[webauthn] Fix resident key credentials.get() WPT

Fix the empty allowCredentials credentials.get() WPT. The test was expecting the browser to return a non-resident credential with an undefined allowCredentials list (which defaults to empty). Moreover, the test helper itself was failing because it was expecting a credential to be added to the test. Instead, move the test to its own file that sets up the test environment to support resident keys and add rk support to the helper with the isResidentKeyTest flag that avoids appending credentials to allowCredentials. Bug: 875444 Change-Id: I8baefa3a74c2a707227df430712a09935c1fbbf1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2130671Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Nina Satragno <nsatragno@chromium.org> Cr-Commit-Position: refs/heads/master@{#755344}

[webauthn] Fix resident key credentials.get() WPT
Fix the empty allowCredentials credentials.get() WPT. The test was expecting the browser to return a non-resident credential with an undefined allowCredentials list (which defaults to empty). Moreover, the test helper itself was failing because it was expecting a credential to be added to the test. Instead, move the test to its own file that sets up the test environment to support resident keys and add rk support to the helper with the isResidentKeyTest flag that avoids appending credentials to allowCredentials. Bug: 875444 Change-Id: I8baefa3a74c2a707227df430712a09935c1fbbf1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2130671Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Nina Satragno <nsatragno@chromium.org> Cr-Commit-Position: refs/heads/master@{#755344}
8fa00285 · Nina Satragno · Commit Bot · 1c0318e9 · 1c0318e9 · 8fa00285
Commit 8fa00285 authored Apr 01, 2020 by Nina Satragno Committed by Commit Bot Apr 01, 2020
4 changed files
--- a/third_party/blink/web_tests/external/wpt/webauthn/getcredential-passing.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/webauthn/getcredential-passing.https-expected.txt
-This is a testharness.js-based test.
-PASS passing credentials.get() with default args
-PASS passing credentials.create() with no timeout
-PASS rpId undefined
-PASS passing credentials.get() with rpId (hostname)
-FAIL no credential specified promise_test: Unhandled rejection with value: object "Error: Attempting list without defining credential to test"
-PASS authenticatorSelection userVerification undefined
-PASS authenticatorSelection userVerification preferred
-PASS authenticatorSelection userVerification discouraged
-PASS extensions undefined
-PASS extensions are empty object
-PASS extensions are dict of empty strings
-PASS Clean up the test environment
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/webauthn/getcredential-passing.https.html
+++ b/third_party/blink/web_tests/external/wpt/webauthn/getcredential-passing.https.html
@@ -34,10 +34,6 @@ standardSetup(function() {
        .addCredential(credPromise)
        .runTest("passing credentials.get() with rpId (hostname)");
-    // allowCredentials
-    new GetCredentialsTest({path: "options.publicKey.allowCredentials", value: undefined})
-        .runTest("no credential specified");
    // authnr selection user verification
    new GetCredentialsTest({path: "options.publicKey.userVerification", value: undefined})
        .addCredential(credPromise)

--- a/third_party/blink/web_tests/external/wpt/webauthn/getcredential-rk-passing.https.html
+++ b/third_party/blink/web_tests/external/wpt/webauthn/getcredential-rk-passing.https.html
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>WebAuthn credential.get() Resident Key Passing Tests</title>
+<meta name="timeout" content="long">
+<link rel="help" href="hhttps://w3c.github.io/webauthn/#resident-credential">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src=helpers.js></script>
+<body></body>
+<script>
+standardSetup(function() {
+    "use strict";
+    // create a resident key credential
+    var credPromise = createCredential({
+        options: {
+            publicKey: {
+                authenticatorSelection: {
+                    requireResidentKey: true,
+                }
+            }
+        }
+    });
+    // empty allowCredential should find the requireResidentKey: true credential
+    new GetCredentialsTest({path: "options.publicKey.allowCredentials", value: []})
+        .addCredential(credPromise)
+        .setIsResidentKeyTest(true)
+        .runTest("empty allowCredentials");
+    // undefined allowCredential should be equivalent to empty
+    new GetCredentialsTest({path: "options.publicKey.allowCredentials", value: undefined})
+        .addCredential(credPromise)
+        .setIsResidentKeyTest(true)
+        .runTest("undefined allowCredentials");
+}, {
+    // browsers may not allow resident key credential creation without uv
+    protocol: "ctap2",
+    hasResidentKey: true,
+    hasUserVerification: true,
+    isUserVerified: true,
+});
+/* JSHINT */
+/* globals standardSetup, GetCredentialsTest, createCredential */
+</script>
--- a/third_party/blink/web_tests/external/wpt/webauthn/helpers.js
+++ b/third_party/blink/web_tests/external/wpt/webauthn/helpers.js
@@ -35,6 +35,10 @@ var createCredentialDefaultArgs = {
                alg: cose_alg_ECDSA_w_SHA256,
            }],
+            authenticatorSelection: {
+                requireResidentKey: false,
+            },
            timeout: 60000, // 1 minute
            excludeCredentials: [] // No excludeList
        }
@@ -420,6 +424,9 @@ class GetCredentialsTest extends TestCase {
        this.credentialPromiseList = [];
+        // set to true to pass an empty allowCredentials list to credentials.get
+        this.isResidentKeyTest = false;
        // enable the constructor to modify the default testObject
        // would prefer to do this in the super class, but have to call super() before using `this.*`
        if (arguments.length) {
@@ -464,7 +471,9 @@ class GetCredentialsTest extends TestCase {
                        type: "public-key"
                    };
                });
-                this.testObject.options.publicKey.allowCredentials = idList;
+                if (!this.isResidentKeyTest) {
+                    this.testObject.options.publicKey.allowCredentials = idList;
+                }
                // return super.test(desc);
            })
            .catch((err) => {
@@ -476,6 +485,11 @@ class GetCredentialsTest extends TestCase {
        validatePublicKeyCredential(ret);
        validateAuthenticatorAssertionResponse(ret.response);
    }
+    setIsResidentKeyTest(isResidentKeyTest) {
+        this.isResidentKeyTest = isResidentKeyTest;
+        return this;
+    }
 }
 /**
@@ -535,12 +549,17 @@ function validateAuthenticatorAssertionResponse(assert) {
    // TODO: parseAuthenticatorData() and make sure flags are correct
 }
-function standardSetup(cb) {
+function standardSetup(cb, options = {}) {
    // Setup an automated testing environment if available.
-    window.test_driver.add_virtual_authenticator({
+    let authenticatorArgs = {
        protocol: "ctap1/u2f",
-        transport: "usb"
+        transport: "usb",
-    }).then(authenticator => {
+        hasResidentKey: false,
+        hasUserVerification: false,
+        isUserVerified: false,
+    };
+    extendObject(authenticatorArgs, options);
+    window.test_driver.add_virtual_authenticator(authenticatorArgs).then(authenticator => {
        cb();
        // XXX add a subtest to clean up the virtual authenticator since
        // testharness does not support waiting for promises on cleanup.