From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- .../cleardata/tests/browser/browser.toml | 29 + .../cleardata/tests/browser/browser_auth_tokens.js | 108 ++++ .../cleardata/tests/browser/browser_css_cache.js | 129 +++++ .../cleardata/tests/browser/browser_image_cache.js | 219 ++++++++ .../tests/browser/browser_preflight_cache.js | 166 ++++++ .../cleardata/tests/browser/browser_quota.js | 318 +++++++++++ .../tests/browser/browser_serviceworkers.js | 287 ++++++++++ .../tests/browser/browser_sessionStorage.js | 235 ++++++++ .../tests/browser/file_cors_preflight.sjs | 38 ++ .../cleardata/tests/browser/file_css_cache.css | 3 + .../cleardata/tests/browser/file_css_cache.html | 6 + .../cleardata/tests/browser/file_image_cache.html | 7 + .../cleardata/tests/browser/file_image_cache.jpg | Bin 0 -> 361 bytes .../components/cleardata/tests/browser/worker.js | 1 + .../cleardata/tests/marionette/manifest.toml | 5 + .../test_moved_origin_directory_cleanup.py | 142 +++++ .../marionette/test_service_worker_at_shutdown.py | 62 ++ toolkit/components/cleardata/tests/unit/head.js | 27 + .../components/cleardata/tests/unit/test_basic.js | 19 + .../tests/unit/test_bounce_tracking_protection.js | 625 +++++++++++++++++++++ .../components/cleardata/tests/unit/test_certs.js | 233 ++++++++ .../tests/unit/test_cookie_banner_handling.js | 328 +++++++++++ .../cleardata/tests/unit/test_cookies.js | 393 +++++++++++++ .../cleardata/tests/unit/test_downloads.js | 310 ++++++++++ .../unit/test_fingerprinting_protection_state.js | 161 ++++++ .../tests/unit/test_identity_credential_storage.js | 121 ++++ .../cleardata/tests/unit/test_network_cache.js | 316 +++++++++++ .../cleardata/tests/unit/test_passwords.js | 89 +++ .../cleardata/tests/unit/test_permissions.js | 471 ++++++++++++++++ .../components/cleardata/tests/unit/test_quota.js | 537 ++++++++++++++++++ .../cleardata/tests/unit/test_security_settings.js | 279 +++++++++ .../tests/unit/test_storage_permission.js | 398 +++++++++++++ .../components/cleardata/tests/unit/xpcshell.toml | 40 ++ 33 files changed, 6102 insertions(+) create mode 100644 toolkit/components/cleardata/tests/browser/browser.toml create mode 100644 toolkit/components/cleardata/tests/browser/browser_auth_tokens.js create mode 100644 toolkit/components/cleardata/tests/browser/browser_css_cache.js create mode 100644 toolkit/components/cleardata/tests/browser/browser_image_cache.js create mode 100644 toolkit/components/cleardata/tests/browser/browser_preflight_cache.js create mode 100644 toolkit/components/cleardata/tests/browser/browser_quota.js create mode 100644 toolkit/components/cleardata/tests/browser/browser_serviceworkers.js create mode 100644 toolkit/components/cleardata/tests/browser/browser_sessionStorage.js create mode 100644 toolkit/components/cleardata/tests/browser/file_cors_preflight.sjs create mode 100644 toolkit/components/cleardata/tests/browser/file_css_cache.css create mode 100644 toolkit/components/cleardata/tests/browser/file_css_cache.html create mode 100644 toolkit/components/cleardata/tests/browser/file_image_cache.html create mode 100644 toolkit/components/cleardata/tests/browser/file_image_cache.jpg create mode 100644 toolkit/components/cleardata/tests/browser/worker.js create mode 100644 toolkit/components/cleardata/tests/marionette/manifest.toml create mode 100644 toolkit/components/cleardata/tests/marionette/test_moved_origin_directory_cleanup.py create mode 100644 toolkit/components/cleardata/tests/marionette/test_service_worker_at_shutdown.py create mode 100644 toolkit/components/cleardata/tests/unit/head.js create mode 100644 toolkit/components/cleardata/tests/unit/test_basic.js create mode 100644 toolkit/components/cleardata/tests/unit/test_bounce_tracking_protection.js create mode 100644 toolkit/components/cleardata/tests/unit/test_certs.js create mode 100644 toolkit/components/cleardata/tests/unit/test_cookie_banner_handling.js create mode 100644 toolkit/components/cleardata/tests/unit/test_cookies.js create mode 100644 toolkit/components/cleardata/tests/unit/test_downloads.js create mode 100644 toolkit/components/cleardata/tests/unit/test_fingerprinting_protection_state.js create mode 100644 toolkit/components/cleardata/tests/unit/test_identity_credential_storage.js create mode 100644 toolkit/components/cleardata/tests/unit/test_network_cache.js create mode 100644 toolkit/components/cleardata/tests/unit/test_passwords.js create mode 100644 toolkit/components/cleardata/tests/unit/test_permissions.js create mode 100644 toolkit/components/cleardata/tests/unit/test_quota.js create mode 100644 toolkit/components/cleardata/tests/unit/test_security_settings.js create mode 100644 toolkit/components/cleardata/tests/unit/test_storage_permission.js create mode 100644 toolkit/components/cleardata/tests/unit/xpcshell.toml (limited to 'toolkit/components/cleardata/tests') diff --git a/toolkit/components/cleardata/tests/browser/browser.toml b/toolkit/components/cleardata/tests/browser/browser.toml new file mode 100644 index 0000000000..16ecffce02 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser.toml @@ -0,0 +1,29 @@ +[DEFAULT] + +["browser_auth_tokens.js"] + +["browser_css_cache.js"] +https_first_disabled = true +support-files = [ + "file_css_cache.css", + "file_css_cache.html" +] + +["browser_image_cache.js"] +https_first_disabled = true +support-files = [ + "file_image_cache.html", + "file_image_cache.jpg" +] + +["browser_preflight_cache.js"] +https_first_disabled = true +support-files = ["file_cors_preflight.sjs"] + +["browser_quota.js"] +support-files = ["worker.js"] + +["browser_serviceworkers.js"] + +["browser_sessionStorage.js"] +https_first_disabled = true diff --git a/toolkit/components/cleardata/tests/browser/browser_auth_tokens.js b/toolkit/components/cleardata/tests/browser/browser_auth_tokens.js new file mode 100644 index 0000000000..e62c8b4ac4 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_auth_tokens.js @@ -0,0 +1,108 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +/** + * Tests for AuthTokensCleaner. + */ + +const TEST_SECRET = "secret"; +const TEST_PRINCIPAL = + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://example.com" + ); +const TEST_CLEAR_DATA_FLAGS = Services.clearData.CLEAR_AUTH_TOKENS; + +const pk11db = Cc["@mozilla.org/security/pk11tokendb;1"].getService( + Ci.nsIPK11TokenDB +); + +const { LoginTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/LoginTestUtils.sys.mjs" +); + +function testLoggedIn(isLoggedIn) { + Assert.equal( + pk11db.getInternalKeyToken().isLoggedIn(), + isLoggedIn, + `Should ${isLoggedIn ? "" : "not "}be logged in` + ); + pk11db.getInternalKeyToken().isLoggedIn(); +} + +function clearData({ deleteBy = "all", hasUserInput = false } = {}) { + return new Promise(resolve => { + if (deleteBy == "principal") { + Services.clearData.deleteDataFromPrincipal( + TEST_PRINCIPAL, + hasUserInput, + TEST_CLEAR_DATA_FLAGS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + } else if (deleteBy == "baseDomain") { + Services.clearData.deleteDataFromBaseDomain( + TEST_PRINCIPAL.baseDomain, + hasUserInput, + TEST_CLEAR_DATA_FLAGS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + } else { + Services.clearData.deleteData(TEST_CLEAR_DATA_FLAGS, value => { + Assert.equal(value, 0); + resolve(); + }); + } + }); +} + +function runTest({ deleteBy, hasUserInput }) { + testLoggedIn(false); + + info("Setup primary password and login"); + LoginTestUtils.primaryPassword.enable(true); + testLoggedIn(true); + + info( + `Clear AuthTokensCleaner data for ${deleteBy}, hasUserInput: ${hasUserInput}` + ); + clearData({ deleteBy, hasUserInput }); + + // The auth tokens cleaner cannot delete by principal or baseDomain + // (yet). If this method is called, it will check whether the used requested + // the clearing. If the user requested clearing, it will over-clear (clear + // all data). If the request didn't come from the user, for example from the + // PurgeTrackerService, it will not clear anything to avoid clearing storage + // unrelated to the baseDomain or principal. + let isCleared = deleteBy == "all" || hasUserInput; + testLoggedIn(!isCleared); + + // Cleanup + let sdr = Cc["@mozilla.org/security/sdr;1"].getService( + Ci.nsISecretDecoderRing + ); + sdr.logoutAndTeardown(); + LoginTestUtils.primaryPassword.disable(); +} + +add_task(async function test_deleteAll() { + runTest({ deleteBy: "all" }); +}); + +add_task(async function test_deleteByPrincipal() { + for (let hasUserInput of [false, true]) { + runTest({ deleteBy: "principal", hasUserInput }); + } +}); + +add_task(async function test_deleteByBaseDomain() { + for (let hasUserInput of [false, true]) { + runTest({ deleteBy: "baseDomain", hasUserInput }); + } +}); diff --git a/toolkit/components/cleardata/tests/browser/browser_css_cache.js b/toolkit/components/cleardata/tests/browser/browser_css_cache.js new file mode 100644 index 0000000000..47088e5011 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_css_cache.js @@ -0,0 +1,129 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const BASE_DOMAIN_A = "example.com"; +const ORIGIN_A = `https://${BASE_DOMAIN_A}`; +const ORIGIN_A_HTTP = `http://${BASE_DOMAIN_A}`; +const ORIGIN_A_SUB = `https://test1.${BASE_DOMAIN_A}`; + +const BASE_DOMAIN_B = "example.org"; +const ORIGIN_B = `https://${BASE_DOMAIN_B}`; +const ORIGIN_B_HTTP = `http://${BASE_DOMAIN_B}`; +const ORIGIN_B_SUB = `https://test1.${BASE_DOMAIN_B}`; + +const TEST_ROOT_DIR = getRootDirectory(gTestPath); + +// Stylesheets are cached per process, so we need to keep tabs open for the +// duration of a test. +let tabs = {}; + +function getTestURLForOrigin(origin) { + return ( + TEST_ROOT_DIR.replace("chrome://mochitests/content", origin) + + "file_css_cache.html" + ); +} + +async function testCached(origin, isCached) { + let url = getTestURLForOrigin(origin); + + let numParsed; + + let tab = tabs[origin]; + let loadedPromise; + if (!tab) { + info("Creating new tab for " + url); + tab = BrowserTestUtils.addTab(gBrowser, url); + loadedPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser); + tabs[origin] = tab; + } else { + loadedPromise = BrowserTestUtils.browserLoaded(tab.linkedBrowser); + tab.linkedBrowser.reload(); + } + await loadedPromise; + + numParsed = await SpecialPowers.spawn(tab.linkedBrowser, [], () => { + return SpecialPowers.getDOMWindowUtils(content).parsedStyleSheets; + }); + + // Stylesheets is cached if numParsed is 0. + is(!numParsed, isCached, `${origin} is${isCached ? " " : " not "}cached`); +} + +async function addTestTabs() { + await testCached(ORIGIN_A, false); + await testCached(ORIGIN_A_SUB, false); + await testCached(ORIGIN_A_HTTP, false); + await testCached(ORIGIN_B, false); + await testCached(ORIGIN_B_SUB, false); + await testCached(ORIGIN_B_HTTP, false); + // Test that the cache has been populated. + await testCached(ORIGIN_A, true); + await testCached(ORIGIN_A_SUB, true); + await testCached(ORIGIN_A_HTTP, true); + await testCached(ORIGIN_B, true); + await testCached(ORIGIN_B_SUB, true); + await testCached(ORIGIN_B_HTTP, true); +} + +async function cleanupTestTabs() { + Object.values(tabs).forEach(BrowserTestUtils.removeTab); + tabs = {}; +} + +add_task(async function test_deleteByPrincipal() { + await addTestTabs(); + + // Clear data for content principal of A + info("Clearing cache for principal " + ORIGIN_A); + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin(ORIGIN_A), + false, + Ci.nsIClearDataService.CLEAR_CSS_CACHE, + resolve + ); + }); + + // Only the cache entry for ORIGIN_A should have been cleared. + await testCached(ORIGIN_A, false); + await testCached(ORIGIN_A_SUB, true); + await testCached(ORIGIN_A_HTTP, true); + await testCached(ORIGIN_B, true); + await testCached(ORIGIN_B_SUB, true); + await testCached(ORIGIN_B_HTTP, true); + + // Cleanup + cleanupTestTabs(); + ChromeUtils.clearStyleSheetCache(); +}); + +add_task(async function test_deleteByBaseDomain() { + await addTestTabs(); + + // Clear data for base domain of A. + info("Clearing cache for base domain " + BASE_DOMAIN_A); + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + BASE_DOMAIN_A, + false, + Ci.nsIClearDataService.CLEAR_CSS_CACHE, + resolve + ); + }); + + // All entries for A should have been cleared. + await testCached(ORIGIN_A, false); + await testCached(ORIGIN_A_SUB, false); + await testCached(ORIGIN_A_HTTP, false); + // Entries for B should still exist. + await testCached(ORIGIN_B, true); + await testCached(ORIGIN_B_SUB, true); + await testCached(ORIGIN_B_HTTP, true); + + // Cleanup + cleanupTestTabs(); + ChromeUtils.clearStyleSheetCache(); +}); diff --git a/toolkit/components/cleardata/tests/browser/browser_image_cache.js b/toolkit/components/cleardata/tests/browser/browser_image_cache.js new file mode 100644 index 0000000000..d7116d2502 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_image_cache.js @@ -0,0 +1,219 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const BASE_DOMAIN_A = "example.com"; +const ORIGIN_A = `https://${BASE_DOMAIN_A}`; +const ORIGIN_A_HTTP = `http://${BASE_DOMAIN_A}`; +const ORIGIN_A_SUB = `https://test1.${BASE_DOMAIN_A}`; + +const BASE_DOMAIN_B = "example.org"; +const ORIGIN_B = `https://${BASE_DOMAIN_B}`; +const ORIGIN_B_HTTP = `http://${BASE_DOMAIN_B}`; +const ORIGIN_B_SUB = `https://test1.${BASE_DOMAIN_B}`; + +const TEST_ROOT_DIR = getRootDirectory(gTestPath); + +// Images are cached per process, so we need to keep tabs open for the +// duration of a test. +let originToTabs = {}; + +function getTestURLForOrigin(origin) { + return TEST_ROOT_DIR.replace("chrome://mochitests/content", origin); +} + +async function testCached(origin, isCached, testPartitioned = false) { + let tabs = originToTabs[origin]; + + for (let tab of tabs) { + // For the partition test we inspect the cache state of the iframe. + let browsingContext = testPartitioned + ? tab.linkedBrowser.browsingContext.children[0] + : tab.linkedBrowser.browsingContext; + let actualCached = await SpecialPowers.spawn(browsingContext, [], () => { + let imgUrl = content.document.querySelector("img").src; + let imageCache = SpecialPowers.Cc[ + "@mozilla.org/image/tools;1" + ].getService(Ci.imgITools); + let uri = SpecialPowers.Services.io.newURI(imgUrl); + let properties = imageCache + .getImgCacheForDocument(content.document) + .findEntryProperties(uri, content.document); + return !!properties; + }); + + let msg = `${origin}${isCached ? " " : " not "}cached`; + if (testPartitioned) { + msg = "Partitioned under " + msg; + } + + is(actualCached, isCached, msg); + } +} + +/** + * Creates tabs and loads images in first party and third party context. + * @returns {Promise} - Promise which resolves once all tabs are initialized, + * {@link originToTabs} is populated and (sub-)resources have loaded. + */ +function addTestTabs() { + // Adding two tabs for ORIGIN_A so we can test clearing for a principal + // cross-process (non-fission). + let promises = [ + [ORIGIN_A, ORIGIN_B], + [ORIGIN_A, ORIGIN_B], + [ORIGIN_A_SUB, ORIGIN_B_SUB], + [ORIGIN_A_HTTP, ORIGIN_B_HTTP], + [ORIGIN_B, ORIGIN_A], + [ORIGIN_B_SUB, ORIGIN_A_SUB], + [ORIGIN_B_HTTP, ORIGIN_A_HTTP], + ].map(async ([firstParty, thirdParty]) => { + let urlFirstParty = + getTestURLForOrigin(firstParty) + "file_image_cache.html"; + let urlThirdParty = + getTestURLForOrigin(thirdParty) + "file_image_cache.html"; + + info("Creating new tab for " + urlFirstParty); + let tab = BrowserTestUtils.addTab(gBrowser, urlFirstParty); + await BrowserTestUtils.browserLoaded(tab.linkedBrowser); + + info("Creating iframe for " + urlThirdParty); + await SpecialPowers.spawn(tab.linkedBrowser, [urlThirdParty], async url => { + let iframe = content.document.createElement("iframe"); + iframe.src = url; + + let loadPromise = ContentTaskUtils.waitForEvent(iframe, "load", false); + content.document.body.appendChild(iframe); + await loadPromise; + }); + + let tabs = originToTabs[firstParty]; + if (!tabs) { + tabs = []; + originToTabs[firstParty] = tabs; + } + tabs.push(tab); + }); + + return Promise.all(promises); +} + +function cleanup() { + Object.values(originToTabs).flat().forEach(BrowserTestUtils.removeTab); + originToTabs = {}; + let imageCache = Cc["@mozilla.org/image/tools;1"] + .getService(Ci.imgITools) + .getImgCacheForDocument(null); + imageCache.clearCache(false); + imageCache.clearCache(true); +} + +add_setup(function () { + cleanup(); +}); + +add_task(async function test_deleteByPrincipal() { + await addTestTabs(); + + // Clear data for content principal of A + info("Clearing cache for principal " + ORIGIN_A); + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + Services.scriptSecurityManager.createContentPrincipalFromOrigin(ORIGIN_A), + false, + Ci.nsIClearDataService.CLEAR_IMAGE_CACHE, + resolve + ); + }); + + // Only the cache entry for ORIGIN_A should have been cleared. + await testCached(ORIGIN_A, false); + await testCached(ORIGIN_A_SUB, true); + await testCached(ORIGIN_A_HTTP, true); + await testCached(ORIGIN_B, true); + await testCached(ORIGIN_B_SUB, true); + await testCached(ORIGIN_B_HTTP, true); + + // No partitioned cache should have been cleared. + await testCached(ORIGIN_A, true, true); + await testCached(ORIGIN_A_SUB, true, true); + await testCached(ORIGIN_A_HTTP, true, true); + // TODO: ImageCacheCleaner deleteByPrincipal does not look at the cache key's + // isolationKey and thus over-clears. In this case it clears cache for A + // partitioned under B, even though the test principal does not set a + // partitionKey. + // See Bug 1713088. + await testCached(ORIGIN_B, false, true); + await testCached(ORIGIN_B_SUB, true, true); + await testCached(ORIGIN_B_HTTP, true, true); + + cleanup(); +}); + +add_task(async function test_deleteByBaseDomain() { + await addTestTabs(); + + // Clear data for base domain of A. + info("Clearing cache for base domain " + BASE_DOMAIN_A); + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + BASE_DOMAIN_A, + false, + Ci.nsIClearDataService.CLEAR_IMAGE_CACHE, + resolve + ); + }); + + // All entries for A should have been cleared. + await testCached(ORIGIN_A, false); + await testCached(ORIGIN_A_SUB, false); + await testCached(ORIGIN_A_HTTP, false); + // Entries for B should still exist. + await testCached(ORIGIN_B, true); + await testCached(ORIGIN_B_SUB, true); + await testCached(ORIGIN_B_HTTP, true); + + // All partitioned entries for B under A should have been cleared. + await testCached(ORIGIN_A, false, true); + await testCached(ORIGIN_A_SUB, false, true); + await testCached(ORIGIN_A_HTTP, false, true); + + // All partitioned entries of A under B should have been cleared. + await testCached(ORIGIN_B, false, true); + await testCached(ORIGIN_B_SUB, false, true); + await testCached(ORIGIN_B_HTTP, false, true); + + cleanup(); +}); + +add_task(async function test_deleteAll() { + await addTestTabs(); + + // Clear the whole image cache across processes. + info("Clearing cache for base domain " + BASE_DOMAIN_A); + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_IMAGE_CACHE, + resolve + ); + }); + + // All entries should have been cleared. + await testCached(ORIGIN_A, false); + await testCached(ORIGIN_A_SUB, false); + await testCached(ORIGIN_A_HTTP, false); + await testCached(ORIGIN_B, false); + await testCached(ORIGIN_B_SUB, false); + await testCached(ORIGIN_B_HTTP, false); + + // All partitioned entries should have been cleared. + await testCached(ORIGIN_A, false, true); + await testCached(ORIGIN_A_SUB, false, true); + await testCached(ORIGIN_A_HTTP, false, true); + await testCached(ORIGIN_B, false, true); + await testCached(ORIGIN_B_SUB, false, true); + await testCached(ORIGIN_B_HTTP, false, true); + + cleanup(); +}); diff --git a/toolkit/components/cleardata/tests/browser/browser_preflight_cache.js b/toolkit/components/cleardata/tests/browser/browser_preflight_cache.js new file mode 100644 index 0000000000..d3eabb9e38 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_preflight_cache.js @@ -0,0 +1,166 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const { SiteDataTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/SiteDataTestUtils.sys.mjs" +); + +const uuidGenerator = Services.uuid; + +const ORIGIN_A = "http://example.net"; +const ORIGIN_B = "http://example.org"; + +const PREFLIGHT_URL_PATH = + "/browser/toolkit/components/cleardata/tests/browser/file_cors_preflight.sjs"; + +const PREFLIGHT_URL_A = ORIGIN_A + PREFLIGHT_URL_PATH; +const PREFLIGHT_URL_B = ORIGIN_B + PREFLIGHT_URL_PATH; + +function testPreflightCached(browser, url, token, isCached) { + return SpecialPowers.spawn( + browser, + [url, token, isCached], + async (url, token, isCached) => { + let response = await content.fetch( + new content.Request(`${url}?token=${token}`, { + mode: "cors", + method: "GET", + headers: [["x-test-header", "check"]], + }) + ); + + let expected = isCached ? "0" : "1"; + is( + await response.text(), + expected, + `Preflight cache for ${url} ${isCached ? "HIT" : "MISS"}.