diff options
Diffstat (limited to 'browser/components/enterprisepolicies/tests/xpcshell')
23 files changed, 2956 insertions, 0 deletions
diff --git a/browser/components/enterprisepolicies/tests/xpcshell/config_popups_cookies_addons_flash.json b/browser/components/enterprisepolicies/tests/xpcshell/config_popups_cookies_addons_flash.json new file mode 100644 index 0000000000..785c0dcc03 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/config_popups_cookies_addons_flash.json @@ -0,0 +1,41 @@ +{ + "policies": { + "PopupBlocking": { + "Allow": [ + "https://www.allow.com", + "https://www.pre-existing-deny.com" + ] + }, + + "Cookies": { + "Allow": [ + "https://www.allow.com", + "https://www.pre-existing-deny.com" + ], + + "Block": [ + "https://www.deny.com", + "https://www.pre-existing-allow.com" + ] + }, + + "InstallAddonsPermission": { + "Allow": [ + "https://www.allow.com", + "https://www.pre-existing-deny.com" + ] + }, + + "FlashPlugin": { + "Allow": [ + "https://www.allow.com", + "https://www.pre-existing-deny.com" + ], + + "Block": [ + "https://www.deny.com", + "https://www.pre-existing-allow.com" + ] + } + } +} diff --git a/browser/components/enterprisepolicies/tests/xpcshell/head.js b/browser/components/enterprisepolicies/tests/xpcshell/head.js new file mode 100644 index 0000000000..97a6b952b4 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/head.js @@ -0,0 +1,109 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm"); +const { OS } = ChromeUtils.import("resource://gre/modules/osfile.jsm"); +const { Preferences } = ChromeUtils.import( + "resource://gre/modules/Preferences.jsm" +); +const { updateAppInfo, getAppInfo } = ChromeUtils.import( + "resource://testing-common/AppInfo.jsm" +); +const { FileTestUtils } = ChromeUtils.import( + "resource://testing-common/FileTestUtils.jsm" +); +const { PermissionTestUtils } = ChromeUtils.import( + "resource://testing-common/PermissionTestUtils.jsm" +); +const { EnterprisePolicyTesting } = ChromeUtils.import( + "resource://testing-common/EnterprisePolicyTesting.jsm" +); + +updateAppInfo({ + name: "XPCShell", + ID: "xpcshell@tests.mozilla.org", + version: "48", + platformVersion: "48", +}); + +// This initializes the policy engine for xpcshell tests +let policies = Cc["@mozilla.org/enterprisepolicies;1"].getService( + Ci.nsIObserver +); +policies.observe(null, "policies-startup", null); + +async function setupPolicyEngineWithJson(json, customSchema) { + if (typeof json != "object") { + let filePath = do_get_file(json ? json : "non-existing-file.json").path; + return EnterprisePolicyTesting.setupPolicyEngineWithJson( + filePath, + customSchema + ); + } + return EnterprisePolicyTesting.setupPolicyEngineWithJson(json, customSchema); +} + +function checkLockedPref(prefName, prefValue) { + equal( + Preferences.locked(prefName), + true, + `Pref ${prefName} is correctly locked` + ); + equal( + Preferences.get(prefName), + prefValue, + `Pref ${prefName} has the correct value` + ); +} + +function checkUnlockedPref(prefName, prefValue) { + equal( + Preferences.locked(prefName), + false, + `Pref ${prefName} is correctly unlocked` + ); + equal( + Preferences.get(prefName), + prefValue, + `Pref ${prefName} has the correct value` + ); +} + +function checkUserPref(prefName, prefValue) { + equal( + Preferences.get(prefName), + prefValue, + `Pref ${prefName} has the correct value` + ); +} + +function checkClearPref(prefName, prefValue) { + equal( + Services.prefs.prefHasUserValue(prefName), + false, + `Pref ${prefName} has no user value` + ); +} + +function checkDefaultPref(prefName, prefValue) { + let defaultPrefBranch = Services.prefs.getDefaultBranch(""); + let prefType = defaultPrefBranch.getPrefType(prefName); + notEqual( + prefType, + Services.prefs.PREF_INVALID, + `Pref ${prefName} is set on the default branch` + ); +} + +function checkUnsetPref(prefName) { + let defaultPrefBranch = Services.prefs.getDefaultBranch(""); + let prefType = defaultPrefBranch.getPrefType(prefName); + equal( + prefType, + Services.prefs.PREF_INVALID, + `Pref ${prefName} is not set on the default branch` + ); +} diff --git a/browser/components/enterprisepolicies/tests/xpcshell/policytest_v0.1.xpi b/browser/components/enterprisepolicies/tests/xpcshell/policytest_v0.1.xpi Binary files differnew file mode 100644 index 0000000000..ee2a6289ee --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/policytest_v0.1.xpi diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_3rdparty.js b/browser/components/enterprisepolicies/tests/xpcshell/test_3rdparty.js new file mode 100644 index 0000000000..0f53cc80c9 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_3rdparty.js @@ -0,0 +1,22 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ +"use strict"; + +add_task(async function setup() { + await setupPolicyEngineWithJson({ + policies: { + "3rdparty": { + Extensions: { + "3rdparty-policy@mozilla.com": { + string: "value", + }, + }, + }, + }, + }); + + let extensionPolicy = Services.policies.getExtensionPolicy( + "3rdparty-policy@mozilla.com" + ); + deepEqual(extensionPolicy, { string: "value" }); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_addon_update.js b/browser/components/enterprisepolicies/tests/xpcshell/test_addon_update.js new file mode 100644 index 0000000000..30947af740 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_addon_update.js @@ -0,0 +1,156 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const { AddonTestUtils } = ChromeUtils.import( + "resource://testing-common/AddonTestUtils.jsm" +); +const { AddonManager } = ChromeUtils.import( + "resource://gre/modules/AddonManager.jsm" +); +const { ExtensionTestUtils } = ChromeUtils.import( + "resource://testing-common/ExtensionXPCShellUtils.jsm" +); + +AddonTestUtils.init(this); +AddonTestUtils.overrideCertDB(); +AddonTestUtils.appInfo = getAppInfo(); +ExtensionTestUtils.init(this); + +const server = AddonTestUtils.createHttpServer({ hosts: ["example.com"] }); +const BASE_URL = `http://example.com/data`; + +let TEST_NAME = "updatable.xpi"; + +/* Test that when a local file addon is updated, + the new version gets installed. */ +add_task(async function test_local_addon_update() { + await AddonTestUtils.promiseStartupManager(); + + let tmpDir = Services.dirsvc.get("TmpD", Ci.nsIFile); + let id = "updatable1@test"; + let xpi1 = AddonTestUtils.createTempWebExtensionFile({ + manifest: { + version: "1.0", + applications: { + gecko: { id }, + }, + }, + }); + xpi1.copyTo(tmpDir, TEST_NAME); + let extension = ExtensionTestUtils.expectExtension(id); + await Promise.all([ + extension.awaitStartup(), + setupPolicyEngineWithJson({ + policies: { + ExtensionSettings: { + "updatable@test": { + installation_mode: "force_installed", + install_url: Services.io.newFileURI(tmpDir).spec + "/" + TEST_NAME, + }, + }, + }, + }), + ]); + let addon = await AddonManager.getAddonByID(id); + notEqual(addon, null, "Addon should not be null"); + equal(addon.version, "1.0", "Addon 1.0 installed"); + + let xpi2 = AddonTestUtils.createTempWebExtensionFile({ + manifest: { + version: "2.0", + applications: { + gecko: { id }, + }, + }, + }); + // overwrite the test file + xpi2.copyTo(tmpDir, TEST_NAME); + + extension = ExtensionTestUtils.expectExtension(id); + await Promise.all([ + extension.awaitStartup(), + setupPolicyEngineWithJson({ + policies: { + ExtensionSettings: { + "updatable@test": { + installation_mode: "force_installed", + install_url: Services.io.newFileURI(tmpDir).spec + "/" + TEST_NAME, + }, + }, + }, + }), + ]); + + addon = await AddonManager.getAddonByID(id); + equal(addon.version, "2.0", "Addon 2.0 installed"); + + let xpifile = tmpDir.clone(); + xpifile.append(TEST_NAME); + xpifile.remove(false); +}); + +/* Test that when the url changes, + the new version gets installed. */ +add_task(async function test_newurl_addon_update() { + let id = "updatable2@test"; + + let xpi1 = AddonTestUtils.createTempWebExtensionFile({ + manifest: { + version: "1.0", + applications: { + gecko: { id }, + }, + }, + }); + server.registerFile("/data/policy_test1.xpi", xpi1); + + let xpi2 = AddonTestUtils.createTempWebExtensionFile({ + manifest: { + version: "2.0", + applications: { + gecko: { id }, + }, + }, + }); + server.registerFile("/data/policy_test2.xpi", xpi2); + + let extension = ExtensionTestUtils.expectExtension(id); + await Promise.all([ + extension.awaitStartup(), + setupPolicyEngineWithJson({ + policies: { + ExtensionSettings: { + "updatable2@test": { + installation_mode: "force_installed", + install_url: `${BASE_URL}/policy_test1.xpi`, + }, + }, + }, + }), + ]); + let addon = await AddonManager.getAddonByID(id); + notEqual(addon, null, "Addon should not be null"); + equal(addon.version, "1.0", "Addon 1.0 installed"); + + extension = ExtensionTestUtils.expectExtension(id); + await Promise.all([ + extension.awaitStartup(), + setupPolicyEngineWithJson({ + policies: { + ExtensionSettings: { + "updatable2@test": { + installation_mode: "force_installed", + install_url: `${BASE_URL}/policy_test2.xpi`, + }, + }, + }, + }), + ]); + + addon = await AddonManager.getAddonByID(id); + equal(addon.version, "2.0", "Addon 2.0 installed"); + + await AddonTestUtils.promiseShutdownManager(); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_appupdateurl.js b/browser/components/enterprisepolicies/tests/xpcshell/test_appupdateurl.js