[webauthn] Add WPTs for Signal methods

Add WPTs for: * signalUnknownCredential * signalCurrentUserDetails * signalAllAcceptedCredentials Bug: 361751877 Change-Id: Iae31d62c28621aab2d2cd8aac952f842fd67c95e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5850213 Auto-Submit: Nina Satragno <[email protected]> Commit-Queue: Nina Satragno <[email protected]> Reviewed-by: Martin Kreichgauer <[email protected]> Cr-Commit-Position: refs/heads/main@{#1354733}
web-platform-tests · Sep 12, 2024 · aec66cd · aec66cd
1 parent adaaa0f
commit aec66cd
Show file tree

Hide file tree

Showing 4 changed files with 280 additions and 3 deletions.
diff --git a/webauthn/helpers.js b/webauthn/helpers.js
@@ -362,7 +362,8 @@ function extendObject(dst, src) {
 function isSimpleObject(o) {
     return (typeof o === "object" &&
         !Array.isArray(o) &&
-        !(o instanceof ArrayBuffer));
+        !(o instanceof ArrayBuffer) &&
+        !(o instanceof Uint8Array));
 }
 
 function isAbortSignal(o) {
@@ -613,8 +614,9 @@ function virtualAuthenticatorPromiseTest(
     testCb, options = {}, name = 'Virtual Authenticator Test') {
   let authenticatorArgs = Object.assign(defaultAuthenticatorArgs(), options);
   promise_test(async t => {
+    let authenticator;
     try {
-      let authenticator =
+      authenticator =
           await window.test_driver.add_virtual_authenticator(authenticatorArgs);
       t.add_cleanup(
           () => window.test_driver.remove_virtual_authenticator(authenticator));
@@ -623,7 +625,7 @@ function virtualAuthenticatorPromiseTest(
         throw error;
       }
     }
-    return testCb(t);
+    return testCb(t, authenticator);
   }, name);
 }
 

