// Copyright 2021 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "content/browser/webid/federated_auth_request_impl.h" #include <memory> #include <optional> #include <string> #include <string_view> #include <utility> #include <vector> #include "base/functional/callback_forward.h" #include "base/memory/raw_ptr.h" #include "base/memory/weak_ptr.h" #include "base/run_loop.h" #include "base/task/sequenced_task_runner.h" #include "base/test/metrics/histogram_tester.h" #include "base/test/scoped_feature_list.h" #include "components/ukm/test_ukm_recorder.h" #include "content/browser/web_contents/web_contents_impl.h" #include "content/browser/webid/fedcm_metrics.h" #include "content/browser/webid/test/delegated_idp_network_request_manager.h" #include "content/browser/webid/test/federated_auth_request_request_token_callback_helper.h" #include "content/browser/webid/test/mock_api_permission_delegate.h" #include "content/browser/webid/test/mock_auto_reauthn_permission_delegate.h" #include "content/browser/webid/test/mock_identity_registry.h" #include "content/browser/webid/test/mock_identity_request_dialog_controller.h" #include "content/browser/webid/test/mock_idp_network_request_manager.h" #include "content/browser/webid/test/mock_permission_delegate.h" #include "content/browser/webid/webid_utils.h" #include "content/common/content_navigation_policy.h" #include "content/public/browser/identity_request_dialog_controller.h" #include "content/public/common/content_features.h" #include "content/public/test/back_forward_cache_util.h" #include "content/test/test_render_frame_host.h" #include "content/test/test_render_view_host.h" #include "content/test/test_web_contents.h" #include "mojo/public/cpp/bindings/remote.h" #include "net/http/http_status_code.h" #include "services/metrics/public/cpp/ukm_builders.h" #include "testing/gtest/include/gtest/gtest.h" #include "ui/base/page_transition_types.h" #include "ui/gfx/image/image_unittest_util.h" #include "url/gurl.h" #include "url/origin.h" FederatedAuthRequestResult; RequestTokenStatus; AccountList; ApiPermissionStatus; AuthRequestCallbackHelper; DismissReason; FedCmEntry; FedCmIdpEntry; FetchStatus; TokenError; ParseStatus; TokenStatus; LoginState; SignInMode; SignInStateMatchStatus; ErrorDialogType; TokenResponseType; ErrorUrlType; _; ElementsAre; Eq; Invoke; NiceMock; Optional; Return; StrictMock; namespace content { namespace { constexpr char kProviderUrlFull[] = …; constexpr char kRpUrl[] = …; constexpr char kRpOtherUrl[] = …; constexpr char kIdpUrl[] = …; constexpr char kAccountsEndpoint[] = …; constexpr char kCrossOriginAccountsEndpoint[] = …; constexpr char kTokenEndpoint[] = …; constexpr char kClientMetadataEndpoint[] = …; constexpr char kMetricsEndpoint[] = …; constexpr char kIdpLoginUrl[] = …; constexpr char kIdpDisconnectUrl[] = …; constexpr char kPrivacyPolicyUrl[] = …; constexpr char kTermsOfServiceUrl[] = …; constexpr char kRpBrandIconUrl[] = …; constexpr char kClientId[] = …; constexpr char kNonce[] = …; constexpr char kAccountEmailNicolas[] = …; constexpr char kAccountEmailPeter[] = …; constexpr char kAccountEmailZach[] = …; constexpr char kAccountId[] = …; constexpr char kAccountIdNicolas[] = …; constexpr char kAccountIdPeter[] = …; constexpr char kAccountIdZach[] = …; constexpr char kAccountPicture[] = …; constexpr char kAccountPicture404[] = …; constexpr int kAccountPictureSize = …; constexpr char kEmail[] = …; constexpr char kDomainHint[] = …; constexpr char kOtherDomainHint[] = …; // Values will be added here as token introspection is implemented. constexpr char kToken[] = …; constexpr char kEmptyToken[] = …; constexpr char kAccountLabelNoMatchMessage[] = …; constexpr char kLoginHintNoMatchMessage[] = …; constexpr char kDomainHintNoMatchMessage[] = …; static const std::vector<IdentityRequestAccount> kSingleAccount{ … }; static const std::vector<IdentityRequestAccount> kSingleAccountWithHint{ … }; static const std::vector<IdentityRequestAccount> kSingleAccountWithDomainHint{ … }; static const std::vector<IdentityRequestAccount> kTwoAccounts{ … }; static const std::vector<IdentityRequestAccount> kMultipleAccounts{ … }; static const std::vector<IdentityRequestAccount> kMultipleAccountsWithHintsAndDomains{ … }; static const std::set<std::string> kWellKnown{ … }; struct IdentityProviderParameters { … }; // Parameters for a call to RequestToken. struct RequestParameters { … }; // Expected return values from a call to RequestToken. // // DO NOT ADD NEW MEMBERS. // Having a lot of members in RequestExpectations encourages bad test design. // Specifically: // - It encourages making the test harness more magic // - It makes each test "test everything", making it really