1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <cerrno>
17 #include <filesystem>
18 #include <mutex>
19 #include <gtest/gtest.h>
20 #include <thread>
21 #include <unistd.h>
22 #include "accesstoken_kit.h"
23 #include "account_error_no.h"
24 #include "account_file_operator.h"
25 #include "account_log_wrapper.h"
26 #include "account_permission_manager.h"
27 #include "domain_account_callback_service.h"
28 #ifdef BUNDLE_ADAPTER_MOCK
29 #include "domain_account_manager_service.h"
30 #include "domain_account_proxy.h"
31 #endif
32 #define private public
33 #include "domain_account_client.h"
34 #include "inner_domain_account_manager.h"
35 #include "iinner_os_account_manager.h"
36 #include "os_account.h"
37 #undef private
38 #include "ipc_skeleton.h"
39 #include "mock_domain_auth_callback.h"
40 #include "mock_domain_auth_callback_for_listener.h"
41 #include "mock_domain_create_domain_account_callback.h"
42 #include "mock_domain_has_domain_info_callback.h"
43 #include "mock_domain_get_access_token_callback.h"
44 #include "mock_domain_plugin.h"
45 #include "mock_domain_so_plugin.h"
46 #include "os_account_manager.h"
47 #ifdef BUNDLE_ADAPTER_MOCK
48 #include "os_account_manager_service.h"
49 #include "os_account_proxy.h"
50 #endif
51 #include "token_setproc.h"
52
53 using namespace testing;
54 using namespace testing::ext;
55 using namespace OHOS;
56 using namespace OHOS::AccountSA;
57 using namespace OHOS::Security::AccessToken;
58 using namespace OHOS::AccountSA::Constants;
59
60 namespace {
61 static int g_a = 1;
62 static void *g_ptr = &g_a;
63 const int32_t ROOT_UID = 0;
64 const int32_t EDM_UID = 3057;
65 static constexpr int32_t DEFAULT_API_VERSION = 8;
66 const std::vector<uint8_t> DEFAULT_TOKEN = {49, 50, 51, 52, 53};
67 static uint64_t g_selfTokenID;
68 const int32_t WAIT_TIME = 2;
69 #ifdef ENABLE_MULTIPLE_OS_ACCOUNTS
70 const std::string STRING_SHORT_NAME_OUT_OF_RANGE(256, '1');
71 #endif
72 const std::map<PluginMethodEnum, void *> PLUGIN_METHOD_MAP = {
73 {PluginMethodEnum::AUTH, reinterpret_cast<void *>(Auth)},
74 {PluginMethodEnum::GET_ACCOUNT_INFO, reinterpret_cast<void *>(GetAccountInfo)},
75 {PluginMethodEnum::BIND_ACCOUNT, reinterpret_cast<void *>(BindAccount)},
76 {PluginMethodEnum::IS_AUTHENTICATION_EXPIRED, reinterpret_cast<void *>(IsAuthenticationExpired)},
77 {PluginMethodEnum::SET_ACCOUNT_POLICY, reinterpret_cast<void *>(SetAccountPolicy)},
78 {PluginMethodEnum::UPDATE_ACCOUNT_INFO, reinterpret_cast<void *>(UpdateAccountInfo)},
79 };
80 }
81
AllocPermission(std::vector<std::string> permissions,AccessTokenID & tokenID,bool isSystemApp=true)82 static bool AllocPermission(std::vector<std::string> permissions, AccessTokenID &tokenID, bool isSystemApp = true)
83 {
84 std::vector<PermissionStateFull> permissionStates;
85 for (const auto& permission : permissions) {
86 PermissionStateFull permissionState = {
87 .permissionName = permission,
88 .isGeneral = true,
89 .resDeviceID = {"local"},
90 .grantStatus = {PermissionState::PERMISSION_GRANTED},
91 .grantFlags = {PERMISSION_SYSTEM_FIXED}
92 };
93 permissionStates.emplace_back(permissionState);
94 }
95 HapPolicyParams hapPolicyParams = {
96 .apl = APL_NORMAL,
97 .domain = "test.domain",
98 .permList = {},
99 .permStateList = permissionStates
100 };
101
102 HapInfoParams hapInfoParams = {
103 .userID = 100,
104 .bundleName = "account_test",
105 .instIndex = 0,
106 .appIDDesc = "account_test",
107 .apiVersion = DEFAULT_API_VERSION,
108 .isSystemApp = isSystemApp
109 };
110
111 AccessTokenIDEx tokenIdEx = {0};
112 tokenIdEx = AccessTokenKit::AllocHapToken(hapInfoParams, hapPolicyParams);
113 tokenID = tokenIdEx.tokenIdExStruct.tokenID;
114 return (INVALID_TOKENID != tokenIdEx.tokenIDEx) && (0 == SetSelfTokenID(tokenIdEx.tokenIDEx));
115 }
116
RecoveryPermission(AccessTokenID tokenID)117 bool RecoveryPermission(AccessTokenID tokenID)
118 {
119 return (ERR_OK == AccessTokenKit::DeleteToken(tokenID)) && (ERR_OK == SetSelfTokenID(g_selfTokenID));
120 }
121
122 class MockPluginSoDomainAuthCallback {
