DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Mercurial (b6d82b1a6b02)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148
<!DOCTYPE html>
<meta charset=utf-8>
<head>
  <title>Test for aborting W3C Web Authentication request</title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <script type="text/javascript" src="u2futil.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>

  <h1>Test for aborting W3C Web Authentication request</h1>
  <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1415675">Mozilla Bug 1415675</a>

  <script class="testbody" type="text/javascript">
    "use strict";

    function arrivingHereIsBad(aResult) {
      ok(false, "Bad result! Received a: " + aResult);
    }

    function expectAbortError(aResult) {
      is(aResult.code, DOMException.ABORT_ERR, "Expecting an AbortError");
    }

    add_task(() => {
      // Enable USB tokens.
      return SpecialPowers.pushPrefEnv({"set": [
        ["security.webauth.webauthn", true],
        ["security.webauth.webauthn_enable_softtoken", false],
        ["security.webauth.webauthn_enable_usbtoken", true],
        ["security.webauth.webauthn_enable_android_fido2", false],
      ]});
    });

    // Start a new MakeCredential() request.
    function requestMakeCredential(signal) {
      let publicKey = {
        rp: {id: document.domain, name: "none", icon: "none"},
        user: {id: new Uint8Array(), name: "none", icon: "none", displayName: "none"},
        challenge: crypto.getRandomValues(new Uint8Array(16)),
        timeout: 5000, // the minimum timeout is actually 15 seconds
        pubKeyCredParams: [{type: "public-key", alg: cose_alg_ECDSA_w_SHA256}],
      };

      return navigator.credentials.create({publicKey, signal});
    }

    // Start a new GetAssertion() request.
    async function requestGetAssertion(signal) {
      let newCredential = {
        type: "public-key",
        id: crypto.getRandomValues(new Uint8Array(16)),
        transports: ["usb"],
      };

      let publicKey = {
        challenge: crypto.getRandomValues(new Uint8Array(16)),
        timeout: 5000, // the minimum timeout is actually 15 seconds
        rpId: document.domain,
        allowCredentials: [newCredential]
      };

      // Start the request, handle failures only.
      return navigator.credentials.get({publicKey, signal});
    }

    // Create an AbortController and abort immediately.
    add_task(async () => {
      let ctrl = new AbortController();
      ctrl.abort();

      // The event shouldn't fire.
      ctrl.signal.onabort = arrivingHereIsBad;

      // MakeCredential() should abort immediately.
      await requestMakeCredential(ctrl.signal)
        .then(arrivingHereIsBad)
        .catch(expectAbortError);

      // GetAssertion() should abort immediately.
      await requestGetAssertion(ctrl.signal)
        .then(arrivingHereIsBad)
        .catch(expectAbortError);
    });

    // Request a new credential and abort the request.
    add_task(async () => {
      let aborted = false;
      let ctrl = new AbortController();

      ctrl.signal.onabort = () => {
        ok(!aborted, "abort event fired once");
        aborted = true;
      };

      // Request a new credential.
      let request = requestMakeCredential(ctrl.signal)
        .then(arrivingHereIsBad)
        .catch(err => {
          ok(aborted, "abort event was fired");
          expectAbortError(err);
        });

      // Wait a tick for the statemachine to start.
      await Promise.resolve();

      // Abort the request.
      ok(!aborted, "request still pending");
      ctrl.abort();
      ok(aborted, "request aborted");

      // Wait for the request to terminate.
      await request;
    });

    // Request a new assertion and abort the request.
    add_task(async () => {
      let aborted = false;
      let ctrl = new AbortController();

      ctrl.signal.onabort = () => {
        ok(!aborted, "abort event fired once");
        aborted = true;
      };

      // Request a new assertion.
      let request = requestGetAssertion(ctrl.signal)
        .then(arrivingHereIsBad)
        .catch(err => {
          ok(aborted, "abort event was fired");
          expectAbortError(err);
        });

      // Wait a tick for the statemachine to start.
      await Promise.resolve();

      // Abort the request.
      ok(!aborted, "request still pending");
      ctrl.abort();
      ok(aborted, "request aborted");

      // Wait for the request to terminate.
      await request;
    });
  </script>

</body>
</html>