hard to determine // at a later date what the test was actually testing. struct RequestExpectations { … }; // Mock configuration values for test. struct MockClientIdConfiguration { … }; struct MockWellKnown { … }; // Mock information returned from IdpNetworkRequestManager::FetchConfig(). struct MockConfig { … }; struct MockIdpInfo { … }; // Action on accounts dialog taken by TestDialogController. Does not indicate a // test expectation. enum class AccountsDialogAction { … }; // Action on IdP-sign-in-status-mismatch dialog taken by TestDialogController. // Does not indicate a test expectation. enum class IdpSigninStatusMismatchDialogAction { … }; // Action on error dialog taken by TestDialogController. // Does not indicate a test expectation. enum class ErrorDialogAction { … }; // Action on loading dialog taken by TestDialogController. // Does not indicate a test expectation. enum class LoadingDialogAction { … }; struct MockConfiguration { … }; static const MockClientIdConfiguration kDefaultClientMetadata{ … }; static const IdentityProviderParameters kDefaultIdentityProviderRequestOptions{ … }; static const RequestParameters kDefaultRequestParameters{ … }; static const MockIdpInfo kDefaultIdentityProviderInfo{ … }; static const base::flat_map<std::string, MockIdpInfo> kSingleProviderInfo{ … }; constexpr char kProviderTwoUrlFull[] = …; static const MockIdpInfo kProviderTwoInfo{ … }; static const MockConfiguration kConfigurationValid{ … }; static const RequestExpectations kExpectationSuccess{ … }; static const RequestParameters kDefaultMultiIdpRequestParameters{ … }; MockConfiguration kConfigurationMultiIdpValid{ … }; url::Origin OriginFromString(const std::string& url_string) { … } enum class FetchedEndpoint { … }; class TestIdpNetworkRequestManager : public MockIdpNetworkRequestManager { … }; // TestIdpNetworkRequestManager subclass which checks the values of the method // params when executing an endpoint request. class IdpNetworkRequestManagerParamChecker : public TestIdpNetworkRequestManager { … }; class TestDialogController : public NiceMock<MockIdentityRequestDialogController> { … }; class TestApiPermissionDelegate : public MockApiPermissionDelegate { … }; class TestPermissionDelegate : public NiceMock<MockPermissionDelegate> { … }; class TestAutoReauthnPermissionDelegate : public MockAutoReauthnPermissionDelegate { … }; class TestIdentityRegistry : public NiceMock<MockIdentityRegistry> { … }; } // namespace class FederatedAuthRequestImplTest : public RenderViewHostImplTestHarness { … }; // Test successful FedCM request. TEST_F(FederatedAuthRequestImplTest, SuccessfulRequest) { … } // Test successful well-known fetching. TEST_F(FederatedAuthRequestImplTest, WellKnownSuccess) { … } // Test the provider url is not in the well-known. TEST_F(FederatedAuthRequestImplTest, WellKnownNotInList) { … } // Test that the well-known file has too many provider urls. TEST_F(FederatedAuthRequestImplTest, WellKnownHasTooManyProviderUrls) { … } // Test that the well-known enforcement is bypassed. TEST_F(FederatedAuthRequestImplTest, WellKnownEnforcementBypassed) { … } // Test that not having the filename in the well-known fails. TEST_F(FederatedAuthRequestImplTest, WellKnownHasNoFilename) { … } // Test that request fails if config is missing token endpoint. TEST_F(FederatedAuthRequestImplTest, MissingTokenEndpoint) { … } // Test that request fails if config is missing accounts endpoint. TEST_F(FederatedAuthRequestImplTest, MissingAccountsEndpoint) { … } // Test that request does not fail if config is missing an IDP login URL. TEST_F(FederatedAuthRequestImplTest, MissingLoginURL) { … } // Test that client metadata endpoint is not required in config. TEST_F(FederatedAuthRequestImplTest, MissingClientMetadataEndpoint) { … } // Test that request fails if the accounts endpoint is in a different origin // than identity provider. TEST_F(FederatedAuthRequestImplTest, AccountEndpointDifferentOriginIdp) { … } // Test that request fails if IDP login URL is different origin from IDP config // URL. TEST_F(FederatedAuthRequestImplTest, LoginUrlDifferentOriginIdp) { … } // Test that request fails if the idp is not https. TEST_F(FederatedAuthRequestImplTest, ProviderNotTrustworthy) { … } // Test that request fails if accounts endpoint cannot be reached. TEST_F(FederatedAuthRequestImplTest, AccountEndpointCannotBeReached) { … } // Test that request fails if account endpoint response cannot be parsed. TEST_F(FederatedAuthRequestImplTest, AccountsCannotBeParsed) { … } // Test that privacy policy, terms of service or RP brand icon URLs are not // required in client metadata. TEST_F(FederatedAuthRequestImplTest, ClientMetadataNoUrls) { … } // Test that