::Get()->SetLoggedInState(
chromeos::LoginState::LOGGED_IN_ACTIVE,
chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
EXPECT_TRUE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/true));
chromeos::LoginState::Get()->SetLoggedInState(
chromeos::LoginState::LOGGED_IN_ACTIVE,
chromeos::LoginState::LOGGED_IN_USER_KIOSK_APP);
EXPECT_TRUE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/true));
chromeos::LoginState::Get()->SetLoggedInState(
chromeos::LoginState::LOGGED_IN_ACTIVE,
chromeos::LoginState::LOGGED_IN_USER_REGULAR);
EXPECT_FALSE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/true));
}
// Verifies that the policy provided credentials are only used for proxy auth.
TEST_F(SystemProxyManagerTest, CanUsePolicyCredentialsOriginServer) {
SetPolicy(/*system_proxy_enabled=*/true,
/*system_services_username=*/kPolicyUsername,
/*system_services_password=*/kPolicyPassword);
SetManagedProxy(profile_.get());
net::AuthChallengeInfo auth_info = GetAuthInfo();
auth_info.is_proxy = false;
chromeos::LoginState::Get()->SetLoggedInState(
chromeos::LoginState::LOGGED_IN_ACTIVE,
chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
EXPECT_FALSE(system_proxy_manager_->CanUsePolicyCredentials(
auth_info, /*first_auth_attempt=*/true));
}
// Verifies that the policy provided credentials are only used for managed
// proxies.
TEST_F(SystemProxyManagerTest, CanUsePolicyCredentialsNoManagedProxy) {
SetPolicy(/*system_proxy_enabled=*/true,
/*system_services_username=*/kPolicyUsername,
/*system_services_password=*/kPolicyPassword);
chromeos::LoginState::Get()->SetLoggedInState(
chromeos::LoginState::LOGGED_IN_ACTIVE,
chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
EXPECT_FALSE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/true));
}
// Verifies that `CanUsePolicyCredentials` returns false if no credentials are
// specified by policy.
TEST_F(SystemProxyManagerTest, NoPolicyCredentials) {
SetPolicy(/*system_proxy_enabled=*/true,
/*system_services_username=*/"",
/*system_services_password=*/"");
SetManagedProxy(profile_.get());
chromeos::LoginState::Get()->SetLoggedInState(
chromeos::LoginState::LOGGED_IN_ACTIVE,
chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
EXPECT_FALSE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/true));
}
// Verifies that `CanUsePolicyCredentials` is only returning true for the first
// auth attempt.
TEST_F(SystemProxyManagerTest, CanUsePolicyCredentialsMgsMaxTries) {
SetPolicy(/*system_proxy_enabled=*/true,
/*system_services_username=*/kPolicyUsername,
/*system_services_password=*/kPolicyPassword);
SetManagedProxy(profile_.get());
chromeos::LoginState::Get()->SetLoggedInState(
chromeos::LoginState::LOGGED_IN_ACTIVE,
chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT_MANAGED);
EXPECT_TRUE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/true));
EXPECT_FALSE(system_proxy_manager_->CanUsePolicyCredentials(
GetAuthInfo(), /*first_auth_attempt=*/false));
}
} // namespace policy
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment