Check SAMLOfflineSigninTimeLimit policy on power resume.

Add a check for signin time limit being reached while the device was in sleep mode.

Bug: 871109
Change-Id: I463f8e344c443105ee128acb2383b89d2267357a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1640556Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org>
Commit-Queue: Vladislav Kuzkokov <vkuzkokov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#665921}

chrome/browser/chromeos/login/saml/saml_offline_signin_limiter.cc

@@ -11,6 +11,7 @@
 #include "base/bind_helpers.h"
 #include "base/location.h"
 #include "base/logging.h"
+#include "base/power_monitor/power_monitor.h"
 #include "base/time/clock.h"
 #include "base/time/default_clock.h"
 #include "base/time/time.h"
@@ -60,6 +61,10 @@ void SAMLOfflineSigninLimiter::SignedIn(UserContext::AuthFlow auth_flow) {
                              base::Bind(&SAMLOfflineSigninLimiter::UpdateLimit,
                                         base::Unretained(this)));
 
+  // Start listening to power state.
+  if (base::PowerMonitor* power_monitor = base::PowerMonitor::Get())
+    power_monitor->AddObserver(this);
+
   // Arm the |offline_signin_limit_timer_| if a limit is in force.
   UpdateLimit();
 }
@@ -74,13 +79,20 @@ void SAMLOfflineSigninLimiter::Shutdown() {
   pref_change_registrar_.RemoveAll();
 }
 
+void SAMLOfflineSigninLimiter::OnResume() {
+  UpdateLimit();
+}
+
 SAMLOfflineSigninLimiter::SAMLOfflineSigninLimiter(Profile* profile,
                                                    base::Clock* clock)
     : profile_(profile),
       clock_(clock ? clock : base::DefaultClock::GetInstance()),
       offline_signin_limit_timer_(std::make_unique<base::OneShotTimer>()) {}
 
-SAMLOfflineSigninLimiter::~SAMLOfflineSigninLimiter() {}
+SAMLOfflineSigninLimiter::~SAMLOfflineSigninLimiter() {
+  if (base::PowerMonitor* power_monitor = base::PowerMonitor::Get())
+    power_monitor->RemoveObserver(this);
+}
 
 void SAMLOfflineSigninLimiter::UpdateLimit() {
   // Stop the |offline_signin_limit_timer_|.

chrome/browser/chromeos/login/saml/saml_offline_signin_limiter.h

@@ -8,6 +8,7 @@
 #include <memory>
 
 #include "base/macros.h"
+#include "base/power_monitor/power_observer.h"
 #include "base/time/time.h"
 #include "base/timer/timer.h"
 #include "chromeos/login/auth/user_context.h"
@@ -25,7 +26,8 @@ namespace chromeos {
 // Enforces a limit on the length of time for which a user authenticated via
 // SAML can use offline authentication against a cached password before being
 // forced to go through online authentication against GAIA again.
-class SAMLOfflineSigninLimiter : public KeyedService {
+class SAMLOfflineSigninLimiter : public KeyedService,
+                                 public base::PowerObserver {
  public:
   // Called when the user successfully authenticates. |auth_flow| indicates
   // the type of authentication flow that the user went through.
@@ -37,6 +39,9 @@ class SAMLOfflineSigninLimiter : public KeyedService {
   // KeyedService:
   void Shutdown() override;
 
+  // base::PowerObserver:
+  void OnResume() override;
+
  private:
   friend class SAMLOfflineSigninLimiterFactory;
   friend class SAMLOfflineSigninLimiterTest;

chrome/browser/chromeos/login/saml/saml_offline_signin_limiter_unittest.cc

@@ -9,6 +9,7 @@
 
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
+#include "base/test/power_monitor_test_base.h"
 #include "base/test/simple_test_clock.h"
 #include "base/time/clock.h"
 #include "base/timer/mock_timer.h"
@@ -68,6 +69,8 @@ class SAMLOfflineSigninLimiterTest : public testing::Test {
   base::MockOneShotTimer* timer_;  // Not owned.
 
   SAMLOfflineSigninLimiter* limiter_;  // Owned.
+  base::PowerMonitorTestSource* power_source_;
+  std::unique_ptr<base::PowerMonitor> power_monitor_;
 
   TestingPrefServiceSimple testing_local_state_;
 
@@ -78,7 +81,12 @@ SAMLOfflineSigninLimiterTest::SAMLOfflineSigninLimiterTest()
     : user_manager_(new MockUserManager),
       user_manager_enabler_(base::WrapUnique(user_manager_)),
       timer_(nullptr),
-      limiter_(nullptr) {}
+      limiter_(nullptr) {
+  auto power_source = std::make_unique<base::PowerMonitorTestSource>();
+  power_source_ = power_source.get();
+  power_monitor_ =
+      std::make_unique<base::PowerMonitor>(std::move(power_source));
+}
 
 SAMLOfflineSigninLimiterTest::~SAMLOfflineSigninLimiterTest() {
   DestroyLimiter();
@@ -663,4 +671,33 @@ TEST_F(SAMLOfflineSigninLimiterTest, SAMLLogInOfflineWithExpiredLimit) {
   EXPECT_EQ(gaia_signin_time, last_gaia_signin_time);
 }
 
+TEST_F(SAMLOfflineSigninLimiterTest, SAMLLimitExpiredWhileSuspended) {
+  PrefService* prefs = profile_->GetPrefs();
+
+  // Set the time of last login with SAML.
+  prefs->SetInt64(prefs::kSAMLLastGAIASignInTime,
+                  clock_.Now().ToInternalValue());
+
+  // Authenticate against GAIA with SAML. Verify that the flag enforcing online
+  // login is cleared and the time of last login with SAML is set.
+  CreateLimiter();
+  EXPECT_CALL(*user_manager_, SaveForceOnlineSignin(test_account_id_, false))
+      .Times(1);
+  EXPECT_CALL(*user_manager_, SaveForceOnlineSignin(test_account_id_, true))
+      .Times(0);
+  limiter_->SignedIn(UserContext::AUTH_FLOW_GAIA_WITH_SAML);
+
+  // Suspend for 4 weeks.
+  power_source_->GenerateSuspendEvent();
+  clock_.Advance(base::TimeDelta::FromDays(28));  // 4 weeks.
+
+  // Resume power. Verify that the flag enforcing online login is set.
+  Mock::VerifyAndClearExpectations(user_manager_);
+  EXPECT_CALL(*user_manager_, SaveForceOnlineSignin(test_account_id_, false))
+      .Times(0);
+  EXPECT_CALL(*user_manager_, SaveForceOnlineSignin(test_account_id_, true))
+      .Times(1);
+  power_source_->GenerateResumeEvent();
+}
+
 }  //  namespace chromeos