horok/firefox
1
0
Fork 0
Code Activity
firefox/testing/web-platform/tests/device-bound-session-credentials/credentials-matching.https.html
Daniel Baumann 5e9a113729
Adding upstream version 140.0. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-25 09:37:52 +02:00

90 lines
No EOL
5 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<meta charset="utf-8">
<title>DBSC credentials matching</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="helper.js" type="module"></script>
<script type="module">
import { expireCookie, documentHasCookie, waitForCookie, addCookieAndSessionCleanup, setupShardedServerState, configureServer, pullServerState} from "./helper.js";
const futureDate = new Date();
futureDate.setFullYear(futureDate.getFullYear() + 1);
async function runTest(t, sessionCookieAttributes, requestCookieAttributes, expectCallRefresh) {
await setupShardedServerState();
const expectedCookieAndValue = "auth_cookie=abcdef0123";
const expectedAttributes = sessionCookieAttributes;
const expectedCookieAndAttributes = `${expectedCookieAndValue};${expectedAttributes}`;
addCookieAndSessionCleanup(t);
// Configure server to set the session credentials and the associated Set-Cookie header.
configureServer({ cookieDetails: [{ attributes: expectedAttributes }] });
// Prompt starting a session, and wait until registration completes.
const loginResponse = await fetch('login.py');
assert_equals(loginResponse.status, 200);
await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true);
// Confirm that a request has the cookie set.
const authResponse = await fetch('verify_authenticated.py');
assert_equals(authResponse.status, 200);
// Delete the cookie, and replace it with a similar cookie with custom attributes.
expireCookie(expectedCookieAndAttributes);
assert_false(documentHasCookie(expectedCookieAndValue));
await fetch('set_cookie.py', {
method: 'POST',
body: `${expectedCookieAndValue};${requestCookieAttributes}`,
});
// Send a request. Then, confirm refresh was or was not sent.
const authResponseAfterExpiry = await fetch('verify_authenticated.py');
assert_equals(authResponseAfterExpiry.status, 200);
assert_true(documentHasCookie(expectedCookieAndValue));
const serverState = await pullServerState();
assert_equals(serverState.hasCalledRefresh, expectCallRefresh);
}
promise_test(async t => {
const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Expires=${futureDate.toUTCString()}`;
await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/false);
}, "Expires attribute in credentials doesn't affect matching");
promise_test(async t => {
const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Max-Age=86400`;
await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/false);
}, "Max-Age attribute in credentials doesn't affect matching");
promise_test(async t => {
const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;HttpOnly`;
await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);
}, "HttpOnly attribute in credentials affects matching");
promise_test(async t => {
const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;SameSite=Strict`;
await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);
}, "SameSite attribute in credentials affects matching");
promise_test(async t => {
const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Secure`;
await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);
}, "Secure attribute in credentials affects matching");
promise_test(async t => {
const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
const requestCookieAttributes = `Domain=${location.hostname};Path=/`;
await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);
}, "Path attribute in credentials affects matching");
promise_test(async t => {
const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Secure`;
const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Partitioned;Secure`;
await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);
}, "Partition attribute in credentials affects matching");
</script>
View git blame Copy permalink