diff options
Diffstat (limited to 'testing/web-platform/tests/credential-management')
35 files changed, 284 insertions, 549 deletions
diff --git a/testing/web-platform/tests/credential-management/digital-identity.https.html b/testing/web-platform/tests/credential-management/digital-identity.https.html index b2f36d21ee..8ae9caa002 100644 --- a/testing/web-platform/tests/credential-management/digital-identity.https.html +++ b/testing/web-platform/tests/credential-management/digital-identity.https.html @@ -17,31 +17,6 @@ const host = get_host_info(); const basePath = window.location.pathname.replace(/\/[^\/]*$/, '/'); const remoteBaseURL = host.HTTPS_REMOTE_ORIGIN + basePath; -// Builds valid digital identity request for navigator.credentials.get() API. -function buildValidNavigatorCredentialsRequest() { - return { - identity: { - providers: [{ - holder: { - selector: { - format: ['mdoc'], - doctype: 'org.iso.18013.5.1.mDL', - fields: [ - 'org.iso.18013.5.1.family_name', - 'org.iso.18013.5.1.portrait', - ] - }, - params: { - nonce: '1234', - readerPublicKey: 'test_reader_public_key', - extraParamAsNeededByDigitalCredentials: true, - }, - }, - }], - }, - }; -} - async function createIframeAndWaitForMessage(test, iframeUrl) { const messageWatcher = new EventWatcher(test, window, "message"); var iframe = document.createElement("iframe"); @@ -54,39 +29,6 @@ async function createIframeAndWaitForMessage(test, iframeUrl) { // Requires browser to have mode where OS-presented digital-identity-prompt is // bypassed in favour of returning "fake_test_token" directly. promise_test(async t => { - const {token} = await navigator.credentials.get(buildValidNavigatorCredentialsRequest()); - assert_equals("fake_test_token", token); -}, "navigator.credentials.get() API works in toplevel frame."); - -promise_test(async t => { - let request = buildValidNavigatorCredentialsRequest(); - request.identity.providers = undefined; - - await promise_rejects_js(t, TypeError, navigator.credentials.get(request)); -}, "navigator.credentials.get() API fails if IdentityCredentialRequestOptions::providers is not specified."); - -promise_test(async t => { - let request = buildValidNavigatorCredentialsRequest(); - request.identity.providers = []; - - await promise_rejects_js(t, TypeError, navigator.credentials.get(request)); -}, "navigator.credentials.get() API fails if there are no providers."); - -promise_test(async t => { - let request = buildValidNavigatorCredentialsRequest(); - let providerCopy = structuredClone(request.identity.providers[0]); - request.identity.providers.push(providerCopy); - await promise_rejects_js(t, TypeError, navigator.credentials.get(request)); -}, "navigator.credentials.get() API fails if there is more than one provider."); - -promise_test(async t => { - let request = buildValidNavigatorCredentialsRequest(); - request.identity.providers[0].holder = undefined; - - await promise_rejects_js(t, TypeError, navigator.credentials.get(request)); -}, "navigator.credentials.get() API fails if IdentityProviderConfig::holder is not specified."); - -promise_test(async t => { let request = buildValidNavigatorIdentityRequest(); let credential = await navigator.identity.get(request); assert_equals("urn:openid.net:oid4vp", credential.protocol); diff --git a/testing/web-platform/tests/credential-management/fedcm-context.https.html b/testing/web-platform/tests/credential-management/fedcm-context.https.html index 7b3e1032af..f235437b78 100644 --- a/testing/web-platform/tests/credential-management/fedcm-context.https.html +++ b/testing/web-platform/tests/credential-management/fedcm-context.https.html @@ -12,37 +12,38 @@ import {request_options_with_mediation_required, request_options_with_context, fedcm_get_title_promise, - fedcm_test} from './support/fedcm-helper.sub.js'; + fedcm_test, + fedcm_select_account_promise} from './support/fedcm-helper.sub.js'; fedcm_test(async t => { - let p = navigator.credentials.get(request_options_with_mediation_required()); + const p = navigator.credentials.get(request_options_with_mediation_required()); const result = await fedcm_get_title_promise(t); assert_true(result.title.toLowerCase().includes('sign in')); - window.test_driver.select_fedcm_account(0); + fedcm_select_account_promise(t, 0); return p; }, "FedCM call defaults to 'signin' context."); fedcm_test(async t => { - let p = navigator.credentials.get(request_options_with_context("manifest.py", "signup")); + const p = navigator.credentials.get(request_options_with_context("manifest.py", "signup")); const result = await fedcm_get_title_promise(t); assert_true(result.title.toLowerCase().includes('sign up')); - window.test_driver.select_fedcm_account(0); + fedcm_select_account_promise(t, 0); return p; }, "FedCM with 'signup' context."); fedcm_test(async t => { - let p = navigator.credentials.get(request_options_with_context("manifest.py", "use")); + const p = navigator.credentials.get(request_options_with_context("manifest.py", "use")); const result = await fedcm_get_title_promise(t); assert_true(result.title.toLowerCase().includes('use')); - window.test_driver.select_fedcm_account(0); + fedcm_select_account_promise(t, 0); return p; }, "FedCM with 'use' context."); fedcm_test(async t => { - let p = navigator.credentials.get(request_options_with_context("manifest.py", "continue")); + const p = navigator.credentials.get(request_options_with_context("manifest.py", "continue")); const result = await fedcm_get_title_promise(t); assert_true(result.title.toLowerCase().includes('continue')); - window.test_driver.select_fedcm_account(0); + fedcm_select_account_promise(t, 0); return p; }, "FedCM with 'continue' context."); </script> diff --git a/testing/web-platform/tests/credential-management/fedcm-disconnect.sub.https.html b/testing/web-platform/tests/credential-management/fedcm-disconnect.sub.https.html index 300144fa72..2ea2d4a259 100644 --- a/testing/web-platform/tests/credential-management/fedcm-disconnect.sub.https.html +++ b/testing/web-platform/tests/credential-management/fedcm-disconnect.sub.https.html @@ -11,7 +11,6 @@ <script type="module"> import {fedcm_test, mark_signed_in, - set_fedcm_cookie, disconnect_options, fedcm_get_and_select_first_account, request_options_with_mediation_required, @@ -21,10 +20,9 @@ import {fedcm_test, set_alt_fedcm_cookie} from './support/fedcm-helper.sub.js'; fedcm_test(async t => { - await mark_signed_in(); - await set_fedcm_cookie(); + await mark_signed_in(alt_manifest_origin); // Get at least one connected account that can be disconnected. - const cred = await fedcm_get_and_select_first_account(t, request_options_with_mediation_required()); + const cred = await fedcm_get_and_select_first_account(t, alt_request_options_with_mediation_required()); // The IDP implementation will accept any account hint, so this is really testing that the user // agent eventually stops sending the requests to the IDP. // This test clears the connection just created above, but it also clears any previously existing @@ -32,7 +30,7 @@ fedcm_test(async t => { return new Promise(async resolve => { while (true) { try { - await IdentityCredential.disconnect(disconnect_options("1234")); + await IdentityCredential.disconnect(alt_disconnect_options("1234")); } catch(e) { resolve(); break; @@ -43,34 +41,37 @@ fedcm_test(async t => { fedcm_test(async t => { const disconnect = IdentityCredential.disconnect( - disconnect_options("nonExistent")); + alt_disconnect_options("nonExistent")); return promise_rejects_dom(t, 'NetworkError', disconnect); }, 'Test that disconnect fails when there is no account to disconnect'); fedcm_test(async t => { - const cred = await fedcm_get_and_select_first_account(t, request_options_with_mediation_required()); + await mark_signed_in(alt_manifest_origin); + const cred = await fedcm_get_and_select_first_account(t, alt_request_options_with_mediation_required()); - return IdentityCredential.disconnect(disconnect_options("1234")); + return IdentityCredential.disconnect(alt_disconnect_options("1234")); }, 'Test that disconnect succeeds when there is an account to disconnect'); fedcm_test(async t => { - const cred = await fedcm_get_and_select_first_account(t, request_options_with_mediation_required()); + await mark_signed_in(alt_manifest_origin); + const cred = await fedcm_get_and_select_first_account(t, alt_request_options_with_mediation_required()); - await IdentityCredential.disconnect(disconnect_options("1234")); + await IdentityCredential.disconnect(alt_disconnect_options("1234")); - const disconnect = IdentityCredential.disconnect(disconnect_options("1234")); + const disconnect = IdentityCredential.disconnect(alt_disconnect_options("1234")); return promise_rejects_dom(t, 'NetworkError', disconnect); }, 'Test that disconnecting the same account twice results in failure.'); fedcm_test(async t => { - const cred = await fedcm_get_and_select_first_account(t, request_options_with_mediation_required()); + await mark_signed_in(alt_manifest_origin); + const cred = await fedcm_get_and_select_first_account(t, alt_request_options_with_mediation_required()); // A connected account is guaranteed by the above, and IDP accepts any account hint, so this tests // that the user agent allows the request to go through to the IDP. - return IdentityCredential.disconnect(disconnect_options("noMatch")); + return IdentityCredential.disconnect(alt_disconnect_options("noMatch")); }, 'Disconnect passing an incorrect ID can still succeed'); fedcm_test(async t => { - await set_alt_fedcm_cookie(); + await mark_signed_in(); await mark_signed_in(alt_manifest_origin); await fedcm_get_and_select_first_account(t, alt_request_options_with_mediation_required()); await fedcm_get_and_select_first_account(t, diff --git a/testing/web-platform/tests/credential-management/fedcm-endpoint-redirects.https.html b/testing/web-platform/tests/credential-management/fedcm-endpoint-redirects.https.html index 36a4de7900..71dbce0326 100644 --- a/testing/web-platform/tests/credential-management/fedcm-endpoint-redirects.https.html +++ b/testing/web-platform/tests/credential-management/fedcm-endpoint-redirects.https.html @@ -11,6 +11,7 @@ import {request_options_with_mediation_required, fedcm_test, select_manifest, mark_signed_in, + fedcm_error_dialog_dismiss, fedcm_get_dialog_type_promise, fedcm_get_and_select_first_account} from './support/fedcm-helper.sub.js'; @@ -35,7 +36,9 @@ fedcm_test(async t => { await select_manifest(t, test_options); try { - const cred = await fedcm_get_and_select_first_account(t, test_options); + const cred = fedcm_get_and_select_first_account(t, test_options); + fedcm_error_dialog_dismiss(t); + await cred; assert_unreached("An IdentityCredentialError exception should be thrown."); } catch (e) { assert_true(e instanceof DOMException); diff --git a/testing/web-platform/tests/credential-management/fedcm-error-basic.https.html b/testing/web-platform/tests/credential-management/fedcm-error-basic.https.html index 49d6ea50df..fd902bcf90 100644 --- a/testing/web-platform/tests/credential-management/fedcm-error-basic.https.html +++ b/testing/web-platform/tests/credential-management/fedcm-error-basic.https.html @@ -23,7 +23,7 @@ fedcm_test(async t => { await select_manifest(t, test_options); try { - const cred = await fedcm_get_and_select_first_account(t, test_options); + const cred = fedcm_get_and_select_first_account(t, test_options); fedcm_error_dialog_dismiss(t); await cred; assert_unreached("An IdentityCredentialError exception should be thrown."); @@ -41,7 +41,7 @@ fedcm_test(async t => { await select_manifest(t, test_options); try { - const cred = await fedcm_get_and_select_first_account(t, test_options); + const cred = fedcm_get_and_select_first_account(t, test_options); fedcm_error_dialog_click_button(t, "ErrorGotIt"); await cred; assert_unreached("An IdentityCredentialError exception should be thrown."); @@ -59,7 +59,7 @@ fedcm_test(async t => { await select_manifest(t, test_options); try { - const cred = await fedcm_get_and_select_first_account(t, test_options); + const cred = fedcm_get_and_select_first_account(t, test_options); fedcm_error_dialog_click_button(t, "ErrorMoreDetails"); await cred; assert_unreached("An IdentityCredentialError exception should be thrown."); diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/abort-multiple-gets-through-first-idp.