chromium/chrome/test/data/webui/gaia_auth_host/saml_username_autofill_test.js

// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

import {maybeAutofillUsername} from 'chrome://chrome-signin/gaia_auth_host/saml_username_autofill.js';
import {appendParam} from 'chrome://resources/js/util.js';
import {assertEquals} from 'chrome://webui-test/chai_assert.js';

const IDP_URL_FOR_TESTS = 'https://login.corp.example.com/example';
const IDP_URL_FOR_TESTS_WITH_PARAMETER =
    'https://login.corp.example.com/example?name=value';
const EMAIL_FOR_TESTS = '[email protected]';

suite('SamlUsernameAutofillSuite', function() {
  // Test success for IdP url without parameters.
  test('SuccessNoParams', () => {
    const urlParameterNameToAutofillUsername = 'login_hint';
    const expectedResult = appendParam(
        IDP_URL_FOR_TESTS, urlParameterNameToAutofillUsername, EMAIL_FOR_TESTS);
    const newUrl = maybeAutofillUsername(
        IDP_URL_FOR_TESTS, urlParameterNameToAutofillUsername, EMAIL_FOR_TESTS);

    assertEquals(newUrl, expectedResult);
  });

  // Test success for IdP url with a parameter.
  test('SuccessWithParam', () => {
    const urlParameterNameToAutofillUsername = 'login_hint';
    const expectedResult = appendParam(
        IDP_URL_FOR_TESTS_WITH_PARAMETER, urlParameterNameToAutofillUsername,
        EMAIL_FOR_TESTS);
    const newUrl = maybeAutofillUsername(
        IDP_URL_FOR_TESTS_WITH_PARAMETER, urlParameterNameToAutofillUsername,
        EMAIL_FOR_TESTS);

    assertEquals(newUrl, expectedResult);
  });

  // Test that we do not add url parameter repeatedly.
  test('UrlAlreadyContainsParameter', () => {
    const urlParameterNameToAutofillUsername = 'login_hint';
    const urlWithAutofillParameter = appendParam(
        IDP_URL_FOR_TESTS, urlParameterNameToAutofillUsername, EMAIL_FOR_TESTS);
    const newUrl = maybeAutofillUsername(
        urlWithAutofillParameter, urlParameterNameToAutofillUsername,
        EMAIL_FOR_TESTS);

    assertEquals(newUrl, null);
  });

  // Test that our protection against repeated parameters isn't triggered if
  // url contains the same substring but not as a parameter.
  test('UrlCollisionWithParameterName', () => {
    const urlParameterNameToAutofillUsername = 'login_hint';
    // Make `login_hint` appear in IdP url, but not as a parameter.
    const IdpUrlCollidingWithParameterName = IDP_URL_FOR_TESTS + '/login_hint';
    const expectedResult = appendParam(
        IdpUrlCollidingWithParameterName, urlParameterNameToAutofillUsername,
        EMAIL_FOR_TESTS);
    const newUrl = maybeAutofillUsername(
        IdpUrlCollidingWithParameterName, urlParameterNameToAutofillUsername,
        EMAIL_FOR_TESTS);

    assertEquals(newUrl, expectedResult);
  });

  // Test that we don't autofill the username when user's email is absent.
  test('NoEmail', () => {
    const newUrl = maybeAutofillUsername(IDP_URL_FOR_TESTS, 'login_hint', '');

    assertEquals(newUrl, null);
  });

  // Test that we don't autofill the username when we don't know the appropriate
  // url parameter.
  test('NoUrlParameter', () => {
    const newUrl =
        maybeAutofillUsername(IDP_URL_FOR_TESTS, '', EMAIL_FOR_TESTS);
    assertEquals(newUrl, null);
  });

  // Test that we don't autofill the username when login page doesn't use https.
  test('HttpLoginPage', () => {
    const httpUrl = 'http://login.corp.example.com/example';
    const newUrl =
        maybeAutofillUsername(httpUrl, 'login_hint', EMAIL_FOR_TESTS);

    assertEquals(newUrl, null);
  });
});