diff options
Diffstat (limited to 'testing/web-platform/tests/credential-management')
16 files changed, 511 insertions, 19 deletions
diff --git a/testing/web-platform/tests/credential-management/digital-identity.https.html b/testing/web-platform/tests/credential-management/digital-identity.https.html new file mode 100644 index 0000000000..82630e2a5b --- /dev/null +++ b/testing/web-platform/tests/credential-management/digital-identity.https.html @@ -0,0 +1,125 @@ +<!DOCTYPE html> +<title>Digital Identity Credential tests.</title> +<link rel="help" href="https://wicg.github.io/digital-identities/"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> + +<body> + +<script> +// Builds valid digital identity request for navigator.credentials.get() API. +function buildValidNavigatorCredentialsRequest() { + return { + identity: { + providers: [{ + holder: { + selector: { + format: ['mdoc'], + doctype: 'org.iso.18013.5.1.mDL', + fields: [ + 'org.iso.18013.5.1.family_name', + 'org.iso.18013.5.1.portrait', + ] + }, + params: { + nonce: '1234', + readerPublicKey: 'test_reader_public_key', + extraParamAsNeededByDigitalCredentials: true, + }, + }, + }], + }, + }; +} + +// Builds valid digital identity request for navigator.identity.get() API. +function buildValidNavigatorIdentityRequest() { + return { + digital: { + providers: [{ + protocol: "protocol", + selector: { + format: ['mdoc'], + doctype: 'org.iso.18013.5.1.mDL', + fields: [ + 'org.iso.18013.5.1.family_name', + 'org.iso.18013.5.1.portrait', + ] + }, + params: { + nonce: '1234', + readerPublicKey: 'test_reader_public_key', + extraParamAsNeededByDigitalCredentials: true, + }, + }], + }, + }; +} + +// Requires browser to have mode where OS-presented digital-identity-prompt is +// bypassed in favour of returning "fake_test_token" directly. +promise_test(async t => { + const {token} = await navigator.credentials.get(buildValidNavigatorCredentialsRequest()); + assert_equals("fake_test_token", token); +}, "navigator.credentials.get() API works in toplevel frame."); + +promise_test(async t => { + let request = buildValidNavigatorCredentialsRequest(); + request.identity.providers = undefined; + + await promise_rejects_js(t, TypeError, navigator.credentials.get(request)); +}, "navigator.credentials.get() API fails if IdentityCredentialRequestOptions::providers is not specified."); + +promise_test(async t => { + let request = buildValidNavigatorCredentialsRequest(); + request.identity.providers = []; + + await promise_rejects_js(t, TypeError, navigator.credentials.get(request)); +}, "navigator.credentials.get() API fails if there are no providers."); + +promise_test(async t => { + let request = buildValidNavigatorCredentialsRequest(); + let providerCopy = structuredClone(request.identity.providers[0]); + request.identity.providers.push(providerCopy); + await promise_rejects_js(t, TypeError, navigator.credentials.get(request)); +}, "navigator.credentials.get() API fails if there is more than one provider."); + +promise_test(async t => { + let request = buildValidNavigatorCredentialsRequest(); + request.identity.providers[0].holder = undefined; + + await promise_rejects_js(t, TypeError, navigator.credentials.get(request)); +}, "navigator.credentials.get() API fails if IdentityProviderConfig::holder is not specified."); + +promise_test(async t => { + let request = buildValidNavigatorIdentityRequest(); + let credential = await navigator.identity.get(request); + assert_equals("protocol", credential.protocol); + assert_equals("fake_test_token", credential.data); +}, "navigator.identity.get() API works in toplevel frame."); + +promise_test(async t => { + let request = buildValidNavigatorIdentityRequest(); + request.digital.providers = undefined; + + await promise_rejects_js(t, TypeError, navigator.identity.get(request)); +}, "navigator.identity.get() API fails if DigitalCredentialRequestOptions::providers is not specified."); + +promise_test(async t => { + let request = buildValidNavigatorIdentityRequest(); + let providerCopy = structuredClone(request.digital.providers[0]); + request.digital.providers.push(providerCopy); + await promise_rejects_js(t, TypeError, navigator.identity.get(request)); +}, "navigator.identity.get() API fails if there is more than one provider."); + +promise_test(async t=> { + let abortController = new AbortController(); + let request = buildValidNavigatorIdentityRequest(); + request.signal = abortController.signal; + let requestPromise = navigator.identity.get(request); + abortController.abort(); + await promise_rejects_dom(t, "AbortError", requestPromise); +}, "navigator.identity.get() promise is rejected when the page aborts the request."); +</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-basics.tentative.https.html b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-basics.tentative.https.html new file mode 100644 index 0000000000..a71e262135 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-basics.tentative.https.html @@ -0,0 +1,34 @@ +<!DOCTYPE html> +<title>Federated Credential Management API Button Mode basic tests.