summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/credential-management/support
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-15 03:35:49 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-15 03:35:49 +0000
commitd8bbc7858622b6d9c278469aab701ca0b609cddf (patch)
treeeff41dc61d9f714852212739e6b3738b82a2af87 /testing/web-platform/tests/credential-management/support
parentReleasing progress-linux version 125.0.3-1~progress7.99u1. (diff)
downloadfirefox-d8bbc7858622b6d9c278469aab701ca0b609cddf.tar.xz
firefox-d8bbc7858622b6d9c278469aab701ca0b609cddf.zip
Merging upstream version 126.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/credential-management/support')
-rw-r--r--testing/web-platform/tests/credential-management/support/digital-identity-helper.js19
-rw-r--r--testing/web-platform/tests/credential-management/support/digital-identity-iframe.html27
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js15
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py28
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/accounts_no_approved_clients.py30
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/continue_on.py4
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/manifest_check_same_site_strict.json7
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/manifest_with_continue_on.json2
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py2
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/resolve.html11
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/set_accounts_cookie.py1
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py15
-rw-r--r--testing/web-platform/tests/credential-management/support/fencedframe-mark-signedin.html10
-rw-r--r--testing/web-platform/tests/credential-management/support/set_cookie1
-rw-r--r--testing/web-platform/tests/credential-management/support/set_cookie.headers1
15 files changed, 163 insertions, 10 deletions
diff --git a/testing/web-platform/tests/credential-management/support/digital-identity-helper.js b/testing/web-platform/tests/credential-management/support/digital-identity-helper.js
new file mode 100644
index 0000000000..2020d6cda7
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/support/digital-identity-helper.js
@@ -0,0 +1,19 @@
+// Builds valid digital identity request for navigator.identity.get() API.
+export function buildValidNavigatorIdentityRequest() {
+ return {
+ digital: {
+ providers: [{
+ protocol: "urn:openid.net:oid4vp",
+ request: JSON.stringify({
+ // Based on https://github.com/openid/OpenID4VP/issues/125
+ client_id: "client.example.org",
+ client_id_scheme: "web-origin",
+ nonce: "n-0S6_WzA2Mj",
+ presentation_definition: {
+ // Presentation Exchange request, omitted for brevity
+ }
+ }),
+ }],
+ },
+ };
+}
diff --git a/testing/web-platform/tests/credential-management/support/digital-identity-iframe.html b/testing/web-platform/tests/credential-management/support/digital-identity-iframe.html
new file mode 100644
index 0000000000..8e193ff09f
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/support/digital-identity-iframe.html
@@ -0,0 +1,27 @@
+<!doctype html>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script type="module">
+import { buildValidNavigatorIdentityRequest } from './digital-identity-helper.js';
+
+// Loading digital-identity-iframe.html in the test will make a digital credential call on load, and
+// trigger a postMessage upon completion.
+//
+// message {
+// string result: "Pass" | "Fail"
+// string data: credential.token
+// string errorType: error.data
+// }
+
+window.onload = async () => {
+ try {
+ let request = buildValidNavigatorIdentityRequest();
+ let credential = await navigator.identity.get(request);
+
+ window.top.postMessage({result: "Pass", data: credential.data}, '*');
+ } catch (error) {
+ window.top.postMessage({result: "Fail", errorType: error.name}, '*');
+ }
+};
+
+</script>
diff --git a/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js b/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js
index 765b3cc48a..f0031fa531 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js
+++ b/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js
@@ -8,7 +8,9 @@ export function open_and_wait_for_popup(origin, path) {
// We rely on the popup page to send us a message when done.
const popup_message_handler = (event) => {
- if (event.origin == origin) {
+ // We use new URL() to ensure the two origins are normalized the same
+ // way (especially so that default ports are handled identically).
+ if (new URL(event.origin).toString() == new URL(origin).toString()) {
popup_window.close();
window.removeEventListener('message', popup_message_handler);
resolve();
@@ -22,7 +24,7 @@ export function open_and_wait_for_popup(origin, path) {
// Set the identity provider cookie.
export function set_fedcm_cookie(host) {
if (host == undefined) {
- document.cookie = 'cookie=1; SameSite=Strict; Path=/credential-management/support; Secure';
+ document.cookie = 'cookie=1; SameSite=None; Path=/credential-management/support; Secure';
return Promise.resolve();
} else {
return open_and_wait_for_popup(host, '/credential-management/support/set_cookie');
@@ -102,6 +104,15 @@ credential-management/support/fedcm/${manifest_filename}`;
// Test wrapper which does FedCM-specific setup.
export function fedcm_test(test_func, test_name) {
promise_test(async t => {
+ // Ensure we start from a clean slate.
