horok/firefox
1
0
Fork 0
Code Activity
firefox/testing/web-platform/tests/fledge/tentative/additional-bids.https.window.js
Daniel Baumann 5e9a113729
Adding upstream version 140.0. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-25 09:37:52 +02:00

615 lines
28 KiB
JavaScript
Raw Permalink Blame History

// META: script=/resources/testdriver.js
// META: script=/resources/testdriver-vendor.js
// META: script=/common/utils.js
// META: script=resources/fledge-util.sub.js
// META: script=/common/subset-tests.js
// META: timeout=long
// META: variant=?1-last
"use strict";
// This file contains tests for additional bids and negative targeting.
//
// TODO:
// - test that an additional bid with some correct signatures can be negative
// targeted for those negative interest groups whose signatures match.
// - test that additional bids can be fetched using an iframe navigation.
// - test that additional bids are not fetched using an iframe navigation for
// which the `adAuctionHeaders=true` attribute is not specified.
// - test that additional bids are not fetched using a Fetch request for which
// `adAuctionHeaders: true` is not specified.
// - test that an additional bid with an incorrect seller and / or top-level
// seller is not included in an auction.
// - lots of tests for different types of malformed additional bids, e.g.
// missing fields, malformed signature, invalid currency code,
// missing joining origin for multiple negative interest groups, etc.
// - test that correctly formatted additional bids are included in an auction
// when fetched alongside malformed additional bid headers by a Fetch
// request (both invalid headers and invalid additional bids)
// - test that an additional bid is rejected if its from a buyer who is not
// allowed to participate in the auction.
// - test that an additional bid is rejected if its currency doesn't match the
// buyer's associated per-buyer currency from the auction config.
// - test that correctly formatted additional bids are included in an auction
// when fetched alongside malformed additional bid headers by an iframe
// navigation (both invalid headers and invalid additional bids).
// - test that reportWin is not used for reporting an additional bid win.
// - test that additional bids can *not* be fetched from iframe subresource
// requests.
// - test that an auction nonce can only be used once, and a second auction
// trying to reuse an auction immediately fails.
// - test that an auction nonce must be created in the same window/tab as the
// call to runAdAuction.
// - test reportAdditionalBidWin with each of no metadata, null metadata, and
// an object metadata.
// - test that an auction running in one tab can't see an additional bid loaded
// in a new tab.
// - test that two auctions running with different nonces only get the
// additional bids fetched with their auction nonce.
// - test that two auctions running with different nonces only get the
// additional bids fetched with their auction nonce, when both additional
// bids are retrieved with one fetch.
// - test that a multiseller auction with two component auctions can direct
// additional bids to the correct component auctions.
// - test that two auctions running with different nonces only get the
// additional bids fetched with their auction nonce.
// - test that two auctions running with different nonces only get the
// additional bids fetched with their auction nonce, when both additional
// bids are retrieved with one fetch.
// - test that an additional bid can compete against an interest group bid and
// lose.
// - test that an additional bid can compete against an interest group bid and
// win.
// - test (in join-leave-ad-interest-group.https.window.js) that an IG that
// provides `additionalBidKey` fails if the key fails to decode, or if
// that IG also provides `ads`, or if it provides `updateURL`.
// - test that an IG update cannot cause a regular interest group (one that
// does not provide `additionalBidKey`) to become a negative interest
// group (one that does provide `additionalBidKey`).
// - test (in auction-config-passed-to-worklets.https.window.js) that a
// multi-seller auction fails if the top-level auction provides
// a value for `additionalBids`.
// - test (in auction-config-passed-to-worklets.https.window.js) that an auction
// fails if it provides `additionalBids` but not `auctionNonce`, or if it
// provides `additionalBids` but not `interestGroupBuyers`.
// The auction is run with the seller being the same as the document origin.
