login_manager/validator_utils_test.cc - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2017 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "login_manager/validator_utils.h"

 #include <brillo/cryptohome.h>
 #include <gtest/gtest.h>

 #include "login_manager/proto_bindings/policy_descriptor.pb.h"

 using brillo::cryptohome::home::kGuestUserName;

 namespace {

 constexpr char kValidAccountId[] = "g-account-id";
 constexpr char kInvalidAccountId[] = "invalid_account_id";
 constexpr char kValidExtensionId[] = "abcdefghijklmnopABCDEFGHIJKLMNOP";
 constexpr char kInvalidExtensionId[] = "../../../etc/passwd";

 }  // namespace

 namespace login_manager {

 TEST(ValidatorUtilsTest, EmailAddressTest) {
   EXPECT_TRUE(ValidateEmail("user_who+we.like@some-where.com"));
   EXPECT_TRUE(ValidateEmail("john_doe's_mail@some-where.com"));
   EXPECT_TRUE(ValidateEmail("UPPERCASE_MAIN@some-where.com"));
 }

 TEST(ValidatorUtilsTest, EmailAddressNonAsciiTest) {
   char invalid[4] = "a@m";
   invalid[2] = static_cast<char>(254);
   EXPECT_FALSE(ValidateEmail(invalid));
 }

 TEST(ValidatorUtilsTest, EmailAddressNoAtTest) {
   const char no_at[] = "user";
   EXPECT_FALSE(ValidateEmail(no_at));
 }

 TEST(ValidatorUtilsTest, EmailAddressTooMuchAtTest) {
   const char extra_at[] = "user@what@where";
   EXPECT_FALSE(ValidateEmail(extra_at));
 }

 TEST(ValidatorUtilsTest, AccountIdKeyTest) {
   EXPECT_TRUE(ValidateAccountIdKey("g-1234567890123456"));
   // email string is invalid GaiaIdKey
   EXPECT_FALSE(ValidateAccountIdKey("john@some.where.com"));
   // Only alphanumeric characters plus a colon are allowed.
   EXPECT_TRUE(ValidateAccountIdKey("g-1234567890"));
   EXPECT_TRUE(ValidateAccountIdKey("g-abcdef0123456789"));
   EXPECT_TRUE(ValidateAccountIdKey("g-ABCDEF0123456789"));
   EXPECT_FALSE(ValidateAccountIdKey("g-123@some.where.com"));
   EXPECT_FALSE(ValidateAccountIdKey("g-123@localhost"));
   // Active Directory account keys.
   EXPECT_TRUE(ValidateAccountIdKey("a-abcdef0123456789"));
   EXPECT_FALSE(ValidateAccountIdKey("a-123@localhost"));
 }

 TEST(ValidatorUtilsTest, ExtensionIdTest) {
   EXPECT_TRUE(ValidateExtensionId(kValidExtensionId));
   EXPECT_FALSE(ValidateExtensionId(kInvalidExtensionId));
   EXPECT_FALSE(ValidateExtensionId(""));
 }

