horok/firefox
1
0
Fork 0
Code Activity
firefox/testing/web-platform/tests/fledge/tentative/resources/fledge-util.sub.js
Daniel Baumann 5e9a113729
Adding upstream version 140.0. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-25 09:37:52 +02:00

1147 lines
49 KiB
JavaScript
Raw Permalink Blame History

"use strict";
const BASE_URL = document.baseURI.substring(0, document.baseURI.lastIndexOf('/') + 1);
const BASE_PATH = (new URL(BASE_URL)).pathname;
// Allow overriding to allow other repositories to use these utility functions.
let RESOURCE_PATH = `${BASE_PATH}resources/`
const DEFAULT_INTEREST_GROUP_NAME = 'default name';
// Unlike other URLs, trusted signals URLs can't have query strings
// that are set by tests, since FLEDGE controls it entirely, so tests that
// exercise them use a fixed URL string. Note that FLEDGE adds query
// params when requesting these URLs, and the python scripts use these
// to construct the response.
const TRUSTED_BIDDING_SIGNALS_URL =
`${BASE_URL}resources/trusted-bidding-signals.py`;
const TRUSTED_SCORING_SIGNALS_URL =
`${BASE_URL}resources/trusted-scoring-signals.py`;
// Other origins that should all be distinct from the main frame origin
// that the tests start with.
const OTHER_ORIGIN1 = 'https://{{hosts[alt][]}}:{{ports[https][0]}}';
const OTHER_ORIGIN2 = 'https://{{hosts[alt][]}}:{{ports[https][1]}}';
const OTHER_ORIGIN3 = 'https://{{hosts[][]}}:{{ports[https][1]}}';
const OTHER_ORIGIN4 = 'https://{{hosts[][www]}}:{{ports[https][0]}}';
const OTHER_ORIGIN5 = 'https://{{hosts[][www]}}:{{ports[https][1]}}';
const OTHER_ORIGIN6 = 'https://{{hosts[alt][www]}}:{{ports[https][0]}}';
const OTHER_ORIGIN7 = 'https://{{hosts[alt][www]}}:{{ports[https][1]}}';
// Trusted signals hosted on OTHER_ORIGIN1
const CROSS_ORIGIN_TRUSTED_BIDDING_SIGNALS_URL = OTHER_ORIGIN1 + BASE_PATH +
'resources/trusted-bidding-signals.py';
const CROSS_ORIGIN_TRUSTED_SCORING_SIGNALS_URL = OTHER_ORIGIN1 + BASE_PATH +
'resources/trusted-scoring-signals.py';
// Creates a URL that will be sent to the URL request tracker script.
// `uuid` is used to identify the stash shard to use.
// `dispatch` affects what the tracker script does.
// `id` can be used to uniquely identify tracked requests. It has no effect
// on behavior of the script; it only serves to make the URL unique.
// `id` will always be the last query parameter.
function createTrackerURL(origin, uuid, dispatch, id = null) {
let url = new URL(`${origin}${RESOURCE_PATH}request-tracker.py`);
let search = `uuid=${uuid}&dispatch=${dispatch}`;
if (id)
search += `&id=${id}`;
url.search = search;
return url.toString();
}
// Create a URL that when fetches clears tracked URLs. Note that the origin
// doesn't matter - it will clean up all tracked URLs with the provided uuid,
// regardless of origin they were fetched from.
function createCleanupURL(uuid) {
return createTrackerURL(window.location.origin, uuid, 'clean_up');
}
// Create tracked bidder/seller URLs. The only difference is the prefix added
// to the `id` passed to createTrackerURL. The optional `id` field allows
// multiple bidder/seller report URLs to be distinguishable from each other.
// `id` will always be the last query parameter.
function createBidderReportURL(uuid, id = '1', origin = window.location.origin) {
return createTrackerURL(origin, uuid, `track_get`, `bidder_report_${id}`);
}
function createSellerReportURL(uuid, id = '1', origin = window.location.origin) {
return createTrackerURL(origin, uuid, `track_get`, `seller_report_${id}`);
}
function createHighestScoringOtherBidReportURL(uuid, highestScoringOtherBid) {
return createSellerReportURL(uuid) + '&highestScoringOtherBid=' + Math.round(highestScoringOtherBid);
}
// Much like above ReportURL methods, except designed for beacons, which
// are expected to be POSTs.
function createBidderBeaconURL(uuid, id = '1', origin = window.location.origin) {
return createTrackerURL(origin, uuid, `track_post`, `bidder_beacon_${id}`);
}
function createSellerBeaconURL(uuid, id = '1', origin = window.location.origin) {
return createTrackerURL(origin, uuid, `track_post`, `seller_beacon_${id}`);
}
function createDirectFromSellerSignalsURL(origin = window.location.origin) {
let url = new URL(`${origin}${RESOURCE_PATH}direct-from-seller-signals.py`);
return url.toString();
}
function createUpdateURL(params = {}) {
let origin = window.location.origin;
let url = new URL(`${origin}${RESOURCE_PATH}update-url.py`);
url.searchParams.append('body', params.body);
url.searchParams.append('uuid', params.uuid);
return url.toString();
}
// Generates a UUID and registers a cleanup method with the test fixture to
// request a URL from the request tracking script that clears all data
// associated with the generated uuid when requested.
function generateUuid(test) {
let uuid = token();
test.add_cleanup(async () => {
let response = await fetch(createCleanupURL(uuid),
{ credentials: 'omit', mode: 'cors' });
assert_equals(await response.text(), 'cleanup complete',
`Sever state cleanup failed`);
});
return uuid;
}
// Helper to fetch "tracked_data" URL to fetch all data recorded by the
// tracker URL associated with "uuid". Throws on error, including if
// the retrieved object's errors field is non-empty.
async function fetchTrackedData(uuid) {
let trackedRequestsURL = createTrackerURL(window.location.origin, uuid,
'tracked_data');
let response = await fetch(trackedRequestsURL,
{ credentials: 'omit', mode: 'cors' });
let trackedData = await response.json();
// Fail on fetch error.
if (trackedData.error) {
throw trackedRequestsURL + ' fetch failed:' + JSON.stringify(trackedData);
}
// Fail on errors reported by the tracker script.
if (trackedData.errors.length > 0) {
throw 'Errors reported by request-tracker.py:' +
JSON.stringify(trackedData.errors);
}
return trackedData;
}
// Repeatedly requests "tracked_data" URL until exactly the entries in
// "expectedRequests" have been observed by the request tracker script (in
// any order, since report URLs are not guaranteed to be sent in any order).
