Bug 975144 - Adding IdP loading tests draft
authorMartin Thomson <martin.thomson@gmail.com>
Fri, 09 Jan 2015 15:42:02 -0800
changeset 236143 4a75b82b3eda3dcb56efdbcdf65fc2d2d0c06cf2
parent 236142 1991b9b2903537ac207a0a95fec9d2c5bdd1a22c
child 236144 452abd4192ab421d9eef9b29c2aeb532dbe7c46b
push id389
push usermartin.thomson@gmail.com
push dateFri, 09 Jan 2015 23:59:51 +0000
bugs975144
milestone37.0a1
Bug 975144 - Adding IdP loading tests
dom/media/tests/mochitest/identity/idp-min.js
dom/media/tests/mochitest/identity/idp-redirect-http-trick.js
dom/media/tests/mochitest/identity/idp-redirect-http-trick.js^headers^
dom/media/tests/mochitest/identity/idp-redirect-http.js
dom/media/tests/mochitest/identity/idp-redirect-http.js^headers^
dom/media/tests/mochitest/identity/idp-redirect-https-double.js
dom/media/tests/mochitest/identity/idp-redirect-https-double.js^headers^
dom/media/tests/mochitest/identity/idp-redirect-https-odd-path.js
dom/media/tests/mochitest/identity/idp-redirect-https-odd-path.js^headers^
dom/media/tests/mochitest/identity/idp-redirect-https.js
dom/media/tests/mochitest/identity/idp-redirect-https.js^headers^
dom/media/tests/mochitest/identity/mochitest.ini
dom/media/tests/mochitest/identity/test_idpproxy.html
new file mode 100644
--- /dev/null
+++ b/dom/media/tests/mochitest/identity/idp-min.js
@@ -0,0 +1,24 @@
+(function(global) {
+  'use strict';
+  // A minimal implementation of the interface.
+  // Though this isn't particularly functional.
+  // This is needed so that we can have a "working" IdP served
+  // from two different locations in the tree.  
+  global.rtcIdentityProvider.register({
+    generateAssertion: function(payload, origin, usernameHint) {
+      dump('idp: generateAssertion(' + payload + ')\n');
+      return Promise.resolve({
+        idp: { domain: 'example.com', protocol: 'idp.js' },
+        assertion: 'bogus'
+      });
+    },
+
+    validateAssertion: function(assertion, origin) {
+      dump('idp: validateAssertion(' + assertion + ')\n');
+      return Promise.resolve({
+        identity: 'user@example.com',
+        contents: 'bogus'
+      });
+    }
+  });
+}(this));
new file mode 100644
--- /dev/null
+++ b/dom/media/tests/mochitest/identity/idp-redirect-http-trick.js
@@ -0,0 +1,3 @@
+(function() {
+  dump('ERROR\n');
+}());
new file mode 100644
--- /dev/null
+++ b/dom/media/tests/mochitest/identity/idp-redirect-http-trick.js^headers^
@@ -0,0 +1,2 @@
+HTTP 301 Moved Permanently
+Location: http://example.com/.well-known/idp-proxy/idp-redirect-https.js
new file mode 100644
--- /dev/null
+++ b/dom/media/tests/mochitest/identity/idp-redirect-http.js
@@ -0,0 +1,3 @@
+(function() {
+  dump('ERROR\n');
+}());
new file mode 100644
--- /dev/null
+++ b/dom/media/tests/mochitest/identity/idp-redirect-http.js^headers^
@@ -0,0 +1,2 @@
+HTTP 301 Moved Permanently
+Location: http://example.com/.well-known/idp-proxy/idp.js
new file mode 100644
--- /dev/null
+++ b/dom/media/tests/mochitest/identity/idp-redirect-https-double.js
@@ -0,0 +1,3 @@
+(function() {
+  dump('ERROR\n');
+}());
new file mode 100644
--- /dev/null
+++ b/dom/media/tests/mochitest/identity/idp-redirect-https-double.js^headers^
@@ -0,0 +1,2 @@
+HTTP 301 Moved Permanently
+Location: https://example.com/.well-known/idp-proxy/idp-redirect-https.js
new file mode 100644
--- /dev/null
+++ b/dom/media/tests/mochitest/identity/idp-redirect-https-odd-path.js
@@ -0,0 +1,3 @@
+(function() {
+  dump('ERROR\n');
+}());
new file mode 100644
--- /dev/null
+++ b/dom/media/tests/mochitest/identity/idp-redirect-https-odd-path.js^headers^
@@ -0,0 +1,2 @@
+HTTP 301 Moved Permanently
+Location: https://example.com/.well-known/idp-min.js
new file mode 100644
--- /dev/null
+++ b/dom/media/tests/mochitest/identity/idp-redirect-https.js
@@ -0,0 +1,3 @@
+(function() {
+  dump('ERROR\n');
+}());
new file mode 100644
--- /dev/null
+++ b/dom/media/tests/mochitest/identity/idp-redirect-https.js^headers^
@@ -0,0 +1,2 @@
+HTTP 301 Moved Permanently
+Location: https://example.com/.well-known/idp-proxy/idp.js
--- a/dom/media/tests/mochitest/identity/mochitest.ini
+++ b/dom/media/tests/mochitest/identity/mochitest.ini
@@ -1,19 +1,35 @@
 [DEFAULT]
 # All tests are disabled on android&b2g due to lack of https support in
 # mochitests (Bug 907770)
 # Tests are also disabled on b2g due to lack of e10s support in WebRTC identity
 # (Bug 975144)
 skip-if = e10s || os == "android" || appname == "b2g"
 support-files =
   /.well-known/idp-proxy/idp.js
-  identityevent.js
 
