navigator.credentials.create({password: "bogus password data", federated: "bogus federated data"}) rejects with TypeError, spec says it should reject with NotSupportedError |
||||||
Issue description
Chrome Version: 60.0.3112.90 (Official Build) (64-bit)
OS: Mac OS X
According to the spec, navigator.credentials.create({password: "bogus password data", federated: "bogus federated data"}) should result in rejecting the Promise with NotSupportedError. Take a look at [Create a Credential] section of the spec:
https://w3c.github.io/webappsec-credential-management/#algorithm-create
"3. Let interfaces be the set of options’ relevant credential interface objects.
4. Return a promise rejected with NotSupportedError if any of the following statements are true:
(...)
* interfaces’ size is greater than 1."
Now take a look at how 'interfaces' list is constructed:
https://w3c.github.io/webappsec-credential-management/#credentialrequestoptions-relevant-credential-interface-objects
"1. Let settings be the current settings object
2. Let interface objects be the set of interface objects on settings’ global object.
3. Let relevant interface objects be an empty set.
4. For each object in interface objects:
4.1. If object’s inherited interfaces do not contain Credential, continue.
4.2. Let key be object’s [[type]] slot’s value.
4.3. If options[key] exists, append object to relevant interface objects."
That means only checking if 'options' contains keys 'password' and 'federated', not validating them. So, for 'options = {password: "bogus password data", federated: "bogus federated data"}', size of 'interfaces' list would be 2.
However, there is a test expecting that the promise will be rejected with TypeError instead:
https://cs.chromium.org/chromium/src/third_party/WebKit/LayoutTests/external/wpt/credential-management/credentialscontainer-create-basics.https.html?q=credentialscontainer-create-basics&dr&l=127
The test is passing on desktop (you can run it here: https://w3c-test.org/credential-management/credentialscontainer-create-basics.https.html), so it seems it is not conforming to the spec.
,
Oct 5 2017
,
Oct 9 2017
Jan, this might be a good starter bug to get familiar with the Blink side implementation. Do you want to take a look?
,
Oct 9 2017
I'm inclined to mark this as WontFix, as to my understanding this is working as intended: The expected NotSupportedError for multiple interfaces is exercised in this test: https://cs.chromium.org/chromium/src/third_party/WebKit/LayoutTests/external/wpt/credential-management/credentialscontainer-create-basics.https.html?l=109-125&rcl=81e188301fa0c9db2988722345d9008a7cab1e22 The reason why the test linked in the OP raises a TypeError, is because the value of the interface key should be an object itself, not a string. Executing this code in devtools navigator.credentials.create({ password: "bogus password data", federated: "bogus federated data", }); results in this error: "TypeError: Failed to execute 'create' on 'CredentialsContainer': cannot convert to dictionary." To my understanding of the spec this is the correct behavior. What do you think?
,
Oct 9 2017
Do we have another test that exercises NotSupportedError if a proper FederatedCredentialRequestOptions dictionary is passed in?
,
Oct 9 2017
If I'm not mistaken the test I linked to already exercises the case of a proper FederatedCredentialRequestOptions. However, it might be worthwhile to also add tests for the PublicKeyCredentialRequestOptions case.
,
Oct 9 2017
Yep, that's correct. Adding Kim on the PK credential aspect.
,
Nov 10 2017
,
Feb 18 2018
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by jochen@chromium.org
, Oct 5 2017Owner: engedy@chromium.org
Status: Assigned (was: Untriaged)