Check that Service Workers are registered from secure origins.

Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp

Index: Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp
diff --git a/Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp b/Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..228990ed2d6194ef8274512e754bbe8fe684dcae
--- /dev/null
+++ b/Source/modules/serviceworkers/ServiceWorkerContainerTest.cpp
@@ -0,0 +1,237 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "config.h"
+#include "modules/serviceworkers/ServiceWorkerContainer.h"
+
+#include "bindings/core/v8/Dictionary.h"
+#include "bindings/core/v8/ScriptFunction.h"
+#include "bindings/core/v8/ScriptPromise.h"
+#include "bindings/core/v8/ScriptState.h"
+#include "bindings/core/v8/V8DOMException.h"
+#include "bindings/core/v8/V8GCController.h"
+#include "core/dom/DOMException.h"
+#include "core/dom/Document.h"
+#include "core/dom/ExecutionContext.h"
+#include "core/testing/DummyPageHolder.h"
+#include "modules/serviceworkers/MockWebServiceWorkerProvider.h"
+#include "modules/serviceworkers/ServiceWorkerContainerClient.h"
+#include "platform/weborigin/KURL.h"
+#include "platform/weborigin/SecurityOrigin.h"
+#include "public/platform/WebURL.h"
+#include "wtf/OwnPtr.h"
+#include "wtf/PassOwnPtr.h"
+#include "wtf/text/WTFString.h"
+#include <gmock/gmock.h>
+#include <gtest/gtest.h>
+#include <v8.h>
+
+using namespace WebCore;
+
+namespace {
+
+using testing::_;
+using testing::AtLeast;
+using testing::Eq;
+using testing::InSequence;
+using testing::Matcher;
+using testing::MockWebServiceWorkerProvider;
+using testing::PrintToString;
+using testing::Return;
+using testing::Test;
+
+// Matches a ScriptValue and a DOMException with a specific name and message.
+MATCHER_P2(
+    IsDOMException, name, message,
+    std::string(negation ? "isn't " : "is ") + name + " where message is " + PrintToString(message))
+{
+    DOMException* exception = V8DOMException::toNativeWithTypeCheck(arg.isolate(), arg.v8Value());
+    if (!exception) {
+        *result_listener << "where value is not a DOMException";
+        return false;
+    }
+
+    *result_listener << "where name is " << exception->name().utf8().data() << " and message is " << PrintToString(exception->message().utf8().data());
+    return exception->name() == name && exception->message() == message;
+}
+
+class MockScriptFunction : public ScriptFunction {
+public:
+    MockScriptFunction(v8::Isolate* isolate) : ScriptFunction(isolate)
+    {
+        ON_CALL(*this, call(_)).WillByDefault(Return(ScriptValue()));
+    }
+
+    MOCK_METHOD1(call, ScriptValue(ScriptValue arg));
+};
+
+// Runs microtasks and expects |promise| to be rejected.
+void expectRejected(ScriptPromise& promise, Matcher<ScriptValue> argumentMatcher)
+{
+    InSequence sequence;
+    OwnPtr<MockScriptFunction> resolved = adoptPtr(new MockScriptFunction(promise.isolate()));
+    EXPECT_CALL(*resolved, call(_)).Times(0);
+    OwnPtr<MockScriptFunction> rejected = adoptPtr(new MockScriptFunction(promise.isolate()));
+    EXPECT_CALL(*rejected, call(argumentMatcher));
+    promise.then(resolved.release(), rejected.release());
+    promise.isolate()->RunMicrotasks();
+}
+
+class ServiceWorkerContainerTest : public Test {
+protected:
+    ServiceWorkerContainerTest()
+        : m_page(DummyPageHolder::create())
+    {
+    }
+
+    ~ServiceWorkerContainerTest()
+    {
+        // It is necessary to collect garbage so that the
+        // MockScriptFunctions used by ScriptPromises are deleted and
+        // can check their expectations.
+        m_page.clear();
+        V8GCController::collectGarbage(isolate());
+    }
+
+    ExecutionContext* executionContext() { return &(m_page->document()); }
+    v8::Isolate* isolate() { return v8::Isolate::GetCurrent(); }
+    ScriptState* scriptState() { return ScriptState::forMainWorld(m_page->document().frame()); }
+
+    void provide(PassOwnPtr<WebServiceWorkerProvider> provider)
+    {
+        m_page->document().DocumentSupplementable::provideSupplement(ServiceWorkerContainerClient::supplementName(), ServiceWorkerContainerClient::create(provider));
+    }
+
+    void setPageURL(const String& url)
+    {
+        m_page->document().setBaseURLOverride(KURL(KURL(), url));
+        m_page->document().setSecurityOrigin(SecurityOrigin::createFromString(url));
+    }
+
+    void testRegisterRejected(const String& scriptURL, const String& scope, Matcher<ScriptValue> rejectValue)
+    {
+        OwnPtr<MockWebServiceWorkerProvider> provider = adoptPtr(new MockWebServiceWorkerProvider());
+        EXPECT_CALL(*provider, setClient(_));
+        // When the registration is rejected, a register call must not reach
+        // the provider.