</title> +<link rel="help" href="https://fedidcg.github.io/FedCM"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> + +<script type="module"> +import {request_options_with_mediation_required, + fedcm_test, + select_manifest, + fedcm_get_and_select_first_account} from '../support/fedcm-helper.sub.js'; + +fedcm_test(async t => { + let test_options = request_options_with_mediation_required(); + test_options.identity.mode = "button"; + await select_manifest(t, test_options); + + let result = navigator.credentials.get(test_options); + return promise_rejects_dom(t, 'NetworkError', result); +}, "Test that the button mode without user activation will fail."); + +fedcm_test(async t => { + let test_options = request_options_with_mediation_required("manifest_with_rp_mode.json"); + test_options.identity.mode = "button"; + + return test_driver.bless('initiate FedCM request', async function() { + let cred = await fedcm_get_and_select_first_account(t, test_options); + assert_equals(cred.token, "mode=button"); + }); +}, "Test that the button mode succeeds with user activation."); + +</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-priority.tentative.https.html b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-priority.tentative.https.html new file mode 100644 index 0000000000..b71e84db47 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-button-mode-priority.tentative.https.html @@ -0,0 +1,73 @@ +<!DOCTYPE html> +<title>Federated Credential Management API Button Mode priority tests.</title> +<link rel="help" href="https://fedidcg.github.io/FedCM"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> + +<script type="module"> +import {request_options_with_mediation_required, + fedcm_test, + fedcm_get_and_select_first_account} from '../support/fedcm-helper.sub.js'; + +fedcm_test(async t => { + let widget_test_options = request_options_with_mediation_required(); + let button_test_options = request_options_with_mediation_required("manifest_with_rp_mode.json"); + button_test_options.identity.mode = "button"; + + return test_driver.bless('initiate FedCM request', async function() { + let first_cred = await fedcm_get_and_select_first_account(t, button_test_options); + assert_equals(first_cred.token, "mode=button"); + let second_cred = await fedcm_get_and_select_first_account(t, widget_test_options); + assert_equals(second_cred.token, "token"); + }); +}, "Test that the widget mode can succeed after the button mode."); + +fedcm_test(async t => { + let widget_test_options = request_options_with_mediation_required("manifest_with_rp_mode.json"); + let button_test_options = request_options_with_mediation_required("manifest_with_rp_mode.json"); + button_test_options.identity.mode = "button"; + + let first_cred = navigator.credentials.get(widget_test_options); + let rej = promise_rejects_dom(t, 'NetworkError', first_cred); + + return test_driver.bless('initiate FedCM request', async function() { + let second_cred = await fedcm_get_and_select_first_account(t, button_test_options); + assert_equals(second_cred.token, "mode=button"); + await rej; + }); + }, "Test that the button mode can replace widget mode."); + +fedcm_test(async t => { + let button_test_options = request_options_with_mediation_required("manifest_with_rp_mode.json"); + button_test_options.identity.mode = "button"; + + return test_driver.bless('initiate FedCM request', async function() { + let first_cred = fedcm_get_and_select_first_account(t, button_test_options); + let second_cred = navigator.credentials.get(button_test_options); + let rej = promise_rejects_dom(t, 'NotAllowedError', second_cred); + + let cred = await first_cred; + assert_equals(cred.token, "mode=button"); + await rej; + }); +}, "Test that the button mode cannot replace button mode."); + +fedcm_test(async t => { + let widget_test_options = request_options_with_mediation_required("manifest_with_rp_mode.json"); + let button_test_options = request_options_with_mediation_required("manifest_with_rp_mode.json"); + button_test_options.identity.mode = "button"; + + return test_driver.bless('initiate FedCM request', async function() { + let first_cred = fedcm_get_and_select_first_account(t, button_test_options); + let second_cred = navigator.credentials.get(widget_test_options); + let rej = promise_rejects_dom(t, 'NotAllowedError', second_cred); + + let cred = await first_cred; + assert_equals(cred.token, "mode=button"); + await rej; + }); +}, "Test that the widget mode cannot replace button mode."); + +</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account-button-flow.tentative.https.html b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account-button-flow.tentative.https.html new file mode 100644 index 0000000000..996523af84 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account-button-flow.tentative.https.html @@ -0,0 +1,84 @@ +<!DOCTYPE html> +<title>Federated Credential Management API Use Another Account API tests.