 TEST(ValidatorUtilsTest, AccountIdTest) {
   std::string normalized_account_id;
   EXPECT_TRUE(ValidateAccountId(kGuestUserName, &normalized_account_id));
   EXPECT_EQ(kGuestUserName, normalized_account_id);
   EXPECT_TRUE(ValidateAccountId("JOHN@doe.com", &normalized_account_id));
   EXPECT_EQ("john@doe.com", normalized_account_id);
   EXPECT_TRUE(ValidateAccountId(kValidAccountId, &normalized_account_id));
   EXPECT_EQ(kValidAccountId, normalized_account_id);
   EXPECT_FALSE(ValidateAccountId(kInvalidAccountId, &normalized_account_id));
   EXPECT_TRUE(normalized_account_id.empty());
   EXPECT_FALSE(ValidateAccountId("", &normalized_account_id));
   EXPECT_TRUE(normalized_account_id.empty());
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorDeviceAccountValid) {
   PolicyDescriptor desc;
   desc.set_account_type(ACCOUNT_TYPE_DEVICE);
   EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
   EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kRetrieve));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorDeviceAccountInvalid) {
   PolicyDescriptor desc;
   desc.set_account_type(ACCOUNT_TYPE_DEVICE);
   desc.set_account_id(kValidAccountId);
   EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
   EXPECT_FALSE(
       ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kRetrieve));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorUserAccountValid) {
   PolicyDescriptor desc;
   desc.set_account_type(ACCOUNT_TYPE_USER);
   desc.set_account_id(kValidAccountId);
   EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
   EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kRetrieve));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorUserAccountNoAccountId) {
   PolicyDescriptor desc;
   desc.set_account_type(ACCOUNT_TYPE_USER);
   EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorUserAccountInvalidAccountId) {
   PolicyDescriptor desc;
   desc.set_account_type(ACCOUNT_TYPE_USER);
   desc.set_account_id(kInvalidAccountId);
   EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
   EXPECT_FALSE(
       ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kRetrieve));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorSessionlessUserAccountRetrieveOnly) {
   PolicyDescriptor desc;
   desc.set_account_type(ACCOUNT_TYPE_SESSIONLESS_USER);
   desc.set_account_id(kValidAccountId);
   EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
   EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kRetrieve));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorDeviceLocalAccountValid) {
   PolicyDescriptor desc;
   desc.set_account_type(ACCOUNT_TYPE_DEVICE_LOCAL_ACCOUNT);
   desc.set_account_id(kValidAccountId);
   EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
   EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kRetrieve));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorChromeDomainValid) {
   PolicyDescriptor desc;
   desc.set_domain(POLICY_DOMAIN_CHROME);
   EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorChromeDomainInvalid) {
   PolicyDescriptor desc;
   desc.set_domain(POLICY_DOMAIN_CHROME);
   desc.set_component_id(kValidExtensionId);
   EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorExtensionDomainValid) {
   PolicyDescriptor desc;
   desc.set_domain(POLICY_DOMAIN_EXTENSIONS);
   desc.set_component_id(kValidExtensionId);
   EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
   desc.set_domain(POLICY_DOMAIN_SIGNIN_EXTENSIONS);
   EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorExtensionDomainInvalid) {
   PolicyDescriptor desc;
   desc.set_domain(POLICY_DOMAIN_EXTENSIONS);
   EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
   desc.set_domain(POLICY_DOMAIN_SIGNIN_EXTENSIONS);
   EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorExtensionDomainInvalidExtensionId) {
   PolicyDescriptor desc;
   desc.set_domain(POLICY_DOMAIN_EXTENSIONS);
   desc.set_component_id(kInvalidExtensionId);
   EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
   desc.set_domain(POLICY_DOMAIN_SIGNIN_EXTENSIONS);
   EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorInvalidForChromeDomainAndList) {
   PolicyDescriptor desc;
   desc.set_account_type(ACCOUNT_TYPE_DEVICE);
   desc.set_domain(POLICY_DOMAIN_CHROME);
   EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kList));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorInvalidForValidComponentIdAndList) {
   PolicyDescriptor desc;
   desc.set_account_type(ACCOUNT_TYPE_DEVICE);
   desc.set_domain(POLICY_DOMAIN_EXTENSIONS);
   desc.set_component_id(kValidExtensionId);
   EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kList));
 }

 TEST(ValidatorUtilsTest, PolicyDescriptorValidForNoComponentIdAndList) {
   PolicyDescriptor desc;
   desc.set_account_type(ACCOUNT_TYPE_DEVICE);
   desc.set_domain(POLICY_DOMAIN_EXTENSIONS);
   EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kList));
 }

 }  // namespace login_manager
	// Copyright 2017 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "login_manager/validator_utils.h"

	#include <brillo/cryptohome.h>
	#include <gtest/gtest.h>

	#include "login_manager/proto_bindings/policy_descriptor.pb.h"

	using brillo::cryptohome::home::kGuestUserName;

	namespace {

	constexpr char kValidAccountId[] = "g-account-id";
	constexpr char kInvalidAccountId[] = "invalid_account_id";
	constexpr char kValidExtensionId[] = "abcdefghijklmnopABCDEFGHIJKLMNOP";
	constexpr char kInvalidExtensionId[] = "../../../etc/passwd";

	} // namespace

	namespace login_manager {

	TEST(ValidatorUtilsTest, EmailAddressTest) {
	EXPECT_TRUE(ValidateEmail("user_who+we.like@some-where.com"));
	EXPECT_TRUE(ValidateEmail("john_doe's_mail@some-where.com"));
	EXPECT_TRUE(ValidateEmail("UPPERCASE_MAIN@some-where.com"));
	}

	TEST(ValidatorUtilsTest, EmailAddressNonAsciiTest) {
	char invalid[4] = "a@m";
	invalid[2] = static_cast<char>(254);
	EXPECT_FALSE(ValidateEmail(invalid));
	}

	TEST(ValidatorUtilsTest, EmailAddressNoAtTest) {
	const char no_at[] = "user";
	EXPECT_FALSE(ValidateEmail(no_at));
	}

	TEST(ValidatorUtilsTest, EmailAddressTooMuchAtTest) {
	const char extra_at[] = "user@what@where";
	EXPECT_FALSE(ValidateEmail(extra_at));
	}

	TEST(ValidatorUtilsTest, AccountIdKeyTest) {
	EXPECT_TRUE(ValidateAccountIdKey("g-1234567890123456"));
	// email string is invalid GaiaIdKey
	EXPECT_FALSE(ValidateAccountIdKey("john@some.where.com"));
	// Only alphanumeric characters plus a colon are allowed.
	EXPECT_TRUE(ValidateAccountIdKey("g-1234567890"));
	EXPECT_TRUE(ValidateAccountIdKey("g-abcdef0123456789"));
	EXPECT_TRUE(ValidateAccountIdKey("g-ABCDEF0123456789"));
	EXPECT_FALSE(ValidateAccountIdKey("g-123@some.where.com"));
	EXPECT_FALSE(ValidateAccountIdKey("g-123@localhost"));
	// Active Directory account keys.
	EXPECT_TRUE(ValidateAccountIdKey("a-abcdef0123456789"));
	EXPECT_FALSE(ValidateAccountIdKey("a-123@localhost"));
	}

