diff --git a/ChangeLog b/ChangeLog
index 133825760fa7cacbcac8ff7773762b0e56308ac8..22c4f387b4f17efa2c59fdaf515225af0c1abcfb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,10 @@ train-2012.05.25 (in progress):
* verification links sent before deployment, should still work after - transitional code required by issue #1000: #1592
* repair load_gen: #1596
* fixes to mysql reconnection logic - processes can now reconnect while out of pool and only having /__heartbeat__ polled: #1608
+ * make "is this your computer" screen keyboard navigable: #1582
+ * when user types in wrong password while verifying secondary address (on different browser), show clear tooltip style error: #1557
+ * don't make a user type their password when not neccesary (adding secondary address to acct with only primary addresses): #1555
+ * perform rigorous checking of inputs to dialog from RP. (PR #1627, bug #747859)
train-2012.05.14:
* Password is now requested in dialog for new user signup: #1000, #290
diff --git a/resources/static/dialog/controllers/actions.js b/resources/static/dialog/controllers/actions.js
index 322749710534ba216c7ef8fd509c647e84260256..7328e21fea8dcbebbbf803030bc3eb3f8b05e543 100644
--- a/resources/static/dialog/controllers/actions.js
+++ b/resources/static/dialog/controllers/actions.js
@@ -56,20 +56,6 @@ BrowserID.Modules.Actions = (function() {
if(data.ready) _.defer(data.ready);
},
- /**
- * Show an error message
- * @method doError
- * @param {string} [template] - template to use, if not given, use "error"
- * @param {object} [info] - info to send to template
- */
- doError: function(template, info) {
- if(!info) {
- info = template;
- template = "error";
- }
- this.renderError(template, info);
- },
-
doCancel: function() {
if(onsuccess) onsuccess(null);
},
@@ -95,7 +81,7 @@ BrowserID.Modules.Actions = (function() {
},
doStageEmail: function(info) {
- dialogHelpers.addSecondaryEmailWithPassword.call(this, info.email, info.password, info.ready);
+ dialogHelpers.addSecondaryEmail.call(this, info.email, info.password, info.ready);
},
doAuthenticate: function(info) {
diff --git a/resources/static/dialog/controllers/dialog.js b/resources/static/dialog/controllers/dialog.js
index 1d3e57b872a4fc526677fe7189401bfc9a688f71..62043fbc8b67e96be745d0aaeed25ff2cef6eeb7 100644
--- a/resources/static/dialog/controllers/dialog.js
+++ b/resources/static/dialog/controllers/dialog.js
@@ -13,6 +13,7 @@ BrowserID.Modules.Dialog = (function() {
errors = bid.Errors,
dom = bid.DOM,
win = window,
+ startExternalDependencies = true,
channel,
sc;
@@ -83,9 +84,12 @@ BrowserID.Modules.Dialog = (function() {
function fixupURL(origin, url) {
var u;
- if (/^http/.test(url)) u = URLParse(url);
+ if (typeof(url) !== "string")
+ throw "urls must be strings: (" + url + ")";
+ if (/^http(s)?:\/\//.test(url)) u = URLParse(url);
else if (/^\//.test(url)) u = URLParse(origin + url);
else throw "relative urls not allowed: (" + url + ")";
+ // encodeURI limits our return value to [a-z0-9:/?%], excluding <script>
return encodeURI(u.validate().normalize().toString());
}
@@ -97,8 +101,23 @@ BrowserID.Modules.Dialog = (function() {
win = options.window || window;
+ // startExternalDependencies is used in unit testing and can only be set
+ // by the creator/starter of this module. If startExternalDependencies
+ // is set to false, the channel, state machine, and actions controller
+ // are not started. These dependencies can interfere with the ability to
+ // unit test this module because they can throw exceptions and show error
+ // messages.
+ startExternalDependencies = true;
+ if (typeof options.startExternalDependencies === "boolean") {
+ startExternalDependencies = options.startExternalDependencies;
+ }
+
sc.start.call(self, options);
- startChannel.call(self);
+
+ if (startExternalDependencies) {
+ startChannel.call(self);
+ }
+
options.ready && _.defer(options.ready);
},
@@ -111,32 +130,51 @@ BrowserID.Modules.Dialog = (function() {
return this.get(origin_url, {}, success, error);
},
- get: function(origin_url, params, success, error) {
+ get: function(origin_url, paramsFromRP, success, error) {
var self=this,
hash = win.location.hash;
setOrigin(origin_url);
- var actions = startActions.call(self, success, error);
- startStateMachine.call(self, actions);
- params = params || {};
+ if (startExternalDependencies) {
+ var actions = startActions.call(self, success, error);
+ startStateMachine.call(self, actions);
+ }
+
+ // Security Note: paramsFromRP is the output of a JSON.parse on an
+ // RP-controlled string. Most of these fields are expected to be simple
+ // printable strings (hostnames, usernames, and URLs), but we cannot
+ // rely upon the RP to do that. In particular we must guard against
+ // these strings containing <script> tags. We will populate a new
+ // object ("params") with suitably type-checked properties.
+ var params = {};
params.hostname = user.getHostname();
// verify params
- if (params.tosURL && params.privacyURL) {
- try {
- params.tosURL = fixupURL(origin_url, params.tosURL);
- params.privacyURL = fixupURL(origin_url, params.privacyURL);
- } catch(e) {
- return self.renderError("error", {
- action: {
- title: "error in " + origin_url,
- message: "improper usage of API: " + e
- }
- });
+ try {
+ if (paramsFromRP.requiredEmail) {
+ if (!bid.verifyEmail(paramsFromRP.requiredEmail))
+ throw "invalid requiredEmail: (" + paramsFromRP.requiredEmail + ")";
+ params.requiredEmail = paramsFromRP.requiredEmail;
+ }
+ if (paramsFromRP.tosURL && paramsFromRP.privacyURL) {
+ params.tosURL = fixupURL(origin_url, paramsFromRP.tosURL);
+ params.privacyURL = fixupURL(origin_url, paramsFromRP.privacyURL);
}
+ } catch(e) {
+ // note: renderError accepts HTML and cheerfully injects it into a
+ // frame with a powerful origin. So convert 'e' first.
+ self.renderError("error", {
+ action: {
+ title: "error in " + _.escape(origin_url),
+ message: "improper usage of API: " + _.escape(e)
+ }
+ });
+
+ return e;
}
+ // after this point, "params" can be relied upon to contain safe data
// XXX Perhaps put this into the state machine.
self.bind(win, "unload", onWindowUnload);
diff --git a/resources/static/dialog/controllers/is_this_your_computer.js b/resources/static/dialog/controllers/is_this_your_computer.js
index 182e60c01f8c251b26b9da4ef0517d5eda362552..41fb15f36a029eb378485b316fa0bf4c54c78deb 100644
--- a/resources/static/dialog/controllers/is_this_your_computer.js
+++ b/resources/static/dialog/controllers/is_this_your_computer.js
@@ -7,6 +7,7 @@ BrowserID.Modules.IsThisYourComputer = (function() {
"use strict";
var bid = BrowserID,
+ dom = bid.DOM,
user = bid.User,
errors = bid.Errors,
email;
@@ -20,9 +21,12 @@ BrowserID.Modules.IsThisYourComputer = (function() {
self.renderWait("is_this_your_computer", options);
- // TODO - Make the selectors use ids instead of classes.