privacy policy URL is not required in client metadata. TEST_F(FederatedAuthRequestImplTest, ClientMetadataNoPrivacyPolicyUrl) { … } // Test that terms of service URL is not required in client metadata. TEST_F(FederatedAuthRequestImplTest, ClientMetadataNoTermsOfServiceUrl) { … } // Test that RP brand icon URL is not required in client metadata. TEST_F(FederatedAuthRequestImplTest, ClientMetadataNoRpBrandIconUrl) { … } // Test that request fails if all of the endpoints in the config are invalid. TEST_F(FederatedAuthRequestImplTest, AllInvalidEndpoints) { … } // Tests for Login State TEST_F(FederatedAuthRequestImplTest, LoginStateShouldBeSignUpForFirstTimeUser) { … } TEST_F(FederatedAuthRequestImplTest, LoginStateShouldBeSignInForReturningUser) { … } TEST_F(FederatedAuthRequestImplTest, LoginStateSuccessfulSignUpGrantsSharingPermission) { … } TEST_F(FederatedAuthRequestImplTest, LoginStateFailedSignUpNotGrantSharingPermission) { … } // Test that auto re-authn permission is not embargoed upon explicit sign-in. TEST_F(FederatedAuthRequestImplTest, ExplicitSigninEmbargo) { … } // Test that auto re-authn permission is embargoed upon successful auto // re-authn. TEST_F(FederatedAuthRequestImplTest, AutoReauthnEmbargo) { … } // Test that auto re-authn with a single account where the account is a // returning user sets the sign-in mode to auto. TEST_F(FederatedAuthRequestImplTest, AutoReauthnForSingleReturningUserSingleAccount) { … } // Test that auto re-authn with multiple accounts and a single returning user // sets the sign-in mode to auto. TEST_F(FederatedAuthRequestImplTest, AutoReauthnForSingleReturningUserMultipleAccounts) { … } // Test that auto re-authn with multiple accounts and multiple returning users // sets the sign-in mode to explicit. TEST_F(FederatedAuthRequestImplTest, AutoReauthnForMultipleReturningUsersMultipleAccounts) { … } // Test that auto re-authn with single non-returning account sets the sign-in // mode to explicit. TEST_F(FederatedAuthRequestImplTest, AutoReauthnForZeroReturningUsers) { … } // Test that auto re-authn with multiple accounts and a single returning user // sets the sign-in mode to kExplicit if `mediation: required` is specified. TEST_F(FederatedAuthRequestImplTest, AutoReauthnForSingleReturningUserWithoutSettingAutoReauthn) { … } // Test that auto re-authn with multiple accounts and a single returning user // sets the sign-in mode to kExplicit if `RequiresUserMediation` is set TEST_F(FederatedAuthRequestImplTest, AutoReauthnForSingleReturningUserWithRequiresUserMediation) { … } // Test that auto re-authn with multiple accounts and a single returning user // sets the sign-in mode to kExplicit if "auto sign-in" is disabled. TEST_F(FederatedAuthRequestImplTest, AutoReauthnForSingleReturningUserWithAutoSigninDisabled) { … } // Test that if browser has not observed sign-in in the past, the sign-in mode // is set to explicit regardless the account's login state. TEST_F(FederatedAuthRequestImplTest, AutoReauthnBrowserNotObservedSigninBefore) { … } // Test that if browser has not observed sign-in in the past, but the IdP has // third-party cookies access, the sign-in mode is set to auto if IdP claims // that the user is returning. TEST_F(FederatedAuthRequestImplTest, AutoReauthnBrowserNotObservedSigninButIdpHasThirdPartyCookiesAccess) { … } // Test that auto re-authn for a first time user sets the sign-in mode to // explicit. TEST_F(FederatedAuthRequestImplTest, AutoReauthnForFirstTimeUser) { … } // Test that auto re-authn where the auto re-authn permission is blocked sets // the sign-in mode to explicit. TEST_F(FederatedAuthRequestImplTest, AutoReauthnWithBlockedAutoReauthnPermissions) { … } // Test that auto re-authn where the auto re-authn cooldown is on sets // the sign-in mode to explicit. TEST_F(FederatedAuthRequestImplTest, AutoReauthnWithCooldown) { … } // Test that no network request is sent if `mediation: silent` is used and user // has not granted sharing permission in the past. TEST_F(FederatedAuthRequestImplTest, AutoReauthnMediationSilentFailWithNoSharingPermission) { … } // Test that no network request is sent if `mediation: silent` is used and auto // re-authn is in cooldown. TEST_F(FederatedAuthRequestImplTest, AutoReauthnMediationSilentFailWithEmbargo) { … } // Test that no network request is sent if `mediation: silent` is used and user // mediation is required, e.g. `preventSilentAccess` has been invoked TEST_F(FederatedAuthRequestImplTest, AutoReauthnMediationSilentFailWithRequiresUserMediation) { … } // Test that no network request is sent if `mediation: silent` is used and user // has disabled "auto sign-in". TEST_F(FederatedAuthRequestImplTest, AutoReauthnMediationSilentFailWithPasswordManagerAutoSigninDisabled) { … } // Test `mediation: silent` could fail silently after fetching accounts TEST_F(FederatedAuthRequestImplTest, AutoReauthnMediationSilentFailWithTwoReturningAccounts) { … } // Test that `mediation: required` sets the sign-in mode to explicit even though // other auto re-authn conditions are met. TEST_F(FederatedAuthRequestImplTest, AutoReauthnMediationRequired) { … } TEST_F(FederatedAuthRequestImplTest, MetricsForSuccessfulSignInCase) { … } // Test that request fails if account picker is explicitly dismissed. TEST_F(FederatedAuthRequestImplTest, MetricsForUIExplicitlyDismissed) { … } // Test that request is not completed if user ignores the UI. TEST_F(FederatedAuthRequestImplTest, UIIsIgnored) { … } TEST_F(FederatedAuthRequestImplTest, MetricsForWebContentsVisible) { … } // Test that request could succeed with auto re-authn even if the web contents // invisible. TEST_F(FederatedAuthRequestImplTest, MetricsForWebContentsInvisible) { … } TEST_F(FederatedAuthRequestImplTest, MetricsForFeatureIsDisabled) { … } TEST_F(FederatedAuthRequestImplTest, MetricsForFeatureIsDisabledNotDoubleCountedWithUnhandledRequest) { … } TEST_F(FederatedAuthRequestImplTest, MetricsForFeatureIsDisabledNotDoubleCountedWithAbortedRequest) { … } // Test that sign-in states match if IDP claims that user is signed in and // browser also observes that user is signed in. TEST_F(FederatedAuthRequestImplTest, MetricsForSignedInOnBothIdpAndBrowser) { … } // Test that sign-in states match if IDP claims that user is not signed in and // browser also observes that user is not signed in. TEST_F(FederatedAuthRequestImplTest, MetricsForNotSignedInOnBothIdpAndBrowser) { … } // Test that sign-in states mismatch if IDP claims that user is signed in but // browser observes that user is not signed in. TEST_F(FederatedAuthRequestImplTest, MetricsForOnlyIdpClaimedSignIn) { … } // Test that sign-in states mismatch if IDP claims that user is not signed in // but browser observes that user is signed in. TEST_F(FederatedAuthRequestImplTest, MetricsForOnlyBrowserObservedSignIn) { … } // Test that embargo is requested if the // IdentityRequestDialogController::ShowAccountsDialog() callback requests it. TEST_F(FederatedAuthRequestImplTest, RequestEmbargo) { … } // Test that the embargo dismiss count is reset when the user grants consent via // the FedCM dialog. TEST_F(FederatedAuthRequestImplTest, RemoveEmbargoOnUserConsent) { … } // Test that token request fails if FEDERATED_IDENTITY_API content setting is // disabled for the RP origin. TEST_F(FederatedAuthRequestImplTest, ApiBlockedForOrigin) { … } // Test that token request succeeds if FEDERATED_IDENTITY_API content setting is // enabled for RP origin but disabled for an unrelated origin. TEST_F(FederatedAuthRequestImplTest, ApiBlockedForUnrelatedOrigin) { … } class FederatedAuthRequestImplTestCancelConsistency : public FederatedAuthRequestImplTest, public ::testing::WithParamInterface<int> { … }; INSTANTIATE_TEST_SUITE_P(…); // Test that the RP cannot use CancelTokenRequest() to determine whether // Option 1: FedCM dialog is shown but user has not interacted with it // Option 2: FedCM API is disabled via variations TEST_P(FederatedAuthRequestImplTestCancelConsistency, AccountNotSelected) { … } namespace { // TestDialogController which disables FedCM API when FedCM account selection // dialog is shown. class DisableApiWhenDialogShownDialogController : public TestDialogController { … }; } // namespace // Test that the request fails if user proceeds with the sign in workflow after // disabling the API while an existing accounts dialog is shown. TEST_F(FederatedAuthRequestImplTest, ApiDisabledAfterAccountsDialogShown) { … } // Test the disclosure_text_shown value in the token post data for sign-up case. TEST_F(FederatedAuthRequestImplTest, DisclosureTextShownForFirstTimeUser) { … } // Test the disclosure_text_shown value in the token post data for returning // user case. TEST_F(FederatedAuthRequestImplTest, DisclosureTextNotShownForReturningUser) { … } // Test that the values in the token post data are escaped according to the // application/x-www-form-urlencoded spec. TEST_F(FederatedAuthRequestImplTest, TokenEndpointPostDataEscaping) { … } // Test that the is_auto_selected value in the token post // data for sign-up case. TEST_F(FederatedAuthRequestImplTest, AutoSelectedFlagForNewUser) { … } // Test that the is_auto_selected value in the token post // data for returning user with `mediation:required`. TEST_F(FederatedAuthRequestImplTest, AutoSelectedFlagForReturningUserWithMediationRequired) { … } // Test that the is_auto_selected value in the token post // data for returning