[ tor-browser ].git.dasho

fedcm-identity-create-store-collect.tentative.sub.https.html (18774B)
      1 <!doctype html>
      2 <head>
      3 <title>Test creation of 'identity' credentials</title>
      4 </head>
      5 <script src="/resources/testharness.js"></script>
      6 <script src="/resources/testharnessreport.js"></script>
      7 <script src="/resources/testdriver.js"></script>
      8 <script src="/resources/testdriver-vendor.js"></script>
      9 <script src="../support/lfedcm-helpers.js"></script>
     10 <script type="module">
     11 'use strict';
     12 
     13 import {fedcm_select_account_promise} from '../support/fedcm-helper.sub.js';
     14 
     15 promise_test(async t => {
     16  let initData = {
     17    id : "wpt-pick-me",
     18    token: "token1",
     19  };
     20 
     21  let result1 = await navigator.credentials.create({
     22    identity : initData,
     23  });
     24  assert_not_equals(result1, undefined, "A credential is returned from the CredentialContainer.");
     25  assert_equals(result1.type, "identity", "The credential is an IdentityCredential");
     26  assert_equals(result1.id, "wpt-pick-me", "The identity matches the argument");
     27  assert_equals(result1.token, "token1", "The token matches the argument");
     28 
     29 
     30  let result2 = new IdentityCredential(initData);
     31  assert_not_equals(result2, undefined, "A credential is returned from new.");
     32  assert_equals(result2.type, "identity", "The credential is an IdentityCredential");
     33  assert_equals(result2.id, "wpt-pick-me", "The identity matches the argument");
     34  assert_equals(result2.token, "token1", "The token matches the argument");
     35 }, "Basic valid credential creation");
     36 
     37 
     38 promise_test(async t => {
     39  let initData = {
     40    id_missing : "invalid"
     41  };
     42 
     43 
     44  await assert_throws_js(TypeError, () => new IdentityCredential(initData), "Create with missing id field in identity credential constructor throws TypeError.");
     45  return promise_rejects_js(t, TypeError, navigator.credentials.create({
     46    identity : initData,
     47  }), "Create with missing id field in identity credential creation throws TypeError.");
     48 
     49 }, "Basic invalid credential creation");
     50 
     51 promise_test(async t => {
     52  let initData = {
     53    id : "wpt-pick-me"
     54  };
     55 
     56  let result1 = await navigator.credentials.create({
     57    identity : initData,
     58  });
     59 
     60  let result2 = await navigator.credentials.store(result1);
     61  assert_equals(result2, undefined, "The result of a store should be a promise that resolves to undefined.")
     62 
     63  let result3 = await navigator.credentials.store(result1);
     64  assert_equals(result3, undefined, "The result of a duplicate store should be a promise that resolves to undefined.")
     65 
     66  await clearLightweightCredential(window.origin, "wpt-pick-me");
     67 }, "Basic identity credential store suceeds");
     68 
     69 
     70 promise_test(async t => {
     71  await test_driver.bless();
     72  let promise4 = navigator.credentials.get({identity: {mode: "active", providers: []}});
     73  assert_true(promise4 instanceof Promise, "The return value of get must be a promise.");
     74  let result4 = await promise4;
     75  assert_equals(result4, null, "A credential is not returned from the CredentialContainer when a request with no providers is given");
     76 
     77 }, "Collecting from no providers yields a promise with null resolution");
     78 
     79 
     80 promise_test(async t => {
     81  let initData = {
     82    id : "wpt-pick-me",
     83    token : "token1",
     84  };
     85 
     86  let result1 = await navigator.credentials.create({
     87    identity : initData,
     88  });
     89  await navigator.credentials.store(result1);
     90  await test_driver.bless();
     91  let promise2 = navigator.credentials.get({identity: {mode: "active", providers: [{origin: window.origin}]}});
     92  assert_true(promise2 instanceof Promise, "The return value of get must be a promise.");
     93  let result2 = await promise2;
     94  assert_equals(result2, null, "A credential is not returned from the CredentialContainer when the RP is not on the allowlist.");
