Worklet: Fix credentials tests for worklets

Before this CL, credentials tests for worklets are completely broken as follows:

- In credentials.py, |credentials_mode| is compared by "is" that conducts the
  object equality check. As a result, all conditions unexpectedly pass through
  and the script always returns a valid response.
- In credentials.py, |is_cross_origin| value is always |False| because requests
  don't have the GET param.
- fetch() needs { credentials: 'include' } option for configuring the document's
  cookie with the Set-Cookie header, but it's not specified.
- Response headers are not specified for a 404 response. This results in test
  timeout instead of a network error.

This CL fixes these bugs and cleans up tests.

Bug: 738769
Change-Id: I9aeb11fca23dec3fd3057a765fa60eb6e59d8258
Reviewed-on: https://chromium-review.googlesource.com/799730
Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#523713}

third_party/WebKit/LayoutTests/external/wpt/worklets/resources/credentials-tests.js

+function createCookieValue(settings) {
+  return settings.credentials + '-' + settings.origin;
+}
+
+function createSetCookieURL(settings) {
+  const params = new URLSearchParams;
+  params.append('name', 'cookieName');
+  params.append('value', createCookieValue(settings));
+  if (settings.origin == 'same') {
+    return get_host_info().HTTPS_ORIGIN +
+           '/worklets/resources/set-cookie.py?' + params;
+  }
+  if (settings.origin == 'remote') {
+    return get_host_info().HTTPS_REMOTE_ORIGIN +
+           '/worklets/resources/set-cookie.py?' + params;
+  }
+  assert_unreached('settings.origin has an invalid value.');
+}
+
+function createScriptURL(settings) {
+  const params = new URLSearchParams;
+  if (settings.expectCredentialsSent)
+    params.append('value', createCookieValue(settings));
+  if (settings.origin == 'same') {
+    return get_host_info().HTTPS_ORIGIN +
+           '/worklets/resources/credentials.py?' + params;
+  }
+  if (settings.origin == 'remote') {
+    return get_host_info().HTTPS_REMOTE_ORIGIN +
+           '/worklets/resources/credentials.py?' + params;
+  }
+  assert_unreached('settings.origin has an invalid value.');
+}
+
+function createWorkletOptions(settings) {
+  if (settings.credentials == '')
+    return {};
+  return { credentials: settings.credentials };
+}
+
+// Run a credentials test with the given settings.
+//
+// Example:
+// settings = {
+//   workletType: 'paint',
+//   credentials: 'include',
+//   origin: 'same',  // 'same' or 'remote'
+//   expectCredentialsSent: true
+// };
+function runCredentialsTest(settings) {
+  const worklet = get_worklet(settings.workletType);
+  const setCookieURL = createSetCookieURL(settings);
+  const scriptURL = createScriptURL(settings);
+  const options = createWorkletOptions(settings);
+
+  // { credentials: 'include' } is necessary for configuring document's cookies
+  // with the Set-Cookie: header of the response.
+  return fetch(setCookieURL, { mode: 'cors', credentials: 'include' })
+      .then(response => worklet.addModule(scriptURL, options));
+}
+
 // Runs a series of tests related to credentials on a worklet.
 //
 // Usage:
 // runCredentialsTests("paint");
 function runCredentialsTests(worklet_type) {
-  const worklet = get_worklet(worklet_type);
-
   promise_test(() => {
-      document.cookie = 'cookieName=default';
-      const kScriptURL = 'resources/credentials.py?mode=default';
-      return worklet.addModule(kScriptURL).then(undefined_arg => {
-        assert_equals(undefined_arg, undefined);
-      });
+    return runCredentialsTest({ workletType: worklet_type,
+                                credentials: '',
+                                origin: 'same',
+                                expectCredentialsSent: false });
   }, 'Importing a same-origin script with the default WorkletOptions should ' +
-     'omit the credentials');
+     'not send the credentials');
 