new file mode 100644 index 0000000000..2406bb11b6 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_appupdateurl.js @@ -0,0 +1,27 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +let { Checker } = ChromeUtils.import( + "resource://gre/modules/UpdateService.jsm" +); + +add_task(async function test_app_update_URL() { + await setupPolicyEngineWithJson({ + policies: { + AppUpdateURL: "https://www.example.com/", + }, + }); + + equal( + Services.policies.status, + Ci.nsIEnterprisePolicies.ACTIVE, + "Engine is active" + ); + + let checker = new Checker(); + let expected = await checker.getUpdateURL(); + + equal("https://www.example.com/", expected, "Correct app update URL"); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_bug1658259.js b/browser/components/enterprisepolicies/tests/xpcshell/test_bug1658259.js new file mode 100644 index 0000000000..1449e664c2 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_bug1658259.js @@ -0,0 +1,44 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +add_task(async function test_bug1658259_1() { + await setupPolicyEngineWithJson({ + policies: { + OfferToSaveLogins: false, + OfferToSaveLoginsDefault: true, + }, + }); + checkLockedPref("signon.rememberSignons", false); +}); + +add_task(async function test_bug1658259_2() { + await setupPolicyEngineWithJson({ + policies: { + OfferToSaveLogins: true, + OfferToSaveLoginsDefault: false, + }, + }); + checkLockedPref("signon.rememberSignons", true); +}); + +add_task(async function test_bug1658259_3() { + await setupPolicyEngineWithJson({ + policies: { + OfferToSaveLoginsDefault: true, + OfferToSaveLogins: false, + }, + }); + checkLockedPref("signon.rememberSignons", false); +}); + +add_task(async function test_bug1658259_4() { + await setupPolicyEngineWithJson({ + policies: { + OfferToSaveLoginsDefault: false, + OfferToSaveLogins: true, + }, + }); + checkLockedPref("signon.rememberSignons", true); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_cleanup.js b/browser/components/enterprisepolicies/tests/xpcshell/test_cleanup.js new file mode 100644 index 0000000000..fa1342f04e --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_cleanup.js @@ -0,0 +1,77 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +async function checkMessages(expectedResult) { + let onBeforeAddons = false; + let onProfileAfterChange = false; + let onBeforeUIStartup = false; + let onAllWindowsRestored = false; + + let errorListener = { + observe(subject) { + let message = subject.wrappedJSObject.arguments[0]; + if (message.includes("_cleanup from onBeforeAddons")) { + onBeforeAddons = true; + } else if (message.includes("_cleanup from onProfileAfterChange")) { + onProfileAfterChange = true; + } else if (message.includes("_cleanup from onBeforeUIStartup")) { + onBeforeUIStartup = true; + } else if (message.includes("_cleanup from onAllWindowsRestored")) { + onAllWindowsRestored = true; + } + }, + }; + + Services.console.registerListener(errorListener); + Services.obs.addObserver(errorListener, "console-api-log-event"); + + await setupPolicyEngineWithJson({ + policies: {}, + }); + + equal( + onBeforeAddons, + expectedResult, + "onBeforeAddons should be " + expectedResult + ); + equal( + onProfileAfterChange, + expectedResult, + "onProfileAfterChange should be" + expectedResult + ); + equal( + onBeforeUIStartup, + expectedResult, + "onBeforeUIStartup should be" + expectedResult + ); + equal( + onAllWindowsRestored, + expectedResult, + "onAllWindowsRestored should be" + expectedResult + ); +} + +/* If there is no existing policy, cleanup should not run. */ +add_task(async function test_cleanup_no_policy() { + await checkMessages(false); +}); + +add_task(async function setup_policy() { + await setupPolicyEngineWithJson({ + policies: { + BlockAboutConfig: true, + }, + }); +}); + +/* Since there was a policy, cleanup should run. */ +add_task(async function test_cleanup_with_policy() { + await checkMessages(true); +}); + +/* Since cleanup was already done, cleanup should not run again. */ +add_task(async function test_cleanup_after_policy() { + await checkMessages(false); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_clear_blocked_cookies.js b/browser/components/enterprisepolicies/tests/xpcshell/test_clear_blocked_cookies.js new file mode 100644 index 0000000000..571ae95a1b --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_clear_blocked_cookies.js @@ -0,0 +1,118 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ +"use strict"; + +const HOSTNAME_DOMAIN = "browser_policy_clear_blocked_cookies.com"; +const ORIGIN_DOMAIN = "browser_policy_clear_blocked_cookies.org"; + +add_task(async function setup() { + const expiry = Date.now() + 24 * 60 * 60; + Services.cookies.add( + HOSTNAME_DOMAIN, + "/", + "secure", + "true", + true, + false, + false, + expiry, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS + ); + Services.cookies.add( + HOSTNAME_DOMAIN, + "/", + "insecure", + "true", + false, + false, + false, + expiry, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP + ); + Services.cookies.add( + ORIGIN_DOMAIN, + "/", + "secure", + "true", + true, + false, + false, + expiry, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS + ); + Services.cookies.add( + ORIGIN_DOMAIN, + "/", + "insecure", + "true", + false, + false, + false, + expiry, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP + ); + Services.cookies.add( + "example.net", + "/", + "secure", + "true", + true, + false, + false, + expiry, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS + ); + await setupPolicyEngineWithJson({ + policies: { + Cookies: { + Block: [`http://${HOSTNAME_DOMAIN}`, `https://${ORIGIN_DOMAIN}:8080`], + }, + }, + }); +}); + +function retrieve_all_cookies(host) { + const values = []; + for (let cookie of Services.cookies.getCookiesFromHost(host, {})) { + values.push({ + host: cookie.host, + name: cookie.name, + path: cookie.path, + }); + } + return values; +} + +add_task(async function test_cookies_for_blocked_sites_cleared() { + const cookies = { + hostname: retrieve_all_cookies(HOSTNAME_DOMAIN), + origin: retrieve_all_cookies(ORIGIN_DOMAIN), + keep: retrieve_all_cookies("example.net"), + }; + const expected = { + hostname: [], + origin: [], + keep: [{ host: "example.net", name: "secure", path: "/" }], + }; + equal( + JSON.stringify(cookies), + JSON.stringify(expected), + "All stored cookies for blocked origins should be cleared" + ); +}); + +add_task(function teardown() { + for (let host of [HOSTNAME_DOMAIN, ORIGIN_DOMAIN, "example.net"]) { + Services.cookies.removeCookiesWithOriginAttributes("{}", host); + } +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_defaultbrowsercheck.js b/browser/components/enterprisepolicies/tests/xpcshell/test_defaultbrowsercheck.js new file mode 100644 index 0000000000..6daffa061a --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_defaultbrowsercheck.js @@ -0,0 +1,52 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; +const { ShellService } = ChromeUtils.import( + "resource:///modules/ShellService.jsm" +); + +add_task(async function test_default_browser_check() { + ShellService._checkedThisSession = false; + // On a normal profile, the default is true. However, this gets set to false on the + // testing profile. Let's start with true for a sanity check. + + ShellService.shouldCheckDefaultBrowser = true; + equal(ShellService.shouldCheckDefaultBrowser, true, "Sanity check"); + + await setupPolicyEngineWithJson({ + policies: { + DontCheckDefaultBrowser: true, + }, + }); + + equal( + ShellService.shouldCheckDefaultBrowser, + false, + "Policy changed it to not check" + ); + + // Try to change it to true and check that it doesn't take effect + ShellService.shouldCheckDefaultBrowser = true; + + equal(ShellService.shouldCheckDefaultBrowser, false, "Policy is enforced"); +}); + +add_task(async function test_default_browser_check() { + await setupPolicyEngineWithJson({ + policies: { + DontCheckDefaultBrowser: false, + }, + }); + + equal( + ShellService.shouldCheckDefaultBrowser, + true, + "Policy changed it to check" + ); + + // Try to change it to false and check that it doesn't take effect + ShellService.shouldCheckDefaultBrowser = false; + + equal(ShellService.shouldCheckDefaultBrowser, true, "Policy is enforced"); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_empty_policy.js b/browser/components/enterprisepolicies/tests/xpcshell/test_empty_policy.js new file mode 100644 index 0000000000..5047eeb4e0 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_empty_policy.js @@ -0,0 +1,32 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +add_task(async function test_empty_policy() { + await setupPolicyEngineWithJson({ + policies: { + Certificates: {}, + }, + }); + + equal( + Services.policies.status, + Ci.nsIEnterprisePolicies.INACTIVE, + "Engine is not active" + ); +}); + +add_task(async function test_empty_array() { + await setupPolicyEngineWithJson({ + policies: { + RequestedLocales: [], + }, + }); + + equal( + Services.policies.status, + Ci.nsIEnterprisePolicies.ACTIVE, + "Engine is active" + ); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_extensions.js b/browser/components/enterprisepolicies/tests/xpcshell/test_extensions.js new file mode 100644 index 0000000000..5667f67f11 