     95 
     96  let initDataWithOrigin = {
     97    id : "wpt-pick-me",
     98    token : "token1",
     99    effectiveOrigins : [window.origin],
    100  };
    101 
    102  let credential = await navigator.credentials.create({
    103    identity : initDataWithOrigin,
    104  });
    105  await navigator.credentials.store(credential);
    106 
    107  await test_driver.bless();
    108  let getCredentialPromise = navigator.credentials.get({identity: {mode: "active", providers: [{origin: window.origin}]}});
    109  let credentialGotten = await getCredentialPromise;
    110  fedcm_select_account_promise(t, 0);
    111  assert_not_equals(credentialGotten, undefined, "A credential is returned from the CredentialContainer.");
    112  assert_equals(credentialGotten.type, "identity", "The credential is an IdentityCredential");
    113  assert_equals(credentialGotten.id, "wpt-pick-me", "The identity matches the argument");
    114  assert_equals(credentialGotten.token, "token1", "The token matches the argument");
    115 
    116  await test_driver.bless();
    117  let promise3 = navigator.credentials.get({identity: {mode: "active", providers: []}});
    118  assert_true(promise3 instanceof Promise, "The return value of get must be a promise.");
    119  let result3 = await promise3;
    120  assert_equals(result3, null, "A credential is not returned from the CredentialContainer when no providers are given.");
    121 
    122 
    123  await test_driver.bless();
    124  let promise4 = navigator.credentials.get({identity: {mode: "active", providers: [{origin: "https://{{hosts[alt][]}}:{{ports[https][0]}}"}]}});
    125  assert_true(promise4 instanceof Promise, "The return value of get must be a promise.");
    126  let result4 = await promise4;
    127  assert_equals(result4, null, "A credential is not returned from the CredentialContainer when a provider with no credentials is given.");
    128 
    129  await clearLightweightCredential(window.origin, "wpt-pick-me");
    130 }, "Basic same-origin identity credential collect suceeds");
    131 
    132 promise_test(async t => {
    133 
    134  let initDataWithOrigin = {
    135    id : "wpt-pick-me",
    136    effectiveQueryURL : `https://{{hosts[][]}}:{{ports[https][0]}}/fedcm/support/acao-cors.py`,
    137  };
    138 
    139  let credential = await navigator.credentials.create({
    140    identity : initDataWithOrigin,
    141  });
    142  await navigator.credentials.store(credential);
    143 
    144  await test_driver.bless();
    145  let promise2 = navigator.credentials.get({identity: {mode: "active", providers: [{origin: window.origin}]}});
    146  assert_true(promise2 instanceof Promise, "The return value of get must be a promise.");
    147  let result2 = await promise2;
    148  assert_equals(result2, null, "A credential is not returned from the CredentialContainer when the effectiveQueryURL is not provided.");
    149 
    150 
    151  await test_driver.bless();
    152  let getCredentialPromise = navigator.credentials.get({identity: {mode: "active", providers: [{origin: window.origin, effectiveQueryURL: `https://{{hosts[][]}}:{{ports[https][0]}}/fedcm/support/acao-cors.py`}]}});
    153  assert_true(getCredentialPromise instanceof Promise, "The return value of get must be a promise.");
    154  fedcm_select_account_promise(t, 0);
    155  let credentialGotten = await getCredentialPromise;
    156  assert_not_equals(credentialGotten, undefined, "A credential is returned from the CredentialContainer.");
    157  assert_equals(credentialGotten.type, "identity", "The credential is an IdentityCredential");
    158  assert_equals(credentialGotten.id, "wpt-pick-me", "The identity matches the argument");
    159 
    160  await clearLightweightCredential(window.origin, "wpt-pick-me");
    161 }, "Basic same-origin identity credential collect with effectiveQueryURL suceeds");
    162 
    163 promise_test(async t => {
    164  let initDataWithOrigin = {
    165    id : "wpt-pick-me",
    166    effectiveOrigins : [window.origin],
    167  };
    168 
    169  let credential = await navigator.credentials.create({
    170    identity : initDataWithOrigin,
    171  });
    172  await navigator.credentials.store(credential);
    173 