   promise_test(() => {
-      const kSetCookieURL =
-          get_host_info().HTTPS_REMOTE_ORIGIN +
-          '/worklets/resources/set-cookie.py?name=cookieName';
-      const kScriptURL = get_host_info().HTTPS_REMOTE_ORIGIN +
-                         '/worklets/resources/credentials.py?mode=default';
-      const kOptions = { credentials: 'same-origin' };
-
-      // Set a cookie in the remote origin and then start a worklet.
-      return fetch(kSetCookieURL, { mode: 'cors' })
-        .then(() => worklet.addModule(kScriptURL, kOptions))
-        .then(undefined_arg => assert_equals(undefined_arg, undefined));
+    return runCredentialsTest({ workletType: worklet_type,
+                                credentials: '',
+                                origin: 'remote',
+                                expectCredentialsSent: false });
   }, 'Importing a remote-origin script with the default WorkletOptions ' +
-     'should not include the credentials');
+     'should not send the credentials');
 
   promise_test(() => {
-      document.cookie = 'cookieName=omit';
-      const kScriptURL = 'resources/credentials.py?mode=omit';
-      const kOptions = { credentials: 'omit' };
-      return worklet.addModule(kScriptURL, kOptions).then(undefined_arg => {
-        assert_equals(undefined_arg, undefined);
-      });
-  }, 'Importing a same-origin script with credentials=omit should omit the ' +
-     'credentials');
+    return runCredentialsTest({ workletType: worklet_type,
+                                credentials: 'omit',
+                                origin: 'same',
+                                expectCredentialsSent: false });
+  }, 'Importing a same-origin script with credentials=omit should not send ' +
+     'the credentials');
 
   promise_test(() => {
-      const kSetCookieURL =
-          get_host_info().HTTPS_REMOTE_ORIGIN +
-          '/worklets/resources/set-cookie.py?name=cookieName';
-      const kScriptURL = get_host_info().HTTPS_REMOTE_ORIGIN +
-                         '/worklets/resources/credentials.py?mode=omit';
-      const kOptions = { credentials: 'omit' };
-
-      // Set a cookie in the remote origin and then start a worklet.
-      return fetch(kSetCookieURL, { mode: 'cors' })
-        .then(() => worklet.addModule(kScriptURL, kOptions))
-        .then(undefined_arg => assert_equals(undefined_arg, undefined));
-  }, 'Importing a remote-origin script with credentials=omit should omit the ' +
-     'credentials');
+    return runCredentialsTest({ workletType: worklet_type,
+                                credentials: 'omit',
+                                origin: 'remote',
+                                expectCredentialsSent: false });
+  }, 'Importing a remote-origin script with credentials=omit should not send ' +
+     'the credentials');
 
   promise_test(() => {
-      document.cookie = 'cookieName=same-origin';
-      const kScriptURL = 'resources/credentials.py?mode=same-origin';
-      const kOptions = { credentials: 'same-origin' };
-      return worklet.addModule(kScriptURL, kOptions).then(undefined_arg => {
-        assert_equals(undefined_arg, undefined);
-      });
+    return runCredentialsTest({ workletType: worklet_type,
+                                credentials: 'same-origin',
+                                origin: 'same',
+                                expectCredentialsSent: true });
   }, 'Importing a same-origin script with credentials=same-origin should ' +
-     'include the credentials');
+     'send the credentials');
 
   promise_test(() => {
-      const kSetCookieURL =
-          get_host_info().HTTPS_REMOTE_ORIGIN +
-          '/worklets/resources/set-cookie.py?name=cookieName';
-      const kScriptURL = get_host_info().HTTPS_REMOTE_ORIGIN +
-                         '/worklets/resources/credentials.py?mode=same-origin';
-      const kOptions = { credentials: 'same-origin' };
-
-      // Set a cookie in the remote origin and then start a worklet.
-      return fetch(kSetCookieURL, { mode: 'cors' })
-        .then(() => worklet.addModule(kScriptURL, kOptions))
-        .then(undefined_arg => assert_equals(undefined_arg, undefined));
+    return runCredentialsTest({ workletType: worklet_type,
+                                credentials: 'same-origin',
+                                origin: 'remote',
+                                expectCredentialsSent: false });
   }, 'Importing a remote-origin script with credentials=same-origin should ' +
-     'not include the credentials');
+     'not send the credentials');
 