` + ); + } + ); +} + +async function testDeleteAll( + clearDataFlag, + { deleteBy = "all", hasUserInput = false } = {} +) { + await BrowserTestUtils.withNewTab("http://example.com", async browser => { + let token = uuidGenerator.generateUUID().toString(); + + // Populate the preflight cache. + await testPreflightCached(browser, PREFLIGHT_URL_A, token, false); + await testPreflightCached(browser, PREFLIGHT_URL_B, token, false); + // Cache should be populated. + await testPreflightCached(browser, PREFLIGHT_URL_A, token, true); + await testPreflightCached(browser, PREFLIGHT_URL_B, token, true); + + await new Promise(resolve => { + if (deleteBy == "principal") { + Services.clearData.deleteDataFromPrincipal( + browser.contentPrincipal, + hasUserInput, + clearDataFlag, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + } else if (deleteBy == "baseDomain") { + Services.clearData.deleteDataFromBaseDomain( + browser.contentPrincipal.baseDomain, + hasUserInput, + clearDataFlag, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + } else { + Services.clearData.deleteData(clearDataFlag, value => { + Assert.equal(value, 0); + resolve(); + }); + } + }); + + // The preflight cache cleaner cannot delete by principal or baseDomain + // (Bug 1727141). If this method is called, it will check whether the used + // requested the clearing. If the user requested clearing, it will + // over-clear (clear all data). If the request didn't come from the user, + // for example from the PurgeTrackerService, it will not clear anything to + // avoid clearing storage unrelated to the baseDomain or principal. + let clearedAll = deleteBy == "all" || hasUserInput; + + // Cache should be cleared. + await testPreflightCached(browser, PREFLIGHT_URL_A, token, !clearedAll); + await testPreflightCached(browser, PREFLIGHT_URL_B, token, !clearedAll); + }); + + SiteDataTestUtils.clear(); +} + +add_task(async function test_deleteAll() { + // The cleaner should be called when we target all cleaners, all cache + // cleaners, or just the preflight cache. + let { CLEAR_ALL, CLEAR_ALL_CACHES, CLEAR_PREFLIGHT_CACHE } = + Ci.nsIClearDataService; + + for (let flag of [CLEAR_ALL, CLEAR_ALL_CACHES, CLEAR_PREFLIGHT_CACHE]) { + await testDeleteAll(flag); + } +}); + +add_task(async function test_deleteByPrincipal() { + // The cleaner should be called when we target all cleaners, all cache + // cleaners, or just the preflight cache. + let { CLEAR_ALL, CLEAR_ALL_CACHES, CLEAR_PREFLIGHT_CACHE } = + Ci.nsIClearDataService; + + for (let flag of [CLEAR_ALL, CLEAR_ALL_CACHES, CLEAR_PREFLIGHT_CACHE]) { + for (let hasUserInput of [true, false]) { + await testDeleteAll(flag, { deleteBy: "principal", hasUserInput }); + } + } +}); + +add_task(async function test_deletePrivateBrowsingCache() { + async function deletePrivateBrowsingCache(token) { + const browser = await BrowserTestUtils.openNewBrowserWindow({ + private: true, + }); + + const tab = (browser.gBrowser.selectedTab = BrowserTestUtils.addTab( + browser.gBrowser, + "http://example.com" + )); + await BrowserTestUtils.browserLoaded(tab.linkedBrowser); + + // Populate the preflight cache and make sure it isn't populated right now + await testPreflightCached(tab.linkedBrowser, PREFLIGHT_URL_A, token, false); + await testPreflightCached(tab.linkedBrowser, PREFLIGHT_URL_B, token, false); + // Cache should be populated. + await testPreflightCached(tab.linkedBrowser, PREFLIGHT_URL_A, token, true); + await testPreflightCached(tab.linkedBrowser, PREFLIGHT_URL_B, token, true); + + await browser.close(); + } + + // Disable https_first mode to not upgrade the connection of the main page + // and get "Blocked loading mixed active content" for the CORS request + // making this test case fail. Another solution would be to change all URLs + // to https. + await SpecialPowers.pushPrefEnv({ + set: [["dom.security.https_first_pbm", false]], + }); + + let token = uuidGenerator.generateUUID().toString(); + + // Make sure the CORS preflight cache is cleared between two private + // browsing sessions. Calling this function twice to see if the cache isn't + // populated anymore after the first call. + await deletePrivateBrowsingCache(token); + await deletePrivateBrowsingCache(token); + + await SpecialPowers.clearUserPref("dom.security.https_first_pbm"); +}); diff --git a/toolkit/components/cleardata/tests/browser/browser_quota.js b/toolkit/components/cleardata/tests/browser/browser_quota.js new file mode 100644 index 0000000000..94ff223773 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_quota.js @@ -0,0 +1,318 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// This function adds the quota storage by simpleDB (one of quota clients +// managed by the QuotaManager). In this function, a directory +// ${profile}/storage/default/${origin}/sdb/ and a file inside are expected to +// be added. +async function addQuotaStorage(principal) { + let connection = Cc["@mozilla.org/dom/sdb-connection;1"].createInstance( + Ci.nsISDBConnection + ); + + connection.init(principal); + + await new Promise((aResolve, aReject) => { + let request = connection.open("db"); + request.callback = request => { + if (request.resultCode == Cr.NS_OK) { + aResolve(); + } else { + aReject(request.resultCode); + } + }; + }); + + await new Promise((aResolve, aReject) => { + let request = connection.write(new ArrayBuffer(1)); + request.callback = request => { + if (request.resultCode == Cr.NS_OK) { + aResolve(); + } else { + aReject(request.resultCode); + } + }; + }); +} + +function getPrincipal(url, attr = {}) { + let uri = Services.io.newURI(url); + let ssm = Services.scriptSecurityManager; + + return ssm.createContentPrincipal(uri, attr); +} + +function getProfileDir() { + let directoryService = Services.dirsvc; + + return directoryService.get("ProfD", Ci.nsIFile); +} + +function getRelativeFile(relativePath) { + let profileDir = getProfileDir(); + + let file = profileDir.clone(); + relativePath.split("/").forEach(function (component) { + file.append(component); + }); + + return file; +} + +function getPath(origin) { + // Sanitizing + let regex = /[:\/]/g; + return "storage/default/" + origin.replace(regex, "+"); +} + +// This function checks if the origin has the quota storage by checking whether +// the origin directory of that origin exists or not. +function hasQuotaStorage(origin, attr) { + let path = getPath(origin); + if (attr) { + let principal = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI(origin), + attr + ); + path += principal.originSuffix; + } + + let file = getRelativeFile(path); + return file.exists(); +} + +async function runTest(sites, deleteDataFunc) { + info(`Adding quota storage`); + for (let site of sites) { + const principal = getPrincipal(site.origin, site.originAttributes); + await addQuotaStorage(principal); + } + + info(`Verifying ${deleteDataFunc.name}`); + let site; + while ((site = sites.shift())) { + await new Promise(aResolve => { + deleteDataFunc(...site.args, value => { + Assert.equal(value, 0); + aResolve(); + }); + }); + + ok( + !hasQuotaStorage(site.origin, site.originAttributes), + `${site.origin} has no quota storage` + ); + sites.forEach(remainSite => + ok( + hasQuotaStorage(remainSite.origin, remainSite.originAttributes), + `${remainSite.origin} has quota storage` + ) + ); + } +} + +add_setup(async function () { + await SpecialPowers.pushPrefEnv({ + set: [ + ["dom.quotaManager.testing", true], + ["dom.simpleDB.enabled", true], + ], + }); +}); + +const ORG_DOMAIN = "example.org"; +const ORG_DOMAIN_SUB = `test.${ORG_DOMAIN}`; +const ORG_ORIGIN = `https://${ORG_DOMAIN}`; +const ORG_ORIGIN_SUB = `https://${ORG_DOMAIN_SUB}`; +const COM_DOMAIN = "example.com"; +const COM_ORIGIN = `https://${COM_DOMAIN}`; +const LH_DOMAIN = "localhost"; +const FOO_DOMAIN = "foo.com"; + +add_task(async function test_deleteFromHost() { + const sites = [ + { + args: [ORG_DOMAIN, true, Ci.nsIClearDataService.CLEAR_DOM_QUOTA], + origin: ORG_ORIGIN, + }, + { + args: [COM_DOMAIN, true, Ci.nsIClearDataService.CLEAR_DOM_QUOTA], + origin: COM_ORIGIN, + }, + { + args: [LH_DOMAIN, true, Ci.nsIClearDataService.CLEAR_DOM_QUOTA], + origin: `http://${LH_DOMAIN}:8000`, + }, + { + args: [FOO_DOMAIN, true, Ci.nsIClearDataService.CLEAR_DOM_QUOTA], + origin: `http://${FOO_DOMAIN}`, + originAttributes: { userContextId: 1 }, + }, + ]; + + await runTest(sites, Services.clearData.deleteDataFromHost); +}); + +add_task(async function test_deleteFromPrincipal() { + const sites = [ + { + args: [ + getPrincipal(ORG_ORIGIN), + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + ], + origin: ORG_ORIGIN, + }, + { + args: [ + getPrincipal(COM_ORIGIN), + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + ], + origin: COM_ORIGIN, + }, + ]; + + await runTest(sites, Services.clearData.deleteDataFromPrincipal); +}); + +add_task(async function test_deleteFromOriginAttributes() { + const ORG_OA = { userContextId: 1 }; + const COM_OA = { userContextId: 2 }; + const sites = [ + { + args: [ORG_OA], + origin: ORG_ORIGIN, + originAttributes: ORG_OA, + }, + { + args: [COM_OA], + origin: COM_ORIGIN, + originAttributes: COM_OA, + }, + ]; + + await runTest( + sites, + Services.clearData.deleteDataFromOriginAttributesPattern + ); +}); + +add_task(async function test_deleteAll() { + info(`Adding quota storage`); + await addQuotaStorage(getPrincipal(ORG_ORIGIN)); + await addQuotaStorage(getPrincipal(COM_ORIGIN)); + + info(`Verifying deleteData`); + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + ok(!hasQuotaStorage(ORG_ORIGIN), `${ORG_ORIGIN} has no quota storage`); + ok(!hasQuotaStorage(COM_ORIGIN), `${COM_ORIGIN} has no quota storage`); +}); + +add_task(async function test_deleteSubdomain() { + const ANOTHER_ORIGIN = `https://wwww.${ORG_DOMAIN}`; + info(`Adding quota storage`); + await addQuotaStorage(getPrincipal(ORG_ORIGIN)); + await addQuotaStorage(getPrincipal(ANOTHER_ORIGIN)); + + info(`Verifying deleteDataFromHost for subdomain`); + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + ORG_DOMAIN, + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + ok(!hasQuotaStorage(ORG_ORIGIN), `${ORG_ORIGIN} has no quota storage`); + ok(!hasQuotaStorage(COM_ORIGIN), `${ANOTHER_ORIGIN} has no quota storage`); +}); + +function getOAWithPartitionKey(topLevelBaseDomain, originAttributes = {}) { + if (!topLevelBaseDomain) { + return originAttributes; + } + return { + ...originAttributes, + partitionKey: `(https,${topLevelBaseDomain})`, + }; +} + +add_task(async function test_deleteBaseDomain() { + info("Adding quota storage"); + await addQuotaStorage(getPrincipal(ORG_ORIGIN)); + await addQuotaStorage(getPrincipal(ORG_ORIGIN_SUB)); + await addQuotaStorage(getPrincipal(COM_ORIGIN)); + + info("Adding partitioned quota storage"); + // Partitioned + await addQuotaStorage( + getPrincipal(COM_ORIGIN, getOAWithPartitionKey(ORG_DOMAIN)) + ); + await addQuotaStorage( + getPrincipal(COM_ORIGIN, getOAWithPartitionKey(FOO_DOMAIN)) + ); + await addQuotaStorage( + getPrincipal(ORG_ORIGIN, getOAWithPartitionKey(COM_DOMAIN)) + ); + + info(`Verifying deleteDataFromBaseDomain`); + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + ORG_DOMAIN, + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + ok(!hasQuotaStorage(ORG_ORIGIN), `${ORG_ORIGIN} has no quota storage`); + ok( + !hasQuotaStorage(ORG_ORIGIN_SUB), + `${ORG_ORIGIN_SUB} has no quota storage` + ); + ok(hasQuotaStorage(COM_ORIGIN), `${COM_ORIGIN} has quota storage`); + + // Partitioned + ok( + !hasQuotaStorage(COM_ORIGIN, getOAWithPartitionKey(ORG_DOMAIN)), + `${COM_ORIGIN} under ${ORG_DOMAIN} has no quota storage` + ); + ok( + hasQuotaStorage(COM_ORIGIN, getOAWithPartitionKey(FOO_DOMAIN)), + `${COM_ORIGIN} under ${FOO_DOMAIN} has quota storage` + ); + ok( + !hasQuotaStorage(ORG_ORIGIN, getOAWithPartitionKey(COM_DOMAIN)), + `${ORG_ORIGIN} under ${COM_DOMAIN} has no quota storage` + ); + + // Cleanup + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); +}); diff --git a/toolkit/components/cleardata/tests/browser/browser_serviceworkers.js b/toolkit/components/cleardata/tests/browser/browser_serviceworkers.js new file mode 100644 index 0000000000..ad501aed70 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_serviceworkers.js @@ -0,0 +1,287 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const { SiteDataTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/SiteDataTestUtils.sys.mjs" +); + +async function addServiceWorker(origin) { + let swURL = + getRootDirectory(gTestPath).replace("chrome://mochitests/content", origin) + + "worker.js"; + + let registered = SiteDataTestUtils.promiseServiceWorkerRegistered(swURL); + await SiteDataTestUtils.addServiceWorker(swURL); + await registered; + + ok(true, `${origin} has a service worker`); +} + +add_setup(async function () { + await SpecialPowers.pushPrefEnv({ + set: [ + ["dom.serviceWorkers.enabled", true], + ["dom.serviceWorkers.exemptFromPerDomainMax", true], + ["dom.serviceWorkers.testing.enabled", true], + ], + }); +}); + +add_task(async function test_deleteFromHost() { + await addServiceWorker("https://example.com"); + await addServiceWorker("https://example.org"); + await addServiceWorker("https://test1.example.org"); + + let unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://example.com" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.com", + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://example.com"), + "example.com has no service worker" + ); + ok( + SiteDataTestUtils.hasServiceWorkers("https://example.org"), + "example.org has a service worker" + ); + ok( + SiteDataTestUtils.hasServiceWorkers("https://test1.example.org"), + "test1.example.org has a service worker" + ); + + // Clearing the subdomain should not clear the base domain. + unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://test1.example.org" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "test1.example.org", + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test1.example.org"), + "test1.example.org has no service worker" + ); + ok( + SiteDataTestUtils.hasServiceWorkers("https://example.org"), + "example.org has a service worker" + ); + + unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://example.org" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.org", + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://example.org"), + "example.org has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://example.com"), + "example.com has no service worker" + ); +}); + +add_task(async function test_deleteFromBaseDomain() { + await addServiceWorker("https://example.com"); + await addServiceWorker("https://test1.example.com"); + await addServiceWorker("https://test2.example.com"); + await addServiceWorker("https://example.org"); + + let unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://example.com" + ); + let unregisteredSub1 = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://test1.example.com" + ); + let unregisteredSub2 = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://test1.example.com" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.com", + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await Promise.all([unregistered, unregisteredSub1, unregisteredSub2]); + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://example.com"), + "example.com has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test1.example.com"), + "test1.example.com has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test2.example.com"), + "test2.example.com has no service worker" + ); + ok( + SiteDataTestUtils.hasServiceWorkers("https://example.org"), + "example.org has a service worker" + ); + + unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://example.org" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.org", + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://example.org"), + "example.org has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://example.com"), + "example.com has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test1.example.com"), + "test1.example.com has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test2.example.com"), + "test2.example.com has no service worker" + ); +}); + +add_task(async function test_deleteFromPrincipal() { + await addServiceWorker("https://test1.example.com"); + await addServiceWorker("https://test1.example.org"); + + let unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://test1.example.com" + ); + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://test1.example.com/" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test1.example.com"), + "test1.example.com has no service worker" + ); + ok( + SiteDataTestUtils.hasServiceWorkers("https://test1.example.org"), + "test1.example.org has a service worker" + ); + + unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://test1.example.org" + ); + principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://test1.example.org/" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test1.example.org"), + "test1.example.org has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test1.example.com"), + "test1.example.com has no service worker" + ); +}); + +add_task(async function test_deleteAll() { + await addServiceWorker("https://test2.example.com"); + await addServiceWorker("https://test2.example.org"); + + let unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered( + "https://test2.example.com" + ); + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + await unregistered; + + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test2.example.com"), + "test2.example.com has no service worker" + ); + ok( + !SiteDataTestUtils.hasServiceWorkers("https://test2.example.org"), + "test2.example.org has no service worker" + ); + + await SiteDataTestUtils.clear(); +}); diff --git a/toolkit/components/cleardata/tests/browser/browser_sessionStorage.js b/toolkit/components/cleardata/tests/browser/browser_sessionStorage.js new file mode 100644 index 0000000000..013ae0fa92 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/browser_sessionStorage.js @@ -0,0 +1,235 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const BASE_DOMAIN_A = "example.com"; +const ORIGIN_A = `https://${BASE_DOMAIN_A}`; +const ORIGIN_A_HTTP = `http://${BASE_DOMAIN_A}`; +const ORIGIN_A_SUB = `https://test1.