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/abort-multiple-gets-through-first-idp.https.html deleted file mode 100644 index ed7c1300bd..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/abort-multiple-gets-through-first-idp.https.html +++ /dev/null @@ -1,35 +0,0 @@ -<!DOCTYPE html> -<title>Federated Credential Management API multi IDP abort first IDP test.</title> -<link rel="help" href="https://fedidcg.github.io/FedCM"> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> - -<script type="module"> - import { - set_fedcm_cookie, - set_alt_fedcm_cookie, - request_options_with_mediation_required, - alt_request_options_with_mediation_required - } from '../support/fedcm-helper.sub.js'; - - let cookies_promise = Promise.all([set_fedcm_cookie(), set_alt_fedcm_cookie()]); - - promise_test(async t => { - let first_controller = new AbortController(); - let first_test_options = request_options_with_mediation_required(); - first_test_options.signal = first_controller.signal; - const first_cred = navigator.credentials.get(first_test_options); - - let second_controller = new AbortController(); - let second_test_options = alt_request_options_with_mediation_required(); - second_test_options.signal = second_controller.signal; - const second_cred = navigator.credentials.get(second_test_options); - - await cookies_promise; - first_controller.abort(); - return Promise.all([ - promise_rejects_dom(t, 'AbortError', first_cred), - promise_rejects_dom(t, 'AbortError', second_cred) - ]); - }, "Test abort signal for a multi IDP request by aborting the first IDP"); -</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/abort-multiple-gets-through-second-idp.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/abort-multiple-gets-through-second-idp.https.html deleted file mode 100644 index dfe8969932..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/abort-multiple-gets-through-second-idp.https.html +++ /dev/null @@ -1,35 +0,0 @@ -<!DOCTYPE html> -<title>Federated Credential Management API multi IDP abort second IDP test.</title> -<link rel="help" href="https://fedidcg.github.io/FedCM"> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> - -<script type="module"> - import { - set_fedcm_cookie, - set_alt_fedcm_cookie, - request_options_with_mediation_required, - alt_request_options_with_mediation_required - } from '../support/fedcm-helper.sub.js'; - - let cookies_promise = Promise.all([set_fedcm_cookie(), set_alt_fedcm_cookie()]); - - promise_test(async t => { - let first_controller = new AbortController(); - let first_test_options = request_options_with_mediation_required(); - first_test_options.signal = first_controller.signal; - const first_cred = navigator.credentials.get(first_test_options); - - let second_controller = new AbortController(); - let second_test_options = alt_request_options_with_mediation_required(); - second_test_options.signal = second_controller.signal; - const second_cred = navigator.credentials.get(second_test_options); - - await cookies_promise; - second_controller.abort(); - return Promise.all([ - promise_rejects_dom(t, 'AbortError', first_cred), - promise_rejects_dom(t, 'AbortError', second_cred) - ]); - }, "Test abort signal for a multi IDP request by aborting the second IDP"); -</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-abort.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-abort.https.html new file mode 100644 index 0000000000..712a7b6a34 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-abort.https.html @@ -0,0 +1,22 @@ +<!DOCTYPE html> +<title>Federated Credential Management API multi IDP abort.</title> +<link rel="help" href="https://fedidcg.github.io/FedCM"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> + +<script type="module"> +import {request_options_with_two_idps, + fedcm_test, + fedcm_get_and_select_first_account} from '../support/fedcm-helper.sub.js'; + +fedcm_test(async t => { + let controller = new AbortController(); + let test_options = request_options_with_two_idps(); + test_options.signal = controller.signal; + const cred = fedcm_get_and_select_first_account(t, test_options); + controller.abort(); + return promise_rejects_dom(t, 'AbortError', cred); +}, "Test that the abort signal works when multiple IDPs are used."); +</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-basic.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-basic.https.html new file mode 100644 index 0000000000..d855e0ad8d --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-basic.https.html @@ -0,0 +1,34 @@ +<!DOCTYPE html> +<title>Federated Credential Management API multi IDP basic success tests.</title> +<link rel="help" href="https://fedidcg.github.io/FedCM"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> + +<body> + +<script type="module"> +import {fedcm_test, + fedcm_get_and_select_first_account, + request_options_with_two_idps, + manifest_origin, + default_manifest_path, + fedcm_select_account_promise, + alt_manifest_origin} from '../support/fedcm-helper.sub.js'; + +fedcm_test(async t => { + const cred = await fedcm_get_and_select_first_account(t, request_options_with_two_idps()); + assert_equals(cred.token, "token"); + assert_equals(cred.configURL, manifest_origin + default_manifest_path); +}, "Multi IDP FedCM call succeeds when picking the first account."); + +fedcm_test(async t => { + const promise = navigator.credentials.get(request_options_with_two_idps()); + // Each IDP has one account, so select the second one. + fedcm_select_account_promise(t, 1); + const cred = await promise; + assert_equals(cred.token, "token"); + assert_equals(cred.configURL, alt_manifest_origin + default_manifest_path); +}, "Multi IDP FedCM call succeeds when picking account from the second IDP."); +</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-context.