user with `mediation:optional`. TEST_F(FederatedAuthRequestImplTest, AutoSelectedFlagForReturningUserWithMediationOptional) { … } // Test that the is_auto_selected value in the token post // data for the quiet period use case. TEST_F(FederatedAuthRequestImplTest, AutoSelectedFlagIfInQuietPeriod) { … } namespace { // TestIdpNetworkRequestManager subclass which runs the `account_list_task` // passed-in to the constructor prior to the accounts endpoint returning. class IdpNetworkRequestManagerClientMetadataTaskRunner : public TestIdpNetworkRequestManager { … }; void NavigateToUrl(content::WebContents* web_contents, const GURL& url) { … } } // namespace // Test that the account chooser is not shown if the page navigates prior to the // client metadata endpoint request completing and BFCache is enabled. TEST_F(FederatedAuthRequestImplTest, NavigateDuringClientMetadataFetchBFCacheEnabled) { … } // Test that the account chooser is not shown if the page navigates prior to the // accounts endpoint request completing and BFCache is disabled. TEST_F(FederatedAuthRequestImplTest, NavigateDuringClientMetadataFetchBFCacheDisabled) { … } // Test that the accounts are reordered so that accounts with a LoginState equal // to kSignIn are listed before accounts with a LoginState equal to kSignUp. TEST_F(FederatedAuthRequestImplTest, ReorderMultipleAccounts) { … } // Test that first API call with a given IDP is not affected by the // IdpSigninStatus bit. TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusTestFirstTimeFetchSuccess) { … } // Test that first API call with a given IDP will not show a UI in case of // failure during fetching accounts. TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusTestFirstTimeFetchNoFailureUi) { … } // Test that a failure UI will be displayed if the accounts fetch is failed but // the IdpSigninStatus claims that the user is signed in. TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusTestShowFailureUi) { … } // Test that API calls will fail before sending any network request if // IdpSigninStatus shows that the user is not signed in with the IDP. No failure // UI is displayed. TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusTestApiFailedIfUserNotSignedInWithIdp) { … } namespace { // TestIdpNetworkRequestManager which enables specifying the ParseStatus for // config and accounts endpoint fetch. class ParseStatusOverrideIdpNetworkRequestManager : public TestIdpNetworkRequestManager { … }; } // namespace // Test behavior for the following sequence of events: // 1) Failure dialog is shown due to IdP sign-in status mismatch // 2) User signs-in // 3) User selects "Continue" in account chooser dialog. TEST_F(FederatedAuthRequestImplTest, FailureUiThenSuccessfulSignin) { … } // Test behavior for the following sequence of events: // 1) Failure dialog is shown due to IdP sign-in status mismatch // 2) User switches tabs // 3) User signs into IdP in different tab TEST_F(FederatedAuthRequestImplTest, FailureUiThenSuccessfulSigninButHidden) { … } // Test behavior for the following sequence of events: // 1) Failure dialog is shown due to IdP sign-in status mismatch // 2) In a different tab, user signs into different IdP TEST_F(FederatedAuthRequestImplTest, FailureUiSigninFromDifferentIdp) { … } // Test that for the following sequence of events: // 1) Failure dialog is shown due to IdP sign-in status mismatch // 2) IdP sign-in status is updated // 3) Accounts endpoint still returns an empty list // That ShowFailureDialog() is called a 2nd time after the IdP sign-in status // update. TEST_F(FederatedAuthRequestImplTest, FailureUiAccountEndpointKeepsFailing) { … } // Test that for the following sequence of events: // 1) Failure dialog is shown due to IdP sign-in status mismatch // 2) IdP sign-in status is updated // 3) A different endpoint fails during the fetch initiated by the IdP sign-in // status update. // That user is shown IdP-sign-in-failure dialog. TEST_F(FederatedAuthRequestImplTest, FailureUiThenFailDifferentEndpoint) { … } // Test that when IdpSigninStatus API is in the metrics-only mode, that an IDP // signed-out status stays signed-out regardless of what is returned by the // accounts endpoint. TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusMetricsModeStaysSignedout) { … } // Test that when IdpSigninStatus API does not have any state for an IDP, that // the state transitions to sign-in if the accounts endpoint returns a // non-empty list of accounts. TEST_F( FederatedAuthRequestImplTest, IdpSigninStatusMetricsModeUndefinedTransitionsToSignedinWhenHaveAccounts) { … } // Test that when IdpSigninStatus API is in metrics-only mode, that IDP sign-in // status transitions to