</title> +<link rel="help" href="https://fedidcg.github.io/FedCM"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> + +<script type="module"> +import {request_options_with_mediation_required, + fedcm_test, + fedcm_get_dialog_type_promise, + manifest_origin, + open_and_wait_for_popup, + select_manifest} from '../support/fedcm-helper.sub.js'; + +const url_path = '/credential-management/support/fedcm/' +const url_prefix = manifest_origin + url_path; + +async function set_accounts_cookie(value) { + await open_and_wait_for_popup(manifest_origin, url_path + 'set_accounts_cookie.py?' + value); +} + +fedcm_test(async t => { + await set_accounts_cookie("1"); + + let test_options = + request_options_with_mediation_required("manifest_with_variable_accounts.json"); + test_options.identity.mode = "button"; + await select_manifest(t, test_options); + + // Trigger FedCM and wait for the initial dialog. + let cred_promise = null; + await test_driver.bless('initiate FedCM request', async function() { + cred_promise = navigator.credentials.get(test_options); + }); + + let type = await fedcm_get_dialog_type_promise(t); + assert_equals(type, "AccountChooser"); + + // Tell the account endpoint to now return 2 accounts and click use other account. + await set_accounts_cookie("2"); + await window.test_driver.click_fedcm_dialog_button("ConfirmIdpLoginContinue"); + + // Wait for the account chooser to appear again. + type = await fedcm_get_dialog_type_promise(t); + assert_equals(type, "AccountChooser"); + + await window.test_driver.select_fedcm_account(1); + const cred = await cred_promise; + assert_equals(cred.token, "account_id=jane_doe"); +}, 'Test that the "Use Other Account" button works correctly.'); + + +fedcm_test(async t => { + await set_accounts_cookie("1"); + + let test_options = + request_options_with_mediation_required("manifest_with_variable_accounts.json"); + test_options.identity.mode = "button"; + await select_manifest(t, test_options); + + // Trigger FedCM and wait for the initial dialog. + let cred_promise = null; + await test_driver.bless('initiate FedCM request', async function() { + cred_promise = navigator.credentials.get(test_options); + }); + + let type = await fedcm_get_dialog_type_promise(t); + assert_equals(type, "AccountChooser"); + + // Click use other account but without changing the account returned. + await window.test_driver.click_fedcm_dialog_button("ConfirmIdpLoginContinue"); + + // Wait for the account chooser to appear again. + type = await fedcm_get_dialog_type_promise(t); + assert_equals(type, "AccountChooser"); + + await window.test_driver.select_fedcm_account(0); + const cred = await cred_promise; + assert_equals(cred.token, "account_id=1234"); +}, 'Test that the "Use Other Account" button works correctly when accounts do not change.'); + +</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account.tentative.https.html b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account.tentative.https.html new file mode 100644 index 0000000000..2022bbc0f7 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-button-and-other-account/fedcm-use-other-account.tentative.https.html @@ -0,0 +1,49 @@ +<!DOCTYPE html> +<title>Federated Credential Management API Use Another Account API tests.</title> +<link rel="help" href="https://fedidcg.github.io/FedCM"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> + +<script type="module"> +import {request_options_with_mediation_required, + fedcm_test, + fedcm_get_dialog_type_promise, + manifest_origin, + open_and_wait_for_popup, + select_manifest} from '../support/fedcm-helper.sub.js'; + +const url_path = '/credential-management/support/fedcm/' +const url_prefix = manifest_origin + url_path; + +async function set_accounts_cookie(value) { + await open_and_wait_for_popup(manifest_origin, url_path + 'set_accounts_cookie.py?' + value); +} + +fedcm_test(async t => { + await set_accounts_cookie("1"); + + let test_options = + request_options_with_mediation_required("manifest_with_variable_accounts.json"); + await select_manifest(t, test_options); + + // Trigger FedCM and wait for the initial dialog. + const cred_promise = navigator.credentials.get(test_options); + let type = await fedcm_get_dialog_type_promise(t); + assert_equals(type, "AccountChooser"); + + // Tell the account endpoint to now return 2 accounts and click use other account. + await set_accounts_cookie("2"); + await window.test_driver.click_fedcm_dialog_button("ConfirmIdpLoginContinue"); + + // Wait for the account chooser to appear again. + type = await fedcm_get_dialog_type_promise(t); + assert_equals(type, "AccountChooser"); + + await window.test_driver.select_fedcm_account(1); + const cred = await cred_promise; + assert_equals(cred.token, "account_id=jane_doe"); +}, 'Test that the "Use Other Account" button works correctly.'); + +</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-identity-assertion-nocors.https.html b/testing/web-platform/tests/credential-management/fedcm-identity-assertion-nocors.https.html new file mode 100644 index 0000000000..612387b4a0 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-identity-assertion-nocors.https.