device-bound-session-credentials/empty-response.https.html - external/w3c/web-platform-tests.git - Git at Google

 <!DOCTYPE html>
 <meta charset="utf-8">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="helper.js" type="module"></script>

 <script type="module">
   import {
     expireCookie,
     documentHasCookie,
     waitForCookie,
     addCookieAndSessionCleanup,
     setupShardedServerState,
     configureServer
   } from "./helper.js";

   promise_test(async t => {
     await setupShardedServerState();
     const expectedCookieAndValue = "auth_cookie=abcdef0123";
     const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`;
     addCookieAndSessionCleanup(t);

     // Configure the server to omit session instructions going forward
     configureServer({
       useEmptyResponse: true
     });

     // Prompt starting a session, and wait until registration completes.
     const loginResponse = await fetch('login.py');
     assert_equals(loginResponse.status, 200);
     await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true);

     // Since the session instructions were empty at registration, refresh should fail.
     expireCookie(expectedCookieAndAttributes);
     assert_false(documentHasCookie(expectedCookieAndValue));
     const authResponseAfterExpiry = await fetch('verify_authenticated.py');
     assert_equals(authResponseAfterExpiry.status, 403);
     assert_false(documentHasCookie(expectedCookieAndValue));
   }, "An empty response fails on registration");

   promise_test(async t => {
     await setupShardedServerState();
     const expectedCookieAndValue = "auth_cookie=abcdef0123";
     const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`;
     addCookieAndSessionCleanup(t);

     // Prompt starting a session, and wait until registration completes.
     const loginResponse = await fetch('login.py');
     assert_equals(loginResponse.status, 200);
     await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true);

     // Configure the server to omit session instructions going forward
     configureServer({
       useEmptyResponse: true
     });

     // Confirm that expiring the cookie still leads to a request with the cookie set (refresh occurs).
     expireCookie(expectedCookieAndAttributes);
     assert_false(documentHasCookie(expectedCookieAndValue));
     const authResponseAfterExpiry = await fetch('verify_authenticated.py');
     assert_equals(authResponseAfterExpiry.status, 200);
     assert_true(documentHasCookie(expectedCookieAndValue));

     // If returning an empty response terminated the session, a second refresh would fail.
     expireCookie(expectedCookieAndAttributes);
     assert_false(documentHasCookie(expectedCookieAndValue));
     const authResponseAfterExpiry2 = await fetch('verify_authenticated.py');
     assert_equals(authResponseAfterExpiry2.status, 200);
     assert_true(documentHasCookie(expectedCookieAndValue));
   }, "An empty response is allowed on refresh");
 </script>
	<!DOCTYPE html>
	<meta charset="utf-8">
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="helper.js" type="module"></script>

	<script type="module">
	import {
	expireCookie,
	documentHasCookie,
	waitForCookie,
	addCookieAndSessionCleanup,
	setupShardedServerState,
	configureServer
	} from "./helper.js";

	promise_test(async t => {
	await setupShardedServerState();
	const expectedCookieAndValue = "auth_cookie=abcdef0123";
	const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`;
	addCookieAndSessionCleanup(t);

	// Configure the server to omit session instructions going forward
	configureServer({
	useEmptyResponse: true
	});

	// Prompt starting a session, and wait until registration completes.
	const loginResponse = await fetch('login.py');
	assert_equals(loginResponse.status, 200);
	await waitForCookie(expectedCookieAndValue, /expectCookie=/true);

	// Since the session instructions were empty at registration, refresh should fail.
	expireCookie(expectedCookieAndAttributes);
	assert_false(documentHasCookie(expectedCookieAndValue));
	const authResponseAfterExpiry = await fetch('verify_authenticated.py');
	assert_equals(authResponseAfterExpiry.status, 403);
	assert_false(documentHasCookie(expectedCookieAndValue));
	}, "An empty response fails on registration");

	promise_test(async t => {
	await setupShardedServerState();
	const expectedCookieAndValue = "auth_cookie=abcdef0123";
	const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`;
	addCookieAndSessionCleanup(t);

	// Prompt starting a session, and wait until registration completes.
	const loginResponse = await fetch('login.py');
	assert_equals(loginResponse.status, 200);
	await waitForCookie(expectedCookieAndValue, /expectCookie=/true);

	// Configure the server to omit session instructions going forward
	configureServer({
	useEmptyResponse: true
	});

	// Confirm that expiring the cookie still leads to a request with the cookie set (refresh occurs).
	expireCookie(expectedCookieAndAttributes);
	assert_false(documentHasCookie(expectedCookieAndValue));
	const authResponseAfterExpiry = await fetch('verify_authenticated.py');
	assert_equals(authResponseAfterExpiry.status, 200);
	assert_true(documentHasCookie(expectedCookieAndValue));

	// If returning an empty response terminated the session, a second refresh would fail.
	expireCookie(expectedCookieAndAttributes);
	assert_false(documentHasCookie(expectedCookieAndValue));
	const authResponseAfterExpiry2 = await fetch('verify_authenticated.py');
	assert_equals(authResponseAfterExpiry2.status, 200);
	assert_true(documentHasCookie(expectedCookieAndValue));
	}, "An empty response is allowed on refresh");
	</script>