From 5f8de423f190bbb79a62f804151bc24824fa32d8 Mon Sep 17 00:00:00 2001
From: "Matt A. Tobin" <mattatobin@localhost.localdomain>
Date: Fri, 2 Feb 2018 04:16:08 -0500
Subject: Add m-esr52 at 52.6.0

---
 .../test/general/browser_insecureLoginForms.js     | 162 +++++++++++++++++++++
 1 file changed, 162 insertions(+)
 create mode 100644 browser/base/content/test/general/browser_insecureLoginForms.js

(limited to 'browser/base/content/test/general/browser_insecureLoginForms.js')

diff --git a/browser/base/content/test/general/browser_insecureLoginForms.js b/browser/base/content/test/general/browser_insecureLoginForms.js
new file mode 100644
index 000000000..72db7dbe6
--- /dev/null
+++ b/browser/base/content/test/general/browser_insecureLoginForms.js
@@ -0,0 +1,162 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// Load directly from the browser-chrome support files of login tests.
+const TEST_URL_PATH = "/browser/toolkit/components/passwordmgr/test/browser/";
+
+/**
+ * Waits for the given number of occurrences of InsecureLoginFormsStateChange
+ * on the given browser element.
+ */
+function waitForInsecureLoginFormsStateChange(browser, count) {
+  return BrowserTestUtils.waitForEvent(browser, "InsecureLoginFormsStateChange",
+                                       false, () => --count == 0);
+}
+
+/**
+ * Checks the insecure login forms logic for the identity block.
+ */
+add_task(function* test_simple() {
+  yield new Promise(resolve => SpecialPowers.pushPrefEnv({
+    "set": [["security.insecure_password.ui.enabled", true]],
+  }, resolve));
+
+  for (let [origin, expectWarning] of [
+    ["http://example.com", true],
+    ["http://127.0.0.1", false],
+    ["https://example.com", false],
+  ]) {
+    let testUrlPath = origin + TEST_URL_PATH;
+    let tab = gBrowser.addTab(testUrlPath + "form_basic.html");
+    let browser = tab.linkedBrowser;
+    yield Promise.all([
+      BrowserTestUtils.switchTab(gBrowser, tab),
+      BrowserTestUtils.browserLoaded(browser),
+      // One event is triggered by pageshow and one by DOMFormHasPassword.
+      waitForInsecureLoginFormsStateChange(browser, 2),
+    ]);
+
+    let { gIdentityHandler } = gBrowser.ownerGlobal;
+    gIdentityHandler._identityBox.click();
+    document.getElementById("identity-popup-security-expander").click();
+
+    if (expectWarning) {
+      is_element_visible(document.getElementById("connection-icon"));
+      let connectionIconImage = gBrowser.ownerGlobal
+            .getComputedStyle(document.getElementById("connection-icon"), "")
+            .getPropertyValue("list-style-image");
+      let securityViewBG = gBrowser.ownerGlobal
+            .getComputedStyle(document.getElementById("identity-popup-securityView"), "")
+            .getPropertyValue("background-image");
+      let securityContentBG = gBrowser.ownerGlobal
+            .getComputedStyle(document.getElementById("identity-popup-security-content"), "")
+            .getPropertyValue("background-image");
+      is(connectionIconImage,
+         "url(\"chrome://browser/skin/connection-mixed-active-loaded.svg#icon\")",
+         "Using expected icon image in the identity block");
+      is(securityViewBG,
+         "url(\"chrome://browser/skin/controlcenter/mcb-disabled.svg\")",
+         "Using expected icon image in the Control Center main view");
+      is(securityContentBG,
+         "url(\"chrome://browser/skin/controlcenter/mcb-disabled.svg\")",
+         "Using expected icon image in the Control Center subview");
+      is(Array.filter(document.querySelectorAll("[observes=identity-popup-insecure-login-forms-learn-more]"),
+                      element => !is_hidden(element)).length, 1,
+         "The 'Learn more' link should be visible once.");
+    }
+
+    // Messages should be visible when the scheme is HTTP, and invisible when
+    // the scheme is HTTPS.