signed-out if the accounts endpoint returns no // information. TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusMetricsModeTransitionsToSignedoutWhenNoAccounts) { … } // Tests that multiple IDPs provided results in an error if the // `kFedCmMultipleIdentityProviders` flag is disabled. TEST_F(FederatedAuthRequestImplTest, MultiIdpDisabled) { … } TEST_F(FederatedAuthRequestImplTest, AllSuccessfulMultiIdpRequestWithoutIdpReorder) { … } // Test successful multi IDP FedCM request. TEST_F(FederatedAuthRequestImplTest, AllSuccessfulMultiIdpRequestWithIdpReorder) { … } // Test fetching information for the 1st IdP failing, and succeeding for the // second. TEST_F(FederatedAuthRequestImplTest, FirstIdpWellKnownInvalid) { … } // Test fetching information for the 1st IdP succeeding, and failing for the // second. TEST_F(FederatedAuthRequestImplTest, SecondIdpWellKnownInvalid) { … } // Test fetching information for all of the IdPs failing. TEST_F(FederatedAuthRequestImplTest, AllWellKnownsInvalid) { … } // Test multi IDP FedCM request with duplicate IDPs should throw an error. TEST_F(FederatedAuthRequestImplTest, DuplicateIdpMultiIdpRequest) { … } // Test that API can succeed with multiple IdPs, if one IdP is signed out but // the other isn't. TEST_F(FederatedAuthRequestImplTest, MultiIdpWithOneIdpSignedOut) { … } // Test that API shows all accounts if the user logs in to the IDP with the // mismatch UI. TEST_F(FederatedAuthRequestImplTest, MultiIdpLoginToOneIdp) { … } // Test that API can succeed with multiple IdPs, if all IDPs have login status // mismatch. TEST_F(FederatedAuthRequestImplTest, MultiIdpWithAllIdpsMismatch) { … } TEST_F(FederatedAuthRequestImplTest, MultiIdpWithOneIdpMismatch) { … } // Test that API can succeed with multiple IdPs, if silent mediation is used but // only one IdP has a returning account. TEST_F(FederatedAuthRequestImplTest, MultiIdpWithSilentMediationAndReturningAccountInSecondIdp) { … } // Test that API fails with multiple IdPs, if silent mediation is used and two // IdPs have a single returning account. TEST_F(FederatedAuthRequestImplTest, MultiIdpWithSilentMediationAndReturningAccountInTwoIdps) { … } // Test that when there are two IDPs with sharing permissions but the account // fetch fails for one of them, mediation silent can still succeed. TEST_F(FederatedAuthRequestImplTest, MultiIdpWithSilentMediationAndOneIdpFetchFailure) { … } TEST_F(FederatedAuthRequestImplTest, MultiIdpLoggedOut) { … } TEST_F(FederatedAuthRequestImplTest, MultiIdpWithError) { … } TEST_F(FederatedAuthRequestImplTest, TooManyRequests) { … } TEST_F(FederatedAuthRequestImplTest, ButtonModeTooManyRequestsWithNewWidgetFlow) { … } TEST_F(FederatedAuthRequestImplTest, ButtonModeTooManyRequestsWithNewButtonFlow) { … } // TestIdpNetworkRequestManager subclass which records requests to metrics // endpoint. class IdpNetworkRequestMetricsRecorder : public TestIdpNetworkRequestManager { … }; // Test that the metrics endpoint is notified as a result of a successful // multi-IDP FederatedAuthRequestImpl::RequestToken() call. TEST_F(FederatedAuthRequestImplTest, MetricsEndpointMultiIdp) { … } // Test that the metrics endpoint is notified when // FederatedAuthRequestImpl::RequestToken() call fails. TEST_F(FederatedAuthRequestImplTest, MetricsEndpointMultiIdpFail) { … } TEST_F(FederatedAuthRequestImplTest, AccountsSortedWithTimestamps) { … } TEST_F(FederatedAuthRequestImplTest, AccountLabelMultipleAccountsNoMatch) { … } TEST_F(FederatedAuthRequestImplTest, AccountLabelMultipleAccountsOneMatch) { … } TEST_F(FederatedAuthRequestImplTest, LoginHintSingleAccountIdMatch) { … } TEST_F(FederatedAuthRequestImplTest, LoginHintSingleAccountEmailMatch) { … } TEST_F(FederatedAuthRequestImplTest, LoginHintSingleAccountNoMatch) { … } TEST_F(FederatedAuthRequestImplTest, LoginHintFirstAccountMatch) { … } TEST_F(FederatedAuthRequestImplTest, LoginHintLastAccountMatch) { … } TEST_F(FederatedAuthRequestImplTest, LoginHintMultipleAccountsNoMatch) { … } TEST_F(FederatedAuthRequestImplTest, DomainHintSingleAccountMatch) { … } TEST_F(FederatedAuthRequestImplTest, DomainHintSingleAccountStarMatch) { … } TEST_F(FederatedAuthRequestImplTest, DomainHintSingleAccountStarNoMatch) { … } TEST_F(FederatedAuthRequestImplTest, DomainHintSingleAccountNoMatch) { … } TEST_F(FederatedAuthRequestImplTest, DomainHintNoMatch) { … } TEST_F(FederatedAuthRequestImplTest, DomainHintMultipleAccountsSingleMatch) { … } TEST_F(FederatedAuthRequestImplTest, DomainHintMultipleAccountsMultipleMatches) { … } TEST_F(FederatedAuthRequestImplTest, DomainHintMultipleAccountsStar) { … } TEST_F(FederatedAuthRequestImplTest, DomainHintMultipleAccountsNoMatch) { … } TEST_F(FederatedAuthRequestImplTest, PictureFetch) { … } TEST_F(FederatedAuthRequestImplTest, PictureFetchMultipleAccounts) { … } // Test