${BASE_DOMAIN_A}`; + +const BASE_DOMAIN_B = "example.org"; +const ORIGIN_B = `https://${BASE_DOMAIN_B}`; +const ORIGIN_B_HTTP = `http://${BASE_DOMAIN_B}`; +const ORIGIN_B_SUB = `https://test1.${BASE_DOMAIN_B}`; + +const TEST_ROOT_DIR = getRootDirectory(gTestPath); + +// Session storage is only valid for the lifetime of a tab, so we need to keep +// tabs open for the duration of a test. +let originToTabs = {}; + +function getTestURLForOrigin(origin) { + return TEST_ROOT_DIR.replace("chrome://mochitests/content", origin); +} + +function getTestEntryName(origin, partitioned) { + return `${origin}${partitioned ? "_partitioned" : ""}`; +} + +async function testHasEntry(originFirstParty, isSet, originThirdParty) { + let tabs = originToTabs[originFirstParty]; + + for (let tab of tabs) { + // For the partition test we inspect the sessionStorage of the iframe. + let browsingContext = originThirdParty + ? tab.linkedBrowser.browsingContext.children[0] + : tab.linkedBrowser.browsingContext; + let actualSet = await SpecialPowers.spawn( + browsingContext, + [ + getTestEntryName( + originThirdParty || originFirstParty, + !!originThirdParty + ), + ], + key => { + return !!content.sessionStorage.getItem(key); + } + ); + + let msg = `${originFirstParty}${isSet ? " " : " not "}set`; + if (originThirdParty) { + msg = "Partitioned under " + msg; + } + + is(actualSet, isSet, msg); + } +} + +/** + * Creates tabs and sets sessionStorage entries in first party and third party + * context. + * @returns {Promise} - Promise which resolves once all tabs are initialized, + * {@link originToTabs} is populated and (sub-)resources have loaded. + */ +function addTestTabs() { + let promises = [ + [ORIGIN_A, ORIGIN_B], + [ORIGIN_A_SUB, ORIGIN_B_SUB], + [ORIGIN_A_HTTP, ORIGIN_B_HTTP], + [ORIGIN_B, ORIGIN_A], + [ORIGIN_B_SUB, ORIGIN_A_SUB], + [ORIGIN_B_HTTP, ORIGIN_A_HTTP], + ].map(async ([firstParty, thirdParty]) => { + info("Creating new tab for " + firstParty); + let tab = BrowserTestUtils.addTab(gBrowser, firstParty); + await BrowserTestUtils.browserLoaded(tab.linkedBrowser); + + info("Creating iframe for " + thirdParty); + await SpecialPowers.spawn( + tab.linkedBrowser, + [getTestEntryName(firstParty, false), thirdParty], + async (storageKey, url) => { + // Set unpartitioned sessionStorage for firstParty. + content.sessionStorage.setItem(storageKey, "foo"); + + let iframe = content.document.createElement("iframe"); + iframe.src = url; + + let loadPromise = ContentTaskUtils.waitForEvent(iframe, "load", false); + content.document.body.appendChild(iframe); + await loadPromise; + } + ); + + await SpecialPowers.spawn( + tab.linkedBrowser.browsingContext.children[0], + [getTestEntryName(thirdParty, true)], + async storageKey => { + // Set sessionStorage in partitioned third-party iframe. + content.sessionStorage.setItem(storageKey, "foo"); + } + ); + + let tabs = originToTabs[firstParty]; + if (!tabs) { + tabs = []; + originToTabs[firstParty] = tabs; + } + tabs.push(tab); + }); + + return Promise.all(promises); +} + +function cleanup() { + Object.values(originToTabs).flat().forEach(BrowserTestUtils.removeTab); + originToTabs = {}; + Services.obs.notifyObservers(null, "browser:purge-sessionStorage"); +} + +add_setup(async function () { + await SpecialPowers.pushPrefEnv({ + set: [["network.cookie.cookieBehavior", 5]], + }); + cleanup(); +}); + +add_task(async function test_deleteByBaseDomain() { + await addTestTabs(); + + info("Clearing sessionStorage for base domain A " + BASE_DOMAIN_A); + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + BASE_DOMAIN_A, + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + resolve + ); + }); + + info("All entries for A should have been cleared."); + await testHasEntry(ORIGIN_A, false); + await testHasEntry(ORIGIN_A_SUB, false); + await testHasEntry(ORIGIN_A_HTTP, false); + + info("Entries for B should still exist."); + await testHasEntry(ORIGIN_B, true); + await testHasEntry(ORIGIN_B_SUB, true); + await testHasEntry(ORIGIN_B_HTTP, true); + + info("All partitioned entries for B under A should have been cleared."); + await testHasEntry(ORIGIN_A, false, ORIGIN_B); + await testHasEntry(ORIGIN_A_SUB, false, ORIGIN_B_SUB); + await testHasEntry(ORIGIN_A_HTTP, false, ORIGIN_B_HTTP); + + info("All partitioned entries of A under B should have been cleared."); + await testHasEntry(ORIGIN_B, false, ORIGIN_A); + await testHasEntry(ORIGIN_B_SUB, false, ORIGIN_A_SUB); + await testHasEntry(ORIGIN_B_HTTP, false, ORIGIN_A_HTTP); + + cleanup(); +}); + +add_task(async function test_deleteAll() { + await addTestTabs(); + + info("Clearing sessionStorage for base domain A " + BASE_DOMAIN_A); + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + resolve + ); + }); + + info("All entries should have been cleared."); + await testHasEntry(ORIGIN_A, false); + await testHasEntry(ORIGIN_A_SUB, false); + await testHasEntry(ORIGIN_A_HTTP, false); + await testHasEntry(ORIGIN_B, false); + await testHasEntry(ORIGIN_B_SUB, false); + await testHasEntry(ORIGIN_B_HTTP, false); + + info("All partitioned entries should have been cleared."); + await testHasEntry(ORIGIN_A, false, ORIGIN_B); + await testHasEntry(ORIGIN_A_SUB, false, ORIGIN_B_SUB); + await testHasEntry(ORIGIN_A_HTTP, false, ORIGIN_B_HTTP); + await testHasEntry(ORIGIN_B, false, ORIGIN_A); + await testHasEntry(ORIGIN_B_SUB, false, ORIGIN_A_SUB); + await testHasEntry(ORIGIN_B_HTTP, false, ORIGIN_A_HTTP); + + cleanup(); +}); + +add_task(async function test_deleteFromPrincipal() { + await addTestTabs(); + + info("Clearing sessionStorage for partitioned principal A " + BASE_DOMAIN_A); + + let principalA = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI(ORIGIN_A), + { partitionKey: `(https,${BASE_DOMAIN_B})` } + ); + + info("principal: " + principalA.origin); + info("principal partitionKey " + principalA.originAttributes.partitionKey); + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + principalA, + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + resolve + ); + }); + + info("Unpartitioned entries should still exist."); + await testHasEntry(ORIGIN_A, true); + await testHasEntry(ORIGIN_A_SUB, true); + await testHasEntry(ORIGIN_A_HTTP, true); + await testHasEntry(ORIGIN_B, true); + await testHasEntry(ORIGIN_B_SUB, true); + await testHasEntry(ORIGIN_B_HTTP, true); + + info("Only entries of principal should have been cleared."); + await testHasEntry(ORIGIN_A, true, ORIGIN_B); + await testHasEntry(ORIGIN_A_SUB, true, ORIGIN_B_SUB); + await testHasEntry(ORIGIN_A_HTTP, true, ORIGIN_B_HTTP); + + await testHasEntry(ORIGIN_B, false, ORIGIN_A); + + await testHasEntry(ORIGIN_B_SUB, true, ORIGIN_A_SUB); + await testHasEntry(ORIGIN_B_HTTP, true, ORIGIN_A_HTTP); + + cleanup(); +}); diff --git a/toolkit/components/cleardata/tests/browser/file_cors_preflight.sjs b/toolkit/components/cleardata/tests/browser/file_cors_preflight.sjs new file mode 100644 index 0000000000..22ce6aad20 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/file_cors_preflight.sjs @@ -0,0 +1,38 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +function handleRequest(request, response) { + let query = new URLSearchParams(request.queryString); + let token = query.get("token"); + + response.setHeader("Content-Type", "text/plain", false); + response.setHeader("Access-Control-Allow-Origin", "*", false); + response.setHeader("Access-Control-Allow-Headers", "x-test-header", false); + + if (request.method == "OPTIONS") { + response.setHeader( + "Access-Control-Allow-Methods", + request.getHeader("Access-Control-Request-Method"), + false + ); + response.setHeader("Access-Control-Max-Age", "20", false); + + setState(token, token); + } else { + let test_op = request.getHeader("x-test-header"); + + if (test_op == "check") { + let value = getState(token); + + if (value) { + response.write("1"); + setState(token, ""); + } else { + response.write("0"); + } + } + } +} diff --git a/toolkit/components/cleardata/tests/browser/file_css_cache.css b/toolkit/components/cleardata/tests/browser/file_css_cache.css new file mode 100644 index 0000000000..2ceb1b7e0b --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/file_css_cache.css @@ -0,0 +1,3 @@ +:root { + background-color: lime; +} diff --git a/toolkit/components/cleardata/tests/browser/file_css_cache.html b/toolkit/components/cleardata/tests/browser/file_css_cache.html new file mode 100644 index 0000000000..b382bc1887 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/file_css_cache.html @@ -0,0 +1,6 @@ + + + + + + diff --git a/toolkit/components/cleardata/tests/browser/file_image_cache.html b/toolkit/components/cleardata/tests/browser/file_image_cache.html new file mode 100644 index 0000000000..37439a8fa7 --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/file_image_cache.html @@ -0,0 +1,7 @@ + + + + + + + diff --git a/toolkit/components/cleardata/tests/browser/file_image_cache.jpg b/toolkit/components/cleardata/tests/browser/file_image_cache.jpg new file mode 100644 index 0000000000..48c454d27c Binary files /dev/null and b/toolkit/components/cleardata/tests/browser/file_image_cache.jpg differ diff --git a/toolkit/components/cleardata/tests/browser/worker.js b/toolkit/components/cleardata/tests/browser/worker.js new file mode 100644 index 0000000000..aa8a83a4ce --- /dev/null +++ b/toolkit/components/cleardata/tests/browser/worker.js @@ -0,0 +1 @@ +// Empty script for testing service workers diff --git a/toolkit/components/cleardata/tests/marionette/manifest.toml b/toolkit/components/cleardata/tests/marionette/manifest.toml new file mode 100644 index 0000000000..b9344786c8 --- /dev/null +++ b/toolkit/components/cleardata/tests/marionette/manifest.toml @@ -0,0 +1,5 @@ +[DEFAULT] + +["test_moved_origin_directory_cleanup.py"] + +["test_service_worker_at_shutdown.py"] diff --git a/toolkit/components/cleardata/tests/marionette/test_moved_origin_directory_cleanup.py b/toolkit/components/cleardata/tests/marionette/test_moved_origin_directory_cleanup.py new file mode 100644 index 0000000000..876f86cd32 --- /dev/null +++ b/toolkit/components/cleardata/tests/marionette/test_moved_origin_directory_cleanup.py @@ -0,0 +1,142 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +from pathlib import Path + +from marionette_driver import Wait +from marionette_harness import MarionetteTestCase + + +class MovedOriginDirectoryCleanupTestCase(MarionetteTestCase): + def setUp(self): + super().setUp() + self.marionette.enforce_gecko_prefs( + { + "privacy.sanitize.sanitizeOnShutdown": True, + "privacy.clearOnShutdown.offlineApps": True, + "dom.quotaManager.backgroundTask.enabled": False, + } + ) + self.moved_origin_directory = ( + Path(self.marionette.profile_path) / "storage" / "to-be-removed" / "foo" + ) + self.moved_origin_directory.mkdir(parents=True, exist_ok=True) + self.to_be_removed_directory = ( + Path(self.marionette.profile_path) / "storage" / "to-be-removed" + ) + + # Add a cookie to get a principal to be cleaned up + with self.marionette.using_context("chrome"): + self.marionette.execute_script( + """ + Services.cookies.add( + "example.local", + "path", + "name", + "value", + false, + false, + false, + Math.floor(Date.now() / 1000) + 24 * 60 * 60, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_UNSET + ); + """ + ) + + def removeAllCookies(self): + with self.marionette.using_context("chrome"): + self.marionette.execute_script( + """ + Services.cookies.removeAll(); + """ + ) + + def test_ensure_cleanup_by_quit(self): + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must exist", + ) + + # Cleanup happens via Sanitizer.sanitizeOnShutdown + self.marionette.quit() + + self.assertFalse( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must disappear", + ) + + def test_ensure_cleanup_at_crashed_restart(self): + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must exist", + ) + + # Pending sanitization is added via Sanitizer.onStartup + # "offlineApps" corresponds to CLEAR_DOM_STORAGES + Wait(self.marionette).until( + lambda _: ( + "offlineApps" in self.marionette.get_pref("privacy.sanitize.pending"), + ), + message="privacy.sanitize.pending must include offlineApps", + ) + + # Cleanup happens via Sanitizer.onStartup after restart + self.marionette.restart(in_app=False) + + # Wait longer for 30 sec for the restart to finish, given bug 1814281. + Wait(self.marionette, timeout=30).until( + lambda _: not self.moved_origin_directory.exists(), + message="to-be-removed subdirectory must disappear", + ) + + def test_ensure_cleanup_by_quit_with_background_task(self): + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must exist", + ) + + self.marionette.set_pref("dom.quotaManager.backgroundTask.enabled", True) + + # Cleanup happens via Sanitizer.sanitizeOnShutdown + self.marionette.quit() + + Wait(self.marionette).until( + lambda _: not self.moved_origin_directory.exists(), + message="to-be-removed subdirectory must disappear", + ) + self.assertTrue( + self.to_be_removed_directory.exists(), + "to-be-removed parent directory should still be alive", + ) + + def test_ensure_no_cleanup_when_disabled(self): + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must exist", + ) + + self.marionette.set_pref("privacy.sanitize.sanitizeOnShutdown", False) + self.marionette.quit() + + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must not disappear", + ) + + def test_ensure_no_cleanup_when_no_cookie(self): + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must exist", + ) + + self.removeAllCookies() + + self.marionette.quit() + + self.assertTrue( + self.moved_origin_directory.exists(), + "to-be-removed subdirectory must not disappear", + ) diff --git a/toolkit/components/cleardata/tests/marionette/test_service_worker_at_shutdown.py b/toolkit/components/cleardata/tests/marionette/test_service_worker_at_shutdown.py new file mode 100644 index 0000000000..9738c0ea17 --- /dev/null +++ b/toolkit/components/cleardata/tests/marionette/test_service_worker_at_shutdown.py @@ -0,0 +1,62 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +from marionette_driver import Wait +from marionette_harness import MarionetteTestCase + + +class ServiceWorkerAtShutdownTestCase(MarionetteTestCase): + def setUp(self): + super(ServiceWorkerAtShutdownTestCase, self).setUp() + self.install_service_worker() + self.set_pref_to_delete_site_data_on_shutdown() + + def tearDown(self): + self.marionette.restart(in_app=False, clean=True) + super(ServiceWorkerAtShutdownTestCase, self).tearDown() + + def install_service_worker(self): + install_url = self.marionette.absolute_url( + "serviceworker/install_serviceworker.html" + ) + self.marionette.navigate(install_url) + # Make sure 'install_url' is not loaded on startup, it would reinstall the service worker + dummy_url = self.marionette.absolute_url("dummy.html") + self.marionette.navigate(dummy_url) + Wait(self.marionette).until(lambda _: self.is_service_worker_registered) + + def set_pref_to_delete_site_data_on_shutdown(self): + self.marionette.set_pref("privacy.sanitize.sanitizeOnShutdown", True) + self.marionette.set_pref("privacy.clearOnShutdown.offlineApps", True) + + def test_unregistering_service_worker_when_clearing_data(self): + self.marionette.restart(clean=False, in_app=True) + self.assertFalse(self.is_service_worker_registered) + + @property + def is_service_worker_registered(self): + with self.marionette.using_context("chrome"): + return self.marionette.execute_script( + """ + let serviceWorkerManager = Cc["@mozilla.org/serviceworkers/manager;1"].getService( + Ci.nsIServiceWorkerManager + ); + + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin(arguments[0]); + + let serviceWorkers = serviceWorkerManager.getAllRegistrations(); + for (let i = 0; i < serviceWorkers.length; i++) { + let sw = serviceWorkers.queryElementAt( + i, + Ci.nsIServiceWorkerRegistrationInfo + ); + if (sw.principal.origin == principal.origin) { + return true; + } + } + return false; + """, + script_args=(self.marionette.absolute_url(""),), + ) diff --git a/toolkit/components/cleardata/tests/unit/head.js b/toolkit/components/cleardata/tests/unit/head.js new file mode 100644 index 0000000000..5e73b8a789 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/head.js @@ -0,0 +1,27 @@ +"use strict"; + +const { SiteDataTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/SiteDataTestUtils.sys.mjs" +); +const { PermissionTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/PermissionTestUtils.sys.mjs" +); + +function run_test() { + do_get_profile(); + run_next_test(); +} + +function getOAWithPartitionKey( + { scheme = "https", topLevelBaseDomain, port = null } = {}, + originAttributes = {} +) { + if (!topLevelBaseDomain || !scheme) { + return originAttributes; + } + + return { + ...originAttributes, + partitionKey: `(${scheme},${topLevelBaseDomain}${port ? `,${port}` : ""})`, + }; +} diff --git a/toolkit/components/cleardata/tests/unit/test_basic.js b/toolkit/components/cleardata/tests/unit/test_basic.js new file mode 100644 index 0000000000..3634483ee4 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_basic.js @@ -0,0 +1,19 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Basic test for nsIClearDataService module. + */ + +"use strict"; + +add_task(async function test_basic() { + Assert.ok(!!Services.clearData); + + await new Promise(aResolve => { + Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value => { + Assert.equal(value, 0); + aResolve(); + }); + }); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_bounce_tracking_protection.js b/toolkit/components/cleardata/tests/unit/test_bounce_tracking_protection.js new file mode 100644 index 