PageRenderTime 25ms CodeModel.GetById 16ms RepoModel.GetById 1ms app.codeStats 0ms

/external/chromium/chrome/browser/password_manager/login_database_unittest.cc

https://gitlab.com/brian0218/rk3188_r-box_android4.2.2_sdk
C++ | 283 lines | 190 code | 49 blank | 44 comment | 1 complexity | 615adc03d6a83f4bdd245fa2a1f651cf MD5 | raw file
    

  1. // Copyright (c) 2009 The Chromium Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style license that can be
    3. 

  3. // found in the LICENSE file.
    4. 

  4. 

  5. #include "testing/gtest/include/gtest/gtest.h"
    6. 

  6. 

  7. #include "base/basictypes.h"
    8. 

  8. #include "base/file_util.h"
    9. 

  9. #include "base/path_service.h"
    10. 

  10. #include "base/string_number_conversions.h"
    11. 

  11. #include "base/time.h"
    12. 

  12. #include "base/utf_string_conversions.h"
    13. 

  13. #include "chrome/browser/password_manager/login_database.h"
    14. 

  14. #include "chrome/common/chrome_paths.h"
    15. 

  15. #include "webkit/glue/password_form.h"
    16. 

  16. 

  17. using webkit_glue::PasswordForm;
    18. 

  18. 

  19. class LoginDatabaseTest : public testing::Test {
    20. 

  20.  protected:
    21. 

  21.   virtual void SetUp() {
    22. 

  22.     PathService::Get(chrome::DIR_TEST_DATA, &file_);
    23. 

  23.     const std::string test_db =
    24. 

  24.         "TestMetadataStoreMacDatabase" +
    25. 

  25.         base::Int64ToString(base::Time::Now().ToInternalValue()) + ".db";
    26. 

  26.     file_ = file_.AppendASCII(test_db);
    27. 

  27.     file_util::Delete(file_, false);
    28. 

  28.   }
    29. 

  29. 

  30.   virtual void TearDown() {
    31. 

  31.     file_util::Delete(file_, false);
    32. 

  32.   }
    33. 

  33. 

  34.   FilePath file_;
    35. 

  35. };
    36. 

  36. 

  37. TEST_F(LoginDatabaseTest, Logins) {
    38. 

  38.   scoped_ptr<LoginDatabase> db(new LoginDatabase());
    39. 

  39. 

  40.   ASSERT_TRUE(db->Init(file_));
    41. 

  41. 

  42.   std::vector<PasswordForm*> result;
    43. 

  43. 

  44.   // Verify the database is empty.
    45. 

  45.   EXPECT_TRUE(db->GetAutofillableLogins(&result));
    46. 

  46.   EXPECT_EQ(0U, result.size());
    47. 

  47. 

  48.   // Example password form.
    49. 

  49.   PasswordForm form;
    50. 

  50.   form.origin = GURL("http://www.google.com/accounts/LoginAuth");
    51. 

  51.   form.action = GURL("http://www.google.com/accounts/Login");
    52. 

  52.   form.username_element = ASCIIToUTF16("Email");
    53. 

  53.   form.username_value = ASCIIToUTF16("test@gmail.com");
    54. 

  54.   form.password_element = ASCIIToUTF16("Passwd");
    55. 

  55.   form.password_value = ASCIIToUTF16("test");
    56. 

  56.   form.submit_element = ASCIIToUTF16("signIn");
    57. 

  57.   form.signon_realm = "http://www.google.com/";
    58. 

  58.   form.ssl_valid = false;
    59. 

  59.   form.preferred = false;
    60. 

  60.   form.scheme = PasswordForm::SCHEME_HTML;
    61. 

  61. 

  62.   // Add it and make sure it is there.
    63. 

  63.   EXPECT_TRUE(db->AddLogin(form));
    64. 

  64.   EXPECT_TRUE(db->GetAutofillableLogins(&result));
    65. 

  65.   EXPECT_EQ(1U, result.size());
    66. 

  66.   delete result[0];
    67. 

  67.   result.clear();
    68. 

  68. 