+    is(Array.every(document.querySelectorAll("[when-loginforms=insecure]"),
+                   element => !is_hidden(element)),
+       expectWarning,
+       "The relevant messages should be visible or hidden.");
+
+    gIdentityHandler._identityPopup.hidden = true;
+    gBrowser.removeTab(tab);
+  }
+});
+
+/**
+ * Checks that the insecure login forms logic does not regress mixed content
+ * blocking messages when mixed active content is loaded.
+ */
+add_task(function* test_mixedcontent() {
+  yield new Promise(resolve => SpecialPowers.pushPrefEnv({
+    "set": [["security.mixed_content.block_active_content", false]],
+  }, resolve));
+
+  // Load the page with the subframe in a new tab.
+  let testUrlPath = "://example.com" + TEST_URL_PATH;
+  let tab = gBrowser.addTab("https" + testUrlPath + "insecure_test.html");
+  let browser = tab.linkedBrowser;
+  yield Promise.all([
+    BrowserTestUtils.switchTab(gBrowser, tab),
+    BrowserTestUtils.browserLoaded(browser),
+    // Two events are triggered by pageshow and one by DOMFormHasPassword.
+    waitForInsecureLoginFormsStateChange(browser, 3),
+  ]);
+
+  assertMixedContentBlockingState(browser, { activeLoaded: true,
+                                             activeBlocked: false,
+                                             passiveLoaded: false });
+
+  gBrowser.removeTab(tab);
+});
+
+/**
+ * Checks that insecure window.opener does not trigger a warning.
+ */
+add_task(function* test_ignoring_window_opener() {
+  let newTabURL = "https://example.com" + TEST_URL_PATH + "form_basic.html";
+  let path = getRootDirectory(gTestPath)
+    .replace("chrome://mochitests/content", "http://example.com");
+  let url = path + "insecure_opener.html";
+
+  yield BrowserTestUtils.withNewTab(url, function*(browser) {
+    // Clicking the link will spawn a new tab.
+    let loaded = BrowserTestUtils.waitForNewTab(gBrowser, newTabURL);
+    yield ContentTask.spawn(browser, {}, function() {
+      content.document.getElementById("link").click();
+    });
+    let tab = yield loaded;
+    browser = tab.linkedBrowser;
+    yield waitForInsecureLoginFormsStateChange(browser, 2);
+
+    // Open the identity popup.
+    let { gIdentityHandler } = gBrowser.ownerGlobal;
+    gIdentityHandler._identityBox.click();
+    document.getElementById("identity-popup-security-expander").click();
+
+    ok(is_visible(document.getElementById("connection-icon")),
+       "Connection icon is visible");
+
+    // Assert that the identity indicators are still "secure".
+    let connectionIconImage = gBrowser.ownerGlobal
+          .getComputedStyle(document.getElementById("connection-icon"))
+          .getPropertyValue("list-style-image");
+    let securityViewBG = gBrowser.ownerGlobal
+          .getComputedStyle(document.getElementById("identity-popup-securityView"))
+          .getPropertyValue("background-image");
+    let securityContentBG = gBrowser.ownerGlobal
+          .getComputedStyle(document.getElementById("identity-popup-security-content"))
+          .getPropertyValue("background-image");
+    is(connectionIconImage,
+       "url(\"chrome://browser/skin/connection-secure.svg\")",
+       "Using expected icon image in the identity block");
+    is(securityViewBG,
+       "url(\"chrome://browser/skin/controlcenter/connection.svg#connection-secure\")",
+       "Using expected icon image in the Control Center main view");
+    is(securityContentBG,
+       "url(\"chrome://browser/skin/controlcenter/connection.svg#connection-secure\")",
+       "Using expected icon image in the Control Center subview");
+
+    ok(Array.every(document.querySelectorAll("[when-loginforms=insecure]"),
+                   element => is_hidden(element)),
+       "All messages should be hidden.");
+
+    gIdentityHandler._identityPopup.hidden = true;
+
+    yield BrowserTestUtils.removeTab(tab);
+  });
+});
-- 
cgit v1.2.3