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_extensions.js @@ -0,0 +1,83 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ +"use strict"; + +const { AddonTestUtils } = ChromeUtils.import( + "resource://testing-common/AddonTestUtils.jsm" +); +const { AddonManager } = ChromeUtils.import( + "resource://gre/modules/AddonManager.jsm" +); + +AddonTestUtils.init(this); +AddonTestUtils.overrideCertDB(); +AddonTestUtils.appInfo = getAppInfo(); + +const server = AddonTestUtils.createHttpServer({ hosts: ["example.com"] }); +const BASE_URL = `http://example.com/data`; + +let addonID = "policytest2@mozilla.com"; + +add_task(async function setup() { + await AddonTestUtils.promiseStartupManager(); + + let webExtensionFile = AddonTestUtils.createTempWebExtensionFile({ + manifest: { + applications: { + gecko: { + id: addonID, + }, + }, + }, + }); + + server.registerFile("/data/policy_test.xpi", webExtensionFile); +}); + +add_task(async function test_addon_forceinstalled_remote() { + await Promise.all([ + AddonTestUtils.promiseInstallEvent("onInstallEnded"), + setupPolicyEngineWithJson({ + policies: { + Extensions: { + Install: [BASE_URL + "/policy_test.xpi"], + Locked: [addonID], + }, + }, + }), + ]); + let addon = await AddonManager.getAddonByID(addonID); + notEqual(addon, null, "Addon should not be null"); + equal(addon.appDisabled, false, "Addon should not be disabled"); + equal( + addon.permissions & AddonManager.PERM_CAN_UNINSTALL, + 0, + "Addon should not be able to be uninstalled." + ); + equal( + addon.permissions & AddonManager.PERM_CAN_DISABLE, + 0, + "Addon should not be able to be disabled." + ); + await addon.uninstall(); +}); + +add_task(async function test_addon_forceinstalled_local() { + let addonID2 = "policytest@mozilla.com"; + + let file = Services.dirsvc.get("CurWorkD", Ci.nsIFile); + file.append("policytest_v0.1.xpi"); + await Promise.all([ + AddonTestUtils.promiseInstallEvent("onInstallEnded"), + setupPolicyEngineWithJson({ + policies: { + Extensions: { + Install: [file.path], + }, + }, + }), + ]); + let addon = await AddonManager.getAddonByID(addonID2); + notEqual(addon, null, "Addon should not be null"); + await addon.uninstall(); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js b/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js new file mode 100644 index 0000000000..f6c1bc90da --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js @@ -0,0 +1,255 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ +"use strict"; + +const { AddonTestUtils } = ChromeUtils.import( + "resource://testing-common/AddonTestUtils.jsm" +); +const { AddonManager } = ChromeUtils.import( + "resource://gre/modules/AddonManager.jsm" +); + +AddonTestUtils.init(this); +AddonTestUtils.overrideCertDB(); +AddonTestUtils.appInfo = getAppInfo(); + +const server = AddonTestUtils.createHttpServer({ hosts: ["example.com"] }); +const BASE_URL = `http://example.com/data`; + +let addonID = "policytest2@mozilla.com"; +let themeID = "policytheme@mozilla.com"; + +add_task(async function setup() { + await AddonTestUtils.promiseStartupManager(); + + let webExtensionFile = AddonTestUtils.createTempWebExtensionFile({ + manifest: { + applications: { + gecko: { + id: addonID, + }, + }, + }, + }); + + server.registerFile("/data/policy_test.xpi", webExtensionFile); +}); + +add_task(async function test_extensionsettings() { + await setupPolicyEngineWithJson({ + policies: { + ExtensionSettings: { + "extension1@mozilla.com": { + blocked_install_message: "Extension1 error message.", + }, + "*": { + blocked_install_message: "Generic error message.", + }, + }, + }, + }); + + let extensionSettings = Services.policies.getExtensionSettings( + "extension1@mozilla.com" + ); + equal( + extensionSettings.blocked_install_message, + "Extension1 error message.", + "Should have extension specific message." + ); + extensionSettings = Services.policies.getExtensionSettings( + "extension2@mozilla.com" + ); + equal( + extensionSettings.blocked_install_message, + "Generic error message.", + "Should have generic message." + ); +}); + +add_task(async function test_addon_blocked() { + await setupPolicyEngineWithJson({ + policies: { + ExtensionSettings: { + "policytest2@mozilla.com": { + installation_mode: "blocked", + }, + }, + }, + }); + + let install = await AddonManager.getInstallForURL( + BASE_URL + "/policy_test.xpi" + ); + await install.install(); + notEqual(install.addon, null, "Addon should not be null"); + equal(install.addon.appDisabled, true, "Addon should be disabled"); + await install.addon.uninstall(); +}); + +add_task(async function test_addon_allowed() { + await setupPolicyEngineWithJson({ + policies: { + ExtensionSettings: { + "policytest2@mozilla.com": { + installation_mode: "allowed", + }, + "*": { + installation_mode: "blocked", + }, + }, + }, + }); + + let install = await AddonManager.getInstallForURL( + BASE_URL + "/policy_test.xpi" + ); + await install.install(); + notEqual(install.addon, null, "Addon should not be null"); + equal(install.addon.appDisabled, false, "Addon should not be disabled"); + await install.addon.uninstall(); +}); + +add_task(async function test_addon_uninstalled() { + let install = await AddonManager.getInstallForURL( + BASE_URL + "/policy_test.xpi" + ); + await install.install(); + notEqual(install.addon, null, "Addon should not be null"); + + await Promise.all([ + AddonTestUtils.promiseAddonEvent("onUninstalled"), + setupPolicyEngineWithJson({ + policies: { + ExtensionSettings: { + "*": { + installation_mode: "blocked", + }, + }, + }, + }), + ]); + let addon = await AddonManager.getAddonByID(addonID); + equal(addon, null, "Addon should be null"); +}); + +add_task(async function test_addon_forceinstalled() { + await Promise.all([ + AddonTestUtils.promiseInstallEvent("onInstallEnded"), + setupPolicyEngineWithJson({ + policies: { + ExtensionSettings: { + "policytest2@mozilla.com": { + installation_mode: "force_installed", + install_url: BASE_URL + "/policy_test.xpi", + }, + }, + }, + }), + ]); + let addon = await AddonManager.getAddonByID(addonID); + notEqual(addon, null, "Addon should not be null"); + equal(addon.appDisabled, false, "Addon should not be disabled"); + equal( + addon.permissions & AddonManager.PERM_CAN_UNINSTALL, + 0, + "Addon should not be able to be uninstalled." + ); + equal( + addon.permissions & AddonManager.PERM_CAN_DISABLE, + 0, + "Addon should not be able to be disabled." + ); + await addon.uninstall(); +}); + +add_task(async function test_addon_normalinstalled() { + await Promise.all([ + AddonTestUtils.promiseInstallEvent("onInstallEnded"), + setupPolicyEngineWithJson({ + policies: { + ExtensionSettings: { + "policytest2@mozilla.com": { + installation_mode: "normal_installed", + install_url: BASE_URL + "/policy_test.xpi", + }, + }, + }, + }), + ]); + let addon = await AddonManager.getAddonByID(addonID); + notEqual(addon, null, "Addon should not be null"); + equal(addon.appDisabled, false, "Addon should not be disabled"); + equal( + addon.permissions & AddonManager.PERM_CAN_UNINSTALL, + 0, + "Addon should not be able to be uninstalled." + ); + notEqual( + addon.permissions & AddonManager.PERM_CAN_DISABLE, + 0, + "Addon should be able to be disabled." + ); + await addon.uninstall(); +}); + +add_task(async function test_extensionsettings_string() { + await setupPolicyEngineWithJson({ + policies: { + ExtensionSettings: '{"*": {"installation_mode": "blocked"}}', + }, + }); + + let extensionSettings = Services.policies.getExtensionSettings("*"); + equal(extensionSettings.installation_mode, "blocked"); +}); + +add_task(async function test_extensionsettings_string() { + let restrictedDomains = Services.prefs.getCharPref( + "extensions.webextensions.restrictedDomains" + ); + await setupPolicyEngineWithJson({ + policies: { + ExtensionSettings: + '{"*": {"restricted_domains": ["example.com","example.org"]}}', + }, + }); + + let newRestrictedDomains = Services.prefs.getCharPref( + "extensions.webextensions.restrictedDomains" + ); + equal(newRestrictedDomains, restrictedDomains + ",example.com,example.org"); +}); + +add_task(async function test_theme() { + let themeFile = AddonTestUtils.createTempWebExtensionFile({ + manifest: { + applications: { + gecko: { + id: themeID, + }, + }, + theme: {}, + }, + }); + + server.registerFile("/data/policy_theme.xpi", themeFile); + + await Promise.all([ + AddonTestUtils.promiseInstallEvent("onInstallEnded"), + setupPolicyEngineWithJson({ + policies: { + ExtensionSettings: { + "policytheme@mozilla.com": { + installation_mode: "normal_installed", + install_url: BASE_URL + "/policy_theme.xpi", + }, + }, + }, + }), + ]); + let currentTheme = Services.prefs.getCharPref("extensions.activeThemeID"); + equal(currentTheme, themeID, "Theme should be active"); + let addon = await AddonManager.getAddonByID(themeID); + await addon.uninstall(); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_macosparser_unflatten.js b/browser/components/enterprisepolicies/tests/xpcshell/test_macosparser_unflatten.js new file mode 100644 index 0000000000..7d13f28907 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_macosparser_unflatten.js @@ -0,0 +1,110 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +let { macOSPoliciesParser } = ChromeUtils.import( + "resource://gre/modules/policies/macOSPoliciesParser.jsm" +); + +add_task(async function