	TEST(ValidatorUtilsTest, ExtensionIdTest) {
	EXPECT_TRUE(ValidateExtensionId(kValidExtensionId));
	EXPECT_FALSE(ValidateExtensionId(kInvalidExtensionId));
	EXPECT_FALSE(ValidateExtensionId(""));
	}

	TEST(ValidatorUtilsTest, AccountIdTest) {
	std::string normalized_account_id;
	EXPECT_TRUE(ValidateAccountId(kGuestUserName, &normalized_account_id));
	EXPECT_EQ(kGuestUserName, normalized_account_id);
	EXPECT_TRUE(ValidateAccountId("JOHN@doe.com", &normalized_account_id));
	EXPECT_EQ("john@doe.com", normalized_account_id);
	EXPECT_TRUE(ValidateAccountId(kValidAccountId, &normalized_account_id));
	EXPECT_EQ(kValidAccountId, normalized_account_id);
	EXPECT_FALSE(ValidateAccountId(kInvalidAccountId, &normalized_account_id));
	EXPECT_TRUE(normalized_account_id.empty());
	EXPECT_FALSE(ValidateAccountId("", &normalized_account_id));
	EXPECT_TRUE(normalized_account_id.empty());
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorDeviceAccountValid) {
	PolicyDescriptor desc;
	desc.set_account_type(ACCOUNT_TYPE_DEVICE);
	EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kRetrieve));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorDeviceAccountInvalid) {
	PolicyDescriptor desc;
	desc.set_account_type(ACCOUNT_TYPE_DEVICE);
	desc.set_account_id(kValidAccountId);
	EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	EXPECT_FALSE(
	ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kRetrieve));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorUserAccountValid) {
	PolicyDescriptor desc;
	desc.set_account_type(ACCOUNT_TYPE_USER);
	desc.set_account_id(kValidAccountId);
	EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kRetrieve));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorUserAccountNoAccountId) {
	PolicyDescriptor desc;
	desc.set_account_type(ACCOUNT_TYPE_USER);
	EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorUserAccountInvalidAccountId) {
	PolicyDescriptor desc;
	desc.set_account_type(ACCOUNT_TYPE_USER);
	desc.set_account_id(kInvalidAccountId);
	EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	EXPECT_FALSE(
	ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kRetrieve));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorSessionlessUserAccountRetrieveOnly) {
	PolicyDescriptor desc;
	desc.set_account_type(ACCOUNT_TYPE_SESSIONLESS_USER);
	desc.set_account_id(kValidAccountId);
	EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kRetrieve));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorDeviceLocalAccountValid) {
	PolicyDescriptor desc;
	desc.set_account_type(ACCOUNT_TYPE_DEVICE_LOCAL_ACCOUNT);
	desc.set_account_id(kValidAccountId);
	EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kRetrieve));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorChromeDomainValid) {
	PolicyDescriptor desc;
	desc.set_domain(POLICY_DOMAIN_CHROME);
	EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorChromeDomainInvalid) {
	PolicyDescriptor desc;
	desc.set_domain(POLICY_DOMAIN_CHROME);
	desc.set_component_id(kValidExtensionId);
	EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorExtensionDomainValid) {
	PolicyDescriptor desc;
	desc.set_domain(POLICY_DOMAIN_EXTENSIONS);
	desc.set_component_id(kValidExtensionId);
	EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	desc.set_domain(POLICY_DOMAIN_SIGNIN_EXTENSIONS);
	EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorExtensionDomainInvalid) {
	PolicyDescriptor desc;
	desc.set_domain(POLICY_DOMAIN_EXTENSIONS);
	EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	desc.set_domain(POLICY_DOMAIN_SIGNIN_EXTENSIONS);
	EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorExtensionDomainInvalidExtensionId) {
	PolicyDescriptor desc;
	desc.set_domain(POLICY_DOMAIN_EXTENSIONS);
	desc.set_component_id(kInvalidExtensionId);
	EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	desc.set_domain(POLICY_DOMAIN_SIGNIN_EXTENSIONS);
	EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kStore));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorInvalidForChromeDomainAndList) {
	PolicyDescriptor desc;
	desc.set_account_type(ACCOUNT_TYPE_DEVICE);
	desc.set_domain(POLICY_DOMAIN_CHROME);
	EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kList));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorInvalidForValidComponentIdAndList) {
	PolicyDescriptor desc;
	desc.set_account_type(ACCOUNT_TYPE_DEVICE);
	desc.set_domain(POLICY_DOMAIN_EXTENSIONS);
	desc.set_component_id(kValidExtensionId);
	EXPECT_FALSE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kList));
	}

	TEST(ValidatorUtilsTest, PolicyDescriptorValidForNoComponentIdAndList) {
	PolicyDescriptor desc;
	desc.set_account_type(ACCOUNT_TYPE_DEVICE);
	desc.set_domain(POLICY_DOMAIN_EXTENSIONS);
	EXPECT_TRUE(ValidatePolicyDescriptor(desc, PolicyDescriptorUsage::kList));
	}

	} // namespace login_manager