diff --git a/credential-management/fedcm-authz/fedcm-disclosure-text-shown.https.html b/credential-management/fedcm-authz/fedcm-disclosure-text-shown.https.html index e3f303ec4c9ff5..513ef258e18a68 100644 --- a/credential-management/fedcm-authz/fedcm-disclosure-text-shown.https.html +++ b/credential-management/fedcm-authz/fedcm-disclosure-text-shown.https.html @@ -16,10 +16,42 @@ fedcm_test(async t => { let options = request_options_with_mediation_required("manifest_check_disclosure_shown_false.json"); options.identity.providers[0].clientId = "0"; - options.identity.providers[0].scope = ["non_default_scope"]; + options.identity.providers[0].fields = ["non_default_field"]; + options.identity.providers[0].nonce = "non_default_field"; const cred = await fedcm_get_and_select_first_account(t, options); assert_equals(cred.token, "token"); assert_equals(cred.isAutoSelected, false); -}, "We should send disclosure_text_shown=false when custom scopes are passed."); +}, "We should send disclosure_text_shown=false when custom fields are passed."); + +fedcm_test(async t => { + let options = request_options_with_mediation_required("manifest_check_disclosure_shown_false.json"); + options.identity.providers[0].clientId = "0"; + options.identity.providers[0].fields = []; + options.identity.providers[0].nonce = ""; + const cred = await fedcm_get_and_select_first_account(t, options); + assert_equals(cred.token, "token"); + assert_equals(cred.isAutoSelected, false); +}, "We should send disclosure_text_shown=false when an empty custom fields array is passed."); + + +fedcm_test(async t => { + let options = request_options_with_mediation_required("manifest_check_disclosure_shown_true.json"); + options.identity.providers[0].clientId = "0"; + options.identity.providers[0].nonce = "name,email,picture"; + const cred = await fedcm_get_and_select_first_account(t, options); + assert_equals(cred.token, "token"); + assert_equals(cred.isAutoSelected, false); +}, "We should send disclosure_text_shown=true when no custom fields are passed."); + +fedcm_test(async t => { + let options = request_options_with_mediation_required("manifest_check_disclosure_shown_true.json"); + options.identity.providers[0].clientId = "0"; + options.identity.providers[0].fields = ["name", "email", "picture", "locale"]; + options.identity.providers[0].nonce = "name,email,picture,locale"; + const cred = await fedcm_get_and_select_first_account(t, options); + assert_equals(cred.token, "token"); + assert_equals(cred.isAutoSelected, false); +}, "We should send disclosure_text_shown=true when custom fields are passed in addition to standard fields."); + diff --git a/credential-management/support/fedcm/manifest_check_disclosure_shown_true.json b/credential-management/support/fedcm/manifest_check_disclosure_shown_true.json new file mode 100644 index 00000000000000..7d7004c3cffee4 --- /dev/null +++ b/credential-management/support/fedcm/manifest_check_disclosure_shown_true.json @@ -0,0 +1,7 @@ +{ + "accounts_endpoint": "accounts.py", + "client_metadata_endpoint": "client_metadata.py", + "id_assertion_endpoint": "token_check_disclosure_shown_true.py", + "login_url": "login.html" +} + diff --git a/credential-management/support/fedcm/token_check_disclosure_shown_false.py b/credential-management/support/fedcm/token_check_disclosure_shown_false.py index f4b732053ff0f2..14908fadcfd4e0 100644 --- a/credential-management/support/fedcm/token_check_disclosure_shown_false.py +++ b/credential-management/support/fedcm/token_check_disclosure_shown_false.py @@ -6,8 +6,13 @@ def main(request, response): if (request_error): return request_error + nonce = request.POST.get(b"nonce") or b"" if request.POST.get(b"disclosure_text_shown") != b"false": return (560, [], "disclosure_text_shown is not false") + if request.POST.get(b"disclosure_shown_for") != b"": + return (561, [], "disclosure_shown_for is not empty") + if request.POST.get(b"fields") != nonce: + return (562, [], "fields does not match nonce") response.headers.set(b"Content-Type", b"application/json") response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) diff --git a/credential-management/support/fedcm/token_check_disclosure_shown_true.py b/credential-management/support/fedcm/token_check_disclosure_shown_true.py new file mode 100644 index 00000000000000..c7a2a16bc3cbde --- /dev/null +++ b/credential-management/support/fedcm/token_check_disclosure_shown_true.py @@ -0,0 +1,21 @@ +import importlib +error_checker = importlib.import_module("credential-management.support.fedcm.request-params-check") + +def main(request, response): + request_error = error_checker.tokenCheck(request) + if (request_error): + return request_error + + nonce = request.POST.get(b"nonce") or b"" + if request.POST.get(b"disclosure_text_shown") != b"true": + return (560, [], "disclosure_text_shown is not true") + if request.POST.get(b"disclosure_shown_for") != b"name,email,picture": + return (561, [], "disclosure_shown_for is not name,email,picture") + if request.POST.get(b"fields") != nonce: + return (562, [], "fields does not match nonce") + + response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") + + return "{\"token\": \"token\"}"