1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
xcod<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>Test autofill on an HTTPS page using logins with different eTLD+1</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<script type="text/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
<script type="text/javascript" src="pwmgr_common.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<script>
const MISSING_ACTION_PATH = TESTS_DIR + "mochitest/form_basic.html";
const chromeScript = runChecksAfterCommonInit(false);
let nsLoginInfo = SpecialPowers.wrap(SpecialPowers.Components).Constructor("@mozilla.org/login-manager/loginInfo;1",
SpecialPowers.Ci.nsILoginInfo,
"init");
</script>
<p id="display"></p>
<!-- we presumably can't hide the content for this test. -->
<div id="content">
<iframe></iframe>
</div>
<pre id="test">
<script class="testbody" type="text/javascript">
let iframe = SpecialPowers.wrap(document.getElementsByTagName("iframe")[0]);
let win = window.open("about:blank");
SimpleTest.registerCleanupFunction(() => win.close());
let origin = window.location.origin;
let otherOrigin = "https://foobar." + window.location.host;
let oldOrigin = "https://old." + window.location.host;
async function checkWindowLoginForm(expectedUsername, expectedPassword) {
return SpecialPowers.spawn(win, [expectedUsername, expectedPassword], function(un, pw) {
let doc = this.content.document;
Assert.equal(doc.querySelector("#form-basic-username").value, un, "Check username value");
Assert.equal(doc.querySelector("#form-basic-password").value, pw, "Check password value");
});
}
async function prepareLogins(logins = []) {
await LoginManager.removeAllUserFacingLogins();
let dates = Date.now();
for (let login of logins) {
SpecialPowers.do_QueryInterface(login, SpecialPowers.Ci.nsILoginMetaInfo);
// Force all dates to be the same so they don't affect things like deduping.
login.timeCreated = login.timePasswordChanged = login.timeLastUsed = dates;
await LoginManager.addLoginAsync(login);
}
}
async function formReadyInFrame(url) {
let processedPromise = promiseFormsProcessed();
iframe.src = url;
return processedPromise;
}
async function formReadyInWindow(url) {
let processedPromise = promiseFormsProcessedInSameProcess();
win.location = url;
return processedPromise;
}
add_task(async function test_login_with_different_subdomain_shouldnt_autofill_wildcard_formActionOrigin() {
await prepareLogins([
new nsLoginInfo(otherOrigin, "", null,
"name2", "pass2", "uname", "pword"),
]);
await formReadyInWindow(origin + MISSING_ACTION_PATH);
await checkWindowLoginForm("", "");
});
add_task(async function test_login_with_different_subdomain_shouldnt_autofill_same_domain_formActionOrigin() {
await prepareLogins([
new nsLoginInfo(otherOrigin, origin, null,
"name2", "pass2", "uname", "pword"),
]);
await formReadyInWindow(origin + MISSING_ACTION_PATH);
await checkWindowLoginForm("", "");
});
add_task(async function test_matching_logins_with_different_subdomain_and_matching_domain_should_autofill() {
await prepareLogins([
new nsLoginInfo(origin, origin, null,
"name2", "pass2", "uname", "pword"),
new nsLoginInfo(oldOrigin, origin, null,
"name2", "pass2", "uname", "pword"),
]);
await formReadyInWindow(origin + MISSING_ACTION_PATH);
await checkWindowLoginForm("name2", "pass2");
});
add_task(async function test_login_with_different_subdomain_shouldnt_autofill_different_subdomain_formActionOrigin() {
await prepareLogins([
new nsLoginInfo(otherOrigin, otherOrigin, null,
"name2", "pass2", "uname", "pword"),
]);
await formReadyInWindow(origin + MISSING_ACTION_PATH);
await checkWindowLoginForm("", "");
});
add_task(async function test_login_with_different_subdomain_shouldnt_autofill_different_domain_formActionOrigin() {
await prepareLogins([
new nsLoginInfo(otherOrigin, "https://example.net", null,
"name2", "pass2", "uname", "pword"),
]);
await formReadyInWindow(origin + MISSING_ACTION_PATH);
await checkWindowLoginForm("", "");
});
add_task(async function test_login_with_same_origin_shouldnt_autofill_cross_origin_iframe() {
await SimpleTest.promiseFocus(window);
async function checkIframeLoginForm(expectedUsername, expectedPassword) {
return SpecialPowers.spawn(getIframeBrowsingContext(window, 0), [expectedUsername, expectedPassword], function(un, pw) {
var u = this.content.document.getElementById("form-basic-username");
var p = this.content.document.getElementById("form-basic-password");
Assert.equal(u.value, un, "Check username value");
Assert.equal(p.value, pw, "Check password value");
});
}
// We need an origin that is supported by the test framework to be able to load the
// cross-origin form into the iframe.
let crossOrigin = "https://test1.example.com";
info(`Top level frame origin: ${origin}. Iframe and login origin: ${crossOrigin}.`);
await prepareLogins([
new nsLoginInfo(crossOrigin, crossOrigin, null,
"name2", "pass2", "uname", "pword"),
]);
await formReadyInFrame(crossOrigin + MISSING_ACTION_PATH);
await checkIframeLoginForm("", "");
});
</script>
</pre>
</body>
</html>
|