+        EXPECT_CALL(*provider, registerServiceWorker(_, _, _)).Times(0);
+        EXPECT_CALL(*provider, setClient(Eq(nullptr))).Times(AtLeast(1));
+        provide(provider.release());
+
+        RefPtrWillBeRawPtr<ServiceWorkerContainer> container = ServiceWorkerContainer::create(executionContext());
+        ScriptState::Scope scriptScope(scriptState());
+        Dictionary options = Dictionary::createEmpty(isolate());
+        EXPECT_TRUE(options.set("scope", scope));
+        ScriptPromise promise = container->registerServiceWorker(scriptState(), scriptURL, options);
+        expectRejected(promise, rejectValue);
+
+        container->willBeDetachedFromFrame();
+    }
+
+    void testUnregisterRejected(const String& scope, Matcher<ScriptValue> rejectValue)
+    {
+        OwnPtr<MockWebServiceWorkerProvider> provider = adoptPtr(new MockWebServiceWorkerProvider());
+        EXPECT_CALL(*provider, setClient(_));
+        // An unregister call must not reach the provider.
+        EXPECT_CALL(*provider, unregisterServiceWorker(_, _)).Times(0);
+        EXPECT_CALL(*provider, setClient(Eq(nullptr))).Times(AtLeast(1));
+        provide(provider.release());
+
+        RefPtrWillBeRawPtr<ServiceWorkerContainer> container = ServiceWorkerContainer::create(executionContext());
+        ScriptState::Scope scriptScope(scriptState());
+        Dictionary options = Dictionary::createEmpty(isolate());
+        EXPECT_TRUE(options.set("scope", scope));
+        ScriptPromise promise = container->unregisterServiceWorker(scriptState(), scope);
+        expectRejected(promise, rejectValue);
+
+        container->willBeDetachedFromFrame();
+    }
+
+private:
+    OwnPtr<DummyPageHolder> m_page;
+};
+
+TEST_F(ServiceWorkerContainerTest, Register_NonSecureOriginIsRejected)
+{
+    setPageURL("http://www.example.com/");
+    testRegisterRejected(
+        "http://www.example.com/worker.js",
+        "http://www.example.com/*",
+        IsDOMException("SecurityError", "Service Workers are only supported over secure origins."));
+}
+
+TEST_F(ServiceWorkerContainerTest, Register_CrossOriginScriptIsRejected)
+{
+    setPageURL("https://www.example.com");
+    testRegisterRejected(
+        "https://www.example.com:8080/", // Differs by port
+        "https://www.example.com/*",
+        IsDOMException("SecurityError", "The origin of the script must match the current origin."));
+}
+
+TEST_F(ServiceWorkerContainerTest, Register_CrossOriginScopeIsRejected)
+{
+    setPageURL("https://www.example.com");
+    testRegisterRejected(
+        "https://www.example.com",
+        "wss://www.example.com/*", // Differs by protocol
+        IsDOMException("SecurityError", "The scope must match the current origin."));
+}
+
+TEST_F(ServiceWorkerContainerTest, Unregister_NonSecureOriginIsRejected)
+{
+    setPageURL("http://www.example.com");
+    testUnregisterRejected(
+        "*",
+        IsDOMException("SecurityError", "Service Workers are only supported over secure origins."));
+}
+
+TEST_F(ServiceWorkerContainerTest, Unregister_CrossOriginScopeIsRejected)
+{
+    setPageURL("https://www.example.com");
+    testUnregisterRejected(
+        "https://example.com/*", // Differs by host
+        IsDOMException("SecurityError", "The scope must match the current origin."));
+}
+
+TEST_F(ServiceWorkerContainerTest, RegisterUnregister_NonHttpsSecureOriginDelegatesToProvider)
+{
+    setPageURL("http://localhost/x/index.html");
+
+    OwnPtr<MockWebServiceWorkerProvider> provider = adoptPtr(new MockWebServiceWorkerProvider());
+    EXPECT_CALL(*provider, setClient(_));
+    EXPECT_CALL(
+        *provider,
+        registerServiceWorker(
+            Eq(WebURL(KURL(KURL(), "http://localhost/x/y/*"))),
+            Eq(WebURL(KURL(KURL(), "http://localhost/z/worker.js"))),
+            _));
+    EXPECT_CALL(
+        *provider,
+        unregisterServiceWorker(
+            Eq(WebURL(KURL(KURL(), "http://localhost/x/y/*"))),
+            _));
+    EXPECT_CALL(*provider, setClient(Eq(nullptr))).Times(AtLeast(1));
+    provide(provider.release());
+
+    RefPtrWillBeRawPtr<ServiceWorkerContainer> container = ServiceWorkerContainer::create(executionContext());
+
+    // register
+    {
+        ScriptState::Scope scriptScope(scriptState());
+        Dictionary options = Dictionary::createEmpty(isolate());
+        EXPECT_TRUE(options.set("scope", "y/*"));
+        container->registerServiceWorker(scriptState(), "/z/worker.js", options);
+    }
+
+    // unregister
+    {
+        ScriptState::Scope scriptScope(scriptState());
+        container->unregisterServiceWorker(scriptState(), "y/*");
+    }
+
+    container->willBeDetachedFromFrame();
+}
+
+} // namespace