0000000000..ac0eb40fd9 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_bounce_tracking_protection.js @@ -0,0 +1,625 @@ +/* Any copyright is dedicated to the Public Domain. +http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const { XPCOMUtils } = ChromeUtils.importESModule( + "resource://gre/modules/XPCOMUtils.sys.mjs" +); + +XPCOMUtils.defineLazyServiceGetter( + this, + "bounceTrackingProtection", + "@mozilla.org/bounce-tracking-protection;1", + "nsIBounceTrackingProtection" +); + +const { CLEAR_BOUNCE_TRACKING_PROTECTION_STATE } = Ci.nsIClearDataService; + +const OA_DEFAULT = {}; +const OA_PRIVATE_BROWSING = { privateBrowsingId: 1 }; +const OA_CONTAINER = { userContextId: 1 }; + +function addTestData() { + info("Adding test data."); + // Add test data for OriginAttributes {} => normal browsing with no container. + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_DEFAULT, + "common-bounce-tracker.com", + 100 + ); + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_DEFAULT, + "bounce-tracker-normal-browsing.com", + 200 + ); + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_DEFAULT, + "bounce-tracker-normal-browsing2.com", + 300 + ); + bounceTrackingProtection.testAddUserActivation( + OA_DEFAULT, + "common-user-activation.com", + 400 + ); + bounceTrackingProtection.testAddUserActivation( + OA_DEFAULT, + "user-activation-normal-browsing.com", + 500 + ); + bounceTrackingProtection.testAddUserActivation( + OA_DEFAULT, + "user-activation-normal-browsing2.com", + 600 + ); + + // Add test data for private browsing. + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_PRIVATE_BROWSING, + "common-bounce-tracker.com", + 700 + ); + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_PRIVATE_BROWSING, + "bounce-tracker-private-browsing.com", + 800 + ); + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_PRIVATE_BROWSING, + "bounce-tracker-private-browsing2.com", + 900 + ); + bounceTrackingProtection.testAddUserActivation( + OA_PRIVATE_BROWSING, + "common-user-activation.com", + 1000 + ); + bounceTrackingProtection.testAddUserActivation( + OA_PRIVATE_BROWSING, + "user-activation-private-browsing.com", + 1100 + ); + bounceTrackingProtection.testAddUserActivation( + OA_PRIVATE_BROWSING, + "user-activation-private-browsing2.com", + 1200 + ); + + // Add test data for a container. + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_CONTAINER, + "common-bounce-tracker.com", + 1300 + ); + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_CONTAINER, + "bounce-tracker-container.com", + 1400 + ); + bounceTrackingProtection.testAddBounceTrackerCandidate( + OA_CONTAINER, + "bounce-tracker-container2.com", + 1500 + ); + bounceTrackingProtection.testAddUserActivation( + OA_CONTAINER, + "common-user-activation.com", + 1600 + ); + bounceTrackingProtection.testAddUserActivation( + OA_CONTAINER, + "user-activation-container.com", + 1700 + ); + bounceTrackingProtection.testAddUserActivation( + OA_CONTAINER, + "user-activation-container2.com", + 1800 + ); +} + +async function runDeleteBySiteHostTest(clearDataServiceFn) { + addTestData(); + + let baseDomain = "common-bounce-tracker.com"; + info("Deleting by base domain " + baseDomain); + await new Promise(function (resolve) { + clearDataServiceFn( + baseDomain, + true, + CLEAR_BOUNCE_TRACKING_PROTECTION_STATE, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .sort(), + [ + "bounce-tracker-normal-browsing.com", + "bounce-tracker-normal-browsing2.com", + ], + "Should have deleted only 'common-bounce-tracker.com' for default OA." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).sort(), + [ + "common-user-activation.com", + "user-activation-normal-browsing.com", + "user-activation-normal-browsing2.com", + ], + "Should not have deleted any user activations for default OA." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "bounce-tracker-private-browsing.com", + "bounce-tracker-private-browsing2.com", + ], + "Should have deleted only 'common-bounce-tracker.com' for private browsing." + ); + Assert.deepEqual( + bounceTrackingProtection + .testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "common-user-activation.com", + "user-activation-private-browsing.com", + "user-activation-private-browsing2.com", + ], + "Should not have deleted any user activations for private browsing." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .sort(), + ["bounce-tracker-container.com", "bounce-tracker-container2.com"], + "Should have deleted only 'common-bounce-tracker.com' for container." + ); + + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).sort(), + [ + "common-user-activation.com", + "user-activation-container.com", + "user-activation-container2.com", + ], + "Should not have deleted any user activations for container." + ); + + // Cleanup. + bounceTrackingProtection.clearAll(); +} + +do_get_profile(); + +add_task(async function test_deleteAll() { + addTestData(); + + info("Deleting all data."); + await new Promise(function (resolve) { + Services.clearData.deleteData( + CLEAR_BOUNCE_TRACKING_PROTECTION_STATE, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.equal( + bounceTrackingProtection.testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .length, + 0, + "All bounce tracker candidates for default OA should be deleted." + ); + Assert.equal( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).length, + 0, + "All user activations for default OA should be deleted." + ); + + Assert.equal( + bounceTrackingProtection.testGetBounceTrackerCandidateHosts( + OA_PRIVATE_BROWSING + ).length, + 0, + "All bounce tracker candidates for private browsing should be deleted." + ); + Assert.equal( + bounceTrackingProtection.testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .length, + 0, + "All user activations for private browsing should be deleted." + ); + + Assert.equal( + bounceTrackingProtection.testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .length, + 0, + "All bounce tracker candidates for container 1 should be deleted." + ); + Assert.equal( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).length, + 0, + "All user activations for container 1 should be deleted." + ); +}); + +add_task(async function test_deleteByPrincipal() { + addTestData(); + + let principal = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI("https://common-bounce-tracker.com"), + {} + ); + console.debug("principal", principal.origin); + + info("Deleting by principal " + principal.origin); + await new Promise(function (resolve) { + Services.clearData.deleteDataFromPrincipal( + principal, + false, + CLEAR_BOUNCE_TRACKING_PROTECTION_STATE, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .sort(), + [ + "bounce-tracker-normal-browsing.com", + "bounce-tracker-normal-browsing2.com", + ], + "Should have deleted only 'common-bounce-tracker.com' for default OA." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).sort(), + [ + "common-user-activation.com", + "user-activation-normal-browsing.com", + "user-activation-normal-browsing2.com", + ], + "Should not have deleted any user activations for default OA." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "bounce-tracker-private-browsing.com", + "bounce-tracker-private-browsing2.com", + "common-bounce-tracker.com", + ], + "Should not have deleted 'common-bounce-tracker.com' for private browsing." + ); + Assert.deepEqual( + bounceTrackingProtection + .testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "common-user-activation.com", + "user-activation-private-browsing.com", + "user-activation-private-browsing2.com", + ], + "Should not have deleted any user activations for private browsing." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .sort(), + [ + "bounce-tracker-container.com", + "bounce-tracker-container2.com", + "common-bounce-tracker.com", + ], + "Should not have deleted 'common-bounce-tracker.com' for container." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).sort(), + [ + "common-user-activation.com", + "user-activation-container.com", + "user-activation-container2.com", + ], + "Should not have deleted any user activations for container." + ); + + let principal2 = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI("https://common-user-activation.com"), + OA_CONTAINER + ); + + info("Deleting by principal " + principal2.origin); + await new Promise(function (resolve) { + Services.clearData.deleteDataFromPrincipal( + principal2, + false, + CLEAR_BOUNCE_TRACKING_PROTECTION_STATE, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .sort(), + [ + "bounce-tracker-normal-browsing.com", + "bounce-tracker-normal-browsing2.com", + ], + "Should not have deleted any bounce tracker candidates for default OA." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).sort(), + [ + "common-user-activation.com", + "user-activation-normal-browsing.com", + "user-activation-normal-browsing2.com", + ], + "Should not have deleted 'common-user-activation.com' for default OA." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "bounce-tracker-private-browsing.com", + "bounce-tracker-private-browsing2.com", + "common-bounce-tracker.com", + ], + "Should not have deleted any bounce tracker candidates for private browsing." + ); + Assert.deepEqual( + bounceTrackingProtection + .testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "common-user-activation.com", + "user-activation-private-browsing.com", + "user-activation-private-browsing2.com", + ], + "Should not have deleted 'common-user-activation.com' for private browsing." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .sort(), + [ + "bounce-tracker-container.com", + "bounce-tracker-container2.com", + "common-bounce-tracker.com", + ], + "Should not have deleted any bounce tracker candidates for container." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).sort(), + ["user-activation-container.com", "user-activation-container2.com"], + "Should have deleted 'common-user-activation.com' for private browsing.." + ); + + // Cleanup. + bounceTrackingProtection.clearAll(); +}); + +add_task(async function test_deleteByBaseDomain() { + await runDeleteBySiteHostTest(Services.clearData.deleteDataFromBaseDomain); +}); + +add_task(async function test_deleteByRange() { + addTestData(); + + let startTime = 200; + let endTime = 1300; + + info(`Deleting by range ${startTime} - ${endTime}`); + await new Promise(function (resolve) { + Services.clearData.deleteDataInTimeRange( + startTime, + endTime, + true, + CLEAR_BOUNCE_TRACKING_PROTECTION_STATE, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .sort(), + ["common-bounce-tracker.com"], + "Should have only kept 'common-bounce-tracker.com' for default OA." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).sort(), + [], + "Should not have kept any user activations for default OA." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_PRIVATE_BROWSING) + .sort(), + [], + "Should not have kept any bounces for private browsing." + ); + Assert.deepEqual( + bounceTrackingProtection + .testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .sort(), + [], + "Should not have kept any user activations for private browsing." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .sort(), + ["bounce-tracker-container.com", "bounce-tracker-container2.com"], + "Should have only kept some bouncer trackers for container." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).sort(), + [ + "common-user-activation.com", + "user-activation-container.com", + "user-activation-container2.com", + ], + "Should have kept all user activations for container." + ); + + // Cleanup. + bounceTrackingProtection.clearAll(); +}); + +add_task(async function test_deleteByHost() { + await runDeleteBySiteHostTest(Services.clearData.deleteDataFromHost); +}); + +add_task(async function test_deleteByOriginAttributes() { + addTestData(); + + info("Deleting by origin attributes. " + JSON.stringify(OA_CONTAINER)); + await new Promise(function (resolve) { + Services.clearData.deleteDataFromOriginAttributesPattern( + OA_CONTAINER, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .sort(), + [ + "bounce-tracker-normal-browsing.com", + "bounce-tracker-normal-browsing2.com", + "common-bounce-tracker.com", + ], + "Should not have deleted any bounce tracker candidates for default OA." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).sort(), + [ + "common-user-activation.com", + "user-activation-normal-browsing.com", + "user-activation-normal-browsing2.com", + ], + "Should not have deleted any user activations for default OA." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "bounce-tracker-private-browsing.com", + "bounce-tracker-private-browsing2.com", + "common-bounce-tracker.com", + ], + "Should not have deleted any bounce tracker candidates for private browsing." + ); + Assert.deepEqual( + bounceTrackingProtection + .testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .sort(), + [ + "common-user-activation.com", + "user-activation-private-browsing.com", + "user-activation-private-browsing2.com", + ], + "Should not have deleted any user activations for private browsing." + ); + + Assert.deepEqual( + bounceTrackingProtection + .testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .sort(), + [], + "Should have deleted all bounce tracker candidates for container." + ); + Assert.deepEqual( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).sort(), + [], + "Should have deleted all user activations for container." + ); + + info("Deleting by origin attributes {} (all)."); + await new Promise(function (resolve) { + Services.clearData.deleteDataFromOriginAttributesPattern( + OA_DEFAULT, + failedFlags => { + Assert.equal(failedFlags, 0, "Clearing should have succeeded"); + resolve(); + } + ); + }); + + Assert.equal( + bounceTrackingProtection.testGetBounceTrackerCandidateHosts(OA_DEFAULT) + .length, + 0, + "Should have deleted all bounce tracker candidates for default OA." + ); + Assert.equal( + bounceTrackingProtection.testGetUserActivationHosts(OA_DEFAULT).length, + 0, + "Should have deleted all user activations for default OA." + ); + + Assert.equal( + bounceTrackingProtection.testGetBounceTrackerCandidateHosts( + OA_PRIVATE_BROWSING + ).length, + 0, + "Should have deleted all bounce tracker candidates for private browsing." + ); + Assert.equal( + bounceTrackingProtection.testGetUserActivationHosts(OA_PRIVATE_BROWSING) + .length, + 0, + "Should have deleted all user activations for private browsing." + ); + + Assert.equal( + bounceTrackingProtection.testGetBounceTrackerCandidateHosts(OA_CONTAINER) + .length, + 0, + "Should have deleted all bounce tracker candidates for container." + ); + Assert.equal( + bounceTrackingProtection.testGetUserActivationHosts(OA_CONTAINER).length, + 0, + "Should have deleted all user activations for container." + ); + + // Cleanup. + bounceTrackingProtection.clearAll(); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_certs.js b/toolkit/components/cleardata/tests/unit/test_certs.js new file mode 100644 index 0000000000..3ff538d5a8 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_certs.js @@ -0,0 +1,233 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const overrideService = Cc["@mozilla.org/security/certoverride;1"].getService( + Ci.nsICertOverrideService +); +const certDB = Cc["@mozilla.org/security/x509certdb;1"].getService( + Ci.nsIX509CertDB +); + +const CERT_TEST = + "MIHhMIGcAgEAMA0GCSqGSIb3DQEBBQUAMAwxCjAIBgNVBAMTAUEwHhcNMTEwMzIzMjMyNTE3WhcNMTEwNDIyMjMyNTE3WjAMMQowCAYDVQQDEwFBMEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxANFm7ZCfYNJViaDWTFuMClX3+9u18VFGiyLfM6xJrxir4QVtQC7VUC/WUGoBUs9COQIDAQABMA0GCSqGSIb3DQEBBQUAAzEAx2+gIwmuYjJO5SyabqIm4lB1MandHH1HQc0y0tUFshBOMESTzQRPSVwPn77a6R9t"; + +add_task(async function () { + Assert.ok(Services.clearData); + + const TEST_URI = Services.io.newURI("http://test.com/"); + const ANOTHER_TEST_URI = Services.io.newURI("https://example.com/"); + const YET_ANOTHER_TEST_URI = Services.io.newURI("https://example.test/"); + let cert = certDB.constructX509FromBase64(CERT_TEST); + let flags = Ci.nsIClearDataService.CLEAR_CERT_EXCEPTIONS; + + ok(cert, "Cert was created"); + + Assert.ok( + !overrideService.hasMatchingOverride( + TEST_URI.asciiHost, + TEST_URI.port, + {}, + cert, + {} + ), + `Should not have override for ${TEST_URI.asciiHost}:${TEST_URI.port} yet` + ); + + overrideService.rememberValidityOverride( + TEST_URI.asciiHost, + TEST_URI.port, + {}, + cert, + flags, + false + ); + + Assert.ok( + overrideService.hasMatchingOverride( + TEST_URI.asciiHost, + TEST_URI.port, + {}, + cert, + {} + ), + `Should have override for ${TEST_URI.asciiHost}:${TEST_URI.port} now` + ); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + TEST_URI.asciiHostPort, + true /* user request */, + flags, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + !overrideService.hasMatchingOverride( + TEST_URI.asciiHost, + TEST_URI.port, + {}, + cert, + {} + ), + `Should not have override for ${TEST_URI.asciiHost}:${TEST_URI.port} now` + ); + + for (let uri of [TEST_URI, ANOTHER_TEST_URI, YET_ANOTHER_TEST_URI]) { + overrideService.rememberValidityOverride( + uri.asciiHost, + uri.port, + { privateBrowsingId: 1 }, + cert, + flags, + false + ); + Assert.ok( + overrideService.hasMatchingOverride( + uri.asciiHost, + uri.port, + { privateBrowsingId: 1 }, + cert, + {} + ), + `Should have added override for ${uri.asciiHost}:${uri.port} with private browsing ID` + ); + Assert.ok( + !overrideService.hasMatchingOverride( + uri.asciiHost, + uri.port, + { privateBrowsingId: 2 }, + cert, + {} + ), + `Should not have added override for ${uri.asciiHost}:${uri.port} with private browsing ID 2` + ); + Assert.ok( + !overrideService.hasMatchingOverride( + uri.asciiHost, + uri.port, + {}, + cert, + {} + ), + `Should not have added override for ${uri.asciiHost}:${uri.port}` + ); + overrideService.rememberValidityOverride( + uri.asciiHost, + uri.port, + {}, + cert, + flags, + false + ); + Assert.ok( + overrideService.hasMatchingOverride( + uri.asciiHost, + uri.port, + {}, + cert, + {} + ), + `Should have added override for ${uri.asciiHost}:${uri.port}` + ); + } + + await new Promise(aResolve => { + Services.clearData.deleteData(flags, value => { + Assert.equal(value, 0); + aResolve(); + }); + }); + + for (let uri of [TEST_URI, ANOTHER_TEST_URI, YET_ANOTHER_TEST_URI]) { + Assert.ok( + !overrideService.hasMatchingOverride( + uri.asciiHost, + uri.port, + {}, + cert, + {} + ), + `Should have removed override for ${uri.asciiHost}:${uri.port}` + ); + Assert.ok( + !overrideService.hasMatchingOverride( + uri.asciiHost, + uri.port, + { privateBrowsingId: 1 }, + cert, + {} + ), + `Should have removed override for ${uri.asciiHost}:${uri.port} with private browsing attribute` + ); + } +}); + +add_task(async function test_deleteByBaseDomain() { + let toClear = [ + Services.io.newURI("https://example.com"), + Services.io.newURI("http://example.com:8080"), + Services.io.newURI("http://test1.example.com"), + Services.io.newURI("http://foo.bar.example.com"), + ]; + + let