summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/credential-management
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:13:33 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:13:33 +0000
commit086c044dc34dfc0f74fbe41f4ecb402b2cd34884 (patch)
treea4f824bd33cb075dd5aa3eb5a0a94af221bbe83a /testing/web-platform/tests/credential-management
parentAdding debian version 124.0.1-1. (diff)
downloadfirefox-086c044dc34dfc0f74fbe41f4ecb402b2cd34884.tar.xz
firefox-086c044dc34dfc0f74fbe41f4ecb402b2cd34884.zip
Merging upstream version 125.0.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/credential-management')
-rw-r--r--testing/web-platform/tests/credential-management/digital-identity.https.html125
-rw-r--r--testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-basics.tentative.https.html34
-rw-r--r--testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-priority.tentative.https.html73
-rw-r--r--testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account-button-flow.tentative.https.html84
-rw-r--r--testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account.tentative.https.html49
-rw-r--r--testing/web-platform/tests/credential-management/fedcm-identity-assertion-nocors.https.html29
-rw-r--r--testing/web-platform/tests/credential-management/fedcm-login-status-unknown.https.html23
-rw-r--r--testing/web-platform/tests/credential-management/fedcm-pending-call-rejected.https.html2
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/manifest-token-nocors.json7
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/manifest_with_rp_mode.json6
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/manifest_with_variable_accounts.json10
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py2
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/set_accounts_cookie.py21
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/token.py3
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py12
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/variable_accounts.py50
16 files changed, 511 insertions, 19 deletions
diff --git a/testing/web-platform/tests/credential-management/digital-identity.https.html b/testing/web-platform/tests/credential-management/digital-identity.https.html
new file mode 100644
index 0000000000..82630e2a5b
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/digital-identity.https.html
@@ -0,0 +1,125 @@
+<!DOCTYPE html>
+<title>Digital Identity Credential tests.</title>
+<link rel="help" href="https://wicg.github.io/digital-identities/">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+
+<body>
+
+<script>
+// Builds valid digital identity request for navigator.credentials.get() API.
+function buildValidNavigatorCredentialsRequest() {
+ return {
+ identity: {
+ providers: [{
+ holder: {
+ selector: {
+ format: ['mdoc'],
+ doctype: 'org.iso.18013.5.1.mDL',
+ fields: [
+ 'org.iso.18013.5.1.family_name',
+ 'org.iso.18013.5.1.portrait',
+ ]
+ },
+ params: {
+ nonce: '1234',
+ readerPublicKey: 'test_reader_public_key',
+ extraParamAsNeededByDigitalCredentials: true,
+ },
+ },
+ }],
+ },
+ };
+}
+
+// Builds valid digital identity request for navigator.identity.get() API.
+function buildValidNavigatorIdentityRequest() {
+ return {
+ digital: {
+ providers: [{
+ protocol: "protocol",
+ selector: {
+ format: ['mdoc'],
+ doctype: 'org.iso.18013.5.1.mDL',
+ fields: [
+ 'org.iso.18013.5.1.family_name',
+ 'org.iso.18013.5.1.portrait',
+ ]
+ },
+ params: {
+ nonce: '1234',
+ readerPublicKey: 'test_reader_public_key',
+ extraParamAsNeededByDigitalCredentials: true,
+ },
+ }],
+ },
+ };
+}
+
+// Requires browser to have mode where OS-presented digital-identity-prompt is
+// bypassed in favour of returning "fake_test_token" directly.
