From a90a5cba08fdf6c0ceb95101c275108a152a3aed Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 12 Jun 2024 07:35:37 +0200 Subject: Merging upstream version 127.0. Signed-off-by: Daniel Baumann --- .../support/fedcm-helper.sub.js | 20 ++++++++++++++++++++ .../support/fedcm/accounts_check_same_site_strict.py | 2 ++ .../support/fedcm/continue_on.py | 2 ++ .../support/fedcm/request-params-check.py | 11 ++++++++--- .../support/fedcm/token_check_same_site_strict.py | 2 ++ .../support/fedcm/token_with_account_id.py | 2 ++ .../support/fedcm/token_with_auto_selected_flag.py | 2 ++ .../support/fedcm/token_with_http_error.py | 2 ++ .../support/fedcm/token_with_rp_mode.py | 2 ++ .../credential-management/support/set_cookie.headers | 5 +++-- 10 files changed, 45 insertions(+), 5 deletions(-) (limited to 'testing/web-platform/tests/credential-management/support') diff --git a/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js b/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js index f0031fa531..308950e1e2 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js +++ b/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js @@ -1,6 +1,7 @@ export const manifest_origin = "https://{{host}}:{{ports[https][0]}}"; export const alt_manifest_origin = 'https://{{hosts[alt][]}}:{{ports[https][0]}}'; export const same_site_manifest_origin = 'https://{{hosts[][www1]}}:{{ports[https][0]}}'; +export const default_manifest_path = '/credential-management/support/fedcm/manifest.py'; export function open_and_wait_for_popup(origin, path) { return new Promise(resolve => { @@ -100,6 +101,25 @@ credential-management/support/fedcm/${manifest_filename}`; }; } +export function request_options_with_two_idps(mediation = 'required') { + const first_config = `${manifest_origin}${default_manifest_path}`; + const second_config = `${alt_manifest_origin}${default_manifest_path}`; + return { + identity: { + providers: [{ + configURL: first_config, + clientId: '123', + nonce: 'N1' + }, + { + configURL: second_config, + clientId: '456', + nonce: 'N2' + }], + }, + mediation: mediation + }; +} // Test wrapper which does FedCM-specific setup. export function fedcm_test(test_func, test_name) { diff --git a/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py b/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py index a6f385feac..796ac003cb 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py @@ -7,6 +7,8 @@ def main(request, response): return request_error if request.cookies.get(b"same_site_strict") == b"1": return (546, [], "Should not send SameSite=Strict cookies") + if request.cookies.get(b"same_site_lax") == b"1": + return (547, [], "Should not send SameSite=Lax cookies") if request.headers.get(b"Sec-Fetch-Site") != b"cross-site": return (538, [], "Wrong Sec-Fetch-Site header") diff --git a/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py b/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py index 1b4831b51d..2a580e0f3f 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") account = request.POST.get(b"account_id").decode("utf-8") nonce = request.POST.get(b"nonce").decode("utf-8") diff --git a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py index 6c610e6e20..08c28e32b7 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py @@ -63,12 +63,16 @@ def accountsCheck(request): return (539, [], "Should not have Origin") def tokenCheck(request): - common_error = commonCheck(request) + common_error = commonCheck(request, b"cors") if (common_error): return common_error common_credentialed_error = commonCredentialedRequestCheck(request) if (common_credentialed_error): return common_credentialed_error + # The value of the Sec-Fetch-Site header can vary depending on the IdP origin + # but it should not be 'none'. + if request.headers.get(b"Sec-Fetch-Site") == b"none": + return (538, [], "Wrong Sec-Fetch-Site header") post_error = commonPostCheck(request) if (post_error): @@ -86,8 +90,9 @@ def revokeCheck(request): if (common_error): return common_error - if request.cookies.get(b"cookie") != b"1": - return (537, [], "Missing cookie") + common_credentialed_error = commonCredentialedRequestCheck(request) + if (common_credentialed_error): + return common_credentialed_error # The value of the Sec-Fetch-Site header can vary depending on the IdP origin # but it should not be 'none'. if request.headers.get(b"Sec-Fetch-Site") == b"none": diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py b/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py index 8a4b3a234b..4e55bf27f6 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py @@ -7,6 +7,8 @@ def main(request, response): return request_error if request.cookies.get(b"same_site_strict") == b"1": return (546, [], "Should not send SameSite=Strict cookies") + if request.cookies.get(b"same_site_lax") == b"1": + return (547, [], "Should not send SameSite=Lax cookies") response.headers.set(b"Content-Type", b"application/json") response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py index 52fb20184b..04e7b5b56b 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") account_id = request.POST.get(b"account_id") return "{\"token\": \"account_id=" + account_id.decode("utf-8") + "\"}" diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py index 93ccf3ee7e..3e011ce788 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") is_auto_selected = request.POST.get(b"is_auto_selected") return "{\"token\": \"is_auto_selected=" + is_auto_selected.decode("utf-8") + "\"}" diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py index c8d95ab63d..05b9945ba8 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") response.status = (403, b"Forbidden") return "{\"token\": \"token\"}" diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py index 515736416f..add634c99b 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") rp_mode = request.POST.get(b"mode") return "{\"token\": \"mode=" + rp_mode.decode("utf-8") + "\"}" diff --git a/testing/web-platform/tests/credential-management/support/set_cookie.headers b/testing/web-platform/tests/credential-management/support/set_cookie.headers index 4226ff4c99..df223115a7 100644 --- a/testing/web-platform/tests/credential-management/support/set_cookie.headers +++ b/testing/web-platform/tests/credential-management/support/set_cookie.headers @@ -1,3 +1,4 @@ Content-Type: text/html -Set-Cookie: cookie=1; SameSite=None; Secure -Set-Cookie: same_site_strict=1; SameSite=Strict; Secure +Set-Cookie: cookie=1; SameSite=None; Secure; Path=/ +Set-Cookie: same_site_strict=1; SameSite=Strict; Secure; Path=/ +Set-Cookie: same_site_lax=1; SameSite=Lax; Secure; Path=/ -- cgit v1.2.3