diff options
Diffstat (limited to 'toolkit/components/passwordmgr/test/unit/test_legacy_validation.js')
| -rw-r--r-- | toolkit/components/passwordmgr/test/unit/test_legacy_validation.js | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/toolkit/components/passwordmgr/test/unit/test_legacy_validation.js b/toolkit/components/passwordmgr/test/unit/test_legacy_validation.js new file mode 100644 index 0000000000..7fb6c9807d --- /dev/null +++ b/toolkit/components/passwordmgr/test/unit/test_legacy_validation.js @@ -0,0 +1,94 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Tests the legacy validation made when storing nsILoginInfo or disabled hosts. + * + * These rules exist because of limitations of the "signons.txt" storage file, + * that is not used anymore. They are still enforced by the Login Manager + * service, despite these values can now be safely stored in the back-end. + */ + +"use strict"; + +// Tests + +/** + * Tests legacy validation with addLogin. + */ +add_task(async function test_addLogin_invalid_characters_legacy() { + // Test newlines and carriage returns in properties that contain URLs. + for (let testValue of [ + "http://newline\n.example.com", + "http://carriagereturn.example.com\r", + ]) { + let loginInfo = TestData.formLogin({ origin: testValue }); + await Assert.rejects( + Services.logins.addLoginAsync(loginInfo), + /login values can't contain newlines/ + ); + + loginInfo = TestData.formLogin({ formActionOrigin: testValue }); + await Assert.rejects( + Services.logins.addLoginAsync(loginInfo), + /login values can't contain newlines/ + ); + + loginInfo = TestData.authLogin({ httpRealm: testValue }); + await Assert.rejects( + Services.logins.addLoginAsync(loginInfo), + /login values can't contain newlines/ + ); + } + + // Test newlines and carriage returns in form field names. + for (let testValue of ["newline_field\n", "carriagereturn\r_field"]) { + let loginInfo = TestData.formLogin({ usernameField: testValue }); + await Assert.rejects( + Services.logins.addLoginAsync(loginInfo), + /login values can't contain newlines/ + ); + + loginInfo = TestData.formLogin({ passwordField: testValue }); + await Assert.rejects( + Services.logins.addLoginAsync(loginInfo), + /login values can't contain newlines/ + ); + } + + // Test a single dot as the value of usernameField and formActionOrigin. + let loginInfo = TestData.formLogin({ usernameField: "." }); + await Assert.rejects( + Services.logins.addLoginAsync(loginInfo), + /login values can't be periods/ + ); + + loginInfo = TestData.formLogin({ formActionOrigin: "." }); + await Assert.rejects( + Services.logins.addLoginAsync(loginInfo), + /login values can't be periods/ + ); + + // Test the sequence " (" inside the value of the "origin" property. + loginInfo = TestData.formLogin({ origin: "http://parens (.example.com" }); + await Assert.rejects( + Services.logins.addLoginAsync(loginInfo), + /bad parens in origin/ + ); +}); + +/** + * Tests legacy validation with setLoginSavingEnabled. + */ +add_task(function test_setLoginSavingEnabled_invalid_characters_legacy() { + for (let origin of [ + "http://newline\n.example.com", + "http://carriagereturn.example.com\r", + ".", + ]) { + Assert.throws( + () => Services.logins.setLoginSavingEnabled(origin, false), + /Invalid origin/ + ); + } +}); |