+ await test_driver.delete_all_cookies();
+ // Turn off delays that are not useful in tests.
+ try {
+ await test_driver.set_fedcm_delay_enabled(false);
+ } catch (e) {
+ // Failure is not critical; it just might slow down tests.
+ }
+
await set_fedcm_cookie();
await set_alt_fedcm_cookie();
await test_func(t);
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py b/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py
new file mode 100644
index 0000000000..a6f385feac
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py
@@ -0,0 +1,28 @@
+import importlib
+error_checker = importlib.import_module("credential-management.support.fedcm.request-params-check")
+
+def main(request, response):
+ request_error = error_checker.accountsCheck(request)
+ if (request_error):
+ return request_error
+ if request.cookies.get(b"same_site_strict") == b"1":
+ return (546, [], "Should not send SameSite=Strict cookies")
+ if request.headers.get(b"Sec-Fetch-Site") != b"cross-site":
+ return (538, [], "Wrong Sec-Fetch-Site header")
+
+ response.headers.set(b"Content-Type", b"application/json")
+
+ return """
+{
+ "accounts": [{
+ "id": "1234",
+ "given_name": "John",
+ "name": "John Doe",
+ "email": "john_doe@idp.example",
+ "picture": "https://idp.example/profile/123",
+ "approved_clients": ["123", "456", "789"],
+ "login_hints": ["john_doe"],
+ "domain_hints": ["idp.example", "example"]
+ }]
+}
+"""
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/accounts_no_approved_clients.py b/testing/web-platform/tests/credential-management/support/fedcm/accounts_no_approved_clients.py
new file mode 100644
index 0000000000..faea06edc3
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/support/fedcm/accounts_no_approved_clients.py
@@ -0,0 +1,30 @@
+import importlib
+error_checker = importlib.import_module("credential-management.support.fedcm.request-params-check")
+
+def main(request, response):
+ request_error = error_checker.accountsCheck(request)
+ if (request_error):
+ return request_error
+
+ response.headers.set(b"Content-Type", b"application/json")
+
+ return """
+{
+ "accounts": [{
+ "id": "1234",
+ "given_name": "John",
+ "name": "John Doe",
+ "email": "john_doe@idp.example",
+ "picture": "https://idp.example/profile/123",
+ "login_hints": ["john_doe"],
+ "domain_hints": ["idp.example", "example"]
+ },
+ {
+ "id": "jane_doe",
+ "given_name": "Jane",
+ "name": "Jane Doe",
+ "email": "jane_doe@idp.example",
+ "picture": "https://idp.example/profile/5678"
+ }]
+}
+"""
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py b/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py
index 42b4f3f8fd..1b4831b51d 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py
@@ -8,5 +8,7 @@ def main(request, response):
response.headers.set(b"Content-Type", b"application/json")
- return "{\"continue_on\": \"resolve.html\"}"
+ account = request.POST.get(b"account_id").decode("utf-8")
+ nonce = request.POST.get(b"nonce").decode("utf-8")
+ return "{\"continue_on\": \"resolve.html?selected=%s&%s\"}" % (account, nonce)
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/manifest_check_same_site_strict.json b/testing/web-platform/tests/credential-management/support/fedcm/manifest_check_same_site_strict.json
new file mode 100644
index 0000000000..d730415983
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/support/fedcm/manifest_check_same_site_strict.json
@@ -0,0 +1,7 @@
+{
+ "accounts_endpoint": "accounts_check_same_site_strict.py",
+ "client_metadata_endpoint": "client_metadata.py",
+ "id_assertion_endpoint": "token_check_same_site_strict.py",
+ "login_url": "login.html"
+}
+
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_continue_on.json b/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_continue_on.json
index 3f5a954b87..d7673c7e1b 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_continue_on.json
+++ b/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_continue_on.json
@@ -1,5 +1,5 @@
{
- "accounts_endpoint": "accounts.py",
+ "accounts_endpoint": "accounts_no_approved_clients.py",
"client_metadata_endpoint": "client_metadata.py",
"id_assertion_endpoint": "continue_on.py",
"disconnect_endpoint": "disconnect.py",
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py
index b774496d5d..6c610e6e20 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py
@@ -17,8 +17,6 @@ def commonUncredentialedRequestCheck(request):
def commonCredentialedRequestCheck(request):
if request.cookies.get(b"cookie") != b"1":
return (537, [], "Missing cookie")
