diff options
Diffstat (limited to 'dom/webauthn/tests/test_webauthn_override_request.html')
-rw-r--r-- | dom/webauthn/tests/test_webauthn_override_request.html | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/dom/webauthn/tests/test_webauthn_override_request.html b/dom/webauthn/tests/test_webauthn_override_request.html new file mode 100644 index 0000000000..e88ea5a95d --- /dev/null +++ b/dom/webauthn/tests/test_webauthn_override_request.html @@ -0,0 +1,96 @@ +<!DOCTYPE html> +<meta charset=utf-8> +<head> + <title>Test for overriding W3C Web Authentication request</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <script type="text/javascript" src="u2futil.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> + + <h1>Test for overriding W3C Web Authentication request</h1> + <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1415675">Mozilla Bug 1415675</a> + + <script class="testbody" type="text/javascript"> + "use strict"; + + // Last request status. + let status = ""; + + add_task(() => { + return SpecialPowers.pushPrefEnv({"set": [ + ["security.webauth.webauthn_enable_softtoken", false], + ["security.webauth.webauthn_enable_usbtoken", true], + ]}); + }); + + // Start a new MakeCredential() request. + async function requestMakeCredential(status_value) { + let publicKey = { + rp: {id: document.domain, name: "none", icon: "none"}, + user: {id: new Uint8Array(), name: "none", icon: "none", displayName: "none"}, + challenge: crypto.getRandomValues(new Uint8Array(16)), + timeout: 5000, // the minimum timeout is actually 15 seconds + pubKeyCredParams: [{type: "public-key", alg: cose_alg_ECDSA_w_SHA256}], + }; + + // Start the request, handle failures only. + navigator.credentials.create({publicKey}).catch(() => { + status = status_value; + }); + + // Wait a tick to let the statemachine start. + await Promise.resolve(); + } + + // Start a new GetAssertion() request. + async function requestGetAssertion(status_value) { + let newCredential = { + type: "public-key", + id: crypto.getRandomValues(new Uint8Array(16)), + transports: ["usb"], + }; + + let publicKey = { + challenge: crypto.getRandomValues(new Uint8Array(16)), + timeout: 5000, // the minimum timeout is actually 15 seconds + rpId: document.domain, + allowCredentials: [newCredential] + }; + + // Start the request, handle failures only. + navigator.credentials.get({publicKey}).catch(() => { + status = status_value; + }); + + // Wait a tick to let the statemachine start. + await Promise.resolve(); + } + + // Test that .create() and .get() requests override any pending requests. + add_task(async function test_override_pending_requests() { + // Request a new credential. + await requestMakeCredential("aborted1"); + + // Request another credential, the new request will abort. + await requestMakeCredential("aborted2"); + is(status, "aborted2", "second request aborted"); + + // Request an assertion, the new request will still abort. + await requestGetAssertion("aborted3"); + is(status, "aborted3", "third request aborted"); + + // Request another assertion, this fourth request will abort. + await requestGetAssertion("aborted4"); + is(status, "aborted4", "fourth request aborted"); + + // Request another credential, the fifth request will still abort. Why + // do we keep trying? Well, the test originally looked like this, and + // let's face it, it's kinda funny. + await requestMakeCredential("aborted5"); + is(status, "aborted5", "fifth request aborted"); + }); + </script> + +</body> +</html> |