tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

signal-all-accepted-credentials.https.html (4728B)

      1 <!DOCTYPE html>
      2 <meta charset="utf-8">
      3 <title>Signal all accepted credentials tests</title>
      4 <meta name="timeout" content="long">
      5 <script src="/resources/testharness.js"></script>
      6 <script src="/resources/testharnessreport.js"></script>
      7 <script src="/resources/testdriver.js"></script>
      8 <script src="/resources/testdriver-vendor.js"></script>
      9 <script src=helpers.js></script>
     10 
     11 <body></body>
     12 <script>
     13  "use strict";
     14 
     15  const authenticatorOptions = {
     16    protocol: "ctap2_1",
     17    hasResidentKey: true,
     18    isUserVerified: true,
     19    hasUserVerification: true,
     20  };
     21 
     22  const userId = Uint8Array.from([1, 2, 3, 4]);
     23 
     24  function createDiscoverableCredential() {
     25    return createCredential({
     26      options: {
     27        publicKey: {
     28          authenticatorSelection: {
     29            residentKey: "required",
     30          },
     31          user: {
     32            id: userId,
     33            name: "reimu",
     34            displayName: "Reimu Hakurei",
     35          }
     36        },
     37      },
     38    });
     39  }
     40 
     41  virtualAuthenticatorPromiseTest(async t => {
     42    return promise_rejects_dom(t, "SecurityError", PublicKeyCredential.signalAllAcceptedCredentials({
     43      rpId: "umbrella-corporation.example.com",
     44      userId: base64urlEncode(userId),
     45      allAcceptedCredentialIds: [],
     46    }));
     47  }, authenticatorOptions, "signalAllAcceptedCredentials fails with SecurityError for invalid RP IDs");
     48 
     49  virtualAuthenticatorPromiseTest(async t => {
     50    return promise_rejects_js(t, TypeError, PublicKeyCredential.signalAllAcceptedCredentials({
     51      rpId: window.location.hostname,
     52      userId: "Not base 64 url",
     53      allAcceptedCredentialIds: [],
     54    }));
     55  }, authenticatorOptions, "signalAllAcceptedCredentials fails with TypeError for invalid userId base64url");
     56 
     57  virtualAuthenticatorPromiseTest(async t => {
     58    return promise_rejects_js(t, TypeError, PublicKeyCredential.signalAllAcceptedCredentials({
     59      rpId: window.location.hostname,
     60      userId: base64urlEncode(userId),
     61      allAcceptedCredentialIds: ["not base 64 url"],
     62    }));
     63  }, authenticatorOptions, "signalAllAcceptedCredentials fails with TypeError for invalid credential base64url");
     64 
     65  virtualAuthenticatorPromiseTest(async t => {
     66    const credential = await createDiscoverableCredential();
     67    await assertCredential(credential);
     68    PublicKeyCredential.signalAllAcceptedCredentials({
     69      rpId: window.location.hostname,
     70      userId: base64urlEncode([5, 6, 7, 8]),
     71      allAcceptedCredentialIds: [],
     72    });
     73    await assertCredential(credential);
     74  }, authenticatorOptions, "signalAllAcceptedCredentials does not remove a credential for a different user id");
     75 
     76  virtualAuthenticatorPromiseTest(async t => {
     77    const credential = await createDiscoverableCredential();
     78    await assertCredential(credential);
     79    PublicKeyCredential.signalAllAcceptedCredentials({
     80      rpId: window.location.hostname,
     81      userId: base64urlEncode(userId),
     82      allAcceptedCredentialIds: [credential.id],
     83    });
     84    await assertCredential(credential);
     85  }, authenticatorOptions, "signalAllAcceptedCredentials does not remove a credential if present on the list");
     86 
     87  virtualAuthenticatorPromiseTest(async t => {
     88    const credential = await createDiscoverableCredential();
     89    await assertCredential(credential);
     90    PublicKeyCredential.signalAllAcceptedCredentials({
     91      rpId: window.location.hostname,
     92      userId: base64urlEncode(userId),
     93      allAcceptedCredentialIds: [],
     94    });
     95    return promise_rejects_dom(t, "NotAllowedError", assertCredential(credential));
     96  }, authenticatorOptions, "signalAllAcceptedCredentials removes a credential present on the list for the correct user");
     97 
     98  virtualAuthenticatorPromiseTest(async t => {
     99    const credential = await createDiscoverableCredential();
    100    await assertCredential(credential);
    101    PublicKeyCredential.signalAllAcceptedCredentials({
    102      rpId: window.location.hostname,
    103      userId: base64urlEncode(userId),
    104      allAcceptedCredentialIds: [base64urlEncode([1, 2, 3, 4])],
    105    });
    106    return promise_rejects_dom(t, "NotAllowedError", assertCredential(credential));
    107  }, authenticatorOptions, "signalAllAcceptedCredentials with unrecognized credentials removes existing credential");
    108 
    109  virtualAuthenticatorPromiseTest(async t => {
    110    const credential = await createDiscoverableCredential();
    111    await assertCredential(credential);
    112    PublicKeyCredential.signalAllAcceptedCredentials({
    113      rpId: window.location.hostname,
    114      userId: base64urlEncode(userId),
    115      allAcceptedCredentialIds: [credential.id, base64urlEncode([1, 2, 3, 4])],
    116    });
    117    await assertCredential(credential);
    118  }, authenticatorOptions, "signalAllAcceptedCredentials with recognized and unrecognized credentials keeps the existing credential");
    119 </script>