// The request to fetch additional bids must be issued to the seller's origin
// for ad auction headers interception to associate it with this auction.
const SINGLE_SELLER_AUCTION_SELLER = window.location.origin;
const ADDITIONAL_BID_SECRET_KEY = 'nWGxne/9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A=';
const ADDITIONAL_BID_PUBLIC_KEY = '11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo=';
// Single-seller auction with a single buyer who places a single additional
// bid. As the only bid, this wins.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const buyer = OTHER_ORIGIN1;
const additionalBid = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer, 'horses', 1.99);
additionalBid.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid, auctionNonce);
await runAdditionalBidTest(
test, uuid, [buyer], auctionNonce,
additionalBidHelper.fetchAdditionalBids(seller, [additionalBid]),
/*highestScoringOtherBid=*/0,
/*winningAdditionalBidId=*/'horses');
}, 'single valid additional bid');
// Single-seller auction with a two buyers competing with additional bids.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const buyer1 = OTHER_ORIGIN1;
const additionalBid1 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer1, 'horses', 1.99);
additionalBid1.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid1, auctionNonce);
const buyer2 = OTHER_ORIGIN2;
const additionalBid2 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer2, 'planes', 2.99);
additionalBid2.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid2, auctionNonce);
await runAdditionalBidTest(
test, uuid, [buyer1, buyer2], auctionNonce,
additionalBidHelper.fetchAdditionalBids(
seller, [additionalBid1, additionalBid2]),
/*highestScoringOtherBid=*/1.99,
/*winningAdditionalBidId=*/'planes');
}, 'two valid additional bids');
// Same as the test above, except that this uses two Fetch requests instead of
// one to retrieve the additional bids.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const buyer1 = OTHER_ORIGIN1;
const additionalBid1 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer1, 'horses', 1.99);
additionalBid1.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid1, auctionNonce);
const buyer2 = OTHER_ORIGIN2;
const additionalBid2 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer2, 'planes', 2.99);
additionalBid2.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid2, auctionNonce);
await runAdditionalBidTest(
test, uuid, [buyer1, buyer2], auctionNonce,
Promise.all([
additionalBidHelper.fetchAdditionalBids(seller, [additionalBid1]),
additionalBidHelper.fetchAdditionalBids(seller, [additionalBid2])
]),
/*highestScoringOtherBid=*/1.99,
/*winningAdditionalBidId=*/'planes');
}, 'two valid additional bids from two distinct Fetch requests');
// Single-seller auction with a single buyer who places a single additional
// bid with the wrong `auctionNonce` in the bid, causing the bid to fail.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonceInHeader = await navigator.createAuctionNonce();
const auctionNonceInBid = crypto.randomUUID();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const buyer = OTHER_ORIGIN1;
const additionalBid = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer, 'horses', 1.99);
additionalBid.additionalBid = auctionNonceInBid;
additionalBidHelper.setAuctionNonceInHeader(additionalBid, auctionNonceInHeader);
await runAdditionalBidTestNoWinner(
test, uuid, [buyer], auctionNonceInHeader,
additionalBidHelper.fetchAdditionalBids(seller, [additionalBid]));
}, 'single valid additional bid with wrong auctionNonce in bid');
// Single-seller auction with a single buyer who places a single additional
// bid with no `auctionNonce` in the bid, causing the bid to fail.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const buyer = OTHER_ORIGIN1;
const additionalBid = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer, 'horses', 1.99);
// Notably missing: `additionalBid.auctionNonce`
additionalBidHelper.setAuctionNonceInHeader(additionalBid, auctionNonce);
await runAdditionalBidTestNoWinner(
test, uuid, [buyer], auctionNonce,
additionalBidHelper.fetchAdditionalBids(seller, [additionalBid]));
