Google Git
Sign in
chromium / chromium / src.git / 9ed7b5611a61505c3dba734fe55b92211df3c2f6^! / . / components / variations / variations_http_header_provider_unittest.cc
commit9ed7b5611a61505c3dba734fe55b92211df3c2f6[log] [tgz]
authorasvitkine <[email protected]>Mon Dec 12 23:41:43 2016
committerCommit bot <[email protected]>Mon Dec 12 23:44:30 2016
treeaf299f948f05edb3f3f60e7fc22980d36ff4ec1b
parent54585e4c963fadabad06fd785ba30df548f9ade6 [diff] [blame]
Restrict transmission of external exp ids to signed in users.

Since external experiment ids are not based on Chrome's low
entropy source, they do not have the same guarantees about
not identifying a user as Chrome's variations. As such, we
should only transmit them for signed in users, whose identity
is already known by Google so there's no risk of identifying
them through these headers.

Note: The signed-in state checking in this CL is only done for
web content area requests and not other internal requests,
like to the suggestion service, where it treats the state as
"not signed in". This is fine to do because variations service
ids are still sent, which is what the other call sites are
interested in.

BUG=672532
[email protected],[email protected],[email protected],[email protected]

Review-Url: https://codereview.chromium.org/2558913003
Cr-Commit-Position: refs/heads/master@{#437959}

diff --git a/components/variations/variations_http_header_provider_unittest.cc b/components/variations/variations_http_header_provider_unittest.cc
index a1b9d3da..394310a 100644
--- a/components/variations/variations_http_header_provider_unittest.cc
+++ b/components/variations/variations_http_header_provider_unittest.cc

@@ -67,7 +67,7 @@
   // Valid experiment ids.
   EXPECT_TRUE(provider.SetDefaultVariationIds({"12", "456", "t789"}));
   provider.InitVariationIDsCacheIfNeeded();
-  std::string variations = provider.GetClientDataHeader();
+  std::string variations = provider.GetClientDataHeader(false);
   EXPECT_FALSE(variations.empty());
   std::set<VariationID> variation_ids;
   std::set<VariationID> trigger_ids;
@@ -86,13 +86,13 @@
   EXPECT_FALSE(provider.SetDefaultVariationIds(
       std::vector<std::string>{"abcd12", "456"}));
   provider.InitVariationIDsCacheIfNeeded();
-  EXPECT_TRUE(provider.GetClientDataHeader().empty());
+  EXPECT_TRUE(provider.GetClientDataHeader(false).empty());
 
   // Invalid trigger experiment id
   EXPECT_FALSE(provider.SetDefaultVariationIds(
       std::vector<std::string>{"12", "tabc456"}));
   provider.InitVariationIDsCacheIfNeeded();
-  EXPECT_TRUE(provider.GetClientDataHeader().empty());
+  EXPECT_TRUE(provider.GetClientDataHeader(false).empty());
 }
 
 TEST_F(VariationsHttpHeaderProviderTest, OnFieldTrialGroupFinalized) {
@@ -104,25 +104,44 @@
   const std::string default_name = "default";
   scoped_refptr<base::FieldTrial> trial_1(CreateTrialAndAssociateId(
       "t1", default_name, GOOGLE_WEB_PROPERTIES, 123));
-
   ASSERT_EQ(default_name, trial_1->group_name());
 
   scoped_refptr<base::FieldTrial> trial_2(CreateTrialAndAssociateId(
       "t2", default_name, GOOGLE_WEB_PROPERTIES_TRIGGER, 456));
-
   ASSERT_EQ(default_name, trial_2->group_name());
 
+  scoped_refptr<base::FieldTrial> trial_3(CreateTrialAndAssociateId(
+      "t3", default_name, GOOGLE_WEB_PROPERTIES_SIGNED_IN, 789));
+  ASSERT_EQ(default_name, trial_3->group_name());
+
   // Run the message loop to make sure OnFieldTrialGroupFinalized is called for
   // the two field trials.
   base::RunLoop().RunUntilIdle();
 
-  std::string variations = provider.GetClientDataHeader();
+  // Get non-signed in ids.
+  {
+    std::string variations = provider.GetClientDataHeader(false);
+    std::set<VariationID> variation_ids;
+    std::set<VariationID> trigger_ids;
+    ASSERT_TRUE(ExtractVariationIds(variations, &variation_ids, &trigger_ids));
+    EXPECT_EQ(1U, variation_ids.size());
+    EXPECT_TRUE(variation_ids.find(123) != variation_ids.end());
+    EXPECT_EQ(1U, trigger_ids.size());
+    EXPECT_TRUE(trigger_ids.find(456) != trigger_ids.end());
+  }
 
-  std::set<VariationID> variation_ids;
-  std::set<VariationID> trigger_ids;
-  ASSERT_TRUE(ExtractVariationIds(variations, &variation_ids, &trigger_ids));
-  EXPECT_TRUE(variation_ids.find(123) != variation_ids.end());
-  EXPECT_TRUE(trigger_ids.find(456) != trigger_ids.end());
+  // Now, get signed-in ids.
+  {
+    std::string variations = provider.GetClientDataHeader(true);
+    std::set<VariationID> variation_ids;
+    std::set<VariationID> trigger_ids;
+    ASSERT_TRUE(ExtractVariationIds(variations, &variation_ids, &trigger_ids));
+    EXPECT_EQ(2U, variation_ids.size());
+    EXPECT_TRUE(variation_ids.find(123) != variation_ids.end());
+    EXPECT_TRUE(variation_ids.find(789) != variation_ids.end());
+    EXPECT_EQ(1U, trigger_ids.size());
+    EXPECT_TRUE(trigger_ids.find(456) != trigger_ids.end());
+  }
 }
 
 TEST_F(VariationsHttpHeaderProviderTest, GetVariationsString) {
@@ -131,6 +150,8 @@
 
   CreateTrialAndAssociateId("t1", "g1", GOOGLE_WEB_PROPERTIES, 123);
   CreateTrialAndAssociateId("t2", "g2", GOOGLE_WEB_PROPERTIES, 124);
+  // SIGNED_IN ids shouldn't be included.
+  CreateTrialAndAssociateId("t3", "g3", GOOGLE_WEB_PROPERTIES_SIGNED_IN, 125);
 
   VariationsHttpHeaderProvider provider;
   std::vector<std::string> ids;