1 // Copyright 2019 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "components/autofill/core/browser/payments/credit_card_cvc_authenticator.h"
6 
7 #include <stddef.h>
8 
9 #include <algorithm>
10 #include <memory>
11 #include <string>
12 #include <tuple>
13 #include <utility>
14 #include <vector>
15 
16 #include "base/base64.h"
17 #include "base/command_line.h"
18 #include "base/feature_list.h"
19 #include "base/memory/ref_counted.h"
20 #include "base/metrics/field_trial.h"
21 #include "base/metrics/metrics_hashes.h"
22 #include "base/stl_util.h"
23 #include "base/strings/string16.h"
24 #include "base/strings/string_number_conversions.h"
25 #include "base/strings/string_util.h"
26 #include "base/strings/stringprintf.h"
27 #include "base/strings/utf_string_conversions.h"
28 #include "base/test/metrics/histogram_tester.h"
29 #include "base/test/scoped_feature_list.h"
30 #include "base/test/task_environment.h"
31 #include "base/threading/thread_task_runner_handle.h"
32 #include "base/time/time.h"
33 #include "build/build_config.h"
34 #include "components/autofill/core/browser/autocomplete_history_manager.h"
35 #include "components/autofill/core/browser/autofill_download_manager.h"
36 #include "components/autofill/core/browser/autofill_test_utils.h"
37 #include "components/autofill/core/browser/data_model/autofill_profile.h"
38 #include "components/autofill/core/browser/data_model/credit_card.h"
39 #include "components/autofill/core/browser/metrics/form_events.h"
40 #include "components/autofill/core/browser/payments/test_authentication_requester.h"
41 #include "components/autofill/core/browser/payments/test_payments_client.h"
42 #include "components/autofill/core/browser/personal_data_manager.h"
43 #include "components/autofill/core/browser/test_autofill_client.h"
44 #include "components/autofill/core/browser/test_autofill_clock.h"
45 #include "components/autofill/core/browser/test_autofill_driver.h"
46 #include "components/autofill/core/browser/test_personal_data_manager.h"
47 #include "components/autofill/core/browser/validation.h"
48 #include "components/autofill/core/browser/webdata/autofill_webdata_service.h"
49 #include "components/autofill/core/common/autofill_clock.h"
50 #include "components/autofill/core/common/autofill_features.h"
51 #include "components/autofill/core/common/autofill_payments_features.h"
52 #include "components/autofill/core/common/autofill_prefs.h"
53 #include "components/autofill/core/common/autofill_switches.h"
54 #include "components/autofill/core/common/autofill_tick_clock.h"
55 #include "components/autofill/core/common/autofill_util.h"
56 #include "components/prefs/pref_service.h"
57 #include "components/security_state/core/security_state.h"
58 #include "components/strings/grit/components_strings.h"
59 #include "components/sync/driver/test_sync_service.h"
60 #include "components/version_info/channel.h"
61 #include "net/base/url_util.h"
62 #include "services/metrics/public/cpp/ukm_builders.h"
63 #include "services/network/public/cpp/shared_url_loader_factory.h"
64 #include "testing/gtest/include/gtest/gtest.h"
65 #include "ui/base/l10n/l10n_util.h"
66 #include "ui/gfx/geometry/rect.h"
67 #include "url/gurl.h"
68 
69 using base::ASCIIToUTF16;
70 
71 namespace autofill {
72 namespace {
73 
74 const char kTestGUID[] = "00000000-0000-0000-0000-000000000001";
75 const char kTestNumber[] = "4234567890123456";  // Visa
76 
77 }  // namespace
78 
79 class CreditCardCVCAuthenticatorTest : public testing::Test {
80  public:
CreditCardCVCAuthenticatorTest()81   CreditCardCVCAuthenticatorTest() {}
82 
SetUp()83   void SetUp() override {
84     autofill_client_.SetPrefs(test::PrefServiceForTesting());
85     personal_data_manager_.Init(/*profile_database=*/database_,
86                                 /*account_database=*/nullptr,
87                                 /*pref_service=*/autofill_client_.GetPrefs(),
88                                 /*identity_manager=*/nullptr,
89                                 /*client_profile_validator=*/nullptr,
90                                 /*history_service=*/nullptr,
91                                 /*is_off_the_record=*/false);
92     personal_data_manager_.SetPrefService(autofill_client_.GetPrefs());
93 
94     requester_.reset(new TestAuthenticationRequester());
95     autofill_driver_ =
96         std::make_unique<testing::NiceMock<TestAutofillDriver>>();
97 
98     payments::TestPaymentsClient* payments_client =
99         new payments::TestPaymentsClient(
100             autofill_driver_->GetURLLoaderFactory(),
101             autofill_client_.GetIdentityManager(), &personal_data_manager_);
102     autofill_client_.set_test_payments_client(
103         std::unique_ptr<payments::TestPaymentsClient>(payments_client));
104     cvc_authenticator_ =
105         std::make_unique<CreditCardCVCAuthenticator>(&autofill_client_);
106   }
107 
TearDown()108   void TearDown() override {
109     // Order of destruction is important as AutofillDriver relies on
110     // PersonalDataManager to be around when it gets destroyed.