    174  await test_driver.bless();
    175  let promise2 = navigator.credentials.get({identity: {mode: "active", providers: [{loginURL: "https://{{hosts[][]}}:{{ports[https][0]}}/fedcm/support/lfedcm-identity.provider-create.sub.html"}]}});
    176  assert_true(promise2 instanceof Promise, "The return value of get must be a promise.");
    177  let result2 = await promise2;
    178  fedcm_select_account_promise(t, 0);
    179  assert_not_equals(result2, undefined, "A credential is returned from the CredentialContainer.");
    180  assert_equals(result2.type, "identity", "The credential is an IdentityCredential");
    181  assert_equals(result2.id, "wpt-pick-me", "The identity matches the argument");
    182 
    183  await clearLightweightCredential(window.origin, "wpt-pick-me");
    184 }, "Basic same-origin identity credential collect with origin inferred from loginURL succeeds");
    185 
    186 
    187 promise_test(async t => {
    188  let initDataWithOrigin = {
    189    id : "wpt-pick-me",
    190    effectiveQueryURL : `https://{{hosts[][]}}:{{ports[https][0]}}/fedcm/support/no-cors.py`,
    191  };
    192 
    193  let credential = await navigator.credentials.create({
    194    identity : initDataWithOrigin,
    195  });
    196  await navigator.credentials.store(credential);
    197 
    198  await test_driver.bless();
    199  let promise2 = navigator.credentials.get({identity: {mode: "active", providers: [{origin: window.origin}]}});
    200  assert_true(promise2 instanceof Promise, "The return value of get must be a promise.");
    201  let result2 = await promise2;
    202  assert_equals(result2, null, "A credential is not returned from the CredentialContainer when the effectiveQueryURL is not provided.");
    203 
    204 
    205  await test_driver.bless();
    206  let getCredentialPromise = navigator.credentials.get({identity: {mode: "active", providers: [{origin: window.origin, effectiveQueryURL: `https://{{hosts[][]}}:{{ports[https][0]}}/fedcm/support/no-cors.py`}]}});
    207  let credentialGotten = await getCredentialPromise;
    208  fedcm_select_account_promise(t, 0);
    209  assert_not_equals(credentialGotten, undefined, "A credential is returned from the CredentialContainer.");
    210  assert_equals(credentialGotten.type, "identity", "The credential is an IdentityCredential");
    211  assert_equals(credentialGotten.id, "wpt-pick-me", "The identity matches the argument");
    212 
    213  await clearLightweightCredential(window.origin, "wpt-pick-me");
    214 }, "Basic same-origin identity credential collect with effectiveQueryURL and no ACAO works because CORS is not needed");
    215 
    216 
    217 promise_test(async t => {
    218  let getCredentialPromise, credentialGotten;
    219 
    220  await createLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", {
    221    id: "wpt-pick-me",
    222  });
    223 
    224  await test_driver.bless();
    225  getCredentialPromise = navigator.credentials.get({identity: {mode: "active", providers: [{origin: "https://{{hosts[alt][]}}:{{ports[https][0]}}"}]}});
    226  assert_true(getCredentialPromise instanceof Promise, "The return value of get must be a promise.");
    227  credentialGotten = await getCredentialPromise;
    228  assert_equals(credentialGotten, null, "A optionless credential is not returned from the CredentialContainer.");
    229  await clearLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", "wpt-pick-me");
    230 
    231 }, "Cross-origin identity credential collection is correctly filtered when there is no effective argument");
    232 
    233 
    234 promise_test(async t => {
    235  let getCredentialPromise, credentialGotten;
    236 
    237  await createLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", {
    238    id: "wpt-pick-me",
    239    origin: "https://{{hosts[alt][]}}:{{ports[https][0]}}/",
    240  });
    241  await test_driver.bless();
    242  getCredentialPromise = navigator.credentials.get({identity: {mode: "active", providers: [{origin: "https://{{hosts[alt][]}}:{{ports[https][0]}}"}]}});
    243  assert_true(getCredentialPromise instanceof Promise, "The return value of get must be a promise.");
    244  credentialGotten = await getCredentialPromise;