- self.click("button.this_is_my_computer", self.yes);
- self.click("button.this_is_not_my_computer", self.no);
+ // renderWait does not automatically focus the first input element or
+ // button, so it must be done manually.
+ dom.focus("#this_is_my_computer");
+
+ self.click("#this_is_my_computer", self.yes);
+ self.click("#this_is_not_my_computer", self.no);
Module.sc.start.call(self, options);
},
diff --git a/resources/static/dialog/resources/helpers.js b/resources/static/dialog/resources/helpers.js
index e95f7388625b933ccd340778e6c4fcbcd416d709..e7a09abe52e6fc83954d5a5429ec24c4feb14617 100644
--- a/resources/static/dialog/resources/helpers.js
+++ b/resources/static/dialog/resources/helpers.js
@@ -111,12 +111,12 @@
}
}
- function addSecondaryEmailWithPassword(email, password, callback) {
+ function addSecondaryEmail(email, password, callback) {
var self=this;
user.addEmail(email, password, function(added) {
if (added) {
- var info = { email: email };
+ var info = { email: email, password: password };
self.publish("email_staged", info, info );
}
else {
@@ -133,7 +133,7 @@
authenticateUser: authenticateUser,
createUser: createUser,
addEmail: addEmail,
- addSecondaryEmailWithPassword: addSecondaryEmailWithPassword,
+ addSecondaryEmail: addSecondaryEmail,
resetPassword: resetPassword,
cancelEvent: helpers.cancelEvent,
animateClose: animateClose
diff --git a/resources/static/dialog/resources/state.js b/resources/static/dialog/resources/state.js
index 288dd0e0864e3a5668cb994c21ad197b31154542..6ef339ce5c1ee158618a81a9dc00b81cff81430d 100644
--- a/resources/static/dialog/resources/state.js
+++ b/resources/static/dialog/resources/state.js
@@ -46,11 +46,7 @@ BrowserID.State = (function() {
self.tosURL = info.tosURL;
requiredEmail = info.requiredEmail;
- if ((typeof(requiredEmail) !== "undefined") && (!bid.verifyEmail(requiredEmail))) {
- // Invalid format
- startAction("doError", "invalid_required_email", {email: requiredEmail});
- }
- else if (info.email && info.type === "primary") {
+ if (info.email && info.type === "primary") {
primaryVerificationInfo = info;
redirectToState("primary_user", info);
}
diff --git a/resources/static/dialog/views/is_this_your_computer.ejs b/resources/static/dialog/views/is_this_your_computer.ejs
index d592e7714619c878d42a04f96b45c2c55499e40e..1ca1d9e49097e8989dc16f6bd254bdecb8c54e16 100644
--- a/resources/static/dialog/views/is_this_your_computer.ejs
+++ b/resources/static/dialog/views/is_this_your_computer.ejs
@@ -6,12 +6,12 @@
<h2><%= gettext('If you don\'t mind me asking, is this your computer?') %></h2>
<p>
- <button class="this_is_my_computer" tabindex="3"><%= gettext('yes') %></button>
+ <button id="this_is_my_computer"><%= gettext('yes') %></button>
<%= gettext('If so, we\'ll keep you logged in for a couple weeks.') %>
</p>
<p>
- <button class="this_is_not_my_computer negative" tabindex="3"><%= gettext('no') %></button>
+ <button id="this_is_not_my_computer" class="negative"><%= gettext('no') %></button>
<%= gettext('If you\'re at a public computer such as a library or internet cafe, we\'ll ask you for your password again in an hour.') %>
</p>
</div>
diff --git a/resources/static/lib/underscore-min.js b/resources/static/lib/underscore-min.js
index 5983694cfbb5088843e85ce8ea4fcfdfb8dc3836..5a0cb3b008d213ef3ecd3147c51eed08d98e2c54 100644
--- a/resources/static/lib/underscore-min.js
+++ b/resources/static/lib/underscore-min.js
@@ -1,27 +1,32 @@
-// Underscore.js 1.1.7
-// (c) 2011 Jeremy Ashkenas, DocumentCloud Inc.
+// Underscore.js 1.3.3
+// (c) 2009-2012 Jeremy Ashkenas, DocumentCloud Inc.
// Underscore is freely distributable under the MIT license.
// Portions of Underscore are inspired or borrowed from Prototype,
// Oliver Steele's Functional, and John Resig's Micro-Templating.
