diff options
Diffstat (limited to 'chromium/components/policy/test_support/request_handler_for_register_device_and_user.cc')
-rw-r--r-- | chromium/components/policy/test_support/request_handler_for_register_device_and_user.cc | 195 |
1 files changed, 195 insertions, 0 deletions
diff --git a/chromium/components/policy/test_support/request_handler_for_register_device_and_user.cc b/chromium/components/policy/test_support/request_handler_for_register_device_and_user.cc new file mode 100644 index 00000000000..85118dd5688 --- /dev/null +++ b/chromium/components/policy/test_support/request_handler_for_register_device_and_user.cc @@ -0,0 +1,195 @@ +// Copyright 2021 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "components/policy/test_support/request_handler_for_register_device_and_user.h" + +#include <set> +#include <string> + +#include "base/guid.h" +#include "base/notreached.h" +#include "base/strings/stringprintf.h" +#include "components/policy/core/common/cloud/cloud_policy_constants.h" +#include "components/policy/proto/device_management_backend.pb.h" +#include "components/policy/test_support/client_storage.h" +#include "components/policy/test_support/policy_storage.h" +#include "components/policy/test_support/test_server_helpers.h" +#include "net/http/http_status_code.h" +#include "net/test/embedded_test_server/http_request.h" +#include "net/test/embedded_test_server/http_response.h" + +using net::test_server::HttpRequest; +using net::test_server::HttpResponse; + +namespace em = enterprise_management; + +namespace policy { + +namespace { + +void AddAllowedPolicyTypes(em::DeviceRegisterRequest::Type type, + std::set<std::string>* allowed_policy_types) { + switch (type) { + // TODO(crbug.com/1289442): Remove this case once the type is correctly set + // for request type `register`. + case em::DeviceRegisterRequest::TT: + allowed_policy_types->insert({dm_protocol::kChromeUserPolicyType}); + break; + case em::DeviceRegisterRequest::USER: + allowed_policy_types->insert({dm_protocol::kChromeUserPolicyType, + dm_protocol::kChromeExtensionPolicyType}); + break; + case em::DeviceRegisterRequest::DEVICE: + allowed_policy_types->insert( + {dm_protocol::kChromeDevicePolicyType, + dm_protocol::kChromePublicAccountPolicyType, + dm_protocol::kChromeExtensionPolicyType, + dm_protocol::kChromeSigninExtensionPolicyType}); + break; + case em::DeviceRegisterRequest::BROWSER: + allowed_policy_types->insert({dm_protocol::kChromeUserPolicyType, + dm_protocol::kChromeExtensionPolicyType}); + break; + case em::DeviceRegisterRequest::ANDROID_BROWSER: + allowed_policy_types->insert({dm_protocol::kChromeUserPolicyType}); + break; + default: + NOTREACHED(); + } +} + +std::unique_ptr<HttpResponse> ValidatePsmFields( + const em::DeviceRegisterRequest& register_request, + const PolicyStorage* policy_storage) { + const PolicyStorage::PsmEntry* psm_entry = policy_storage->GetPsmEntry( + register_request.brand_code() + "_" + register_request.machine_id()); + if (!psm_entry) + return nullptr; + + if (!register_request.has_psm_execution_result() || + !register_request.has_psm_determination_timestamp_ms()) { + return CreateHttpResponse(net::HTTP_BAD_REQUEST, + "DeviceRegisterRequest must have all required " + "PSM execution fields."); + } + + if (register_request.psm_execution_result() != + psm_entry->psm_execution_result || + psm_entry->psm_determination_timestamp != + register_request.psm_determination_timestamp_ms()) { + return CreateHttpResponse( + net::HTTP_BAD_REQUEST, + "DeviceRegisterRequest must have all correct PSM execution values"); + } + + return nullptr; +} + +std::unique_ptr<HttpResponse> ValidateLicenses( + const em::DeviceRegisterRequest& register_request, + const PolicyStorage* policy_storage) { + bool is_enterprise_license = true; + if (register_request.has_license_type() && + register_request.license_type().license_type() == + em::LicenseType_LicenseTypeEnum::LicenseType_LicenseTypeEnum_KIOSK) { + is_enterprise_license = false; + } + + if ((is_enterprise_license && policy_storage->has_enterprise_license()) || + (!is_enterprise_license && policy_storage->has_kiosk_license())) { + return nullptr; + } + + return CreateHttpResponse(net::HTTP_PAYMENT_REQUIRED, "No license."); +} + +} // namespace + +RequestHandlerForRegisterDeviceAndUser::RequestHandlerForRegisterDeviceAndUser( + ClientStorage* client_storage, + PolicyStorage* policy_storage) + : EmbeddedPolicyTestServer::RequestHandler(client_storage, policy_storage) { +} + +RequestHandlerForRegisterDeviceAndUser:: + ~RequestHandlerForRegisterDeviceAndUser() = default; + +std::string RequestHandlerForRegisterDeviceAndUser::RequestType() { + return dm_protocol::kValueRequestRegister; +} + +std::unique_ptr<HttpResponse> +RequestHandlerForRegisterDeviceAndUser::HandleRequest( + const HttpRequest& request) { + // Only checks the the oauth token is set, but doesn't use it yet. User will + // be obtained from the policy storage. + // TODO(http://crbug.com/1227123): Add support for authentication. + std::string google_login; + if (!GetGoogleLoginFromRequest(request, &google_login)) + return CreateHttpResponse(net::HTTP_UNAUTHORIZED, "User not authorized."); + + const base::flat_set<std::string>& managed_users = + policy_storage()->managed_users(); + if (managed_users.empty()) { + return CreateHttpResponse(net::HTTP_INTERNAL_SERVER_ERROR, + "No managed users."); + } + + const std::string& policy_user = policy_storage()->policy_user(); + if (managed_users.find("*") == managed_users.end() && + managed_users.find(policy_user) == managed_users.end()) { + return CreateHttpResponse(net::HTTP_FORBIDDEN, "Unmanaged."); + } + + em::DeviceManagementRequest device_management_request; + device_management_request.ParseFromString(request.content); + const em::DeviceRegisterRequest& register_request = + device_management_request.register_request(); + + std::unique_ptr<HttpResponse> error_response = + ValidatePsmFields(register_request, policy_storage()); + if (error_response) + return error_response; + + error_response = ValidateLicenses(register_request, policy_storage()); + if (error_response) + return error_response; + + return RegisterDeviceAndSendResponse(request, register_request, policy_user); +} + +std::unique_ptr<HttpResponse> +RequestHandlerForRegisterDeviceAndUser::RegisterDeviceAndSendResponse( + const HttpRequest& request, + const em::DeviceRegisterRequest& register_request, + const std::string& policy_user) { + std::string device_id = + KeyValueFromUrl(request.GetURL(), dm_protocol::kParamDeviceID); + std::string device_token = base::GUID::GenerateRandomV4().AsLowercaseString(); + std::string machine_name = base::StringPrintf( + "%s - %s", register_request.machine_model().c_str(), device_id.c_str()); + + ClientStorage::ClientInfo client_info; + client_info.device_id = device_id; + client_info.device_token = device_token; + client_info.machine_name = machine_name; + if (!policy_user.empty()) + client_info.username = policy_user; + AddAllowedPolicyTypes(register_request.type(), + &client_info.allowed_policy_types); + client_storage()->RegisterClient(std::move(client_info)); + + em::DeviceManagementResponse device_management_response; + em::DeviceRegisterResponse* register_response = + device_management_response.mutable_register_response(); + register_response->set_device_management_token(device_token); + register_response->set_machine_name(machine_name); + register_response->set_enrollment_type( + em::DeviceRegisterResponse::ENTERPRISE); + + return CreateHttpResponse(net::HTTP_OK, + device_management_response.SerializeAsString()); +} + +} // namespace policy |