[FedCM] Make revoke test do actual network requests
Instead of using a mojo mock. This tests a lot more of our code.
Bug: 1309251
Change-Id: I079cbbf962ed8b95870bd51fdff35f6f37ca3974
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3680732
Commit-Queue: Christian Biesinger <cbiesinger@chromium.org>
Reviewed-by: Yi Gu <yigu@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1011646}
diff --git a/credential-management/fedcm-revoke.https.html b/credential-management/fedcm-revoke.https.html
deleted file mode 100644
index f0c3e5e..0000000
--- a/credential-management/fedcm-revoke.https.html
+++ /dev/null
@@ -1,45 +0,0 @@
-<!DOCTYPE html>
-<meta charset="utf-8">
-<title>FederatedCredential.revoke() promise resolution</title>
-<link rel="author" title="Christian Biesinger" href="mailto:cbiesinger@chromium.org">
-<link rel="help" href="https://wicg.github.io/FedCM/#browser-api-revocation">
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-
-<script type="module">
- import {fedcm_test} from './support/fedcm-helper.js';
-
- async function getCredential(provider_url) {
- const provider = {
- url: provider_url || "https://idp.example/",
- clientId: "1234",
- };
- return await navigator.credentials.get({
- federated: {
- providers: [provider],
- },
- });
- }
-
- fedcm_test(async (t, mock) => {
- mock.revokeReturn("kSuccess");
- await (await getCredential()).revoke("foo@bar.com");
- }, "Successfully revoking a token should resolve the promise.");
-
- fedcm_test(async (t, mock) => {
- mock.revokeReturn("kError");
- const result = (await getCredential()).revoke("foo@bar.com");
- return promise_rejects_dom(t, "NetworkError", result);
- }, "Error should reject the promise.");
-
- fedcm_test(async (t, mock) => {
- mock.revokeReturn("kError");
- const result = (await getCredential()).revoke("");
- return promise_rejects_dom(t, "InvalidStateError", result);
- }, "Empty hint should reject the promise.");
-
- fedcm_test(async (t, mock) => {
- const result = getCredential("https://other-idp.example/").then((c) => c.revoke("foo@bar.com"));
- return promise_rejects_dom(t, "NetworkError", result);
- }, "Provider URL should honor Content-Security-Policy.");
-</script>
diff --git a/credential-management/fedcm-revoke.https.html.headers b/credential-management/fedcm-revoke.https.html.headers
deleted file mode 100644
index fd82d50..0000000
--- a/credential-management/fedcm-revoke.https.html.headers
+++ /dev/null
@@ -1 +0,0 @@
-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; connect-src https://idp.example
diff --git a/credential-management/fedcm-revoke.sub.https.html b/credential-management/fedcm-revoke.sub.https.html
new file mode 100644
index 0000000..79a9a87
--- /dev/null
+++ b/credential-management/fedcm-revoke.sub.https.html
@@ -0,0 +1,56 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>FederatedCredential.revoke() promise resolution</title>
+<link rel="author" title="Christian Biesinger" href="mailto:cbiesinger@chromium.org">
+<link rel="help" href="https://fedidcg.github.io/FedCM/#browser-api-revocation">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<script type="module">
+ import {set_fedcm_cookie} from './support/fedcm-helper.js';
+ const url_prefix = 'https://{{host}}:{{ports[https][0]}}/credential-management/support/';
+
+ async function getCredential(provider_url) {
+ const provider = {
+ url: provider_url || url_prefix,
+ clientId: "1234",
+ };
+ return await navigator.credentials.get({
+ federated: {
+ providers: [provider],
+ },
+ });
+ }
+
+ promise_test(async t => {
+ await set_fedcm_cookie();
+ await (await getCredential()).login({nonce: '1'});
+ await (await getCredential()).revoke("1234");
+
+ // Second revoke should now fail since the first revoke should revoke
+ // the permission.
+ const result = (await getCredential()).revoke("1234");
+ return promise_rejects_dom(t, "NetworkError", result);
+ }, "Successfully revoking a token should resolve the promise.");
+
+ promise_test(async t => {
+ // Have to first login or the request will be rejected before it reaches
+ // the server.
+ await set_fedcm_cookie();
+ await (await getCredential()).login({nonce: '1'});
+ await (await getCredential()).revoke("1234");
+
+ const result = (await getCredential()).revoke("fail");
+ return promise_rejects_dom(t, "NetworkError", result);
+ }, "Error should reject the promise.");
+
+ promise_test(async t => {
+ const result = (await getCredential()).revoke("");
+ return promise_rejects_dom(t, "InvalidStateError", result);
+ }, "Empty hint should reject the promise.");
+
+ promise_test(async t => {
+ const result = getCredential("https://other-idp.example/").then((c) => c.revoke("foo@bar.com"));
+ return promise_rejects_dom(t, "NetworkError", result);
+ }, "Provider URL should honor Content-Security-Policy.");
+</script>
diff --git a/credential-management/fedcm-revoke.sub.https.html.sub.headers b/credential-management/fedcm-revoke.sub.https.html.sub.headers
new file mode 100644
index 0000000..69b5bf3
--- /dev/null
+++ b/credential-management/fedcm-revoke.sub.https.html.sub.headers
@@ -0,0 +1 @@
+Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; connect-src https://{{host}}:{{ports[https][0]}}
diff --git a/credential-management/support/revoke.py b/credential-management/support/revoke.py
new file mode 100644
index 0000000..ed6fe00
--- /dev/null
+++ b/credential-management/support/revoke.py
@@ -0,0 +1,6 @@
+def main(request, response):
+ if not b"hint" in request.POST:
+ return (500, [], "Missing hint")
+ if request.POST[b"hint"] == b"fail":
+ return (500, [], "Fail requested")
+ return (204, [], "")