123 public:
124 MOCK_METHOD2(OnResult, void(int32_t resultCode, const DomainAuthResult &result));
125 };
126
127 class TestPluginSoDomainAuthCallback : public DomainAccountCallback {
128 public:
129 explicit TestPluginSoDomainAuthCallback(const std::shared_ptr<MockPluginSoDomainAuthCallback> &callback);
130 virtual ~TestPluginSoDomainAuthCallback();
131 void OnResult(const int32_t errCode, Parcel &parcel) override;
132 void SetOsAccountInfo(const OsAccountInfo &info);
133
134 private:
135 std::shared_ptr<MockPluginSoDomainAuthCallback> callback_;
136 OsAccountInfo accountInfo_;
137 };
138
TestPluginSoDomainAuthCallback(const std::shared_ptr<MockPluginSoDomainAuthCallback> & callback)139 TestPluginSoDomainAuthCallback::TestPluginSoDomainAuthCallback(
140 const std::shared_ptr<MockPluginSoDomainAuthCallback> &callback)
141 : callback_(callback)
142 {}
143
~TestPluginSoDomainAuthCallback()144 TestPluginSoDomainAuthCallback::~TestPluginSoDomainAuthCallback()
145 {}
146
OnResult(const int32_t errCode,Parcel & parcel)147 void TestPluginSoDomainAuthCallback::OnResult(const int32_t errCode, Parcel &parcel)
148 {
149 ACCOUNT_LOGI("TestPluginSoDomainAuthCallback");
150 if (callback_ == nullptr) {
151 ACCOUNT_LOGE("callback is nullptr");
152 return;
153 }
154 std::shared_ptr<DomainAuthResult> authResult(DomainAuthResult::Unmarshalling(parcel));
155 callback_->OnResult(errCode, (*authResult));
156 }
157
SetOsAccountInfo(const OsAccountInfo & accountInfo)158 void TestPluginSoDomainAuthCallback::SetOsAccountInfo(const OsAccountInfo &accountInfo)
159 {
160 accountInfo_ = accountInfo;
161 }
162
163 class MockPluginSoDomainCreateDomainAccountCallback {
164 public:
165 MOCK_METHOD4(OnResult, void(const int32_t errCode, const std::string &accountName, const std::string &domain,
166 const std::string &accountId));
167 };
168
169 class TestPluginSoCreateDomainAccountCallback : public DomainAccountCallback {
170 public:
171 explicit TestPluginSoCreateDomainAccountCallback(
172 const std::shared_ptr<MockPluginSoDomainCreateDomainAccountCallback> &callback);
173 virtual ~TestPluginSoCreateDomainAccountCallback();
174 void OnResult(const int32_t errCode, Parcel &parcel) override;
175 int32_t GetLocalId();
176 std::condition_variable cv;
177 bool isReady = false;
178 std::mutex mutex;
179 private:
180 int32_t localId_;
181 std::shared_ptr<MockPluginSoDomainCreateDomainAccountCallback> callback_;
182 };
183
TestPluginSoCreateDomainAccountCallback(const std::shared_ptr<MockPluginSoDomainCreateDomainAccountCallback> & callback)184 TestPluginSoCreateDomainAccountCallback::TestPluginSoCreateDomainAccountCallback(
185 const std::shared_ptr<MockPluginSoDomainCreateDomainAccountCallback> &callback)
186 : callback_(callback)
187 {}
188
~TestPluginSoCreateDomainAccountCallback()189 TestPluginSoCreateDomainAccountCallback::~TestPluginSoCreateDomainAccountCallback()
190 {}
191
OnResult(const int32_t errCode,Parcel & parcel)192 void TestPluginSoCreateDomainAccountCallback::OnResult(const int32_t errCode, Parcel &parcel)
193 {
194 if (callback_ == nullptr) {
195 return;
196 }
197 OsAccountInfo *osAccountInfo = OsAccountInfo::Unmarshalling(parcel);
198 DomainAccountInfo newDomainInfo;
199 osAccountInfo->GetDomainInfo(newDomainInfo);
200 callback_->OnResult(errCode, newDomainInfo.accountName_, newDomainInfo.domain_, newDomainInfo.accountId_);
201 localId_ = osAccountInfo->GetLocalId();
202 std::unique_lock<std::mutex> lock(mutex);
203 isReady = true;
204 cv.notify_one();
205 return;
206 }
207
LoadPluginMethods()208 static void LoadPluginMethods()
209 {
210 std::lock_guard<std::mutex> lock(InnerDomainAccountManager::GetInstance().libMutex_);
211 InnerDomainAccountManager::GetInstance().libHandle_ = g_ptr;
212 InnerDomainAccountManager::GetInstance().methodMap_.clear();
213 for (const auto &mockMethod : PLUGIN_METHOD_MAP) {
214 InnerDomainAccountManager::GetInstance().methodMap_.emplace(mockMethod.first, mockMethod.second);
215 }
216 }
217
UnloadPluginMethods()218 static void UnloadPluginMethods()