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-context.https.html new file mode 100644 index 0000000000..1bc3eb1f56 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-context.https.html @@ -0,0 +1,34 @@ +<!DOCTYPE html> +<title>Federated Credential Management API multi IDP context tests.</title> +<link rel="help" href="https://fedidcg.github.io/FedCM"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> + +<body> + +<script type="module"> +import {request_options_with_two_idps, + fedcm_get_title_promise, + fedcm_test, + fedcm_select_account_promise} from '../support/fedcm-helper.sub.js'; + +fedcm_test(async t => { + const p = navigator.credentials.get(request_options_with_two_idps()); + const result = await fedcm_get_title_promise(t); + assert_true(result.title.toLowerCase().includes('sign in')); + fedcm_select_account_promise(t, 0); + return p; +}, "FedCM multi IDP call defaults to 'signin' context."); + +fedcm_test(async t => { + const options = request_options_with_two_idps(); + options.identity.context = "signup"; + const p = navigator.credentials.get(options); + const result = await fedcm_get_title_promise(t); + assert_true(result.title.toLowerCase().includes('sign up')); + fedcm_select_account_promise(t, 0); + return p; +}, "FedCM multi IDP with non-default context."); +</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-optional.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-optional.https.html new file mode 100644 index 0000000000..1a819efb31 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-optional.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<title>Federated Credential Management API multi IDP optional mediation tests.</title> +<link rel="help" href="https://fedidcg.github.io/FedCM"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> + +<script type="module"> +import {request_options_with_two_idps, + fedcm_test, + fedcm_get_and_select_first_account, + fedcm_select_account_promise} from '../support/fedcm-helper.sub.js'; + +fedcm_test(async t => { + return fedcm_get_and_select_first_account(t, request_options_with_two_idps('optional')); +}, "Mediation optional can succeed without a returning account."); + +fedcm_test(async t => { + // Sign in to the first account. + await fedcm_get_and_select_first_account(t, request_options_with_two_idps()); + + // Now use mediation:optional and it should work. + return navigator.credentials.get(request_options_with_two_idps('optional')); +}, "Mediation optional automatically succeeds when there is one returning account."); + +fedcm_test(async t => { + // Sign in to the first account. + await fedcm_get_and_select_first_account(t, request_options_with_two_idps()); + + // Sign in to the second account as well. + let cred = navigator.credentials.get(request_options_with_two_idps()); + fedcm_select_account_promise(t, 1); + await cred; + + // Now use mediation:optional. + return fedcm_get_and_select_first_account(t, request_options_with_two_idps('optional')); +}, "Mediation optional can succeed when there is more than one returning account."); +</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-silent.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-silent.https.html new file mode 100644 index 0000000000..d47d4898c7 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-silent.https.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<title>Federated Credential Management API multi IDP silent mediation tests.</title> +<link rel="help" href="https://fedidcg.github.io/FedCM"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> + +<script type="module"> +import {request_options_with_two_idps, + fedcm_test, + fedcm_get_and_select_first_account, + fedcm_select_account_promise} from '../support/fedcm-helper.sub.js'; + +fedcm_test(async t => { + const cred = navigator.credentials.get(request_options_with_two_idps('silent')); + return promise_rejects_dom(t, 'NetworkError', cred); +}, "Mediation silent fails if there is no returning account."); + +fedcm_test(async t => { + // Sign in to the first account. + await fedcm_get_and_select_first_account(t, request_options_with_two_idps()); + + // Now use mediation:silent and it should work. + return navigator.credentials.get(request_options_with_two_idps('silent')); +}, "Mediation silent succeeds when there is one returning account."); + +fedcm_test(async t => { + // Sign in to the first account. + await fedcm_get_and_select_first_account(t, request_options_with_two_idps()); + + // Sign in to the second account as well. + let cred = navigator.credentials.get(request_options_with_two_idps()); + fedcm_select_account_promise(t, 1); + await cred; + + // Now use mediation:silent and it should fail. + cred = navigator.credentials.get(request_options_with_two_idps('silent')); + return promise_rejects_dom(t, 'NetworkError', cred); +}, "Mediation silent fails when there is more than one returning account."); +</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-after-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-after-onload.https.html deleted file mode 100644 index 12e0eb4d81..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-after-onload.https.html +++ /dev/null @@ -1,47 +0,0 @@ -<!DOCTYPE html> -<title>Federated Credential Management API multi IDP get before and after onload test.