PageRenderTime 51ms CodeModel.GetById 24ms RepoModel.GetById 1ms app.codeStats 0ms

/external/chromium/chrome/browser/password_manager/login_database_unittest.cc

https://gitlab.com/brian0218/rk3188_r-box_android4.2.2_sdk
C++ | 283 lines | 190 code | 49 blank | 44 comment | 1 complexity | 615adc03d6a83f4bdd245fa2a1f651cf MD5 | raw file
  1. // Copyright (c) 2009 The Chromium Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style license that can be
  3. // found in the LICENSE file.
  4. #include "testing/gtest/include/gtest/gtest.h"
  5. #include "base/basictypes.h"
  6. #include "base/file_util.h"
  7. #include "base/path_service.h"
  8. #include "base/string_number_conversions.h"
  9. #include "base/time.h"
  10. #include "base/utf_string_conversions.h"
  11. #include "chrome/browser/password_manager/login_database.h"
  12. #include "chrome/common/chrome_paths.h"
  13. #include "webkit/glue/password_form.h"
  14. using webkit_glue::PasswordForm;
  15. class LoginDatabaseTest : public testing::Test {
  16. protected:
  17. virtual void SetUp() {
  18. PathService::Get(chrome::DIR_TEST_DATA, &file_);
  19. const std::string test_db =
  20. "TestMetadataStoreMacDatabase" +
  21. base::Int64ToString(base::Time::Now().ToInternalValue()) + ".db";
  22. file_ = file_.AppendASCII(test_db);
  23. file_util::Delete(file_, false);
  24. }
  25. virtual void TearDown() {
  26. file_util::Delete(file_, false);
  27. }
  28. FilePath file_;
  29. };
  30. TEST_F(LoginDatabaseTest, Logins) {
  31. scoped_ptr<LoginDatabase> db(new LoginDatabase());
  32. ASSERT_TRUE(db->Init(file_));
  33. std::vector<PasswordForm*> result;
  34. // Verify the database is empty.
  35. EXPECT_TRUE(db->GetAutofillableLogins(&result));
  36. EXPECT_EQ(0U, result.size());
  37. // Example password form.
  38. PasswordForm form;
  39. form.origin = GURL("http://www.google.com/accounts/LoginAuth");
  40. form.action = GURL("http://www.google.com/accounts/Login");
  41. form.username_element = ASCIIToUTF16("Email");
  42. form.username_value = ASCIIToUTF16("test@gmail.com");
  43. form.password_element = ASCIIToUTF16("Passwd");
  44. form.password_value = ASCIIToUTF16("test");
  45. form.submit_element = ASCIIToUTF16("signIn");
  46. form.signon_realm = "http://www.google.com/";
  47. form.ssl_valid = false;
  48. form.preferred = false;
  49. form.scheme = PasswordForm::SCHEME_HTML;
  50. // Add it and make sure it is there.
  51. EXPECT_TRUE(db->AddLogin(form));
  52. EXPECT_TRUE(db->GetAutofillableLogins(&result));
  53. EXPECT_EQ(1U, result.size());
  54. delete result[0];
  55. result.clear();
  56. // Match against an exact copy.
  57. EXPECT_TRUE(db->GetLogins(form, &result));
  58. EXPECT_EQ(1U, result.size());
  59. delete result[0];
  60. result.clear();
  61. // The example site changes...
  62. PasswordForm form2(form);
  63. form2.origin = GURL("http://www.google.com/new/accounts/LoginAuth");
  64. form2.submit_element = ASCIIToUTF16("reallySignIn");
  65. // Match against an inexact copy
  66. EXPECT_TRUE(db->GetLogins(form2, &result));
  67. EXPECT_EQ(1U, result.size());
  68. delete result[0];
  69. result.clear();
  70. // Uh oh, the site changed origin & action URLs all at once!
  71. PasswordForm form3(form2);
  72. form3.action = GURL("http://www.google.com/new/accounts/Login");
  73. // signon_realm is the same, should match.