219 {
220 std::lock_guard<std::mutex> lock(InnerDomainAccountManager::GetInstance().libMutex_);
221 InnerDomainAccountManager::GetInstance().libHandle_ = nullptr;
222 InnerDomainAccountManager::GetInstance().methodMap_.clear();
223 }
224
GetLocalId(void)225 int32_t TestPluginSoCreateDomainAccountCallback::GetLocalId(void)
226 {
227 return localId_;
228 }
229
230 class DomainAccountClientMockPluginSoModuleTest : public testing::Test {
231 public:
232 static void SetUpTestCase(void);
233 static void TearDownTestCase(void);
234 void SetUp();
235 void TearDown();
236 };
237
SetUpTestCase(void)238 void DomainAccountClientMockPluginSoModuleTest::SetUpTestCase(void)
239 {
240 GTEST_LOG_(INFO) << "SetUpTestCase enter";
241 #ifdef ACCOUNT_TEST
242 AccountFileOperator osAccountFileOperator;
243 osAccountFileOperator.DeleteDirOrFile(USER_INFO_BASE);
244 GTEST_LOG_(INFO) << "delete account test path " << USER_INFO_BASE;
245 #endif // ACCOUNT_TEST
246 #ifdef BUNDLE_ADAPTER_MOCK
247 auto servicePtr = new (std::nothrow) DomainAccountManagerService();
248 ASSERT_NE(servicePtr, nullptr);
249 DomainAccountClient::GetInstance().proxy_ = new (std::nothrow) DomainAccountProxy(servicePtr->AsObject());
250 ASSERT_NE(DomainAccountClient::GetInstance().proxy_, nullptr);
251 auto osAccountService = new (std::nothrow) OsAccountManagerService();
252 ASSERT_NE(osAccountService, nullptr);
253 IInnerOsAccountManager::GetInstance().Init();
254 IInnerOsAccountManager::GetInstance().ActivateDefaultOsAccount();
255 OsAccount::GetInstance().proxy_ = new (std::nothrow) OsAccountProxy(osAccountService->AsObject());
256 ASSERT_NE(OsAccount::GetInstance().proxy_, nullptr);
257 g_selfTokenID = IPCSkeleton::GetSelfTokenID();
258 #endif
259 }
260
TearDownTestCase(void)261 void DomainAccountClientMockPluginSoModuleTest::TearDownTestCase(void)
262 {
263 GTEST_LOG_(INFO) << "TearDownTestCase";
264 #ifdef ACCOUNT_TEST
265 AccountFileOperator osAccountFileOperator;
266 osAccountFileOperator.DeleteDirOrFile(USER_INFO_BASE);
267 GTEST_LOG_(INFO) << "delete account test path " << USER_INFO_BASE;
268 #endif // ACCOUNT_TEST
269 }
270
SetUp(void)271 void DomainAccountClientMockPluginSoModuleTest::SetUp(void) __attribute__((no_sanitize("cfi")))
272 {
273 testing::UnitTest *test = testing::UnitTest::GetInstance();
274 ASSERT_NE(test, nullptr);
275 const testing::TestInfo *testinfo = test->current_test_info();
276 ASSERT_NE(testinfo, nullptr);
277 string testCaseName = string(testinfo->name());
278 ACCOUNT_LOGI("[SetUp] %{public}s start", testCaseName.c_str());
279
280 std::vector<OsAccountInfo> osAccountInfos;
281 OsAccount::GetInstance().QueryAllCreatedOsAccounts(osAccountInfos);
282 for (const auto &info : osAccountInfos) {
283 if (info.GetLocalId() == START_USER_ID) {
284 continue;
285 }
286 ACCOUNT_LOGI("[SetUp] remove account %{public}d", info.GetLocalId());
287 OsAccount::GetInstance().RemoveOsAccount(info.GetLocalId());
288 }
289 #ifdef BUNDLE_ADAPTER_MOCK
290 setuid(ROOT_UID);
291 #endif
292 }
293
TearDown(void)294 void DomainAccountClientMockPluginSoModuleTest::TearDown(void)
295 {}
296
297 /**
298 * @tc.name: DomainAccountClientModuleTest_SetAuthenticationExpiryThreshold_001
299 * @tc.desc: SetAccountPolicy failed with no plugin so.
300 * @tc.type: FUNC
301 * @tc.require:
302 */
303 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_SetAuthenticationExpiryThreshold_001,
304 TestSize.Level0)
305 {
306 AccessTokenID tokenID;
307 ASSERT_TRUE(AllocPermission({"ohos.permission.MANAGE_LOCAL_ACCOUNTS"}, tokenID));
308 setuid(EDM_UID);
309 UnloadPluginMethods();
310
311 DomainAccountPolicy policy;
312 policy.authenicationValidityPeriod = 1;
313 EXPECT_EQ(DomainAccountClient::GetInstance().SetAccountPolicy(policy), ERR_DOMAIN_ACCOUNT_SERVICE_PLUGIN_NOT_EXIST);
314 setuid(ROOT_UID);
315 ASSERT_TRUE(RecoveryPermission(tokenID));
316 }
317
318 /**
319 * @tc.name: DomainAccountClientModuleTest_SetAuthenticationExpiryThreshold_002
320 * @tc.desc: SetAccountPolicy failed with not EDM.
