summaryrefslogtreecommitdiffstats
path: root/dom/credentialmanagement/tests/mochitest
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:47:29 +0000
commit0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch)
treea31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /dom/credentialmanagement/tests/mochitest
parentInitial commit. (diff)
downloadfirefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz
firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/credentialmanagement/tests/mochitest')
-rw-r--r--dom/credentialmanagement/tests/mochitest/frame_credman_iframes.html105
-rw-r--r--dom/credentialmanagement/tests/mochitest/mochitest.ini13
-rw-r--r--dom/credentialmanagement/tests/mochitest/test_credman_empty_option.html40
-rw-r--r--dom/credentialmanagement/tests/mochitest/test_credman_iframes.html57
4 files changed, 215 insertions, 0 deletions
diff --git a/dom/credentialmanagement/tests/mochitest/frame_credman_iframes.html b/dom/credentialmanagement/tests/mochitest/frame_credman_iframes.html
new file mode 100644
index 0000000000..e7dbd40b34
--- /dev/null
+++ b/dom/credentialmanagement/tests/mochitest/frame_credman_iframes.html
@@ -0,0 +1,105 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>Embedded Frame for Credential Management: Prohibit use in cross-origin iframes</title>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+ <meta charset=utf-8>
+</head>
+<body>
+
+<script class="testbody" type="text/javascript">
+"use strict";
+
+const cose_alg_ECDSA_w_SHA256 = -7;
+var _parentOrigin = "https://example.com/";
+
+function log(msg) {
+ console.log(msg);
+ let logBox = document.getElementById("log");
+ if (logBox) {
+ logBox.textContent += "\n" + msg;
+ }
+}
+
+function local_finished() {
+ parent.postMessage({"done": true}, _parentOrigin);
+ log("Done.");
+}
+
+function local_ok(expression, message) {
+ let body = {"test": expression, "status": expression, "msg": message};
+ parent.postMessage(body, _parentOrigin);
+ log(expression + ": " + message);
+}
+
+function testSameOrigin() {
+ log("Same origin: " + document.domain);
+
+ navigator.credentials.create({publicKey: makeCredentialOptions})
+ .then(function sameOriginCreateThen(aResult) {
+ local_ok(aResult != undefined, "Create worked " + aResult);
+ })
+ .catch(function sameOriginCatch(aResult) {
+ local_ok(false, "Should not have failed " + aResult);
+ })
+ .then(function sameOriginPreventSilentAccess() {
+ return navigator.credentials.preventSilentAccess();
+ })
+ .then(function sameOriginPreventSilentAccessThen(aResult) {
+ local_ok(aResult == undefined, "PreventSilentAccess worked " + aResult);
+ })
+ .catch(function sameOriginPreventSilentAccessCatch(aResult) {
+ local_ok(false, "Should not have failed " + aResult);
+ })
+ .then(function() {
+ local_finished();
+ });
+}
+
+function testCrossOrigin() {
+ log("Cross-origin: " + document.domain);
+
+ navigator.credentials.create({publicKey: makeCredentialOptions})
+ .then(function crossOriginThen(aBad) {
+ local_ok(false, "Should not have succeeded " + aBad);
+ })
+ .catch(function crossOriginCatch(aResult) {
+ local_ok(aResult.toString().startsWith("NotAllowedError"),
+ "Expecting a NotAllowedError, received " + aResult);
+ })
+ .then(function crossOriginPreventSilentAccess() {
+ return navigator.credentials.preventSilentAccess();
+ })
+ .then(function crossOriginPreventSilentAccessThen(aResult) {
+ local_ok(aResult == undefined, "PreventSilentAccess worked " + aResult);
+ })
+ .catch(function crossOriginPreventSilentAccessCatch(aResult) {
+ local_ok(false, "Should not have failed " + aResult);
+ })
+ .then(function() {
+ local_finished();
+ });
+}
+
+let rp = {id: document.domain, name: "none", icon: "none"};
+let user = {
+ id: crypto.getRandomValues(new Uint8Array(16)),
+ name: "none", icon: "none", displayName: "none",
+};
+let param = {type: "public-key", alg: cose_alg_ECDSA_w_SHA256};
+let makeCredentialOptions = {
+ rp, user, challenge: new Uint8Array(), pubKeyCredParams: [param],
+};
+
+if (document.domain == "example.com") {
+ testSameOrigin();
+} else {
+ testCrossOrigin();
+}
+
+</script>
+
