CREDENTIAL: Teach Fetch to handle PasswordCredential objects.

third_party/WebKit/LayoutTests/http/tests/credentialmanager/passwordcredential-fetch.html

Index: third_party/WebKit/LayoutTests/http/tests/credentialmanager/passwordcredential-fetch.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/credentialmanager/passwordcredential-fetch.html b/third_party/WebKit/LayoutTests/http/tests/credentialmanager/passwordcredential-fetch.html
new file mode 100644
index 0000000000000000000000000000000000000000..c9e4e94b919a7434f8bcfb1db7ade94d270038db
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/credentialmanager/passwordcredential-fetch.html
@@ -0,0 +1,157 @@
+<!DOCTYPE html>
+<title>Credential Manager: PasswordCredential basics.</title>
+<script src="../resources/testharness.js"></script>
+<script src="../resources/testharnessreport.js"></script>
+<script src="/serviceworker/resources/interfaces.js"></script>
+<script>
+async_test(function(t) {

[philipj_slow, 2015/11/17 15:53:59]

I don't know if it will simplify or not, but there's a promise_test() helper
that's used for some other tests involving fetch(), and it saves the trouble of
explicitly handling rejections.

[Mike West, 2015/11/18 09:12:51]

Looks like a pretty reasonable simplification.

[philipj_slow, 2015/11/18 10:00:05]

Yep, it turned out pretty nice!

+    var credential = new PasswordCredential({
+        id: 'id',
+        password: 'pencil',
+        name: 'name',
+        iconURL: 'https://example.com/icon.png'
+    });
+
+    fetch("./resources/echo-post.php", { body: credential, method: "POST" }).then(
+        t.step_func(function (r) {
+            r.json().then(

[philipj_slow, 2015/11/17 15:53:59]

I think you could also flatten this kind of structure a bit, to something more
like

return fetch("./resources/echo-post.php", { body: credential, method: "POST" }))
  .then(r => r.json())
  .then(function(j) { assert_equals ... });

I'm not a Promise guru though, so I'm not sure what the coolest way is, that's
just what I've done before. If you try, you might want to ensure that a failing
assert gives a sensible message and doesn't just end up in the unhandled promise
rejection bucket, i.e. will you need wrap assertions in t.step_func?

[Mike West, 2015/11/18 09:12:50]

This looks pretty cool to me!
I'd think that splitting things up into multiple `promise_test`s, and giving
each test a reasonable messages would be enough. Why don't I try that rather
than wrapping everything in more functions?

+                t.step_func_done(function (j) {
+                    assert_equals(j.username, 'id');
+                    assert_equals(j.password, 'pencil');
+                }),
+                t.unreached_func("Should be able to read the body."));
+        }),
+        t.unreached_func("Should not reject")
+    );
+}, "Simple Fetch");
+
+async_test(function(t) {
+    var credential = new PasswordCredential({
+        id: 'id',
+        password: 'pencil',
+        name: 'name',
+        iconURL: 'https://example.com/icon.png'
+    });
+
+    credential.idName = "notUsername";
+    credential.passwordName = "notPassword";
+
+    fetch("./resources/echo-post.php", { body: credential, method: "POST" }).then(
+        t.step_func(function (r) {
+            r.json().then(
+                t.step_func_done(function (j) {
+                    assert_equals(j.username, undefined);
+                    assert_equals(j.password, undefined);
+                    assert_equals(j.notUsername, 'id');
+                    assert_equals(j.notPassword, 'pencil');
+                }),
+                t.unreached_func("Should be able to read the body."));
+        }),
+        t.unreached_func("Should not reject")
+    );
+}, "'idName' and 'passwordName'");
+
+async_test(function(t) {
+    var credential = new PasswordCredential({
+        id: 'id',
+        password: 'pencil',
+        name: 'name',
+        iconURL: 'https://example.com/icon.png'
+    });
+
+    var fd = new FormData();
+    credential.additionalData = fd;
+
+    fetch("./resources/echo-post.php", { body: credential, method: "POST" }).then(
+        t.step_func(function (r) {
+            r.json().then(
+                t.step_func_done(function (j) {
+                    assert_equals(j.username, 'id');
+                    assert_equals(j.password, 'pencil');
+                }),
+                t.unreached_func("Should be able to read the body."));
+        }),
+        t.unreached_func("Should not reject")
+    );
+}, "'additionalData': Empty FormData has no effect.");
+
+async_test(function(t) {
+    var credential = new PasswordCredential({
+        id: 'id',
+        password: 'pencil',
+        name: 'name',
+        iconURL: 'https://example.com/icon.png'
+    });
+
+    var fd = new FormData();
+    fd.append("excitingData", "exciting value");
+    fd.append("csrf", "[randomness]");
+    credential.additionalData = fd;
+
+    fetch("./resources/echo-post.php", { body: credential, method: "POST" }).then(
+        t.step_func(function (r) {
+            r.json().then(
+                t.step_func_done(function (j) {
+                    assert_equals(j.username, 'id');
+                    assert_equals(j.password, 'pencil');
+                    assert_equals(j.excitingData, 'exciting value');
+                    assert_equals(j.csrf, '[randomness]');
+                }),
+                t.unreached_func("Should be able to read the body."));
+        }),
+        t.unreached_func("Should not reject")
+    );
+}, "'additionalData': FormData properties are properly injected.");

[philipj_slow, 2015/11/17 15:53:59]

The spec requires a specific order (idName+passwordName last?) as well, can you
find a way to check that?

[Mike West, 2015/11/18 09:12:51]

This is going to be difficult to do with FormData. Both Perl's CGI module's
`params('POSTDATA')` and PHP's `php://input` return "" when faced with multipart
POSTs.

[philipj_slow, 2015/11/18 10:00:05]

Fair enough :)

+
+async_test(function(t) {
+    var credential = new PasswordCredential({
+        id: 'id',
+        password: 'pencil',
+        name: 'name',
+        iconURL: 'https://example.com/icon.png'
+    });
+
+    var params = new URLSearchParams();
+    credential.additionalData = params;
+
+    fetch("./resources/echo-post.php", { body: credential, method: "POST" }).then(
+        t.step_func(function (r) {
+            r.json().then(
+                t.step_func_done(function (j) {
+                    assert_equals(j.username, 'id');
+                    assert_equals(j.password, 'pencil');
+                }),
+                t.unreached_func("Should be able to read the body."));
+        }),
+        t.unreached_func("Should not reject")
+    );
+}, "'additionalData': Empty URLSearchParams has no effect.");
+
+async_test(function(t) {
+    var credential = new PasswordCredential({
+        id: 'id',
+        password: 'pencil',
+        name: 'name',
+        iconURL: 'https://example.com/icon.png'
+    });
+
+    var params = new URLSearchParams();
+    params.append("excitingData", "exciting value");
+    params.append("csrf", "[randomness]");
+    credential.additionalData = params;
+
+    fetch("./resources/echo-post.php", { body: credential, method: "POST" }).then(
+        t.step_func(function (r) {
+            r.json().then(
+                t.step_func_done(function (j) {
+                    assert_equals(j.username, 'id');
+                    assert_equals(j.password, 'pencil');
+                    assert_equals(j.excitingData, 'exciting value');
+                    assert_equals(j.csrf, '[randomness]');
+                }),
+                t.unreached_func("Should be able to read the body."));
+        }),
+        t.unreached_func("Should not reject")
+    );
+}, "'additionalData': URLSearchParams properties are properly injected.");

[philipj_slow, 2015/11/17 15:53:59]

Same question about order.

[Mike West, 2015/11/18 09:12:51]

This will be simpler. :)

+</script>