diff --git a/webauthn/signal-all-accepted-credentials.https.html b/webauthn/signal-all-accepted-credentials.https.html
@@ -0,0 +1,119 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Signal all accepted credentials tests</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src=helpers.js></script>
+
+<body></body>
+<script>
+  "use strict";
+
+  const authenticatorOptions = {
+    protocol: "ctap2_1",
+    hasResidentKey: true,
+    isUserVerified: true,
+    hasUserVerification: true,
+  };
+
+  const userId = Uint8Array.from([1, 2, 3, 4]);
+
+  function createDiscoverableCredential() {
+    return createCredential({
+      options: {
+        publicKey: {
+          authenticatorSelection: {
+            residentKey: "required",
+          },
+          user: {
+            id: userId,
+            name: "reimu",
+            displayName: "Reimu Hakurei",
+          }
+        },
+      },
+    });
+  }
+
+  virtualAuthenticatorPromiseTest(async t => {
+    return promise_rejects_dom(t, "SecurityError", PublicKeyCredential.signalAllAcceptedCredentials({
+      rpId: "umbrella-corporation.example.com",
+      userId: base64urlEncode(userId),
+      allAcceptedCredentialIds: [],
+    }));
+  }, authenticatorOptions, "signalAllAcceptedCredentials fails with SecurityError for invalid RP IDs");
+
+  virtualAuthenticatorPromiseTest(async t => {
+    return promise_rejects_js(t, TypeError, PublicKeyCredential.signalAllAcceptedCredentials({
+      rpId: window.location.hostname,
+      userId: "Not base 64 url",
+      allAcceptedCredentialIds: [],
+    }));
+  }, authenticatorOptions, "signalAllAcceptedCredentials fails with TypeError for invalid userId base64url");
+
+  virtualAuthenticatorPromiseTest(async t => {
+    return promise_rejects_js(t, TypeError, PublicKeyCredential.signalAllAcceptedCredentials({
+      rpId: window.location.hostname,
+      userId: base64urlEncode(userId),
+      allAcceptedCredentialIds: ["not base 64 url"],
+    }));
+  }, authenticatorOptions, "signalAllAcceptedCredentials fails with TypeError for invalid credential base64url");
+
+  virtualAuthenticatorPromiseTest(async t => {
+    const credential = await createDiscoverableCredential();
+    await assertCredential(credential);
+    PublicKeyCredential.signalAllAcceptedCredentials({
+      rpId: window.location.hostname,
+      userId: base64urlEncode([5, 6, 7, 8]),
+      allAcceptedCredentialIds: [],
+    });
+    await assertCredential(credential);
+  }, authenticatorOptions, "signalAllAcceptedCredentials does not remove a credential for a different user id");
+
+  virtualAuthenticatorPromiseTest(async t => {
+    const credential = await createDiscoverableCredential();
+    await assertCredential(credential);
+    PublicKeyCredential.signalAllAcceptedCredentials({
+      rpId: window.location.hostname,
+      userId: base64urlEncode(userId),
+      allAcceptedCredentialIds: [credential.id],
+    });
+    await assertCredential(credential);
+  }, authenticatorOptions, "signalAllAcceptedCredentials does not remove a credential if present on the list");
+
+  virtualAuthenticatorPromiseTest(async t => {
+    const credential = await createDiscoverableCredential();
+    await assertCredential(credential);
+    PublicKeyCredential.signalAllAcceptedCredentials({
+      rpId: window.location.hostname,
+      userId: base64urlEncode(userId),
+      allAcceptedCredentialIds: [],
+    });
+    return promise_rejects_dom(t, "NotAllowedError", assertCredential(credential));
+  }, authenticatorOptions, "signalAllAcceptedCredentials removes a credential present on the list for the correct user");
+
+  virtualAuthenticatorPromiseTest(async t => {
+    const credential = await createDiscoverableCredential();
+    await assertCredential(credential);
+    PublicKeyCredential.signalAllAcceptedCredentials({
+      rpId: window.location.hostname,
+      userId: base64urlEncode(userId),
+      allAcceptedCredentialIds: [base64urlEncode([1, 2, 3, 4])],
+    });
+    return promise_rejects_dom(t, "NotAllowedError", assertCredential(credential));
+  }, authenticatorOptions, "signalAllAcceptedCredentials with unrecognized credentials removes existing credential");
+
+  virtualAuthenticatorPromiseTest(async t => {
+    const credential = await createDiscoverableCredential();
+    await assertCredential(credential);
+    PublicKeyCredential.signalAllAcceptedCredentials({
+      rpId: window.location.hostname,
+      userId: base64urlEncode(userId),
+      allAcceptedCredentialIds: [credential.id, base64urlEncode([1, 2, 3, 4])],
+    });
+    await assertCredential(credential);
+  }, authenticatorOptions, "signalAllAcceptedCredentials with recognized and unrecognized credentials keeps the existing credential");
+</script>
diff --git a/webauthn/signal-current-user-details.https.html b/webauthn/signal-current-user-details.https.html
@@ -0,0 +1,82 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Signal current user details tests</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src=helpers.js></script>
+
+<body></body>
+<script>
+  "use strict";
+