+<div id="log"></div>
+
+</body>
+</html>
diff --git a/dom/credentialmanagement/tests/mochitest/mochitest.ini b/dom/credentialmanagement/tests/mochitest/mochitest.ini
new file mode 100644
index 0000000000..eeb174b7f0
--- /dev/null
+++ b/dom/credentialmanagement/tests/mochitest/mochitest.ini
@@ -0,0 +1,13 @@
+[DEFAULT]
+support-files =
+ frame_credman_iframes.html
+scheme = https
+
+[test_credman_empty_option.html]
+[test_credman_iframes.html]
+skip-if =
+ xorigin # Application time out
+ win10_2004 # Bug 1718296
+ win10_2009 # Bug 1718296
+ win11_2009 # Bug 1718296
+ http3
diff --git a/dom/credentialmanagement/tests/mochitest/test_credman_empty_option.html b/dom/credentialmanagement/tests/mochitest/test_credman_empty_option.html
new file mode 100644
index 0000000000..4e582a9f8e
--- /dev/null
+++ b/dom/credentialmanagement/tests/mochitest/test_credman_empty_option.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<head>
+ <title>Credential Management: Handle requests with empty options</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+ <meta charset=utf-8>
+</head>
+<body>
+<h1>Credential Management: Handle requests with empty options</h1>
+
+<script class="testbody" type="text/javascript">
+"use strict";
+
+SimpleTest.waitForExplicitFinish();
+
+SpecialPowers.pushPrefEnv({"set": [["security.webauth.webauthn", true],
+ ["dom.security.credentialmanagement.enabled", true]
+ ]},
+async function() {
+ info("testing create({}).")
+ try {
+ await navigator.credentials.create({});
+ ok(false, "Credential creation with no options should be an error.");
+ }
+ catch (err) {
+ is(err.name, "NotSupportedError", "Credential creation with no options is a NotSupportedError");
+ }
+ info("testing get({}).")
+ try {
+ await navigator.credentials.get({});
+ ok(false, "Credential get with no options should be an error.");
+ }
+ catch (err) {
+ is(err.name, "NotSupportedError", "Credential get with no options is a NotSupportedError");
+ }
+ SimpleTest.finish();
+});
+</script>
+</body>
+</html>
diff --git a/dom/credentialmanagement/tests/mochitest/test_credman_iframes.html b/dom/credentialmanagement/tests/mochitest/test_credman_iframes.html
new file mode 100644
index 0000000000..e5d3fccc55
--- /dev/null
+++ b/dom/credentialmanagement/tests/mochitest/test_credman_iframes.html
@@ -0,0 +1,57 @@
+<!DOCTYPE html>
+<head>
+ <title>Credential Management: Prohibit use in cross-origin iframes</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+ <meta charset=utf-8>
+</head>
+<body>
+<h1>Credential Management: Prohibit use in cross-origin iframes</h1>
+<ul>
+ <li><a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1407789">Mozilla Bug 1407789</a></li>
+</ul>
+
+<div id="framediv">
+ <h2>Same Origin Test</h2>
+ <iframe id="frame_top"></iframe>
+
+ <h2>Cross-Origin Test</h2>
+ <iframe id="frame_bottom"></iframe>
+</div>
+
+<script class="testbody" type="text/javascript">
+"use strict";
+
+SimpleTest.waitForExplicitFinish();
+
+var _countCompletes = 0;
+var _expectedCompletes = 2; // 2 iframes
+
+function handleEventMessage(event) {
+ if ("test" in event.data) {
+ let summary = event.data.test + ": " + event.data.msg;
+ ok(event.data.status, summary);
+ } else if ("done" in event.data) {
+ _countCompletes += 1;
+ if (_countCompletes == _expectedCompletes) {
+ console.log("Test compeleted. Finished.");
+ SimpleTest.finish();
+ }
+ } else {
+ ok(false, "Unexpected message in the test harness: " + event.data);
+ }
+}
+
+window.addEventListener("message", handleEventMessage);
+SpecialPowers.pushPrefEnv({"set": [["security.webauth.webauthn", true],
+ ["security.webauth.webauthn_enable_softtoken", true],
+ ["security.webauth.webauthn_enable_usbtoken", false],
+ ["security.webauth.webauthn_enable_android_fido2", false]]},
+function() {
+ document.getElementById("frame_top").src = "https://example.com/tests/dom/credentialmanagement/tests/mochitest/frame_credman_iframes.html";
+
+ document.getElementById("frame_bottom").src = "https://test1.example.com/tests/dom/credentialmanagement/tests/mochitest/frame_credman_iframes.html";
+});
+</script>
+</body>
+</html>