//
// Elements of `expectedRequests` should either be URLs, in the case of GET
// requests, or "<URL>, body: <body>" in the case of POST requests.
//
// `filter` will be applied to the array of tracked requests.
//
// If any other strings are received from the tracking script, or the tracker
// script reports an error, fails the test.
async function waitForObservedRequests(uuid, expectedRequests, filter) {
// Sort array for easier comparison, as observed request order does not
// matter, and replace UUID to print consistent errors on failure.
expectedRequests = expectedRequests.map((url) => url.replace(uuid, '<uuid>')).sort();
while (true) {
let trackedData = await fetchTrackedData(uuid);
// Clean up "trackedRequests" in same manner as "expectedRequests".
let trackedRequests = trackedData.trackedRequests.map(
(url) => url.replace(uuid, '<uuid>')).sort();
if (filter) {
trackedRequests = trackedRequests.filter(filter);
}
// If fewer than total number of expected requests have been observed,
// compare what's been received so far, to have a greater chance to fail
// rather than hang on error.
for (const trackedRequest of trackedRequests) {
assert_in_array(trackedRequest, expectedRequests);
}
// If expected number of requests have been observed, compare with list of
// all expected requests and exit. This check was previously before the for loop,
// but was swapped in order to avoid flakiness with failing tests and their
// respective *-expected.txt.
if (trackedRequests.length >= expectedRequests.length) {
assert_array_equals(trackedRequests, expectedRequests);
break;
}
}
}
// Similar to waitForObservedRequests, but ignore forDebuggingOnly reports.
async function waitForObservedRequestsIgnoreDebugOnlyReports(
uuid, expectedRequests) {
return waitForObservedRequests(
uuid,
expectedRequests,
request => !request.includes('forDebuggingOnly'));
}
// Creates a bidding script with the provided code in the method bodies. The
// bidding script's generateBid() method will return a bid of 9 for the first
// ad, after the passed in code in the "generateBid" input argument has been
// run, unless it returns something or throws.
//
// The default reportWin() method is empty.
function createBiddingScriptURL(params = {}) {
let origin = params.origin ? params.origin : new URL(BASE_URL).origin;
let url = new URL(`${origin}${RESOURCE_PATH}bidding-logic.sub.py`);
// These checks use "!=" to ignore null and not provided arguments, while
// treating '' as a valid argument.
if (params.generateBid != null)
url.searchParams.append('generateBid', params.generateBid);
if (params.reportWin != null)
url.searchParams.append('reportWin', params.reportWin);
if (params.reportAdditionalBidWin != null)
url.searchParams.append('reportAdditionalBidWin', params.reportAdditionalBidWin);
if (params.error != null)
url.searchParams.append('error', params.error);
if (params.bid != null)
url.searchParams.append('bid', params.bid);
if (params.bidCurrency != null)
url.searchParams.append('bidCurrency', params.bidCurrency);
if (params.allowComponentAuction != null)
url.searchParams.append('allowComponentAuction', JSON.stringify(params.allowComponentAuction))
return url.toString();
}
// TODO: Make this return a valid WASM URL.
function createBiddingWasmHelperURL(params = {}) {
let origin = params.origin ? params.origin : new URL(BASE_URL).origin;
return `${origin}${RESOURCE_PATH}bidding-wasmlogic.wasm`;
}
// Creates a decision script with the provided code in the method bodies. The
// decision script's scoreAd() method will reject ads with renderURLs that
// don't ends with "uuid", and will return a score equal to the bid, after the
// passed in code in the "scoreAd" input argument has been run, unless it
// returns something or throws.
//
// The default reportResult() method is empty.
function createDecisionScriptURL(uuid, params = {}) {
let origin = params.origin ? params.origin : new URL(BASE_URL).origin;
let url = new URL(`${origin}${RESOURCE_PATH}decision-logic.sub.py`);
url.searchParams.append('uuid', uuid);
// These checks use "!=" to ignore null and not provided arguments, while
// treating '' as a valid argument.
if (params.scoreAd != null)
url.searchParams.append('scoreAd', params.scoreAd);
if (params.reportResult != null)
url.searchParams.append('reportResult', params.reportResult);
if (params.error != null)
url.searchParams.append('error', params.error);
if (params.permitCrossOriginTrustedSignals != null) {
url.searchParams.append('permit-cross-origin-trusted-signals',
params.permitCrossOriginTrustedSignals);
}
return url.toString();
}
// Creates a renderURL for an ad that runs the passed in "script". "uuid" has
// no effect, beyond making the URL distinct between tests, and being verified
// by the decision logic script before accepting a bid. "uuid" is expected to
// be last. "signalsParams" also has no effect, but is used by
// trusted-scoring-signals.py to affect the response.
function createRenderURL(uuid, script, signalsParams, origin) {
// These checks use "==" and "!=" to ignore null and not provided
// arguments, while treating '' as a valid argument.
if (origin == null)
origin = new URL(BASE_URL).origin;
let url = new URL(`${origin}${RESOURCE_PATH}fenced-frame.sub.py`);
if (script != null)
url.searchParams.append('script', script);
if (signalsParams != null)
url.searchParams.append('signalsParams', signalsParams);
url.searchParams.append('uuid', uuid);
return url.toString();
}
// Creates an interest group owned by "origin" with a bidding logic URL located
// on "origin" as well. Uses standard render and report URLs, which are not
// necessarily on "origin". "interestGroupOverrides" may be used to override any
// field of the created interest group.