   promise_test(() => {
-      document.cookie = 'cookieName=include';
-      const kScriptURL = 'resources/credentials.py?mode=include';
-      const kOptions = { credentials: 'include' };
-      return worklet.addModule(kScriptURL, kOptions).then(undefined_arg => {
-          assert_equals(undefined_arg, undefined);
-      });
-  }, 'Importing a same-origin script with credentials=include should include ' +
+    return runCredentialsTest({ workletType: worklet_type,
+                                credentials: 'include',
+                                origin: 'same',
+                                expectCredentialsSent: true });
+  }, 'Importing a same-origin script with credentials=include should send ' +
      'the credentials');
 
   promise_test(() => {
-      const kSetCookieURL =
-          get_host_info().HTTPS_REMOTE_ORIGIN +
-          '/worklets/resources/set-cookie.py?name=cookieName';
-      const kScriptURL = get_host_info().HTTPS_REMOTE_ORIGIN +
-                         '/worklets/resources/credentials.py?mode=include';
-      const kOptions = { credentials: 'include' };
-
-      // Set a cookie in the remote origin and then start a worklet.
-      return fetch(kSetCookieURL, { mode: 'cors' })
-        .then(() => worklet.addModule(kScriptURL, kOptions))
-        .then(undefined_arg => assert_equals(undefined_arg, undefined));
+    return runCredentialsTest({ workletType: worklet_type,
+                                credentials: 'include',
+                                origin: 'remote',
+                                expectCredentialsSent: true });
   }, 'Importing a remote-origin script with credentials=include should ' +
-     'include the credentials');
+     'send the credentials');
 }

third_party/WebKit/LayoutTests/external/wpt/worklets/resources/credentials.py

 # Returns a valid response when a request has appropriate credentials.
 def main(request, response):
-    credentials_mode = request.GET.first("mode")
     cookie = request.cookies.first("cookieName", None)
-    source_origin = request.headers.get("origin", None);
-    is_cross_origin = request.GET.first("is_cross_origin", False)
+    expected_value = request.GET.first("value", None)
+    source_origin = request.headers.get("origin", None)
 
-    # The request with the default WorkletOptions should not include the cookie.
-    if credentials_mode is "default" and cookie is not None:
-        return (404)
+    response_headers = [("Content-Type", "text/javascript"),
+                        ("Access-Control-Allow-Origin", source_origin),
+                        ("Access-Control-Allow-Credentials", "true")]
 
-    # The request with "credentials=omit" should not include the cookie.
-    if credentials_mode is "omit" and cookie is not None:
-        return (404)
+    if cookie == expected_value:
+        return (200, response_headers, "")
 
-    if credentials_mode is "same-origin":
-        # The cross-origin request with "credentials=same-origin" should not
-        # include the cookie.
-        if is_cross_origin and cookie is not None:
-          return (404)
-        # The same-origin request with "credentials=same-origin" should include
-        # the cookie.
-        if not is_cross_origin and cookie is None:
-          return (404)
-
-    # The request with "credentials=include" should include the cookie.
-    if credentials_mode is "include" and cookie is None:
-        return (404)
-
-    return (200, [("Content-Type", "text/javascript"),
-                  ("Access-Control-Allow-Origin", source_origin),
-                  ("Access-Control-Allow-Credentials", "true")], "")
+    return (404, response_headers)

third_party/WebKit/LayoutTests/external/wpt/worklets/resources/set-cookie.py

 def main(request, response):
     name = request.GET.first("name")
-    source_origin = request.headers.get("origin", None);
-    response.headers.set("Set-Cookie", name + "=value")
-    response.headers.set("Access-Control-Allow-Origin", source_origin)
-    response.headers.set("Access-Control-Allow-Credentials", "true")
+    value = request.GET.first("value")
+    source_origin = request.headers.get("origin", None)
+
+    response_headers = [("Set-Cookie", name + "=" + value),
+                        ("Access-Control-Allow-Origin", source_origin),
+                        ("Access-Control-Allow-Credentials", "true")]
+    return (200, response_headers, "")