Codebase Browser
chromium
Go to App

chromium/third_party/blink/web_tests/http/tests/credentialmanagement/credentialscontainer-store-basics.html 

<!DOCTYPE html>
<title>Credential Manager: store() basics.</title>
<script src="../resources/testharness.js"></script>
<script src="../resources/testharnessreport.js"></script>
<script type="module">
import {MockCredentialManager} from './resources/mock-navigator-credentials.js';

const mockCredentialManager = new MockCredentialManager;

add_completion_callback(() => {
  mockCredentialManager.reset();
});

function CreatePasswordCredentialWithIconURL(url) {
  return new PasswordCredential({
      id: 'id',
      password: 'pencil',
      name: 'name',
      iconURL: url
  });
}

function CreateFederatedCredentialWithIconURL(url) {
  return new FederatedCredential({
      id: 'id',
      provider: 'https://federation.test/',
      name: 'name',
      iconURL: url
  });
}

promise_test((t) => {
  return promise_rejects_js(t, TypeError, navigator.credentials.store());
}, "navigator.credential.store() with no arguments should reject.");

promise_test((t) => {
  return promise_rejects_js(t, TypeError,
      navigator.credentials.store("string, not a credential"));
}, "navigator.credential.store([string]) should reject.");

promise_test(() => {
  let local = CreatePasswordCredentialWithIconURL("https://foo/icon.png");
  return navigator.credentials.store(local);
}, "navigator.credential.store([PasswordCredential]) should succeed.");

promise_test(() => {
  let federated = CreateFederatedCredentialWithIconURL("https://foo/icon.png");
  return navigator.credentials.store(federated);
}, "navigator.credentials.store([FederatedCredential]) should succeed.");

const A_PRIORI_AUTHENTICATED_URLS = [
  'https://foo/icon.png',
  'wss://foo/icon.png',
  'file:///etc/shadow',
  'data:image/png;base64,',
  'about:blank',
  'about:srcdoc',
  'http://127.0.0.123/icon.png',
  'http://[::1]/icon.png',
  'filesystem:https://foo/icon.png',
  'filesystem:file:///etc/shadow',
  'blob:https://foo/blob-id',
  'blob:file:///blob-id',
];

const NON_A_PRIORI_AUTHENTICATED_URLS = [
  'http://foo:443/icon.png',
  'javascript:alert()',
  'ws://foo/icon.png',
  'ftp://foo/icon.png',
  'gopher://foo/icon.png',
  'http://128.0.0.0/icon.png',
  'http://[::2]/icon.png',
  'http:///icon.png',
  'filesystem:http://foo/icon.png',
  'blob:http://foo/blob-id',
  'blob:null/blob-id',
];

for (let url of A_PRIORI_AUTHENTICATED_URLS) {
  promise_test(() => {
    let local = CreatePasswordCredentialWithIconURL(url);
    return navigator.credentials.store(local);
  }, "navigator.credential.store([PasswordCredential]) with |iconURL| " + url + " should succeed.");

  promise_test(() => {
    let federated = CreateFederatedCredentialWithIconURL(url);
    return navigator.credentials.store(federated);
  }, "navigator.credentials.store([FederatedCredential]) with |iconURL| " + url + " should succeed.");
}

for (let url of NON_A_PRIORI_AUTHENTICATED_URLS) {
  promise_test((t) => {
    let local = CreatePasswordCredentialWithIconURL(url);
    return promise_rejects_dom(t, "SecurityError",
        navigator.credentials.store(local));
  }, "navigator.credentials.store([PasswordCredential]) with insecure |iconURL| " + url + " should reject.");

  promise_test((t) => {
    let federated = CreateFederatedCredentialWithIconURL(url);
    return promise_rejects_dom(t, "SecurityError",
        navigator.credentials.store(federated));
  }, "navigator.credentials.store([FederatedCredential]) with insecure |iconURL| " + url + " should reject.");
}
</script>