chromium/chrome/browser/payments/service_worker_payment_app_finder_browsertest.cc

// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "components/payments/content/service_worker_payment_app_finder.h"

#include <algorithm>
#include <utility>

#include "base/command_line.h"
#include "base/containers/contains.h"
#include "base/functional/bind.h"
#include "base/run_loop.h"
#include "base/test/scoped_feature_list.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/ui/browser.h"
#include "chrome/browser/ui/tabs/tab_strip_model.h"
#include "chrome/test/base/in_process_browser_test.h"
#include "chrome/test/base/ui_test_utils.h"
#include "chrome/test/payments/payment_app_install_util.h"
#include "components/network_session_configurator/common/network_switches.h"
#include "components/payments/content/payment_manifest_web_data_service.h"
#include "components/payments/core/const_csp_checker.h"
#include "components/payments/core/features.h"
#include "components/payments/core/test_payment_manifest_downloader.h"
#include "components/permissions/permission_request_manager.h"
#include "components/webdata_services/web_data_service_wrapper_factory.h"
#include "content/public/browser/storage_partition.h"
#include "content/public/common/content_features.h"
#include "content/public/common/content_switches.h"
#include "content/public/test/browser_test.h"
#include "net/dns/mock_host_resolver.h"
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/re2/src/re2/re2.h"
#include "ui/gfx/image/image_unittest_util.h"

namespace payments {
namespace {
static const char kDefaultScope[] = …;

void GetAllInstalledPaymentAppsCallback(
    base::OnceClosure done_callback,
    content::InstalledPaymentAppsFinder::PaymentApps* out_apps,
    content::InstalledPaymentAppsFinder::PaymentApps apps) { … }
}  // namespace

// Tests for the service worker payment app finder.
class ServiceWorkerPaymentAppFinderBrowserTest : public InProcessBrowserTest { … };

// A payment app has to be installed first.
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest, NoApps) { … }

// Unknown payment method names are not permitted.
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       UnknownMethod) { … }

// A payment app can use any payment method name from its own origin.
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest, OwnOrigin) { … }

// A payment app from https://alicepay.test cannot use the payment method
// https://bobpay.test/webpay, because https://bobpay.test/payment-method.json
// does not have an entry for "supported_origins".
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       NotSupportedOrigin) { … }

// A payment app from https://alicepay.test can not use the payment method
// https://frankpay.test/webpay, because
// https://frankpay.test/payment-method.json invalid "supported_origins": "*".
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       OriginWildcardNotSupportedInPaymentMethodManifest) { … }

// A payment app from https://alicepay.test can use the payment method
// https://georgepay.test/webpay, because
// https://georgepay.test/payment-method.json explicitly includes
// "https://alicepay.test" as one of the "supported_origins".
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       SupportedOrigin) { … }

// Multiple payment apps from https://alicepay.test can use the payment method
// https://georgepay.test/webpay at the same time, because
// https://georgepay.test/payment-method.json explicitly includes
// "https://alicepay.test" as on of the "supported_origins".
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       TwoAppsSameMethod) { … }

// A Payment app from https://alicepay.test can use only the payment method
// https://georgepay.test/webpay. Because
// https://georgepay.test/payment-method.json explicitly includes
// "https://alicepay.test" as on of the "supported_origins". Also
// https://frankpay.test/payment-method.json does not explicitly authorize any
// payment app.
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       TwoAppsDifferentMethods) { … }

// The payment method https://kylepay.test/webpay does not require explicit
// installation, because the webapp manifest https://kylepay.test/app.json
// includes enough information for just in time installation of the service
// worker https://kylepay.test/app.js with scope https://kylepay.test/webpay.
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       InstallablePaymentApp) { … }

// The payment method https://larrypay.test/webpay is not valid, because it
// redirects to a different site (https://kylepay.test/webpay).
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       InvalidDifferentSiteRedirect) { … }

// The payment method https://charlie.example.test/webpay is not valid, because
// it redirects 4 times (charlie -> david -> frank -> george -> harry).
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       FourRedirectsIsNotValid) { … }

// The payment method https://david.example.test/webpay is valid, because it
// redirects 3 times (david -> frank -> george -> harry).
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       ThreeRedirectsIsValid) { … }

// The payment method https://george.example.test/webpay is valid, because it
// redirects once (george -> harry).
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       OneRedirectIsValid) { … }

// The payment method https://ike.example.test/webpay is not valid, because of
// its cross-origin HTTP Link to
// https://harry.example.test/payment-manifest.json.
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       CrossOriginHttpLinkHeaderIsInvalid) { … }

// The payment method https://john.example.test/webpay is not valid, because of
// its cross-origin default application https://harry.example.test/app.json.
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       CrossOriginDefaultApplicationIsInvalid) { … }

// The payment method https://kyle.example.test/webpay is not valid, because of
// its cross-origin service worker location https://harry.example.test/app.js.
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       CrossOriginServiceWorkerIsInvalid) { … }

// The payment method https://larry.example.test/webpay is not valid, because of
// its cross-origin service worker scope https://harry.example.test/webpay/".
IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderBrowserTest,
                       CrossOriginServiceWorkerScopeIsInvalid) { … }

// Tests that service worker payment apps are able to respond to the icon
// changing in their manifest file.
class ServiceWorkerPaymentAppFinderIconRefreshBrowserTest
    : public ServiceWorkerPaymentAppFinderBrowserTest { … };

IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderIconRefreshBrowserTest,
                       PaymentAppUpdatesWhenIconChanges) { … }

IN_PROC_BROWSER_TEST_F(ServiceWorkerPaymentAppFinderIconRefreshBrowserTest,
                       FailedIconFetchDoesNotOverrideOldIcon) { … }

// The parameterized test fixture that resets the CSP checker after N=GetParam()
// calls to AllowConnectToSource().
class ServiceWorkerPaymentAppFinderCSPCheckerBrowserTest
    : public ServiceWorkerPaymentAppFinderBrowserTest,
      public ConstCSPChecker,
      public testing::WithParamInterface<int> { … };

// A CSP checker reset during the download flow should not cause a crash.
IN_PROC_BROWSER_TEST_P(ServiceWorkerPaymentAppFinderCSPCheckerBrowserTest,
                       CSPCheckerResetDoesNotCrash) { … }

// Variant of CSPCheckerResetDoesNotCrash, but with a payment method manifest
// that has multiple web applications specified (i.e., |default_applications|
// will have multiple entries).
IN_PROC_BROWSER_TEST_P(ServiceWorkerPaymentAppFinderCSPCheckerBrowserTest,
                       CSPCheckerResetDoesNotCrashWithTwoWebAppManifests) { … }

// A range from 0 (inclusive) to 6 (exclusive) will test CSP checker reset:
// 0: Before any CSP lookups.
// 1: After CSP lookup for payment method URL (e.g.,
//    https://kylepay.test/webpay).
// 2: After CSP lookup for payment method manifest (e.g.,
//    https://kylepay.test/payment-method.json).
// 3: After CSP lookup for first web app manifest (e.g.,
//    https://kylepay.test/app.json).
// 4: After CSP lookup for second web app manifest, if it exists (e.g.,
//    https://charliepay.test/prod.json).
// 5: No CSP checker reset at all, tested just in case.
INSTANTIATE_TEST_SUITE_P(…);

}  // namespace payments