function createInterestGroupForOrigin(uuid, origin,
interestGroupOverrides = {}) {
return {
owner: origin,
name: DEFAULT_INTEREST_GROUP_NAME,
biddingLogicURL: createBiddingScriptURL(
{ origin: origin,
reportWin: `sendReportTo('${createBidderReportURL(uuid)}');` }),
ads: [{ renderURL: createRenderURL(uuid) }],
...interestGroupOverrides
};
}
// Waits for the join command to complete. Adds cleanup command to `test` to
// leave the interest group when the test completes.
async function joinInterestGroupWithoutDefaults(test, interestGroup,
durationSeconds = 60) {
await navigator.joinAdInterestGroup(interestGroup, durationSeconds);
await makeInterestGroupKAnonymous(interestGroup);
test.add_cleanup(
async () => { await navigator.leaveAdInterestGroup(interestGroup); });
}
// Joins an interest group that, by default, is owned by the current frame's
// origin, is named DEFAULT_INTEREST_GROUP_NAME, has a bidding script that
// issues a bid of 9 with a renderURL of "https://not.checked.test/${uuid}",
// and sends a report to createBidderReportURL(uuid) if it wins. Waits for the
// join command to complete. Adds cleanup command to `test` to leave the
// interest group when the test completes.
//
// `interestGroupOverrides` may be used to override fields in the joined
// interest group.
async function joinInterestGroup(test, uuid, interestGroupOverrides = {},
durationSeconds = 60) {
await joinInterestGroupWithoutDefaults(
test, createInterestGroupForOrigin(
uuid, window.location.origin, interestGroupOverrides),
durationSeconds);
}
// Joins a negative interest group with the specified owner, name, and
// additionalBidKey. Because these are the only valid fields for a negative
// interest groups, this function doesn't expose an 'overrides' parameter.
// Adds cleanup command to `test` to leave the interest group when the test
// completes.
async function joinNegativeInterestGroup(
test, owner, name, additionalBidKey) {
let interestGroup = {
owner: owner,
name: name,
additionalBidKey: additionalBidKey
};
if (owner !== window.location.origin) {
let iframe = await createIframe(test, owner, 'join-ad-interest-group');
await runInFrame(
test, iframe,
`await joinInterestGroupWithoutDefaults(` +
`test_instance, ${JSON.stringify(interestGroup)})`);
} else {
await joinInterestGroupWithoutDefaults(test, interestGroup);
}
}
// Similar to joinInterestGroup, but leaves the interest group instead.
// Generally does not need to be called manually when using
// "joinInterestGroup()".
async function leaveInterestGroup(interestGroupOverrides = {}) {
let interestGroup = {
owner: window.location.origin,
name: DEFAULT_INTEREST_GROUP_NAME,
...interestGroupOverrides
};
await navigator.leaveAdInterestGroup(interestGroup);
}
// Runs a FLEDGE auction and returns the result. By default, the seller is the
// current frame's origin, and the only buyer is as well. The seller script
// rejects bids for URLs that don't contain "uuid" (to avoid running into issues
// with any interest groups from other tests), and reportResult() sends a report
// to createSellerReportURL(uuid).
//
// `auctionConfigOverrides` may be used to override fields in the auction
// configuration.
async function runBasicFledgeAuction(test, uuid, auctionConfigOverrides = {}) {
let auctionConfig = {
seller: window.location.origin,
decisionLogicURL: createDecisionScriptURL(
uuid,
{ reportResult: `sendReportTo('${createSellerReportURL(uuid)}');` }),
interestGroupBuyers: [window.location.origin],
resolveToConfig: true,
...auctionConfigOverrides
};
return await navigator.runAdAuction(auctionConfig);
}
// Checks that await'ed return value of runAdAuction() denotes a successful
// auction with a winner.
function expectSuccess(config) {
assert_true(config !== null, `Auction unexpectedly had no winner`);
assert_true(
config instanceof FencedFrameConfig,
`Wrong value type returned from auction: ${config.constructor.type}`);
}
// Checks that await'ed return value of runAdAuction() denotes an auction
// without a winner (but no fatal error).
function expectNoWinner(result) {
assert_true(result === null, 'Auction unexpectedly had a winner');
}
// Wrapper around runBasicFledgeAuction() that runs an auction with the specified
// arguments, expecting the auction to have a winner. Returns the FencedFrameConfig
// from the auction.
async function runBasicFledgeTestExpectingWinner(test, uuid, auctionConfigOverrides = {}) {
let config = await runBasicFledgeAuction(test, uuid, auctionConfigOverrides);
expectSuccess(config);
return config;
}
// Wrapper around runBasicFledgeAuction() that runs an auction with the specified
// arguments, expecting the auction to have no winner.
async function runBasicFledgeTestExpectingNoWinner(
test, uuid, auctionConfigOverrides = {}) {
let result = await runBasicFledgeAuction(test, uuid, auctionConfigOverrides);
expectNoWinner(result);
}
// Creates a fenced frame and applies fencedFrameConfig to it. Also adds a cleanup
// method to destroy the fenced frame at the end of the current test.
function createAndNavigateFencedFrame(test, fencedFrameConfig) {
let fencedFrame = document.createElement('fencedframe');
fencedFrame.mode = 'opaque-ads';
fencedFrame.config = fencedFrameConfig;
document.body.appendChild(fencedFrame);
test.add_cleanup(() => { document.body.removeChild(fencedFrame); });
}
// Calls runBasicFledgeAuction(), expecting the auction to have a winner.
