tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

set-early-challenge.https.html (4507B)

      1 <!DOCTYPE html>
      2 <meta charset="utf-8">
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 <script src="helper.js" type="module"></script>
      6 
      7 <script type="module">
      8  import { expireCookie, waitForCookie, addCookieAndSessionCleanup, configureServer, setupShardedServerState } from "./helper.js";
      9 
     10  promise_test(async t => {
     11    await setupShardedServerState();
     12    const expectedCookieAndValue = "auth_cookie=abcdef0123";
     13    const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`;
     14    const earlyChallengeString = "early_challenge";
     15    addCookieAndSessionCleanup(t);
     16 
     17    // Configure server for sending back a challenge early on refresh.
     18    await configureServer({ earlyChallengeForNextRegisteredSession: earlyChallengeString });
     19 
     20    // Prompt starting a session, and wait until registration completes.
     21    const loginResponse = await fetch('login.py');
     22    assert_equals(loginResponse.status, 200);
     23    await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true);
     24 
     25    // Set up a challenge in advance.
     26    const challengeResponse = await fetch('request_early_challenge.py', {
     27      method: 'POST',
     28      body: JSON.stringify({ useSingleHeader: true })
     29    });
     30    assert_equals(challengeResponse.status, 200);
     31 
     32    // Trigger a refresh. The server will confirm the early challenge matches.
     33    expireCookie(expectedCookieAndAttributes);
     34    const authResponse = await fetch('verify_authenticated.py');
     35    assert_equals(authResponse.status, 200);
     36  }, "A challenge can be set ahead of time");
     37 
     38  async function runMultipleChallengesTest(t, useSingleHeader) {
     39    await setupShardedServerState();
     40    const expectedCookieAndValue1 = "auth_cookie=abcdef0123";
     41    const expectedCookieAndAttributes1 = `${expectedCookieAndValue1};Domain=${location.hostname};Path=/device-bound-session-credentials`;
     42    const earlyChallenge1 = "early_challenge1";
     43    const expectedCookieAndValue2 = "other_cookie=ghijkl4567";
     44    const expectedCookieAndAttributes2 = `${expectedCookieAndValue2};Domain=${location.hostname};Path=/device-bound-session-credentials`;
     45    const earlyChallenge2 = "early_challenge2";
     46    addCookieAndSessionCleanup(t);
     47 
     48    // Configure server for sending back a challenge early. Also configure the session's cookie
     49    // for test clarity (not strictly needed).
     50    await configureServer({
     51      earlyChallengeForNextRegisteredSession: earlyChallenge1,
     52      cookieDetailsForNextRegisteredSessions: [[{ nameAndValue: expectedCookieAndValue1 }]]
     53    });
     54 
     55    // Prompt starting one session, and wait until registration completes.
     56    const loginResponse1 = await fetch('login.py');
     57    assert_equals(loginResponse1.status, 200);
     58    await waitForCookie(expectedCookieAndValue1, /*expectCookie=*/true);
     59 
     60    // Configure server for sending back a challenge early, and configure the second session's
     61    // cookie.
     62    await configureServer({
     63      earlyChallengeForNextRegisteredSession: earlyChallenge2,
     64      cookieDetailsForNextRegisteredSessions: [[{ nameAndValue: expectedCookieAndValue2 }]]
     65    });
     66 
     67    // Prompt starting second session, and wait until registration completes.
     68    const loginResponse2 = await fetch('login.py');
     69    assert_equals(loginResponse2.status, 200);
     70    await waitForCookie(expectedCookieAndValue2, /*expectCookie=*/true);
     71 
     72    // Set up a challenge in advance.
     73    const challengeResponse = await fetch('request_early_challenge.py', {
     74      method: 'POST',
     75      body: JSON.stringify({ useSingleHeader })
     76    });
     77    assert_equals(challengeResponse.status, 200);
     78 
     79    // Trigger a refresh. The server will confirm the early challenge matches.
     80    expireCookie(expectedCookieAndAttributes1);
     81    const authResponse1 = await fetch('verify_authenticated.py');
     82    assert_equals(authResponse1.status, 200);
     83 
     84    expireCookie(expectedCookieAndAttributes2);
     85    const alternateAuthResponse = await fetch('verify_authenticated.py', {
     86      method: 'POST',
     87      body: expectedCookieAndValue2
     88    });
     89    assert_equals(alternateAuthResponse.status, 200);
     90  }
     91 
     92  promise_test(async t => {
     93    await runMultipleChallengesTest(t, /*useSingleHeader=*/true);
     94  }, "A challenge can be set for multiple sessions ahead of time (single header)");
     95 
     96  promise_test(async t => {
     97    await runMultipleChallengesTest(t, /*useSingleHeader=*/false);
     98  }, "A challenge can be set for multiple sessions ahead of time (multiple headers)");
     99 </script>