Part 2: Port applicationServerKey validation tests to WPT

Porting only the main thread checks but not the checks inside service workers, because it's not clear what to do with permissions there as testdriver.js is window specific. Maybe it can be tweaked for service worker compatibility, but not in this patch. Differential Revision: https://phabricator.services.mozilla.com/D196181 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1869558 gecko-commit: c4306475b0efecd7a0799795e1065b2803c05db5 gecko-reviewers: asuth
Tobias710219 · Jan 16, 2024 · e46473a · e46473a
1 parent 2f9396a
commit e46473a
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 0 deletions.
diff --git a/push-api/noop-sw.js b/push-api/noop-sw.js
diff --git a/push-api/resources/helpers.js b/push-api/resources/helpers.js
@@ -0,0 +1,12 @@
+function resetSw() {
+  return navigator.serviceWorker.getRegistrations().then(registrations => {
+    return Promise.all(registrations.map(r => r.unregister()));
+  });
+}
+
+async function registerSw(path) {
+  await resetSw();
+  add_completion_callback(resetSw);
+  const reg = await navigator.serviceWorker.register(path);
+  return reg;
+}
diff --git a/push-api/subscribe-with-faulty-applicationServerKey.https.window.js b/push-api/subscribe-with-faulty-applicationServerKey.https.window.js
@@ -0,0 +1,62 @@
+// META: script=/resources/testdriver.js
+// META: script=/resources/testdriver-vendor.js
+// META: script=resources/helpers.js
+
+// NOTE:
+// We are not testing success cases here as doing so will try creating external network
+// connection, which is not allowed by all browser test environments.
+// (e.g. Gecko explicitly disables push service for testing environment.)
+// Ideally we should have WPT-specific mock server in this case. See also
+// https://github.com/w3c/push-api/issues/365.
+
+promise_setup(async () => {
+  // The spec does not enforce validation order and implementations
+  // indeed check other things before checking applicationServerKey.
+
+  // Get the permission because Firefox checks it before key validation.
+  // (The permission test is done in permission.https.html.)
+  await test_driver.set_permission({ name: "notifications" }, "granted");
+  // Get the active service worker because Chrome checks it before key validation
+  registration = await registerSw("noop-sw.js");
+  await navigator.serviceWorker.ready;
+});
+
+promise_test(async (t) => {
+  await promise_rejects_dom(
+    t,
+    "InvalidAccessError",
+    registration.pushManager.subscribe({ applicationServerKey: "" }),
+  );
+}, "Reject empty string applicationServerKey");
+
+promise_test(async (t) => {
+  await promise_rejects_dom(
+    t,
+    "InvalidAccessError",
+    registration.pushManager.subscribe({ applicationServerKey: new ArrayBuffer(0) }),
+  );
+}, "Reject empty ArrayBuffer applicationServerKey");
+
+promise_test(async (t) => {
+  await promise_rejects_dom(
+    t,
+    "InvalidAccessError",
+    registration.pushManager.subscribe({ applicationServerKey: new Uint8Array(0) }),
+  );
+}, "Reject empty Uint8Array applicationServerKey");
+
+promise_test(async (t) => {
+  await promise_rejects_dom(
+    t,
+    "InvalidAccessError",
+    registration.pushManager.subscribe({ applicationServerKey: new Uint8Array([1, 2, 3]) }),
+  );
+}, "Reject a key that is not a valid point on P-256 curve");
+
+promise_test(async (t) => {
+  await promise_rejects_dom(
+    t,
+    "InvalidCharacterError",
+    registration.pushManager.subscribe({ applicationServerKey: "!@#$^&*" }),
+  );
+}, "Reject a string key that can't be decoded by base64url");