toKeep = [ + Services.io.newURI("https://example.org"), + Services.io.newURI("http://test1.example.org"), + Services.io.newURI("http://foo.bar.example.org"), + Services.io.newURI("http://example.test"), + ]; + + let all = toClear.concat(toKeep); + + let cert = certDB.constructX509FromBase64(CERT_TEST); + ok(cert, "Cert was created"); + + all.forEach(({ asciiHost, port }) => { + Assert.ok( + !overrideService.hasMatchingOverride(asciiHost, port, {}, cert, {}), + `Should not have override for ${asciiHost}:${port} yet` + ); + + overrideService.rememberValidityOverride(asciiHost, port, {}, cert, false); + + Assert.ok( + overrideService.hasMatchingOverride(asciiHost, port, {}, cert, {}), + `Should have override for ${asciiHost}:${port} now` + ); + }); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_CERT_EXCEPTIONS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + toClear.forEach(({ asciiHost, port }) => + Assert.ok( + !overrideService.hasMatchingOverride(asciiHost, port, {}, cert, {}), + `Should have cleared override for ${asciiHost}:${port}` + ) + ); + + toKeep.forEach(({ asciiHost, port }) => + Assert.ok( + overrideService.hasMatchingOverride(asciiHost, port, {}, cert, {}), + `Should have kept override for ${asciiHost}:${port}` + ) + ); + + // Cleanup + overrideService.clearAllOverrides(); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_cookie_banner_handling.js b/toolkit/components/cleardata/tests/unit/test_cookie_banner_handling.js new file mode 100644 index 0000000000..036f97e7ca --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_cookie_banner_handling.js @@ -0,0 +1,328 @@ +/* Any copyright is dedicated to the Public Domain. +http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +do_get_profile(); + +add_setup(_ => { + // Init cookieBannerService and pretend we opened a profile. + let cbs = Cc["@mozilla.org/cookie-banner-service;1"].getService( + Ci.nsIObserver + ); + cbs.observe(null, "profile-after-change", null); +}); + +add_task(async function test_delete_exception() { + info("Enabling cookie banner service with MODE_REJECT"); + Services.prefs.setIntPref( + "cookiebanners.service.mode", + Ci.nsICookieBannerService.MODE_REJECT + ); + + // Test nsIClearDataService.deleteDataFromHost + info("Adding an exception for example.com"); + let uri = Services.io.newURI("https://example.com"); + + Services.cookieBanners.setDomainPref( + uri, + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + false + ); + + info("Verify that the exception is properly added"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + "The exception is properly set." + ); + + info("Trigger the deleteDataFromHost"); + await new Promise(resolve => { + Services.clearData.deleteDataFromHost( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXCEPTION, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_UNSET, + "The exception is properly cleared." + ); + + // Test nsIClearDataService.deleteDataFromBaseDomain + info("Adding an exception for example.com"); + Services.cookieBanners.setDomainPref( + uri, + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + false + ); + + info("Verify that the exception is properly added"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + "The exception is properly set." + ); + + info("Trigger the deleteDataFromBaseDomain"); + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXCEPTION, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_UNSET, + "The exception is properly cleared." + ); + + // Test nsIClearDataService.deleteDataFromPrincipal + info("Adding an exception for example.com"); + Services.cookieBanners.setDomainPref( + uri, + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + false + ); + + info("Verify that the exception is properly added"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + "The exception is properly set." + ); + + info("Trigger the deleteDataFromPrincipal"); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXCEPTION, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_UNSET, + "The exception is properly cleared." + ); + + // Test nsIClearDataService.deleteData + info("Adding an exception for example.com"); + Services.cookieBanners.setDomainPref( + uri, + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + false + ); + + info("Verify that the exception is properly added"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_REJECT_OR_ACCEPT, + "The exception is properly set." + ); + + info("Trigger the deleteData"); + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXCEPTION, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.equal( + Services.cookieBanners.getDomainPref(uri, false), + Ci.nsICookieBannerService.MODE_UNSET, + "The exception is properly cleared." + ); + + Services.prefs.clearUserPref("cookiebanners.service.mode"); +}); + +add_task(async function test_delete_executed_record() { + info("Enabling cookie banner service with MODE_REJECT"); + Services.prefs.setIntPref( + "cookiebanners.service.mode", + Ci.nsICookieBannerService.MODE_REJECT + ); + Services.prefs.setIntPref( + "cookiebanners.bannerClicking.maxTriesPerSiteAndSession", + 1 + ); + + // Test nsIClearDataService.deleteDataFromHost + info("Adding a record for example.com"); + Services.cookieBanners.markSiteExecuted("example.com", true, false); + + info("Verify that the record is properly added"); + Assert.ok( + Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly set." + ); + + info("Trigger the deleteDataFromHost"); + await new Promise(resolve => { + Services.clearData.deleteDataFromHost( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXECUTED_RECORD, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.ok( + !Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly cleared." + ); + + // Test nsIClearDataService.deleteDataFromBaseDomain + info("Adding a record for example.com"); + Services.cookieBanners.markSiteExecuted("example.com", true, false); + + info("Verify that the record is properly added"); + Assert.ok( + Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly set." + ); + + info("Trigger the deleteDataFromBaseDomain"); + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXECUTED_RECORD, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.ok( + !Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly cleared." + ); + + // Test nsIClearDataService.deleteDataFromPrincipal + info("Adding a record for example.com"); + Services.cookieBanners.markSiteExecuted("example.com", true, false); + + info("Verify that the record is properly added"); + Assert.ok( + Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly set." + ); + + info("Trigger the deleteDataFromPrincipal"); + let uri = Services.io.newURI("https://example.com"); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXECUTED_RECORD, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.ok( + !Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly cleared." + ); + + // Test nsIClearDataService.deleteData + info("Adding a record for example.com"); + Services.cookieBanners.markSiteExecuted("example.com", true, false); + + info("Verify that the record is properly added"); + Assert.ok( + Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly set." + ); + + info("Trigger the deleteData"); + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_COOKIE_BANNER_EXECUTED_RECORD, + _ => { + resolve(); + } + ); + }); + + info("Verify that the exception is deleted"); + Assert.ok( + !Services.cookieBanners.shouldStopBannerClickingForSite( + "example.com", + true, + false + ), + "The record is properly cleared." + ); + + Services.prefs.clearUserPref("cookiebanners.service.mode"); + Services.prefs.clearUserPref( + "cookiebanners.bannerClicking.maxTriesPerSiteAndSession" + ); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_cookies.js b/toolkit/components/cleardata/tests/unit/test_cookies.js new file mode 100644 index 0000000000..4bcb6d725a --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_cookies.js @@ -0,0 +1,393 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Tests for cookies. + */ + +"use strict"; + +add_task(async function test_all_cookies() { + const expiry = Date.now() + 24 * 60 * 60; + Services.cookies.add( + "example.net", + "path", + "name", + "value", + true /* secure */, + true /* http only */, + false /* session */, + expiry, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS + ); + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_COOKIES, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 0); +}); + +add_task(async function test_range_cookies() { + const expiry = Date.now() + 24 * 60 * 60; + Services.cookies.add( + "example.net", + "path", + "name", + "value", + true /* secure */, + true /* http only */, + false /* session */, + expiry, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS + ); + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1); + + // The cookie is out of time range here. + let from = Date.now() + 60 * 60; + await new Promise(aResolve => { + Services.clearData.deleteDataInTimeRange( + from * 1000, + expiry * 2000, + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIES, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1); + + // Now we delete all. + from = Date.now() - 60 * 60; + await new Promise(aResolve => { + Services.clearData.deleteDataInTimeRange( + from * 1000, + expiry * 2000, + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIES, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 0); +}); + +add_task(async function test_principal_cookies() { + const expiry = Date.now() + 24 * 60 * 60; + Services.cookies.add( + "example.net", + "path", + "name", + "value", + true /* secure */, + true /* http only */, + false /* session */, + expiry, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS + ); + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1); + + let uri = Services.io.newURI("http://example.com"); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIES, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1); + + // Now we delete all. + uri = Services.io.newURI("http://example.net"); + principal = Services.scriptSecurityManager.createContentPrincipal(uri, {}); + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_COOKIES, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 0); +}); + +add_task(async function test_localfile_cookies() { + const expiry = Date.now() + 24 * 60 * 60; + Services.cookies.add( + "", // local file + "path", + "name", + "value", + false /* secure */, + false /* http only */, + false /* session */, + expiry, + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTP + ); + + Assert.notEqual(Services.cookies.countCookiesFromHost(""), 0); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromLocalFiles( + true, + Ci.nsIClearDataService.CLEAR_COOKIES, + aResolve + ); + }); + Assert.equal(Services.cookies.countCookiesFromHost(""), 0); +}); + +// The following tests ensure we properly clear (partitioned/unpartitioned) +// cookies when using deleteDataFromBaseDomain and deleteDataFromHost. + +function getTestCookieName(host, topLevelBaseDomain) { + if (!topLevelBaseDomain) { + return host; + } + return `${host}_${topLevelBaseDomain}`; +} + +function setTestCookie({ + host, + topLevelBaseDomain = null, + originAttributes = {}, +}) { + SiteDataTestUtils.addToCookies({ + host, + name: getTestCookieName(host, topLevelBaseDomain), + originAttributes: getOAWithPartitionKey( + { topLevelBaseDomain }, + originAttributes + ), + }); +} + +function setTestCookies() { + // First party cookies + setTestCookie({ host: "example.net" }); + setTestCookie({ host: "test.example.net" }); + setTestCookie({ host: "example.org" }); + + // Third-party partitioned cookies. + setTestCookie({ host: "example.com", topLevelBaseDomain: "example.net" }); + setTestCookie({ + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + }); + setTestCookie({ host: "example.net", topLevelBaseDomain: "example.org" }); + setTestCookie({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + }); + + // Ensure we have the correct cookie test state. + // Not using countCookiesFromHost because it doesn't see partitioned cookies. + testCookieExists({ host: "example.net" }); + testCookieExists({ host: "test.example.net" }); + testCookieExists({ host: "example.org" }); + + testCookieExists({ host: "example.com", topLevelBaseDomain: "example.net" }); + testCookieExists({ + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + }); + testCookieExists({ host: "example.net", topLevelBaseDomain: "example.org" }); + testCookieExists({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + }); +} + +function testCookieExists({ + host, + topLevelBaseDomain = null, + expected = true, + originAttributes = {}, +}) { + let exists = Services.cookies.cookieExists( + host, + "path", + getTestCookieName(host, topLevelBaseDomain), + getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes) + ); + let message = `Cookie ${expected ? "is set" : "is not set"} for ${host}`; + if (topLevelBaseDomain) { + message += ` partitioned under ${topLevelBaseDomain}`; + } + Assert.equal(exists, expected, message); + return exists; +} + +/** + * Tests deleting (partitioned) cookies by base domain. + */ +add_task(async function test_baseDomain_cookies() { + Services.cookies.removeAll(); + setTestCookies(); + + // Clear cookies of example.net including partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_COOKIES, + aResolve + ); + }); + + testCookieExists({ host: "example.net", expected: false }); + testCookieExists({ host: "test.example.net", expected: false }); + testCookieExists({ host: "example.org" }); + + testCookieExists({ + host: "example.com", + topLevelBaseDomain: "example.net", + expected: false, + }); + testCookieExists({ + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + expected: false, + }); + testCookieExists({ + host: "example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + testCookieExists({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + + // Cleanup + Services.cookies.removeAll(); +}); + +/** + * Tests deleting (non-partitioned) cookies by host. + */ +add_task(async function test_host_cookies() { + Services.cookies.removeAll(); + setTestCookies(); + + // Clear cookies of example.net without partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_COOKIES, + aResolve + ); + }); + + testCookieExists({ host: "example.net", expected: false }); + testCookieExists({ host: "test.example.net" }); + testCookieExists({ host: "example.org" }); + // Third-party partitioned cookies under example.net should not be cleared. + testCookieExists({ host: "example.com", topLevelBaseDomain: "example.net" }); + setTestCookie({ + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + }); + // Third-party partitioned cookies of example.net should be removed, because + // CookieCleaner matches with host, but any partition key (oa = {}) via + // removeCookiesFromExactHost. + testCookieExists({ + host: "example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + testCookieExists({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + }); + + // Cleanup + Services.cookies.removeAll(); +}); + +/** + * Tests that we correctly clear data when given a subdomain. + */ +add_task(async function test_baseDomain_cookies_subdomain() { + Services.cookies.removeAll(); + setTestCookies(); + + // Clear cookies of test.example.net including partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "test.example.net", + false, + Ci.nsIClearDataService.CLEAR_COOKIES, + aResolve + ); + }); + + testCookieExists({ host: "example.net", expected: false }); + testCookieExists({ host: "test.example.net", expected: false }); + testCookieExists({ host: "example.org" }); + + testCookieExists({ + host: "example.com", + topLevelBaseDomain: "example.net", + expected: false, + }); + setTestCookie({ + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + expected: false, + }); + testCookieExists({ + host: "example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + testCookieExists({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + + // Cleanup + Services.cookies.removeAll(); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_downloads.js b/toolkit/components/cleardata/tests/unit/test_downloads.js new file mode 100644 index 0000000000..72de763ce3 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_downloads.js @@ -0,0 +1,310 @@ +/** + * Tests for downloads. + */ + +"use strict"; + +const { Downloads } = ChromeUtils.importESModule( + "resource://gre/modules/Downloads.sys.mjs" +); +const { FileTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/FileTestUtils.sys.mjs" +); + +const TEST_TARGET_FILE_NAME = "test-download.txt"; +let fileURL; +let downloadList; + +function createFileURL() { + if (!fileURL) { + const file = Services.dirsvc.get("TmpD", Ci.nsIFile); + file.append("foo.txt"); + file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, 0o600); + + fileURL = Services.io.newFileURI(file); + } + + return fileURL; +} + +async function createDownloadList() { + if (!downloadList) { + Downloads._promiseListsInitialized = null; + Downloads._lists = {}; + Downloads._summaries = {}; + + downloadList = await Downloads.getList(Downloads.ALL); + } + + return downloadList; +} + +add_task(async function test_all_downloads() { + const url = createFileURL(); + const list = await createDownloadList(); + + // First download. + let download = await Downloads.createDownload({ + source: { url: url.spec, isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + let view; + let removePromise = new Promise(resolve => { + view = { + onDownloadAdded() {}, + onDownloadChanged() {}, + onDownloadRemoved() { + resolve(); + }, + }; + }); + + await list.addView(view); + + let items = await list.getAll(); + Assert.equal(items.length, 1); + + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOWNLOADS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + await removePromise; + + items = await list.getAll(); + Assert.equal(items.length, 0); +}); + +add_task(async function test_range_downloads() { + const url = createFileURL(); + const list = await createDownloadList(); + + let download = await Downloads.createDownload({ + source: { url: url.spec, isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + // Start + cancel. I need to have a startTime value. + await download.start(); + await download.cancel(); + + let items = await list.getAll(); + Assert.equal(items.length, 1); + + let view; + let removePromise = new Promise(resolve => { + view = { + onDownloadAdded() {}, + onDownloadChanged() {}, + onDownloadRemoved() { + resolve(); + }, + }; + }); + + await list.addView(view); + + await new Promise(resolve => { + Services.clearData.deleteDataInTimeRange( + download.startTime.getTime() * 1000, + download.startTime.getTime() * 1000, + true /* user request */, + Ci.nsIClearDataService.CLEAR_DOWNLOADS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + await removePromise; + + items = await list.getAll(); + Assert.equal(items.length, 0); +}); + +add_task(async function test_principal_downloads() { + const list = await createDownloadList(); + + let download = await Downloads.createDownload({ + source: { url: "http://example.net", isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + download = await Downloads.createDownload({ + source: { url: "http://example.com", isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + let items = await list.getAll(); + Assert.equal(items.length, 2); + + let view; + let removePromise = new Promise(resolve => { + view = { + onDownloadAdded() {}, + onDownloadChanged() {}, + onDownloadRemoved() { + resolve(); + }, + }; + }); + + await list.addView(view); + + let uri = Services.io.newURI("http://example.com"); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_DOWNLOADS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + await removePromise; + + items = await list.getAll(); + Assert.equal(items.length, 1); + + removePromise = new Promise(resolve => { + view = { + onDownloadAdded() {}, + onDownloadChanged() {}, + onDownloadRemoved() { + resolve(); + }, + }; + }); + + await list.addView(view); + + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOWNLOADS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + await removePromise; + + items = await list.getAll(); + Assert.equal(items.length, 0); +}); + +add_task(async function test_basedomain_downloads() { + const list = await createDownloadList(); + + let download = await Downloads.createDownload({ + source: { url: "http://example.net", isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + download = await Downloads.createDownload({ + source: { url: "http://test.example.net", isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + download = await Downloads.createDownload({ + source: { url: "https://foo.bar.example.net", isPrivate: true }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + download = await Downloads.createDownload({ + source: { url: "http://example.com", isPrivate: false }, + target: { path: FileTestUtils.getTempFile(TEST_TARGET_FILE_NAME).path }, + }); + Assert.ok(!!download); + list.add(download); + + let items = await list.getAll(); + Assert.equal(items.length, 4); + + let view; + let removePromise = new Promise(resolve => { + view = { + onDownloadAdded() {}, + onDownloadChanged() {}, + onDownloadRemoved() { + resolve(); + }, + }; + }); + + await list.addView(view); + + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.net", + true /* user request */, + Ci.nsIClearDataService.CLEAR_DOWNLOADS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + await removePromise; + + items = await list.getAll(); + Assert.equal(items.length, 1); + + removePromise = new Promise(resolve => { + view = { + onDownloadAdded() {}, + onDownloadChanged() {}, + onDownloadRemoved() { + resolve(); + }, + }; + }); + + await list.addView(view); + + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOWNLOADS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + await removePromise; + + items = await list.getAll(); + Assert.equal(items.length, 0); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_fingerprinting_protection_state.js b/toolkit/components/cleardata/tests/unit/test_fingerprinting_protection_state.js new file mode 100644 index 0000000000..6c50f91551 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_fingerprinting_protection_state.js @@ -0,0 +1,161 @@ +/* Any copyright is dedicated to the Public Domain. +http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +do_get_profile(); + +add_task(async function test_clear_fingerprinting_protection_state() { + info("Enabling fingerprinting randomization"); + Services.prefs.setBoolPref("privacy.resistFingerprinting", true); + + let uri = Services.io.newURI("https://example.com"); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + let channel = Services.io.newChannelFromURI( + uri, + null, // aLoadingNode + principal, + null, // aTriggeringPrincipal + Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, + Ci.nsIContentPolicy.TYPE_DOCUMENT + ); + + // Test nsIClearDataService.deleteDataFromHost + let key = Services.rfp.testGenerateRandomKey(channel); + let keyStr = key.map(bytes => bytes.toString(16).padStart(2, "0")).join(""); + + // Verify that the key remains the same without clearing. + key = Services.rfp.testGenerateRandomKey(channel); + let keyStrAgain = key + .map(bytes => bytes.toString(16).padStart(2, "0")) + .join(""); + + Assert.equal( + keyStr, + keyStrAgain, + "The fingerprinting randomization key remain the same without clearing." + ); + + info("Trigger the deleteDataFromHost"); + await new Promise(resolve => { + Services.clearData.deleteDataFromHost( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_FINGERPRINTING_PROTECTION_STATE, + _ => { + resolve(); + } + ); + }); + + key = Services.rfp.testGenerateRandomKey(channel); + let newKeyStr = key + .map(bytes => bytes.toString(16).padStart(2, "0")) + .join(""); + + Assert.notEqual( + keyStr, + newKeyStr, + "The fingerprinting randomization key is reset properly." + ); + + // Test nsIClearDataService.deleteDataFromBaseDomain + keyStr = newKeyStr; + + info("Trigger the deleteDataFromBaseDomain"); + await new Promise(resolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.com", + true /* user request */, + Ci.nsIClearDataService.CLEAR_FINGERPRINTING_PROTECTION_STATE, + _ => { + resolve(); + } + ); + }); + + key = Services.rfp.testGenerateRandomKey(channel); + newKeyStr = key.map(bytes => bytes.toString(16).padStart(2, "0")).join(""); + + Assert.notEqual( + keyStr, + newKeyStr, + "The fingerprinting randomization key is reset properly." + ); + + // Test nsIClearDataService.deleteDataFromPrincipal + keyStr = newKeyStr; + + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_FINGERPRINTING_PROTECTION_STATE, + _ => { + resolve(); + } + ); + }); + + key = Services.rfp.testGenerateRandomKey(channel); + newKeyStr = key.map(bytes => bytes.toString(16).padStart(2, "0")).join(""); + + Assert.notEqual( + keyStr, + newKeyStr, + "The fingerprinting randomization key is reset properly." + ); + + // Test nsIClearDataService.deleteData + keyStr = newKeyStr; + + // Generate a key for another site. + uri = Services.io.newURI("https://example.org"); + principal = Services.scriptSecurityManager.createContentPrincipal(uri, {}); + let channelAnother = Services.io.newChannelFromURI( + uri, + null, // aLoadingNode + principal, + null, // aTriggeringPrincipal + Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, + Ci.nsIContentPolicy.TYPE_DOCUMENT + ); + key = Services.rfp.testGenerateRandomKey(channelAnother); + let keyStrAnother = key + .map(bytes => bytes.toString(16).padStart(2, "0")) + .join(""); + + info("Trigger the deleteData"); + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_FINGERPRINTING_PROTECTION_STATE, + _ => { + resolve(); + } + ); + }); + + key = Services.rfp.testGenerateRandomKey(channel); + newKeyStr = key.map(bytes => bytes.toString(16).padStart(2, "0")).join(""); + + Assert.notEqual( + keyStr, + newKeyStr, + "The fingerprinting randomization key is reset properly." + ); + + // Verify whether deleteData clears another site as well. + key = Services.rfp.testGenerateRandomKey(channelAnother); + newKeyStr = key.map(bytes => bytes.toString(16).padStart(2, "0")).join(""); + + Assert.notEqual( + keyStrAnother, + newKeyStr, + "The fingerprinting randomization key is reset properly for another site." + ); + + Services.prefs.clearUserPref("privacy.resistFingerprinting"); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_identity_credential_storage.js b/toolkit/components/cleardata/tests/unit/test_identity_credential_storage.js new file mode 100644 index 0000000000..13369fc787 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_identity_credential_storage.js @@ -0,0 +1,121 @@ +/* Any copyright is dedicated to the Public Domain. +http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const { XPCOMUtils } = ChromeUtils.importESModule( + "resource://gre/modules/XPCOMUtils.sys.mjs" +); + +XPCOMUtils.defineLazyServiceGetter( + this, + "IdentityCredentialStorageService", + "@mozilla.org/browser/identity-credential-storage-service;1", + "nsIIdentityCredentialStorageService" +); + +do_get_profile(); + +add_task(async function test_deleteByRange() { + Services.prefs.setBoolPref( + "dom.security.credentialmanagement.identity.enabled", + true + ); + const expiry = Date.now() + 24 * 60 * 60; + let rpPrincipal = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI("https://rp.com/"), + {} + ); + let idpPrincipal = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI("https://idp.com/"), + {} + ); + const credentialID = "ID"; + + // Test initial value + let registered = {}; + let allowLogout = {}; + IdentityCredentialStorageService.getState( + rpPrincipal, + idpPrincipal, + credentialID, + registered, + allowLogout + ); + Assert.ok(!registered.value, "Should not be registered initially."); + Assert.ok(!allowLogout.value, "Should not allow logout initially."); + + // Set and read a value + IdentityCredentialStorageService.setState( + rpPrincipal, + idpPrincipal, + credentialID, + true, + true + ); + + IdentityCredentialStorageService.getState( + rpPrincipal, + idpPrincipal, + credentialID, + registered, + allowLogout + ); + Assert.ok(registered.value, "Should be registered by set."); + Assert.ok(allowLogout.value, "Should now allow logout by set."); + + let from = Date.now() + 60 * 60; + await new Promise(aResolve => { + Services.clearData.deleteDataInTimeRange( + from * 1000, + expiry * 1000, + true /* user request */, + Ci.nsIClearDataService.CLEAR_CREDENTIAL_MANAGER_STATE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + IdentityCredentialStorageService.getState( + rpPrincipal, + idpPrincipal, + credentialID, + registered, + allowLogout + ); + + Assert.ok( + registered.value, + "Should be existing since the value is not deleted" + ); + + from = Date.now() - 60 * 60; + + await new Promise(aResolve => { + Services.clearData.deleteDataInTimeRange( + from * 1000, + expiry * 1000, + true /* user request */, + Ci.nsIClearDataService.CLEAR_CREDENTIAL_MANAGER_STATE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + IdentityCredentialStorageService.getState( + rpPrincipal, + idpPrincipal, + credentialID, + registered, + allowLogout + ); + Assert.ok(!registered.value, "Should not be existing"); + + Services.prefs.clearUserPref( + "dom.security.credentialmanagement.identity.enabled" + ); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_network_cache.js b/toolkit/components/cleardata/tests/unit/test_network_cache.js new file mode 100644 index 0000000000..bb54cdc6a8 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_network_cache.js @@ -0,0 +1,316 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Test clearing cache. + */ + +"use strict"; + +function getPartitionedLoadContextInfo( + { scheme, topLevelBaseDomain, port }, + originAttributes = {} +) { + return Services.loadContextInfo.custom( + false, + getOAWithPartitionKey( + { scheme, topLevelBaseDomain, port }, + originAttributes + ) + ); +} + +add_task(async function test_deleteFromHost() { + await SiteDataTestUtils.addCacheEntry("http://example.com/", "disk"); + await SiteDataTestUtils.addCacheEntry("http://example.com/", "memory"); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", "memory"), + "The memory cache has an entry" + ); + + await SiteDataTestUtils.addCacheEntry("http://example.org/", "disk"); + await SiteDataTestUtils.addCacheEntry("http://example.org/", "memory"); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "memory"), + "The memory cache has an entry" + ); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.com", + true, + Ci.nsIClearDataService.CLEAR_NETWORK_CACHE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", "disk"), + "The disk cache is cleared" + ); + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", "memory"), + "The memory cache is cleared" + ); + + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "memory"), + "The memory cache has an entry" + ); + + await SiteDataTestUtils.clear(); +}); + +add_task(async function test_deleteFromPrincipal() { + await SiteDataTestUtils.addCacheEntry("http://example.com/", "disk"); + await SiteDataTestUtils.addCacheEntry("http://example.com/", "memory"); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", "memory"), + "The memory cache has an entry" + ); + + await SiteDataTestUtils.addCacheEntry("http://example.org/", "disk"); + await SiteDataTestUtils.addCacheEntry("http://example.org/", "memory"); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "memory"), + "The memory cache has an entry" + ); + + let principal = + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "http://example.com/" + ); + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true, + Ci.nsIClearDataService.CLEAR_NETWORK_CACHE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", "disk"), + "The disk cache is cleared" + ); + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", "memory"), + "The memory cache is cleared" + ); + + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "memory"), + "The memory cache has an entry" + ); + + await SiteDataTestUtils.clear(); +}); + +add_task(async function test_deleteFromBaseDomain() { + for (let cacheType of ["disk", "memory"]) { + await SiteDataTestUtils.addCacheEntry("http://example.com/", cacheType); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", cacheType), + `The ${cacheType} cache has an entry.` + ); + + await SiteDataTestUtils.addCacheEntry("http://example.org/", cacheType); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", cacheType), + `The ${cacheType} cache has an entry.` + ); + + // Partitioned cache. + await SiteDataTestUtils.addCacheEntry( + "http://example.com/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.org" }) + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry( + "http://example.com/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.org" }) + ), + `The ${cacheType} cache has a partitioned entry` + ); + await SiteDataTestUtils.addCacheEntry( + "http://example.org/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.com" }) + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry( + "http://example.org/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.com" }) + ), + `The ${cacheType} cache has a partitioned entry` + ); + + // Clear an unrelated base domain. + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "foo.com", + true, + Ci.nsIClearDataService.CLEAR_NETWORK_CACHE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + // Should still have all cache entries. + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", cacheType), + `The ${cacheType} cache has an entry.` + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", cacheType), + `The ${cacheType} cache has an entry.` + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry( + "http://example.com/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.org" }) + ), + `The ${cacheType} cache has a partitioned entry` + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry( + "http://example.org/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.com" }) + ), + `The ${cacheType} cache has a partitioned entry` + ); + + // Clear data for example.com + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.com", + true, + Ci.nsIClearDataService.CLEAR_NETWORK_CACHE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", cacheType), + `The ${cacheType} cache is cleared.` + ); + + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", cacheType), + `The ${cacheType} cache has an entry.` + ); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry( + "http://example.com/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.org" }) + ), + `The ${cacheType} cache is cleared.` + ); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry( + "http://example.org/", + cacheType, + getPartitionedLoadContextInfo({ topLevelBaseDomain: "example.com" }) + ), + `The ${cacheType} cache is cleared.` + ); + await SiteDataTestUtils.clear(); + } +}); + +add_task(async function test_deleteAll() { + await SiteDataTestUtils.addCacheEntry("http://example.com/", "disk"); + await SiteDataTestUtils.addCacheEntry("http://example.com/", "memory"); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.com/", "memory"), + "The memory cache has an entry" + ); + + await SiteDataTestUtils.addCacheEntry("http://example.org/", "disk"); + await SiteDataTestUtils.addCacheEntry("http://example.org/", "memory"); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "disk"), + "The disk cache has an entry" + ); + Assert.ok( + SiteDataTestUtils.hasCacheEntry("http://example.org/", "memory"), + "The memory cache has an entry" + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_NETWORK_CACHE, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", "disk"), + "The disk cache is cleared" + ); + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.com/", "memory"), + "The memory cache is cleared" + ); + + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.org/", "disk"), + "The disk cache is cleared" + ); + Assert.ok( + !SiteDataTestUtils.hasCacheEntry("http://example.org/", "memory"), + "The memory cache is cleared" + ); + + await SiteDataTestUtils.clear(); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_passwords.js b/toolkit/components/cleardata/tests/unit/test_passwords.js new file mode 100644 index 0000000000..7e63bd8fa3 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_passwords.js @@ -0,0 +1,89 @@ +/** + * Tests for passwords. + */ + +"use strict"; + +const URL = "http://example.com"; + +const { LoginTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/LoginTestUtils.sys.mjs" +); + +add_task(async function test_principal_downloads() { + // Store the strings "user" and "pass" using similarly looking glyphs. + let loginInfo = LoginTestUtils.testData.formLogin({ + origin: URL, + formActionOrigin: URL, + username: "admin", + password: "12345678", + usernameField: "field_username", + passwordField: "field_password", + }); + await Services.logins.addLoginAsync(loginInfo); + + Assert.equal(await countLogins(URL), 1); + + let uri = Services.io.newURI(URL); + let principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + + await new Promise(resolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_PASSWORDS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + Assert.equal(await countLogins(URL), 0); + + LoginTestUtils.clearData(); +}); + +add_task(async function test_all() { + // Store the strings "user" and "pass" using similarly looking glyphs. + let loginInfo = LoginTestUtils.testData.formLogin({ + origin: URL, + formActionOrigin: URL, + username: "admin", + password: "12345678", + usernameField: "field_username", + passwordField: "field_password", + }); + await Services.logins.addLoginAsync(loginInfo); + + Assert.equal(await countLogins(URL), 