</title> -<link rel="help" href="https://fedidcg.github.io/FedCM"> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> - -<body> - -<script type="module"> -import {set_fedcm_cookie, set_alt_fedcm_cookie, - request_options_with_mediation_required, - alt_request_options_with_mediation_required, - fedcm_select_account_promise} from '../support/fedcm-helper.sub.js'; - -let cookies_promise = Promise.all([set_fedcm_cookie(), set_alt_fedcm_cookie()]); -let has_window_loaded = false; -const window_loaded = new Promise(resolve => { - window.addEventListener('load', () => { - has_window_loaded = true; - resolve(); - }); -}); - -promise_test(async t => { - let first_cred_resolved = false; - assert_false(has_window_loaded); - // First navigator.credentials.get() is called prior to window.onload - const first_cred = navigator.credentials.get(request_options_with_mediation_required()).finally(() => { first_cred_resolved = true; }); - await Promise.all([cookies_promise, window_loaded]); - assert_true(has_window_loaded); - assert_false(first_cred_resolved); - - // Second navigator.credentials.get() is called after window.onload but before first navigator.credentials.get() - // resolves. Should be rejected because it occurs after onload, and the first get() call is pending. - const second_cred = navigator.credentials.get(alt_request_options_with_mediation_required()); - const rejection = promise_rejects_dom(t, 'NotAllowedError', second_cred); - - // Select first account from the first get() call. - await fedcm_select_account_promise(t, 0); - const first = await first_cred; - assert_equals(first.token, "token"); - return rejection; -}, "When there's a `get` call before onload, a `get` call which occurs after onload but before the first `get` call resolves, should be rejected."); - -</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-during-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-during-onload.https.html deleted file mode 100644 index 3e2f134f20..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-during-onload.https.html +++ /dev/null @@ -1,42 +0,0 @@ -<!DOCTYPE html> -<title>Federated Credential Management API multi IDP get before and during onload test.</title> -<link rel="help" href="https://fedidcg.github.io/FedCM"> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> - -<body> - -<script type="module"> -import {set_fedcm_cookie, set_alt_fedcm_cookie, - request_options_with_mediation_required, - alt_request_options_with_mediation_required, - fedcm_select_account_promise} from '../support/fedcm-helper.sub.js'; - -let cookies_promise = Promise.all([set_fedcm_cookie(), set_alt_fedcm_cookie()]); - -promise_test(async t => { - let has_window_loaded = false; - let rejection; - const window_loaded = new Promise(resolve => { - window.addEventListener('load', async () => { - const second_cred = navigator.credentials.get(alt_request_options_with_mediation_required()); - rejection = promise_rejects_dom(t, 'NetworkError', second_cred); - has_window_loaded = true; - resolve(); - }); - }); - assert_false(has_window_loaded); - const first_cred = navigator.credentials.get(request_options_with_mediation_required()); - await Promise.all([cookies_promise, window_loaded]); - - // Select first account from the first get() call. - await fedcm_select_account_promise(t, 0); - assert_true(has_window_loaded); - const first = await first_cred; - assert_equals(first.token, "token"); - return rejection; -}, "A `get` call before onload and a `get` call during onload should be combined."); - -</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-onload-and-during-dom-content-loaded.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-onload-and-during-dom-content-loaded.https.html deleted file mode 100644 index 95495948b7..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-onload-and-during-dom-content-loaded.https.html +++ /dev/null @@ -1,42 +0,0 @@ -<!DOCTYPE html> -<title>Federated Credential Management API multi IDP get before onload and during DOMContentLoaded test.</title> -<link rel="help" href="https://fedidcg.github.io/FedCM"> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> - -<body> - -<script type="module"> -import {set_fedcm_cookie, - set_alt_fedcm_cookie, - request_options_with_mediation_required, - alt_request_options_with_mediation_required, - fedcm_select_account_promise} from '../support/fedcm-helper.sub.js'; - -let cookies_promise = Promise.all([set_fedcm_cookie(), set_alt_fedcm_cookie()]); - -promise_test(async t => { - let has_dom_content_loaded = false; - let rejection; - const dom_content_loaded = new Promise(resolve => { - document.addEventListener('DOMContentLoaded', async () => { - const second_cred = navigator.credentials.get(alt_request_options_with_mediation_required()); - rejection = promise_rejects_dom(t, 'NetworkError', second_cred); - has_dom_content_loaded = true; - resolve(); - }); - }); - assert_false(has_dom_content_loaded); - const first_cred = navigator.credentials.get(request_options_with_mediation_required()); - await Promise.all([cookies_promise, dom_content_loaded]); - assert_true(has_dom_content_loaded); - - await fedcm_select_account_promise(t, 0); - const first = await first_cred; - assert_equals(first.token, "token"); - return rejection; -}, "A `get` call before onload and a `get` call during DOMContentLoaded event should combine despite being called from different tasks."); - -</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-abort.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-abort.https.html deleted file mode 100644 index 899302fb22..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-abort.https.html +++ /dev/null @@ -1,49 +0,0 @@ -<!DOCTYPE html> -<title>Federated Credential Management API multi IDP get after abort test.</title> -<link rel="help" href="https://fedidcg.github.io/FedCM"> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> - -<script type="module"> - import { - set_fedcm_cookie, - set_alt_fedcm_cookie, - request_options_with_mediation_required, - alt_request_options_with_mediation_required, - fedcm_select_account_promise - } from '../support/fedcm-helper.sub.js'; - - let cookies_promise = Promise.all([set_fedcm_cookie(), set_alt_fedcm_cookie()]); - - promise_test(async t => { - let first_controller = new AbortController(); - let first_test_options = request_options_with_mediation_required(); - first_test_options.signal = first_controller.signal; - const first_cred = navigator.credentials.get(first_test_options); - - let second_controller = new AbortController(); - let second_test_options = alt_request_options_with_mediation_required(); - second_test_options.signal = second_controller.signal; - const second_cred = navigator.credentials.get(second_test_options); - - await cookies_promise; - second_controller.abort(); - await Promise.all([ - promise_rejects_dom(t, 'AbortError', first_cred), - promise_rejects_dom(t, 'AbortError', second_cred) - ]); - - const third_cred = navigator.credentials.get(request_options_with_mediation_required()); - const fourth_cred = navigator.credentials.get(alt_request_options_with_mediation_required()); - - // Select first account, i.e. from the `third_cred`. - await fedcm_select_account_promise(t, 0); - - // NetworkError is returned when another IDP is selected. - await promise_rejects_dom(t, 'NetworkError', fourth_cred); - const cred = await third_cred; - assert_equals(cred.token, "token"); - }, "Multiple gets after aborting a multi IDP request should work"); -</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-onload.https.html deleted file mode 100644 index 1b5d744e8f..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-onload.https.html +++ /dev/null @@ -1,38 +0,0 @@ -<!DOCTYPE html> -<title>Federated Credential Management API multi IDP multiple gets after onload test.</title> -<link rel="help" href="https://fedidcg.github.io/FedCM"> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> - -<body> - -<script type="module"> -import {set_fedcm_cookie, - set_alt_fedcm_cookie, - request_options_with_mediation_required, - alt_request_options_with_mediation_required, - fedcm_select_account_promise} from '../support/fedcm-helper.sub.js'; - -let cookies_promise = Promise.all([set_fedcm_cookie(), set_alt_fedcm_cookie()]); -const window_loaded = new Promise(resolve => { - window.addEventListener('load', () => { - resolve(); - }); -}); - -promise_test(async t => { - await Promise.all([cookies_promise, window_loaded]); - const first_cred = navigator.credentials.get(request_options_with_mediation_required()); - const second_cred = navigator.credentials.get(alt_request_options_with_mediation_required()); - - // Select first account from the first get() call. - await fedcm_select_account_promise(t, 0); - // NetworkError is returned when another IDP is selected. - await promise_rejects_dom(t, 'NetworkError', second_cred); - const first = await first_cred; - assert_equals(first.token, "token"); -}, "No `get` calls before or during onload, multiple `get` calls after onload in the same task are allowed."); - -</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-before-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-before-onload.https.html deleted file mode 100644 index 8c98bf53b0..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-before-onload.https.html +++ /dev/null @@ -1,37 +0,0 @@ -<!DOCTYPE html> -<title>Federated Credential Management API multi IDP multiple gets before onload test.</title> -<link rel="help" href="https://fedidcg.github.io/FedCM"> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> - -<body> - -<script type="module"> -import {set_fedcm_cookie, - set_alt_fedcm_cookie, - request_options_with_mediation_required, - alt_request_options_with_mediation_required, - fedcm_select_account_promise} from '../support/fedcm-helper.sub.js'; - -let cookies_promise = Promise.all([set_fedcm_cookie(), set_alt_fedcm_cookie()]); -let has_window_loaded = false; -window.addEventListener('load', () => { - has_window_loaded = true; -}); - -promise_test(async t => { - assert_false(has_window_loaded); - const first_cred = navigator.credentials.get(alt_request_options_with_mediation_required()); - const second_cred = navigator.credentials.get(request_options_with_mediation_required()); - await cookies_promise; - - // Select second account, i.e. from the second get() call. - await fedcm_select_account_promise(t, 1); - await promise_rejects_dom(t, 'NetworkError', first_cred); - const cred = await second_cred; - assert_equals(cred.token, "token"); -}, "Multiple get calls before window onload are allowed."); - -</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-during-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-during-onload.https.html deleted file mode 100644 index bcf70a31c7..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-during-onload.https.html +++ /dev/null @@ -1,36 +0,0 @@ -<!DOCTYPE html> -<title>Federated Credential Management API multi IDP multiple gets during onload test.</title> -<link rel="help" href="https://fedidcg.github.io/FedCM"> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> - -<body> - -<script type="module"> -import {set_fedcm_cookie, - set_alt_fedcm_cookie, - request_options_with_mediation_required, - alt_request_options_with_mediation_required, - fedcm_select_account_promise} from '../support/fedcm-helper.sub.js'; - -let cookies_promise = Promise.all([set_fedcm_cookie(), set_alt_fedcm_cookie()]); - -promise_test(async t => { - const window_loaded = new Promise(resolve => { - window.addEventListener('load', async () => { - const first_cred = navigator.credentials.get(request_options_with_mediation_required()); - const second_cred = navigator.credentials.get(alt_request_options_with_mediation_required()); - await cookies_promise; - await fedcm_select_account_promise(t, 0); - await promise_rejects_dom(t, 'NetworkError', second_cred); - const first = await first_cred; - assert_equals(first.token, "token"); - resolve(); - }); - }); - await window_loaded; -}, "No `get` calls before onload, multiple `get` calls during onload are allowed."); - -</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-after-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-after-onload.https.html deleted file mode 100644 index de6a7c5371..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-after-onload.https.html +++ /dev/null @@ -1,29 +0,0 @@ -<!DOCTYPE html> -<title>Federated Credential Management API multi IDP single get after onload test.