1 files changed, 91 insertions, 0 deletions
diff --git a/dom/webauthn/tests/test_webauthn_no_token.html b/dom/webauthn/tests/test_webauthn_no_token.html
new file mode 100644
index 0000000000..7b373dd0a5
--- /dev/null
+++ b/dom/webauthn/tests/test_webauthn_no_token.html
@@ -0,0 +1,91 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<head>
+  <title>Test for W3C Web Authentication with no token</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="u2futil.js"></script>
+  <script type="text/javascript" src="pkijs/common.js"></script>
+  <script type="text/javascript" src="pkijs/asn1.js"></script>
+  <script type="text/javascript" src="pkijs/x509_schema.js"></script>
+  <script type="text/javascript" src="pkijs/x509_simpl.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+
+<h1>Test for W3C Web Authentication with no token</h1>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1309284">Mozilla Bug 1309284</a>
+
+<script class="testbody" type="text/javascript">
+"use strict";
+
+// Execute the full-scope test
+SimpleTest.waitForExplicitFinish();
+
+// Turn off all tokens. This should result in "not allowed" failures
+SpecialPowers.pushPrefEnv({"set": [["security.webauth.webauthn", true],
+                                   ["security.webauth.webauthn_enable_softtoken", false],
+                                   ["security.webauth.webauthn_enable_android_fido2", false],
+                                   ["security.webauth.webauthn_enable_usbtoken", false]]},
+function() {
+  is(navigator.authentication, undefined, "navigator.authentication does not exist any longer");
+  isnot(navigator.credentials, undefined, "Credential Management API endpoint must exist");
+  isnot(navigator.credentials.create, undefined, "CredentialManagement create API endpoint must exist");
+  isnot(navigator.credentials.get, undefined, "CredentialManagement get API endpoint must exist");
+
+  let credm = navigator.credentials;
+
+  let credentialChallenge = new Uint8Array(16);
+  window.crypto.getRandomValues(credentialChallenge);
+  let assertionChallenge = new Uint8Array(16);
+  window.crypto.getRandomValues(assertionChallenge);
+  let credentialId = new Uint8Array(128);
+  window.crypto.getRandomValues(credentialId);
+
+  testMakeCredential();
+
+  function testMakeCredential() {
+    let rp = {id: document.domain, name: "none", icon: "none"};
+    let user = {id: new Uint8Array(), name: "none", icon: "none", displayName: "none"};
+    let param = {type: "public-key", alg: cose_alg_ECDSA_w_SHA256};
+    let makeCredentialOptions = {
+      rp, user, challenge: credentialChallenge, pubKeyCredParams: [param]
+    };
+    credm.create({publicKey: makeCredentialOptions})
+    .then(function(aResult) {
+      ok(false, "Should have failed.");
+      testAssertion();
+    })
+    .catch(function(aReason) {
+      ok(aReason.toString().startsWith("NotAllowedError"), aReason);
+      testAssertion();
+    });
+  }
+
+  function testAssertion() {
+    let newCredential = {
+      type: "public-key",
+      id: credentialId,
+      transports: ["usb"],
+    }
+    let publicKeyCredentialRequestOptions = {
+      challenge: assertionChallenge,
+      timeout: 5000, // the minimum timeout is actually 15 seconds
+      rpId: document.domain,
+      allowCredentials: [newCredential]
+    };
+    credm.get({publicKey: publicKeyCredentialRequestOptions})
+    .then(function(aResult) {
+      ok(false, "Should have failed.");
+      SimpleTest.finish();
+    })
+    .catch(function(aReason) {
+      ok(aReason.toString().startsWith("NotAllowedError"), aReason);
+      SimpleTest.finish();
+    })
+  }
+});
+
+</script>
+
+</body>
+</html>