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<title>Federated Credential Management API test with no CORS identity assertion.</title> +<link rel="help" href="https://fedidcg.github.io/FedCM"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> + +<script type="module"> +import {request_options_with_mediation_required, + fedcm_test, + select_manifest, + mark_signed_in, + fedcm_get_dialog_type_promise, + fedcm_get_and_select_first_account} from './support/fedcm-helper.sub.js'; + +fedcm_test(async t => { + await mark_signed_in(); + let test_options = request_options_with_mediation_required("manifest-token-nocors.json"); + await select_manifest(t, test_options); + try { + const cred = await fedcm_get_and_select_first_account(t, test_options); + assert_unreached("An IdentityCredentialError exception should be thrown."); + } catch (e) { + assert_true(e instanceof DOMException); + assert_equals(e.name, "IdentityCredentialError"); + } +}, 'Test that promise is rejected if identity assertion does not use CORS'); +</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-login-status-unknown.https.html b/testing/web-platform/tests/credential-management/fedcm-login-status-unknown.https.html new file mode 100644 index 0000000000..d542524c88 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-login-status-unknown.https.html @@ -0,0 +1,23 @@ +<!DOCTYPE html> +<meta charset="utf-8"> +<title>FedCM IDP sign-in status API tests for unknown state</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> + +<script type="module"> + import {request_options_with_mediation_required, + fedcm_test, + select_manifest, + fedcm_get_and_select_first_account} from './support/fedcm-helper.sub.js'; + + // TODO(crbug.com/1494119): move the test under fedcm-login-status. + fedcm_test(async t => { + let test_options = request_options_with_mediation_required("manifest_with_no_accounts.json"); + await select_manifest(t, test_options); + + let request = navigator.credentials.get(test_options); + return promise_rejects_dom(t, 'NetworkError', request); + }, 'Test that promise is rejected silently when accounts fetch fails in unknown state'); +</script>
\ No newline at end of file diff --git a/testing/web-platform/tests/credential-management/fedcm-pending-call-rejected.https.html b/testing/web-platform/tests/credential-management/fedcm-pending-call-rejected.https.html index feb3f903d8..bb9f885a8a 100644 --- a/testing/web-platform/tests/credential-management/fedcm-pending-call-rejected.https.html +++ b/testing/web-platform/tests/credential-management/fedcm-pending-call-rejected.https.html @@ -19,7 +19,7 @@ fedcm_test(async t => { // We have to call promise_rejects_dom here, because if we call it after // the promise gets rejected, the unhandled rejection event handler is called // and fails the test even if we handle the rejection later. - const rej = promise_rejects_dom(t, 'AbortError', second); + const rej = promise_rejects_dom(t, 'NotAllowedError', second); const first_cred = await first; assert_equals(first_cred.token, "token"); diff --git a/testing/web-platform/tests/credential-management/support/fedcm/manifest-token-nocors.json b/testing/web-platform/tests/credential-management/support/fedcm/manifest-token-nocors.json new file mode 100644 index 0000000000..77ba1b4702 --- /dev/null +++ b/testing/web-platform/tests/credential-management/support/fedcm/manifest-token-nocors.json @@ -0,0 +1,7 @@ +{ + "accounts_endpoint": "accounts.py", + "client_metadata_endpoint": "client_metadata.py", + "id_assertion_endpoint": "token.py?nocors=1", + "disconnect_endpoint": "disconnect.py", + "login_url": "login.html" +} diff --git a/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_rp_mode.json b/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_rp_mode.json new file mode 100644 index 0000000000..5692fd9190 --- /dev/null +++ b/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_rp_mode.json @@ -0,0 +1,6 @@ +{ + "accounts_endpoint": "two_accounts.py", + "client_metadata_endpoint": "client_metadata.py", + "id_assertion_endpoint": "token_with_rp_mode.py", + "login_url": "login.html" +} diff --git a/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_variable_accounts.json b/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_variable_accounts.json index 10c2ddd55d..9e4af25004 