}, 'single valid additional bid with no auctionNonce in bid');
// Single-seller auction with a single buyer who places a single additional
// bid that elides `auctionNonce` in favor of a `bidNonce`, which is correctly
// computed from the combination of `auctionNonce` and `sellerNonce`. However,
// this test fails to include the `sellerNonce` in the header,
// causing the bid to fail. `bidNonce` in an additional bid is only valid with
// a `sellerNonce` on the response header.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const sellerNonce = crypto.randomUUID();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const buyer = OTHER_ORIGIN1;
const additionalBid = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer, 'horses', 1.99);
additionalBid.bidNonce =
await additionalBidHelper.computeBidNonce(auctionNonce, sellerNonce);
additionalBidHelper.setAuctionNonceInHeader(additionalBid, auctionNonce);
// Notably missing: `additionalBidHelper.setSellerNonceInHeader`
await runAdditionalBidTestNoWinner(
test, uuid, [buyer], auctionNonce,
additionalBidHelper.fetchAdditionalBids(seller, [additionalBid]));
}, 'single valid additional bid with bidNonce in bid but no sellerNonce in header');
// Single-seller auction with a single buyer who places a single additional
// bid that uses `sellerNonce` / `bidNonce`. As the only bid, this wins.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const sellerNonce = crypto.randomUUID();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const buyer = OTHER_ORIGIN1;
const additionalBid = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer, 'horses', 1.99);
additionalBid.bidNonce =
await additionalBidHelper.computeBidNonce(auctionNonce, sellerNonce);
additionalBidHelper.setAuctionNonceInHeader(additionalBid, auctionNonce);
additionalBidHelper.setSellerNonceInHeader(additionalBid, sellerNonce);
await runAdditionalBidTest(
test, uuid, [buyer], auctionNonce,
additionalBidHelper.fetchAdditionalBids(seller, [additionalBid]),
/*highestScoringOtherBid=*/0,
/*winningAdditionalBidId=*/'horses');
}, 'single valid additional bid with bidNonce and sellerNonce');
// Single-seller auction with a single buyer who places a single additional bid
// that uses `sellerNonce`, but with an `auctionNonce` on the bid instead of a
// `bidNonce`. Since `sellerNonce` is only compatible with `bidNonce`, there is
// no winner.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const sellerNonce = crypto.randomUUID();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const buyer = OTHER_ORIGIN1;
const additionalBid = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer, 'horses', 1.99);
additionalBid.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid, auctionNonce);
additionalBidHelper.setSellerNonceInHeader(additionalBid, sellerNonce);
await runAdditionalBidTestNoWinner(
test, uuid, [buyer], auctionNonce,
additionalBidHelper.fetchAdditionalBids(seller, [additionalBid]));
}, 'single additional bid with sellerNonce in the header but auctionNonce in the bid');
// Single-seller auction with a single buyer who places a single additional bid
// that uses `sellerNonce`, but no `bidNonce` or `auctionNonce`. Since the
// `bidNonce` is missing, there is no winner. Related to 'single valid
// additional bid with no auctionNonce in bid', except with `sellerNonce`.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const sellerNonce = crypto.randomUUID();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const buyer = OTHER_ORIGIN1;
const additionalBid = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer, 'horses', 1.99);
// Notably missing: `additionalBid.bidNonce`.
additionalBidHelper.setAuctionNonceInHeader(additionalBid, auctionNonce);
additionalBidHelper.setSellerNonceInHeader(additionalBid, sellerNonce);
await runAdditionalBidTestNoWinner(
test, uuid, [buyer], auctionNonce,
additionalBidHelper.fetchAdditionalBids(seller, [additionalBid]));
}, 'single additional bid with sellerNonce in the header but no bidNonce or ' +
'auctionNonce in the bid');
// Single-seller auction with a single buyer who places a single additional
// bid that uses `sellerNonce` / `bidNonce`, but also `auctionNonce` in the bid.
