ping-javascript-sdk/e2e/davinci-suites/src/fido.test.ts at 5a9ea4079af4698f2d7df4bb5e7b40261aece15c · ForgeRock/ping-javascript-sdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
import { test, expect, CDPSession } from '@playwright/test';
import { asyncEvents } from './utils/async-events.js';

const username = 'JSFidoUser@user.com';
const password = 'FakePassword#123';
let cdp: CDPSession | undefined;
let authenticatorId: string | undefined;

test.use({ browserName: 'chromium' }); // ensure CDP/WebAuthn is available

test.beforeEach(async ({ context, page }) => {
  cdp = await context.newCDPSession(page);
  await cdp.send('WebAuthn.enable');

  // A "platform" authenticator (aka internal) with UV+RK enabled is the usual default for passkeys.
  const response = await cdp.send('WebAuthn.addVirtualAuthenticator', {
    options: {
      protocol: 'ctap2',
      transport: 'internal', // platform authenticator
      hasResidentKey: true, // allow discoverable credentials (passkeys)
      hasUserVerification: true, // device supports UV
      isUserVerified: true, // simulate successful UV (PIN/biometric)
      automaticPresenceSimulation: true, // auto "touch"/presence
    },
  });
  authenticatorId = response.authenticatorId;
});

test.afterEach(async () => {
  await cdp.send('WebAuthn.removeVirtualAuthenticator', { authenticatorId });
  await cdp.send('WebAuthn.disable');
});

test.describe('FIDO/WebAuthn Tests', () => {
  test('Register and authenticate with webauthn device', async ({ page }) => {
    const { navigate } = asyncEvents(page);

    await navigate(
      '/?clientId=20dd0ed0-bb9b-4c8f-9a60-9ebeb4b348e0&acr_values=98f2c058aae71ec09eb268db6810ff3c',
    );
    await expect(page).toHaveURL(
      'http://localhost:5829/?clientId=20dd0ed0-bb9b-4c8f-9a60-9ebeb4b348e0&acr_values=98f2c058aae71ec09eb268db6810ff3c',
    );
    await expect(page.getByText('FIDO2 Test Form')).toBeVisible();

    await page.getByRole('button', { name: 'USER_LOGIN' }).click();
    await page.getByLabel('Username').fill(username);
    await page.getByLabel('Password').fill(password);
    await page.getByRole('button', { name: 'Sign On' }).click();

    // Register WebAuthn credential
    const { credentials: initialCredentials } = await cdp.send('WebAuthn.getCredentials', {
      authenticatorId,
    });
    await expect(initialCredentials).toHaveLength(0);

    await page.getByRole('button', { name: 'DEVICE_REGISTRATION' }).click();
    await page.getByRole('button', { name: 'Biometrics/Security Key' }).click();
    await page.getByRole('button', { name: 'FIDO Register' }).click();

    const { credentials: recordedCredentials } = await cdp.send('WebAuthn.getCredentials', {
      authenticatorId,
    });
    await expect(recordedCredentials).toHaveLength(1);

    await page.getByRole('button', { name: 'Continue' }).click();

    // Verify we're back at home page if successful
    await expect(page.getByText('FIDO2 Test Form')).toBeVisible();

    // Authenticate with the registered WebAuthn credential
    const initialSignCount = recordedCredentials[0].signCount;

    await page.getByRole('button', { name: 'DEVICE_AUTHENTICATION' }).click();
    await page.getByRole('button', { name: 'Biometrics/Security Key' }).last().click();
    await page.getByRole('button', { name: 'FIDO Authenticate' }).click();

    const credentialsAfterAuth = await cdp.send('WebAuthn.getCredentials', {
      authenticatorId,
    });
    await expect(credentialsAfterAuth.credentials).toHaveLength(1);

    // Signature counter should have incremented after successful authentication/assertion
    await expect(credentialsAfterAuth.credentials[0].signCount).toBeGreaterThan(initialSignCount);

    // Verify we're back at home page if successful
    await expect(page.getByText('FIDO2 Test Form')).toBeVisible();
  });

  test('Register and authenticate with usernameless', async ({ page }) => {
    const { navigate } = asyncEvents(page);

    await navigate(
      '/?clientId=20dd0ed0-bb9b-4c8f-9a60-9ebeb4b348e0&acr_values=98f2c058aae71ec09eb268db6810ff3c',
    );
    await expect(page).toHaveURL(
      'http://localhost:5829/?clientId=20dd0ed0-bb9b-4c8f-9a60-9ebeb4b348e0&acr_values=98f2c058aae71ec09eb268db6810ff3c',
    );
    await expect(page.getByText('FIDO2 Test Form')).toBeVisible();

    await page.getByRole('button', { name: 'USER_LOGIN' }).click();
    await page.getByLabel('Username').fill(username);
    await page.getByLabel('Password').fill(password);
    await page.getByRole('button', { name: 'Sign On' }).click();

    // Register WebAuthn credential
    const { credentials: initialCredentials } = await cdp.send('WebAuthn.getCredentials', {
      authenticatorId,
    });
    await expect(initialCredentials).toHaveLength(0);

    await page.getByRole('button', { name: 'DEVICE_REGISTRATION' }).click();
    await page.getByRole('button', { name: 'Biometrics/Security Key' }).click();
    await page.getByRole('button', { name: 'FIDO Register' }).click();

    const { credentials: recordedCredentials } = await cdp.send('WebAuthn.getCredentials', {
      authenticatorId,
    });
    await expect(recordedCredentials).toHaveLength(1);

    await page.getByRole('button', { name: 'Continue' }).click();

    // Verify we're back at home page if successful
    await expect(page.getByText('FIDO2 Test Form')).toBeVisible();

    // Authenticate with the registered WebAuthn credential
    const initialSignCount = recordedCredentials[0].signCount;

    await page.getByRole('button', { name: 'USER_NAMELESS' }).click();
    await expect(page.getByText('FIDO2 Authentication')).toBeVisible();
    await page.getByRole('button', { name: 'FIDO Authenticate' }).click();

    const credentialsAfterAuth = await cdp.send('WebAuthn.getCredentials', {
      authenticatorId,
    });
    await expect(credentialsAfterAuth.credentials).toHaveLength(1);

    // Signature counter should have incremented after successful authentication/assertion
    await expect(credentialsAfterAuth.credentials[0].signCount).toBeGreaterThan(initialSignCount);

    // Verify we're back at home page if successful
    await expect(page.getByText('FIDO2 Test Form')).toBeVisible();
  });
});