// For all details and documentation:
// http://documentcloud.github.com/underscore
-(function(){var p=this,C=p._,m={},i=Array.prototype,n=Object.prototype,f=i.slice,D=i.unshift,E=n.toString,l=n.hasOwnProperty,s=i.forEach,t=i.map,u=i.reduce,v=i.reduceRight,w=i.filter,x=i.every,y=i.some,o=i.indexOf,z=i.lastIndexOf;n=Array.isArray;var F=Object.keys,q=Function.prototype.bind,b=function(a){return new j(a)};typeof module!=="undefined"&&module.exports?(module.exports=b,b._=b):p._=b;b.VERSION="1.1.7";var h=b.each=b.forEach=function(a,c,b){if(a!=null)if(s&&a.forEach===s)a.forEach(c,b);else if(a.length===
-+a.length)for(var e=0,k=a.length;e<k;e++){if(e in a&&c.call(b,a[e],e,a)===m)break}else for(e in a)if(l.call(a,e)&&c.call(b,a[e],e,a)===m)break};b.map=function(a,c,b){var e=[];if(a==null)return e;if(t&&a.map===t)return a.map(c,b);h(a,function(a,g,G){e[e.length]=c.call(b,a,g,G)});return e};b.reduce=b.foldl=b.inject=function(a,c,d,e){var k=d!==void 0;a==null&&(a=[]);if(u&&a.reduce===u)return e&&(c=b.bind(c,e)),k?a.reduce(c,d):a.reduce(c);h(a,function(a,b,f){k?d=c.call(e,d,a,b,f):(d=a,k=!0)});if(!k)throw new TypeError("Reduce of empty array with no initial value");
-return d};b.reduceRight=b.foldr=function(a,c,d,e){a==null&&(a=[]);if(v&&a.reduceRight===v)return e&&(c=b.bind(c,e)),d!==void 0?a.reduceRight(c,d):a.reduceRight(c);a=(b.isArray(a)?a.slice():b.toArray(a)).reverse();return b.reduce(a,c,d,e)};b.find=b.detect=function(a,c,b){var e;A(a,function(a,g,f){if(c.call(b,a,g,f))return e=a,!0});return e};b.filter=b.select=function(a,c,b){var e=[];if(a==null)return e;if(w&&a.filter===w)return a.filter(c,b);h(a,function(a,g,f){c.call(b,a,g,f)&&(e[e.length]=a)});return e};
-b.reject=function(a,c,b){var e=[];if(a==null)return e;h(a,function(a,g,f){c.call(b,a,g,f)||(e[e.length]=a)});return e};b.every=b.all=function(a,c,b){var e=!0;if(a==null)return e;if(x&&a.every===x)return a.every(c,b);h(a,function(a,g,f){if(!(e=e&&c.call(b,a,g,f)))return m});return e};var A=b.some=b.any=function(a,c,d){c=c||b.identity;var e=!1;if(a==null)return e;if(y&&a.some===y)return a.some(c,d);h(a,function(a,b,f){if(e|=c.call(d,a,b,f))return m});return!!e};b.include=b.contains=function(a,c){var b=
-!1;if(a==null)return b;if(o&&a.indexOf===o)return a.indexOf(c)!=-1;A(a,function(a){if(b=a===c)return!0});return b};b.invoke=function(a,c){var d=f.call(arguments,2);return b.map(a,function(a){return(c.call?c||a:a[c]).apply(a,d)})};b.pluck=function(a,c){return b.map(a,function(a){return a[c]})};b.max=function(a,c,d){if(!c&&b.isArray(a))return Math.max.apply(Math,a);var e={computed:-Infinity};h(a,function(a,b,f){b=c?c.call(d,a,b,f):a;b>=e.computed&&(e={value:a,computed:b})});return e.value};b.min=function(a,
-c,d){if(!c&&b.isArray(a))return Math.min.apply(Math,a);var e={computed:Infinity};h(a,function(a,b,f){b=c?c.call(d,a,b,f):a;b<e.computed&&(e={value:a,computed:b})});return e.value};b.sortBy=function(a,c,d){return b.pluck(b.map(a,function(a,b,f){return{value:a,criteria:c.call(d,a,b,f)}}).sort(function(a,b){var c=a.criteria,d=b.criteria;return c<d?-1:c>d?1:0}),"value")};b.groupBy=function(a,b){var d={};h(a,function(a,f){var g=b(a,f);(d[g]||(d[g]=[])).push(a)});return d};b.sortedIndex=function(a,c,d){d||
-(d=b.identity);for(var e=0,f=a.length;e<f;){var g=e+f>>1;d(a[g])<d(c)?e=g+1:f=g}return e};b.toArray=function(a){if(!a)return[];if(a.toArray)return a.toArray();if(b.isArray(a))return f.call(a);if(b.isArguments(a))return f.call(a);return b.values(a)};b.size=function(a){return b.toArray(a).length};b.first=b.head=function(a,b,d){return b!=null&&!d?f.call(a,0,b):a[0]};b.rest=b.tail=function(a,b,d){return f.call(a,b==null||d?1:b)};b.last=function(a){return a[a.length-1]};b.compact=function(a){return b.filter(a,
-function(a){return!!a})};b.flatten=function(a){return b.reduce(a,function(a,d){if(b.isArray(d))return a.concat(b.flatten(d));a[a.length]=d;return a},[])};b.without=function(a){return b.difference(a,f.call(arguments,1))};b.uniq=b.unique=function(a,c){return b.reduce(a,function(a,e,f){if(0==f||(c===!0?b.last(a)!=e:!b.include(a,e)))a[a.length]=e;return a},[])};b.union=function(){return b.uniq(b.flatten(arguments))};b.intersection=b.intersect=function(a){var c=f.call(arguments,1);return b.filter(b.uniq(a),
-function(a){return b.every(c,function(c){return b.indexOf(c,a)>=0})})};b.difference=function(a,c){return b.filter(a,function(a){return!b.include(c,a)})};b.zip=function(){for(var a=f.call(arguments),c=b.max(b.pluck(a,"length")),d=Array(c),e=0;e<c;e++)d[e]=b.pluck(a,""+e);return d};b.indexOf=function(a,c,d){if(a==null)return-1;var e;if(d)return d=b.sortedIndex(a,c),a[d]===c?d:-1;if(o&&a.indexOf===o)return a.indexOf(c);d=0;for(e=a.length;d<e;d++)if(a[d]===c)return d;return-1};b.lastIndexOf=function(a,
-b){if(a==null)return-1;if(z&&a.lastIndexOf===z)return a.lastIndexOf(b);for(var d=a.length;d--;)if(a[d]===b)return d;return-1};b.range=function(a,b,d){arguments.length<=1&&(b=a||0,a=0);d=arguments[2]||1;for(var e=Math.max(Math.ceil((b-a)/d),0),f=0,g=Array(e);f<e;)g[f++]=a,a+=d;return g};b.bind=function(a,b){if(a.bind===q&&q)return q.apply(a,f.call(arguments,1));var d=f.call(arguments,2);return function(){return a.apply(b,d.concat(f.call(arguments)))}};b.bindAll=function(a){var c=f.call(arguments,1);
-c.length==0&&(c=b.functions(a));h(c,function(c){a[c]=b.bind(a[c],a)});return a};b.memoize=function(a,c){var d={};c||(c=b.identity);return function(){var b=c.apply(this,arguments);return l.call(d,b)?d[b]:d[b]=a.apply(this,arguments)}};b.delay=function(a,b){var d=f.call(arguments,2);return setTimeout(function(){return a.apply(a,d)},b)};b.defer=function(a){return b.delay.apply(b,[a,1].concat(f.call(arguments,1)))};var B=function(a,b,d){var e;return function(){var f=this,g=arguments,h=function(){e=null;