test_object_unflatten() { + // Note: these policies are just examples and they won't actually + // run through the policy engine on this test. We're just testing + // that the unflattening algorithm produces the correct output. + let input = { + DisplayBookmarksToolbar: true, + + Homepage__URL: "https://www.mozilla.org", + Homepage__Locked: "true", + Homepage__Additional__0: "https://extra-homepage-1.example.com", + Homepage__Additional__1: "https://extra-homepage-2.example.com", + + WebsiteFilter__Block__0: "*://*.example.org/*", + WebsiteFilter__Block__1: "*://*.example.net/*", + WebsiteFilter__Exceptions__0: "*://*.example.org/*exception*", + + Permissions__Camera__Allow__0: "https://www.example.com", + + Permissions__Notifications__Allow__0: "https://www.example.com", + Permissions__Notifications__Allow__1: "https://www.example.org", + Permissions__Notifications__Block__0: "https://www.example.net", + + Permissions__Notifications__BlockNewRequests: true, + Permissions__Notifications__Locked: true, + + Bookmarks__0__Title: "Bookmark 1", + Bookmarks__0__URL: "https://bookmark1.example.com", + + Bookmarks__1__Title: "Bookmark 2", + Bookmarks__1__URL: "https://bookmark2.example.com", + Bookmarks__1__Folder: "Folder", + }; + + let expected = { + DisplayBookmarksToolbar: true, + + Homepage: { + URL: "https://www.mozilla.org", + Locked: "true", + Additional: [ + "https://extra-homepage-1.example.com", + "https://extra-homepage-2.example.com", + ], + }, + + WebsiteFilter: { + Block: ["*://*.example.org/*", "*://*.example.net/*"], + Exceptions: ["*://*.example.org/*exception*"], + }, + + Permissions: { + Camera: { + Allow: ["https://www.example.com"], + }, + + Notifications: { + Allow: ["https://www.example.com", "https://www.example.org"], + Block: ["https://www.example.net"], + BlockNewRequests: true, + Locked: true, + }, + }, + + Bookmarks: [ + { + Title: "Bookmark 1", + URL: "https://bookmark1.example.com", + }, + { + Title: "Bookmark 2", + URL: "https://bookmark2.example.com", + Folder: "Folder", + }, + ], + }; + + let unflattened = macOSPoliciesParser.unflatten(input); + + deepEqual(unflattened, expected, "Input was unflattened correctly."); +}); + +add_task(async function test_array_unflatten() { + let input = { + Foo__1: 1, + Foo__5: 5, + Foo__10: 10, + Foo__30: 30, + Foo__51: 51, // This one should not be included as the limit is 50 + }; + + let unflattened = macOSPoliciesParser.unflatten(input); + equal(unflattened.Foo.length, 31, "Array size is correct"); + + let expected = { + Foo: [, 1, , , , 5], // eslint-disable-line no-sparse-arrays + }; + expected.Foo[10] = 10; + expected.Foo[30] = 30; + + deepEqual(unflattened, expected, "Array was unflattened correctly."); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js new file mode 100644 index 0000000000..7f75233639 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js @@ -0,0 +1,316 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +function URI(str) { + return Services.io.newURI(str); +} + +add_task(async function test_setup_preexisting_permissions() { + // Pre-existing ALLOW permissions that should be overridden + // with DENY. + + // No ALLOW -> DENY override for popup and install permissions, + // because their policies only supports the Allow parameter. + + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "camera", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "microphone", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "geo", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "desktop-notification", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "autoplay-media", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "xr", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + + // Pre-existing DENY permissions that should be overridden + // with ALLOW. + + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "camera", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "microphone", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "geo", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "desktop-notification", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "autoplay-media", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "xr", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); +}); + +add_task(async function test_setup_activate_policies() { + await setupPolicyEngineWithJson({ + policies: { + Permissions: { + Camera: { + Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"], + Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"], + }, + Microphone: { + Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"], + Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"], + }, + Location: { + Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"], + Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"], + }, + Notifications: { + Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"], + Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"], + }, + Autoplay: { + Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"], + Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"], + }, + VirtualReality: { + Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"], + Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"], + }, + }, + }, + }); + equal( + Services.policies.status, + Ci.nsIEnterprisePolicies.ACTIVE, + "Engine is active" + ); +}); + +function checkPermission(url, expected, permissionName) { + let expectedValue = Ci.nsIPermissionManager[`${expected}_ACTION`]; + let uri = Services.io.newURI(`https://www.${url}`); + + equal( + PermissionTestUtils.testPermission(uri, permissionName), + expectedValue, + `Correct (${permissionName}=${expected}) for URL ${url}` + ); + + if (expected != "UNKNOWN") { + let permission = PermissionTestUtils.getPermissionObject( + uri, + permissionName, + true + ); + ok(permission, "Permission object exists"); + equal( + permission.expireType, + Ci.nsIPermissionManager.EXPIRE_POLICY, + "Permission expireType is correct" + ); + } +} + +function checkAllPermissionsForType(type, typeSupportsDeny = true) { + checkPermission("allow.com", "ALLOW", type); + checkPermission("unknown.com", "UNKNOWN", type); + checkPermission("pre-existing-deny.com", "ALLOW", type); + + if (typeSupportsDeny) { + checkPermission("deny.com", "DENY", type); + checkPermission("pre-existing-allow.com", "DENY", type); + } +} + +add_task(async function test_camera_policy() { + checkAllPermissionsForType("camera"); +}); + +add_task(async function test_microphone_policy() { + checkAllPermissionsForType("microphone"); +}); + +add_task(async function test_location_policy() { + checkAllPermissionsForType("geo"); +}); + +add_task(async function test_notifications_policy() { + checkAllPermissionsForType("desktop-notification"); +}); + +add_task(async function test_autoplay_policy() { + checkAllPermissionsForType("autoplay-media"); +}); + +add_task(async function test_xr_policy() { + checkAllPermissionsForType("xr"); +}); + +add_task(async function test_change_permission() { + // Checks that changing a permission will still retain the + // value set through the engine. + PermissionTestUtils.add( + "https://www.allow.com", + "camera", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.allow.com", + "microphone", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.allow.com", + "geo", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.allow.com", + "desktop-notification", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.allow.com", + "autoplay-media", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.allow.com", + "xr", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + + checkPermission("allow.com", "ALLOW", "camera"); + checkPermission("allow.com", "ALLOW", "microphone"); + checkPermission("allow.com", "ALLOW", "geo"); + checkPermission("allow.com", "ALLOW", "desktop-notification"); + checkPermission("allow.com", "ALLOW", "autoplay-media"); + checkPermission("allow.com", "ALLOW", "xr"); + + // Also change one un-managed permission to make sure it doesn't + // cause any problems to the policy engine or the permission manager. + PermissionTestUtils.add( + "https://www.unmanaged.com", + "camera", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.unmanaged.com", + "microphone", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.unmanaged.com", + "geo", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.unmanaged.com", + "desktop-notification", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.unmanaged.com", + "autoplay-media", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.unmanaged.com", + "xr", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); +}); + +add_task(async function test_setup_trackingprotection() { + await setupPolicyEngineWithJson({ + policies: { + EnableTrackingProtection: { + Exceptions: ["https://www.allow.com"], + }, + }, + }); + equal( + Services.policies.status, + Ci.nsIEnterprisePolicies.ACTIVE, + "Engine is active" + ); +}); + +add_task(async function test_trackingprotection() { + checkPermission("allow.com", "ALLOW", "trackingprotection"); +}); + +// This seems a little out of place, but it's really a cookie +// permission, not cookies per say. +add_task(async function test_cookie_allow_session() { + await setupPolicyEngineWithJson({ + policies: { + Cookies: { + AllowSession: ["https://allowsession.example.com"], + }, + }, + }); + equal( + PermissionTestUtils.testPermission( + URI("https://allowsession.example.com"), + "cookie" + ), + Ci.nsICookiePermission.ACCESS_SESSION + ); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_popups_cookies_addons_flash.js b/browser/components/enterprisepolicies/tests/xpcshell/test_popups_cookies_addons_flash.js new file mode 100644 index 0000000000..b1d4ef42b8 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_popups_cookies_addons_flash.js @@ -0,0 +1,143 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +function URI(str) { + return Services.io.newURI(str); +} + +add_task(async function test_setup_preexisting_permissions() { + // Pre-existing ALLOW permissions that should be overriden + // with DENY. + + // No ALLOW -> DENY override for popup and install permissions, + // because their policies only supports the Allow parameter. + + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "cookie", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "plugin:flash", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + + // Pre-existing DENY permissions that should be overriden + // with ALLOW. + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "popup", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "install", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "cookie", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "plugin:flash", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); +}); + +add_task(async function test_setup_activate_policies() { + await setupPolicyEngineWithJson("config_popups_cookies_addons_flash.json"); + equal( + Services.policies.status, + Ci.nsIEnterprisePolicies.ACTIVE, + "Engine is active" + ); +}); + +function checkPermission(url, expected, permissionName) { + let expectedValue = Ci.nsIPermissionManager[`${expected}_ACTION`]; + let uri = Services.io.newURI(`https://www.${url}`); + + equal( + PermissionTestUtils.testPermission(uri, permissionName), + expectedValue, + `Correct (${permissionName}=${expected}) for URL ${url}` + ); + + if (expected != "UNKNOWN") { + let permission = PermissionTestUtils.getPermissionObject( + uri, + permissionName, + true + ); + ok(permission, "Permission object exists"); + equal( + permission.expireType, + Ci.nsIPermissionManager.EXPIRE_POLICY, + "Permission expireType is correct" + ); + } +} + +function checkAllPermissionsForType(type, typeSupportsDeny = true) { + checkPermission("allow.com", "ALLOW", type); + checkPermission("unknown.com", "UNKNOWN", type); + checkPermission("pre-existing-deny.com", "ALLOW", type); + + if (typeSupportsDeny) { + checkPermission("deny.com", "DENY", type); + checkPermission("pre-existing-allow.com", "DENY", type); + } +} + +add_task(async function test_popups_policy() { + checkAllPermissionsForType("popup", false); +}); + +add_task(async function test_webextensions_policy() { + checkAllPermissionsForType("install", false); +}); + +add_task(async function test_cookies_policy() { + checkAllPermissionsForType("cookie"); +}); + +add_task(async function test_flash_policy() { + checkAllPermissionsForType("plugin:flash"); +}); + +add_task(async function test_change_permission() { + // Checks that changing a permission will still retain the + // value set through the engine. + PermissionTestUtils.add( + "https://www.allow.com", + "cookie", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + + checkPermission("allow.com", "ALLOW", "cookie"); + + // Also change one un-managed permission to make sure it doesn't + // cause any problems to the policy engine or the permission manager. + PermissionTestUtils.add( + "https://www.unmanaged.com", + "cookie", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_preferences.js b/browser/components/enterprisepolicies/tests/xpcshell/test_preferences.js new file mode 100644 index 0000000000..22b9164623 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_preferences.js @@ -0,0 +1,245 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const OLD_PREFERENCES_TESTS = [ + { + policies: { + Preferences: { + "network.IDN_show_punycode": true, + "accessibility.force_disabled": 1, + "security.default_personal_cert": "Select Automatically", + "geo.enabled": 1, + "extensions.getAddons.showPane": 0, + }, + }, + lockedPrefs: { + "network.IDN_show_punycode": true, + "accessibility.force_disabled": 1, + "security.default_personal_cert": "Select Automatically", + "geo.enabled": true, + "extensions.getAddons.showPane": false, + }, + }, +]; + +const NEW_PREFERENCES_TESTS = [ + { + policies: { + Preferences: { + "browser.policies.test.default.boolean": { + Value: true, + Status: "default", + }, + "browser.policies.test.default.string": { + Value: "string", + Status: "default", + }, + "browser.policies.test.default.number": { + Value: 11, + Status: "default", + }, + "browser.policies.test.locked.boolean": { + Value: true, + Status: "locked", + }, + "browser.policies.test.locked.string": { + Value: "string", + Status: "locked", + }, + "browser.policies.test.locked.number": { + Value: 11, + Status: "locked", + }, + "browser.policies.test.user.boolean": { + Value: true, + Status: "user", + }, + "browser.policies.test.user.string": { + Value: "string", + Status: "user", + }, + "browser.policies.test.user.number": { + Value: 11, + Status: "user", + }, + }, + }, + defaultPrefs: { + "browser.policies.test.default.boolean": true, + "browser.policies.test.default.string": "string", + "browser.policies.test.default.number": 11, + }, + lockedPrefs: { + "browser.policies.test.locked.boolean": true, + "browser.policies.test.locked.string": "string", + "browser.policies.test.locked.number": 11, + }, + userPrefs: { + "browser.policies.test.user.boolean": true, + "browser.policies.test.user.string": "string", + "browser.policies.test.user.number": 11, + }, + }, + { + policies: { + Preferences: { + "browser.policies.test.user.boolean": { + Status: "clear", + }, + "browser.policies.test.user.string": { + Status: "clear", + }, + "browser.policies.test.user.number": { + Status: "clear", + }, + }, + }, + + clearPrefs: { + "browser.policies.test.user.boolean": true, + "browser.policies.test.user.string": "string", + "browser.policies.test.user.number": 11, + }, + }, +]; + +const BAD_PREFERENCES_TESTS = [ + { + policies: { + Preferences: { + "not.a.valid.branch": { + Value: true, + Status: "default", + }, + "security.turn_off_all_security_so_that_viruses_can_take_over_this_computer": { + Value: true, + Status: "default", + }, + }, + }, + defaultPrefs: { + "not.a.valid.branch": true, + "security.turn_off_all_security_so_that_viruses_can_take_over_this_computer": true, + }, + }, +]; + +add_task(async function test_old_preferences() { + for (let test of OLD_PREFERENCES_TESTS) { + await setupPolicyEngineWithJson({ + policies: test.policies, + }); + + info("Checking policy: " + Object.keys(test.policies)[0]); + + for (let [prefName, prefValue] of Object.entries(test.lockedPrefs || {})) { + checkLockedPref(prefName, prefValue); + } + } +}); + +add_task(async function test_new_preferences() { + for (let test of NEW_PREFERENCES_TESTS) { + await setupPolicyEngineWithJson({ + policies: test.policies, + }); + + info("Checking policy: " + Object.keys(test.policies)[0]); + + for (let [prefName, prefValue] of Object.entries(test.lockedPrefs || {})) { + checkLockedPref(prefName, prefValue); + } + + for (let [prefName, prefValue] of Object.entries(test.defaultPrefs || {})) { + checkDefaultPref(prefName, prefValue); + } + + for (let [prefName, prefValue] of Object.entries(test.userPrefs || {})) { + checkUserPref(prefName, prefValue); + } + + for (let [prefName, prefValue] of Object.entries(test.clearPrefs || {})) { + checkClearPref(prefName, prefValue); + } + } +}); + +add_task(async function test_bad_preferences() { + for (let test of BAD_PREFERENCES_TESTS) { + await setupPolicyEngineWithJson({ + policies: test.policies, + }); + + info("Checking policy: " + Object.keys(test.policies)[0]); + + for (let prefName of Object.entries(test.defaultPrefs || {})) { + checkUnsetPref(prefName); + } + } +}); + +add_task(async function test_user_default_preference() { + Services.prefs + .getDefaultBranch("") + .setBoolPref("browser.policies.test.override", true); + + await setupPolicyEngineWithJson({ + policies: { + Preferences: { + "browser.policies.test.override": { + Value: true, + Status: "user", + }, + }, + }, + }); + + checkUserPref("browser.policies.test.override", true); +}); + +add_task(async function test_security_preference() { + await setupPolicyEngineWithJson({ + policies: { + Preferences: { + "security.this.should.not.work": { + Value: true, + Status: "default", + }, + }, + }, + }); + + checkUnsetPref("security.this.should.not.work"); +}); + +add_task(async function test_JSON_preferences() { + await setupPolicyEngineWithJson({ + policies: { + Preferences: + '{"browser.policies.test.default.boolean.json": {"Value": true,"Status": "default"}}', + }, + }); + + checkDefaultPref("browser.policies.test.default.boolean.json", true); +}); + +add_task(async function test_bug_1666836() { + await setupPolicyEngineWithJson({ + policies: { + Preferences: { + "browser.tabs.warnOnClose": { + Value: 0, + Status: "default", + }, + }, + }, + }); + + equal( + Preferences.get("browser.tabs.warnOnClose"), + false, + `browser.tabs.warnOnClose should be false` + ); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_proxy.js b/browser/components/enterprisepolicies/tests/xpcshell/test_proxy.js new file mode 100644 index 0000000000..f654b50748 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_proxy.js @@ -0,0 +1,112 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ +"use strict"; + +add_task(async function test_proxy_modes_and_autoconfig() { + // Directly test the proxy Mode and AutoconfigURL parameters through + // the API instead of the policy engine, because the test harness + // uses these prefs, and changing them interfere with the harness. + + // Checks that every Mode value translates correctly to the expected pref value + let { ProxyPolicies, PROXY_TYPES_MAP } = ChromeUtils.import( + "resource:///modules/policies/ProxyPolicies.jsm", + null + ); + + for (let [mode, expectedValue] of PROXY_TYPES_MAP) { + ProxyPolicies.configureProxySettings({ Mode: mode }, (_, value) => { + equal(value, expectedValue, "Correct proxy mode"); + }); + } + + let autoconfigURL = new URL("data:text/plain,test"); + ProxyPolicies.configureProxySettings( + { AutoConfigURL: autoconfigURL }, + (_, value) => { + equal(value, autoconfigURL.href, "AutoconfigURL correctly set"); + } + ); +}); + +add_task(async function test_proxy_boolean_settings() { + // Tests that both false and true values are correctly set and locked + await setupPolicyEngineWithJson({ + policies: { + Proxy: { + UseProxyForDNS: false, + AutoLogin: false, + }, + }, + }); + + checkUnlockedPref("network.proxy.socks_remote_dns", false); + checkUnlockedPref("signon.autologin.proxy", false); + + await setupPolicyEngineWithJson({ + policies: { + Proxy: { + UseProxyForDNS: true, + AutoLogin: true, + }, + }, + }); + + checkUnlockedPref("network.proxy.socks_remote_dns", true); + checkUnlockedPref("signon.autologin.proxy", true); +}); + +add_task(async function test_proxy_socks_and_passthrough() { + await setupPolicyEngineWithJson({ + policies: { + Proxy: { + SOCKSVersion: 4, + Passthrough: "a, b, c", + }, + }, + }); + + checkUnlockedPref("network.proxy.socks_version", 4); + checkUnlockedPref("network.proxy.no_proxies_on", "a, b, c"); +}); + +add_task(async function test_proxy_addresses() { + function checkProxyPref(proxytype, address, port) { + checkUnlockedPref(`network.proxy.${proxytype}`, address); + checkUnlockedPref(`network.proxy.${proxytype}_port`, port); + } + + await setupPolicyEngineWithJson({ + policies: { + Proxy: { + HTTPProxy: "http.proxy.example.com:10", + FTPProxy: "ftp.proxy.example.com:20", + SSLProxy: "ssl.proxy.example.com:30", + SOCKSProxy: "socks.proxy.example.com:40", + }, + }, + }); + + checkProxyPref("http", "http.proxy.example.com", 10); + checkProxyPref("ftp", "ftp.proxy.example.com", 20); + checkProxyPref("ssl", "ssl.proxy.example.com", 30); + checkProxyPref("socks", "socks.proxy.example.com", 40); + + // Do the same, but now use the UseHTTPProxyForAllProtocols option + // and check that it takes effect. + await setupPolicyEngineWithJson({ + policies: { + Proxy: { + HTTPProxy: "http.proxy.example.com:10", + FTPProxy: "ftp.proxy.example.com:20", + SSLProxy: "ssl.proxy.example.com:30", + SOCKSProxy: "socks.proxy.example.com:40", + UseHTTPProxyForAllProtocols: true, + }, + }, + }); + + checkProxyPref("http", "http.proxy.example.com", 10); + checkProxyPref("ftp", "http.proxy.example.com", 10); + checkProxyPref("ssl", "http.proxy.example.com", 10); + checkProxyPref("socks", "http.proxy.example.com", 10); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_requestedlocales.js b/browser/components/enterprisepolicies/tests/xpcshell/test_requestedlocales.js new file mode 100644 index 0000000000..2e7d86a1f0 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_requestedlocales.js @@ -0,0 +1,117 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +var { setTimeout } = ChromeUtils.import("resource://gre/modules/Timer.jsm"); + +const REQ_LOC_CHANGE_EVENT = "intl:requested-locales-changed"; + +function promiseLocaleChanged(requestedLocale) { + return new Promise(resolve => { + let localeObserver = { + observe(aSubject, aTopic, aData) { + switch (aTopic) { + case REQ_LOC_CHANGE_EVENT: + let reqLocs = Services.locale.requestedLocales; + equal(reqLocs[0], requestedLocale); + Services.obs.removeObserver(localeObserver, REQ_LOC_CHANGE_EVENT); + resolve(); + } + }, + }; + Services.obs.addObserver(localeObserver, REQ_LOC_CHANGE_EVENT); + }); +} + +function promiseLocaleNotChanged(requestedLocale) { + return new Promise(resolve => { + let localeObserver = { + observe(aSubject, aTopic, aData) { + switch (aTopic) { + case REQ_LOC_CHANGE_EVENT: + ok(false, "Locale should not change."); + Services.obs.removeObserver(localeObserver, REQ_LOC_CHANGE_EVENT); + resolve(); + } + }, + }; + Services.obs.addObserver(localeObserver, REQ_LOC_CHANGE_EVENT); + /* eslint-disable mozilla/no-arbitrary-setTimeout */ + setTimeout(function() { + Services.obs.removeObserver(localeObserver, REQ_LOC_CHANGE_EVENT); + resolve(); + }, 100); + }); +} + +add_task(async function test_requested_locale_array() { + let originalLocales = Services.locale.requestedLocales; + let localePromise = promiseLocaleChanged("de"); + await setupPolicyEngineWithJson({ + policies: { + RequestedLocales: ["de"], + }, + }); + await localePromise; + Services.locale.requestedLocales = originalLocales; +}); + +add_task(async function test_requested_locale_string() { + let originalLocales = Services.locale.requestedLocales; + let localePromise = promiseLocaleChanged("fr"); + await setupPolicyEngineWithJson({ + policies: { + RequestedLocales: "fr", + }, + }); + await localePromise; + Services.locale.requestedLocales = originalLocales; +}); + +add_task(async function test_system_locale_string() { + let originalLocales = Services.locale.requestedLocales; + + let localePromise = promiseLocaleChanged("und"); + Services.locale.requestedLocales = ["und"]; + await localePromise; + + let systemLocale = Cc["@mozilla.org/intl/ospreferences;1"].getService( + Ci.mozIOSPreferences + ).systemLocale; + localePromise = promiseLocaleChanged(systemLocale); + + await setupPolicyEngineWithJson({ + policies: { + RequestedLocales: "", + }, + }); + await localePromise; + Services.locale.requestedLocales = originalLocales; +}); + +add_task(async function test_user_requested_locale_change() { + let originalLocales = Services.locale.requestedLocales; + let localePromise = promiseLocaleChanged("fr"); + await setupPolicyEngineWithJson({ + policies: { + RequestedLocales: "fr", + }, + }); + await localePromise; + + // Simulate user change of locale + localePromise = promiseLocaleChanged("de"); + Services.locale.requestedLocales = ["de"]; + await localePromise; + + localePromise = promiseLocaleNotChanged("fr"); + await setupPolicyEngineWithJson({ + policies: { + RequestedLocales: "fr", + }, + }); + await localePromise; + + Services.locale.requestedLocales = originalLocales; +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_runOnce_helper.js b/browser/components/enterprisepolicies/tests/xpcshell/test_runOnce_helper.js new file mode 100644 index 0000000000..43a113a130 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_runOnce_helper.js @@ -0,0 +1,22 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +let { runOnce } = ChromeUtils.import( + "resource:///modules/policies/Policies.jsm", + null +); + +let runCount = 0; +function callback() { + runCount++; +} + +add_task(async function test_runonce_helper() { + runOnce("test_action", callback); + equal(runCount, 1, "Callback ran for the first time."); + + runOnce("test_action", callback); + equal(runCount, 1, "Callback didn't run again."); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js b/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js new file mode 100644 index 0000000000..fe5f509b3a --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js @@ -0,0 +1,800 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +/* + * Use this file to add tests to policies that are + * simple pref flips. + * + * It's best to make a test to actually test the feature + * instead of the pref flip, but if that feature is well + * covered by tests, including that its pref actually works, + * it's OK to have the policy test here just to ensure + * that the right pref values are set. + */ + +const POLICIES_TESTS = [ + /* + * Example: + * { + * // Policies to be set at once through the engine + * policies: { "DisableFoo": true, "ConfigureBar": 42 }, + * + * // Locked prefs to check + * lockedPrefs: { "feature.foo": false }, + * + * // Unlocked prefs to check + * unlockedPrefs: { "bar.baz": 42 } + * }, + */ + + // POLICY: RememberPasswords + { + policies: { OfferToSaveLogins: false }, + lockedPrefs: { "signon.rememberSignons": false }, + }, + { + policies: { OfferToSaveLogins: true }, + lockedPrefs: { "signon.rememberSignons": true }, + }, + + // POLICY: DisableSecurityBypass + { + policies: { + DisableSecurityBypass: { + InvalidCertificate: true, + SafeBrowsing: true, + }, + }, + lockedPrefs: { + "security.certerror.hideAddException": true, + "browser.safebrowsing.allowOverride": false, + }, + }, + + // POLICY: DisableBuiltinPDFViewer + { + policies: { DisableBuiltinPDFViewer: true }, + lockedPrefs: { "pdfjs.disabled": true }, + }, + + // POLICY: DisableFormHistory + { + policies: { DisableFormHistory: true }, + lockedPrefs: { "browser.formfill.enable": false }, + }, + + // POLICY: EnableTrackingProtection + { + policies: { + EnableTrackingProtection: { + Value: true, + }, + }, + unlockedPrefs: { + "privacy.trackingprotection.enabled": true, + "privacy.trackingprotection.pbmode.enabled": true, + }, + }, + { + policies: { + EnableTrackingProtection: { + Value: false, + Locked: true, + }, + }, + lockedPrefs: { + "privacy.trackingprotection.enabled": false, + "privacy.trackingprotection.pbmode.enabled": false, + }, + }, + + { + policies: { + EnableTrackingProtection: { + Cryptomining: true, + Fingerprinting: true, + Locked: true, + }, + }, + lockedPrefs: { + "privacy.trackingprotection.cryptomining.enabled": true, + "privacy.trackingprotection.fingerprinting.enabled": true, + }, + }, + + // POLICY: OverrideFirstRunPage + { + policies: { OverrideFirstRunPage: "https://www.example.com/" }, + lockedPrefs: { "startup.homepage_welcome_url": "https://www.example.com/" }, + }, + + // POLICY: Authentication + { + policies: { + Authentication: { + SPNEGO: ["a.com", "b.com"], + Delegated: ["a.com", "b.com"], + NTLM: ["a.com", "b.com"], + AllowNonFQDN: { + SPNEGO: true, + NTLM: true, + }, + AllowProxies: { + SPNEGO: false, + NTLM: false, + }, + PrivateBrowsing: true, + }, + }, + lockedPrefs: { + "network.negotiate-auth.trusted-uris": "a.com, b.com", + "network.negotiate-auth.delegation-uris": "a.com, b.com", + "network.automatic-ntlm-auth.trusted-uris": "a.com, b.com", + "network.automatic-ntlm-auth.allow-non-fqdn": true, + "network.negotiate-auth.allow-non-fqdn": true, + "network.automatic-ntlm-auth.allow-proxies": false, + "network.negotiate-auth.allow-proxies": false, + "network.auth.private-browsing-sso": true, + }, + }, + + // POLICY: Authentication (unlocked) + { + policies: { + Authentication: { + SPNEGO: ["a.com", "b.com"], + Delegated: ["a.com", "b.com"], + NTLM: ["a.com", "b.com"], + AllowNonFQDN: { + SPNEGO: true, + NTLM: true, + }, + AllowProxies: { + SPNEGO: false, + NTLM: false, + }, + PrivateBrowsing: true, + Locked: false, + }, + }, + unlockedPrefs: { + "network.negotiate-auth.trusted-uris": "a.com, b.com", + "network.negotiate-auth.delegation-uris": "a.com, b.com", + "network.automatic-ntlm-auth.trusted-uris": "a.com, b.com", + "network.automatic-ntlm-auth.allow-non-fqdn": true, + "network.negotiate-auth.allow-non-fqdn": true, + "network.automatic-ntlm-auth.allow-proxies": false, + "network.negotiate-auth.allow-proxies": false, + "network.auth.private-browsing-sso": true, + }, + }, + + // POLICY: Certificates (true) + { + policies: { + Certificates: { + ImportEnterpriseRoots: true, + }, + }, + lockedPrefs: { + "security.enterprise_roots.enabled": true, + }, + }, + + // POLICY: Certificates (false) + { + policies: { + Certificates: { + ImportEnterpriseRoots: false, + }, + }, + lockedPrefs: { + "security.enterprise_roots.enabled": false, + }, + }, + + // POLICY: InstallAddons.Default (block addon installs) + { + policies: { + InstallAddonsPermission: { + Default: false, + }, + }, + lockedPrefs: { + "xpinstall.enabled": false, + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons": false, + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features": false, + }, + }, + + // POLICY: SanitizeOnShutdown + { + policies: { + SanitizeOnShutdown: true, + }, + lockedPrefs: { + "privacy.sanitize.sanitizeOnShutdown": true, + "privacy.clearOnShutdown.cache": true, + "privacy.clearOnShutdown.cookies": true, + "privacy.clearOnShutdown.downloads": true, + "privacy.clearOnShutdown.formdata": true, + "privacy.clearOnShutdown.history": true, + "privacy.clearOnShutdown.sessions": true, + "privacy.clearOnShutdown.siteSettings": true, + "privacy.clearOnShutdown.offlineApps": true, + }, + }, + + { + policies: { + SanitizeOnShutdown: { + Cache: true, + }, + }, + lockedPrefs: { + "privacy.sanitize.sanitizeOnShutdown": true, + "privacy.clearOnShutdown.cache": true, + "privacy.clearOnShutdown.cookies": false, + "privacy.clearOnShutdown.downloads": false, + "privacy.clearOnShutdown.formdata": false, + "privacy.clearOnShutdown.history": false, + "privacy.clearOnShutdown.sessions": false, + }, + }, + + { + policies: { + SanitizeOnShutdown: { + Cookies: true, + }, + }, + lockedPrefs: { + "privacy.sanitize.sanitizeOnShutdown": true, + "privacy.clearOnShutdown.cache": false, + "privacy.clearOnShutdown.cookies": true, + "privacy.clearOnShutdown.downloads": false, + "privacy.clearOnShutdown.formdata": false, + "privacy.clearOnShutdown.history": false, + "privacy.clearOnShutdown.sessions": false, + }, + }, + + { + policies: { + SanitizeOnShutdown: { + Downloads: true, + }, + }, + lockedPrefs: { + "privacy.sanitize.sanitizeOnShutdown": true, + "privacy.clearOnShutdown.cache": false, + "privacy.clearOnShutdown.cookies": false, + "privacy.clearOnShutdown.downloads": true, + "privacy.clearOnShutdown.formdata": false, + "privacy.clearOnShutdown.history": false, + "privacy.clearOnShutdown.sessions": false, + }, + }, + + { + policies: { + SanitizeOnShutdown: { + FormData: true, + }, + }, + lockedPrefs: { + "privacy.sanitize.sanitizeOnShutdown": true, + "privacy.clearOnShutdown.cache": false, + "privacy.clearOnShutdown.cookies": false, + "privacy.clearOnShutdown.downloads": false, + "privacy.clearOnShutdown.formdata": true, + "privacy.clearOnShutdown.history": false, + "privacy.clearOnShutdown.sessions": false, + }, + }, + + { + policies: { + SanitizeOnShutdown: { + History: true, + }, + }, + lockedPrefs: { + "privacy.sanitize.sanitizeOnShutdown": true, + "privacy.clearOnShutdown.cache": false, + "privacy.clearOnShutdown.cookies": false, + "privacy.clearOnShutdown.downloads": false, + "privacy.clearOnShutdown.formdata": false, + "privacy.clearOnShutdown.history": true, + "privacy.clearOnShutdown.sessions": false, + }, + }, + + { + policies: { + SanitizeOnShutdown: { + Sessions: true, + }, + }, + lockedPrefs: { + "privacy.sanitize.sanitizeOnShutdown": true, + "privacy.clearOnShutdown.cache": false, + "privacy.clearOnShutdown.cookies": false, + "privacy.clearOnShutdown.downloads": false, + "privacy.clearOnShutdown.formdata": false, + "privacy.clearOnShutdown.history": false, + "privacy.clearOnShutdown.sessions": true, + }, + }, + + { + policies: { + SanitizeOnShutdown: { + SiteSettings: true, + }, + }, + lockedPrefs: { + "privacy.sanitize.sanitizeOnShutdown": true, + "privacy.clearOnShutdown.cache": false, + "privacy.clearOnShutdown.cookies": false, + "privacy.clearOnShutdown.downloads": false, + "privacy.clearOnShutdown.formdata": false, + "privacy.clearOnShutdown.history": false, + "privacy.clearOnShutdown.sessions": false, + "privacy.clearOnShutdown.siteSettings": true, + }, + }, + + { + policies: { + SanitizeOnShutdown: { + OfflineApps: true, + }, + }, + lockedPrefs: { + "privacy.sanitize.sanitizeOnShutdown": true, + "privacy.clearOnShutdown.cache": false, + "privacy.clearOnShutdown.cookies": false, + "privacy.clearOnShutdown.downloads": false, + "privacy.clearOnShutdown.formdata": false, + "privacy.clearOnShutdown.history": false, + "privacy.clearOnShutdown.sessions": false, + "privacy.clearOnShutdown.offlineApps": true, + }, + }, + + // POLICY: SanitizeOnShutdown using Locked + { + policies: { + SanitizeOnShutdown: { + Cache: true, + Locked: true, + }, + }, + lockedPrefs: { + "privacy.sanitize.sanitizeOnShutdown": true, + "privacy.clearOnShutdown.cache": true, + }, + unlockedPrefs: { + "privacy.clearOnShutdown.cookies": false, + "privacy.clearOnShutdown.downloads": false, + "privacy.clearOnShutdown.formdata": false, + "privacy.clearOnShutdown.history": false, + "privacy.clearOnShutdown.sessions": false, + }, + }, + + { + policies: { + SanitizeOnShutdown: { + Cache: true, + Cookies: false, + Locked: true, + }, + }, + lockedPrefs: { + "privacy.sanitize.sanitizeOnShutdown": true, + "privacy.clearOnShutdown.cache": true, + "privacy.clearOnShutdown.cookies": false, + }, + unlockedPrefs: { + "privacy.clearOnShutdown.downloads": false, + "privacy.clearOnShutdown.formdata": false, + "privacy.clearOnShutdown.history": false, + "privacy.clearOnShutdown.sessions": false, + }, + }, + + { + policies: { + SanitizeOnShutdown: { + Cache: true, + Locked: false, + }, + }, + unlockedPrefs: { + "privacy.sanitize.sanitizeOnShutdown": true, + "privacy.clearOnShutdown.cache": true, + "privacy.clearOnShutdown.cookies": false, + "privacy.clearOnShutdown.downloads": false, + "privacy.clearOnShutdown.formdata": false, + "privacy.clearOnShutdown.history": false, + "privacy.clearOnShutdown.sessions": false, + }, + }, + + // POLICY: DNSOverHTTPS Locked + { + policies: { + DNSOverHTTPS: { + Enabled: true, + ProviderURL: "http://example.com/provider", + ExcludedDomains: ["example.com", "example.org"], + Locked: true, + }, + }, + lockedPrefs: { + "network.trr.mode": 2, + "network.trr.uri": "http://example.com/provider", + "network.trr.excluded-domains": "example.com,example.org", + }, + }, + + // POLICY: DNSOverHTTPS Unlocked + { + policies: { + DNSOverHTTPS: { + Enabled: false, + ProviderURL: "http://example.com/provider", + ExcludedDomains: ["example.com", "example.org"], + }, + }, + unlockedPrefs: { + "network.trr.mode": 5, + "network.trr.uri": "http://example.com/provider", + "network.trr.excluded-domains": "example.com,example.org", + }, + }, + + // POLICY: SSLVersionMin/SSLVersionMax (1) + { + policies: { + SSLVersionMin: "tls1", + SSLVersionMax: "tls1.1", + }, + lockedPrefs: { + "security.tls.version.min": 1, + "security.tls.version.max": 2, + }, + }, + + // POLICY: SSLVersionMin/SSLVersionMax (2) + { + policies: { + SSLVersionMin: "tls1.2", + SSLVersionMax: "tls1.3", + }, + lockedPrefs: { + "security.tls.version.min": 3, + "security.tls.version.max": 4, + }, + }, + + // POLICY: CaptivePortal + { + policies: { + CaptivePortal: false, + }, + lockedPrefs: { + "network.captive-portal-service.enabled": false, + }, + }, + + // POLICY: NetworkPrediction + { + policies: { + NetworkPrediction: false, + }, + lockedPrefs: { + "network.dns.disablePrefetch": true, + "network.dns.disablePrefetchFromHTTPS": true, + }, + }, + + // POLICY: ExtensionUpdate + { + policies: { + ExtensionUpdate: false, + }, + lockedPrefs: { + "extensions.update.enabled": false, + }, + }, + + // POLICY: DisableShield + { + policies: { + DisableFirefoxStudies: true, + }, + lockedPrefs: { + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons": false, + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features": false, + }, + }, + + // POLICY: NewTabPage + { + policies: { + NewTabPage: false, + }, + lockedPrefs: { + "browser.newtabpage.enabled": false, + }, + }, + + // POLICY: SearchSuggestEnabled + { + policies: { + SearchSuggestEnabled: false, + }, + lockedPrefs: { + "browser.urlbar.suggest.searches": false, + "browser.search.suggest.enabled": false, + }, + }, + + // POLICY: FirefoxHome + { + policies: { + FirefoxHome: { + Pocket: false, + Snippets: false, + Locked: true, + }, + }, + lockedPrefs: { + "browser.newtabpage.activity-stream.feeds.snippets": false, + "browser.newtabpage.activity-stream.feeds.system.topstories": false, + }, + }, + + // POLICY: OfferToSaveLoginsDefault + { + policies: { + OfferToSaveLoginsDefault: false, + }, + unlockedPrefs: { + "signon.rememberSignons": false, + }, + }, + + // POLICY: UserMessaging + { + policies: { + UserMessaging: { + WhatsNew: false, + Locked: true, + }, + }, + lockedPrefs: { + "browser.messaging-system.whatsNewPanel.enabled": false, + }, + }, + + { + policies: { + UserMessaging: { + ExtensionRecommendations: false, + }, + }, + unlockedPrefs: { + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons": false, + }, + }, + + { + policies: { + UserMessaging: { + FeatureRecommendations: false, + }, + }, + unlockedPrefs: { + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features": false, + }, + }, + + // POLICY: Permissions->Autoplay + { + policies: { + Permissions: { + Autoplay: { + Default: "allow-audio-video", + Locked: true, + }, + }, + }, + lockedPrefs: { + "media.autoplay.default": 0, + }, + }, + + { + policies: { + Permissions: { + Autoplay: { + Default: "block-audio", + }, + }, + }, + unlockedPrefs: { + "media.autoplay.default": 1, + }, + }, + + { + policies: { + Permissions: { + Autoplay: { + Default: "block-audio-video", + }, + }, + }, + unlockedPrefs: { + "media.autoplay.default": 5, + }, + }, + + // POLICY: LegacySameSiteCookieBehaviorEnabled + + { + policies: { + LegacySameSiteCookieBehaviorEnabled: true, + }, + unlockedPrefs: { + "network.cookie.sameSite.laxByDefault": false, + }, + }, + + // POLICY: LegacySameSiteCookieBehaviorEnabledForDomainList + + { + policies: { + LegacySameSiteCookieBehaviorEnabledForDomainList: [ + "example.com", + "example.org", + ], + }, + unlockedPrefs: { + "network.cookie.sameSite.laxByDefault.disabledHosts": + "example.com,example.org", + }, + }, + + // POLICY: EncryptedMediaExtensions + + { + policies: { + EncryptedMediaExtensions: { + Enabled: false, + Locked: true, + }, + }, + lockedPrefs: { + "media.eme.enabled": false, + }, + }, + + // POLICY: PDFjs + + { + policies: { + PDFjs: { + Enabled: false, + EnablePermissions: true, + }, + }, + lockedPrefs: { + "pdfjs.disabled": true, + "pdfjs.enablePermissions": true, + }, + }, + + // POLICY: PictureInPicture + + { + policies: { + PictureInPicture: { + Enabled: false, + Locked: true, + }, + }, + lockedPrefs: { + "media.videocontrols.picture-in-picture.video-toggle.enabled": false, + }, + }, + + // POLICY: DisabledCiphers + { + policies: { + DisabledCiphers: { + TLS_DHE_RSA_WITH_AES_128_CBC_SHA: false, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA: false, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: false, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: false, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: false, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: false, + TLS_RSA_WITH_AES_128_CBC_SHA: false, + TLS_RSA_WITH_AES_256_CBC_SHA: false, + TLS_RSA_WITH_3DES_EDE_CBC_SHA: false, + TLS_RSA_WITH_AES_128_GCM_SHA256: false, + TLS_RSA_WITH_AES_256_GCM_SHA384: false, + }, + }, + lockedPrefs: { + "security.ssl3.dhe_rsa_aes_128_sha": true, + "security.ssl3.dhe_rsa_aes_256_sha": true, + "security.ssl3.ecdhe_rsa_aes_128_sha": true, + "security.ssl3.ecdhe_rsa_aes_256_sha": true, + "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256": true, + "security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256": true, + "security.ssl3.rsa_aes_128_sha": true, + "security.ssl3.rsa_aes_256_sha": true, + "security.ssl3.rsa_des_ede3_sha": true, + "security.ssl3.rsa_aes_128_gcm_sha256": true, + "security.ssl3.rsa_aes_256_gcm_sha384": true, + }, + }, + + { + policies: { + DisabledCiphers: { + TLS_DHE_RSA_WITH_AES_128_CBC_SHA: true, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA: true, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: true, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: true, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: true, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: true, + TLS_RSA_WITH_AES_128_CBC_SHA: true, + TLS_RSA_WITH_AES_256_CBC_SHA: true, + TLS_RSA_WITH_3DES_EDE_CBC_SHA: true, + TLS_RSA_WITH_AES_128_GCM_SHA256: true, + TLS_RSA_WITH_AES_256_GCM_SHA384: true, + }, + }, + lockedPrefs: { + "security.ssl3.dhe_rsa_aes_128_sha": false, + "security.ssl3.dhe_rsa_aes_256_sha": false, + "security.ssl3.ecdhe_rsa_aes_128_sha": false, + "security.ssl3.ecdhe_rsa_aes_256_sha": false, + "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256": false, + "security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256": false, + "security.ssl3.rsa_aes_128_sha": false, + "security.ssl3.rsa_aes_256_sha": false, + "security.ssl3.rsa_des_ede3_sha": false, + "security.ssl3.rsa_aes_128_gcm_sha256": false, + "security.ssl3.rsa_aes_256_gcm_sha384": false, + }, + }, +]; + +add_task(async function test_policy_simple_prefs() { + for (let test of POLICIES_TESTS) { + await setupPolicyEngineWithJson({ + policies: test.policies, + }); + + info("Checking policy: " + Object.keys(test.policies)[0]); + + for (let [prefName, prefValue] of Object.entries(test.lockedPrefs || {})) { + checkLockedPref(prefName, prefValue); + } + + for (let [prefName, prefValue] of Object.entries( + test.unlockedPrefs || {} + )) { + checkUnlockedPref(prefName, prefValue); + } + } +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_sorted_alphabetically.js b/browser/components/enterprisepolicies/tests/xpcshell/test_sorted_alphabetically.js new file mode 100644 index 0000000000..4b0ceb0916 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_sorted_alphabetically.js @@ -0,0 +1,48 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +function checkArrayIsSorted(array, msg) { + let sorted = true; + let sortedArray = array.slice().sort(function(a, b) { + return a.localeCompare(b); + }); + + for (let i = 0; i < array.length; i++) { + if (array[i] != sortedArray[i]) { + sorted = false; + break; + } + } + ok(sorted, msg); +} + +add_task(async function test_policies_sorted() { + let { schema } = ChromeUtils.import( + "resource:///modules/policies/schema.jsm" + ); + let { Policies } = ChromeUtils.import( + "resource:///modules/policies/Policies.jsm" + ); + + checkArrayIsSorted( + Object.keys(schema.properties), + "policies-schema.json is alphabetically sorted." + ); + checkArrayIsSorted( + Object.keys(Policies), + "Policies.jsm is alphabetically sorted." + ); +}); + +add_task(async function check_naming_conventions() { + let { schema } = ChromeUtils.import( + "resource:///modules/policies/schema.jsm" + ); + equal( + Object.keys(schema.properties).some(key => key.includes("__")), + false, + "Can't use __ in a policy name as it's used as a delimiter" + ); +}); diff --git a/browser/components/enterprisepolicies/tests/xpcshell/xpcshell.ini b/browser/components/enterprisepolicies/tests/xpcshell/xpcshell.ini new file mode 100644 index 0000000000..c27f292911 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/xpcshell.ini @@ -0,0 +1,27 @@ +[DEFAULT] +firefox-appdir = browser +head = head.js +support-files = + policytest_v0.1.xpi + +[test_3rdparty.js] +[test_addon_update.js] +[test_appupdateurl.js] +[test_bug1658259.js] +[test_cleanup.js] +[test_clear_blocked_cookies.js] +[test_defaultbrowsercheck.js] +[test_empty_policy.js] +[test_extensions.js] +[test_extensionsettings.js] +[test_macosparser_unflatten.js] +skip-if = os != 'mac' +[test_permissions.js] +[test_popups_cookies_addons_flash.js] +support-files = config_popups_cookies_addons_flash.json +[test_preferences.js] +[test_proxy.js] +[test_requestedlocales.js] +[test_runOnce_helper.js] +[test_simple_pref_policies.js] +[test_sorted_alphabetically.js] |