that when FedCmRpContext flag is enabled and rp_context is specified, // the FedCM request succeeds with the specified rp_context. TEST_F(FederatedAuthRequestImplTest, RpContextIsSetToNonDefaultValue) { … } TEST_F(FederatedAuthRequestImplTest, WellKnownInvalidContentType) { … } TEST_F(FederatedAuthRequestImplTest, ConfigInvalidContentType) { … } TEST_F(FederatedAuthRequestImplTest, ClientMetadataInvalidContentType) { … } TEST_F(FederatedAuthRequestImplTest, AccountsInvalidContentType) { … } TEST_F(FederatedAuthRequestImplTest, IdTokenInvalidContentType) { … } // Test that the implementation ignores the fields parameter when AuthZ is // disabled. TEST_F(FederatedAuthRequestImplTest, ScopeGetsIgnoredWhenAuthzIsDisabled) { … } // Test successful AuthZ request that returns tokens without opening // pop-up windows. TEST_F(FederatedAuthRequestImplTest, SuccessfulAuthZRequestNoPopUpWindow) { … } // Test successful AuthZ request that request the opening of pop-up // windows. TEST_F(FederatedAuthRequestImplTest, SuccessfulAuthZRequestWithPopUpWindow) { … } // Test the continuation popup calling close(). TEST_F(FederatedAuthRequestImplTest, ContinuationPopupCallingClose) { … } // Test successful AuthZ request that request the opening of pop-up // windows. TEST_F(FederatedAuthRequestImplTest, FailsLoadingAContinueOnForADifferentOrigin) { … } // Test metrics for a request with parameters. TEST_F(FederatedAuthRequestImplTest, RequestWithParameters) { … } // Test metrics for a request with parameters and scopes. TEST_F(FederatedAuthRequestImplTest, RequestWithParametersAndScopes) { … } // Test successfully signing-in users when they are signed-out on // button flows. TEST_F(FederatedAuthRequestImplTest, SignInWhenSignedOutOnButtonModeWithUserActivation) { … } // Test button flow failure outside of user activation. TEST_F(FederatedAuthRequestImplTest, ButtonFlowRequiresUserActivation) { … } // Test the button flow request fails without delay if IdP config is wrong. TEST_F(FederatedAuthRequestImplTest, ButtonFlowWellKnownNotInList) { … } TEST_F(FederatedAuthRequestImplTest, ButtonFlowWithUnknownLoginStatus) { … } // Test that button flow can skip the mismatch UI. TEST_F(FederatedAuthRequestImplTest, ButtonFlowSkipsMismatchUI) { … } // Test that button flow shows the loading dialog. TEST_F(FederatedAuthRequestImplTest, ButtonFlowShowsLoadingUI) { … } // Test dismissing a button flow through the loading UI. TEST_F(FederatedAuthRequestImplTest, ButtonFlowDismissLoadingUI) { … } TEST_F(FederatedAuthRequestImplTest, CloseModalDialogView) { … } TEST_F(FederatedAuthRequestImplTest, ShouldNotMediateAuthz) { … } TEST_F(FederatedAuthRequestImplTest, ShouldMediateAuthz) { … } TEST_F(FederatedAuthRequestImplTest, ShouldMediateAuthzWithoutFeatureEnabled) { … } class FederatedAuthRequestImplNewTabTest : public FederatedAuthRequestImplTest { … }; TEST_F(FederatedAuthRequestImplNewTabTest, SuccessfulFlow) { … } class UserInfoCallbackHelper { … }; TEST_F(FederatedAuthRequestImplTest, RequestUserInfoFailure) { … } // Tests that when an accounts dialog is shown, the appropriate metrics are // recorded. TEST_F(FederatedAuthRequestImplTest, AccountsDialogShownMetric) { … } // Tests that when a mismatch dialog is shown, the appropriate metrics are // recorded. TEST_F(FederatedAuthRequestImplTest, MismatchDialogShownMetric) { … } // Tests that a mismatch dialog is shown twice. TEST_F(FederatedAuthRequestImplTest, DoubleMismatchDialog) { … } // Tests that when an accounts request is sent, the appropriate metrics are // recorded. TEST_F(FederatedAuthRequestImplTest, AccountsRequestSentMetric) { … } // Tests that when an accounts dialog is aborted, the appropriate duration // metrics are recorded. TEST_F(FederatedAuthRequestImplTest, AbortedAccountsDialogShownDurationMetric) { … } // Tests that when a mismatch dialog is aborted, the appropriate duration // metrics are recorded. TEST_F(FederatedAuthRequestImplTest, AbortedMismatchDialogShownDurationMetric) { … } // Tests that when requests are made to FedCM in succession, the appropriate // metrics are recorded upon destruction. TEST_F(FederatedAuthRequestImplTest, RecordNumRequestsPerDocumentMetric) { … } // Test that an error dialog is shown when the token response is invalid. TEST_F(FederatedAuthRequestImplTest, InvalidResponseErrorDialogShown) { … } // Test that an error dialog is shown when the token response is missing. TEST_F(FederatedAuthRequestImplTest, NoResponseErrorDialogShown) { … } // Test that the error UI has proper url set. TEST_F(FederatedAuthRequestImplTest, ErrorUrlDisplayedWithProperUrl) { … } // Test