-a.apply(f,g)};d&&clearTimeout(e);if(d||!e)e=setTimeout(h,b)}};b.throttle=function(a,b){return B(a,b,!1)};b.debounce=function(a,b){return B(a,b,!0)};b.once=function(a){var b=!1,d;return function(){if(b)return d;b=!0;return d=a.apply(this,arguments)}};b.wrap=function(a,b){return function(){var d=[a].concat(f.call(arguments));return b.apply(this,d)}};b.compose=function(){var a=f.call(arguments);return function(){for(var b=f.call(arguments),d=a.length-1;d>=0;d--)b=[a[d].apply(this,b)];return b[0]}};b.after=
-function(a,b){return function(){if(--a<1)return b.apply(this,arguments)}};b.keys=F||function(a){if(a!==Object(a))throw new TypeError("Invalid object");var b=[],d;for(d in a)l.call(a,d)&&(b[b.length]=d);return b};b.values=function(a){return b.map(a,b.identity)};b.functions=b.methods=function(a){var c=[],d;for(d in a)b.isFunction(a[d])&&c.push(d);return c.sort()};b.extend=function(a){h(f.call(arguments,1),function(b){for(var d in b)b[d]!==void 0&&(a[d]=b[d])});return a};b.defaults=function(a){h(f.call(arguments,
-1),function(b){for(var d in b)a[d]==null&&(a[d]=b[d])});return a};b.clone=function(a){return b.isArray(a)?a.slice():b.extend({},a)};b.tap=function(a,b){b(a);return a};b.isEqual=function(a,c){if(a===c)return!0;var d=typeof a;if(d!=typeof c)return!1;if(a==c)return!0;if(!a&&c||a&&!c)return!1;if(a._chain)a=a._wrapped;if(c._chain)c=c._wrapped;if(a.isEqual)return a.isEqual(c);if(c.isEqual)return c.isEqual(a);if(b.isDate(a)&&b.isDate(c))return a.getTime()===c.getTime();if(b.isNaN(a)&&b.isNaN(c))return!1;
-if(b.isRegExp(a)&&b.isRegExp(c))return a.source===c.source&&a.global===c.global&&a.ignoreCase===c.ignoreCase&&a.multiline===c.multiline;if(d!=="object")return!1;if(a.length&&a.length!==c.length)return!1;d=b.keys(a);var e=b.keys(c);if(d.length!=e.length)return!1;for(var f in a)if(!(f in c)||!b.isEqual(a[f],c[f]))return!1;return!0};b.isEmpty=function(a){if(b.isArray(a)||b.isString(a))return a.length===0;for(var c in a)if(l.call(a,c))return!1;return!0};b.isElement=function(a){return!!(a&&a.nodeType==
-1)};b.isArray=n||function(a){return E.call(a)==="[object Array]"};b.isObject=function(a){return a===Object(a)};b.isArguments=function(a){return!(!a||!l.call(a,"callee"))};b.isFunction=function(a){return!(!a||!a.constructor||!a.call||!a.apply)};b.isString=function(a){return!!(a===""||a&&a.charCodeAt&&a.substr)};b.isNumber=function(a){return!!(a===0||a&&a.toExponential&&a.toFixed)};b.isNaN=function(a){return a!==a};b.isBoolean=function(a){return a===!0||a===!1};b.isDate=function(a){return!(!a||!a.getTimezoneOffset||
-!a.setUTCFullYear)};b.isRegExp=function(a){return!(!a||!a.test||!a.exec||!(a.ignoreCase||a.ignoreCase===!1))};b.isNull=function(a){return a===null};b.isUndefined=function(a){return a===void 0};b.noConflict=function(){p._=C;return this};b.identity=function(a){return a};b.times=function(a,b,d){for(var e=0;e<a;e++)b.call(d,e)};b.mixin=function(a){h(b.functions(a),function(c){H(c,b[c]=a[c])})};var I=0;b.uniqueId=function(a){var b=I++;return a?a+b:b};b.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};
-b.template=function(a,c){var d=b.templateSettings;d="var __p=[],print=function(){__p.push.apply(__p,arguments);};with(obj||{}){__p.push('"+a.replace(/\\/g,"\\\\").replace(/'/g,"\\'").replace(d.interpolate,function(a,b){return"',"+b.replace(/\\'/g,"'")+",'"}).replace(d.evaluate||null,function(a,b){return"');"+b.replace(/\\'/g,"'").replace(/[\r\n\t]/g," ")+"__p.push('"}).replace(/\r/g,"\\r").replace(/\n/g,"\\n").replace(/\t/g,"\\t")+"');}return __p.join('');";d=new Function("obj",d);return c?d(c):d};
-var j=function(a){this._wrapped=a};b.prototype=j.prototype;var r=function(a,c){return c?b(a).chain():a},H=function(a,c){j.prototype[a]=function(){var a=f.call(arguments);D.call(a,this._wrapped);return r(c.apply(b,a),this._chain)}};b.mixin(b);h(["pop","push","reverse","shift","sort","splice","unshift"],function(a){var b=i[a];j.prototype[a]=function(){b.apply(this._wrapped,arguments);return r(this._wrapped,this._chain)}});h(["concat","join","slice"],function(a){var b=i[a];j.prototype[a]=function(){return r(b.apply(this._wrapped,
-arguments),this._chain)}});j.prototype.chain=function(){this._chain=!0;return this};j.prototype.value=function(){return this._wrapped}})();
+(function(){function r(a,c,d){if(a===c)return 0!==a||1/a==1/c;if(null==a||null==c)return a===c;a._chain&&(a=a._wrapped);c._chain&&(c=c._wrapped);if(a.isEqual&&b.isFunction(a.isEqual))return a.isEqual(c);if(c.isEqual&&b.isFunction(c.isEqual))return c.isEqual(a);var e=l.call(a);if(e!=l.call(c))return!1;switch(e){case "[object String]":return a==""+c;case "[object Number]":return a!=+a?c!=+c:0==a?1/a==1/c:a==+c;case "[object Date]":case "[object Boolean]":return+a==+c;case "[object RegExp]":return a.source==
+c.source&&a.global==c.global&&a.multiline==c.multiline&&a.ignoreCase==c.ignoreCase}if("object"!=typeof a||"object"!=typeof c)return!1;for(var f=d.length;f--;)if(d[f]==a)return!0;d.push(a);var f=0,g=!0;if("[object Array]"==e){if(f=a.length,g=f==c.length)for(;f--&&(g=f in a==f in c&&r(a[f],c[f],d)););}else{if("constructor"in a!="constructor"in c||a.constructor!=c.constructor)return!1;for(var h in a)if(b.has(a,h)&&(f++,!(g=b.has(c,h)&&r(a[h],c[h],d))))break;if(g){for(h in c)if(b.has(c,h)&&!f--)break;
