[RWI] Require user activation for real world identity API

BUG=338261531 Change-Id: If5967b8db446f717129384c53e0b741920d72b4a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5532484 Commit-Queue: Peter Kotwicz <pkotwicz@chromium.org> Reviewed-by: Christian Biesinger <cbiesinger@chromium.org> Cr-Commit-Position: refs/heads/main@{#1301496}
web-platform-tests · May 15, 2024 · 53eba69 · 53eba69
1 parent bc6f2e3
commit 53eba69
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 9 deletions.
diff --git a/credential-management/digital-identity.https.html b/credential-management/digital-identity.https.html
@@ -9,7 +9,7 @@
 
 <body>
 <script type="module">
-import { buildValidNavigatorIdentityRequest } from './support/digital-identity-helper.js';
+import { buildValidNavigatorIdentityRequest, requestIdentityWithActivation } from './support/digital-identity-helper.js';
 
 // This regex removes the filename from the path so that we just get
 // the directory.
@@ -28,38 +28,43 @@
 
 // Requires browser to have mode where OS-presented digital-identity-prompt is
 // bypassed in favour of returning "fake_test_token" directly.
+promise_test(async t=>{
+  assert_false(navigator.userActivation.isActive);
+  let request = buildValidNavigatorIdentityRequest();
+  await promise_rejects_dom(t, "NetworkError", navigator.identity.get(request));
+}, "navigator.identity.get() fails if the page doesn't have user activation");
+
 promise_test(async t => {
   let request = buildValidNavigatorIdentityRequest();
-  let credential = await navigator.identity.get(request);
+  let credential = await requestIdentityWithActivation(test_driver, request);
   assert_equals("urn:openid.net:oid4vp", credential.protocol);
   assert_equals("fake_test_token", credential.data);
 }, "navigator.identity.get() API works in toplevel frame.");
 
 promise_test(async t => {
   let request = buildValidNavigatorIdentityRequest();
   request.digital.providers = undefined;
-
-  await promise_rejects_js(t, TypeError, navigator.identity.get(request));
+  await promise_rejects_js(t, TypeError, requestIdentityWithActivation(test_driver, request));
 }, "navigator.identity.get() API fails if DigitalCredentialRequestOptions::providers is not specified.");
 
 promise_test(async t => {
   let request = buildValidNavigatorIdentityRequest();
   request.digital.providers = [];
-  await promise_rejects_js(t, TypeError, navigator.identity.get(request));
+  await promise_rejects_js(t, TypeError, requestIdentityWithActivation(test_driver, request));
 }, "navigator.identity.get() API fails if there are no providers.");
 
 promise_test(async t => {
   let request = buildValidNavigatorIdentityRequest();
   let providerCopy = structuredClone(request.digital.providers[0]);
   request.digital.providers.push(providerCopy);
-  await promise_rejects_js(t, TypeError, navigator.identity.get(request));
+  await promise_rejects_js(t, TypeError, requestIdentityWithActivation(test_driver, request));
 }, "navigator.identity.get() API fails if there is more than one provider.");
 
 promise_test(async t=> {
   let abortController = new AbortController();
   let request = buildValidNavigatorIdentityRequest();
   request.signal = abortController.signal;
-  let requestPromise = navigator.identity.get(request);
+  let requestPromise = requestIdentityWithActivation(test_driver, request);
   abortController.abort();
   await promise_rejects_dom(t, "AbortError", requestPromise);
 }, "navigator.identity.get() promise is rejected when the page aborts the request.");

diff --git a/credential-management/support/digital-identity-helper.js b/credential-management/support/digital-identity-helper.js
@@ -17,3 +17,10 @@ export function buildValidNavigatorIdentityRequest() {
       },
   };
 }
+
+// Requests digital identity with user activation.
+export function requestIdentityWithActivation(test_driver, request) {
+  return test_driver.bless("request identity with activation", async function() {
+    return await navigator.identity.get(request);
+  });
+}
diff --git a/credential-management/support/digital-identity-iframe.html b/credential-management/support/digital-identity-iframe.html
@@ -2,7 +2,7 @@
 <script src="/resources/testdriver.js"></script>
 <script src="/resources/testdriver-vendor.js"></script>
 <script type="module">
-import { buildValidNavigatorIdentityRequest } from './digital-identity-helper.js';
+import { buildValidNavigatorIdentityRequest, requestIdentityWithActivation } from './digital-identity-helper.js';
 
 // Loading digital-identity-iframe.html in the test will make a digital credential call on load, and
 // trigger a postMessage upon completion.
@@ -16,7 +16,7 @@
 window.onload = async () => {
   try {
     let request = buildValidNavigatorIdentityRequest();
-    let credential = await navigator.identity.get(request);
+    let credential = await requestIdentityWithActivation(test_driver, request);
 
     window.top.postMessage({result: "Pass", data: credential.data}, '*');
   } catch (error) {