// Creates a fenced frame that will be destroyed on completion of "test", and
// navigates it to the URN URL returned by the auction. Does not wait for the
// fenced frame to finish loading, since there's no API that can do that.
async function runBasicFledgeAuctionAndNavigate(test, uuid,
auctionConfigOverrides = {}) {
let config = await runBasicFledgeTestExpectingWinner(test, uuid,
auctionConfigOverrides);
createAndNavigateFencedFrame(test, config);
}
// Joins an interest group and runs an auction, expecting a winner to be
// returned. "testConfig" can optionally modify the uuid, interest group or
// auctionConfig.
async function joinGroupAndRunBasicFledgeTestExpectingWinner(test, testConfig = {}) {
const uuid = testConfig.uuid ? testConfig.uuid : generateUuid(test);
await joinInterestGroup(test, uuid, testConfig.interestGroupOverrides);
await runBasicFledgeTestExpectingWinner(test, uuid, testConfig.auctionConfigOverrides);
}
// Joins an interest group and runs an auction, expecting no winner to be
// returned. "testConfig" can optionally modify the uuid, interest group or
// auctionConfig.
async function joinGroupAndRunBasicFledgeTestExpectingNoWinner(test, testConfig = {}) {
const uuid = testConfig.uuid ? testConfig.uuid : generateUuid(test);
await joinInterestGroup(test, uuid, testConfig.interestGroupOverrides);
await runBasicFledgeTestExpectingNoWinner(test, uuid, testConfig.auctionConfigOverrides);
}
// Test helper for report phase of auctions that lets the caller specify the
// body of reportResult() and reportWin(). Passing in null will cause there
// to be no reportResult() or reportWin() method.
//
// If the "SuccessCondition" fields are non-null and evaluate to false in
// the corresponding reporting method, the report is sent to an error URL.
// Otherwise, the corresponding 'reportResult' / 'reportWin' values are run.
//
// `codeToInsert` is a JS object that contains the following fields to control
// the code generated for the auction worklet:
// scoreAd - function body for scoreAd() seller worklet function
// reportResultSuccessCondition - Success condition to trigger reportResult()
// reportResult - function body for reportResult() seller worklet function
// generateBid - function body for generateBid() buyer worklet function
// reportWinSuccessCondition - Success condition to trigger reportWin()
// decisionScriptURLOrigin - Origin of decision script URL
// reportWin - function body for reportWin() buyer worklet function
//
// Additionally the following fields can be added to check for errors during the
// execution of the corresponding worklets:
// reportWinSuccessCondition - boolean condition added to reportWin() in the
// buyer worklet that triggers a sendReportTo() to an 'error' URL if not met.
// reportResultSuccessCondition - boolean condition added to reportResult() in
// the seller worklet that triggers a sendReportTo() to an 'error' URL if not
// met.
//
// `renderURLOverride` allows the ad URL of the joined InterestGroup to
// to be set by the caller.
//
// `auctionConfigOverrides` may be used to override fields in the auction
// configuration.
//
// Requesting error report URLs causes waitForObservedRequests() to throw
// rather than hang.
async function runReportTest(test, uuid, codeToInsert, expectedReportURLs,
renderURLOverride, auctionConfigOverrides) {
let scoreAd = codeToInsert.scoreAd;
let reportResultSuccessCondition = codeToInsert.reportResultSuccessCondition;
let reportResult = codeToInsert.reportResult;
let generateBid = codeToInsert.generateBid;
let reportWinSuccessCondition = codeToInsert.reportWinSuccessCondition;
let reportWin = codeToInsert.reportWin;
let decisionScriptURLOrigin = codeToInsert.decisionScriptURLOrigin;
if (reportResultSuccessCondition) {
reportResult = `if (!(${reportResultSuccessCondition})) {
sendReportTo('${createSellerReportURL(uuid, 'error')}');
return false;
}
${reportResult}`;
}
let decisionScriptURLParams = {};
if (scoreAd !== undefined) {
decisionScriptURLParams.scoreAd = scoreAd;
}
if (reportResult !== null)
decisionScriptURLParams.reportResult = reportResult;
else
decisionScriptURLParams.error = 'no-reportResult';
if (decisionScriptURLOrigin !== undefined) {
decisionScriptURLParams.origin = decisionScriptURLOrigin;
}
if (reportWinSuccessCondition) {
reportWin = `if (!(${reportWinSuccessCondition})) {
sendReportTo('${createBidderReportURL(uuid, 'error')}');
return false;
}
${reportWin}`;
}
let biddingScriptURLParams = {};
if (generateBid !== undefined) {
biddingScriptURLParams.generateBid = generateBid;
}
if (reportWin !== null)
biddingScriptURLParams.reportWin = reportWin;
else
biddingScriptURLParams.error = 'no-reportWin';
let interestGroupOverrides =
{ biddingLogicURL: createBiddingScriptURL(biddingScriptURLParams) };
if (renderURLOverride)
interestGroupOverrides.ads = [{ renderURL: renderURLOverride }]
await joinInterestGroup(test, uuid, interestGroupOverrides);
if (auctionConfigOverrides === undefined) {
auctionConfigOverrides =
{ decisionLogicURL: createDecisionScriptURL(uuid, decisionScriptURLParams) };
} else if (auctionConfigOverrides.decisionLogicURL === undefined) {
auctionConfigOverrides.decisionLogicURL =
createDecisionScriptURL(uuid, decisionScriptURLParams);
}
await runBasicFledgeAuctionAndNavigate(test, uuid, auctionConfigOverrides);
await waitForObservedRequests(uuid, expectedReportURLs);
}
// Helper function for running a standard test of the additional bid and
// negative targeting features. This helper verifies that the auction produces a
// winner. It takes the following arguments:
// - test/uuid: the test object and uuid from the test case (see generateUuid)
// - buyers: array of strings, each a domain for a buyer participating in this
// auction
// - auctionNonce: string, the auction nonce for this auction, typically
// retrieved from a prior call to navigator.createAuctionNonce
// - additionalBidsPromise: promise resolving to undefined, to be resolved when
// the additional bids have been retrieved with fetch().