+g=!f}}d.pop();return g}var s=this,I=s._,o={},k=Array.prototype,p=Object.prototype,i=k.slice,J=k.unshift,l=p.toString,K=p.hasOwnProperty,y=k.forEach,z=k.map,A=k.reduce,B=k.reduceRight,C=k.filter,D=k.every,E=k.some,q=k.indexOf,F=k.lastIndexOf,p=Array.isArray,L=Object.keys,t=Function.prototype.bind,b=function(a){return new m(a)};"undefined"!==typeof exports?("undefined"!==typeof module&&module.exports&&(exports=module.exports=b),exports._=b):s._=b;b.VERSION="1.3.3";var j=b.each=b.forEach=function(a,
+c,d){if(a!=null)if(y&&a.forEach===y)a.forEach(c,d);else if(a.length===+a.length)for(var e=0,f=a.length;e<f;e++){if(e in a&&c.call(d,a[e],e,a)===o)break}else for(e in a)if(b.has(a,e)&&c.call(d,a[e],e,a)===o)break};b.map=b.collect=function(a,c,b){var e=[];if(a==null)return e;if(z&&a.map===z)return a.map(c,b);j(a,function(a,g,h){e[e.length]=c.call(b,a,g,h)});if(a.length===+a.length)e.length=a.length;return e};b.reduce=b.foldl=b.inject=function(a,c,d,e){var f=arguments.length>2;a==null&&(a=[]);if(A&&
+a.reduce===A){e&&(c=b.bind(c,e));return f?a.reduce(c,d):a.reduce(c)}j(a,function(a,b,i){if(f)d=c.call(e,d,a,b,i);else{d=a;f=true}});if(!f)throw new TypeError("Reduce of empty array with no initial value");return d};b.reduceRight=b.foldr=function(a,c,d,e){var f=arguments.length>2;a==null&&(a=[]);if(B&&a.reduceRight===B){e&&(c=b.bind(c,e));return f?a.reduceRight(c,d):a.reduceRight(c)}var g=b.toArray(a).reverse();e&&!f&&(c=b.bind(c,e));return f?b.reduce(g,c,d,e):b.reduce(g,c)};b.find=b.detect=function(a,
+c,b){var e;G(a,function(a,g,h){if(c.call(b,a,g,h)){e=a;return true}});return e};b.filter=b.select=function(a,c,b){var e=[];if(a==null)return e;if(C&&a.filter===C)return a.filter(c,b);j(a,function(a,g,h){c.call(b,a,g,h)&&(e[e.length]=a)});return e};b.reject=function(a,c,b){var e=[];if(a==null)return e;j(a,function(a,g,h){c.call(b,a,g,h)||(e[e.length]=a)});return e};b.every=b.all=function(a,c,b){var e=true;if(a==null)return e;if(D&&a.every===D)return a.every(c,b);j(a,function(a,g,h){if(!(e=e&&c.call(b,
+a,g,h)))return o});return!!e};var G=b.some=b.any=function(a,c,d){c||(c=b.identity);var e=false;if(a==null)return e;if(E&&a.some===E)return a.some(c,d);j(a,function(a,b,h){if(e||(e=c.call(d,a,b,h)))return o});return!!e};b.include=b.contains=function(a,c){var b=false;if(a==null)return b;if(q&&a.indexOf===q)return a.indexOf(c)!=-1;return b=G(a,function(a){return a===c})};b.invoke=function(a,c){var d=i.call(arguments,2);return b.map(a,function(a){return(b.isFunction(c)?c||a:a[c]).apply(a,d)})};b.pluck=
+function(a,c){return b.map(a,function(a){return a[c]})};b.max=function(a,c,d){if(!c&&b.isArray(a)&&a[0]===+a[0])return Math.max.apply(Math,a);if(!c&&b.isEmpty(a))return-Infinity;var e={computed:-Infinity};j(a,function(a,b,h){b=c?c.call(d,a,b,h):a;b>=e.computed&&(e={value:a,computed:b})});return e.value};b.min=function(a,c,d){if(!c&&b.isArray(a)&&a[0]===+a[0])return Math.min.apply(Math,a);if(!c&&b.isEmpty(a))return Infinity;var e={computed:Infinity};j(a,function(a,b,h){b=c?c.call(d,a,b,h):a;b<e.computed&&
+(e={value:a,computed:b})});return e.value};b.shuffle=function(a){var b=[],d;j(a,function(a,f){d=Math.floor(Math.random()*(f+1));b[f]=b[d];b[d]=a});return b};b.sortBy=function(a,c,d){var e=b.isFunction(c)?c:function(a){return a[c]};return b.pluck(b.map(a,function(a,b,c){return{value:a,criteria:e.call(d,a,b,c)}}).sort(function(a,b){var c=a.criteria,d=b.criteria;return c===void 0?1:d===void 0?-1:c<d?-1:c>d?1:0}),"value")};b.groupBy=function(a,c){var d={},e=b.isFunction(c)?c:function(a){return a[c]};
+j(a,function(a,b){var c=e(a,b);(d[c]||(d[c]=[])).push(a)});return d};b.sortedIndex=function(a,c,d){d||(d=b.identity);for(var e=0,f=a.length;e<f;){var g=e+f>>1;d(a[g])<d(c)?e=g+1:f=g}return e};b.toArray=function(a){return!a?[]:b.isArray(a)||b.isArguments(a)?i.call(a):a.toArray&&b.isFunction(a.toArray)?a.toArray():b.values(a)};b.size=function(a){return b.isArray(a)?a.length:b.keys(a).length};b.first=b.head=b.take=function(a,b,d){return b!=null&&!d?i.call(a,0,b):a[0]};b.initial=function(a,b,d){return i.call(a,
+0,a.length-(b==null||d?1:b))};b.last=function(a,b,d){return b!=null&&!d?i.call(a,Math.max(a.length-b,0)):a[a.length-1]};b.rest=b.tail=function(a,b,d){return i.call(a,b==null||d?1:b)};b.compact=function(a){return b.filter(a,function(a){return!!a})};b.flatten=function(a,c){return b.reduce(a,function(a,e){if(b.isArray(e))return a.concat(c?e:b.flatten(e));a[a.length]=e;return a},[])};b.without=function(a){return b.difference(a,i.call(arguments,1))};b.uniq=b.unique=function(a,c,d){var d=d?b.map(a,d):a,
+e=[];a.length<3&&(c=true);b.reduce(d,function(d,g,h){if(c?b.last(d)!==g||!d.length:!b.include(d,g)){d.push(g);e.push(a[h])}return d},[]);return e};b.union=function(){return b.uniq(b.flatten(arguments,true))};b.intersection=b.intersect=function(a){var c=i.call(arguments,1);return b.filter(b.uniq(a),function(a){return b.every(c,function(c){return b.indexOf(c,a)>=0})})};b.difference=function(a){var c=b.flatten(i.call(arguments,1),true);return b.filter(a,function(a){return!b.include(c,a)})};b.zip=function(){for(var a=
+i.call(arguments),c=b.max(b.pluck(a,"length")),d=Array(c),e=0;e<c;e++)d[e]=b.pluck(a,""+e);return d};b.indexOf=function(a,c,d){if(a==null)return-1;var e;if(d){d=b.sortedIndex(a,c);return a[d]===c?d:-1}if(q&&a.indexOf===q)return a.indexOf(c);d=0;for(e=a.length;d<e;d++)if(d in a&&a[d]===c)return d;return-1};b.lastIndexOf=function(a,b){if(a==null)return-1;if(F&&a.lastIndexOf===F)return a.lastIndexOf(b);for(var d=a.length;d--;)if(d in a&&a[d]===b)return d;return-1};b.range=function(a,b,d){if(arguments.length<=
