DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Mercurial (b6d82b1a6b02)

VCS Links

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
<!DOCTYPE html>
<meta charset=utf-8>
<head>
  <title>Test for overriding W3C Web Authentication request</title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <script type="text/javascript" src="u2futil.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>

  <h1>Test for overriding W3C Web Authentication request</h1>
  <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1415675">Mozilla Bug 1415675</a>

  <script class="testbody" type="text/javascript">
    "use strict";

    // Last request status.
    let status = "";

    add_task(() => {
      // Enable USB tokens.
      return SpecialPowers.pushPrefEnv({"set": [
        ["security.webauth.webauthn", true],
        ["security.webauth.webauthn_enable_softtoken", false],
        ["security.webauth.webauthn_enable_android_fido2", false],
        ["security.webauth.webauthn_enable_usbtoken", true],
      ]});
    });

    // Start a new MakeCredential() request.
    async function requestMakeCredential(status_value) {
      let publicKey = {
        rp: {id: document.domain, name: "none", icon: "none"},
        user: {id: new Uint8Array(), name: "none", icon: "none", displayName: "none"},
        challenge: crypto.getRandomValues(new Uint8Array(16)),
        timeout: 5000, // the minimum timeout is actually 15 seconds
        pubKeyCredParams: [{type: "public-key", alg: cose_alg_ECDSA_w_SHA256}],
      };

      // Start the request, handle failures only.
      navigator.credentials.create({publicKey}).catch(() => {
        status = status_value;
      });

      // Wait a tick to let the statemachine start.
      await Promise.resolve();
    }

    // Start a new GetAssertion() request.
    async function requestGetAssertion(status_value) {
      let newCredential = {
        type: "public-key",
        id: crypto.getRandomValues(new Uint8Array(16)),
        transports: ["usb"],
      };

      let publicKey = {
        challenge: crypto.getRandomValues(new Uint8Array(16)),
        timeout: 5000, // the minimum timeout is actually 15 seconds
        rpId: document.domain,
        allowCredentials: [newCredential]
      };

      // Start the request, handle failures only.
      navigator.credentials.get({publicKey}).catch(() => {
        status = status_value;
      });

      // Wait a tick to let the statemachine start.
      await Promise.resolve();
    }

    // Test that .create() and .get() requests override any pending requests.
    add_task(async () => {
      // Request a new credential.
      await requestMakeCredential("aborted1");

      // Request another credential, the new request will abort.
      await requestMakeCredential("aborted2");
      is(status, "aborted2", "second request aborted");

      // Request an assertion, the new request will still abort.
      await requestGetAssertion("aborted3");
      is(status, "aborted3", "third request aborted");

      // Request another assertion, this fourth request will abort.
      await requestGetAssertion("aborted4");
      is(status, "aborted4", "fourth request aborted");

      // Request another credential, the fifth request will still abort. Why
      // do we keep trying? Well, the test originally looked like this, and
      // let's face it, it's kinda funny.
      await requestMakeCredential("aborted5");
      is(status, "aborted5", "fifth request aborted");
    });
  </script>

</body>
</html>