+promise_test(async t => {
+ const {token} = await navigator.credentials.get(buildValidNavigatorCredentialsRequest());
+ assert_equals("fake_test_token", token);
+}, "navigator.credentials.get() API works in toplevel frame.");
+
+promise_test(async t => {
+ let request = buildValidNavigatorCredentialsRequest();
+ request.identity.providers = undefined;
+
+ await promise_rejects_js(t, TypeError, navigator.credentials.get(request));
+}, "navigator.credentials.get() API fails if IdentityCredentialRequestOptions::providers is not specified.");
+
+promise_test(async t => {
+ let request = buildValidNavigatorCredentialsRequest();
+ request.identity.providers = [];
+
+ await promise_rejects_js(t, TypeError, navigator.credentials.get(request));
+}, "navigator.credentials.get() API fails if there are no providers.");
+
+promise_test(async t => {
+ let request = buildValidNavigatorCredentialsRequest();
+ let providerCopy = structuredClone(request.identity.providers[0]);
+ request.identity.providers.push(providerCopy);
+ await promise_rejects_js(t, TypeError, navigator.credentials.get(request));
+}, "navigator.credentials.get() API fails if there is more than one provider.");
+
+promise_test(async t => {
+ let request = buildValidNavigatorCredentialsRequest();
+ request.identity.providers[0].holder = undefined;
+
+ await promise_rejects_js(t, TypeError, navigator.credentials.get(request));
+}, "navigator.credentials.get() API fails if IdentityProviderConfig::holder is not specified.");
+
+promise_test(async t => {
+ let request = buildValidNavigatorIdentityRequest();
+ let credential = await navigator.identity.get(request);
+ assert_equals("protocol", credential.protocol);
+ assert_equals("fake_test_token", credential.data);
+}, "navigator.identity.get() API works in toplevel frame.");
+
+promise_test(async t => {
+ let request = buildValidNavigatorIdentityRequest();
+ request.digital.providers = undefined;
+
+ await promise_rejects_js(t, TypeError, navigator.identity.get(request));
+}, "navigator.identity.get() API fails if DigitalCredentialRequestOptions::providers is not specified.");
+
+promise_test(async t => {
+ let request = buildValidNavigatorIdentityRequest();
+ let providerCopy = structuredClone(request.digital.providers[0]);
+ request.digital.providers.push(providerCopy);
+ await promise_rejects_js(t, TypeError, navigator.identity.get(request));
+}, "navigator.identity.get() API fails if there is more than one provider.");
+
+promise_test(async t=> {
+ let abortController = new AbortController();
+ let request = buildValidNavigatorIdentityRequest();
+ request.signal = abortController.signal;
+ let requestPromise = navigator.identity.get(request);
+ abortController.abort();
+ await promise_rejects_dom(t, "AbortError", requestPromise);
+}, "navigator.identity.get() promise is rejected when the page aborts the request.");
+</script>
diff --git a/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-basics.tentative.https.html b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-basics.tentative.https.html
new file mode 100644
index 0000000000..a71e262135
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-basics.tentative.https.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<title>Federated Credential Management API Button Mode basic tests.</title>
+<link rel="help" href="https://fedidcg.github.io/FedCM">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+
+<script type="module">
+import {request_options_with_mediation_required,
+ fedcm_test,
+ select_manifest,
+ fedcm_get_and_select_first_account} from '../support/fedcm-helper.sub.js';
+
+fedcm_test(async t => {
+ let test_options = request_options_with_mediation_required();
+ test_options.identity.mode = "button";
+ await select_manifest(t, test_options);
+
+ let result = navigator.credentials.get(test_options);
+ return promise_rejects_dom(t, 'NetworkError', result);
+}, "Test that the button mode without user activation will fail.");
+
+fedcm_test(async t => {
+ let test_options = request_options_with_mediation_required("manifest_with_rp_mode.json");
+ test_options.identity.mode = "button";
+
+ return test_driver.bless('initiate FedCM request', async function() {
+ let cred = await fedcm_get_and_select_first_account(t, test_options);
+ assert_equals(cred.token, "mode=button");
+ });
+}, "Test that the button mode succeeds with user activation.");
+
+</script>
diff --git a/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-priority.tentative.https.html b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-priority.tentative.https.html
new file mode 100644
index 0000000000..b71e84db47
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-priority.tentative.https.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html>
