firefox/testing/web-platform/tests/webauthn/signal-all-accepted-credentials.https.html

<!DOCTYPE html>
<meta charset="utf-8">
<title>Signal all accepted credentials tests</title>
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
<script src=helpers.js></script>

<body></body>
<script>
  "use strict";

  const authenticatorOptions = {
    protocol: "ctap2_1",
    hasResidentKey: true,
    isUserVerified: true,
    hasUserVerification: true,
  };

  const userId = Uint8Array.from([1, 2, 3, 4]);

  function createDiscoverableCredential() {
    return createCredential({
      options: {
        publicKey: {
          authenticatorSelection: {
            residentKey: "required",
          },
          user: {
            id: userId,
            name: "reimu",
            displayName: "Reimu Hakurei",
          }
        },
      },
    });
  }

  virtualAuthenticatorPromiseTest(async t => {
    return promise_rejects_dom(t, "SecurityError", PublicKeyCredential.signalAllAcceptedCredentials({
      rpId: "umbrella-corporation.example.com",
      userId: base64urlEncode(userId),
      allAcceptedCredentialIds: [],
    }));
  }, authenticatorOptions, "signalAllAcceptedCredentials fails with SecurityError for invalid RP IDs");

  virtualAuthenticatorPromiseTest(async t => {
    return promise_rejects_js(t, TypeError, PublicKeyCredential.signalAllAcceptedCredentials({
      rpId: window.location.hostname,
      userId: "Not base 64 url",
      allAcceptedCredentialIds: [],
    }));
  }, authenticatorOptions, "signalAllAcceptedCredentials fails with TypeError for invalid userId base64url");

  virtualAuthenticatorPromiseTest(async t => {
    return promise_rejects_js(t, TypeError, PublicKeyCredential.signalAllAcceptedCredentials({
      rpId: window.location.hostname,
      userId: base64urlEncode(userId),
      allAcceptedCredentialIds: ["not base 64 url"],
    }));
  }, authenticatorOptions, "signalAllAcceptedCredentials fails with TypeError for invalid credential base64url");

  virtualAuthenticatorPromiseTest(async t => {
    const credential = await createDiscoverableCredential();
    await assertCredential(credential);
    PublicKeyCredential.signalAllAcceptedCredentials({
      rpId: window.location.hostname,
      userId: base64urlEncode([5, 6, 7, 8]),
      allAcceptedCredentialIds: [],
    });
    await assertCredential(credential);
  }, authenticatorOptions, "signalAllAcceptedCredentials does not remove a credential for a different user id");

  virtualAuthenticatorPromiseTest(async t => {
    const credential = await createDiscoverableCredential();
    await assertCredential(credential);
    PublicKeyCredential.signalAllAcceptedCredentials({
      rpId: window.location.hostname,
      userId: base64urlEncode(userId),
      allAcceptedCredentialIds: [credential.id],
    });
    await assertCredential(credential);
  }, authenticatorOptions, "signalAllAcceptedCredentials does not remove a credential if present on the list");

  virtualAuthenticatorPromiseTest(async t => {
    const credential = await createDiscoverableCredential();
    await assertCredential(credential);
    PublicKeyCredential.signalAllAcceptedCredentials({
      rpId: window.location.hostname,
      userId: base64urlEncode(userId),
      allAcceptedCredentialIds: [],
    });
    return promise_rejects_dom(t, "NotAllowedError", assertCredential(credential));
  }, authenticatorOptions, "signalAllAcceptedCredentials removes a credential present on the list for the correct user");

  virtualAuthenticatorPromiseTest(async t => {
    const credential = await createDiscoverableCredential();
    await assertCredential(credential);
    PublicKeyCredential.signalAllAcceptedCredentials({
      rpId: window.location.hostname,
      userId: base64urlEncode(userId),
      allAcceptedCredentialIds: [base64urlEncode([1, 2, 3, 4])],
    });
    return promise_rejects_dom(t, "NotAllowedError", assertCredential(credential));
  }, authenticatorOptions, "signalAllAcceptedCredentials with unrecognized credentials removes existing credential");

  virtualAuthenticatorPromiseTest(async t => {
    const credential = await createDiscoverableCredential();
    await assertCredential(credential);
    PublicKeyCredential.signalAllAcceptedCredentials({
      rpId: window.location.hostname,
      userId: base64urlEncode(userId),
      allAcceptedCredentialIds: [credential.id, base64urlEncode([1, 2, 3, 4])],
    });
    await assertCredential(credential);
  }, authenticatorOptions, "signalAllAcceptedCredentials with recognized and unrecognized credentials keeps the existing credential");
</script>