summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/credential-management/support
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/credential-management/support')
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js20
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py2
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/continue_on.py2
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py11
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py2
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py2
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py2
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py2
-rw-r--r--testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py2
-rw-r--r--testing/web-platform/tests/credential-management/support/set_cookie.headers5
10 files changed, 45 insertions, 5 deletions
diff --git a/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js b/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js
index f0031fa531..308950e1e2 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js
+++ b/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js
@@ -1,6 +1,7 @@
export const manifest_origin = "https://{{host}}:{{ports[https][0]}}";
export const alt_manifest_origin = 'https://{{hosts[alt][]}}:{{ports[https][0]}}';
export const same_site_manifest_origin = 'https://{{hosts[][www1]}}:{{ports[https][0]}}';
+export const default_manifest_path = '/credential-management/support/fedcm/manifest.py';
export function open_and_wait_for_popup(origin, path) {
return new Promise(resolve => {
@@ -100,6 +101,25 @@ credential-management/support/fedcm/${manifest_filename}`;
};
}
+export function request_options_with_two_idps(mediation = 'required') {
+ const first_config = `${manifest_origin}${default_manifest_path}`;
+ const second_config = `${alt_manifest_origin}${default_manifest_path}`;
+ return {
+ identity: {
+ providers: [{
+ configURL: first_config,
+ clientId: '123',
+ nonce: 'N1'
+ },
+ {
+ configURL: second_config,
+ clientId: '456',
+ nonce: 'N2'
+ }],
+ },
+ mediation: mediation
+ };
+}
// Test wrapper which does FedCM-specific setup.
export function fedcm_test(test_func, test_name) {
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py b/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py
index a6f385feac..796ac003cb 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py
@@ -7,6 +7,8 @@ def main(request, response):
return request_error
if request.cookies.get(b"same_site_strict") == b"1":
return (546, [], "Should not send SameSite=Strict cookies")
+ if request.cookies.get(b"same_site_lax") == b"1":
+ return (547, [], "Should not send SameSite=Lax cookies")
if request.headers.get(b"Sec-Fetch-Site") != b"cross-site":
return (538, [], "Wrong Sec-Fetch-Site header")
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py b/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py
index 1b4831b51d..2a580e0f3f 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py
@@ -7,6 +7,8 @@ def main(request, response):
return request_error
response.headers.set(b"Content-Type", b"application/json")
+ response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+ response.headers.set(b"Access-Control-Allow-Credentials", "true")
account = request.POST.get(b"account_id").decode("utf-8")
nonce = request.POST.get(b"nonce").decode("utf-8")
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py
index 6c610e6e20..08c28e32b7 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py
@@ -63,12 +63,16 @@ def accountsCheck(request):
return (539, [], "Should not have Origin")
def tokenCheck(request):
- common_error = commonCheck(request)
+ common_error = commonCheck(request, b"cors")
if (common_error):
return common_error
common_credentialed_error = commonCredentialedRequestCheck(request)
if (common_credentialed_error):
return common_credentialed_error
+ # The value of the Sec-Fetch-Site header can vary depending on the IdP origin
+ # but it should not be 'none'.
+ if request.headers.get(b"Sec-Fetch-Site") == b"none":
+ return (538, [], "Wrong Sec-Fetch-Site header")
post_error = commonPostCheck(request)
if (post_error):
@@ -86,8 +90,9 @@ def revokeCheck(request):
if (common_error):
return common_error
- if request.cookies.get(b"cookie") != b"1":
- return (537, [], "Missing cookie")
+ common_credentialed_error = commonCredentialedRequestCheck(request)
+ if (common_credentialed_error):
+ return common_credentialed_error
# The value of the Sec-Fetch-Site header can vary depending on the IdP origin
# but it should not be 'none'.
if request.headers.get(b"Sec-Fetch-Site") == b"none":
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py b/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py
index 8a4b3a234b..4e55bf27f6 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py
@@ -7,6 +7,8 @@ def main(request, response):
return request_error
if request.cookies.get(b"same_site_strict") == b"1":
return (546, [], "Should not send SameSite=Strict cookies")
+ if request.cookies.get(b"same_site_lax") == b"1":
+ return (547, [], "Should not send SameSite=Lax cookies")
response.headers.set(b"Content-Type", b"application/json")
response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py
index 52fb20184b..04e7b5b56b 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py
@@ -7,6 +7,8 @@ def main(request, response):
return request_error
response.headers.set(b"Content-Type", b"application/json")
+ response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+ response.headers.set(b"Access-Control-Allow-Credentials", "true")
account_id = request.POST.get(b"account_id")
return "{\"token\": \"account_id=" + account_id.decode("utf-8") + "\"}"
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py
index 93ccf3ee7e..3e011ce788 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py
@@ -7,6 +7,8 @@ def main(request, response):
return request_error
response.headers.set(b"Content-Type", b"application/json")
+ response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+ response.headers.set(b"Access-Control-Allow-Credentials", "true")
is_auto_selected = request.POST.get(b"is_auto_selected")
return "{\"token\": \"is_auto_selected=" + is_auto_selected.decode("utf-8") + "\"}"
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py
index c8d95ab63d..05b9945ba8 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py
@@ -7,6 +7,8 @@ def main(request, response):
return request_error
response.headers.set(b"Content-Type", b"application/json")
+ response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+ response.headers.set(b"Access-Control-Allow-Credentials", "true")
response.status = (403, b"Forbidden")
return "{\"token\": \"token\"}"
diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py
index 515736416f..add634c99b 100644
--- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py
+++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py
@@ -7,6 +7,8 @@ def main(request, response):
return request_error
response.headers.set(b"Content-Type", b"application/json")
+ response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+ response.headers.set(b"Access-Control-Allow-Credentials", "true")
rp_mode = request.POST.get(b"mode")
return "{\"token\": \"mode=" + rp_mode.decode("utf-8") + "\"}"
diff --git a/testing/web-platform/tests/credential-management/support/set_cookie.headers b/testing/web-platform/tests/credential-management/support/set_cookie.headers
index 4226ff4c99..df223115a7 100644
--- a/testing/web-platform/tests/credential-management/support/set_cookie.headers
+++ b/testing/web-platform/tests/credential-management/support/set_cookie.headers
@@ -1,3 +1,4 @@
Content-Type: text/html
-Set-Cookie: cookie=1; SameSite=None; Secure
-Set-Cookie: same_site_strict=1; SameSite=Strict; Secure
+Set-Cookie: cookie=1; SameSite=None; Secure; Path=/
+Set-Cookie: same_site_strict=1; SameSite=Strict; Secure; Path=/
+Set-Cookie: same_site_lax=1; SameSite=Lax; Secure; Path=/