+<title>Federated Credential Management API Button Mode priority tests.</title>
+<link rel="help" href="https://fedidcg.github.io/FedCM">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+
+<script type="module">
+import {request_options_with_mediation_required,
+ fedcm_test,
+ fedcm_get_and_select_first_account} from '../support/fedcm-helper.sub.js';
+
+fedcm_test(async t => {
+ let widget_test_options = request_options_with_mediation_required();
+ let button_test_options = request_options_with_mediation_required("manifest_with_rp_mode.json");
+ button_test_options.identity.mode = "button";
+
+ return test_driver.bless('initiate FedCM request', async function() {
+ let first_cred = await fedcm_get_and_select_first_account(t, button_test_options);
+ assert_equals(first_cred.token, "mode=button");
+ let second_cred = await fedcm_get_and_select_first_account(t, widget_test_options);
+ assert_equals(second_cred.token, "token");
+ });
+}, "Test that the widget mode can succeed after the button mode.");
+
+fedcm_test(async t => {
+ let widget_test_options = request_options_with_mediation_required("manifest_with_rp_mode.json");
+ let button_test_options = request_options_with_mediation_required("manifest_with_rp_mode.json");
+ button_test_options.identity.mode = "button";
+
+ let first_cred = navigator.credentials.get(widget_test_options);
+ let rej = promise_rejects_dom(t, 'NetworkError', first_cred);
+
+ return test_driver.bless('initiate FedCM request', async function() {
+ let second_cred = await fedcm_get_and_select_first_account(t, button_test_options);
+ assert_equals(second_cred.token, "mode=button");
+ await rej;
+ });
+ }, "Test that the button mode can replace widget mode.");
+
+fedcm_test(async t => {
+ let button_test_options = request_options_with_mediation_required("manifest_with_rp_mode.json");
+ button_test_options.identity.mode = "button";
+
+ return test_driver.bless('initiate FedCM request', async function() {
+ let first_cred = fedcm_get_and_select_first_account(t, button_test_options);
+ let second_cred = navigator.credentials.get(button_test_options);
+ let rej = promise_rejects_dom(t, 'NotAllowedError', second_cred);
+
+ let cred = await first_cred;
+ assert_equals(cred.token, "mode=button");
+ await rej;
+ });
+}, "Test that the button mode cannot replace button mode.");
+
+fedcm_test(async t => {
+ let widget_test_options = request_options_with_mediation_required("manifest_with_rp_mode.json");
+ let button_test_options = request_options_with_mediation_required("manifest_with_rp_mode.json");
+ button_test_options.identity.mode = "button";
+
+ return test_driver.bless('initiate FedCM request', async function() {
+ let first_cred = fedcm_get_and_select_first_account(t, button_test_options);
+ let second_cred = navigator.credentials.get(widget_test_options);
+ let rej = promise_rejects_dom(t, 'NotAllowedError', second_cred);
+
+ let cred = await first_cred;
+ assert_equals(cred.token, "mode=button");
+ await rej;
+ });
+}, "Test that the widget mode cannot replace button mode.");
+
+</script>
diff --git a/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account-button-flow.tentative.https.html b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account-button-flow.tentative.https.html
new file mode 100644
index 0000000000..996523af84
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account-button-flow.tentative.https.html
@@ -0,0 +1,84 @@
+<!DOCTYPE html>
+<title>Federated Credential Management API Use Another Account API tests.</title>
+<link rel="help" href="https://fedidcg.github.io/FedCM">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+
+<script type="module">
+import {request_options_with_mediation_required,
+ fedcm_test,
+ fedcm_get_dialog_type_promise,
+ manifest_origin,
+ open_and_wait_for_popup,
+ select_manifest} from '../support/fedcm-helper.sub.js';
+
+const url_path = '/credential-management/support/fedcm/'
+const url_prefix = manifest_origin + url_path;
+
+async function set_accounts_cookie(value) {
+ await open_and_wait_for_popup(manifest_origin, url_path + 'set_accounts_cookie.py?' + value);
+}
+
+fedcm_test(async t => {
+ await set_accounts_cookie("1");
+
+ let test_options =
+ request_options_with_mediation_required("manifest_with_variable_accounts.json");
+ test_options.identity.mode = "button";
+ await select_manifest(t, test_options);
+
+ // Trigger FedCM and wait for the initial dialog.
+ let cred_promise = null;
+ await test_driver.bless('initiate FedCM request', async function() {
+ cred_promise = navigator.credentials.get(test_options);
+ });
+
+ let type = await fedcm_get_dialog_type_promise(t);
+ assert_equals(type, "AccountChooser");
+
+ // Tell the account endpoint to now return 2 accounts and click use other account.
