corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
73f4f0146549173f51fd9f2950fd988ce646edfe
tubestation/testing/web-platform/tests/push-api/subscribe-with-faulty-applicationServerKey.https.window.js
Kagami Sascha Rosylight cb29d17ff9 Bug 1874394 - Add basic subscription test with dummy push server r=jgraham,asuth 
This adds:

1. A dummy Python websocket server as a push service, which then opens a new HTTP server as a push endpoint for each subscription.
  * This is done because we do not allow networking with external servers for WPT.
2. A encryption helper library that follows multiple web push RFCs.
  * This is done because:
    1. Existing https://github.com/web-push-libs/web-push and https://github.com/web-push-libs/encrypted-content-encoding/ includes multiple codes that WPT don't need (e.g. multiple rs and legacy protocol support) and hard to read along with the specs.
    2. We want to generate intentionally ill-encrypted data for testing, which is harder with a third party dependency

Known caveats:

* The dummy server works but contradicts to the point for encryption; the dummy doesn't validate VAPID and implementing that part will make way more complexity with no actual extra test coverage.
  * We might instead want to somehow allow connection to the push server than adding a dummy server.
* Other servers don't send CORS headers which this test depends on

Differential Revision: https://phabricator.services.mozilla.com/D222665
2024-11-13 09:53:26 +00:00

62 lines
2.1 KiB
JavaScript
Raw Blame History

// META: script=/resources/testdriver.js
// META: script=/resources/testdriver-vendor.js
// META: script=/notifications/resources/helpers.js
// NOTE:
// We are not testing success cases here as doing so will try creating external network
// connection, which is not allowed by all browser test environments.
// (e.g. Gecko explicitly disables push service for testing environment.)
// Ideally we should have WPT-specific mock server in this case. See also
// https://github.com/w3c/push-api/issues/365.
promise_setup(async () => {
// The spec does not enforce validation order and implementations
// indeed check other things before checking applicationServerKey.
// Get the permission because Firefox checks it before key validation.
// (The permission test is done in permission.https.html.)
await trySettingPermission("granted");
// Get the active service worker because Chrome checks it before key validation
registration = await getActiveServiceWorker("noop-sw.js");
});
promise_test(async (t) => {
await promise_rejects_dom(
t,
"InvalidAccessError",
registration.pushManager.subscribe({ applicationServerKey: "" }),
);
}, "Reject empty string applicationServerKey");
promise_test(async (t) => {
await promise_rejects_dom(
t,
"InvalidAccessError",
registration.pushManager.subscribe({ applicationServerKey: new ArrayBuffer(0) }),
);
}, "Reject empty ArrayBuffer applicationServerKey");
promise_test(async (t) => {
await promise_rejects_dom(
t,
"InvalidAccessError",
registration.pushManager.subscribe({ applicationServerKey: new Uint8Array(0) }),
);
}, "Reject empty Uint8Array applicationServerKey");
promise_test(async (t) => {
await promise_rejects_dom(
t,
"InvalidAccessError",
registration.pushManager.subscribe({ applicationServerKey: new Uint8Array([1, 2, 3]) }),
);
}, "Reject a key that is not a valid point on P-256 curve");
promise_test(async (t) => {
await promise_rejects_dom(
t,
"InvalidCharacterError",
registration.pushManager.subscribe({ applicationServerKey: "!@#$^&*" }),
);
}, "Reject a string key that can't be decoded by base64url");
Reference in New Issue View Git Blame Copy Permalink