 [test_idpproxy.html]
+support-files =
+  /.well-known/idp-proxy/idp-redirect-http.js
+  /.well-known/idp-proxy/idp-redirect-http.js^headers^
+  /.well-known/idp-proxy/idp-redirect-http-trick.js
+  /.well-known/idp-proxy/idp-redirect-http-trick.js^headers^
+  /.well-known/idp-proxy/idp-redirect-https.js
+  /.well-known/idp-proxy/idp-redirect-https.js^headers^
+  /.well-known/idp-proxy/idp-redirect-https-double.js
+  /.well-known/idp-proxy/idp-redirect-https-double.js^headers^
+  /.well-known/idp-proxy/idp-redirect-https-odd-path.js
+  /.well-known/idp-proxy/idp-redirect-https-odd-path.js^headers^
+  /.well-known/idp-min.js
+
+[test_fingerprints.html]
 [test_getIdentityAssertion.html]
 [test_setIdentityProvider.html]
+support-files = identityevent.js
+
 [test_setIdentityProviderWithErrors.html]
+support-files = identityevent.js
+
 [test_peerConnection_peerIdentity.html]
-[test_fingerprints.html]
 
 # Bug 950317: Hack for making a cleanup hook after finishing all WebRTC cases
 [../test_zmedia_cleanup.html]
--- a/dom/media/tests/mochitest/identity/test_idpproxy.html
+++ b/dom/media/tests/mochitest/identity/test_idpproxy.html
@@ -44,19 +44,24 @@ function test_protocol_sandbox() {
       ok(false, 'IdpSandbox didn\'t catch bad protocol: ' + proto);
     } catch (e) {
       var str = (typeof proto === 'string') ? proto : typeof proto;
       ok(true, 'Evil protocol "' + proto + '" raises exception');
     }
   });
 }
 
-function makeSandbox(hash) {
-  var sandbox = new IdpSandbox('example.com',
-                           'idp.js' + (hash ? ('#' + hash) : ''));
+function idpName(hash) {
+  return 'idp.js' + (hash ? ('#' + hash) : '');
+}
+
+function makeSandbox(js) {
+  var name = js || idpName();
+  info('Creating a sandbox for the protocol: ' + name);
+  var sandbox = new IdpSandbox('example.com', name);
   return sandbox.start().then(idp => SpecialPowers.wrap(idp));
 }
 
 function test_generate_assertion() {
   return makeSandbox()
     .then(idp => idp.generateAssertion(dummyPayload,
                                        'https://example.net'))
     .then(response => {
@@ -85,29 +90,73 @@ function test_validate_assertion() {
       is(response.identity, 'user@example.com');
       is(response.contents, dummyPayload);
     });
 }
 
 // We don't want to test the #bad or the #hang instructions,
 // errors of the sort those generate aren't handled by the sandbox code.
 function fail(reason) {
-  return function() {
-    return makeSandbox(reason)
-      .then(idp => idp.generateAssertion('hello', 'example.net', null))
+  return () => {
+    return makeSandbox(idpName(reason))
+      .then(idp => idp.generateAssertion('hello', 'example.net'))
       .then(r => ok(false, 'should not succeed on ' + reason),
             e => ok(true, 'failed correctly on ' + reason));
   };
 }
 
+function test_load_failure() {
+  return makeSandbox('non-existent-file')
+    .then(() => ok(false, 'Should fail to load non-existent file'),
+          e => ok(e, 'Should fail to load non-existent file'));
+}
+
+function test_redirect_ok(from) {
+  return () => {
+    return makeSandbox(from)
+      .then(idp => idp.generateAssertion('hello', 'example.net'))
+      .then(r => ok(SpecialPowers.wrap(r).assertion,
+                    'Redirect to https should be OK'));
+  };
+}
+
+function test_redirect_fail(from) {
+  return () => {
+    return makeSandbox(from)
+      .then(() => ok(false, 'Redirect to https should fail'),
+            e => ok(e, 'Redirect to https should fail'));
+  };
+}
+
 function run_all_tests() {
   [
-    test_domain_sandbox, test_protocol_sandbox,
-    test_generate_assertion, test_validate_assertion,
-    fail('fail'), fail('throw'), fail('not_ready')
+    test_domain_sandbox,
+    test_protocol_sandbox,
+    test_generate_assertion,
+    test_validate_assertion,
+
+    // fail of the IdP fails
+    fail('fail'),
+    // fail if the IdP throws
+    fail('throw'),
+    // fail if the IdP is not ready
+    fail('not_ready'),
+
+    test_load_failure(),
+    // Test a redirect to an HTTPS origin, which should be OK
+    test_redirect_ok('idp-redirect-https.js'),
+    // Two redirects is fine too
+    test_redirect_ok('idp-redirect-https-double.js'),
+    // A secure redirect to a path other than /.well-known/idp-proxy/* should
+    // also work fine.
+    test_redirect_ok('idp-redirect-https-odd-path.js'),
+    // A redirect to HTTP is not-cool
+    test_redirect_fail('idp-redirect-http.js'),
+    // Also catch tricks like https->http->https
+    test_redirect_fail('idp-redirect-http-trick.js')
   ].reduce((p, test) => {
     return p.then(test)
       .catch(e => ok(false, test.name + ' failed: ' +
                      SpecialPowers.wrap(e).message + '\n' +
                      SpecialPowers.wrap(e).stack));
   }, Promise.resolve())
     .then(() => SimpleTest.finish());
 }