// - highestScoringOtherBid: the amount of the second-highest bid,
// or zero if there's no second-highest bid
// - winningAdditionalBidId: the label of the winning bid
async function runAdditionalBidTest(test, uuid, buyers, auctionNonce,
additionalBidsPromise,
highestScoringOtherBid,
winningAdditionalBidId) {
await runBasicFledgeAuctionAndNavigate(
test, uuid,
{ interestGroupBuyers: buyers,
auctionNonce: auctionNonce,
additionalBids: additionalBidsPromise,
decisionLogicURL: createDecisionScriptURL(
uuid,
{ reportResult: `sendReportTo("${createSellerReportURL(uuid)}&highestScoringOtherBid=" + Math.round(browserSignals.highestScoringOtherBid));` })});
await waitForObservedRequests(
uuid, [createHighestScoringOtherBidReportURL(uuid, highestScoringOtherBid),
createBidderReportURL(uuid, winningAdditionalBidId)]);
}
// Similar to runAdditionalBidTest(), but expects no winner. It takes the
// following arguments:
// - test/uuid: the test object and uuid from the test case (see generateUuid)
// - buyers: array of strings, each a domain for a buyer participating in this
// auction
// - auctionNonce: string, the auction nonce for this auction, typically
// retrieved from a prior call to navigator.createAuctionNonce
// - additionalBidsPromise: promise resolving to undefined, to be resolved when
// the additional bids have been retrieved with fetch().
async function runAdditionalBidTestNoWinner(
test, uuid, buyers, auctionNonce, additionalBidsPromise) {
await runBasicFledgeTestExpectingNoWinner(test, uuid, {
interestGroupBuyers: buyers,
auctionNonce: auctionNonce,
additionalBids: additionalBidsPromise,
decisionLogicURL: createDecisionScriptURL(uuid)
});
}
// Runs "script" in "child_window" via an eval call. The "child_window" must
// have been created by calling "createFrame()" below. "param" is passed to the
// context "script" is run in, so can be used to pass objects that
// "script" references that can't be serialized to a string, like
// fencedFrameConfigs.
async function runInFrame(test, child_window, script, param) {
const messageUuid = generateUuid(test);
let receivedResponse = {};
let promise = new Promise(function(resolve, reject) {
function WaitForMessage(event) {
if (event.data.messageUuid !== messageUuid)
return;
receivedResponse = event.data;
if (event.data.result === 'success') {
resolve();
} else {
reject(event.data.result);
}
}
window.addEventListener('message', WaitForMessage);
child_window.postMessage(
{messageUuid: messageUuid, script: script, param: param}, '*');
});
await promise;
return receivedResponse.returnValue;
}
// Creates an frame and navigates it to a URL on "origin", and waits for the URL
// to finish loading by waiting for the frame to send an event. Then returns
// the frame's Window object. Depending on the value of "is_iframe", the created
// frame will either be a new iframe, or a new top-level main frame. In the iframe
// case, its "allow" field will be set to "permissions".
//
// Also adds a cleanup callback to "test", which runs all cleanup functions
// added within the frame and waits for them to complete, and then destroys the
// iframe or closes the window.
async function createFrame(test, origin, is_iframe = true, permissions = null) {
const frameUuid = generateUuid(test);
const frameURL =
`${origin}${RESOURCE_PATH}subordinate-frame.sub.html?uuid=${frameUuid}`;
let promise = new Promise(function(resolve, reject) {
function WaitForMessage(event) {
if (event.data.messageUuid !== frameUuid)
return;
if (event.data.result === 'load complete') {
resolve();
} else {
reject(event.data.result);
}
}
window.addEventListener('message', WaitForMessage);
});
if (is_iframe) {
let iframe = document.createElement('iframe');
if (permissions)
iframe.allow = permissions;
iframe.src = frameURL;
document.body.appendChild(iframe);
test.add_cleanup(async () => {
await runInFrame(test, iframe.contentWindow, "await test_instance.do_cleanup();");
document.body.removeChild(iframe);
});
await promise;
return iframe.contentWindow;
}
let child_window = window.open(frameURL);
test.add_cleanup(async () => {
await runInFrame(test, child_window, "await test_instance.do_cleanup();");
child_window.close();
});
await promise;
return child_window;
}
// Wrapper around createFrame() that creates an iframe and optionally sets
// permissions.
async function createIframe(test, origin, permissions = null) {
return await createFrame(test, origin, /*is_iframe=*/true, permissions);
}
// Wrapper around createFrame() that creates a top-level window.
async function createTopLevelWindow(test, origin) {
return await createFrame(test, origin, /*is_iframe=*/false);
}
// Joins a cross-origin interest group. Currently does this by joining the
// interest group in an iframe, though it may switch to using a .well-known
// fetch to allow the cross-origin join, when support for that is added
// to these tests, so callers should not assume that's the mechanism in use.
async function joinCrossOriginInterestGroup(test, uuid, origin, interestGroupOverrides = {}) {
let interestGroup = JSON.stringify(
createInterestGroupForOrigin(uuid, origin, interestGroupOverrides));
let iframe = await createIframe(test, origin, 'join-ad-interest-group');
await runInFrame(test, iframe,
`await joinInterestGroup(test_instance, "${uuid}", ${interestGroup})`);
}
// Leaves a cross-origin interest group, by running a leave in an iframe.
async function leaveCrossOriginInterestGroup(test, uuid, origin, interestGroupOverrides = {}) {
let interestGroup = JSON.stringify(
createInterestGroupForOrigin(uuid, origin, interestGroupOverrides));
let iframe = await createIframe(test, origin, 'join-ad-interest-group');
await runInFrame(test, iframe,
`await leaveInterestGroup(${interestGroup})`);
}
// Joins an interest group in a top-level window, which has the same origin
// as the joined interest group.
async function joinInterestGroupInTopLevelWindow(
test, uuid, origin, interestGroupOverrides = {}) {
let interestGroup = JSON.stringify(
createInterestGroupForOrigin(uuid, origin, interestGroupOverrides));
let topLevelWindow = await createTopLevelWindow(test, origin);
await runInFrame(test, topLevelWindow,
`await joinInterestGroup(test_instance, "${uuid}", ${interestGroup})`);
}
// Opens a top-level window and calls joinCrossOriginInterestGroup() in it.