  69.   // Match against an exact copy.
    70. 

  70.   EXPECT_TRUE(db->GetLogins(form, &result));
    71. 

  71.   EXPECT_EQ(1U, result.size());
    72. 

  72.   delete result[0];
    73. 

  73.   result.clear();
    74. 

  74. 

  75.   // The example site changes...
    76. 

  76.   PasswordForm form2(form);
    77. 

  77.   form2.origin = GURL("http://www.google.com/new/accounts/LoginAuth");
    78. 

  78.   form2.submit_element = ASCIIToUTF16("reallySignIn");
    79. 

  79. 

  80.   // Match against an inexact copy
    81. 

  81.   EXPECT_TRUE(db->GetLogins(form2, &result));
    82. 

  82.   EXPECT_EQ(1U, result.size());
    83. 

  83.   delete result[0];
    84. 

  84.   result.clear();
    85. 

  85. 

  86.   // Uh oh, the site changed origin & action URLs all at once!
    87. 

  87.   PasswordForm form3(form2);
    88. 

  88.   form3.action = GURL("http://www.google.com/new/accounts/Login");
    89. 

  89. 

  90.   // signon_realm is the same, should match.
    91. 

  91.   EXPECT_TRUE(db->GetLogins(form3, &result));
    92. 

  92.   EXPECT_EQ(1U, result.size());
    93. 

  93.   delete result[0];
    94. 

  94.   result.clear();
    95. 

  95. 

  96.   // Imagine the site moves to a secure server for login.
    97. 

  97.   PasswordForm form4(form3);
    98. 

  98.   form4.signon_realm = "https://www.google.com/";
    99. 

  99.   form4.ssl_valid = true;
    100. 

  100. 

  101.   // We have only an http record, so no match for this.
    102. 

  102.   EXPECT_TRUE(db->GetLogins(form4, &result));
    103. 

  103.   EXPECT_EQ(0U, result.size());
    104. 

  104. 

  105.   // Let's imagine the user logs into the secure site.
    106. 

  106.   EXPECT_TRUE(db->AddLogin(form4));
    107. 

  107.   EXPECT_TRUE(db->GetAutofillableLogins(&result));
    108. 

  108.   EXPECT_EQ(2U, result.size());
    109. 

  109.   delete result[0];
    110. 

  110.   delete result[1];
    111. 

  111.   result.clear();
    112. 

  112. 

  113.   // Now the match works
    114. 

  114.   EXPECT_TRUE(db->GetLogins(form4, &result));
    115. 

  115.   EXPECT_EQ(1U, result.size());
    116. 

  116.   delete result[0];
    117. 

  117.   result.clear();
    118. 

  118. 

  119.   // The user chose to forget the original but not the new.
    120. 

  120.   EXPECT_TRUE(db->RemoveLogin(form));
    121. 

  121.   EXPECT_TRUE(db->GetAutofillableLogins(&result));
    122. 

  122.   EXPECT_EQ(1U, result.size());
    123. 

  123.   delete result[0];
    124. 

  124.   result.clear();
    125. 

  125. 

  126.   // The old form wont match the new site (http vs https).
    127. 

  127.   EXPECT_TRUE(db->GetLogins(form, &result));
    128. 

  128.   EXPECT_EQ(0U, result.size());
    129. 

  129. 

  130.   // The user's request for the HTTPS site is intercepted
    131. 

  131.   // by an attacker who presents an invalid SSL cert.
    132. 

  132.   PasswordForm form5(form4);
    133. 

  133.   form5.ssl_valid = 0;
    134. 

  134. 

  135.   // It will match in this case.
    136. 

  136.   EXPECT_TRUE(db->GetLogins(form5, &result));
    137. 

  137.   EXPECT_EQ(1U, result.size());
    138. 

  138.   delete result[0];
    139. 

  139.   result.clear();
    140. 

  140. 

  141.   // User changes his password.
    142. 

  142.   PasswordForm form6(form5);
    143. 

  143.   form6.password_value = ASCIIToUTF16("test6");
    144. 

  144.   form6.preferred = true;
    145. 

  145. 