  74. EXPECT_TRUE(db->GetLogins(form3, &result));
  75. EXPECT_EQ(1U, result.size());
  76. delete result[0];
  77. result.clear();
  78. // Imagine the site moves to a secure server for login.
  79. PasswordForm form4(form3);
  80. form4.signon_realm = "https://www.google.com/";
  81. form4.ssl_valid = true;
  82. // We have only an http record, so no match for this.
  83. EXPECT_TRUE(db->GetLogins(form4, &result));
  84. EXPECT_EQ(0U, result.size());
  85. // Let's imagine the user logs into the secure site.
  86. EXPECT_TRUE(db->AddLogin(form4));
  87. EXPECT_TRUE(db->GetAutofillableLogins(&result));
  88. EXPECT_EQ(2U, result.size());
  89. delete result[0];
  90. delete result[1];
  91. result.clear();
  92. // Now the match works
  93. EXPECT_TRUE(db->GetLogins(form4, &result));
  94. EXPECT_EQ(1U, result.size());
  95. delete result[0];
  96. result.clear();
  97. // The user chose to forget the original but not the new.
  98. EXPECT_TRUE(db->RemoveLogin(form));
  99. EXPECT_TRUE(db->GetAutofillableLogins(&result));
  100. EXPECT_EQ(1U, result.size());
  101. delete result[0];
  102. result.clear();
  103. // The old form wont match the new site (http vs https).
  104. EXPECT_TRUE(db->GetLogins(form, &result));
  105. EXPECT_EQ(0U, result.size());
  106. // The user's request for the HTTPS site is intercepted
  107. // by an attacker who presents an invalid SSL cert.
  108. PasswordForm form5(form4);
  109. form5.ssl_valid = 0;
  110. // It will match in this case.
  111. EXPECT_TRUE(db->GetLogins(form5, &result));
  112. EXPECT_EQ(1U, result.size());
  113. delete result[0];
  114. result.clear();
  115. // User changes his password.
  116. PasswordForm form6(form5);
  117. form6.password_value = ASCIIToUTF16("test6");
  118. form6.preferred = true;
  119. // We update, and check to make sure it matches the
  120. // old form, and there is only one record.
  121. int rows_changed = 0;
  122. EXPECT_TRUE(db->UpdateLogin(form6, &rows_changed));
  123. EXPECT_EQ(1, rows_changed);
  124. // matches
  125. EXPECT_TRUE(db->GetLogins(form5, &result));
  126. EXPECT_EQ(1U, result.size());
  127. delete result[0];
  128. result.clear();
  129. // Only one record.
  130. EXPECT_TRUE(db->GetAutofillableLogins(&result));
  131. EXPECT_EQ(1U, result.size());
  132. // Password element was updated.
  133. #if defined(OS_MACOSX)
  134. // On the Mac we should never be storing passwords in the database.
  135. EXPECT_EQ(string16(), result[0]->password_value);
  136. #else
  137. EXPECT_EQ(form6.password_value, result[0]->password_value);
  138. #endif
  139. // Preferred login.
  140. EXPECT_TRUE(form6.preferred);
  141. delete result[0];
  142. result.clear();
  143. // Make sure everything can disappear.
  144. EXPECT_TRUE(db->RemoveLogin(form4));
  145. EXPECT_TRUE(db->GetAutofillableLogins(&result));
  146. EXPECT_EQ(0U, result.size());
  147. }
  148. static bool AddTimestampedLogin(LoginDatabase* db, std::string url,
  149. const std::string& unique_string,
  150. const base::Time& time) {
  151. // Example password form.
  152. PasswordForm form;
  153. form.origin = GURL(url + std::string("/LoginAuth"));
  154. form.username_element = ASCIIToUTF16(unique_string);
  155. form.username_value = ASCIIToUTF16(unique_string);
  156. form.password_element = ASCIIToUTF16(unique_string);
  157. form.submit_element = ASCIIToUTF16("signIn");
  158. form.signon_realm = url;
  159. form.date_created = time;
  160. return db->AddLogin(form);
  161. }
  162. static void ClearResults(std::vector<PasswordForm*>* results) {
  163. for (size_t i = 0; i < results->size(); ++i) {
  164. delete (*results)[i];
  165. }
  166. results->clear();
  167. }
  168. TEST_F(LoginDatabaseTest, ClearPrivateData_SavedPasswords) {
  169. scoped_ptr<LoginDatabase> db(new LoginDatabase());
  170. EXPECT_TRUE(db->Init(file_));
  171. std::vector<PasswordForm*> result;
  172. // Verify the database is empty.