321 * @tc.type: FUNC
322 * @tc.require:
323 */
324 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_SetAuthenticationExpiryThreshold_002,
325 TestSize.Level0)
326 {
327 AccessTokenID tokenID;
328 ASSERT_TRUE(AllocPermission({"ohos.permission.MANAGE_LOCAL_ACCOUNTS"}, tokenID));
329 LoadPluginMethods();
330 DomainAccountPolicy policy;
331 policy.authenicationValidityPeriod = 10;
332 EXPECT_EQ(DomainAccountClient::GetInstance().SetAccountPolicy(policy),
333 ERR_ACCOUNT_COMMON_PERMISSION_DENIED);
334 UnloadPluginMethods();
335 ASSERT_TRUE(RecoveryPermission(tokenID));
336 }
337
338 /**
339 * @tc.name: DomainAccountClientModuleTest_SetAuthenticationExpiryThreshold_003
340 * @tc.desc: SetAccountPolicy failed with no ohos.permission.MANAGE_LOCAL_ACCOUNTS permission.
341 * @tc.type: FUNC
342 * @tc.require:
343 */
344 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_SetAuthenticationExpiryThreshold_003,
345 TestSize.Level0)
346 {
347 LoadPluginMethods();
348 DomainAccountPolicy policy;
349 policy.authenicationValidityPeriod = 10;
350 EXPECT_EQ(DomainAccountClient::GetInstance().SetAccountPolicy(policy),
351 ERR_ACCOUNT_COMMON_PERMISSION_DENIED);
352 UnloadPluginMethods();
353 }
354
355 /**
356 * @tc.name: DomainAccountClientModuleTest_SetAuthenticationExpiryThreshold_004
357 * @tc.desc: SetAccountPolicy success.
358 * @tc.type: FUNC
359 * @tc.require:
360 */
361 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_SetAuthenticationExpiryThreshold_004,
362 TestSize.Level0)
363 {
364 AccessTokenID tokenID;
365 ASSERT_TRUE(AllocPermission({"ohos.permission.MANAGE_LOCAL_ACCOUNTS"}, tokenID));
366 setuid(EDM_UID);
367 LoadPluginMethods();
368 DomainAccountPolicy policy;
369 policy.authenicationValidityPeriod = 10;
370 EXPECT_EQ(DomainAccountClient::GetInstance().SetAccountPolicy(policy), ERR_OK);
371 UnloadPluginMethods();
372 setuid(ROOT_UID);
373 ASSERT_TRUE(RecoveryPermission(tokenID));
374 }
375
376 /**
377 * @tc.name: DomainAccountClientModuleTest_UpdateAccountInfo_001
378 * @tc.desc: UpdateAccountInfo success.
379 * @tc.type: FUNC
380 * @tc.require:
381 */
382 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_UpdateAccountInfo_001,
383 TestSize.Level0)
384 {
385 DomainAccountInfo oldDomainInfo;
386 oldDomainInfo.accountName_ = "testAccount";
387 oldDomainInfo.domain_ = "test.example.com";
388 oldDomainInfo.accountId_ = "testAccountId";
389
390 DomainAccountInfo newDomainInfo;
391 newDomainInfo.accountName_ = "testNewAccount";
392 newDomainInfo.domain_ = "test.example.com";
393 newDomainInfo.accountId_ = "testAccountId2";
394
395 LoadPluginMethods();
396 auto callback = std::make_shared<MockPluginSoDomainCreateDomainAccountCallback>();
397 ASSERT_NE(callback, nullptr);
398 auto testCallback = std::make_shared<TestPluginSoCreateDomainAccountCallback>(callback);
399 EXPECT_CALL(*callback, OnResult(ERR_OK, "testAccount", "test.example.com", _)).Times(Exactly(1));
400 ASSERT_NE(testCallback, nullptr);
401 ErrCode errCode = OsAccountManager::CreateOsAccountForDomain(OsAccountType::NORMAL, oldDomainInfo, testCallback);
402 std::unique_lock<std::mutex> lock(testCallback->mutex);
403 testCallback->cv.wait_for(lock, std::chrono::seconds(WAIT_TIME),
__anon2636d2310202() 404 [lockCallback = testCallback]() { return lockCallback->isReady; });
405 EXPECT_EQ(errCode, ERR_OK);
406 int32_t oldUserId = -1;
407 EXPECT_EQ(OsAccountManager::GetOsAccountLocalIdFromDomain(oldDomainInfo, oldUserId), ERR_OK);
408
409 ASSERT_EQ(DomainAccountClient::GetInstance().UpdateAccountInfo(oldDomainInfo, newDomainInfo), ERR_OK);
410 UnloadPluginMethods();
411 int32_t newUserId = -1;
412
413 EXPECT_EQ(OsAccountManager::GetOsAccountLocalIdFromDomain(newDomainInfo, newUserId), ERR_OK);
414 EXPECT_EQ(newUserId, oldUserId);
415 EXPECT_EQ(OsAccountManager::RemoveOsAccount(newUserId), ERR_OK);
416 }
417
418 /**
419 * @tc.name: DomainAccountClientModuleTest_UpdateAccountInfo_002
420 * @tc.desc: UpdateAccountInfo failed with new account check failed by plugin.