  146.   // We update, and check to make sure it matches the
    147. 

  147.   // old form, and there is only one record.
    148. 

  148.   int rows_changed = 0;
    149. 

  149.   EXPECT_TRUE(db->UpdateLogin(form6, &rows_changed));
    150. 

  150.   EXPECT_EQ(1, rows_changed);
    151. 

  151.   // matches
    152. 

  152.   EXPECT_TRUE(db->GetLogins(form5, &result));
    153. 

  153.   EXPECT_EQ(1U, result.size());
    154. 

  154.   delete result[0];
    155. 

  155.   result.clear();
    156. 

  156.   // Only one record.
    157. 

  157.   EXPECT_TRUE(db->GetAutofillableLogins(&result));
    158. 

  158.   EXPECT_EQ(1U, result.size());
    159. 

  159.   // Password element was updated.
    160. 

  160. #if defined(OS_MACOSX)
    161. 

  161.   // On the Mac we should never be storing passwords in the database.
    162. 

  162.   EXPECT_EQ(string16(), result[0]->password_value);
    163. 

  163. #else
    164. 

  164.   EXPECT_EQ(form6.password_value, result[0]->password_value);
    165. 

  165. #endif
    166. 

  166.   // Preferred login.
    167. 

  167.   EXPECT_TRUE(form6.preferred);
    168. 

  168.   delete result[0];
    169. 

  169.   result.clear();
    170. 

  170. 

  171.   // Make sure everything can disappear.
    172. 

  172.   EXPECT_TRUE(db->RemoveLogin(form4));
    173. 

  173.   EXPECT_TRUE(db->GetAutofillableLogins(&result));
    174. 

  174.   EXPECT_EQ(0U, result.size());
    175. 

  175. }
    176. 

  176. 

  177. static bool AddTimestampedLogin(LoginDatabase* db, std::string url,
    178. 

  178.                                 const std::string& unique_string,
    179. 

  179.                                 const base::Time& time) {
    180. 

  180.   // Example password form.
    181. 

  181.   PasswordForm form;
    182. 

  182.   form.origin = GURL(url + std::string("/LoginAuth"));
    183. 

  183.   form.username_element = ASCIIToUTF16(unique_string);
    184. 

  184.   form.username_value = ASCIIToUTF16(unique_string);
    185. 

  185.   form.password_element = ASCIIToUTF16(unique_string);
    186. 

  186.   form.submit_element = ASCIIToUTF16("signIn");
    187. 

  187.   form.signon_realm = url;
    188. 

  188.   form.date_created = time;
    189. 

  189.   return db->AddLogin(form);
    190. 

  190. }
    191. 

  191. 

  192. static void ClearResults(std::vector<PasswordForm*>* results) {
    193. 

  193.   for (size_t i = 0; i < results->size(); ++i) {
    194. 

  194.     delete (*results)[i];
    195. 

  195.   }
    196. 

  196.   results->clear();
    197. 

  197. }
    198. 

  198. 

  199. TEST_F(LoginDatabaseTest, ClearPrivateData_SavedPasswords) {
    200. 

  200.   scoped_ptr<LoginDatabase> db(new LoginDatabase());
    201. 

  201. 

  202.   EXPECT_TRUE(db->Init(file_));
    203. 

  203. 

  204.   std::vector<PasswordForm*> result;
    205. 

  205. 

  206.   // Verify the database is empty.
    207. 

  207.   EXPECT_TRUE(db->GetAutofillableLogins(&result));
    208. 

  208.   EXPECT_EQ(0U, result.size());
    209. 

  209. 

  210.   base::Time now = base::Time::Now();
    211. 

  211.   base::TimeDelta one_day = base::TimeDelta::FromDays(1);
    212. 

  212. 

  213.   // Create one with a 0 time.
    214. 

  214.   EXPECT_TRUE(AddTimestampedLogin(db.get(), "1", "foo1", base::Time()));
    215. 

  215.   // Create one for now and +/- 1 day.
    216. 