    245  assert_equals(credentialGotten, null, "An innefective credential is not returned from the CredentialContainer.");
    246  await clearLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", "wpt-pick-me");
    247 
    248 }, "Cross-origin identity credential collection is correctly filtered when the effective origin is not the relying party");
    249 
    250 promise_test(async t => {
    251  let getCredentialPromise, credentialGotten;
    252 
    253  await createLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", {
    254    id: "wpt-pick-me",
    255    origin: "https://{{hosts[][]}}:{{ports[https][0]}}/",
    256  });
    257 
    258  await test_driver.bless();
    259  getCredentialPromise = navigator.credentials.get({identity: {mode: "active", providers: [{origin: "https://{{hosts[alt][]}}:{{ports[https][0]}}"}]}});
    260  assert_true(getCredentialPromise instanceof Promise, "The return value of get must be a promise.");
    261  fedcm_select_account_promise(t, 0);
    262  credentialGotten = await getCredentialPromise;
    263  assert_not_equals(credentialGotten, null, "An effective credential is returned from the CredentialContainer.");
    264  await clearLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", "wpt-pick-me");
    265 
    266 }, "Cross-origin identity credential collection is correctly returned when the effective origin is the relying party");
    267 
    268 promise_test(async t => {
    269  let getCredentialPromise, credentialGotten;
    270 
    271  await createLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", {
    272    id: "wpt-pick-me",
    273    url: "no-cors"
    274  });
    275 
    276  await test_driver.bless();
    277  getCredentialPromise = navigator.credentials.get({identity: {mode: "active", providers: [{origin: "https://{{hosts[alt][]}}:{{ports[https][0]}}"}]}});
    278  assert_true(getCredentialPromise instanceof Promise, "The return value of get must be a promise.");
    279  credentialGotten = await getCredentialPromise;
    280  assert_equals(credentialGotten, null, "An innefective credential is not returned from the CredentialContainer.");
    281  await clearLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", "wpt-pick-me");
    282 
    283 }, "Cross-origin identity credential collection is correctly filtered when the endpoint doesn't have CORS");
    284 
    285 promise_test(async t => {
    286  let getCredentialPromise, credentialGotten;
    287 
    288 
    289  await createLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", {
    290    id: "wpt-pick-me",
    291    url: "cors"
    292  });
    293 
    294  await test_driver.bless();
    295  getCredentialPromise = navigator.credentials.get({identity: {mode: "active", providers: [{origin: "https://{{hosts[alt][]}}:{{ports[https][0]}}", effectiveQueryURL: "https://{{hosts[alt][]}}:{{ports[https][0]}}/fedcm/support/acao-cors.py"}]}});
    296  assert_true(getCredentialPromise instanceof Promise, "The return value of get must be a promise.");
    297  fedcm_select_account_promise(t, 0);
    298  credentialGotten = await getCredentialPromise;
    299  assert_not_equals(credentialGotten, null, "An effective credential is returned from the CredentialContainer.");
    300  await clearLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", "wpt-pick-me");
    301 
    302 }, "Cross-origin identity credential collection is correctly returned when the endpoint returns success");
    303 
    304 
    305 promise_test(async t => {
    306  let getCredentialPromise, credentialGotten;
    307 
    308  await createLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", {
    309    id: "wpt-pick-me",
    310    type: "correct"
    311  });
    312 
    313  await test_driver.bless();
    314  getCredentialPromise = navigator.credentials.get({identity: {mode: "active", providers: [{effectiveType: "correct"}]}});
    315  assert_true(getCredentialPromise instanceof Promise, "The return value of get must be a promise.");
    316  fedcm_select_account_promise(t, 0);
    317  credentialGotten = await getCredentialPromise;
    318  assert_not_equals(credentialGotten, null, "An effective credential is returned from the CredentialContainer.");
    319  await clearLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", "wpt-pick-me");
    320 
