Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test gets skipped with pattern: xorigin OR win10_2009 OR win11_2009 OR os == 'android'
- Manifest: dom/webauthn/tests/mochitest.toml
<!DOCTYPE html>
<meta charset=utf-8>
<head>
<title>Test for W3C Web Authentication with no token</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<script type="text/javascript" src="u2futil.js"></script>
<script type="text/javascript" src="pkijs/common.js"></script>
<script type="text/javascript" src="pkijs/asn1.js"></script>
<script type="text/javascript" src="pkijs/x509_schema.js"></script>
<script type="text/javascript" src="pkijs/x509_simpl.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<h1>Test for W3C Web Authentication with no token</h1>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1309284">Mozilla Bug 1309284</a>
<script class="testbody" type="text/javascript">
"use strict";
is(navigator.authentication, undefined, "navigator.authentication does not exist any longer");
isnot(navigator.credentials, undefined, "Credential Management API endpoint must exist");
isnot(navigator.credentials.create, undefined, "CredentialManagement create API endpoint must exist");
isnot(navigator.credentials.get, undefined, "CredentialManagement get API endpoint must exist");
let credm;
let credentialChallenge;
let assertionChallenge;
let credentialId;
// Setup test env
add_task(async () => {
credentialChallenge = new Uint8Array(16);
window.crypto.getRandomValues(credentialChallenge);
assertionChallenge = new Uint8Array(16);
window.crypto.getRandomValues(assertionChallenge);
credentialId = new Uint8Array(128);
window.crypto.getRandomValues(credentialId);
credm = navigator.credentials;
// Turn off all tokens. This should result in "not allowed" failures
await SpecialPowers.pushPrefEnv({"set": [
["security.webauth.webauthn_enable_softtoken", false],
["security.webauth.webauthn_enable_usbtoken", false],
]});
});
add_task(async function test_no_token_make_credential() {
let rp = {id: document.domain, name: "none"};
let user = {id: new Uint8Array(), name: "none", displayName: "none"};
let param = {type: "public-key", alg: cose_alg_ECDSA_w_SHA256};
let makeCredentialOptions = {
rp, user, challenge: credentialChallenge, pubKeyCredParams: [param]
};
return credm.create({publicKey: makeCredentialOptions})
.then(function(aResult) {
ok(false, "Should have failed.");
})
.catch(function(aReason) {
ok(aReason.toString().startsWith("NotAllowedError"), aReason);
});
});
add_task(async function test_no_token_get_assertion() {
let newCredential = {
type: "public-key",
id: credentialId,
transports: ["usb"],
}
let publicKeyCredentialRequestOptions = {
challenge: assertionChallenge,
timeout: 5000, // the minimum timeout is actually 15 seconds
rpId: document.domain,
allowCredentials: [newCredential]
};
return credm.get({publicKey: publicKeyCredentialRequestOptions})
.then(function(aResult) {
ok(false, "Should have failed.");
})
.catch(function(aReason) {
ok(aReason.toString().startsWith("NotAllowedError"), aReason);
})
});
</script>
</body>
</html>