  216.   EXPECT_TRUE(AddTimestampedLogin(db.get(), "2", "foo2", now - one_day));
    217. 

  217.   EXPECT_TRUE(AddTimestampedLogin(db.get(), "3", "foo3", now));
    218. 

  218.   EXPECT_TRUE(AddTimestampedLogin(db.get(), "4", "foo4", now + one_day));
    219. 

  219. 

  220.   // Verify inserts worked.
    221. 

  221.   EXPECT_TRUE(db->GetAutofillableLogins(&result));
    222. 

  222.   EXPECT_EQ(4U, result.size());
    223. 

  223.   ClearResults(&result);
    224. 

  224. 

  225.   // Get everything from today's date and on.
    226. 

  226.   EXPECT_TRUE(db->GetLoginsCreatedBetween(now, base::Time(), &result));
    227. 

  227.   EXPECT_EQ(2U, result.size());
    228. 

  228.   ClearResults(&result);
    229. 

  229. 

  230.   // Delete everything from today's date and on.
    231. 

  231.   db->RemoveLoginsCreatedBetween(now, base::Time());
    232. 

  232. 

  233.   // Should have deleted half of what we inserted.
    234. 

  234.   EXPECT_TRUE(db->GetAutofillableLogins(&result));
    235. 

  235.   EXPECT_EQ(2U, result.size());
    236. 

  236.   ClearResults(&result);
    237. 

  237. 

  238.   // Delete with 0 date (should delete all).
    239. 

  239.   db->RemoveLoginsCreatedBetween(base::Time(), base::Time());
    240. 

  240. 

  241.   // Verify nothing is left.
    242. 

  242.   EXPECT_TRUE(db->GetAutofillableLogins(&result));
    243. 

  243.   EXPECT_EQ(0U, result.size());
    244. 

  244. }
    245. 

  245. 

  246. TEST_F(LoginDatabaseTest, BlacklistedLogins) {
    247. 

  247.   scoped_ptr<LoginDatabase> db(new LoginDatabase());
    248. 

  248. 

  249.   EXPECT_TRUE(db->Init(file_));
    250. 

  250.   std::vector<PasswordForm*> result;
    251. 

  251. 

  252.   // Verify the database is empty.
    253. 

  253.   EXPECT_TRUE(db->GetBlacklistLogins(&result));
    254. 

  254.   ASSERT_EQ(0U, result.size());
    255. 

  255. 

  256.   // Save a form as blacklisted.
    257. 

  257.   PasswordForm form;
    258. 

  258.   form.origin = GURL("http://www.google.com/accounts/LoginAuth");
    259. 

  259.   form.action = GURL("http://www.google.com/accounts/Login");
    260. 

  260.   form.username_element = ASCIIToUTF16("Email");
    261. 

  261.   form.password_element = ASCIIToUTF16("Passwd");
    262. 

  262.   form.submit_element = ASCIIToUTF16("signIn");
    263. 

  263.   form.signon_realm = "http://www.google.com/";
    264. 

  264.   form.ssl_valid = false;
    265. 

  265.   form.preferred = true;
    266. 

  266.   form.blacklisted_by_user = true;
    267. 

  267.   form.scheme = PasswordForm::SCHEME_HTML;
    268. 

  268.   EXPECT_TRUE(db->AddLogin(form));
    269. 

  269. 

  270.   // Get all non-blacklisted logins (should be none).
    271. 

  271.   EXPECT_TRUE(db->GetAutofillableLogins(&result));
    272. 

  272.   ASSERT_EQ(0U, result.size());
    273. 

  273. 

  274.   // GetLogins should give the blacklisted result.
    275. 

  275.   EXPECT_TRUE(db->GetLogins(form, &result));
    276. 

  276.   EXPECT_EQ(1U, result.size());
    277. 

  277.   ClearResults(&result);
    278. 

  278. 

  279.   // So should GetAllBlacklistedLogins.
    280. 

  280.   EXPECT_TRUE(db->GetBlacklistLogins(&result));
    281. 

  281.   EXPECT_EQ(1U, result.size());
    282. 

  282.   ClearResults(&result);
    283. 

  283. }
    284. 

  284.