async function joinCrossOriginInterestGroupInTopLevelWindow(
test, uuid, windowOrigin, interestGroupOrigin, interestGroupOverrides = {}) {
let interestGroup = JSON.stringify(
createInterestGroupForOrigin(uuid, interestGroupOrigin, interestGroupOverrides));
let topLevelWindow = await createTopLevelWindow(test, windowOrigin);
await runInFrame(test, topLevelWindow,
`await joinCrossOriginInterestGroup(
test_instance, "${uuid}", "${interestGroupOrigin}", ${interestGroup})`);
}
// Fetch directFromSellerSignals from seller and check header
// 'Ad-Auction-Signals' is hidden from documents.
async function fetchDirectFromSellerSignals(headers_content, origin) {
const response = await fetch(
createDirectFromSellerSignalsURL(origin),
{ adAuctionHeaders: true, headers: headers_content });
if (!('Negative-Test-Option' in headers_content)) {
assert_equals(
response.status,
200,
'Failed to fetch directFromSellerSignals: ' + await response.text());
}
assert_false(
response.headers.has('Ad-Auction-Signals'),
'Header "Ad-Auction-Signals" should be hidden from documents.');
}
// Generate directFromSellerSignals evaluation code for different worklets and
// pass to `runReportTest()` as `codeToInsert`.
function directFromSellerSignalsValidatorCode(uuid, expectedSellerSignals,
expectedAuctionSignals, expectedPerBuyerSignals) {
expectedSellerSignals = JSON.stringify(expectedSellerSignals);
expectedAuctionSignals = JSON.stringify(expectedAuctionSignals);
expectedPerBuyerSignals = JSON.stringify(expectedPerBuyerSignals);
return {
// Seller worklets
scoreAd:
`if (directFromSellerSignals == null ||
directFromSellerSignals.sellerSignals !== ${expectedSellerSignals} ||
directFromSellerSignals.auctionSignals !== ${expectedAuctionSignals} ||
Object.keys(directFromSellerSignals).length !== 2) {
throw 'Failed to get expected directFromSellerSignals in scoreAd(): ' +
JSON.stringify(directFromSellerSignals);
}`,
reportResultSuccessCondition:
`directFromSellerSignals != null &&
directFromSellerSignals.sellerSignals === ${expectedSellerSignals} &&
directFromSellerSignals.auctionSignals === ${expectedAuctionSignals} &&
Object.keys(directFromSellerSignals).length === 2`,
reportResult:
`sendReportTo("${createSellerReportURL(uuid)}");`,
// Bidder worklets
generateBid:
`if (directFromSellerSignals == null ||
directFromSellerSignals.perBuyerSignals !== ${expectedPerBuyerSignals} ||
directFromSellerSignals.auctionSignals !== ${expectedAuctionSignals} ||
Object.keys(directFromSellerSignals).length !== 2) {
throw 'Failed to get expected directFromSellerSignals in generateBid(): ' +
JSON.stringify(directFromSellerSignals);
}`,
reportWinSuccessCondition:
`directFromSellerSignals != null &&
directFromSellerSignals.perBuyerSignals === ${expectedPerBuyerSignals} &&
directFromSellerSignals.auctionSignals === ${expectedAuctionSignals} &&
Object.keys(directFromSellerSignals).length === 2`,
reportWin:
`sendReportTo("${createBidderReportURL(uuid)}");`,
};
}
let additionalBidHelper = function() {
// Creates an additional bid with the given parameters. This additional bid
// specifies a biddingLogicURL that provides an implementation of
// reportAdditionalBidWin that triggers a sendReportTo() to the bidder report
// URL of the winning additional bid. Additional bids are described in more
// detail at
// https://github.com/WICG/turtledove/blob/main/FLEDGE.md#6-additional-bids.
// Returned bids have an additional `testMetadata` field that's modified by
// several of the other helper functions defined below and is consumed by
// `fetchAdditionalBids()`. Created additional bids must be used only once,
// as `fetchAdditionalBids()` consumes and discards the `testMetadata` field.
function createAdditionalBid(uuid, seller, buyer, interestGroupName, bidAmount) {
return {
interestGroup: {
name: interestGroupName,
biddingLogicURL: createBiddingScriptURL({
origin: buyer,
reportAdditionalBidWin: `sendReportTo("${
createBidderReportURL(uuid, interestGroupName)}");`
}),
owner: buyer
},
bid: {ad: ['metadata'], bid: bidAmount, render: createRenderURL(uuid)},
seller: seller,
testMetadata: {}
};
}
// Sets the auction nonce that will be included by the server on the
// 'Ad-Auction-Additional-Bid' response header for this bid. All valid
// additional bids should have an auctionNonce in the header, so this
// should be called by most tests.
function setAuctionNonceInHeader(additionalBid, auctionNonce) {
additionalBid.testMetadata.auctionNonce = auctionNonce;
}
// Sets the seller nonce that will be included by the server on the
// 'Ad-Auction-Additional-Bid' response header for this bid.
function setSellerNonceInHeader(additionalBid, sellerNonce) {
additionalBid.testMetadata.sellerNonce = sellerNonce;
}
// Tells `fetchAdditionalBids` to correctly sign the additional bid with
// the given secret keys before returning that as a signed additional bid.
// The signatures aren't computed yet because `additionalBid` - whose string
// representation is signed - may still change between when this is called
// and when `fetchAdditionalBids` is called.
function signWithSecretKeys(additionalBid, secretKeys) {
additionalBid.testMetadata.secretKeysForValidSignatures = secretKeys;
}
// Tells the additional bid endpoint to incorrectly sign the additional bid
// with the given secret keys before returning that as a signed additional
// bid. This is used for testing the behavior when the auction encounters an
// invalid signature. The signatures aren't computed yet because
// `additionalBid` - whose string representation is signed - may still change
// between when this is called and when `fetchAdditionalBids` is called.
function incorrectlySignWithSecretKeys(additionalBid, secretKeys) {
additionalBid.testMetadata.secretKeysForInvalidSignatures = secretKeys;
}
// Takes the auctionNonce and sellerNonce as strings, and combines them with
// SHA256, returning the result as a base64 string.
async function computeBidNonce(auctionNonce, sellerNonce) {
// Compute the bidNonce as hashed bytes.
const combined_utf8 = new TextEncoder().encode(auctionNonce + sellerNonce);
const hashed = await crypto.subtle.digest('SHA-256',combined_utf8);
// Convert the hashed bytes to base64.