421 * @tc.type: FUNC
422 * @tc.require:
423 */
424 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_UpdateAccountInfo_002,
425 TestSize.Level0)
426 {
427 DomainAccountInfo oldDomainInfo;
428 oldDomainInfo.accountName_ = "testAccount";
429 oldDomainInfo.domain_ = "test.example.com";
430 oldDomainInfo.accountId_ = "testAccountId";
431
432 DomainAccountInfo newDomainInfo;
433 newDomainInfo.accountName_ = "testNewAccountInvalid";
434 newDomainInfo.domain_ = "test.example.com";
435 newDomainInfo.accountId_ = "testAccountId2";
436
437 LoadPluginMethods();
438 auto callback = std::make_shared<MockPluginSoDomainCreateDomainAccountCallback>();
439 ASSERT_NE(callback, nullptr);
440 auto testCallback = std::make_shared<TestPluginSoCreateDomainAccountCallback>(callback);
441 EXPECT_CALL(*callback, OnResult(ERR_OK, "testAccount", "test.example.com", _)).Times(Exactly(1));
442 ASSERT_NE(testCallback, nullptr);
443 ErrCode errCode = OsAccountManager::CreateOsAccountForDomain(OsAccountType::NORMAL, oldDomainInfo, testCallback);
444 std::unique_lock<std::mutex> lock(testCallback->mutex);
445 testCallback->cv.wait_for(lock, std::chrono::seconds(WAIT_TIME),
__anon2636d2310302() 446 [lockCallback = testCallback]() { return lockCallback->isReady; });
447 EXPECT_EQ(errCode, ERR_OK);
448 int32_t oldUserId = -1;
449 EXPECT_EQ(OsAccountManager::GetOsAccountLocalIdFromDomain(oldDomainInfo, oldUserId), ERR_OK);
450
451 EXPECT_EQ(DomainAccountClient::GetInstance().UpdateAccountInfo(oldDomainInfo, newDomainInfo),
452 ERR_ACCOUNT_COMMON_INVALID_PARAMETER);
453 UnloadPluginMethods();
454 EXPECT_EQ(OsAccountManager::RemoveOsAccount(oldUserId), ERR_OK);
455 }
456
457 /**
458 * @tc.name: DomainAccountClientModuleTest_UpdateAccountInfo_003
459 * @tc.desc: UpdateAccountInfo failed with new account check failed by plugin.
460 * @tc.type: FUNC
461 * @tc.require:
462 */
463 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_UpdateAccountInfo_003,
464 TestSize.Level0)
465 {
466 DomainAccountInfo oldDomainInfo;
467 oldDomainInfo.accountName_ = "testAccount";
468 oldDomainInfo.domain_ = "test.example.com";
469 oldDomainInfo.accountId_ = "testAccountId";
470
471 DomainAccountInfo newDomainInfo;
472 newDomainInfo.accountName_ = "testNewAccountInvalid";
473 newDomainInfo.domain_ = "test.example1.com";
474 newDomainInfo.accountId_ = "testAccountId2";
475
476 LoadPluginMethods();
477 auto callback = std::make_shared<MockPluginSoDomainCreateDomainAccountCallback>();
478 ASSERT_NE(callback, nullptr);
479 auto testCallback = std::make_shared<TestPluginSoCreateDomainAccountCallback>(callback);
480 EXPECT_CALL(*callback, OnResult(ERR_OK, "testAccount", "test.example.com", _)).Times(Exactly(1));
481 ASSERT_NE(testCallback, nullptr);
482 ErrCode errCode = OsAccountManager::CreateOsAccountForDomain(OsAccountType::NORMAL, oldDomainInfo, testCallback);
483 std::unique_lock<std::mutex> lock(testCallback->mutex);
484 testCallback->cv.wait_for(lock, std::chrono::seconds(WAIT_TIME),
__anon2636d2310402() 485 [lockCallback = testCallback]() { return lockCallback->isReady; });
486 EXPECT_EQ(errCode, ERR_OK);
487 int32_t oldUserId = -1;
488 EXPECT_EQ(OsAccountManager::GetOsAccountLocalIdFromDomain(oldDomainInfo, oldUserId), ERR_OK);
489
490 // test new accountInfo's domain is invalid
491 EXPECT_EQ(DomainAccountClient::GetInstance().UpdateAccountInfo(oldDomainInfo, newDomainInfo),
492 ERR_ACCOUNT_COMMON_INVALID_PARAMETER);
493
494 // test new accountInfo's serverConfigId is invalid
495 oldDomainInfo.serverConfigId_ = "testId";
496 DomainAccountInfo newInfo2(oldDomainInfo);
497 newInfo2.serverConfigId_ = "invalidTestId";
498 EXPECT_EQ(DomainAccountClient::GetInstance().UpdateAccountInfo(oldDomainInfo, newInfo2),
499 ERR_ACCOUNT_COMMON_INVALID_PARAMETER);
500 UnloadPluginMethods();
501 EXPECT_EQ(OsAccountManager::RemoveOsAccount(oldUserId), ERR_OK);
502 }
503
504 /**
505 * @tc.name: DomainAccountClientModuleTest_IsAuthenticationExpired_001
506 * @tc.desc: IsAuthenticationExpired failed with no plugin so.
