1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>Test autocomplete on an HTTPS page using upgraded HTTP logins</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<script src="/tests/SimpleTest/EventUtils.js"></script>
<script type="text/javascript" src="../../../satchel/test/satchel_common.js"></script>
<script type="text/javascript" src="pwmgr_common.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<p id="display"></p>
<!-- we presumably can't hide the content for this test. -->
<div id="content">
<iframe></iframe>
</div>
<pre id="test">
<script class="testbody" type="text/javascript">
const origin = "http://" + window.location.host;
const secureOrigin = "https://" + window.location.host;
const iframe = document.getElementsByTagName("iframe")[0];
let iframeDoc, hostname;
let uname;
let pword;
// Restore the form to the default state.
function restoreForm() {
return SpecialPowers.spawn(getIframeBrowsingContext(window), [], function() {
this.content.document.getElementById("form-basic-password").focus();
this.content.document.getElementById("form-basic-username").value = "";
this.content.document.getElementById("form-basic-password").value = "";
this.content.document.getElementById("form-basic-username").focus();
});
}
const HTTP_FORM_URL = origin + "/tests/toolkit/components/passwordmgr/test/mochitest/form_basic.html";
add_setup(async () => {
await setStoredLoginsAsync(
// We have two actual HTTPS to avoid autofill before the schemeUpgrades pref flips to true.
[secureOrigin, secureOrigin, null, "name", "pass", "uname", "pword"],
[secureOrigin, secureOrigin, null, "name1", "pass1", "uname", "pword"],
// Same as above but HTTP instead of HTTPS (to test de-duping)
[origin, origin, null, "name1", "pass1", "uname", "pword"],
// Different HTTP login to upgrade with secure formActionOrigin
[origin, secureOrigin, null, "name2", "passHTTPtoHTTPS", "uname", "pword"]
);
});
async function setup(formUrl) {
await SpecialPowers.pushPrefEnv({"set": [["signon.schemeUpgrades", true]]});
let processedPromise = promiseFormsProcessed();
iframe.src = formUrl;
await new Promise(resolve => {
iframe.addEventListener("load", function() {
resolve();
}, {once: true});
});
await processedPromise;
hostname = await SpecialPowers.spawn(getIframeBrowsingContext(window), [], function() {
return this.content.document.documentURIObject.host;
});
}
add_task(async function test_autocomplete_https_downgrade() {
info("test_autocomplete_http, setup with " + HTTP_FORM_URL);
await setup(HTTP_FORM_URL);
LoginManager.getAllLogins().then(logins => {
info("got logins: " + logins.map(l => l.origin));
});
// from a HTTP page, look for matching logins, we should never offer a login with an HTTPS scheme
// we're expecting just login2 as a match
let isCrossOrigin = false;
try {
// If this is a cross-origin test, the parent will be inaccessible. The fields
// should not be filled in.
window.parent.windowGlobalChild;
} catch(ex) {
isCrossOrigin = true;
}
await checkLoginFormInFrame(iframe, "form-basic-username", isCrossOrigin ? "" : "name1",
"form-basic-password", isCrossOrigin ? "" : "pass1");
// Trigger autocomplete popup
await restoreForm();
let popupState = await getPopupState();
is(popupState.open, false, "Check popup is initially closed");
const autocompleteItems = await popupByArrowDown();
info("got results: " + autocompleteItems.join(", "));
popupState = await getPopupState();
is(popupState.selectedIndex, -1, "Check no entries are selected");
checkAutoCompleteResults(autocompleteItems, ["This connection is not secure. Logins entered here could be compromised. Learn More", "name1", "name2"], hostname, "initial");
});
</script>
</pre>
</body>
</html>
|