+ await set_accounts_cookie("2");
+ await window.test_driver.click_fedcm_dialog_button("ConfirmIdpLoginContinue");
+
+ // Wait for the account chooser to appear again.
+ type = await fedcm_get_dialog_type_promise(t);
+ assert_equals(type, "AccountChooser");
+
+ await window.test_driver.select_fedcm_account(1);
+ const cred = await cred_promise;
+ assert_equals(cred.token, "account_id=jane_doe");
+}, 'Test that the "Use Other Account" button works correctly.');
+
+
+fedcm_test(async t => {
+ await set_accounts_cookie("1");
+
+ let test_options =
+ request_options_with_mediation_required("manifest_with_variable_accounts.json");
+ test_options.identity.mode = "button";
+ await select_manifest(t, test_options);
+
+ // Trigger FedCM and wait for the initial dialog.
+ let cred_promise = null;
+ await test_driver.bless('initiate FedCM request', async function() {
+ cred_promise = navigator.credentials.get(test_options);
+ });
+
+ let type = await fedcm_get_dialog_type_promise(t);
+ assert_equals(type, "AccountChooser");
+
+ // Click use other account but without changing the account returned.
+ await window.test_driver.click_fedcm_dialog_button("ConfirmIdpLoginContinue");
+
+ // Wait for the account chooser to appear again.
+ type = await fedcm_get_dialog_type_promise(t);
+ assert_equals(type, "AccountChooser");
+
+ await window.test_driver.select_fedcm_account(0);
+ const cred = await cred_promise;
+ assert_equals(cred.token, "account_id=1234");
+}, 'Test that the "Use Other Account" button works correctly when accounts do not change.');
+
+</script>
diff --git a/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account.tentative.https.html b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account.tentative.https.html
new file mode 100644
index 0000000000..2022bbc0f7
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account.tentative.https.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<title>Federated Credential Management API Use Another Account API tests.</title>
+<link rel="help" href="https://fedidcg.github.io/FedCM">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+
+<script type="module">
+import {request_options_with_mediation_required,
+ fedcm_test,
+ fedcm_get_dialog_type_promise,
+ manifest_origin,
+ open_and_wait_for_popup,
+ select_manifest} from '../support/fedcm-helper.sub.js';
+
+const url_path = '/credential-management/support/fedcm/'
+const url_prefix = manifest_origin + url_path;
+
+async function set_accounts_cookie(value) {
+ await open_and_wait_for_popup(manifest_origin, url_path + 'set_accounts_cookie.py?' + value);
+}
+
+fedcm_test(async t => {
+ await set_accounts_cookie("1");
+
+ let test_options =
+ request_options_with_mediation_required("manifest_with_variable_accounts.json");
+ await select_manifest(t, test_options);
+
+ // Trigger FedCM and wait for the initial dialog.
+ const cred_promise = navigator.credentials.get(test_options);
+ let type = await fedcm_get_dialog_type_promise(t);
+ assert_equals(type, "AccountChooser");
+
+ // Tell the account endpoint to now return 2 accounts and click use other account.
+ await set_accounts_cookie("2");
+ await window.test_driver.click_fedcm_dialog_button("ConfirmIdpLoginContinue");
+
+ // Wait for the account chooser to appear again.