// As exactly one of `bidNonce` / `auctionNonce` is allowed in the bid, this
// fails.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const sellerNonce = crypto.randomUUID();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const buyer = OTHER_ORIGIN1;
const additionalBid = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer, 'horses', 1.99);
additionalBid.auctionNonce = auctionNonce;
additionalBid.bidNonce =
await additionalBidHelper.computeBidNonce(auctionNonce, sellerNonce);
additionalBidHelper.setAuctionNonceInHeader(additionalBid, auctionNonce);
additionalBidHelper.setSellerNonceInHeader(additionalBid, sellerNonce);
await runAdditionalBidTestNoWinner(
test, uuid, [buyer], auctionNonce,
additionalBidHelper.fetchAdditionalBids(seller, [additionalBid]));
}, 'single additional bid with sellerNonce in the header but with both ' +
' bidNonce and auctionNonce in the bid');
// Single-seller auction with a single buyer who places a single additional
// bid that uses `sellerNonce` / `bidNonce`. Since the `bidNonce` is invalid
// there is no winner.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const sellerNonce = crypto.randomUUID();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const buyer = OTHER_ORIGIN1;
const additionalBid = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer, 'horses', 1.99);
// Computes a `bidNonce` using a randomly generated `sellerNonce`, not the
// one used in the header.
additionalBid.bidNonce = await additionalBidHelper.computeBidNonce(
auctionNonce, crypto.randomUUID());
additionalBidHelper.setAuctionNonceInHeader(additionalBid, auctionNonce);
additionalBidHelper.setSellerNonceInHeader(additionalBid, sellerNonce);
await runAdditionalBidTestNoWinner(
test, uuid, [buyer], auctionNonce,
additionalBidHelper.fetchAdditionalBids(seller, [additionalBid]));
}, 'single additional bid with invalid bidNonce');
// Single-seller auction with a two buyers competing with additional bids, each
// using a distinct `sellerNonce` / `bidNonce`.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const sellerNonce1 = crypto.randomUUID();
const sellerNonce2 = crypto.randomUUID();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const buyer1 = OTHER_ORIGIN1;
const additionalBid1 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer1, 'horses', 1.99);
additionalBid1.bidNonce =
await additionalBidHelper.computeBidNonce(auctionNonce, sellerNonce1);
additionalBidHelper.setAuctionNonceInHeader(additionalBid1, auctionNonce);
additionalBidHelper.setSellerNonceInHeader(additionalBid1, sellerNonce1);
const buyer2 = OTHER_ORIGIN2;
const additionalBid2 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer2, 'planes', 2.99);
additionalBid2.bidNonce =
await additionalBidHelper.computeBidNonce(auctionNonce, sellerNonce2);
additionalBidHelper.setAuctionNonceInHeader(additionalBid2, auctionNonce);
additionalBidHelper.setSellerNonceInHeader(additionalBid2, sellerNonce2);
await runAdditionalBidTest(
test, uuid, [buyer1, buyer2], auctionNonce,
additionalBidHelper.fetchAdditionalBids(
seller, [additionalBid1, additionalBid2]),
/*highestScoringOtherBid=*/1.99,
/*winningAdditionalBidId=*/'planes');
}, 'two valid additional bids using distinct bidNonces and sellerNonces');
// Single-seller auction with a single additional bid. Because this additional
// bid is filtered by negative targeting, this auction has no winner.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const negativeInterestGroupName = 'already-owns-a-plane';
const buyer = OTHER_ORIGIN1;
const additionalBid = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer, 'planes', 2.99);
additionalBid.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid, auctionNonce);
additionalBidHelper.addNegativeInterestGroup(
additionalBid, negativeInterestGroupName);
additionalBidHelper.signWithSecretKeys(
additionalBid, [ADDITIONAL_BID_SECRET_KEY]);
await joinNegativeInterestGroup(
test, buyer, negativeInterestGroupName, ADDITIONAL_BID_PUBLIC_KEY);
await runBasicFledgeTestExpectingNoWinner(
test, uuid,
{ interestGroupBuyers: [buyer],
auctionNonce: auctionNonce,
additionalBids: additionalBidHelper.fetchAdditionalBids(
seller, [additionalBid])});
}, 'one additional bid filtered by negative targeting, so auction has no ' +
'winner');
// Single-seller auction with a two buyers competing with additional bids.
