credentials-matching.https.html

mozilla-central/testing/web-platform/tests/device-bound-session-credentials/credentials-matching.https.html

Enable keyboard shortcuts

Source code

File a bug in Testing :: web-platform-tests

Revision control

Copy as Markdown

Other Tools

Test Info: Warnings

This test has a WPT meta file that expects 7 subtest issues.
This WPT test may be referenced by the following Test IDs:
- /device-bound-session-credentials/credentials-matching.https.html - WPT Dashboard Interop Dashboard

<!DOCTYPE html>

<meta charset="utf-8">

<title>DBSC credentials matching</title>

<script src="/resources/testharness.js"></script>

<script src="/resources/testharnessreport.js"></script>

<script src="helper.js" type="module"></script>

<script type="module">

  import { expireCookie, documentHasCookie, waitForCookie, addCookieAndSessionCleanup, setupShardedServerState, configureServer, pullServerState} from "./helper.js";

  const futureDate = new Date();

  futureDate.setFullYear(futureDate.getFullYear() + 1);

  async function runTest(t, sessionCookieAttributes, requestCookieAttributes, expectCallRefresh) {

    await setupShardedServerState();

    const expectedCookieAndValue = "auth_cookie=abcdef0123";

    const expectedAttributes = sessionCookieAttributes;

    const expectedCookieAndAttributes = `${expectedCookieAndValue};${expectedAttributes}`;

    addCookieAndSessionCleanup(t);

    // Configure server to set the session credentials and the associated Set-Cookie header.

    configureServer({ cookieDetails: [{ attributes: expectedAttributes }] });

    // Prompt starting a session, and wait until registration completes.

    const loginResponse = await fetch('login.py');

    assert_equals(loginResponse.status, 200);

    await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true);

    // Confirm that a request has the cookie set.

    const authResponse = await fetch('verify_authenticated.py');

    assert_equals(authResponse.status, 200);

    // Delete the cookie, and replace it with a similar cookie with custom attributes.

    expireCookie(expectedCookieAndAttributes);

    assert_false(documentHasCookie(expectedCookieAndValue));

    await fetch('set_cookie.py', {

      method: 'POST',

      body: `${expectedCookieAndValue};${requestCookieAttributes}`,

});

    // Send a request. Then, confirm refresh was or was not sent.

    const authResponseAfterExpiry = await fetch('verify_authenticated.py');

    assert_equals(authResponseAfterExpiry.status, 200);

    assert_true(documentHasCookie(expectedCookieAndValue));

    const serverState = await pullServerState();

    assert_equals(serverState.hasCalledRefresh, expectCallRefresh);

  promise_test(async t => {

    const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;

    const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Expires=${futureDate.toUTCString()}`;

    await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/false);

  }, "Expires attribute in credentials doesn't affect matching");

  promise_test(async t => {

    const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;

    const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Max-Age=86400`;

    await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/false);

  }, "Max-Age attribute in credentials doesn't affect matching");

  promise_test(async t => {

    const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;

    const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;HttpOnly`;

    await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);

  }, "HttpOnly attribute in credentials affects matching");

  promise_test(async t => {

    const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;

    const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;SameSite=Strict`;

    await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);

  }, "SameSite attribute in credentials affects matching");

  promise_test(async t => {

    const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;

    const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Secure`;

    await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);

  }, "Secure attribute in credentials affects matching");

  promise_test(async t => {

    const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;

    const requestCookieAttributes = `Domain=${location.hostname};Path=/`;

    await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);

  }, "Path attribute in credentials affects matching");

  promise_test(async t => {

    const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Secure`;

    const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Partitioned;Secure`;

    await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);

  }, "Partition attribute in credentials affects matching");

</script>