that permission is embargoed upon closing a mismatch dialog. TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusCloseMismatchEmbargo) { … } // Test that permission is not embargoed upon closing an IDP sign-in flow // pop-up. TEST_F(FederatedAuthRequestImplTest, IdpSigninStatusClosePopupEmbargo) { … } // Test that no registered IdP is added without a registry requested. TEST_F(FederatedAuthRequestImplTest, MaybeAddRegisteredProvidersEmptyList) { … } // Test that no registered IdP with only named providers requested. TEST_F(FederatedAuthRequestImplTest, MaybeAddRegisteredProvidersNamed) { … } // Test that a registered provider is added. TEST_F(FederatedAuthRequestImplTest, MaybeAddRegisteredProvidersAdded) { … } // Test that all registered IdPs are expanded. TEST_F(FederatedAuthRequestImplTest, MaybeAddRegisteredProvidersAllRequestsForRegisteredIdPsAreExpanded) { … } // Test that the registry can add two idps. TEST_F(FederatedAuthRequestImplTest, MaybeAddRegisteredProvidersTwoRegisteredIdPs) { … } // Test that registered idps are inserted inline. TEST_F(FederatedAuthRequestImplTest, MaybeAddRegisteredProvidersInsertedInline) { … } // Test that error dialog type metrics are recorded. TEST_F(FederatedAuthRequestImplTest, ErrorDialogTypeMetrics) { … } // Test that error dialog result metrics are recorded. TEST_F(FederatedAuthRequestImplTest, ErrorDialogResultMetrics) { … } // Test that token response type metrics are recorded. TEST_F(FederatedAuthRequestImplTest, TokenResponseTypeMetrics) { … } // Test that error url type metrics are recorded. TEST_F(FederatedAuthRequestImplTest, ErrorUrlTypeMetrics) { … } // Test that cross-site URL fails the request with the appropriate devtools // issue. TEST_F(FederatedAuthRequestImplTest, CrossSiteErrorDialogDevtoolsIssue) { … } // Test that the account UI is not displayed if FedCM is disabled after accounts // fetch. TEST_F(FederatedAuthRequestImplTest, AccountUiNotDisplayedIfFedCmDisabledAfterAccountsFetch) { … } TEST_F(FederatedAuthRequestImplTest, DomainHintInLoginUrl) { … } TEST_F(FederatedAuthRequestImplTest, LoginHintInLoginUrl) { … } TEST_F(FederatedAuthRequestImplTest, DomainHintAndLoginHintInLoginUrl) { … } TEST_F(FederatedAuthRequestImplTest, DomainHintAndLoginHintInLoginUrlWithQuery) { … } TEST_F(FederatedAuthRequestImplTest, DomainHintAddAccount) { … } // Test that auto re-authn works in button mode. TEST_F(FederatedAuthRequestImplTest, AutoReauthnInButtonMode) { … } // Test that IdP claimed SignUp takes precedence over browser observed SignIn. TEST_F(FederatedAuthRequestImplTest, IdPClaimedSignUpTakesPrecedenceOverBrowserObservedSignIn) { … } // Test that IdP claimed SignIn does not affect browser observed SignUp. TEST_F(FederatedAuthRequestImplTest, IdPClaimedSignInDoesNotAffectBrowserObservedSignUp) { … } // Test that IdP claimed SignIn can affect browser observed SignUp if they have // third-party cookies access. TEST_F(FederatedAuthRequestImplTest, IdPClaimedSignInAffectsBrowserObservedSignUpWith3PCAccess) { … } // Test button flow is exempted if the FedCM is disabled in settings. TEST_F(FederatedAuthRequestImplTest, ButtonFlowNotAffectedBySettings) { … } // Test button flow is exempted if the FedCM is embargoed in the widget flow. TEST_F(FederatedAuthRequestImplTest, ButtonFlowNotAffectedByEmbargo) { … } // Test dismissing UI in button flow does not trigger embargo. TEST_F(FederatedAuthRequestImplTest, ButtonFlowNotAffectEmbargo) { … } // Tests that when background text is passed but no background color, the // background text is ignored. TEST_F(FederatedAuthRequestImplTest, BrandingWithTextColorAndNoBackgroundColor) { … } // Tests that when background text does not contrast enough with the background // color, the text color is ignored. TEST_F(FederatedAuthRequestImplTest, BrandingWithInsufficientContrastTextColor) { … } class FederatedAuthRequestExampleOrgTest : public FederatedAuthRequestImplTest { … }; TEST_F(FederatedAuthRequestExampleOrgTest, WellKnownSameSite) { … } class TestDialogControllerWithImmediateDismiss : public TestDialogController { … }; // Crash test for crbug.com/328945371. TEST_F(FederatedAuthRequestImplTest, ImmediateDismiss) { … } // Tests that dismissing during ShowFailureDialog() does not crash. TEST_F(FederatedAuthRequestImplTest, FailureDialogImmediateDismiss) { … } TEST_F(FederatedAuthRequestImplTest, UseOtherAccountAccountOrder) { … } // Tests that when use a different account is used and multiple accounts are // logged in at once, all the new accounts are part of the new_idp_accounts(). TEST_F(FederatedAuthRequestImplTest, UseOtherAccountMultipleNewAccounts) { … } } // namespace content
Codebase Browser
chromium