+1){b=a||0;a=0}for(var d=arguments[2]||1,e=Math.max(Math.ceil((b-a)/d),0),f=0,g=Array(e);f<e;){g[f++]=a;a=a+d}return g};var H=function(){};b.bind=function(a,c){var d,e;if(a.bind===t&&t)return t.apply(a,i.call(arguments,1));if(!b.isFunction(a))throw new TypeError;e=i.call(arguments,2);return d=function(){if(!(this instanceof d))return a.apply(c,e.concat(i.call(arguments)));H.prototype=a.prototype;var b=new H,g=a.apply(b,e.concat(i.call(arguments)));return Object(g)===g?g:b}};b.bindAll=function(a){var c=
+i.call(arguments,1);c.length==0&&(c=b.functions(a));j(c,function(c){a[c]=b.bind(a[c],a)});return a};b.memoize=function(a,c){var d={};c||(c=b.identity);return function(){var e=c.apply(this,arguments);return b.has(d,e)?d[e]:d[e]=a.apply(this,arguments)}};b.delay=function(a,b){var d=i.call(arguments,2);return setTimeout(function(){return a.apply(null,d)},b)};b.defer=function(a){return b.delay.apply(b,[a,1].concat(i.call(arguments,1)))};b.throttle=function(a,c){var d,e,f,g,h,i,j=b.debounce(function(){h=
+g=false},c);return function(){d=this;e=arguments;f||(f=setTimeout(function(){f=null;h&&a.apply(d,e);j()},c));g?h=true:i=a.apply(d,e);j();g=true;return i}};b.debounce=function(a,b,d){var e;return function(){var f=this,g=arguments;d&&!e&&a.apply(f,g);clearTimeout(e);e=setTimeout(function(){e=null;d||a.apply(f,g)},b)}};b.once=function(a){var b=false,d;return function(){if(b)return d;b=true;return d=a.apply(this,arguments)}};b.wrap=function(a,b){return function(){var d=[a].concat(i.call(arguments,0));
+return b.apply(this,d)}};b.compose=function(){var a=arguments;return function(){for(var b=arguments,d=a.length-1;d>=0;d--)b=[a[d].apply(this,b)];return b[0]}};b.after=function(a,b){return a<=0?b():function(){if(--a<1)return b.apply(this,arguments)}};b.keys=L||function(a){if(a!==Object(a))throw new TypeError("Invalid object");var c=[],d;for(d in a)b.has(a,d)&&(c[c.length]=d);return c};b.values=function(a){return b.map(a,b.identity)};b.functions=b.methods=function(a){var c=[],d;for(d in a)b.isFunction(a[d])&&
+c.push(d);return c.sort()};b.extend=function(a){j(i.call(arguments,1),function(b){for(var d in b)a[d]=b[d]});return a};b.pick=function(a){var c={};j(b.flatten(i.call(arguments,1)),function(b){b in a&&(c[b]=a[b])});return c};b.defaults=function(a){j(i.call(arguments,1),function(b){for(var d in b)a[d]==null&&(a[d]=b[d])});return a};b.clone=function(a){return!b.isObject(a)?a:b.isArray(a)?a.slice():b.extend({},a)};b.tap=function(a,b){b(a);return a};b.isEqual=function(a,b){return r(a,b,[])};b.isEmpty=
+function(a){if(a==null)return true;if(b.isArray(a)||b.isString(a))return a.length===0;for(var c in a)if(b.has(a,c))return false;return true};b.isElement=function(a){return!!(a&&a.nodeType==1)};b.isArray=p||function(a){return l.call(a)=="[object Array]"};b.isObject=function(a){return a===Object(a)};b.isArguments=function(a){return l.call(a)=="[object Arguments]"};b.isArguments(arguments)||(b.isArguments=function(a){return!(!a||!b.has(a,"callee"))});b.isFunction=function(a){return l.call(a)=="[object Function]"};
+b.isString=function(a){return l.call(a)=="[object String]"};b.isNumber=function(a){return l.call(a)=="[object Number]"};b.isFinite=function(a){return b.isNumber(a)&&isFinite(a)};b.isNaN=function(a){return a!==a};b.isBoolean=function(a){return a===true||a===false||l.call(a)=="[object Boolean]"};b.isDate=function(a){return l.call(a)=="[object Date]"};b.isRegExp=function(a){return l.call(a)=="[object RegExp]"};b.isNull=function(a){return a===null};b.isUndefined=function(a){return a===void 0};b.has=function(a,
+b){return K.call(a,b)};b.noConflict=function(){s._=I;return this};b.identity=function(a){return a};b.times=function(a,b,d){for(var e=0;e<a;e++)b.call(d,e)};b.escape=function(a){return(""+a).replace(/&/g,"&").replace(/</g,"<").replace(/>/g,">").replace(/"/g,""").replace(/'/g,"'").replace(/\//g,"/")};b.result=function(a,c){if(a==null)return null;var d=a[c];return b.isFunction(d)?d.call(a):d};b.mixin=function(a){j(b.functions(a),function(c){M(c,b[c]=a[c])})};var N=0;b.uniqueId=
+function(a){var b=N++;return a?a+b:b};b.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g,escape:/<%-([\s\S]+?)%>/g};var u=/.^/,n={"\\":"\\","'":"'",r:"\r",n:"\n",t:"\t",u2028:"\u2028",u2029:"\u2029"},v;for(v in n)n[n[v]]=v;var O=/\\|'|\r|\n|\t|\u2028|\u2029/g,P=/\\(\\|'|r|n|t|u2028|u2029)/g,w=function(a){return a.replace(P,function(a,b){return n[b]})};b.template=function(a,c,d){d=b.defaults(d||{},b.templateSettings);a="__p+='"+a.replace(O,function(a){return"\\"+n[a]}).replace(d.escape||
+u,function(a,b){return"'+\n_.escape("+w(b)+")+\n'"}).replace(d.interpolate||u,function(a,b){return"'+\n("+w(b)+")+\n'"}).replace(d.evaluate||u,function(a,b){return"';\n"+w(b)+"\n;__p+='"})+"';\n";d.variable||(a="with(obj||{}){\n"+a+"}\n");var a="var __p='';var print=function(){__p+=Array.prototype.join.call(arguments, '')};\n"+a+"return __p;\n",e=new Function(d.variable||"obj","_",a);if(c)return e(c,b);c=function(a){return e.call(this,a,b)};c.source="function("+(d.variable||"obj")+"){\n"+a+"}";return c};
+b.chain=function(a){return b(a).chain()};var m=function(a){this._wrapped=a};b.prototype=m.prototype;var x=function(a,c){return c?b(a).chain():a},M=function(a,c){m.prototype[a]=function(){var a=i.call(arguments);J.call(a,this._wrapped);return x(c.apply(b,a),this._chain)}};b.mixin(b);j("pop,push,reverse,shift,sort,splice,unshift".split(","),function(a){var b=k[a];m.prototype[a]=function(){var d=this._wrapped;b.apply(d,arguments);var e=d.length;(a=="shift"||a=="splice")&&e===0&&delete d[0];return x(d,
