[webauthn] Move same-origin frame web tests to WPT

Move same-origin frame web tests from internal to WPT for make credential and get assertion. Bug: 372169469, 40178678 Change-Id: I1a56a949f490eb46a588002239045d10f0430e70 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5921497 Commit-Queue: Nina Satragno <nsatragno@chromium.org> Reviewed-by: Ken Buchanan <kenrb@chromium.org> Cr-Commit-Position: refs/heads/main@{#1366400}
web-platform-tests · Oct 9, 2024 · 55c2001 · 55c2001
1 parent c8bf072
commit 55c2001
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 4 deletions.
diff --git a/webauthn/createcredential-nested-frame.https.html b/webauthn/createcredential-nested-frame.https.html
@@ -64,6 +64,18 @@
       const { data } = await eventWatcher.wait_for("message");
       assert_equals(data, "OK");
     }, "navigator.credentials.create({publicKey}) in about:blank embedded in a secure context should succeed.");
+
+    promise_test(async t => {
+      let frame = document.createElement("iframe");
+      const eventWatcher = new EventWatcher(t, window, "message");
+      frame.src = "resources/webauthn-subframe.sub.html";
+      document.body.append(frame);
+      assert_equals((await eventWatcher.wait_for("message")).data.type, "subframe-loaded");
+
+      frame.contentWindow.postMessage({ type: "create-credential", addUserActivation: false });
+      const { data } = await eventWatcher.wait_for("message");
+      assert_equals(data.result, "success", "Error: " + data.error);
+    }, "navigator.credentials.create({publicKey}) in a same-origin frame should succeed without requiring user activation.");
   }, {
     protocol: "ctap2_1",
     hasUserVerification: true,

diff --git a/webauthn/getcredential-nested-frame.https.html b/webauthn/getcredential-nested-frame.https.html
@@ -84,6 +84,18 @@
       assert_equals(data, "OK");
     }, "navigator.credentials.get({publicKey}) in about:blank embedded in a secure context should succeed.");
 
+    promise_test(async t => {
+      let frame = document.createElement("iframe");
+      const eventWatcher = new EventWatcher(t, window, "message");
+      frame.src = "resources/webauthn-subframe.sub.html";
+      document.body.append(frame);
+      assert_equals((await eventWatcher.wait_for("message")).data.type, "subframe-loaded");
+
+      frame.contentWindow.postMessage({ type: "get-credential", addUserActivation: false });
+      const { data } = await eventWatcher.wait_for("message");
+      assert_equals(data.result, "success", "Error: " + data.error);
+    }, "navigator.credentials.get({publicKey}) in a same-origin frame should succeed without requiring user activation.");
+
   }, {
     protocol: "ctap2_1",
   });

diff --git a/webauthn/resources/webauthn-subframe.sub.html b/webauthn/resources/webauthn-subframe.sub.html
@@ -9,14 +9,13 @@
     "use strict";
 
     function reportResult(outcome, errorObj) {
-        window.top.postMessage({"type": "result", "result": outcome, "error": errorObj}, "*");
+        window.top.postMessage({ "type": "result", "result": outcome, "error": errorObj }, "*");
     }
 
     async function createCredentialAndReportResult(addUserActivation) {
         if (addUserActivation) {
             await test_driver.bless("create credential");
         }
-
         try {
             await createCredential();
             reportResult("success");
@@ -25,14 +24,39 @@
         }
     }
 
+    async function getCredentialAndReportResult(addUserActivation) {
+        if (addUserActivation) {
+            await test_driver.bless("create credential");
+        }
+        try {
+            await navigator.credentials.get({
+                publicKey: {
+                    challenge: new Uint8Array(),
+                    allowCredentials: [{
+                        id: (await createCredential()).rawId,
+                        type: "public-key",
+                        userVerification: "discouraged",
+                    }],
+                }
+            });
+            reportResult("success");
+        } catch (e) {
+            reportResult("failure", e);
+        }
+    }
+
     window.addEventListener("message", e => {
         if (e.data.type == "create-credential") {
             createCredentialAndReportResult(e.data.addUserActivation);
             return;
         }
+        if (e.data.type == "get-credential") {
+            getCredentialAndReportResult(e.data.addUserActivation);
+            return;
+        }
         throw new Error(`Unrecognized message, e.data.type: ${e.data.type}`);
     });
 
     test_driver.set_test_context(window.top);
-    window.top.postMessage({"type": "subframe-loaded"}, "*");
-</script>
+    window.top.postMessage({ "type": "subframe-loaded" }, "*");
+</script>