return btoa(String.fromCharCode(...new Uint8Array(hashed)));
}
// Adds a single negative interest group to an additional bid, as described at:
// https://github.com/WICG/turtledove/blob/main/FLEDGE.md#622-how-additional-bids-specify-their-negative-interest-groups
function addNegativeInterestGroup(additionalBid, negativeInterestGroup) {
additionalBid.negativeInterestGroup = negativeInterestGroup;
}
// Adds multiple negative interest groups to an additional bid, as described at:
// https://github.com/WICG/turtledove/blob/main/FLEDGE.md#622-how-additional-bids-specify-their-negative-interest-groups
function addNegativeInterestGroups(
additionalBid, negativeInterestGroups, joiningOrigin) {
additionalBid.negativeInterestGroups = {
joiningOrigin: joiningOrigin,
interestGroupNames: negativeInterestGroups
};
}
const _ed25519ModulePromise =
import('../third_party/noble-ed25519/noble-ed25519.js');
// Returns a signature entry for a signed additional bid.
//
// `message` is the additional bid text (or other text if generating an
// invalid signature) to sign.
//
// `base64EncodedSecretKey` is the base64-encoded Ed25519 key with which to
// sign the message. From this secret key, the public key can be deduced,
// which becomes part of the signature entry.
async function _generateSignature(message, base64EncodedSecretKey) {
const ed25519 = await _ed25519ModulePromise;
const secretKey =
Uint8Array.from(atob(base64EncodedSecretKey), c => c.charCodeAt(0));
const [publicKey, signature] = await Promise.all([
ed25519.getPublicKeyAsync(secretKey),
ed25519.signAsync(new TextEncoder().encode(message), secretKey)
]);
return {
'key': btoa(String.fromCharCode(...publicKey)),
'signature': btoa(String.fromCharCode(...signature))
};
}
// Returns a signed additional bid given an additional bid and secret keys.
// `additionalBid` is the additional bid to sign. It must not contain a
// `testMetadata` - that should have been removed prior to calling this.
//
// `secretKeysForValidSignatures` is a list of strings, each a base64-encoded
// Ed25519 secret key with which to sign the additional bid, whereas
// `secretKeysForInvalidSignatures` is a list of strings, each a
// base64-encoded Ed25519 secret key with which to *incorrectly* sign the
// additional bid.
async function _signAdditionalBid(
additionalBid, secretKeysForValidSignatures,
secretKeysForInvalidSignatures) {
async function _signString(string, secretKeys) {
if (!secretKeys) {
return [];
}
return await Promise.all(secretKeys.map(
async secretKey => await _generateSignature(
string, secretKey)));
}
assert_not_own_property(
additionalBid, 'testMetadata',
'testMetadata should be removed from additionalBid before signing');
const additionalBidString = JSON.stringify(additionalBid);
let [validSignatures, invalidSignatures] = await Promise.all([
_signString(additionalBidString, secretKeysForValidSignatures),
// For invalid signatures, we use the correct secret key to sign a
// different message - the additional bid prepended by 'invalid' - so
// that the signature is a structually valid signature with the correct
// (public) key, but can't be used to verify the additional bid.
_signString('invalid' + additionalBidString, secretKeysForInvalidSignatures)
]);
return {
'bid': additionalBidString,
'signatures': validSignatures.concat(invalidSignatures)
};
}
// Given an additionalBid object, this returns a string to be used as the
// value of the `Ad-Auction-Additional-Bid` response header. To produce this
// header, this signs the signing the `additionalBid` with the signatures
// specified by prior calls to `signWithSecretKeys` and
// `incorrectlySignWithSecretKeys` above; base64-encodes the stringified
// `signedAdditionalBid`; and then prepends that with the `auctionNonce` and/or
// `sellerNonce` specified by prior calls to `setAuctionNonceInHeader` and
// `setSellerNonceInHeader` above, respectively.
async function _convertAdditionalBidToResponseHeader(additionalBid) {
const testMetadata = additionalBid.testMetadata;
delete additionalBid.testMetadata;
const signedAdditionalBid = await _signAdditionalBid(
additionalBid,
testMetadata.secretKeysForValidSignatures,
testMetadata.secretKeysForInvalidSignatures);
return [
testMetadata.auctionNonce,
testMetadata.sellerNonce,
btoa(JSON.stringify(signedAdditionalBid))
].filter(k => k !== undefined).join(':');
}
// Fetch some number of fully prepared additional bid from a seller and verify
// that the `Ad-Auction-Additional-Bid` header is not visible in this
// JavaScript context. The `additionalBids` parameter is a list of additional
// bids objects created by `createAdditionalBid` and modified by other
// functions on this helper. Once passed to this method, additional bids may
// not be reused in a future call to `fetchAdditionalBids()`, since this
// mothod consumes and destroys their `testMetadata` field.
async function fetchAdditionalBids(seller, additionalBids) {
let additionalBidHeaderValues = await Promise.all(additionalBids.map(
async additionalBid =>
await _convertAdditionalBidToResponseHeader(additionalBid)));
const url = new URL(`${seller}${RESOURCE_PATH}additional-bids.py`);
url.searchParams.append(
'additionalBidHeaderValues', JSON.stringify(additionalBidHeaderValues));
const response = await fetch(url.href, {adAuctionHeaders: true});
assert_equals(response.status, 200, 'Failed to fetch additional bid: ' + await response.text());
assert_false(
response.headers.has('Ad-Auction-Additional-Bid'),
'Header "Ad-Auction-Additional-Bid" should not be available in JavaScript context.');
}
return {
createAdditionalBid: createAdditionalBid,
setAuctionNonceInHeader: setAuctionNonceInHeader,
setSellerNonceInHeader: setSellerNonceInHeader,
signWithSecretKeys: signWithSecretKeys,
incorrectlySignWithSecretKeys: incorrectlySignWithSecretKeys,
computeBidNonce: computeBidNonce,
addNegativeInterestGroup: addNegativeInterestGroup,
addNegativeInterestGroups: addNegativeInterestGroups,
fetchAdditionalBids: fetchAdditionalBids
};
}();
// DeprecatedRenderURLReplacements helper function.
