| <!DOCTYPE html> |
| <meta charset="utf-8"> |
| <title>WebAuthn navigator.credentials.create() authenticator selection Tests</title> |
| <meta name="timeout" content="long"> |
| <link rel="author" title="Adam Powers" href="mailto:adam@fidoalliance.org"> |
| <link rel="help" href="https://w3c.github.io/webauthn/#iface-credential"> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/resources/testdriver.js"></script> |
| <script src="/resources/testdriver-vendor.js"></script> |
| <script src=helpers.js></script> |
| <body></body> |
| <script> |
| standardSetup(function() { |
| "use strict"; |
| |
| var defaultAuthnrSel = { |
| authenticatorAttachment: "cross-platform", |
| requireResidentKey: false, |
| userVerification: "preferred" |
| }; |
| // attachment |
| var authnrSelAttachPlatform = cloneObject(defaultAuthnrSel); |
| authnrSelAttachPlatform.authenticatorAttachment = "platform"; |
| var authnrSelBadAttachEmptyStr = cloneObject(defaultAuthnrSel); |
| authnrSelBadAttachEmptyStr.authenticatorAttachment = ""; |
| var authnrSelBadAttachEmptyObj = cloneObject(defaultAuthnrSel); |
| authnrSelBadAttachEmptyObj.authenticatorAttachment = {}; |
| var authnrSelBadAttachNull = cloneObject(defaultAuthnrSel); |
| authnrSelBadAttachNull.authenticatorAttachment = null; |
| // resident key |
| var authnrSelRkTrue = cloneObject(defaultAuthnrSel); |
| authnrSelRkTrue.requireResidentKey = true; |
| var authnrSelRkBadString = cloneObject(defaultAuthnrSel); |
| authnrSelRkBadString.requireResidentKey = "foo"; |
| // user verification |
| var authnrSelUvRequired = cloneObject(defaultAuthnrSel); |
| authnrSelUvRequired.userVerification = "required"; |
| var authnrSelBadUvEmptyStr = cloneObject(defaultAuthnrSel); |
| authnrSelBadUvEmptyStr.userVerification = ""; |
| var authnrSelBadUvEmptyObj = cloneObject(defaultAuthnrSel); |
| authnrSelBadUvEmptyObj.userVerification = {}; |
| var authnrSelBadUvStr = cloneObject(defaultAuthnrSel); |
| authnrSelBadUvStr.userVerification = "requiredshirtshoestshirt"; |
| var authnrSelBadUvNull = cloneObject(defaultAuthnrSel); |
| authnrSelBadUvNull.userVerification = null; |
| |
| // authenticatorSelection bad values |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", "").runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection is empty string", TypeError); |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", "none").runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection is string", TypeError); |
| |
| // authenticatorSelection bad attachment values |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelBadAttachEmptyStr).runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection attachment is empty string", TypeError); |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelBadAttachEmptyObj).runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection attachment is empty object", TypeError); |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelBadAttachNull).runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection attachment is null", TypeError); |
| // the physically plugged-in or virtual authenticator should be a cross-platform authenticator. |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelAttachPlatform) |
| .modify("options.publicKey.timeout", 300) |
| .runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection attachment platform", "NotAllowedError"); |
| |
| // authenticatorSelection bad requireResidentKey values |
| // the physically plugged-in or virtual authenticator should not support resident keys |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelRkTrue) |
| .modify("options.publicKey.timeout", 300) |
| .runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection residentKey true", "NotAllowedError"); |
| |
| // authenticatorSelection bad userVerification values |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelBadUvEmptyStr).runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection userVerification empty string", TypeError); |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelBadUvEmptyObj).runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection userVerification empty object", TypeError); |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelBadUvStr).runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection userVerification bad value", TypeError); |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelBadUvNull).runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection userVerification null", TypeError); |
| // the physically plugged-in or virtual authenticator should not support user verification |
| new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelUvRequired) |
| // this assertion will time out the test under default parameters since the browser will wait for a platform authenticator |
| .modify("options.publicKey.timeout", 300) |
| .runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection userVerification required", "NotAllowedError"); |
| }); |
| |
| /* JSHINT */ |
| /* globals standardSetup, CreateCredentialsTest, cloneObject */ |
| </script> |