507 * @tc.type: FUNC
508 * @tc.require:
509 */
510 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_IsAuthenticationExpired_001,
511 TestSize.Level0)
512 {
513 AccessTokenID tokenID;
514 ASSERT_TRUE(AllocPermission({"ohos.permission.MANAGE_LOCAL_ACCOUNTS"}, tokenID));
515 setuid(EDM_UID);
516 DomainAccountInfo domainInfo;
517 domainInfo.accountName_ = "testaccount";
518 domainInfo.domain_ = "test.example.com";
519 domainInfo.accountId_ = "testid";
520
521 bool isExpired = false;
522 UnloadPluginMethods();
523 EXPECT_EQ(DomainAccountClient::GetInstance().IsAuthenticationExpired(domainInfo, isExpired),
524 ERR_DOMAIN_ACCOUNT_SERVICE_PLUGIN_NOT_EXIST);
525 EXPECT_TRUE(isExpired);
526 setuid(ROOT_UID);
527 ASSERT_TRUE(RecoveryPermission(tokenID));
528 }
529
530 /**
531 * @tc.name: DomainAccountClientModuleTest_IsAuthenticationExpired_002
532 * @tc.desc: IsAuthenticationExpired failed with domain account not exist.
533 * @tc.type: FUNC
534 * @tc.require:
535 */
536 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_IsAuthenticationExpired_002,
537 TestSize.Level0)
538 {
539 DomainAccountInfo domainInfo;
540 domainInfo.accountName_ = "testaccount";
541 domainInfo.domain_ = "test.example.com";
542 domainInfo.accountId_ = "testid";
543
544 bool isExpired = false;
545 LoadPluginMethods();
546 EXPECT_EQ(DomainAccountClient::GetInstance().IsAuthenticationExpired(domainInfo, isExpired),
547 ERR_DOMAIN_ACCOUNT_SERVICE_NOT_DOMAIN_ACCOUNT);
548 EXPECT_TRUE(isExpired);
549 UnloadPluginMethods();
550 }
551
552 /**
553 * @tc.name: DomainAccountClientModuleTest_IsAuthenticationExpired_003
554 * @tc.desc: IsAuthenticationExpired failed with domain account not authed.
555 * @tc.type: FUNC
556 * @tc.require:
557 */
558 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_IsAuthenticationExpired_003,
559 TestSize.Level0)
560 {
561 DomainAccountInfo domainInfo;
562 domainInfo.accountName_ = "testaccount";
563 domainInfo.domain_ = "test.example.com";
564 domainInfo.accountId_ = "testid";
565
566 LoadPluginMethods();
567 auto callback = std::make_shared<MockPluginSoDomainCreateDomainAccountCallback>();
568 ASSERT_NE(callback, nullptr);
569 auto testCallback = std::make_shared<TestPluginSoCreateDomainAccountCallback>(callback);
570 EXPECT_CALL(*callback, OnResult(ERR_OK, "testaccount", "test.example.com", _)).Times(Exactly(1));
571 ASSERT_NE(testCallback, nullptr);
572 ErrCode errCode = OsAccountManager::CreateOsAccountForDomain(OsAccountType::NORMAL, domainInfo, testCallback);
573 std::unique_lock<std::mutex> lock(testCallback->mutex);
574 testCallback->cv.wait_for(lock, std::chrono::seconds(WAIT_TIME),
__anon2636d2310502() 575 [lockCallback = testCallback]() { return lockCallback->isReady; });
576 EXPECT_EQ(errCode, ERR_OK);
577
578 bool isExpired = false;
579 EXPECT_EQ(DomainAccountClient::GetInstance().IsAuthenticationExpired(domainInfo, isExpired), ERR_OK);
580 EXPECT_TRUE(isExpired);
581 UnloadPluginMethods();
582
583 int32_t userId = -1;
584 EXPECT_EQ(OsAccountManager::GetOsAccountLocalIdFromDomain(domainInfo, userId), ERR_OK);
585 EXPECT_EQ(OsAccountManager::RemoveOsAccount(userId), ERR_OK);
586 }
587
588 #ifdef ENABLE_MULTIPLE_OS_ACCOUNTS
589 /**
590 * @tc.name: DomainAccountClientModuleTest_IsAuthenticationExpired_004
591 * @tc.desc: IsAuthenticationExpired success expired time not set.