+  const authenticatorOptions = {
+    protocol: "ctap2_1",
+    hasResidentKey: true,
+    isUserVerified: true,
+    hasUserVerification: true,
+  };
+
+  const userId = Uint8Array.from([1, 2, 3, 4]);
+
+  function createDiscoverableCredential() {
+    return createCredential({
+      options: {
+        publicKey: {
+          authenticatorSelection: {
+            residentKey: "required",
+          },
+          user: {
+            id: userId,
+            name: "reimu",
+            displayName: "Reimu Hakurei",
+          }
+        },
+      },
+    });
+  }
+
+  virtualAuthenticatorPromiseTest(async t => {
+    return promise_rejects_dom(t, "SecurityError", PublicKeyCredential.signalCurrentUserDetails({
+      rpId: "umbrella-corporation.example.com",
+      userId: base64urlEncode(userId),
+      name: "marisa",
+      displayName: "Marisa Kirisame",
+    }));
+  }, authenticatorOptions, "signalCurrentUserDetails fails with SecurityError for invalid RP IDs");
+
+  virtualAuthenticatorPromiseTest(async t => {
+    return promise_rejects_js(t, TypeError, PublicKeyCredential.signalCurrentUserDetails({
+      rpId: window.location.hostname,
+      userId: "not base 64 url",
+      name: "marisa",
+      displayName: "Marisa Kirisame",
+    }));
+  }, authenticatorOptions, "signalCurrentUserDetails fails with TypeError for invalid userId base64url");
+
+  virtualAuthenticatorPromiseTest(async (t, authenticator) => {
+    await createDiscoverableCredential();
+    PublicKeyCredential.signalCurrentUserDetails({
+      rpId: window.location.hostname,
+      userId: base64urlEncode([5, 6, 7, 8]),
+      name: "marisa",
+      displayName: "Marisa Kirisame",
+    });
+    const credential = (await window.test_driver.get_credentials(authenticator))[0];
+    // TODO(nsatragno): add assertions once https://github.com/w3c/webauthn/issues/2143 is resolved.
+  }, authenticatorOptions, "signalCurrentUserDetails does not update a different user id");
+
+  virtualAuthenticatorPromiseTest(async (t, authenticator) => {
+    await createDiscoverableCredential();
+    PublicKeyCredential.signalCurrentUserDetails({
+      rpId: window.location.hostname,
+      userId: base64urlEncode(userId),
+      name: "marisa",
+      displayName: "Marisa Kirisame",
+    });
+    const credential = (await window.test_driver.get_credentials(authenticator))[0];
+    // TODO(nsatragno): add assertions once https://github.com/w3c/webauthn/issues/2143 is resolved.
+  }, authenticatorOptions, "signalCurrentUserDetails updates a matching user id");
+</script>
diff --git a/webauthn/signal-unknown-credential.https.html b/webauthn/signal-unknown-credential.https.html
@@ -0,0 +1,74 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Signal unknown credential tests</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src=helpers.js></script>
+
+<body></body>
+<script>
+  "use strict";
+
+  const authenticatorOptions = {
+    protocol: "ctap2_1",
+    hasResidentKey: true,
+    isUserVerified: true,
+    hasUserVerification: true,
+  };
+
+  const userId = Uint8Array.from([1, 2, 3, 4]);
+
+  function createDiscoverableCredential() {
+    return createCredential({
+      options: {
+        publicKey: {
+          authenticatorSelection: {
+            residentKey: "required",
+          },
+          user: {
+            id: userId,
+            name: "reimu",
+            displayName: "Reimu Hakurei",
+          }
+        },
+      },
+    });
+  }
+
+  virtualAuthenticatorPromiseTest(async t => {
+    return promise_rejects_dom(t, "SecurityError", PublicKeyCredential.signalUnknownCredential({
+      rpId: "umbrella-corporation.example.com",
+      credentialId: base64urlEncode([1, 2, 3, 4]),
+    }));
+  }, authenticatorOptions, "signalUnknownCredential fails with SecurityError for invalid RP IDs");
+
+  virtualAuthenticatorPromiseTest(async t => {
+    return promise_rejects_js(t, TypeError, PublicKeyCredential.signalUnknownCredential({
+      rpId: window.location.hostname,
+      credentialId: "Not base 64 url",
+    }));
+  }, authenticatorOptions, "signalUnknownCredential fails with TypeError for invalid base64url");
+
+  virtualAuthenticatorPromiseTest(async t => {
+    const credential = await createDiscoverableCredential();
+    await assertCredential(credential);
+    await PublicKeyCredential.signalUnknownCredential({
+      rpId: window.location.hostname,
+      credentialId: base64urlEncode([1, 2, 3, 4]),
+    });
+    await assertCredential(credential);
+  }, authenticatorOptions, "signalUnknownCredential does not remove a credential that does not match the ID");
+
+  virtualAuthenticatorPromiseTest(async t => {
+    const credential = await createDiscoverableCredential();
+    await assertCredential(credential);
+    await PublicKeyCredential.signalUnknownCredential({
+      rpId: window.location.hostname,
+      credentialId: credential.id,
+    });
+    return promise_rejects_dom(t, "NotAllowedError", assertCredential(credential));
+  }, authenticatorOptions, "signalUnknownCredential removes a credential that matches the ID");
+</script>