+this._chain)}});j(["concat","join","slice"],function(a){var b=k[a];m.prototype[a]=function(){return x(b.apply(this._wrapped,arguments),this._chain)}});m.prototype.chain=function(){this._chain=true;return this};m.prototype.value=function(){return this._wrapped}}).call(this);
diff --git a/resources/static/pages/verify_secondary_address.js b/resources/static/pages/verify_secondary_address.js
index 607a5621c80d4b477de7ea572c4008b007d6a30a..e94297adf8fce4786b99f8ebcbfd80ac0985efa6 100644
--- a/resources/static/pages/verify_secondary_address.js
+++ b/resources/static/pages/verify_secondary_address.js
@@ -15,6 +15,7 @@ BrowserID.verifySecondaryAddress = (function() {
helpers = bid.Helpers,
complete = helpers.complete,
validation = bid.Validation,
+ tooltip = bid.Tooltip,
token,
sc,
needsPassword,
@@ -49,7 +50,15 @@ BrowserID.verifySecondaryAddress = (function() {
var selector = info.valid ? "#congrats" : "#cannotcomplete";
pageHelpers.replaceFormWithNotice(selector, complete.curry(oncomplete, info.valid));
- }, pageHelpers.getFailure(errors.verifyEmail, oncomplete));
+ }, function(info) {
+ if (info.network && info.network.status === 401) {
+ tooltip.showTooltip("#cannot_authenticate");
+ complete(oncomplete, false);
+ }
+ else {
+ pageHelpers.showFailure(errors.verifyEmail, info, oncomplete);
+ }
+ });
}
else {
complete(oncomplete, false);
diff --git a/resources/static/shared/validation.js b/resources/static/shared/validation.js
index e103085a0cf0bf3de414e0e2323c71ffd34e159b..d49f823719240f0d686f4711406fc7f529b0a821 100644
--- a/resources/static/shared/validation.js
+++ b/resources/static/shared/validation.js
@@ -7,6 +7,8 @@ BrowserID.Validation = (function() {
tooltip = bid.Tooltip;
bid.verifyEmail = function(address) {
+ if (typeof(address) !== "string")
+ return false;
// Original gotten from http://blog.gerv.net/2011/05/html5_email_address_regexp/
// changed the requirement that there must be a ldh-str because BrowserID
// is only used on internet based networks.
diff --git a/resources/static/test/cases/controllers/actions.js b/resources/static/test/cases/controllers/actions.js
index 11c58cd960ce705d77743c6f011ba3b466e0e1a1..8d90d69f88dfd2bcd2b72865732ff267e1593e3a 100644
--- a/resources/static/test/cases/controllers/actions.js
+++ b/resources/static/test/cases/controllers/actions.js
@@ -47,30 +47,6 @@
}
});
- asyncTest("doError with no template - display default error screen", function() {
- createController({
- ready: function() {
- equal(testHelpers.errorVisible(), false, "Error is not yet visible");
- controller.doError({});
- ok(testHelpers.errorVisible(), "Error is visible");
- equal($("#defaultError").length, 1, "default error screen is shown");
- start();
- }
- });
- });
-
- asyncTest("doError with with template - display error screen", function() {
- createController({
- ready: function() {
- equal(testHelpers.errorVisible(), false, "Error is not yet visible");
- controller.doError("invalid_required_email", {email: "email"});
- equal($("#invalidRequiredEmail").length, 1, "default error screen is shown");
- ok(testHelpers.errorVisible(), "Error is visible");
- start();
- }
- });
- });
-
asyncTest("doProvisionPrimaryUser - start the provision_primary_user service", function() {
testActionStartsModule("doProvisionPrimaryUser", {email: TEST_EMAIL},
"provision_primary_user");
diff --git a/resources/static/test/cases/controllers/dialog.js b/resources/static/test/cases/controllers/dialog.js
index ee944e7d4e4b471795188f44523add65d394d051..4190cd915513306d18faa797a3a542aec718676c 100644
--- a/resources/static/test/cases/controllers/dialog.js
+++ b/resources/static/test/cases/controllers/dialog.js
@@ -11,15 +11,18 @@
network = bid.Network,
mediator = bid.Mediator,
testHelpers = bid.TestHelpers,
+ testErrorVisible = testHelpers.testErrorVisible,
+ testErrorNotVisible = testHelpers.testErrorNotVisible,
+ screens = bid.Screens,
xhr = bid.Mocks.xhr,
+ HTTP_TEST_DOMAIN = "http://testdomain.org",
+ HTTPS_TEST_DOMAIN = "https://testdomain.org",
+ TESTEMAIL = "testuser@testuser.com",
controller,
el,
winMock,
navMock;
- function reset() {
- }
-
function WinMock() {
this.location.hash = "#1234";
}
@@ -49,60 +52,59 @@
};
function createController(config) {
- var config = $.extend({
- window: winMock
+ // startExternalDependencies defaults to true, for most of our tests we
+ // want to turn this off to prevent the state machine, channel, and actions
+ // controller from starting up and throwing errors. This allows us to test
+ // dialog as an individual unit.
+ var options = $.extend({
+ window: winMock,
+ startExternalDependencies: false,
}, config);
controller = BrowserID.Modules.Dialog.create();
- controller.start(config);
+ controller.start(options);
}
module("controllers/dialog", {
setup: function() {
winMock = new WinMock();
- reset();
testHelpers.setup();
},
teardown: function() {
controller.destroy();
- reset();
testHelpers.teardown();
}
});
- function checkNetworkError() {
- ok($("#error .contents").text().length, "contents have been written");
- ok($("#error #action").text().length, "action contents have been written");
- ok($("#error #network").text().length, "network contents have been written");
- }
-
asyncTest("initialization with channel error", function() {
// Set the hash so that the channel cannot be found.
winMock.location.hash = "#1235";
createController({
+ startExternalDependencies: true,
ready: function() {
- ok($("#error .contents").text().length, "contents have been written");
+ testErrorVisible();
start();
}
});
});
asyncTest("initialization with add-on navigator.id.channel", function() {
- var ok_p = false;
+ var registerControllerCalled = false;
// expect registerController to be called.
