Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add WebDriver commands #465

Merged
merged 8 commits into from
May 16, 2023
Merged

Add WebDriver commands #465

merged 8 commits into from
May 16, 2023

Conversation

cbiesinger
Copy link
Collaborator

@cbiesinger cbiesinger commented Apr 28, 2023

@cbiesinger cbiesinger requested a review from npm1 April 28, 2023 23:41
spec/index.bs Outdated Show resolved Hide resolved
spec/index.bs Outdated Show resolved Hide resolved

These WebDriver [=extension commands=] allow automated interactions with any
active FedCM dialogs.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps we add a subsection for each remote end step. Right now it's unclear what you're defining in each case unless you look at the POST closely. It could be in a title.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still don't understand how the behavior is limited in terms of interaction to make sure it cannot be exploited. Or is that a question for later?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure I understand the concern. Webdriver APIs are not exposed to the web (and also not enabled by default). See, for example, https://chromedriver.chromium.org/security-considerations

There are lots of ways webdriver can be exploited if that weren't the case since the APIs are very powerful.

This is only meant to be used by local automation/testing tools

spec/index.bs Outdated Show resolved Hide resolved
@npm1
Copy link
Collaborator

npm1 commented May 1, 2023

That was an initial review, it mostly looks good. I'll take a closer look after the comments are addressed!

@samuelgoto
Copy link
Collaborator

PR LGTM too. Since this is normative, can you make sure we get Mozilla to review this too?

Copy link
Collaborator Author

@cbiesinger cbiesinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PTAL!

spec/index.bs Outdated Show resolved Hide resolved
spec/index.bs Outdated Show resolved Hide resolved
spec/index.bs Outdated Show resolved Hide resolved
@cbiesinger
Copy link
Collaborator Author

@martinthomson @cboozar @bvandersloot-mozilla -- could you comment whether you are fine with this proposal?

@cbiesinger
Copy link
Collaborator Author

(I know Ben said as much in #395 (comment) but I'd like to reconfirm now that this is a spec PR)

spec/index.bs Show resolved Hide resolved
spec/index.bs Outdated
@@ -454,7 +465,8 @@ algorithm is invoked, the user agent MUST execute the following steps. This retu

Issue: Support choosing accounts from multiple [=IDP=]s, as described [here](https://github.com/fedidcg/FedCM/issues/319).
1. Run {{WindowOrWorkerGlobalScope/setTimeout()}} passing a [=task=] which throws a
{{NetworkError}}, after a timeout of 60 seconds.
{{NetworkError}}, after a timeout of 60 seconds, unless this <dfn>promise rejection
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're not doing this timeout in the implementation, so how is it supposed to work?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's an unfortunate aspect of #453 not having landed yet. Once either PR is pushed I'll update the other one.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated this text per the timeout change in #453 .

spec/index.bs Outdated Show resolved Hide resolved
spec/index.bs Show resolved Hide resolved
spec/index.bs Outdated Show resolved Hide resolved
spec/index.bs Outdated Show resolved Hide resolved
@cbiesinger
Copy link
Collaborator Author

I have added a getdialogtype command to this PR, to support the recently added re-authentication support.

spec/index.bs Outdated Show resolved Hide resolved
spec/index.bs Outdated Show resolved Hide resolved
aarongable pushed a commit to chromium/chromium that referenced this pull request May 10, 2023
I am adding these as standard commands (not vendor-specific) because
the spec PR is in progress right now:
w3c-fedid/FedCM#465
and Firefox is also on board:
w3c-fedid/FedCM#395 (comment)

Bug: 1356159, 1441903
Change-Id: I561692ee695e63ee45b5f2b227bc49982a624eea
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4402971
Reviewed-by: Vladimir Nechaev <nechaev@chromium.org>
Commit-Queue: Christian Biesinger <cbiesinger@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1142272}
T3-M4 pushed a commit to bayandin/chromedriver that referenced this pull request May 11, 2023
I am adding these as standard commands (not vendor-specific) because
the spec PR is in progress right now:
w3c-fedid/FedCM#465
and Firefox is also on board:
w3c-fedid/FedCM#395 (comment)

Bug: 1356159, 1441903
Change-Id: I561692ee695e63ee45b5f2b227bc49982a624eea
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4402971
Reviewed-by: Vladimir Nechaev <nechaev@chromium.org>
Commit-Queue: Christian Biesinger <cbiesinger@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1142272}
@npm1 npm1 added the agenda+ Regular CG meeting agenda items label May 11, 2023
@bvandersloot-mozilla
Copy link
Collaborator

This is good as-is, assuming that IDP chooser endpoints similar to those for the account chooser and a new result for getdialogtype would be friendly additions when we resolve w3c-fedid/multi-idp#2

@cbiesinger
Copy link
Collaborator Author

Absolutely! That's how I envisioned supporting your UI.

@samuelgoto samuelgoto merged commit 865e7d6 into w3c-fedid:main May 16, 2023
@samuelgoto
Copy link
Collaborator

Thanks for putting this together and thanks @bvandersloot-mozilla for the review!

Merged!

github-actions bot added a commit that referenced this pull request May 16, 2023
SHA: 865e7d6
Reason: push, by samuelgoto

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
github-actions bot added a commit to mattdanielbrown/WebID that referenced this pull request May 16, 2023
SHA: 865e7d6
Reason: push, by pull[bot]

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
agenda+ Regular CG meeting agenda items
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants