2016-02-09 18:43:00 +03:00
|
|
|
<!DOCTYPE html>
|
|
|
|
|
<meta charset=utf-8>
|
|
|
|
|
<head>
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
<script type="text/javascript" src="frame_utils.js"></script>
|
|
|
|
|
<script type="text/javascript" src="u2futil.js"></script>
|
2016-02-09 18:43:00 +03:00
|
|
|
</head>
|
|
|
|
|
<body>
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
<p>Insecure AppID / FacetID behavior check</p>
|
2016-02-09 18:43:00 +03:00
|
|
|
<script class="testbody" type="text/javascript">
|
|
|
|
|
"use strict";
|
|
|
|
|
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
local_setParentOrigin("http://mochi.test:8888");
|
|
|
|
|
|
|
|
|
|
async function doTests() {
|
|
|
|
|
var version = "U2F_V2";
|
|
|
|
|
var challenge = new Uint8Array(16);
|
|
|
|
|
|
|
|
|
|
local_is(window.location.origin, "http://test2.example.com", "Is loaded correctly");
|
|
|
|
|
|
2017-12-14 02:02:38 +03:00
|
|
|
local_is('u2f' in window, false, "window.u2f must be undefined when accessed from an insecure origin");
|
|
|
|
|
local_is('U2F' in window, false, "window.U2F must be undefined when accessed from an insecure origin");
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
u2f.register(null, [], [], function(res) {
|
|
|
|
|
local_ok(false, "Callbacks should not be called.");
|
|
|
|
|
});
|
|
|
|
|
} catch (err) {
|
|
|
|
|
local_ok(err == "ReferenceError: u2f is not defined", "calling u2f should have thrown from an insecure origin");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
window.u2f.register(null, [], [], function(res) {
|
|
|
|
|
local_ok(false, "Callbacks should not be called.");
|
|
|
|
|
});
|
|
|
|
|
} catch (err) {
|
2020-01-11 08:10:54 +03:00
|
|
|
local_is(err.constructor.name, 'TypeError',
|
|
|
|
|
"accessing window.u2f should have thrown from an insecure origin");
|
|
|
|
|
local_ok(err.message.endsWith("window.u2f is undefined"),
|
|
|
|
|
"accessing window.u2f should have thrown from an insecure origin");
|
2017-12-14 02:02:38 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
await promiseU2FRegister(null, [{
|
2019-09-02 14:22:27 +03:00
|
|
|
version,
|
2017-12-14 02:02:38 +03:00
|
|
|
challenge: bytesToBase64UrlSafe(challenge),
|
|
|
|
|
}], [], function(res){
|
|
|
|
|
local_ok(false, "Shouldn't have gotten here on an insecure origin");
|
|
|
|
|
});
|
|
|
|
|
} catch (err) {
|
|
|
|
|
local_ok(err == "ReferenceError: u2f is not defined", "Should have thrown from an insecure origin");
|
|
|
|
|
}
|
Bug 1245527 - Rewrite U2F.cpp to use U2FTokenManager. r=keeler, r=ttaubert
- This patch reworks the U2F module to asynchronously call U2FManager,
which in turn handles constructing and managing the U2FTokenManager
via IPC.
- Add U2FTransaction{Parent,Child} implementations to mirror similar ones for
WebAuthn
- Rewrite all tests to compensate for U2F executing asynchronously now.
- Used async tasks, used the manifest parameters for scheme, and generally
made these cleaner.
- The mochitest "pref =" functionality from Bug 1328830 doesn't support Android
yet, causing breakage on Android. Rework the tests to go back to the old way
of using iframes to test U2F.
NOTE TO REVIEWERS:
Since this is huge, I recommend the following:
keeler - please review U2F.cpp/h, the tests, and the security-prefs.js. Most
of the U2F logic is still in U2F.cpp like before, but there's been
some reworking of how it is called.
ttaubert - please review U2FManager, the Transaction classes, build changes,
and the changes to nsGlobalWindow. All of these should be very
similar to the WebAuthn code it's patterned off.
MozReview-Commit-ID: C1ZN2ch66Rm
--HG--
extra : rebase_source : 5a2c52b0340c13f471af5040b998eb7e661b1981
2017-09-11 22:56:59 +03:00
|
|
|
|
|
|
|
|
local_finished();
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
doTests();
|
2016-02-09 18:43:00 +03:00
|
|
|
|
|
|
|
|
</script>
|
|
|
|
|
</body>
|
2020-01-11 08:10:54 +03:00
|
|
|
</html>
|