// The higher of these has a negative interest group specified, and that
// negative interest group has been joined, so the lower bid wins.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const negativeInterestGroupName = 'already-owns-a-plane';
const buyer1 = OTHER_ORIGIN1;
const additionalBid1 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer1, 'horses', 1.99);
additionalBid1.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid1, auctionNonce);
const buyer2 = OTHER_ORIGIN2;
const additionalBid2 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer2, 'planes', 2.99);
additionalBid2.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid2, auctionNonce);
additionalBidHelper.addNegativeInterestGroup(
additionalBid2, negativeInterestGroupName);
additionalBidHelper.signWithSecretKeys(
additionalBid2, [ADDITIONAL_BID_SECRET_KEY]);
await joinNegativeInterestGroup(
test, buyer2, negativeInterestGroupName, ADDITIONAL_BID_PUBLIC_KEY);
await runAdditionalBidTest(
test, uuid, [buyer1, buyer2], auctionNonce,
additionalBidHelper.fetchAdditionalBids(
seller, [additionalBid1, additionalBid2]),
/*highestScoringOtherBid=*/0,
/*winningAdditionalBidId=*/'horses');
}, 'higher additional bid is filtered by negative targeting, so ' +
'lower additional bid wins');
// Same as above, except that the bid is missing a signature, so that the
// negative targeting interest group is ignored, and the higher bid, which
// would have otherwise been filtered by negative targeting, wins.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const negativeInterestGroupName = 'already-owns-a-plane';
const buyer1 = OTHER_ORIGIN1;
const additionalBid1 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer1, 'horses', 1.99);
additionalBid1.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid1, auctionNonce);
const buyer2 = OTHER_ORIGIN2;
const additionalBid2 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer2, 'planes', 2.99);
additionalBid2.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid2, auctionNonce);
additionalBidHelper.addNegativeInterestGroup(
additionalBid2, negativeInterestGroupName);
await joinNegativeInterestGroup(
test, buyer2, negativeInterestGroupName, ADDITIONAL_BID_PUBLIC_KEY);
await runAdditionalBidTest(
test, uuid, [buyer1, buyer2], auctionNonce,
additionalBidHelper.fetchAdditionalBids(
seller, [additionalBid1, additionalBid2]),
/*highestScoringOtherBid=*/1.99,
/*winningAdditionalBidId=*/'planes');
}, 'higher additional bid is filtered by negative targeting, but it is ' +
'missing a signature, so it still wins');
// Same as above, except that the bid is signed incorrectly, so that the
// negative targeting interest group is ignored, and the higher bid, which
// would have otherwise been filtered by negative targeting, wins.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const negativeInterestGroupName = 'already-owns-a-plane';
const buyer1 = OTHER_ORIGIN1;
const additionalBid1 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer1, 'horses', 1.99);
additionalBid1.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid1, auctionNonce);
const buyer2 = OTHER_ORIGIN2;
const additionalBid2 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer2, 'planes', 2.99);
additionalBid2.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid2, auctionNonce);
additionalBidHelper.addNegativeInterestGroup(
additionalBid2, negativeInterestGroupName);
additionalBidHelper.incorrectlySignWithSecretKeys(
additionalBid2, [ADDITIONAL_BID_SECRET_KEY]);
await joinNegativeInterestGroup(
test, buyer2, negativeInterestGroupName, ADDITIONAL_BID_PUBLIC_KEY);
await runAdditionalBidTest(
test, uuid, [buyer1, buyer2], auctionNonce,
additionalBidHelper.fetchAdditionalBids(
seller, [additionalBid1, additionalBid2]),
/*highestScoringOtherBid=*/1.99,
/*winningAdditionalBidId=*/'planes');
}, 'higher additional bid is filtered by negative targeting, but it has an ' +