</title> -<link rel="help" href="https://fedidcg.github.io/FedCM"> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> - -<body> - -<script type="module"> -import {set_fedcm_cookie, - request_options_with_mediation_required, - fedcm_get_and_select_first_account} from '../support/fedcm-helper.sub.js'; - -const window_loaded = new Promise(resolve => { - window.addEventListener('load', () => { - resolve(); - }); -}); - -promise_test(async t => { - await set_fedcm_cookie(); - await window_loaded; - const cred = await fedcm_get_and_select_first_account(t, request_options_with_mediation_required()); - assert_equals(cred.token, "token"); -}, "Single `get` call after onload is allowed."); - -</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-before-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-before-onload.https.html deleted file mode 100644 index 0ac9b0e920..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-before-onload.https.html +++ /dev/null @@ -1,37 +0,0 @@ -<!DOCTYPE html> -<title>Federated Credential Management API multi IDP single get before onload test.</title> -<link rel="help" href="https://fedidcg.github.io/FedCM"> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> - -<body> - -<script type="module"> -import {set_fedcm_cookie, - request_options_with_mediation_required, - fedcm_select_account_promise} from '../support/fedcm-helper.sub.js'; - -let has_window_loaded = false; -const window_loaded = new Promise(resolve => { - window.addEventListener('load', () => { - has_window_loaded = true; - resolve(); - }); -}); - -promise_test(async t => { - const first_cred = navigator.credentials.get(request_options_with_mediation_required()); - assert_false(has_window_loaded); - await set_fedcm_cookie(); - await window_loaded; - assert_true(has_window_loaded); - - // Select first account after onload. - await fedcm_select_account_promise(t, 0); - const first = await first_cred; - assert_equals(first.token, "token"); -}, "Single `get` call before onload is allowed even if account is selected after."); - -</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-during-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-during-onload.https.html deleted file mode 100644 index 832565744d..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-during-onload.https.html +++ /dev/null @@ -1,30 +0,0 @@ -<!DOCTYPE html> -<title>Federated Credential Management API multi IDP single get during onload test.</title> -<link rel="help" href="https://fedidcg.github.io/FedCM"> -<script src="/resources/testharness.js"></script> -<script src="/resources/testharnessreport.js"></script> -<script src="/resources/testdriver.js"></script> -<script src="/resources/testdriver-vendor.js"></script> - -<body> - -<script type="module"> -import {request_options_with_mediation_required, - set_fedcm_cookie, - fedcm_get_and_select_first_account} from '../support/fedcm-helper.sub.js'; - -promise_test(async t => { - const window_loaded = new Promise(resolve => { - window.addEventListener('load', async () => { - await set_fedcm_cookie(); - const first_cred = fedcm_get_and_select_first_account(t, - request_options_with_mediation_required()); - const cred = await first_cred; - assert_equals(cred.token, "token"); - resolve(); - }); - }); - await window_loaded; -}, "Single `get` call during onload is allowed."); - -</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-register/fedcm-no-registered-idps.https.html b/testing/web-platform/tests/credential-management/fedcm-register/fedcm-no-registered-idps.https.html new file mode 100644 index 0000000000..7be2d397e6 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-register/fedcm-no-registered-idps.https.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<title>Federated Credential Management API network request tests.</title> +<link rel="help" href="https://fedidcg.github.io/FedCM"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/resources/testdriver.js"></script> +<script src="/resources/testdriver-vendor.js"></script> + +<body> + +<script type="module"> +promise_test(async t => { + const cred = navigator.credentials.get({ + identity: { + providers: [{ + configURL: "any", + clientId: "na", + nonce: "1" + }] + } + }); + return promise_rejects_dom(t, 'NetworkError', cred); +}, "When no providers are registered an error should be returned."); + +</script> diff --git a/testing/web-platform/tests/credential-management/fedcm-same-site-none/fedcm-same-site-none.https.html b/testing/web-platform/tests/credential-management/fedcm-same-site-none/fedcm-same-site-none.https.html index 77ecdaff9f..d3d20ea9df 100644 --- a/testing/web-platform/tests/credential-management/fedcm-same-site-none/fedcm-same-site-none.https.html +++ b/testing/web-platform/tests/credential-management/fedcm-same-site-none/fedcm-same-site-none.https.html @@ -20,6 +20,6 @@ fedcm_test(async t => { const cred = await fedcm_get_and_select_first_account(t, options); assert_equals(cred.token, "token"); assert_equals(cred.isAutoSelected, false); -}, "FedCM requests should be considered cross-origin and therefore not send SameSite=Strict cookies."); +}, "FedCM requests should be considered cross-origin and therefore not send SameSite=Strict or Lax cookies."); </script> diff --git a/testing/web-platform/tests/credential-management/fedcm-token-returned-with-http-error.https.html b/testing/web-platform/tests/credential-management/fedcm-token-returned-with-http-error.https.html index 2337829add..7c7687f00f 100644 --- a/testing/web-platform/tests/credential-management/fedcm-token-returned-with-http-error.https.html +++ b/testing/web-platform/tests/credential-management/fedcm-token-returned-with-http-error.https.html @@ -8,6 +8,7 @@ <script type="module"> import {request_options_with_mediation_required, + fedcm_error_dialog_click_button, fedcm_test, select_manifest, fedcm_get_and_select_first_account} from './support/fedcm-helper.sub.js'; @@ -18,6 +19,15 @@ fedcm_test(async t => { await select_manifest(t, test_options); const cred = fedcm_get_and_select_first_account(t, test_options); - return promise_rejects_dom(t, 'NetworkError', cred); + fedcm_error_dialog_click_button(t, "ErrorGotIt"); + try { + await cred; + assert_unreached("An IdentityCredentialError exception should be