592 * @tc.type: FUNC
593 * @tc.require:
594 */
595 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_IsAuthenticationExpired_004,
596 TestSize.Level0)
597 {
598 AccessTokenID tokenID;
599 ASSERT_TRUE(AllocPermission({"ohos.permission.MANAGE_LOCAL_ACCOUNTS"}, tokenID));
600 setuid(EDM_UID);
601 LoadPluginMethods();
602 DomainAccountPolicy policy;
603 policy.authenicationValidityPeriod = -1;
604 EXPECT_EQ(DomainAccountClient::GetInstance().SetAccountPolicy(policy), ERR_OK);
605 setuid(ROOT_UID);
606 ASSERT_TRUE(RecoveryPermission(tokenID));
607
608 DomainAccountInfo domainInfo;
609 domainInfo.accountName_ = "testaccount";
610 domainInfo.domain_ = "test.example.com";
611 domainInfo.accountId_ = "testid";
612 auto callback = std::make_shared<MockPluginSoDomainCreateDomainAccountCallback>();
613 ASSERT_NE(callback, nullptr);
614 auto testCallback = std::make_shared<TestPluginSoCreateDomainAccountCallback>(callback);
615 EXPECT_CALL(*callback, OnResult(ERR_OK, "testaccount", "test.example.com", _)).Times(Exactly(1));
616 ASSERT_NE(testCallback, nullptr);
617 ErrCode errCode = OsAccountManager::CreateOsAccountForDomain(OsAccountType::NORMAL, domainInfo, testCallback);
618 std::unique_lock<std::mutex> lock(testCallback->mutex);
619 testCallback->cv.wait_for(lock, std::chrono::seconds(WAIT_TIME),
__anon2636d2310602() 620 [lockCallback = testCallback]() { return lockCallback->isReady; });
621 ASSERT_EQ(errCode, ERR_OK);
622
623 auto authCallback = std::make_shared<MockPluginSoDomainAuthCallback>();
624 ASSERT_NE(authCallback, nullptr);
625 EXPECT_CALL(*authCallback, OnResult(ERR_OK, _)).Times(Exactly(1));
626 auto testAuthCallback = std::make_shared<TestPluginSoDomainAuthCallback>(authCallback);
627 ASSERT_NE(testAuthCallback, nullptr);
628 EXPECT_EQ(DomainAccountClient::GetInstance().Auth(domainInfo, DEFAULT_TOKEN, testAuthCallback), ERR_OK);
629
630 bool isExpired = true;
631 EXPECT_EQ(DomainAccountClient::GetInstance().IsAuthenticationExpired(domainInfo, isExpired), ERR_OK);
632 EXPECT_FALSE(isExpired);
633
634 sleep(2);
635
636 isExpired = true;
637 EXPECT_EQ(DomainAccountClient::GetInstance().IsAuthenticationExpired(domainInfo, isExpired), ERR_OK);
638 EXPECT_FALSE(isExpired);
639
640 UnloadPluginMethods();
641 int32_t userId = -1;
642 EXPECT_EQ(OsAccountManager::GetOsAccountLocalIdFromDomain(domainInfo, userId), ERR_OK);
643 EXPECT_EQ(OsAccountManager::RemoveOsAccount(userId), ERR_OK);
644 }
645
646 /**
647 * @tc.name: DomainAccountClientModuleTest_IsAuthenticationExpired_005
648 * @tc.desc: IsAuthenticationExpired success.
649 * @tc.type: FUNC
650 * @tc.require:
651 */
652 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_IsAuthenticationExpired_005,
653 TestSize.Level0)
654 {
655 AccessTokenID tokenID;
656 ASSERT_TRUE(AllocPermission({"ohos.permission.MANAGE_LOCAL_ACCOUNTS"}, tokenID));
657 setuid(EDM_UID);
658 LoadPluginMethods();
659 DomainAccountPolicy policy;
660 policy.authenicationValidityPeriod = 1;
661 EXPECT_EQ(DomainAccountClient::GetInstance().SetAccountPolicy(policy), ERR_OK);
662 setuid(ROOT_UID);
663 ASSERT_TRUE(RecoveryPermission(tokenID));
664
665 DomainAccountInfo domainInfo;
666 domainInfo.accountName_ = "testaccount";
667 domainInfo.domain_ = "test.example.com";
668 domainInfo.accountId_ = "testid";
669 auto callback = std::make_shared<MockPluginSoDomainCreateDomainAccountCallback>();
670 ASSERT_NE(callback, nullptr);
671 auto testCallback = std::make_shared<TestPluginSoCreateDomainAccountCallback>(callback);
672 EXPECT_CALL(*callback, OnResult(ERR_OK, "testaccount", "test.example.com", _)).Times(Exactly(1));
673 ASSERT_NE(testCallback, nullptr);
674 ErrCode errCode = OsAccountManager::CreateOsAccountForDomain(OsAccountType::NORMAL, domainInfo, testCallback);
675 std::unique_lock<std::mutex> lock(testCallback->mutex);
676 testCallback->cv.wait_for(lock, std::chrono::seconds(WAIT_TIME),
__anon2636d2310702() 677 [lockCallback = testCallback]() { return lockCallback->isReady; });
678 ASSERT_EQ(errCode, ERR_OK);
679
680 auto authCallback = std::make_shared<MockPluginSoDomainAuthCallback>();
681 ASSERT_NE(authCallback, nullptr);
682 EXPECT_CALL(*authCallback, OnResult(ERR_OK, _)).Times(Exactly(1));
683 auto testAuthCallback = std::make_shared<TestPluginSoDomainAuthCallback>(authCallback);
684 ASSERT_NE(testAuthCallback, nullptr);
685 EXPECT_EQ(DomainAccountClient::GetInstance().Auth(domainInfo, DEFAULT_TOKEN, testAuthCallback), ERR_OK);
686
687 bool isExpired = false;
688 EXPECT_EQ(DomainAccountClient::GetInstance().IsAuthenticationExpired(domainInfo, isExpired), ERR_OK);
689 EXPECT_FALSE(isExpired);
690
691 sleep(2);
692
693 isExpired = false;
694 EXPECT_EQ(DomainAccountClient::GetInstance().IsAuthenticationExpired(domainInfo, isExpired), ERR_OK);
695 EXPECT_TRUE(isExpired);
696
697 UnloadPluginMethods();
698 int32_t userId = -1;
699 EXPECT_EQ(OsAccountManager::GetOsAccountLocalIdFromDomain(domainInfo, userId), ERR_OK);
700 EXPECT_EQ(OsAccountManager::RemoveOsAccount(userId), ERR_OK);
701 }
702
703 /**
704 * @tc.name: DomainAccountClientModuleTest_IsAuthenticationExpired_005
705 * @tc.desc: IsAuthenticationExpired success.