// Returns an object containing sample strings both before and after the
// replacements in 'replacements' have been applied by
// deprecatedRenderURLReplacements. All substitution strings will appear
// only once in the output strings.
function createStringBeforeAndAfterReplacements(deprecatedRenderURLReplacements) {
let beforeReplacements = '';
let afterReplacements = '';
if(deprecatedRenderURLReplacements){
for (const [match, replacement] of Object.entries(deprecatedRenderURLReplacements)) {
beforeReplacements += match + "/";
afterReplacements += replacement + "/";
}
}
return { beforeReplacements, afterReplacements };
}
// Delete all cookies. Separate function so that can be replaced with
// something else for testing outside of a WPT environment.
async function deleteAllCookies() {
await test_driver.delete_all_cookies();
}
// Deletes all cookies (to avoid pre-existing cookies causing inconsistent
// output on failure) and sets a cookie with name "cookie" and a value of
// "cookie". Adds a cleanup task to delete all cookies again when the test
// is done.
async function setCookie(test) {
await deleteAllCookies();
document.cookie = 'cookie=cookie; path=/'
test.add_cleanup(deleteAllCookies);
}
async function makeInterestGroupKAnonymous(passedInterestGroup) {
// Make a copy so we can sanitize fields without affecting the tests.
let interestGroup = structuredClone(passedInterestGroup);
const ownerURL = new URL(interestGroup.owner);
interestGroup.owner = ownerURL.origin;
interestGroup.name = String(interestGroup.name).toWellFormed();
interestGroup.biddingLogicURL =
(new URL(interestGroup.biddingLogicURL, BASE_URL)).toString();
function b64(array) {
return btoa(String.fromCharCode.apply(null, array));
}
let hashes = [];
if (Array.isArray(interestGroup.ads)) {
for (const ad of interestGroup.ads) {
hashes.push(b64(await computeKeyHashOfAd(interestGroup, ad)));
hashes.push(
b64(await computeKeyHashOfReportingId(interestGroup, ad, null)));
if (Array.isArray(ad.selectableBuyerAndSellerReportingIds)) {
for (const id of ad.selectableBuyerAndSellerReportingIds) {
hashes.push(
b64(await computeKeyHashOfReportingId(interestGroup, ad, id)));
}
}
}
}
if (Array.isArray(interestGroup.adComponents)) {
for (const ad of interestGroup.adComponents) {
hashes.push(b64(await computeKeyHashOfComponentAd(interestGroup, ad)));
}
}
await test_driver.set_protected_audience_k_anonymity(
interestGroup.owner, interestGroup.name, hashes);
}
async function computeKeyHashOfAd(ig, ad) {
const encoder = new TextEncoder();
const kAnonKey = encoder.encode(
`AdBid\n${ig.owner}/\n${ig.biddingLogicURL}\n${ad.renderURL}`);
return new Uint8Array(await window.crypto.subtle.digest('SHA-256', kAnonKey));
}
async function computeKeyHashOfReportingId(ig, ad, selectedReportingId = null) {
const encoder = new TextEncoder();
let kAnonKey = null;
if (!selectedReportingId) {
if (ad.buyerAndSellerReportingId) {
kAnonKey = encoder.encode(
`BuyerAndSellerReportId\n${ig.owner}/\n${ig.biddingLogicURL}\n${
ad.renderURL}\n${ad.buyerAndSellerReportingId}`);
} else if (ad.buyerReportingId) {
kAnonKey = encoder.encode(`BuyerReportId\n${ig.owner}/\n${
ig.biddingLogicURL}\n${ad.renderURL}\n${ad.buyerReportingId}`);
} else {
kAnonKey = encoder.encode(`NameReport\n${ig.owner}/\n${
ig.biddingLogicURL}\n${ad.renderURL}\n${ig.name}`);
}
} else {
function encodeKeyPartInto(part, array) {
array[0] = 0x0a;
if (!part) {
for (let i = 1; i < 6; i++) {
array[i] = 0x00;
}
return 6;
}
const len = part.length;
array[1] = 0x01;
array[2] = (len >> 24) % 256
array[3] = (len >> 16) % 256
array[4] = (len >> 8) % 256
array[5] = len % 256;
encoder.encodeInto(part, array.subarray(6));
return 1 + 5 + len;
}
const baseText = `SelectedBuyerAndSellerReportId\n${ig.owner}/\n${
ig.biddingLogicURL}\n${ad.renderURL}`;
const selectedReportingIdLen =
1 + 5 + (selectedReportingId ? selectedReportingId.length : 0);
const buyerAndSellerReportingIdLen = 1 + 5 +
(ad.buyerAndSellerReportingId ? ad.buyerAndSellerReportingId.length : 0)
const buyerReportingIdLen =
1 + 5 + (ad.buyerReportingId ? ad.buyerReportingId.length : 0)
const expectedLen = baseText.length + selectedReportingIdLen +
buyerAndSellerReportingIdLen + buyerReportingIdLen;
kAnonKey = new Uint8Array(expectedLen);
let actualLen = 0;
actualLen += encoder.encodeInto(baseText, kAnonKey).written;
actualLen +=
encodeKeyPartInto(selectedReportingId, kAnonKey.subarray(actualLen));
actualLen += encodeKeyPartInto(
ad.buyerAndSellerReportingId, kAnonKey.subarray(actualLen));
actualLen +=
encodeKeyPartInto(ad.buyerReportingId, kAnonKey.subarray(actualLen));
}
return new Uint8Array(await window.crypto.subtle.digest('SHA-256', kAnonKey));
}
async function computeKeyHashOfComponentAd(ig, ad) {
const encoder = new TextEncoder();
const kAnonKey = encoder.encode(`ComponentBid\n${ad.renderURL}`);
return new Uint8Array(await window.crypto.subtle.digest('SHA-256', kAnonKey));
}
View git blame Copy permalink