thrown."); + } catch (e) { + assert_true(e instanceof DOMException); + assert_equals(e.name, "IdentityCredentialError"); + assert_equals(e.code, ""); + assert_equals(e.url, ""); + } }, 'Test that the promise will be rejected if the response has http error'); </script> diff --git a/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js b/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js index f0031fa531..308950e1e2 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js +++ b/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js @@ -1,6 +1,7 @@ export const manifest_origin = "https://{{host}}:{{ports[https][0]}}"; export const alt_manifest_origin = 'https://{{hosts[alt][]}}:{{ports[https][0]}}'; export const same_site_manifest_origin = 'https://{{hosts[][www1]}}:{{ports[https][0]}}'; +export const default_manifest_path = '/credential-management/support/fedcm/manifest.py'; export function open_and_wait_for_popup(origin, path) { return new Promise(resolve => { @@ -100,6 +101,25 @@ credential-management/support/fedcm/${manifest_filename}`; }; } +export function request_options_with_two_idps(mediation = 'required') { + const first_config = `${manifest_origin}${default_manifest_path}`; + const second_config = `${alt_manifest_origin}${default_manifest_path}`; + return { + identity: { + providers: [{ + configURL: first_config, + clientId: '123', + nonce: 'N1' + }, + { + configURL: second_config, + clientId: '456', + nonce: 'N2' + }], + }, + mediation: mediation + }; +} // Test wrapper which does FedCM-specific setup. export function fedcm_test(test_func, test_name) { diff --git a/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py b/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py index a6f385feac..796ac003cb 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py @@ -7,6 +7,8 @@ def main(request, response): return request_error if request.cookies.get(b"same_site_strict") == b"1": return (546, [], "Should not send SameSite=Strict cookies") + if request.cookies.get(b"same_site_lax") == b"1": + return (547, [], "Should not send SameSite=Lax cookies") if request.headers.get(b"Sec-Fetch-Site") != b"cross-site": return (538, [], "Wrong Sec-Fetch-Site header") diff --git a/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py b/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py index 1b4831b51d..2a580e0f3f 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") account = request.POST.get(b"account_id").decode("utf-8") nonce = request.POST.get(b"nonce").decode("utf-8") diff --git a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py index 6c610e6e20..08c28e32b7 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py @@ -63,12 +63,16 @@ def accountsCheck(request): return (539, [], "Should not have Origin") def tokenCheck(request): - common_error = commonCheck(request) + common_error = commonCheck(request, b"cors") if (common_error): return common_error common_credentialed_error = commonCredentialedRequestCheck(request) if (common_credentialed_error): return common_credentialed_error + # The value of the Sec-Fetch-Site header can vary depending on the IdP origin + # but it should not be 'none'. + if request.headers.get(b"Sec-Fetch-Site") == b"none": + return (538, [], "Wrong Sec-Fetch-Site header") post_error = commonPostCheck(request) if (post_error): @@ -86,8 +90,9 @@ def revokeCheck(request): if (common_error): return common_error - if request.cookies.get(b"cookie") != b"1": - return (537, [], "Missing cookie") + common_credentialed_error = commonCredentialedRequestCheck(request) + if (common_credentialed_error): + return common_credentialed_error # The value of the Sec-Fetch-Site header can vary depending on the IdP origin # but it should not be 'none'. if request.headers.get(b"Sec-Fetch-Site") == b"none": diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py b/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py index 8a4b3a234b..4e55bf27f6 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py @@ -7,6 +7,8 @@ def main(request, response): return request_error if request.cookies.get(b"same_site_strict") == b"1": return (546, [], "Should not send SameSite=Strict cookies") + if request.cookies.get(b"same_site_lax") == b"1": + return (547, [], "Should not send SameSite=Lax cookies") response.headers.set(b"Content-Type", b"application/json") response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py index 52fb20184b..04e7b5b56b 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") account_id = request.POST.get(b"account_id") return "{\"token\": \"account_id=" + account_id.decode("utf-8") + "\"}" diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py index 93ccf3ee7e..3e011ce788 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") is_auto_selected = request.POST.get(b"is_auto_selected") return "{\"token\": \"is_auto_selected=" + is_auto_selected.decode("utf-8") + "\"}" diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py index c8d95ab63d..05b9945ba8 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") response.status = (403, b"Forbidden") return "{\"token\": \"token\"}" diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py index 515736416f..add634c99b 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") rp_mode = request.POST.get(b"mode") return "{\"token\": \"mode=" + rp_mode.decode("utf-8") + "\"}" diff --git a/testing/web-platform/tests/credential-management/support/set_cookie.headers b/testing/web-platform/tests/credential-management/support/set_cookie.headers index 4226ff4c99..df223115a7 100644 --- a/testing/web-platform/tests/credential-management/support/set_cookie.headers +++ b/testing/web-platform/tests/credential-management/support/set_cookie.headers @@ -1,3 +1,4 @@ Content-Type: text/html -Set-Cookie: cookie=1; SameSite=None; Secure -Set-Cookie: same_site_strict=1; SameSite=Strict; Secure +Set-Cookie: cookie=1; SameSite=None; Secure; Path=/ +Set-Cookie: same_site_strict=1; SameSite=Strict; Secure; Path=/ +Set-Cookie: same_site_lax=1; SameSite=Lax; Secure; Path=/ |