'invalid signature, so it still wins');
// A test of an additional bid with multiple negative interest groups.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const negativeInterestGroupName1 = 'already-owns-a-plane';
const negativeInterestGroupName2 = 'another-negative-interest-group';
const buyer1 = OTHER_ORIGIN1;
const additionalBid1 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer1, 'horses', 1.99);
additionalBid1.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid1, auctionNonce);
const buyer2 = OTHER_ORIGIN2;
const additionalBid2 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer2, 'planes', 2.99);
additionalBid2.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid2, auctionNonce);
additionalBidHelper.addNegativeInterestGroups(
additionalBid2, [negativeInterestGroupName1, negativeInterestGroupName2],
/*joiningOrigin=*/window.location.origin);
additionalBidHelper.signWithSecretKeys(
additionalBid2, [ADDITIONAL_BID_SECRET_KEY]);
await joinNegativeInterestGroup(
test, buyer2, negativeInterestGroupName1, ADDITIONAL_BID_PUBLIC_KEY);
await runAdditionalBidTest(
test, uuid, [buyer1, buyer2], auctionNonce,
additionalBidHelper.fetchAdditionalBids(
seller, [additionalBid1, additionalBid2]),
/*highestScoringOtherBid=*/0,
/*winningAdditionalBidId=*/'horses');
}, 'higher additional bid is filtered by negative targeting by two negative ' +
'interest groups, and since one is on the device, the lower bid wins');
// Same as above, but with a mismatched joining origin.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const negativeInterestGroupName1 = 'already-owns-a-plane';
const negativeInterestGroupName2 = 'another-negative-interest-group';
const buyer1 = OTHER_ORIGIN1;
const additionalBid1 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer1, 'horses', 1.99);
additionalBid1.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid1, auctionNonce);
const buyer2 = OTHER_ORIGIN2;
const additionalBid2 = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer2, 'planes', 2.99);
additionalBid2.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid2, auctionNonce);
additionalBidHelper.addNegativeInterestGroups(
additionalBid2, [negativeInterestGroupName1, negativeInterestGroupName2],
/*joiningOrigin=*/OTHER_ORIGIN1);
additionalBidHelper.signWithSecretKeys(
additionalBid2, [ADDITIONAL_BID_SECRET_KEY]);
await joinNegativeInterestGroup(
test, buyer2, negativeInterestGroupName1, ADDITIONAL_BID_PUBLIC_KEY);
await runAdditionalBidTest(
test, uuid, [buyer1, buyer2], auctionNonce,
additionalBidHelper.fetchAdditionalBids(
seller, [additionalBid1, additionalBid2]),
/*highestScoringOtherBid=*/1.99,
/*winningAdditionalBidId=*/'planes');
}, 'higher additional bid is filtered by negative targeting by two negative ' +
'interest groups, but because of a joining origin mismatch, it still wins');
// Ensure that trusted seller signals are retrieved for additional bids.
subsetTest(promise_test, async test => {
const uuid = generateUuid(test);
const auctionNonce = await navigator.createAuctionNonce();
const seller = SINGLE_SELLER_AUCTION_SELLER;
const buyer = OTHER_ORIGIN1;
const additionalBid = additionalBidHelper.createAdditionalBid(
uuid, seller, buyer, 'horses', 1.99);
additionalBid.auctionNonce = auctionNonce;
additionalBidHelper.setAuctionNonceInHeader(additionalBid, auctionNonce);
let renderURL = createRenderURL(uuid);
await runBasicFledgeTestExpectingWinner(
test, uuid,
{ interestGroupBuyers: [buyer],
auctionNonce: auctionNonce,
additionalBids: additionalBidHelper.fetchAdditionalBids(
seller, [additionalBid]),
decisionLogicURL: createDecisionScriptURL(
uuid,
{ scoreAd:
`if(!"${renderURL}" in trustedScoringSignals.renderURL) ` +
'throw "missing trusted signals";'}),
trustedScoringSignalsURL: TRUSTED_SCORING_SIGNALS_URL});
}, 'trusted seller signals retrieved for additional bids');
View git blame Copy permalink