1); + + await new Promise(resolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PASSWORDS, + value => { + Assert.equal(value, 0); + resolve(); + } + ); + }); + + Assert.equal(await countLogins(URL), 0); + + LoginTestUtils.clearData(); +}); + +async function countLogins(origin) { + let count = 0; + const logins = await Services.logins.getAllLogins(); + for (const login of logins) { + if (login.origin == origin) { + ++count; + } + } + + return count; +} diff --git a/toolkit/components/cleardata/tests/unit/test_permissions.js b/toolkit/components/cleardata/tests/unit/test_permissions.js new file mode 100644 index 0000000000..1f46ab5015 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_permissions.js @@ -0,0 +1,471 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Tests for permissions + */ + +"use strict"; + +add_task(async function test_all_permissions() { + const uri = Services.io.newURI("https://example.net"); + const principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + + Services.perms.addFromPrincipal( + principal, + "cookie", + Services.perms.ALLOW_ACTION + ); + Assert.ok( + Services.perms.getPermissionObject(principal, "cookie", true) != null + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + Services.perms.getPermissionObject(principal, "cookie", true) == null + ); +}); + +add_task(async function test_principal_permissions() { + const uri = Services.io.newURI("https://example.net"); + const principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + + const anotherUri = Services.io.newURI("https://example.com"); + const anotherPrincipal = + Services.scriptSecurityManager.createContentPrincipal(anotherUri, {}); + + Services.perms.addFromPrincipal( + principal, + "cookie", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + anotherPrincipal, + "cookie", + Services.perms.ALLOW_ACTION + ); + Assert.ok( + Services.perms.getPermissionObject(principal, "cookie", true) != null + ); + Assert.ok( + Services.perms.getPermissionObject(anotherPrincipal, "cookie", true) != null + ); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + Services.perms.getPermissionObject(principal, "cookie", true) == null + ); + Assert.ok( + Services.perms.getPermissionObject(anotherPrincipal, "cookie", true) != null + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => aResolve() + ); + }); +}); + +function addTestPermissions() { + Services.perms.removeAll(); + + PermissionTestUtils.add( + "https://example.net", + "geo", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "http://example.net", + "cookie", + Services.perms.DENY_ACTION + ); + PermissionTestUtils.add( + "https://bar.example.net", + "geo", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://foo.bar.example.net", + "geo", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://example.com", + "3rdPartyStorage^https://example.net", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://example.com", + "3rdPartyFrameStorage^https://example.net", + Services.perms.ALLOW_ACTION + ); + + PermissionTestUtils.add( + "https://example.com", + "cookie", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "http://example.com", + "geo", + Services.perms.ALLOW_ACTION + ); + + Assert.equal( + PermissionTestUtils.getPermissionObject("https://example.net", "geo", true) + .capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "http://example.net", + "cookie", + true + ).capability, + Services.perms.DENY_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://bar.example.net", + "geo", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://foo.bar.example.net", + "geo", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "3rdPartyStorage^https://example.net", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "3rdPartyFrameStorage^https://example.net", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "cookie", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject("http://example.com", "geo", true) + .capability, + Services.perms.ALLOW_ACTION + ); +} + +add_task(async function test_basedomain_permissions() { + for (let domain of [ + "example.net", + "test.example.net", + "foo.bar.example.net", + ]) { + addTestPermissions(); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + domain, + true /* user request */, + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + // Should have cleared all entries associated with the base domain. + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://example.net", + "geo", + true + ) + ); + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "http://example.net", + "cookie", + true + ) + ); + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://bar.example.net", + "geo", + true + ) + ); + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://foo.bar.example.net", + "geo", + true + ) + ); + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://example.com", + "3rdPartyStorage^https://example.net", + true + ) + ); + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://example.com", + "3rdPartyFrameStorage^https://example.net", + true + ) + ); + + // Unrelated entries should still exist. + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "cookie", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject("http://example.com", "geo", true) + .capability, + Services.perms.ALLOW_ACTION + ); + } + + Services.perms.removeAll(); +}); + +add_task(async function test_host_permissions() { + addTestPermissions(); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "bar.example.net", + true /* user request */, + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + // Should have cleared all entries associated with the host and its + // subdomains. + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://bar.example.net", + "geo", + true + ) + ); + Assert.ok( + !PermissionTestUtils.getPermissionObject( + "https://foo.bar.example.net", + "geo", + true + ) + ); + + // Unrelated entries should still exist. + Assert.equal( + PermissionTestUtils.getPermissionObject("https://example.net", "geo", true) + .capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "http://example.net", + "cookie", + true + ).capability, + Services.perms.DENY_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "3rdPartyStorage^https://example.net", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "3rdPartyFrameStorage^https://example.net", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + + Assert.equal( + PermissionTestUtils.getPermissionObject( + "https://example.com", + "cookie", + true + ).capability, + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.getPermissionObject("http://example.com", "geo", true) + .capability, + Services.perms.ALLOW_ACTION + ); + + Services.perms.removeAll(); +}); + +add_task(async function test_3rdpartystorage_permissions() { + const uri = Services.io.newURI("https://example.net"); + const principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + Services.perms.addFromPrincipal( + principal, + "cookie", + Services.perms.ALLOW_ACTION + ); + + const anotherUri = Services.io.newURI("https://example.com"); + const anotherPrincipal = + Services.scriptSecurityManager.createContentPrincipal(anotherUri, {}); + Services.perms.addFromPrincipal( + anotherPrincipal, + "cookie", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + anotherPrincipal, + "3rdPartyStorage^https://example.net", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + anotherPrincipal, + "3rdPartyFrameStorage^https://example.net", + Services.perms.ALLOW_ACTION + ); + + const oneMoreUri = Services.io.newURI("https://example.org"); + const oneMorePrincipal = + Services.scriptSecurityManager.createContentPrincipal(oneMoreUri, {}); + Services.perms.addFromPrincipal( + oneMorePrincipal, + "cookie", + Services.perms.ALLOW_ACTION + ); + + Assert.ok( + Services.perms.getPermissionObject(principal, "cookie", true) != null + ); + Assert.ok( + Services.perms.getPermissionObject(anotherPrincipal, "cookie", true) != null + ); + Assert.ok( + Services.perms.getPermissionObject( + anotherPrincipal, + "3rdPartyStorage^https://example.net", + true + ) != null + ); + Assert.ok( + Services.perms.getPermissionObject( + anotherPrincipal, + "3rdPartyFrameStorage^https://example.net", + true + ) != null + ); + Assert.ok( + Services.perms.getPermissionObject(oneMorePrincipal, "cookie", true) != null + ); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.ok( + Services.perms.getPermissionObject(principal, "cookie", true) == null + ); + Assert.ok( + Services.perms.getPermissionObject(anotherPrincipal, "cookie", true) != null + ); + Assert.ok( + Services.perms.getPermissionObject( + anotherPrincipal, + "3rdPartyStorage^https://example.net", + true + ) == null + ); + Assert.ok( + Services.perms.getPermissionObject( + anotherPrincipal, + "3rdPartyFrameStorage^https://example.net", + true + ) == null + ); + Assert.ok( + Services.perms.getPermissionObject(oneMorePrincipal, "cookie", true) != null + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => aResolve() + ); + }); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_quota.js b/toolkit/components/cleardata/tests/unit/test_quota.js new file mode 100644 index 0000000000..95c3025781 --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_quota.js @@ -0,0 +1,537 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Tests for the QuotaCleaner. + */ + +"use strict"; + +// The following tests ensure we properly clear (partitioned/unpartitioned) +// localStorage and indexedDB when using deleteDataFromBaseDomain, +// deleteDataFromHost and deleteDataFromPrincipal. + +// Skip localStorage tests when using legacy localStorage. The legacy +// localStorage implementation does not support clearing data by principal. See +// Bug 1688221, Bug 1688665. +const skipLocalStorageTests = Services.prefs.getBoolPref( + "dom.storage.enable_unsupported_legacy_implementation" +); + +/** + * Create an origin with partitionKey. + * @param {String} host - Host portion of origin to create. + * @param {String} [topLevelBaseDomain] - Optional first party base domain to use for partitionKey. + * @param {Object} [originAttributes] - Optional object of origin attributes to + * set. If topLevelBaseDomain is passed, the partitionKey will be overwritten. + * @returns {String} Origin with suffix. + */ +function getOrigin(host, topLevelBaseDomain, originAttributes = {}) { + return getPrincipal(host, topLevelBaseDomain, originAttributes).origin; +} + +function getPrincipal(host, topLevelBaseDomain, originAttributes = {}) { + originAttributes = getOAWithPartitionKey( + { topLevelBaseDomain }, + originAttributes + ); + let principal = Services.scriptSecurityManager.createContentPrincipal( + Services.io.newURI(`https://${host}`), + originAttributes + ); + return principal; +} + +function getTestEntryName(host, topLevelBaseDomain) { + if (!topLevelBaseDomain) { + return host; + } + return `${host}_${topLevelBaseDomain}`; +} + +function setTestEntry({ + storageType, + host, + topLevelBaseDomain = null, + originAttributes = {}, +}) { + let origin = getOrigin(host, topLevelBaseDomain, originAttributes); + if (storageType == "localStorage") { + SiteDataTestUtils.addToLocalStorage( + origin, + getTestEntryName(host, topLevelBaseDomain), + "bar" + ); + return; + } + SiteDataTestUtils.addToIndexedDB(origin); +} + +async function testEntryExists({ + storageType, + host, + topLevelBaseDomain = null, + expected = true, + originAttributes = {}, +}) { + let exists; + let origin = getOrigin(host, topLevelBaseDomain, originAttributes); + if (storageType == "localStorage") { + exists = SiteDataTestUtils.hasLocalStorage(origin, [ + { key: getTestEntryName(host, topLevelBaseDomain), value: "bar" }, + ]); + } else { + exists = await SiteDataTestUtils.hasIndexedDB(origin); + } + + let message = `${storageType} entry ${ + expected ? "is set" : "is not set" + } for ${host}`; + if (topLevelBaseDomain) { + message += ` partitioned under ${topLevelBaseDomain}`; + } + Assert.equal(exists, expected, message); + return exists; +} + +const TEST_ORIGINS = [ + // First party + { host: "example.net" }, + { host: "test.example.net" }, + { host: "example.org" }, + + // Third-party partitioned. + { host: "example.com", topLevelBaseDomain: "example.net" }, + { + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + }, + { host: "example.net", topLevelBaseDomain: "example.org" }, + { host: "test.example.net", topLevelBaseDomain: "example.org" }, +]; + +async function setTestEntries(storageType) { + for (const origin of TEST_ORIGINS) { + setTestEntry({ storageType, ...origin }); + } + + // Ensure we have the correct storage test state. + for (const origin of TEST_ORIGINS) { + await testEntryExists({ storageType, ...origin }); + } +} + +/** + * Run the base domain test with either localStorage or indexedDB. + * @param {('localStorage'|'indexedDB')} storageType + */ +async function runTestBaseDomain(storageType) { + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + await setTestEntries(storageType); + + // Clear entries of example.net including partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + await testEntryExists({ storageType, host: "example.net", expected: false }); + await testEntryExists({ + storageType, + host: "test.example.net", + expected: false, + }); + await testEntryExists({ storageType, host: "example.org" }); + + await testEntryExists({ + storageType, + host: "example.com", + topLevelBaseDomain: "example.net", + expected: false, + }); + await testEntryExists({ + storageType, + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + expected: false, + }); + await testEntryExists({ + storageType, + host: "example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + await testEntryExists({ + storageType, + host: "test.example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + + // Cleanup + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); +} + +/** + * Run the host test with either localStorage or indexedDB. + * @param {('localStorage'|'indexedDB')} storageType + */ +async function runTestHost(storageType) { + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + await setTestEntries(storageType); + + // Clear entries of example.net without partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + await testEntryExists({ storageType, host: "example.net", expected: false }); + // QuotaCleaner#deleteByHost also clears subdomains. + await testEntryExists({ + storageType, + host: "test.example.net", + expected: false, + }); + await testEntryExists({ storageType, host: "example.org" }); + + await testEntryExists({ + storageType, + host: "example.com", + topLevelBaseDomain: "example.net", + expected: true, + }); + await testEntryExists({ + storageType, + host: "example.com", + topLevelBaseDomain: "example.net", + originAttributes: { userContextId: 1 }, + expected: true, + }); + // QuotaCleaner#deleteByHost ignores partitionKey. + await testEntryExists({ + storageType, + host: "example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + await testEntryExists({ + storageType, + host: "test.example.net", + topLevelBaseDomain: "example.org", + expected: false, + }); + + // Cleanup + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); +} + +/** + * Run the principal test with either localStorage or indexedDB. + * @param {('localStorage'|'indexedDB')} storageType + */ +async function runTestPrincipal(storageType) { + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + // First party + setTestEntry({ storageType, host: "example.net" }); + setTestEntry({ + storageType, + host: "example.net", + originAttributes: { userContextId: 2 }, + }); + setTestEntry({ + storageType, + host: "example.net", + originAttributes: { privateBrowsingId: 1 }, + }); + setTestEntry({ storageType, host: "test.example.net" }); + setTestEntry({ storageType, host: "example.org" }); + + // Third-party partitioned. + setTestEntry({ + storageType, + host: "example.net", + topLevelBaseDomain: "example.com", + }); + + // Ensure we have the correct storage test state. + await testEntryExists({ storageType, host: "example.net" }); + await testEntryExists({ + storageType, + host: "example.net", + originAttributes: { userContextId: 2 }, + }); + await testEntryExists({ + storageType, + host: "example.net", + originAttributes: { privateBrowsingId: 1 }, + }); + await testEntryExists({ storageType, host: "test.example.net" }); + await testEntryExists({ storageType, host: "example.org" }); + await testEntryExists({ + storageType, + host: "example.net", + topLevelBaseDomain: "example.com", + }); + + // Clear entries from principal with custom OA. + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + getPrincipal("example.net", null, { userContextId: 2 }), + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + // Test that we only deleted entries for the exact origin. + await testEntryExists({ storageType, host: "example.net" }); + await testEntryExists({ + expected: false, + storageType, + host: "example.net", + originAttributes: { userContextId: 2 }, + }); + await testEntryExists({ + storageType, + host: "example.net", + originAttributes: { privateBrowsingId: 1 }, + }); + await testEntryExists({ storageType, host: "test.example.net" }); + await testEntryExists({ storageType, host: "example.org" }); + await testEntryExists({ + storageType, + host: "example.net", + topLevelBaseDomain: "example.com", + }); + + // Clear entries of from partitioned principal. + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + getPrincipal("example.net", "example.com"), + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + // Test that we only deleted entries for the partition. + await testEntryExists({ storageType, host: "example.net" }); + await testEntryExists({ + expected: false, + storageType, + host: "example.net", + originAttributes: { userContextId: 2 }, + }); + await testEntryExists({ + storageType, + host: "example.net", + originAttributes: { privateBrowsingId: 1 }, + }); + await testEntryExists({ storageType, host: "test.example.net" }); + await testEntryExists({ storageType, host: "example.org" }); + await testEntryExists({ + expected: false, + storageType, + host: "example.net", + topLevelBaseDomain: "example.com", + }); + + // Clear entries of from principal without suffix. + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + getPrincipal("example.net", null), + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + // Test that we only deleted entries for the given principal, and not entries + // for principals with the same host, but different OriginAttributes or + // subdomains. + await testEntryExists({ expected: false, storageType, host: "example.net" }); + await testEntryExists({ + expected: false, + storageType, + host: "example.net", + originAttributes: { userContextId: 2 }, + }); + await testEntryExists({ + storageType, + host: "example.net", + originAttributes: { privateBrowsingId: 1 }, + }); + + await testEntryExists({ storageType, host: "test.example.net" }); + await testEntryExists({ storageType, host: "example.org" }); + await testEntryExists({ + expected: false, + storageType, + host: "example.net", + topLevelBaseDomain: "example.com", + }); + + // Cleanup + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); +} + +// Tests + +add_task(function setup() { + // Allow setting local storage in xpcshell tests. + Services.prefs.setBoolPref("dom.storage.client_validation", false); +}); + +/** + * Tests deleting localStorage entries by host. + */ +add_task(async function test_host_localStorage() { + await runTestHost("localStorage"); +}); + +/** + * Tests deleting indexedDB entries by host. + */ +add_task(async function test_host_indexedDB() { + await runTestHost("indexedDB"); +}); + +/** + * Tests deleting (partitioned) localStorage entries by base domain. + */ +add_task(async function test_baseDomain_localStorage() { + await runTestBaseDomain("localStorage"); +}); + +/** + * Tests deleting (partitioned) indexedDB entries by base domain. + */ +add_task(async function test_baseDomain_indexedDB() { + await runTestBaseDomain("indexedDB"); +}); + +/** + * Tests deleting localStorage entries by principal. + */ +add_task(async function test_principal_localStorage() { + // Bug 1688221, Bug 1688665. + if (skipLocalStorageTests) { + info("Skipping test"); + return; + } + await runTestPrincipal("localStorage"); +}); + +function getRelativeFile(...components) { + const profileDir = Services.dirsvc.get("ProfD", Ci.nsIFile); + + const file = profileDir.clone(); + for (const component of components) { + file.append(component); + } + + return file; +} + +function countSubitems(file) { + const entriesIterator = file.directoryEntries; + let count = 0; + while (entriesIterator.hasMoreElements()) { + ++count; + entriesIterator.nextFile; + } + return count; +} + +add_task(async function test_deleteAllAtShutdown() { + const storageType = "indexedDB"; + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + const toBeRemovedDir = getRelativeFile("storage", "to-be-removed"); + if (toBeRemovedDir.exists()) { + toBeRemovedDir.remove(true); + } + + await setTestEntries(storageType); + + Services.startup.advanceShutdownPhase( + Services.startup.SHUTDOWN_PHASE_APPSHUTDOWNTEARDOWN + ); + + // Clear entries from principal with custom OA. + for (const origin of TEST_ORIGINS) { + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + getPrincipal( + origin.host, + origin.topLevelBaseDomain, + origin.originAttributes + ), + false, + Ci.nsIClearDataService.CLEAR_DOM_QUOTA, + aResolve + ); + }); + + await testEntryExists({ expected: false, storageType, ...origin }); + } + + Assert.ok( + toBeRemovedDir.exists(), + "to-be-removed directory should exist now" + ); + + Assert.equal( + countSubitems(toBeRemovedDir), + TEST_ORIGINS.length, + `storage/to-be-removed has ${TEST_ORIGINS.length} subdirectories` + ); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_security_settings.js b/toolkit/components/cleardata/tests/unit/test_security_settings.js new file mode 100644 index 0000000000..b14f567bab --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_security_settings.js @@ -0,0 +1,279 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Test for SecuritySettingsCleaner. + * This tests both, the SiteSecurityService and the ClientAuthRememberService. + */ + +"use strict"; + +let gSSService = Cc["@mozilla.org/ssservice;1"].getService( + Ci.nsISiteSecurityService +); + +let cars = Cc["@mozilla.org/security/clientAuthRememberService;1"].getService( + Ci.nsIClientAuthRememberService +); + +let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService( + Ci.nsIX509CertDB +); + +// These are not actual server and client certs. The ClientAuthRememberService +// does not care which certs we store decisions for, as long as they're valid. +let [clientCert] = certDB.getCerts(); + +function addSecurityInfo({ host, topLevelBaseDomain, originAttributes = {} }) { + let attrs = getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes); + + let uri = Services.io.newURI(`https://${host}`); + + gSSService.processHeader(uri, "max-age=1000;", attrs); + + cars.rememberDecisionScriptable(host, attrs, clientCert); +} + +function addTestSecurityInfo() { + // First party + addSecurityInfo({ host: "example.net" }); + addSecurityInfo({ host: "test.example.net" }); + addSecurityInfo({ host: "example.org" }); + + // Third-party partitioned + addSecurityInfo({ host: "example.com", topLevelBaseDomain: "example.net" }); + addSecurityInfo({ host: "example.net", topLevelBaseDomain: "example.org" }); + addSecurityInfo({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + }); + + // Ensure we have the correct state initially. + testSecurityInfo({ host: "example.net" }); + testSecurityInfo({ host: "test.example.net" }); + testSecurityInfo({ host: "example.org" }); + testSecurityInfo({ host: "example.com", topLevelBaseDomain: "example.net" }); + testSecurityInfo({ host: "example.net", topLevelBaseDomain: "example.org" }); + testSecurityInfo({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + }); +} + +function testSecurityInfo({ + host, + topLevelBaseDomain, + expectedHSTS = true, + expectedCARS = true, + originAttributes = {}, +}) { + let attrs = getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes); + + let messageSuffix = `for ${host}`; + if (topLevelBaseDomain) { + messageSuffix += ` partitioned under ${topLevelBaseDomain}`; + } + + let uri = Services.io.newURI(`https://${host}`); + let isSecure = gSSService.isSecureURI(uri, attrs); + Assert.equal( + isSecure, + expectedHSTS, + `HSTS ${expectedHSTS ? "is set" : "is not set"} ${messageSuffix}` + ); + + let hasRemembered = cars.hasRememberedDecisionScriptable(host, attrs, {}); + // CARS deleteDecisionsByHost does not include subdomains. That means for some + // test cases we expect a different remembered state. + Assert.equal( + hasRemembered, + expectedCARS, + `CAR ${expectedCARS ? "is set" : "is not set"} ${messageSuffix}` + ); +} + +add_task(async function test_baseDomain() { + gSSService.clearAll(); + + // ---- hsts cleaner ---- + addTestSecurityInfo(); + + // Clear hsts data of example.net including partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_HSTS, + aResolve + ); + }); + + testSecurityInfo({ + host: "example.net", + expectedHSTS: false, + expectedCARS: true, + }); + // HSTSCleaner also removes subdomain settings. + testSecurityInfo({ + host: "test.example.net", + expectedHSTS: false, + expectedCARS: true, + }); + testSecurityInfo({ host: "example.org" }); + + testSecurityInfo({ + host: "example.com", + topLevelBaseDomain: "example.net", + expectedHSTS: false, + expectedCARS: true, + }); + testSecurityInfo({ + host: "example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: false, + expectedCARS: true, + }); + testSecurityInfo({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: false, + expectedCARS: true, + }); + + // ---- client auth remember cleaner ----- + addTestSecurityInfo(); + + // Clear security settings of example.net including partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_CLIENT_AUTH_REMEMBER_SERVICE, + aResolve + ); + }); + + testSecurityInfo({ + host: "example.net", + expectedHSTS: true, + expectedCARS: false, + }); + // ClientAuthRememberCleaner also removes subdomain settings. + testSecurityInfo({ + host: "test.example.net", + expectedHSTS: true, + expectedCARS: false, + }); + testSecurityInfo({ host: "example.org" }); + + testSecurityInfo({ + host: "example.com", + topLevelBaseDomain: "example.net", + expectedHSTS: true, + expectedCARS: false, + }); + testSecurityInfo({ + host: "example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: true, + expectedCARS: false, + }); + testSecurityInfo({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: true, + expectedCARS: false, + }); + + // Cleanup + gSSService.clearAll(); +}); + +add_task(async function test_host() { + gSSService.clearAll(); + + // ---- HSTS cleaer ---- + addTestSecurityInfo(); + + // Clear security settings of example.net without partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_HSTS, + aResolve + ); + }); + + testSecurityInfo({ + host: "example.net", + expectedHSTS: false, + expectedCARS: true, + }); + testSecurityInfo({ + host: "test.example.net", + expectedHSTS: false, + expectedCARS: true, + }); + testSecurityInfo({ host: "example.org" }); + + testSecurityInfo({ host: "example.com", topLevelBaseDomain: "example.net" }); + testSecurityInfo({ + host: "example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: false, + expectedCARS: true, + }); + testSecurityInfo({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: false, + expectedCARS: true, + }); + + // Cleanup + gSSService.clearAll(); + + // --- clientAuthRemember cleaner --- + + addTestSecurityInfo(); + + // Clear security settings of example.net without partitions. + await new Promise(aResolve => { + Services.clearData.deleteDataFromHost( + "example.net", + false, + Ci.nsIClearDataService.CLEAR_CLIENT_AUTH_REMEMBER_SERVICE, + aResolve + ); + }); + + testSecurityInfo({ + host: "example.net", + expectedHSTS: true, + expectedCARS: false, + }); + testSecurityInfo({ + host: "test.example.net", + expectedHSTS: true, + expectedCARS: true, + }); + testSecurityInfo({ host: "example.org" }); + + testSecurityInfo({ host: "example.com", topLevelBaseDomain: "example.net" }); + testSecurityInfo({ + host: "example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: true, + expectedCARS: false, + }); + testSecurityInfo({ + host: "test.example.net", + topLevelBaseDomain: "example.org", + expectedHSTS: true, + expectedCARS: true, + }); + + // Cleanup + gSSService.clearAll(); +}); diff --git a/toolkit/components/cleardata/tests/unit/test_storage_permission.js b/toolkit/components/cleardata/tests/unit/test_storage_permission.js new file mode 100644 index 0000000000..a44e9f2c6a --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/test_storage_permission.js @@ -0,0 +1,398 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Tests for permissions + */ + +"use strict"; + +// Test that only the storageAccessAPI gets removed. +add_task(async function test_removing_storage_permission() { + const uri = Services.io.newURI("https://example.net"); + const principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + + Services.perms.addFromPrincipal( + principal, + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + principal, + "cookie", + Services.perms.ALLOW_ACTION + ); + + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "There is a storageAccessAPI permission set" + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_STORAGE_ACCESS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principal, + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION, + "the storageAccessAPI permission has been removed" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal(principal, "cookie"), + Services.perms.ALLOW_ACTION, + "the cookie permission has not been removed" + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => aResolve() + ); + }); +}); + +// Test that the storageAccessAPI gets removed from a particular principal +add_task(async function test_removing_storage_permission_from_principal() { + const uri = Services.io.newURI("https://example.net"); + const principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + + const anotherUri = Services.io.newURI("https://example.com"); + const anotherPrincipal = + Services.scriptSecurityManager.createContentPrincipal(anotherUri, {}); + + Services.perms.addFromPrincipal( + principal, + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + anotherPrincipal, + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has been added to the first principal" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + anotherPrincipal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has been added to the second principal" + ); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromPrincipal( + principal, + true /* user request */, + Ci.nsIClearDataService.CLEAR_STORAGE_ACCESS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principal, + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION, + "storageAccessAPI permission has been removed from the first principal" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + anotherPrincipal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has not been removed from the second principal" + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => aResolve() + ); + }); +}); + +// Test that the storageAccessAPI gets removed from a base domain. +add_task(async function test_removing_storage_permission_from_base_domainl() { + const uri = Services.io.newURI("https://example.net"); + const principal = Services.scriptSecurityManager.createContentPrincipal( + uri, + {} + ); + const uriSub = Services.io.newURI("http://test.example.net"); + const principalSub = Services.scriptSecurityManager.createContentPrincipal( + uriSub, + {} + ); + + const anotherUri = Services.io.newURI("https://example.com"); + const anotherPrincipal = + Services.scriptSecurityManager.createContentPrincipal(anotherUri, {}); + + Services.perms.addFromPrincipal( + principal, + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + principalSub, + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + Services.perms.addFromPrincipal( + anotherPrincipal, + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has been added to the first principal" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principalSub, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has been added to the subdomain principal" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + anotherPrincipal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has been added to the second principal" + ); + + await new Promise(aResolve => { + Services.clearData.deleteDataFromBaseDomain( + "example.net", + true /* user request */, + Ci.nsIClearDataService.CLEAR_STORAGE_ACCESS, + value => { + Assert.equal(value, 0); + aResolve(); + } + ); + }); + + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principal, + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION, + "storageAccessAPI permission has been removed from the first principal" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + principalSub, + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION, + "storageAccessAPI permission has been removed from the sub domain principal" + ); + Assert.equal( + Services.perms.testExactPermissionFromPrincipal( + anotherPrincipal, + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION, + "storageAccessAPI permission has not been removed from the second principal" + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => aResolve() + ); + }); +}); + +// Tests the deleteUserInteractionForClearingHistory function. +add_task(async function test_deleteUserInteractionForClearingHistory() { + // These should be retained. + PermissionTestUtils.add( + "https://example.com", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://sub.example.com", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://sub.example.com^userContextId=3", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + + // These should be removed. + PermissionTestUtils.add( + "https://example.org", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://sub.example.org", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + PermissionTestUtils.add( + "https://sub.example.org^userContextId=3", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + + let principalWithStorage = + Services.scriptSecurityManager.createContentPrincipalFromOrigin( + "https://sub.example.com" + ); + + await new Promise(resolve => { + return Services.clearData.deleteUserInteractionForClearingHistory( + [principalWithStorage], + 0, + resolve + ); + }); + + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://example.org", + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION + ); + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://sub.example.org", + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION + ); + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://sub.example.org^userContextId=3", + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION + ); + + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://example.com", + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://sub.example.com", + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://sub.example.com^userContextId=3", + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION + ); + + // This permission is set earlier than the timestamp and should be retained. + PermissionTestUtils.add( + "https://example.net", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + + // Add some time in between taking the snapshot of the timestamp + // to avoid flakyness. + await new Promise(c => do_timeout(100, c)); + let timestamp = Date.now(); + await new Promise(c => do_timeout(100, c)); + + // This permission is set later than the timestamp and should be removed. + PermissionTestUtils.add( + "https://example.org", + "storageAccessAPI", + Services.perms.ALLOW_ACTION + ); + + await new Promise(resolve => { + return Services.clearData.deleteUserInteractionForClearingHistory( + [principalWithStorage], + // ClearDataService takes PRTime (microseconds) + timestamp * 1000, + resolve + ); + }); + + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://example.org", + "storageAccessAPI" + ), + Services.perms.UNKNOWN_ACTION + ); + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://example.net", + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION + ); + Assert.equal( + PermissionTestUtils.testExactPermission( + "https://example.com", + "storageAccessAPI" + ), + Services.perms.ALLOW_ACTION + ); + + await new Promise(aResolve => { + Services.clearData.deleteData( + Ci.nsIClearDataService.CLEAR_PERMISSIONS, + value => aResolve() + ); + }); +}); diff --git a/toolkit/components/cleardata/tests/unit/xpcshell.toml b/toolkit/components/cleardata/tests/unit/xpcshell.toml new file mode 100644 index 0000000000..2df07abcea --- /dev/null +++ b/toolkit/components/cleardata/tests/unit/xpcshell.toml @@ -0,0 +1,40 @@ +[DEFAULT] +tags = "condprof" +firefox-appdir = "browser" +head = "head.js" +skip-if = ["os == 'android'"] +support-files = "" +prefs = [ + "privacy.bounceTrackingProtection.enabled=true", + "privacy.bounceTrackingProtection.enableTestMode=true", + "privacy.bounceTrackingProtection.bounceTrackingPurgeTimerPeriodSec=0", +] + +["test_basic.js"] + +["test_bounce_tracking_protection.js"] + +["test_certs.js"] + +["test_cookie_banner_handling.js"] + +["test_cookies.js"] + +["test_downloads.js"] + +["test_fingerprinting_protection_state.js"] + +["test_identity_credential_storage.js"] + +["test_network_cache.js"] +skip-if = ["condprof"] # Bug 1769154 - expected fail w/condprof + +["test_passwords.js"] + +["test_permissions.js"] + +["test_quota.js"] + +["test_security_settings.js"] + +["test_storage_permission.js"] -- cgit v1.2.3