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_variable_accounts.json +++ b/testing/web-platform/tests/credential-management/support/fedcm/manifest_with_variable_accounts.json @@ -2,5 +2,13 @@ "accounts_endpoint": "variable_accounts.py", "client_metadata_endpoint": "client_metadata.py", "id_assertion_endpoint": "token_with_account_id.py", - "login_url": "login.html" + "login_url": "login.html", + "modes": { + "button": { + "supports_use_other_account": true + }, + "widget": { + "supports_use_other_account": true + } + } } diff --git a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py index daf91aad8f..b774496d5d 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py @@ -80,6 +80,8 @@ def tokenCheck(request): return (544, [], "Missing 'account_id' POST parameter") if not request.POST.get(b"disclosure_text_shown"): return (545, [], "Missing 'disclosure_text_shown' POST parameter") + if not request.headers.get(b"Origin"): + return (540, [], "Missing Origin") def revokeCheck(request): common_error = commonCheck(request, b"cors") diff --git a/testing/web-platform/tests/credential-management/support/fedcm/set_accounts_cookie.py b/testing/web-platform/tests/credential-management/support/fedcm/set_accounts_cookie.py new file mode 100644 index 0000000000..ab34992210 --- /dev/null +++ b/testing/web-platform/tests/credential-management/support/fedcm/set_accounts_cookie.py @@ -0,0 +1,21 @@ +def main(request, response): + query_string = request.url_parts[3] + # We mark the cookie as HttpOnly so that this request + # can be made before login.html, which would overwrite + # the value to 1. + header_value = "accounts={}; SameSite=None; Secure; HttpOnly".format(query_string) + response.headers.set(b"Set-Cookie", header_value.encode("utf-8")) + response.headers.set(b"Content-Type", b"text/html") + + return """ +<!DOCTYPE html> +<script> +// The important part of this page are the headers. + +// If this page was opened as a popup, notify the opener. +if (window.opener) { + window.opener.postMessage("done_loading", "*"); +} +</script> +Sent header value: {}".format(header_value) +""" diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token.py b/testing/web-platform/tests/credential-management/support/fedcm/token.py index b914eb2d96..7ec81c390a 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token.py @@ -7,5 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + if b"nocors" not in request.GET: + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") return "{\"token\": \"token\"}" diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py new file mode 100644 index 0000000000..515736416f --- /dev/null +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py @@ -0,0 +1,12 @@ +import importlib +error_checker = importlib.import_module("credential-management.support.fedcm.request-params-check") + +def main(request, response): + request_error = error_checker.tokenCheck(request) + if (request_error): + return request_error + + response.headers.set(b"Content-Type", b"application/json") + + rp_mode = request.POST.get(b"mode") + return "{\"token\": \"mode=" + rp_mode.decode("utf-8") + "\"}" diff --git a/testing/web-platform/tests/credential-management/support/fedcm/variable_accounts.py b/testing/web-platform/tests/credential-management/support/fedcm/variable_accounts.py index c9db2c4528..fc4446acc4 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/variable_accounts.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/variable_accounts.py @@ -1,25 +1,14 @@ import importlib error_checker = importlib.import_module("credential-management.support.fedcm.request-params-check") -def main(request, response): - request_error = error_checker.accountsCheck(request) - if (request_error): - return request_error - - response.headers.set(b"Content-Type", b"application/json") - - if request.cookies.get(b"accounts") != b"1": - return """ -{ - "accounts": [ - ] -} +result_json = """ +{{ + "accounts": [{}] +}} """ - - return """ +one_account = """ { - "accounts": [{ "id": "1234", "given_name": "John", "name": "John Doe", @@ -28,6 +17,33 @@ def main(request, response): "approved_clients": ["123", "456", "789"], "login_hints": ["john_doe"], "hosted_domains": ["idp.example", "example"] - }] + } +""" + + +two_accounts = one_account + """ +, { + "id": "jane_doe", + "given_name": "Jane", + "name": "Jane Doe", + "email": "jane_doe@idp.example", + "picture": "https://idp.example/profile/5678", + "approved_clients": ["123", "abc"] } """ + +def main(request, response): + request_error = error_checker.accountsCheck(request) + if (request_error): + return request_error + + response.headers.set(b"Content-Type", b"application/json") + + if request.cookies.get(b"accounts") == b"1": + return result_json.format(one_account) + if request.cookies.get(b"accounts") == b"2": + return result_json.format(two_accounts) + + return result_json.format("") + + |