  173. EXPECT_TRUE(db->GetAutofillableLogins(&result));
  174. EXPECT_EQ(0U, result.size());
  175. base::Time now = base::Time::Now();
  176. base::TimeDelta one_day = base::TimeDelta::FromDays(1);
  177. // Create one with a 0 time.
  178. EXPECT_TRUE(AddTimestampedLogin(db.get(), "1", "foo1", base::Time()));
  179. // Create one for now and +/- 1 day.
  180. EXPECT_TRUE(AddTimestampedLogin(db.get(), "2", "foo2", now - one_day));
  181. EXPECT_TRUE(AddTimestampedLogin(db.get(), "3", "foo3", now));
  182. EXPECT_TRUE(AddTimestampedLogin(db.get(), "4", "foo4", now + one_day));
  183. // Verify inserts worked.
  184. EXPECT_TRUE(db->GetAutofillableLogins(&result));
  185. EXPECT_EQ(4U, result.size());
  186. ClearResults(&result);
  187. // Get everything from today's date and on.
  188. EXPECT_TRUE(db->GetLoginsCreatedBetween(now, base::Time(), &result));
  189. EXPECT_EQ(2U, result.size());
  190. ClearResults(&result);
  191. // Delete everything from today's date and on.
  192. db->RemoveLoginsCreatedBetween(now, base::Time());
  193. // Should have deleted half of what we inserted.
  194. EXPECT_TRUE(db->GetAutofillableLogins(&result));
  195. EXPECT_EQ(2U, result.size());
  196. ClearResults(&result);
  197. // Delete with 0 date (should delete all).
  198. db->RemoveLoginsCreatedBetween(base::Time(), base::Time());
  199. // Verify nothing is left.
  200. EXPECT_TRUE(db->GetAutofillableLogins(&result));
  201. EXPECT_EQ(0U, result.size());
  202. }
  203. TEST_F(LoginDatabaseTest, BlacklistedLogins) {
  204. scoped_ptr<LoginDatabase> db(new LoginDatabase());
  205. EXPECT_TRUE(db->Init(file_));
  206. std::vector<PasswordForm*> result;
  207. // Verify the database is empty.
  208. EXPECT_TRUE(db->GetBlacklistLogins(&result));
  209. ASSERT_EQ(0U, result.size());
  210. // Save a form as blacklisted.
  211. PasswordForm form;
  212. form.origin = GURL("http://www.google.com/accounts/LoginAuth");
  213. form.action = GURL("http://www.google.com/accounts/Login");
  214. form.username_element = ASCIIToUTF16("Email");
  215. form.password_element = ASCIIToUTF16("Passwd");
  216. form.submit_element = ASCIIToUTF16("signIn");
  217. form.signon_realm = "http://www.google.com/";
  218. form.ssl_valid = false;
  219. form.preferred = true;
  220. form.blacklisted_by_user = true;
  221. form.scheme = PasswordForm::SCHEME_HTML;
  222. EXPECT_TRUE(db->AddLogin(form));
  223. // Get all non-blacklisted logins (should be none).
  224. EXPECT_TRUE(db->GetAutofillableLogins(&result));
  225. ASSERT_EQ(0U, result.size());
  226. // GetLogins should give the blacklisted result.
  227. EXPECT_TRUE(db->GetLogins(form, &result));
  228. EXPECT_EQ(1U, result.size());
  229. ClearResults(&result);
  230. // So should GetAllBlacklistedLogins.
  231. EXPECT_TRUE(db->GetBlacklistLogins(&result));
  232. EXPECT_EQ(1U, result.size());
  233. ClearResults(&result);
  234. }