+ type = await fedcm_get_dialog_type_promise(t);
+ assert_equals(type, "AccountChooser");
+
+ await window.test_driver.select_fedcm_account(1);
+ const cred = await cred_promise;
+ assert_equals(cred.token, "account_id=jane_doe");
+}, 'Test that the "Use Other Account" button works correctly.');
+
+</script>
diff --git a/testing/web-platform/tests/credential-management/fedcm-identity-assertion-nocors.https.html b/testing/web-platform/tests/credential-management/fedcm-identity-assertion-nocors.https.html
new file mode 100644
index 0000000000..612387b4a0
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/fedcm-identity-assertion-nocors.https.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<title>Federated Credential Management API test with no CORS identity assertion.</title>
+<link rel="help" href="https://fedidcg.github.io/FedCM">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+
+<script type="module">
+import {request_options_with_mediation_required,
+ fedcm_test,
+ select_manifest,
+ mark_signed_in,
+ fedcm_get_dialog_type_promise,
+ fedcm_get_and_select_first_account} from './support/fedcm-helper.sub.js';
+
+fedcm_test(async t => {
+ await mark_signed_in();
+ let test_options = request_options_with_mediation_required("manifest-token-nocors.json");
+ await select_manifest(t, test_options);
+ try {
+ const cred = await fedcm_get_and_select_first_account(t, test_options);
+ assert_unreached("An IdentityCredentialError exception should be thrown.");
+ } catch (e) {
+ assert_true(e instanceof DOMException);
+ assert_equals(e.name, "IdentityCredentialError");
+ }
+}, 'Test that promise is rejected if identity assertion does not use CORS');
+</script>
diff --git a/testing/web-platform/tests/credential-management/fedcm-login-status-unknown.https.html b/testing/web-platform/tests/credential-management/fedcm-login-status-unknown.https.html
new file mode 100644
index 0000000000..d542524c88
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/fedcm-login-status-unknown.https.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>FedCM IDP sign-in status API tests for unknown state</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+
+<script type="module">
+ import {request_options_with_mediation_required,
+ fedcm_test,
+ select_manifest,
+ fedcm_get_and_select_first_account} from './support/fedcm-helper.sub.js';
+
+ // TODO(crbug.com/1494119): move the test under fedcm-login-status.
+ fedcm_test(async t => {
+ let test_options = request_options_with_mediation_required("manifest_with_no_accounts.json");
+ await select_manifest(t, test_options);
+
+ let request = navigator.credentials.get(test_options);
+ return promise_rejects_dom(t, 'NetworkError', request);
+ }, 'Test that promise is rejected silently when accounts fetch fails in unknown state');
+</script> \ No newline at end of file
diff --git a/testing/web-platform/tests/credential-management/fedcm-pending-call-rejected.https.html b/testing/web-platform/tests/credential-management/fedcm-pending-call-rejected.https.html
index feb3f903d8..bb9f885a8a 100644
--- a/testing/web-platform/tests/credential-management/fedcm-pending-call-rejected.https.html
+++ b/testing/web-platform/tests/credential-management/fedcm-pending-call-rejected.https.html
@@ -19,7 +19,7 @@ fedcm_test(async t => {
// We have to call promise_rejects_dom here, because if we call it after
// the promise gets rejected, the unhandled rejection event handler is called
// and fails the test even if we handle the rejection later.
- const rej = promise_rejects_dom(t, 'AbortError', second);
+ const rej = promise_rejects_dom(t, 'NotAllowedError', second);
const first_cred = await first;
assert_equals(first_cred.token, "token");
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/manifest-token-nocors.json b/testing/web-platform/tests/credential-management/support/fedcm/manifest-token-nocors.json
new file mode 100644
index 0000000000..77ba1b4702
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/support/fedcm/manifest-token-nocors.json
@@ -0,0 +1,7 @@
+{
+ "accounts_endpoint": "accounts.py",
+ "client_metadata_endpoint": "client_metadata.py",
+ "id_assertion_endpoint": "token.py?nocors=1",
+ "disconnect_endpoint": "disconnect.py",
+ "login_url": "login.html"
+}
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_rp_mode.json b/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_rp_mode.json
new file mode 100644
index 0000000000..5692fd9190
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_rp_mode.json
@@ -0,0 +1,6 @@
+{
+ "accounts_endpoint": "two_accounts.py",
+ "client_metadata_endpoint": "client_metadata.py",
+ "id_assertion_endpoint": "token_with_rp_mode.py",
+ "login_url": "login.html"
+}
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_variable_accounts.json b/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_variable_accounts.json
index 10c2ddd55d..9e4af25004 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_variable_accounts.json
+++ b/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_variable_accounts.json
@@ -2,5 +2,13 @@
"accounts_endpoint": "variable_accounts.py",
"client_metadata_endpoint": "client_metadata.py",
"id_assertion_endpoint": "token_with_account_id.py",
- "login_url": "login.html"
+ "login_url": "login.html",
+ "modes": {
+ "button": {
+ "supports_use_other_account": true
+ },
+ "widget": {
+ "supports_use_other_account": true
+ }
+ }
}
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py
index daf91aad8f..b774496d5d 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py
@@ -80,6 +80,8 @@ def tokenCheck(request):
return (544, [], "Missing 'account_id' POST parameter")
if not request.POST.get(b"disclosure_text_shown"):
return (545, [], "Missing 'disclosure_text_shown' POST parameter")
+ if not request.headers.get(b"Origin"):
+ return (540, [], "Missing Origin")
def revokeCheck(request):
common_error = commonCheck(request, b"cors")
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/set_accounts_cookie.py b/testing/web-platform/tests/credential-management/support/fedcm/set_accounts_cookie.py
new file mode 100644
index 0000000000..ab34992210
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/support/fedcm/set_accounts_cookie.py
@@ -0,0 +1,21 @@
+def main(request, response):
+ query_string = request.url_parts[3]
+ # We mark the cookie as HttpOnly so that this request
+ # can be made before login.html, which would overwrite
+ # the value to 1.
