winget-cli/src/AppInstallerCLITests/AdminSettings.cpp at 20af5bb7b94844b33904f7d12e54c40f4e219894 · JohnMcPMS/winget-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
#include "pch.h"
#include "TestCommon.h"
#include "TestSettings.h"
#include <winget/AdminSettings.h>
#include <AppInstallerRuntime.h>
#include <fstream>

using namespace AppInstaller::Settings;
using namespace TestCommon;

TEST_CASE("AdminSetting_Enable", "[adminSettings]")
{
    WHEN("Group policy")
    {
        SECTION("Not configured")
        {
            GroupPolicyTestOverride policies;
            policies.SetState(TogglePolicy::Policy::LocalManifestFiles, PolicyState::NotConfigured);
            REQUIRE(EnableAdminSetting(BoolAdminSetting::LocalManifestFiles));
        }

        SECTION("Enabled")
        {
            GroupPolicyTestOverride policies;
            policies.SetState(TogglePolicy::Policy::LocalManifestFiles, PolicyState::Enabled);
            REQUIRE(EnableAdminSetting(BoolAdminSetting::LocalManifestFiles));
        }

        SECTION("Disabled")
        {
            GroupPolicyTestOverride policies;
            policies.SetState(TogglePolicy::Policy::LocalManifestFiles, PolicyState::Disabled);
            REQUIRE_FALSE(EnableAdminSetting(BoolAdminSetting::LocalManifestFiles));
        }
    }
}

TEST_CASE("AdminSetting_Disable", "[adminSettings]")
{
    WHEN("Group policy")
    {
        SECTION("Not configured")
        {
            GroupPolicyTestOverride policies;
            policies.SetState(TogglePolicy::Policy::LocalManifestFiles, PolicyState::NotConfigured);
            REQUIRE(DisableAdminSetting(BoolAdminSetting::LocalManifestFiles));
        }

        SECTION("Enabled")
        {
            GroupPolicyTestOverride policies;
            policies.SetState(TogglePolicy::Policy::LocalManifestFiles, PolicyState::Enabled);
            REQUIRE_FALSE(DisableAdminSetting(BoolAdminSetting::LocalManifestFiles));
        }

        SECTION("Disabled")
        {
            GroupPolicyTestOverride policies;
            policies.SetState(TogglePolicy::Policy::LocalManifestFiles, PolicyState::Disabled);
            REQUIRE(DisableAdminSetting(BoolAdminSetting::LocalManifestFiles));
        }
    }
}

TEST_CASE("AdminSetting_AllSettingsAreImplemented", "[adminSettings]")
{
    for (auto adminSetting : GetAllBoolAdminSettings())
    {
        // If we forget to add it to the conversion, it returns Unknown/None
        REQUIRE(AdminSettingToString(adminSetting) != AdminSettingToString(BoolAdminSetting::Unknown));
        REQUIRE(StringToBoolAdminSetting(AdminSettingToString(adminSetting)) != BoolAdminSetting::Unknown);
        REQUIRE(GetAdminSettingPolicy(adminSetting) != TogglePolicy::Policy::None);

        GroupPolicyTestOverride policies;
        policies.SetState(GetAdminSettingPolicy(adminSetting), PolicyState::NotConfigured);

        // We should be able to configure the state.
        // If we forget to add it, it won't persist.
        REQUIRE(EnableAdminSetting(adminSetting));
        REQUIRE(IsAdminSettingEnabled(adminSetting));
        REQUIRE(DisableAdminSetting(adminSetting));
        REQUIRE_FALSE(IsAdminSettingEnabled(adminSetting));
    }
}

TEST_CASE("AdminSetting_ConfigurationProcessorPath", "[adminSettings]")
{
    WHEN("Default state")
    {
        GroupPolicyTestOverride policies;
        policies.SetState(TogglePolicy::Policy::ConfigurationProcessorPath, PolicyState::NotConfigured);

        REQUIRE_FALSE(IsAdminSettingEnabled(BoolAdminSetting::ConfigurationProcessorPath));
    }

    WHEN("Group policy not configured - can enable and disable")
    {
        GroupPolicyTestOverride policies;
        policies.SetState(TogglePolicy::Policy::ConfigurationProcessorPath, PolicyState::NotConfigured);

        REQUIRE(EnableAdminSetting(BoolAdminSetting::ConfigurationProcessorPath));
        REQUIRE(IsAdminSettingEnabled(BoolAdminSetting::ConfigurationProcessorPath));
        REQUIRE(DisableAdminSetting(BoolAdminSetting::ConfigurationProcessorPath));
        REQUIRE_FALSE(IsAdminSettingEnabled(BoolAdminSetting::ConfigurationProcessorPath));
    }

    WHEN("Group policy enabled - cannot disable")
    {
        GroupPolicyTestOverride policies;
        policies.SetState(TogglePolicy::Policy::ConfigurationProcessorPath, PolicyState::Enabled);

        REQUIRE(IsAdminSettingEnabled(BoolAdminSetting::ConfigurationProcessorPath));
        REQUIRE_FALSE(DisableAdminSetting(BoolAdminSetting::ConfigurationProcessorPath));
        REQUIRE(IsAdminSettingEnabled(BoolAdminSetting::ConfigurationProcessorPath));
    }

    WHEN("Group policy disabled - cannot enable")
    {
        GroupPolicyTestOverride policies;
        policies.SetState(TogglePolicy::Policy::ConfigurationProcessorPath, PolicyState::Disabled);

        REQUIRE_FALSE(IsAdminSettingEnabled(BoolAdminSetting::ConfigurationProcessorPath));
        REQUIRE_FALSE(EnableAdminSetting(BoolAdminSetting::ConfigurationProcessorPath));
        REQUIRE_FALSE(IsAdminSettingEnabled(BoolAdminSetting::ConfigurationProcessorPath));
    }
}

TEST_CASE("AdminSetting_CorruptedVerificationFile", "[adminSettings]"){
    GroupPolicyTestOverride policies;
    policies.SetState(TogglePolicy::Policy::LocalManifestFiles, PolicyState::NotConfigured);

    // Clean up any existing admin settings
    ResetAllAdminSettings();

    // Enable the setting to create both the data and verification files
    REQUIRE(EnableAdminSetting(BoolAdminSetting::LocalManifestFiles));
    REQUIRE(IsAdminSettingEnabled(BoolAdminSetting::LocalManifestFiles));

    // Get the path to the verification file.
    // Note: The data file may be stored in ApplicationData (packaged context) rather than the filesystem,
    // so we only verify the verification file, which is always on the filesystem.
    std::filesystem::path secureSettingsDir = AppInstaller::Runtime::GetPathTo(AppInstaller::Runtime::PathName::SecureSettingsForRead);
    std::filesystem::path verificationFilePath = secureSettingsDir / Stream::AdminSettings.Name;

    // Verify the verification file exists
    REQUIRE(std::filesystem::exists(verificationFilePath));

    // Corrupt the verification file by writing invalid content to it
    {
        std::ofstream corruptFile(verificationFilePath);
        corruptFile << "corrupted data that is not valid YAML or a valid hash";
    }

    // Now when we try to read the setting, it should fall back to the default value (false)
    // instead of throwing an exception
    REQUIRE_FALSE(IsAdminSettingEnabled(BoolAdminSetting::LocalManifestFiles));

    // Clean up
    ResetAllAdminSettings();
}