tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

authentication-cross-origin.sub.https.html (2591B)

      1 <!DOCTYPE html>
      2 <meta charset="utf-8">
      3 <title>Test for the 'secure-payment-confirmation' payment method authentication - cross origin</title>
      4 <link rel="help" href="https://w3c.github.io/secure-payment-confirmation#client-extension-processing-authentication">
      5 <script src="/resources/testharness.js"></script>
      6 <script src="/resources/testharnessreport.js"></script>
      7 <script src="/resources/testdriver.js"></script>
      8 <script src="/resources/testdriver-vendor.js"></script>
      9 <script src="utils.sub.js"></script>
     10 
     11 <!-- This test requires a non-empty body to workaround https://github.com/web-platform-tests/wpt/issues/34563 -->
     12 <body><div>Non-empty body</div></body>
     13 
     14 <script>
     15 'use strict';
     16 
     17 promise_test(async t => {
     18  // Make sure that we are testing a cross-origin authentication ceremony.
     19  assert_not_equals(window.location.hostname, '{{hosts[alt][]}}',
     20      'This test must not be run on the alt hostname.');
     21 
     22  const authenticator = await window.test_driver.add_virtual_authenticator(
     23      AUTHENTICATOR_OPTS);
     24  t.add_cleanup(() => {
     25    return window.test_driver.remove_virtual_authenticator(authenticator);
     26  });
     27 
     28  await window.test_driver.set_spc_transaction_mode("autoAccept");
     29  t.add_cleanup(() => {
     30    return window.test_driver.set_spc_transaction_mode("none");
     31  });
     32 
     33  // Create a credential for the WPT alt domain.
     34  const credential = await createCredentialForAltDomain();
     35  assert_equals(credential.error, null);
     36 
     37  const challenge = 'server challenge';
     38  const payeeOrigin = 'https://merchant.com';
     39  const displayName = 'Troycard ***1234';
     40  const request = new PaymentRequest([{
     41    supportedMethods: 'secure-payment-confirmation',
     42    data: {
     43      credentialIds: [credential.rawId],
     44      challenge: Uint8Array.from(challenge, c => c.charCodeAt(0)),
     45      payeeOrigin,
     46      rpId: '{{hosts[alt][]}}',
     47      timeout: 60000,
     48      instrument: {
     49        displayName,
     50        icon: ICON_URL,
     51      },
     52    }
     53  }], PAYMENT_DETAILS);
     54 
     55  await test_driver.bless('user activation');
     56  const responsePromise = request.show();
     57 
     58  const response = await responsePromise;
     59  await response.complete('success');
     60 
     61  const cred = response.details;
     62  assert_equals(cred.id, credential.id);
     63 
     64  const clientDataJSON = JSON.parse(arrayBufferToString(cred.response.clientDataJSON));
     65 
     66  // The origin should be ourselves, whilst the RP should be the alt hostname
     67  // (as the owner of the credential).
     68  assert_equals(clientDataJSON.origin, window.location.origin);
     69  assert_equals(clientDataJSON.payment.rpId, '{{hosts[alt][]}}');
     70 }, 'Cross-origin SPC authentication ceremony');
     71 </script>