+ header_value = "accounts={}; SameSite=None; Secure; HttpOnly".format(query_string)
+ response.headers.set(b"Set-Cookie", header_value.encode("utf-8"))
+ response.headers.set(b"Content-Type", b"text/html")
+
+ return """
+<!DOCTYPE html>
+<script>
+// The important part of this page are the headers.
+
+// If this page was opened as a popup, notify the opener.
+if (window.opener) {
+ window.opener.postMessage("done_loading", "*");
+}
+</script>
+Sent header value: {}".format(header_value)
+"""
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token.py b/testing/web-platform/tests/credential-management/support/fedcm/token.py
index b914eb2d96..7ec81c390a 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/token.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/token.py
@@ -7,5 +7,8 @@ def main(request, response):
return request_error
response.headers.set(b"Content-Type", b"application/json")
+ if b"nocors" not in request.GET:
+ response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+ response.headers.set(b"Access-Control-Allow-Credentials", "true")
return "{\"token\": \"token\"}"
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py
new file mode 100644
index 0000000000..515736416f
--- /dev/null
+++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py
@@ -0,0 +1,12 @@
+import importlib
+error_checker = importlib.import_module("credential-management.support.fedcm.request-params-check")
+
+def main(request, response):
+ request_error = error_checker.tokenCheck(request)
+ if (request_error):
+ return request_error
+
+ response.headers.set(b"Content-Type", b"application/json")
+
+ rp_mode = request.POST.get(b"mode")
+ return "{\"token\": \"mode=" + rp_mode.decode("utf-8") + "\"}"
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/variable_accounts.py b/testing/web-platform/tests/credential-management/support/fedcm/variable_accounts.py
index c9db2c4528..fc4446acc4 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/variable_accounts.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/variable_accounts.py
@@ -1,25 +1,14 @@
import importlib
error_checker = importlib.import_module("credential-management.support.fedcm.request-params-check")
-def main(request, response):
- request_error = error_checker.accountsCheck(request)
- if (request_error):
- return request_error
-
- response.headers.set(b"Content-Type", b"application/json")
-
- if request.cookies.get(b"accounts") != b"1":
- return """
-{
- "accounts": [
- ]
-}
+result_json = """
+{{
+ "accounts": [{}]
+}}
"""
-
- return """
+one_account = """
{
- "accounts": [{
"id": "1234",
"given_name": "John",
"name": "John Doe",
@@ -28,6 +17,33 @@ def main(request, response):
"approved_clients": ["123", "456", "789"],
"login_hints": ["john_doe"],
"hosted_domains": ["idp.example", "example"]
- }]
+ }
+"""
+
+
+two_accounts = one_account + """
+, {
+ "id": "jane_doe",
+ "given_name": "Jane",
+ "name": "Jane Doe",
+ "email": "jane_doe@idp.example",
+ "picture": "https://idp.example/profile/5678",
+ "approved_clients": ["123", "abc"]
}
"""
+
+def main(request, response):
+ request_error = error_checker.accountsCheck(request)
+ if (request_error):
+ return request_error
+
+ response.headers.set(b"Content-Type", b"application/json")
+
+ if request.cookies.get(b"accounts") == b"1":
+ return result_json.format(one_account)
+ if request.cookies.get(b"accounts") == b"2":
+ return result_json.format(two_accounts)
+
+ return result_json.format("")
+
+