    321 }, "Cross-origin identity credential collection is correctly returned when the type matches");
    322 
    323 promise_test(async t => {
    324  let getCredentialPromise, credentialGotten;
    325 
    326  await createLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", {
    327    id: "wpt-pick-me",
    328    type: "correct"
    329  });
    330 
    331  await test_driver.bless();
    332  getCredentialPromise = navigator.credentials.get({identity: {mode: "active", providers: [{effectiveType: "wrong"}]}});
    333  assert_true(getCredentialPromise instanceof Promise, "The return value of get must be a promise.");
    334  fedcm_select_account_promise(t, 0);
    335  credentialGotten = await getCredentialPromise;
    336  assert_equals(credentialGotten, null, "An effective credential is not returned from the CredentialContainer.");
    337  await clearLightweightCredential("https://{{hosts[alt][]}}:{{ports[https][0]}}", "wpt-pick-me");
    338 
    339 }, "Cross-origin identity credential collection is correctly filtered when the type does not match");
    340 
    341 promise_test(async t => {
    342  let initData = {
    343    id : "wpt-pick-me",
    344  };
    345 
    346  let result1 = await navigator.credentials.create({
    347    identity : initData,
    348  });
    349  await navigator.credentials.store(result1);
    350  await test_driver.bless();
    351  let promise2 = navigator.credentials.get({identity: {mode: "active", providers: [{origin: window.origin}]}});
    352  assert_true(promise2 instanceof Promise, "The return value of get must be a promise.");
    353  let result2 = await promise2;
    354  assert_equals(result2, null, "A credential is not returned from the CredentialContainer when the RP is not on the allowlist.");
    355 
    356  let initDataWithOrigin = {
    357    id : "wpt-pick-me",
    358    effectiveOrigins : [window.origin],
    359  };
    360 
    361  let credential = await navigator.credentials.create({
    362    identity : initDataWithOrigin,
    363  });
    364  await navigator.credentials.store(credential);
    365 
    366  // Collect a credential so we can use silent access
    367  await test_driver.bless();
    368  let getCredentialPromise = navigator.credentials.get({identity: {mode: "active", providers: [{origin: window.origin}]}});
    369  let credentialGotten = await getCredentialPromise;
    370  fedcm_select_account_promise(t, 0);
    371  assert_not_equals(credentialGotten, undefined, "A credential is returned from the CredentialContainer.");
    372  assert_equals(credentialGotten.type, "identity", "The credential is an IdentityCredential");
    373  assert_equals(credentialGotten.id, "wpt-pick-me", "The identity matches the argument");
    374 
    375 
    376  // Collect the credential silently.
    377  await test_driver.bless();
    378  let getCredentialPromise2 = navigator.credentials.get({identity: {mode: "active", providers: [{origin: window.origin}]}});
    379  let credentialGotten2 = await getCredentialPromise2;
    380  assert_not_equals(credentialGotten2, undefined, "A credential is returned from the CredentialContainer.");
    381  assert_equals(credentialGotten2.type, "identity", "The credential is an IdentityCredential");
    382  assert_equals(credentialGotten2.id, "wpt-pick-me", "The identity matches the argument");
    383 
    384  await navigator.credentials.preventSilentAccess();
    385 
    386  await test_driver.bless();
    387  let getCredentialPromise3 = navigator.credentials.get({identity: {mode: "active", providers: [{origin: window.origin}]}});
    388  fedcm_select_account_promise(t, 0);
    389  let credentialGotten3 = await getCredentialPromise3;
    390  assert_not_equals(credentialGotten3, undefined, "A credential is returned from the CredentialContainer.");
    391  assert_equals(credentialGotten3.type, "identity", "The credential is an IdentityCredential");
    392  assert_equals(credentialGotten3.id, "wpt-pick-me", "The identity matches the argument");
    393 
    394  await clearLightweightCredential(window.origin, "wpt-pick-me");
    395  await clearLightweightCredential(window.origin, "other");
    396 }, "Credentials can be collected silently, but preventSilentAccess is respected");
    397 
    398 </script>
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE