[webauthn] WPT - adding port to RP ID should fail

Relying party IDs are defined as "a registrable domain suffix of or equal to the caller’s origin's effective domain". RP IDs do not include a port. This patch changes the host + port subtests to expect a failure instead of success. Bug: 875444 Change-Id: I0067ebd883612d534df13a555284fe1cdec7424d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2088002 Commit-Queue: Nina Satragno <nsatragno@chromium.org> Reviewed-by: Ken Buchanan <kenrb@chromium.org> Cr-Commit-Position: refs/heads/master@{#747289}

[webauthn] WPT - adding port to RP ID should fail
Relying party IDs are defined as "a registrable domain suffix of or equal to the caller’s origin's effective domain". RP IDs do not include a port. This patch changes the host + port subtests to expect a failure instead of success. Bug: 875444 Change-Id: I0067ebd883612d534df13a555284fe1cdec7424d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2088002 Commit-Queue: Nina Satragno <nsatragno@chromium.org> Reviewed-by: Ken Buchanan <kenrb@chromium.org> Cr-Commit-Position: refs/heads/master@{#747289}
efc31c8e · Nina Satragno · Commit Bot · 53e97bc2 · efc31c8e · efc31c8e
Commit efc31c8e authored Mar 05, 2020 by Nina Satragno Committed by Commit Bot Mar 05, 2020
6 changed files
--- a/third_party/blink/web_tests/external/wpt/webauthn/createcredential-badargs-rp.https.html
+++ b/third_party/blink/web_tests/external/wpt/webauthn/createcredential-badargs-rp.https.html
@@ -27,6 +27,12 @@ standardSetup(function() {
    new CreateCredentialsTest("options.publicKey.rp.id", "-invaliddomain.com").runTest("Bad rp: id is invalid domain (starts with dash)", "SecurityError");
    new CreateCredentialsTest("options.publicKey.rp.id", "0invaliddomain.com").runTest("Bad rp: id is invalid domain (starts with number)", "SecurityError");
+    let hostAndPort = window.location.host;
+    if (!hostAndPort.match(/:\d+$/)) {
+        hostAndPort += ":443";
+    }
+    new CreateCredentialsTest("options.publicKey.rp.id", hostAndPort).runTest("Bad rp id: id is host + port", "SecurityError");
    // // rp.name
    new CreateCredentialsTest({path: "options.publicKey.rp.name", value: undefined}).runTest("rp missing name", TypeError);

--- a/third_party/blink/web_tests/external/wpt/webauthn/createcredential-passing.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/webauthn/createcredential-passing.https-expected.txt
 This is a testharness.js-based test.
 PASS passing credentials.create() with default arguments
-FAIL passing credentials.create() with rpId (host and port) promise_test: Unhandled rejection with value: object "SecurityError: The relying party ID is not a registrable domain suffix of, nor equal to the current domain."
 PASS passing credentials.create() with rpId (hostname)
 PASS passing credentials.create() without rp.icon
 PASS very short user id

--- a/third_party/blink/web_tests/external/wpt/webauthn/createcredential-passing.https.html
+++ b/third_party/blink/web_tests/external/wpt/webauthn/createcredential-passing.https.html
@@ -20,7 +20,6 @@ standardSetup(function() {
    new CreateCredentialsTest().runTest("passing credentials.create() with default arguments");
    // rp
-    new CreateCredentialsTest({path: "options.publicKey.rp.id", value: window.location.host}).runTest("passing credentials.create() with rpId (host and port)");
    new CreateCredentialsTest({path: "options.publicKey.rp.id", value: window.location.hostname}).runTest("passing credentials.create() with rpId (hostname)");
    new CreateCredentialsTest({path: "options.publicKey.rp.icon", value: undefined}).runTest("passing credentials.create() without rp.icon");

--- a/third_party/blink/web_tests/external/wpt/webauthn/getcredential-badargs-rpid.https.html
+++ b/third_party/blink/web_tests/external/wpt/webauthn/getcredential-badargs-rpid.https.html
@@ -31,6 +31,14 @@ standardSetup(function() {
    new GetCredentialsTest("options.publicKey.rpId", "0invaliddomain.com")
        .addCredential(credPromise)
        .runTest("Bad rpId: invalid domain (starts with number)", "SecurityError");
+    let hostAndPort = window.location.host;
+    if (!hostAndPort.match(/:\d+$/)) {
+        hostAndPort += ":443";
+    }
+    new GetCredentialsTest({path: "options.publicKey.rpId", value: hostAndPort})
+        .addCredential(credPromise)
+        .runTest("Bad rpId: host + port", "SecurityError");
 });
 /* JSHINT */

--- a/third_party/blink/web_tests/external/wpt/webauthn/getcredential-passing.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/webauthn/getcredential-passing.https-expected.txt
@@ -2,7 +2,6 @@ This is a testharness.js-based test.
 PASS passing credentials.get() with default args
 PASS passing credentials.create() with no timeout
 PASS rpId undefined
-FAIL passing credentials.get() with rpId (host and port) promise_test: Unhandled rejection with value: object "SecurityError: The relying party ID is not a registrable domain suffix of, nor equal to the current domain."
 PASS passing credentials.get() with rpId (hostname)
 FAIL no credential specified promise_test: Unhandled rejection with value: object "Error: Attempting list without defining credential to test"
 PASS authenticatorSelection userVerification undefined

--- a/third_party/blink/web_tests/external/wpt/webauthn/getcredential-passing.https.html
+++ b/third_party/blink/web_tests/external/wpt/webauthn/getcredential-passing.https.html
@@ -30,9 +30,6 @@ standardSetup(function() {
    new GetCredentialsTest({path: "options.publicKey.rpId", value: undefined})
        .addCredential(credPromise)
        .runTest("rpId undefined");
-    new GetCredentialsTest({path: "options.publicKey.rpId", value: window.location.host})
-        .addCredential(credPromise)
-        .runTest("passing credentials.get() with rpId (host and port)");
    new GetCredentialsTest({path: "options.publicKey.rpId", value: window.location.hostname})
        .addCredential(credPromise)
        .runTest("passing credentials.get() with rpId (hostname)");