desktop-pwas: Clean up and add new location bar tests

Changes tests to use embedded test servers so that URLs can be loaded successfully. This deflakes tests and allows us to test more cases e.g. pages with mixed content, pages with invalid certificates etc. Also adds tests for mixed content and invalid certificates. Based on https://crrev.com/c/923226 by mgiuca. Bug: 825713, 814400 Change-Id: I8603f3e6340eebbbc2faed594825745aed10bb0a Reviewed-on: https://chromium-review.googlesource.com/994553Reviewed-by: Ben Wells <benwells@chromium.org> Reviewed-by: Matt Giuca <mgiuca@chromium.org> Commit-Queue: Giovanni Ortuño Urquidi <ortuno@chromium.org> Cr-Commit-Position: refs/heads/master@{#548718}

desktop-pwas: Clean up and add new location bar tests
Changes tests to use embedded test servers so that URLs can be loaded successfully. This deflakes tests and allows us to test more cases e.g. pages with mixed content, pages with invalid certificates etc. Also adds tests for mixed content and invalid certificates. Based on https://crrev.com/c/923226 by mgiuca. Bug: 825713, 814400 Change-Id: I8603f3e6340eebbbc2faed594825745aed10bb0a Reviewed-on: https://chromium-review.googlesource.com/994553Reviewed-by: Ben Wells <benwells@chromium.org> Reviewed-by: Matt Giuca <mgiuca@chromium.org> Commit-Queue: Giovanni Ortuño Urquidi <ortuno@chromium.org> Cr-Commit-Position: refs/heads/master@{#548718}
9c40479a · Giovanni Ortuño Urquidi · Commit Bot · 023aea51 · 9c40479a · 023aea51
Commit 9c40479a authored Apr 06, 2018 by Giovanni Ortuño Urquidi Committed by Commit Bot Apr 06, 2018
2 changed files
--- a/chrome/browser/ui/extensions/hosted_app_browsertest.cc
+++ b/chrome/browser/ui/extensions/hosted_app_browsertest.cc
@@ -38,7 +38,11 @@
 #include "chrome/browser/ui/toolbar/app_menu_model.h"
 #include "chrome/browser/web_applications/web_app.h"
 #include "chrome/common/chrome_features.h"
+#include "chrome/common/chrome_switches.h"
 #include "chrome/test/base/ui_test_utils.h"
+#include "components/security_interstitials/core/controller_client.h"
+#include "content/public/browser/interstitial_page.h"
+#include "content/public/browser/interstitial_page_delegate.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
@@ -96,22 +100,43 @@ enum class AppType {
 const auto kAppTypeValues =
    ::testing::Values(AppType::HOSTED_APP, AppType::BOOKMARK_APP);

-void NavigateToURLAndWait(Browser* browser, const GURL& url) {
-  content::TestNavigationObserver observer(
-      browser->tab_strip_model()->GetActiveWebContents(),
-      content::MessageLoopRunner::QuitMode::DEFERRED);
-  NavigateParams params(browser, url, ui::PAGE_TRANSITION_LINK);
-  ui_test_utils::NavigateToURL(&params);
-  observer.Wait();
+// If |proceed_through_interstitial| is true, asserts that a security
+// interstitial is shown, and clicks through it, before returning.
+void NavigateToURLAndWait(Browser* browser,
+                          const GURL& url,
+                          bool proceed_through_interstitial = false) {
+  WebContents* web_contents =
+      browser->tab_strip_model()->GetActiveWebContents();
+  {
+    content::TestNavigationObserver observer(
+        web_contents, content::MessageLoopRunner::QuitMode::DEFERRED);
+    NavigateParams params(browser, url, ui::PAGE_TRANSITION_LINK);
+    ui_test_utils::NavigateToURL(&params);
+    observer.WaitForNavigationFinished();
+  }
+
+  if (!proceed_through_interstitial)
+    return;
+
+  content::InterstitialPage* interstitial = web_contents->GetInterstitialPage();
+  {
+    // Need a second TestNavigationObserver; the above one is spent.
+    content::TestNavigationObserver observer(
+        web_contents, content::MessageLoopRunner::QuitMode::DEFERRED);
+    ASSERT_TRUE(interstitial);
+    interstitial->GetDelegateForTesting()->CommandReceived(
+        base::IntToString(security_interstitials::CMD_PROCEED));
+    observer.Wait();
+  }
 }

 // Used by ShouldLocationBarForXXX. Performs a navigation and then checks that
 // the location bar visibility is as expcted.
 void NavigateAndCheckForLocationBar(Browser* browser,
-                                    const std::string& url_string,
-                                    bool expected_visibility) {
-  GURL url(url_string);
-  NavigateToURLAndWait(browser, url);
+                                    const GURL& url,
+                                    bool expected_visibility,
+                                    bool proceed_through_interstitial = false) {
+  NavigateToURLAndWait(browser, url, proceed_through_interstitial);
  EXPECT_EQ(expected_visibility,
      browser->hosted_app_controller()->ShouldShowLocationBar());
 }
@@ -206,7 +231,11 @@ class HostedAppTest
      scoped_feature_list_.InitAndEnableFeature(features::kDesktopPWAWindowing);
    } else {
 #if defined(OS_MACOSX)
-      scoped_feature_list_.InitAndEnableFeature(features::kBookmarkApps);
+      scoped_feature_list_.InitWithFeatures({features::kBookmarkApps},
+                                            {features::kDesktopPWAWindowing});
+#else
+      scoped_feature_list_.InitAndDisableFeature(
+          features::kDesktopPWAWindowing);
 #endif
    }

@@ -214,6 +243,15 @@ class HostedAppTest
  }

 protected:
+  void SetupAppWithURL(const GURL& app_url) {
+    // TODO(ortuno): Use InstallBookmarkApp instead of loading a manifest,
+    // if |app_type_ == BOOKMARK_APP|.
+    extensions::TestExtensionDir test_app_dir;
+    test_app_dir.WriteManifest(
+        base::StringPrintf(kAppDotComManifest, app_url.spec().c_str()));
+    SetupApp(test_app_dir.UnpackedPath());
+  }
+
  void SetupApp(const std::string& app_folder) {
    SetupApp(test_data_dir_.AppendASCII(app_folder));
  }
@@ -325,6 +363,10 @@ class HostedAppTest

  net::EmbeddedTestServer* https_server() { return &https_server_; }

+  CertVerifierBrowserTest::CertVerifier* cert_verifier() {
+    return &cert_verifier_;
+  }
+
 private:
  class EmptyAcceleratorProvider : public ui::AcceleratorProvider {
   public:
@@ -454,67 +496,98 @@ IN_PROC_BROWSER_TEST_P(HostedAppTest, WebContentsPrefsOpenInChrome) {

 // Check that the location bar is shown correctly.
 IN_PROC_BROWSER_TEST_P(HostedAppTest, ShouldShowLocationBar) {
-  SetupApp("https_app");
+  ASSERT_TRUE(https_server()->Start());
+
+  const GURL app_url = https_server()->GetURL("app.com", "/simple.html");
+
+  SetupAppWithURL(app_url);

  // Navigate to the app's launch page; the location bar should be hidden.
-  NavigateAndCheckForLocationBar(app_browser_,
-                                 "https://www.example.com/empty.html", false);
+  NavigateAndCheckForLocationBar(app_browser_, app_url, false);

  // Navigate to another page on the same origin; the location bar should still
  // hidden.
-  NavigateAndCheckForLocationBar(app_browser_, "https://www.example.com/blah",
-                                 false);
+  NavigateAndCheckForLocationBar(
+      app_browser_, https_server()->GetURL("app.com", "/empty.html"), false);

  // Navigate to different origin; the location bar should now be visible.
-  NavigateAndCheckForLocationBar(app_browser_, "https://www.foo.com/blah",
-                                 true);
+  NavigateAndCheckForLocationBar(
+      app_browser_, https_server()->GetURL("foo.com", "/simple.html"), true);
 }

