test_webauthn_authenticator_selection.html

Enable keyboard shortcuts

<!DOCTYPE html>

<meta charset=utf-8>

<head>

  <title>W3C Web Authentication - Authenticator Selection Criteria</title>

  <script src="/tests/SimpleTest/SimpleTest.js"></script>

  <script type="text/javascript" src="u2futil.js"></script>

  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />

</head>

<body>

  <h1>W3C Web Authentication - Authenticator Selection Criteria</h1>

  <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1406462">Mozilla Bug 1406462</a>

  <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1406467">Mozilla Bug 1406467</a>

  <script class="testbody" type="text/javascript">

    "use strict";

    add_task(async () => {

      await addVirtualAuthenticator();

});

    function arrivingHereIsGood(aResult) {

      ok(true, "Good result! Received a: " + aResult);

    function arrivingHereIsBad(aResult) {

      ok(false, "Bad result! Received a: " + aResult);

    function expectNotAllowedError(aResult) {

      ok(aResult.toString().startsWith("NotAllowedError"), "Expecting a NotAllowedError, got " + aResult);

    // We store the credential of the first successful make credential

    // operation so we can use it for get assertion tests later.

    let gCredential;

    // Start a new MakeCredential() request.

    function requestMakeCredential(authenticatorSelection) {

      let publicKey = {

        rp: {id: document.domain, name: "none"},

        user: {id: new Uint8Array(), name: "none", displayName: "none"},

        challenge: crypto.getRandomValues(new Uint8Array(16)),

        timeout: 5000, // the minimum timeout is actually 15 seconds

        pubKeyCredParams: [{type: "public-key", alg: cose_alg_ECDSA_w_SHA256}],

        authenticatorSelection,

};

      return navigator.credentials.create({publicKey});

    // Start a new GetAssertion() request.

    function requestGetAssertion(userVerification) {

      let newCredential = {

        type: "public-key",

        id: gCredential,

        transports: ["usb"],

};

      let publicKey = {

        challenge: crypto.getRandomValues(new Uint8Array(16)),

        timeout: 5000, // the minimum timeout is actually 15 seconds

        rpId: document.domain,

        allowCredentials: [newCredential]

};

      if (userVerification) {

        publicKey.userVerification = userVerification;

      return navigator.credentials.get({publicKey});

    // Test success cases for make credential.

    add_task(async function test_make_credential_successes() {

      // No selection criteria.

      await requestMakeCredential({})

         // Save the credential so we can use it for sign success tests.

        .then(res => gCredential = res.rawId)

        .then(arrivingHereIsGood)

        .catch(arrivingHereIsBad);

      // Request a cross-platform authenticator.

      await requestMakeCredential({authenticatorAttachment: "cross-platform"})

        .then(arrivingHereIsGood)

        .catch(arrivingHereIsBad);

      // Require a resident key.

      await requestMakeCredential({requireResidentKey: true})

        .then(arrivingHereIsGood)

        .catch(arrivingHereIsBad);

      // Don't require a resident key.

      await requestMakeCredential({requireResidentKey: false})

        .then(arrivingHereIsGood)

        .catch(arrivingHereIsBad);

      // Require user verification.

      await requestMakeCredential({userVerification: "required"})

        .then(arrivingHereIsGood)

        .catch(arrivingHereIsBad);

      // Prefer user verification.

      await requestMakeCredential({userVerification: "preferred"})

        .then(arrivingHereIsGood)

        .catch(arrivingHereIsBad);

      // Discourage user verification.

      await requestMakeCredential({userVerification: "discouraged"})

        .then(arrivingHereIsGood)

        .catch(arrivingHereIsBad);

});

    // Test success cases for get assertion.

    add_task(async function test_get_assertion_successes() {

      // No selection criteria.

      await requestGetAssertion()

        .then(arrivingHereIsGood)

        .catch(arrivingHereIsBad);

      // Require user verification.

      await requestGetAssertion("required")

        .then(arrivingHereIsGood)

        .catch(arrivingHereIsBad);

      // Prefer user verification.

      await requestGetAssertion("preferred")

        .then(arrivingHereIsGood)

        .catch(arrivingHereIsBad);

      // Discourage user verification.

      await requestGetAssertion("discouraged")

        .then(arrivingHereIsGood)

        .catch(arrivingHereIsBad);

});

    // Test failure cases for make credential.

    add_task(async function test_make_credential_failures() {

      // Request a platform authenticator.

      await requestMakeCredential({authenticatorAttachment: "platform"})

        .then(arrivingHereIsBad)

        .catch(expectNotAllowedError);

});

    // Test failure cases for get assertion.

    add_task(async function test_get_assertion_failures() {

      // No failures currently tested

});

  </script>

</body>

</html>