firefox/testing/web-platform/tests/webauthn/signal-unknown-credential.https.html

<!DOCTYPE html>
<meta charset="utf-8">
<title>Signal unknown credential tests</title>
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
<script src=helpers.js></script>

<body></body>
<script>
  "use strict";

  const authenticatorOptions = {
    protocol: "ctap2_1",
    hasResidentKey: true,
    isUserVerified: true,
    hasUserVerification: true,
  };

  const userId = Uint8Array.from([1, 2, 3, 4]);

  function createDiscoverableCredential() {
    return createCredential({
      options: {
        publicKey: {
          authenticatorSelection: {
            residentKey: "required",
          },
          user: {
            id: userId,
            name: "reimu",
            displayName: "Reimu Hakurei",
          }
        },
      },
    });
  }

  virtualAuthenticatorPromiseTest(async t => {
    return promise_rejects_dom(t, "SecurityError", PublicKeyCredential.signalUnknownCredential({
      rpId: "umbrella-corporation.example.com",
      credentialId: base64urlEncode([1, 2, 3, 4]),
    }));
  }, authenticatorOptions, "signalUnknownCredential fails with SecurityError for invalid RP IDs");

  virtualAuthenticatorPromiseTest(async t => {
    return promise_rejects_js(t, TypeError, PublicKeyCredential.signalUnknownCredential({
      rpId: window.location.hostname,
      credentialId: "Not base 64 url",
    }));
  }, authenticatorOptions, "signalUnknownCredential fails with TypeError for invalid base64url");

  virtualAuthenticatorPromiseTest(async t => {
    const credential = await createDiscoverableCredential();
    await assertCredential(credential);
    await PublicKeyCredential.signalUnknownCredential({
      rpId: window.location.hostname,
      credentialId: base64urlEncode([1, 2, 3, 4]),
    });
    await assertCredential(credential);
  }, authenticatorOptions, "signalUnknownCredential does not remove a credential that does not match the ID");

  virtualAuthenticatorPromiseTest(async t => {
    const credential = await createDiscoverableCredential();
    await assertCredential(credential);
    await PublicKeyCredential.signalUnknownCredential({
      rpId: window.location.hostname,
      credentialId: credential.id,
    });
    return promise_rejects_dom(t, "NotAllowedError", assertCredential(credential));
  }, authenticatorOptions, "signalUnknownCredential removes a credential that matches the ID");
</script>