706 * @tc.type: FUNC
707 * @tc.require:
708 */
709 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_IsAuthenticationExpired_007,
710 TestSize.Level0)
711 {
712 DomainAccountInfo domainInfo;
713 domainInfo.accountName_ = "testaccount";
714 domainInfo.domain_ = "test.example.com";
715 domainInfo.accountId_ = "testid";
716
717 CreateOsAccountForDomainOptions options;
718 options.hasShortName = true;
719
720 OsAccountInfo osAccountInfo;
721 ErrCode code = OsAccountManager::CreateOsAccount("domain007", "shortExist", OsAccountType::NORMAL, osAccountInfo);
722 EXPECT_EQ(code, ERR_OK);
723
724 auto testCallback1 = nullptr;
725 options.shortName = "TEST1*";
726 EXPECT_NE(OsAccountManager::CreateOsAccountForDomain(OsAccountType::NORMAL, domainInfo,
727 testCallback1, options), ERR_OK);
728
729 options.shortName = "..";
730 EXPECT_NE(OsAccountManager::CreateOsAccountForDomain(OsAccountType::NORMAL, domainInfo,
731 testCallback1, options), ERR_OK);
732
733 options.shortName = "";
734 EXPECT_NE(OsAccountManager::CreateOsAccountForDomain(OsAccountType::NORMAL, domainInfo,
735 testCallback1, options), ERR_OK);
736
737 options.shortName = STRING_SHORT_NAME_OUT_OF_RANGE;
738 EXPECT_NE(OsAccountManager::CreateOsAccountForDomain(OsAccountType::NORMAL, domainInfo,
739 testCallback1, options), ERR_OK);
740
741 options.shortName = "shortExist";
742 EXPECT_NE(OsAccountManager::CreateOsAccountForDomain(OsAccountType::NORMAL, domainInfo,
743 testCallback1, options), ERR_OK);
744
745 LoadPluginMethods();
746 auto callback = std::make_shared<MockPluginSoDomainCreateDomainAccountCallback>();
747 ASSERT_NE(callback, nullptr);
748 auto testCallback = std::make_shared<TestPluginSoCreateDomainAccountCallback>(callback);
749 EXPECT_CALL(*callback, OnResult(ERR_OK, "testaccount", "test.example.com", _)).Times(Exactly(1));
750 ASSERT_NE(testCallback, nullptr);
751 options.shortName = "shortNameTest";
752 options.hasShortName = false;
753 ErrCode errCode = OsAccountManager::CreateOsAccountForDomain(OsAccountType::NORMAL, domainInfo,
754 testCallback, options);
755 std::unique_lock<std::mutex> lock(testCallback->mutex);
756 testCallback->cv.wait_for(lock, std::chrono::seconds(WAIT_TIME),
__anon2636d2310802() 757 [lockCallback = testCallback]() { return lockCallback->isReady; });
758 EXPECT_EQ(errCode, ERR_OK);
759 int32_t userId = -1;
760 EXPECT_EQ(OsAccountManager::GetOsAccountLocalIdFromDomain(domainInfo, userId), ERR_OK);
761 EXPECT_EQ(OsAccountManager::RemoveOsAccount(userId), ERR_OK);
762 EXPECT_EQ(OsAccountManager::RemoveOsAccount(osAccountInfo.GetLocalId()), ERR_OK);
763 }
764 #endif // ENABLE_MULTIPLE_OS_ACCOUNTS
765
766 /**
767 * @tc.name: DomainAccountClientModuleTest_IsAuthenticationExpired_006
768 * @tc.desc: IsAuthenticationExpired failed without permission.
769 * @tc.type: FUNC
770 * @tc.require:
771 */
772 HWTEST_F(DomainAccountClientMockPluginSoModuleTest, DomainAccountClientModuleTest_IsAuthenticationExpired_006,
773 TestSize.Level0)
774 {
775 AccessTokenID tokenID;
776 ASSERT_TRUE(AllocPermission({}, tokenID));
777 setuid(EDM_UID);
778 LoadPluginMethods();
779 DomainAccountInfo domainInfo;
780 domainInfo.accountName_ = "testaccount";
781 domainInfo.domain_ = "test.example.com";
782 domainInfo.accountId_ = "testid";
783
784 bool isExpired = false;
785 EXPECT_EQ(DomainAccountClient::GetInstance().IsAuthenticationExpired(domainInfo, isExpired),
786 ERR_ACCOUNT_COMMON_PERMISSION_DENIED);
787 EXPECT_TRUE(isExpired);
788 setuid(ROOT_UID);
789 ASSERT_TRUE(RecoveryPermission(tokenID));
790 ASSERT_TRUE(AllocPermission({"ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS"}, tokenID));
791 setuid(EDM_UID);
792 EXPECT_EQ(DomainAccountClient::GetInstance().IsAuthenticationExpired(domainInfo, isExpired),
793 ERR_DOMAIN_ACCOUNT_SERVICE_NOT_DOMAIN_ACCOUNT);
794 EXPECT_TRUE(isExpired);
795 setuid(ROOT_UID);
796 UnloadPluginMethods();
797 ASSERT_TRUE(RecoveryPermission(tokenID));
798 }
799