tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

signal-unknown-credential.https.html (2559B)

      1 <!DOCTYPE html>
      2 <meta charset="utf-8">
      3 <title>Signal unknown credential tests</title>
      4 <meta name="timeout" content="long">
      5 <script src="/resources/testharness.js"></script>
      6 <script src="/resources/testharnessreport.js"></script>
      7 <script src="/resources/testdriver.js"></script>
      8 <script src="/resources/testdriver-vendor.js"></script>
      9 <script src=helpers.js></script>
     10 
     11 <body></body>
     12 <script>
     13  "use strict";
     14 
     15  const authenticatorOptions = {
     16    protocol: "ctap2_1",
     17    hasResidentKey: true,
     18    isUserVerified: true,
     19    hasUserVerification: true,
     20  };
     21 
     22  const userId = Uint8Array.from([1, 2, 3, 4]);
     23 
     24  function createDiscoverableCredential() {
     25    return createCredential({
     26      options: {
     27        publicKey: {
     28          authenticatorSelection: {
     29            residentKey: "required",
     30          },
     31          user: {
     32            id: userId,
     33            name: "reimu",
     34            displayName: "Reimu Hakurei",
     35          }
     36        },
     37      },
     38    });
     39  }
     40 
     41  virtualAuthenticatorPromiseTest(async t => {
     42    return promise_rejects_dom(t, "SecurityError", PublicKeyCredential.signalUnknownCredential({
     43      rpId: "umbrella-corporation.example.com",
     44      credentialId: base64urlEncode([1, 2, 3, 4]),
     45    }));
     46  }, authenticatorOptions, "signalUnknownCredential fails with SecurityError for invalid RP IDs");
     47 
     48  virtualAuthenticatorPromiseTest(async t => {
     49    return promise_rejects_js(t, TypeError, PublicKeyCredential.signalUnknownCredential({
     50      rpId: window.location.hostname,
     51      credentialId: "Not base 64 url",
     52    }));
     53  }, authenticatorOptions, "signalUnknownCredential fails with TypeError for invalid base64url");
     54 
     55  virtualAuthenticatorPromiseTest(async t => {
     56    const credential = await createDiscoverableCredential();
     57    await assertCredential(credential);
     58    await PublicKeyCredential.signalUnknownCredential({
     59      rpId: window.location.hostname,
     60      credentialId: base64urlEncode([1, 2, 3, 4]),
     61    });
     62    await assertCredential(credential);
     63  }, authenticatorOptions, "signalUnknownCredential does not remove a credential that does not match the ID");
     64 
     65  virtualAuthenticatorPromiseTest(async t => {
     66    const credential = await createDiscoverableCredential();
     67    await assertCredential(credential);
     68    await PublicKeyCredential.signalUnknownCredential({
     69      rpId: window.location.hostname,
     70      credentialId: credential.id,
     71    });
     72    return promise_rejects_dom(t, "NotAllowedError", assertCredential(credential));
     73  }, authenticatorOptions, "signalUnknownCredential removes a credential that matches the ID");
     74 </script>