// Copyright 2017 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/payments/content/manifest_verifier.h" #include <stdint.h> #include <utility> #include "base/functional/bind.h" #include "base/run_loop.h" #include "base/test/metrics/histogram_tester.h" #include "chrome/browser/profiles/profile.h" #include "chrome/browser/ui/browser.h" #include "chrome/browser/ui/tabs/tab_strip_model.h" #include "chrome/test/base/in_process_browser_test.h" #include "components/payments/content/payment_manifest_web_data_service.h" #include "components/payments/content/utility/payment_manifest_parser.h" #include "components/payments/core/const_csp_checker.h" #include "components/payments/core/test_payment_manifest_downloader.h" #include "components/webdata_services/web_data_service_wrapper_factory.h" #include "content/public/browser/browser_context.h" #include "content/public/browser/storage_partition.h" #include "content/public/test/browser_test.h" #include "net/test/embedded_test_server/embedded_test_server.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/re2/src/re2/re2.h" #include "url/origin.h" namespace payments { namespace { // Tests for the manifest verifier. class ManifestVerifierBrowserTest : public InProcessBrowserTest { … }; // Absence of payment handlers should result in absence of verified payment // handlers. IN_PROC_BROWSER_TEST_F(ManifestVerifierBrowserTest, NoApps) { … } // A payment handler without any payment method names is not valid. IN_PROC_BROWSER_TEST_F(ManifestVerifierBrowserTest, NoMethods) { … } // A payment handler with an unknown non-URL payment method name is not valid. IN_PROC_BROWSER_TEST_F(ManifestVerifierBrowserTest, UnknownPaymentMethodNameIsRemoved) { … } // Verify that a payment handler from https://bobpay.test/webpay can not use the // payment method name https://frankpay.test/webpay, because // https://frankpay.test/payment-manifest.json does not explicitly authorize // any payment app. IN_PROC_BROWSER_TEST_F(ManifestVerifierBrowserTest, BobPayHandlerCanNotUseMethodWithOriginWildcard) { … } // Verify that a payment handler from an unreachable website can not use the // payment method name https://frankpay.test/webpay, because // https://frankpay.test/payment-manifest.json does not explicitly authorize // any payment app. IN_PROC_BROWSER_TEST_F(ManifestVerifierBrowserTest, Handler404CanNotUseMethodWithOriginWildcard) { … } // Verify that a payment handler from anywhere on https://bobpay.test can use // the payment method name from anywhere else on https://bobpay.test, because of // the origin match. IN_PROC_BROWSER_TEST_F(ManifestVerifierBrowserTest, BobPayCanUseAnyMethodOnOwnOrigin) { … } // Verify that a payment handler from anywhere on an unreachable website can use // the payment method name from anywhere else on the same unreachable website, // because they have identical origin. IN_PROC_BROWSER_TEST_F(ManifestVerifierBrowserTest, Handler404CanUseAnyMethodOnOwnOrigin) { … } // Verify that only the payment handler from https://alicepay.test/webpay can // use payment methods https://georgepay.test/webpay and // https://ikepay.test/webpay, because both // https://georgepay.test/payment-manifest.json and // https://ikepay.test/payment-manifest.json contain "supported_origins": // ["https://alicepay.test"]. The payment handler from // https://bobpay.test/webpay cannot use these payment methods, however. IN_PROC_BROWSER_TEST_F(ManifestVerifierBrowserTest, OneSupportedOrigin) { … } // Verify that a payment handler from https://alicepay.test/webpay can use both // same-origin URL payment method name and different-origin URL payment method // name. IN_PROC_BROWSER_TEST_F(ManifestVerifierBrowserTest, ThreeTypesOfMethods) { … } // Verify that a payment handler from https://bobpay.test/webpay cannot use // payment method names that are unreachable websites, the origin of which does // not match that of the payment handler. IN_PROC_BROWSER_TEST_F(ManifestVerifierBrowserTest, SinglePaymentMethodName404) { … } // Verify that a payment handler from https://bobpay.test/webpay cannot use // payment method names that are unreachable websites, the origin of which does // not match that of the payment handler. Since multiple downloads fail, the // error message will describe the first failure. IN_PROC_BROWSER_TEST_F(ManifestVerifierBrowserTest, MultiplePaymentMethodName404) { … } // Non-URL payment method names are not valid. IN_PROC_BROWSER_TEST_F(ManifestVerifierBrowserTest, NonUrlPaymentMethodNamesAreNotValid) { … } } // namespace } // namespace payments
Codebase Browser
chromium