-// Check that the location bar is shown correctly for HTTP apps when they
-// navigate to a HTTPS page on the same origin.
-//
-// TODO(mgiuca): Disabled on Windows and macOS for being flaky:
-// https://crbug.com/814400
-#if defined(OS_WIN) || defined(OS_MACOSX)
-#define MAYBE_ShouldShowLocationBarForHTTPApp \
-  DISABLED_ShouldShowLocationBarForHTTPApp
-#else
-#define MAYBE_ShouldShowLocationBarForHTTPApp ShouldShowLocationBarForHTTPApp
-#endif
-IN_PROC_BROWSER_TEST_P(HostedAppTest, MAYBE_ShouldShowLocationBarForHTTPApp) {
-  SetupApp("app");
+IN_PROC_BROWSER_TEST_P(HostedAppTest, ShouldShowLocationBarMixedContent) {
+  ASSERT_TRUE(https_server()->Start());
+
+  const GURL app_url = https_server()->GetURL("app.com", "/");
+
+  SetupAppWithURL(app_url);
+
+  // Navigate to another page on the same origin, but with mixed content; the
+  // location bar should be hidden.
+  // TODO(ortuno): Make the location bar visible.
+  NavigateAndCheckForLocationBar(
+      app_browser_,
+      https_server()->GetURL("app.com",
+                             "/ssl/page_displays_insecure_content.html"),
+      false);
+}
+
+IN_PROC_BROWSER_TEST_P(HostedAppTest,
+                       ShouldShowLocationBarForHTTPAppSameOrigin) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+
+  const GURL app_url =
+      embedded_test_server()->GetURL("app.com", "/simple.html");
+  SetupAppWithURL(app_url);

  // Navigate to the app's launch page; the location bar should be visible, even
  // though it exactly matches the site, because it is not secure.
-  NavigateAndCheckForLocationBar(app_browser_,
-                                 "http://www.example.com/empty.html", true);
+  NavigateAndCheckForLocationBar(app_browser_, app_url, true);
+}
+
+IN_PROC_BROWSER_TEST_P(HostedAppTest, ShouldShowLocationBarForHTTPAppHTTPSUrl) {
+  ASSERT_TRUE(https_server()->Start());
+
+  const GURL app_url = https_server()->GetURL("app.com", "/simple.html");
+
+  GURL::Replacements scheme_http;
+  scheme_http.SetSchemeStr("http");
+
+  // Create an app that has the same port and origin as `app_url` but with a
+  // "http" scheme.
+  SetupAppWithURL(app_url.ReplaceComponents(scheme_http));

  // Navigate to the https version of the site; the location bar should
  // be hidden, as it is a more secure version of the site.
-  NavigateAndCheckForLocationBar(
-      app_browser_, "https://www.example.com/blah", false);
+  NavigateAndCheckForLocationBar(app_browser_, app_url, false);
+}
+
+IN_PROC_BROWSER_TEST_P(HostedAppTest,
+                       ShouldShowLocationBarForHTTPSAppSameOrigin) {
+  ASSERT_TRUE(https_server()->Start());
+
+  const GURL app_url = https_server()->GetURL("app.com", "/simple.html");
+  SetupAppWithURL(app_url);
+
+  // Navigate to the app's launch page; the location bar should be hidden.
+  NavigateAndCheckForLocationBar(app_browser_, app_url, false);
 }

-// TODO(mgiuca): Disabled on Windows for being flaky: https://crbug.com/815246
-#if defined(OS_WIN)
-#define MAYBE_ShouldShowLocationBarForHTTPSApp \
-  DISABLED_ShouldShowLocationBarForHTTPSApp
-#else
-#define MAYBE_ShouldShowLocationBarForHTTPSApp ShouldShowLocationBarForHTTPSApp
-#endif
 // Check that the location bar is shown correctly for HTTPS apps when they
 // navigate to a HTTP page on the same origin.
-IN_PROC_BROWSER_TEST_P(HostedAppTest, MAYBE_ShouldShowLocationBarForHTTPSApp) {
-  SetupApp("https_app");
+IN_PROC_BROWSER_TEST_P(HostedAppTest, ShouldShowLocationBarForHTTPSAppHTTPUrl) {
+  ASSERT_TRUE(https_server()->Start());

-  // Navigate to the app's launch page; the location bar should be hidden.
-  NavigateAndCheckForLocationBar(
-      app_browser_, "https://www.example.com/empty.html", false);
+  const GURL app_url = https_server()->GetURL("app.com", "/simple.html");
+  SetupAppWithURL(app_url);
+
+  GURL::Replacements scheme_http;
+  scheme_http.SetSchemeStr("http");

  // Navigate to the http version of the site; the location bar should
  // be visible for the https version as it is not secure.
-  NavigateAndCheckForLocationBar(
-      app_browser_, "http://www.example.com/blah", true);
+  NavigateAndCheckForLocationBar(app_browser_,
+                                 app_url.ReplaceComponents(scheme_http), true);
 }