111     autofill_driver_.reset();
112 
113     personal_data_manager_.SetPrefService(nullptr);
114     personal_data_manager_.ClearCreditCards();
115   }
116 
CreateServerCard(std::string guid,std::string number)117   CreditCard CreateServerCard(std::string guid, std::string number) {
118     CreditCard masked_server_card = CreditCard();
119     test::SetCreditCardInfo(&masked_server_card, "Elvis Presley",
120                             number.c_str(), test::NextMonth().c_str(),
121                             test::NextYear().c_str(), "1");
122     masked_server_card.set_guid(guid);
123     masked_server_card.set_record_type(CreditCard::MASKED_SERVER_CARD);
124 
125     personal_data_manager_.ClearCreditCards();
126     personal_data_manager_.AddServerCreditCard(masked_server_card);
127 
128     return masked_server_card;
129   }
130 
OnDidGetRealPan(AutofillClient::PaymentsRpcResult result,const std::string & real_pan)131   void OnDidGetRealPan(AutofillClient::PaymentsRpcResult result,
132                        const std::string& real_pan) {
133     payments::FullCardRequest* full_card_request =
134         cvc_authenticator_->full_card_request_.get();
135     DCHECK(full_card_request);
136 
137     // Mock user response.
138     payments::FullCardRequest::UserProvidedUnmaskDetails details;
139     details.cvc = base::ASCIIToUTF16("123");
140     full_card_request->OnUnmaskPromptAccepted(details);
141 
142     // Mock payments response.
143     payments::PaymentsClient::UnmaskResponseDetails response;
144     full_card_request->OnDidGetRealPan(result,
145                                        response.with_real_pan(real_pan));
146   }
147 
148  protected:
149   std::unique_ptr<TestAuthenticationRequester> requester_;
150   base::test::TaskEnvironment task_environment_;
151   TestAutofillClient autofill_client_;
152   std::unique_ptr<TestAutofillDriver> autofill_driver_;
153   scoped_refptr<AutofillWebDataService> database_;
154   TestPersonalDataManager personal_data_manager_;
155   base::test::ScopedFeatureList scoped_feature_list_;
156   std::unique_ptr<CreditCardCVCAuthenticator> cvc_authenticator_;
157 };
158 
TEST_F(CreditCardCVCAuthenticatorTest,AuthenticateServerCardSuccess)159 TEST_F(CreditCardCVCAuthenticatorTest, AuthenticateServerCardSuccess) {
160   CreditCard card = CreateServerCard(kTestGUID, kTestNumber);
161 
162   cvc_authenticator_->Authenticate(&card, requester_->GetWeakPtr(),
163                                    &personal_data_manager_,
164                                    AutofillTickClock::NowTicks());
165 
166   OnDidGetRealPan(AutofillClient::SUCCESS, kTestNumber);
167   EXPECT_TRUE(requester_->did_succeed());
168   EXPECT_EQ(ASCIIToUTF16(kTestNumber), requester_->number());
169 }
170 
TEST_F(CreditCardCVCAuthenticatorTest,AuthenticateServerCardNetworkError)171 TEST_F(CreditCardCVCAuthenticatorTest, AuthenticateServerCardNetworkError) {
172   CreditCard card = CreateServerCard(kTestGUID, kTestNumber);
173 
174   cvc_authenticator_->Authenticate(&card, requester_->GetWeakPtr(),
175                                    &personal_data_manager_,
176                                    AutofillTickClock::NowTicks());
177 
178   OnDidGetRealPan(AutofillClient::NETWORK_ERROR, std::string());
179   EXPECT_FALSE(requester_->did_succeed());
180 }
181 
TEST_F(CreditCardCVCAuthenticatorTest,AuthenticateServerCardPermanentFailure)182 TEST_F(CreditCardCVCAuthenticatorTest, AuthenticateServerCardPermanentFailure) {
183   CreditCard card = CreateServerCard(kTestGUID, kTestNumber);
184 
185   cvc_authenticator_->Authenticate(&card, requester_->GetWeakPtr(),
186                                    &personal_data_manager_,
187                                    AutofillTickClock::NowTicks());
188 
189   OnDidGetRealPan(AutofillClient::PERMANENT_FAILURE, std::string());
190   EXPECT_FALSE(requester_->did_succeed());
191 }
192 
TEST_F(CreditCardCVCAuthenticatorTest,AuthenticateServerCardTryAgainFailure)193 TEST_F(CreditCardCVCAuthenticatorTest, AuthenticateServerCardTryAgainFailure) {
194   CreditCard card = CreateServerCard(kTestGUID, kTestNumber);
195 
196   cvc_authenticator_->Authenticate(&card, requester_->GetWeakPtr(),
197                                    &personal_data_manager_,
198                                    AutofillTickClock::NowTicks());
199 
200   OnDidGetRealPan(AutofillClient::TRY_AGAIN_FAILURE, std::string());
201   EXPECT_FALSE(requester_->did_succeed());
202 
203   OnDidGetRealPan(AutofillClient::SUCCESS, kTestNumber);
204   EXPECT_TRUE(requester_->did_succeed());
205   EXPECT_EQ(ASCIIToUTF16(kTestNumber), requester_->number());
206 }
207 
208 }  // namespace autofill
209