- if request.headers.get(b"Sec-Fetch-Site") != b"none":
- return (538, [], "Wrong Sec-Fetch-Site header")
def commonPostCheck(request):
if not request.headers.get(b"Origin"):
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/resolve.html b/testing/web-platform/tests/credential-management/support/fedcm/resolve.html
index 87f5112cfd..dbdc28c324 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/resolve.html
+++ b/testing/web-platform/tests/credential-management/support/fedcm/resolve.html
@@ -1,7 +1,16 @@
<!DOCTYPE html>
<script>
async function doResolve() {
- IdentityProvider.resolve("resolved token");
+ let params = new URLSearchParams(document.location.search);
+ let options = {};
+ if (params.get("accountId")) {
+ options.accountId = params.get("accountId");
+ }
+ let token = "resolved token";
+ if (params.get("selected")) {
+ token = "account=" + params.get("selected");
+ }
+ IdentityProvider.resolve(token, options);
}
window.onload = doResolve;
</script>
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/set_accounts_cookie.py b/testing/web-platform/tests/credential-management/support/fedcm/set_accounts_cookie.py
index ab34992210..15adf11324 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/set_accounts_cookie.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/set_accounts_cookie.py
@@ -15,6 +15,7 @@ def main(request, response):
// If this page was opened as a popup, notify the opener.
if (window.opener) {
window.opener.postMessage("done_loading", "*");
+ window.close();
}
</script>
Sent header value: {}".format(header_value)
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py b/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py
new file mode 100644
index 0000000000..8a4b3a234b
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py
@@ -0,0 +1,15 @@
+import importlib
+error_checker = importlib.import_module("credential-management.support.fedcm.request-params-check")
+
+def main(request, response):
+ request_error = error_checker.tokenCheck(request)
+ if (request_error):
+ return request_error
+ if request.cookies.get(b"same_site_strict") == b"1":
+ return (546, [], "Should not send SameSite=Strict cookies")
+
+ response.headers.set(b"Content-Type", b"application/json")
+ response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+ response.headers.set(b"Access-Control-Allow-Credentials", "true")
+
+ return "{\"token\": \"token\"}"
diff --git a/testing/web-platform/tests/credential-management/support/fencedframe-mark-signedin.html b/testing/web-platform/tests/credential-management/support/fencedframe-mark-signedin.html
index 532db7047a..681fcd6787 100644
--- a/testing/web-platform/tests/credential-management/support/fencedframe-mark-signedin.html
+++ b/testing/web-platform/tests/credential-management/support/fencedframe-mark-signedin.html
@@ -3,13 +3,17 @@
<fencedframe></fencedframe>
<script>
-const url = new URL("mark_signedin", location.href);
-document.querySelector("fencedframe").config = new FencedFrameConfig(url);
-
// If this page was opened as a popup, notify the opener when we are done loading.
if (window.opener) {
window.onload = function() {
window.opener.postMessage("done_loading", "*");
};
}
+
+// This code is intentionally after the onload listener registration
+// because it can throw if FencedFrameConfig is not defined. In that
+// case, we still want to notify the opener to avoid a test timeout.
+const url = new URL("mark_signedin", location.href);
+document.querySelector("fencedframe").config = new FencedFrameConfig(url);
+
</script>
diff --git a/testing/web-platform/tests/credential-management/support/set_cookie b/testing/web-platform/tests/credential-management/support/set_cookie
index 1080b366e4..2c3196058a 100644
--- a/testing/web-platform/tests/credential-management/support/set_cookie
+++ b/testing/web-platform/tests/credential-management/support/set_cookie
@@ -6,6 +6,7 @@
// If this page was opened as a popup, notify the opener.
if (window.opener) {
window.opener.postMessage("done_loading", "*");
+ window.close();
}
</script>
</body>
diff --git a/testing/web-platform/tests/credential-management/support/set_cookie.headers b/testing/web-platform/tests/credential-management/support/set_cookie.headers
index b19ff933a6..4226ff4c99 100644
--- a/testing/web-platform/tests/credential-management/support/set_cookie.headers
+++ b/testing/web-platform/tests/credential-management/support/set_cookie.headers
@@ -1,2 +1,3 @@
Content-Type: text/html
Set-Cookie: cookie=1; SameSite=None; Secure
+Set-Cookie: same_site_strict=1; SameSite=Strict; Secure