 // Check that location bar is not shown for apps hosted within extensions pages.
@@ -555,26 +628,75 @@ IN_PROC_BROWSER_TEST_P(HostedAppTest, ShouldShowLocationBarForExtensionPage) {

  // Navigate to the app's launch page; the location bar should not be visible,
  // because extensions pages are secure.
-  NavigateAndCheckForLocationBar(app_browser_, popup_url.spec(), false);
+  NavigateAndCheckForLocationBar(app_browser_, popup_url, false);
 }

 // Check that the location bar is shown correctly for apps that specify start
 // URLs without the 'www.' prefix.
 IN_PROC_BROWSER_TEST_P(HostedAppTest, ShouldShowLocationBarForAppWithoutWWW) {
-  SetupApp("https_app_no_www");
+  ASSERT_TRUE(https_server()->Start());
+
+  const GURL app_url = https_server()->GetURL("app.com", "/simple.html");
+  SetupAppWithURL(app_url);

  // Navigate to the app's launch page; the location bar should be hidden.
-  NavigateAndCheckForLocationBar(app_browser_, "https://example.com/empty.html",
-                                 false);
+  NavigateAndCheckForLocationBar(app_browser_, app_url, false);

-  // Navigate to the app's launch page with the 'www.' prefis; the location bar
+  // Navigate to the app's launch page with the 'www.' prefix; the location bar
  // should be hidden.
-  NavigateAndCheckForLocationBar(app_browser_,
-                                 "https://www.example.com/empty.html", false);
+  NavigateAndCheckForLocationBar(
+      app_browser_, https_server()->GetURL("www.app.com", "/simple.html"),
+      false);

  // Navigate to different origin; the location bar should now be visible.
-  NavigateAndCheckForLocationBar(app_browser_, "https://www.foo.com/blah",
-                                 true);
+  NavigateAndCheckForLocationBar(
+      app_browser_, https_server()->GetURL("www.foo.com", "/simple.html"),
+      true);
+}
+
+// Checks that the location bar is shown for an HTTPS app with an invalid
+// certificate, if the user has previously proceeded through the interstitial.
+IN_PROC_BROWSER_TEST_P(HostedAppTest, ShouldShowLocationBarDangerous) {
+  // If DesktopPWAWindowing and CommittedInterstitials are enabled, we will
+  // never load a dangerous app. Opening dangerous apps will always show an
+  // interstitial and proceeding through it will redirect the navigation to a
+  // tab.
+  if (base::FeatureList::IsEnabled(features::kDesktopPWAWindowing) &&
+      base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kCommittedInterstitials)) {
+    return;
+  }
+
+  ASSERT_TRUE(https_server()->Start());
+
+  const GURL app_url = https_server()->GetURL("app.com", "/simple.html");
+  SetupAppWithURL(app_url);
+  cert_verifier()->set_default_result(net::ERR_CERT_DATE_INVALID);
+
+  // When DesktopPWAWindowing is enabled, proceeding through an interstitial
+  // results in the navigation being redirected to a regular tab. So we need
+  // to open the app again.
+  bool proceed_through_interstitial = true;
+  if (base::FeatureList::IsEnabled(features::kDesktopPWAWindowing)) {
+    // Proceed through the interstitial once.
+    NavigateToURLAndWait(app_browser_, app_url,
+                         /*proceed_through_interstitial=*/true);
+    ASSERT_NE(app_browser_, chrome::FindLastActive());
+
+    app_browser_ = LaunchAppBrowser(app_);
+    NavigateToURLAndWait(app_browser_, app_url,
+                         /*proceed_through_interstitial=*/false);
+
+    // There should be no interstitial shown because we previously proceeded
+    // through it.
+    ASSERT_FALSE(app_browser_->tab_strip_model()
+                     ->GetActiveWebContents()
+                     ->GetInterstitialPage());
+    proceed_through_interstitial = false;
+  }
+
+  NavigateAndCheckForLocationBar(app_browser_, app_url, true,
+                                 proceed_through_interstitial);
 }

 // Check that a subframe on a regular web page can navigate to a URL that

--- a/chrome/test/data/extensions/https_app_no_www/manifest.json
+++ b/chrome/test/data/extensions/https_app_no_www/manifest.json
-{
-  "name": "App Test",
-  "version": "1",
-  "manifest_version": 2,
-  "app": {
-    "launch": {
-      "web_url": "https://example.com/"
-    }
-  }
-}