winMock.navigator.id = {
channel : {
registerController: function(controller) {
- ok_p = controller.getVerifiedEmail && controller.get;
+ registerControllerCalled = controller.getVerifiedEmail && controller.get;
}
}
};
createController({
+ startExternalDependencies: true,
ready: function() {
- ok(ok_p, "registerController was not called with proper controller");
+ ok(registerControllerCalled, "registerController was not called with proper controller");
start();
}
});
@@ -113,7 +115,7 @@
createController({
ready: function() {
- ok($("#error .contents").text().length == 0, "no error should be reported");
+ testErrorNotVisible();
start();
}
});
@@ -125,7 +127,7 @@
createController({
ready: function() {
- ok($("#error .contents").text().length == 0, "no error should be reported");
+ testErrorNotVisible();
start();
}
});
@@ -138,7 +140,7 @@
ready: function() {
mediator.subscribe("start", function(msg, info) {
equal(info.type, "primary", "correct type");
- equal(info.email, "testuser@testuser.com", "email_chosen with correct email");
+ equal(info.email, TESTEMAIL, "email_chosen with correct email");
equal(info.add, false, "add is not specified with CREATE_EMAIL option");
start();
});
@@ -161,7 +163,7 @@
ready: function() {
mediator.subscribe("start", function(msg, info) {
equal(info.type, "primary", "correct type");
- equal(info.email, "testuser@testuser.com", "email_chosen with correct email");
+ equal(info.email, TESTEMAIL, "email_chosen with correct email");
equal(info.add, true, "add is specified with ADD_EMAIL option");
start();
});
@@ -179,7 +181,6 @@
asyncTest("onWindowUnload", function() {
createController({
- requiredEmail: "registered@testuser.com",
ready: function() {
var error;
@@ -196,6 +197,277 @@
});
});
+ asyncTest("get with invalid requiredEmail - print error screen", function() {
+ createController({
+ ready: function() {
+ mediator.subscribe("start", function(msg, info) {
+ ok(false, "start should not have been called");
+ });
+
+ var retval = controller.get(HTTP_TEST_DOMAIN, {
+ requiredEmail: "bademail"
+ });
+ equal(retval, "invalid requiredEmail: (bademail)", "expected error");
+ testErrorVisible();
+ start();
+ }
+ });
+ });
+
+ asyncTest("get with script containing requiredEmail - print error screen", function() {
+ createController({
+ ready: function() {
+ mediator.subscribe("start", function(msg, info) {
+ ok(false, "start should not have been called");
+ });
+
+ var retval = controller.get(HTTP_TEST_DOMAIN, {
+ requiredEmail: "<script>window.scriptRun=true;</script>testuser@testuser.com"
+ });
+
+ // If requiredEmail is not properly escaped, scriptRun will be true.
+ equal(typeof window.scriptRun, "undefined", "script was not run");
+ equal(retval, "invalid requiredEmail: (<script>window.scriptRun=true;</script>testuser@testuser.com)", "expected error");
+ testErrorVisible();
+ start();
+ }
+ });
+ });
+
+ asyncTest("get with valid requiredEmail - go to start", function() {
+ createController({
+ ready: function() {
+ var startInfo;
+ mediator.subscribe("start", function(msg, info) {
+ startInfo = info;
+ });
+
+ var retval = controller.get(HTTP_TEST_DOMAIN, {
+ requiredEmail: TESTEMAIL
+ });
+
+ testHelpers.testObjectValuesEqual(startInfo, {
+ requiredEmail: TESTEMAIL
+ });
+ equal(typeof retval, "undefined", "no error expected");
+ testErrorNotVisible();
+ start();
+ }
+ });
+ });
+
+ asyncTest("get with relative tosURL & valid privacyURL - print error screen", function() {
+ createController({
+ ready: function() {
+ mediator.subscribe("start", function(msg, info) {
+ ok(false, "start should not have been called");
+ });
+
+ var retval = controller.get(HTTP_TEST_DOMAIN, {
+ tosURL: "relative.html",
+ privacyURL: "/privacy.html"
+ });
+ equal(retval, "relative urls not allowed: (relative.html)", "expected error");
+ testErrorVisible();
+ start();
+ }
+ });
+ });
+
+ asyncTest("get with script containing tosURL - print error screen", function() {
+ createController({
+ ready: function() {
+ mediator.subscribe("start", function(msg, info) {
+ ok(false, "start should not have been called");
+ });
+
+ var retval = controller.get(HTTP_TEST_DOMAIN, {
+ tosURL: "relative.html<script>window.scriptRun=true;</script>",
+ privacyURL: "/privacy.html"
+ });
+
+ // If tosURL is not properly escaped, scriptRun will be true.
+ equal(typeof window.scriptRun, "undefined", "script was not run");
+ equal(retval, "relative urls not allowed: (relative.html<script>window.scriptRun=true;</script>)", "expected error");
+ testErrorVisible();
+ start();
+ }
+ });
+ });
+
+ asyncTest("get with valid tosURL & relative privacyURL - print error screen", function() {
+ createController({
+ ready: function() {
+ mediator.subscribe("start", function(msg, info) {
+ ok(false, "start should not have been called");
+ });
+
+ var retval = controller.get(HTTP_TEST_DOMAIN, {
+ tosURL: "/tos.html",
+ privacyURL: "relative.html"
+ });
+ equal(retval, "relative urls not allowed: (relative.html)", "expected error");
+ testErrorVisible();
+ start();
+ }
+ });
+ });
+
+ asyncTest("get with script containing privacyURL - print error screen", function() {
+ createController({
+ ready: function() {
+ mediator.subscribe("start", function(msg, info) {
+ ok(false, "start should not have been called");
+ });
+
+ var retval = controller.get(HTTP_TEST_DOMAIN, {
+ tosURL: "/tos.html",
+ privacyURL: "relative.html<script>window.scriptRun=true;</script>"
+ });
+
+ // If privacyURL is not properly escaped, scriptRun will be true.
+ equal(typeof window.scriptRun, "undefined", "script was not run");
+ equal(retval, "relative urls not allowed: (relative.html<script>window.scriptRun=true;</script>)", "expected error");
+ testErrorVisible();
+ start();
+ }
+ });
+ });
+
+ asyncTest("get with privacyURL - print error screen", function() {
+ createController({
+ ready: function() {
+ mediator.subscribe("start", function(msg, info) {
+ ok(false, "start should not have been called");
+ });
+
+ var retval = controller.get(HTTP_TEST_DOMAIN, {
+ tosURL: "/tos.html",
+ privacyURL: "relative.html<script>window.scriptRun=true;</script>"
+ });
+
+ // If privacyURL is not properly escaped, scriptRun will be true.
+ equal(typeof window.scriptRun, "undefined", "script was not run");
+ equal(retval, "relative urls not allowed: (relative.html<script>window.scriptRun=true;</script>)", "expected error");
+ testErrorVisible();
+ start();
+ }
+ });
+ });
+
+ asyncTest("get with javascript protocol for privacyURL - print error screen", function() {
+ createController({
+ ready: function() {
+ mediator.subscribe("start", function(msg, info) {
+ ok(false, "start should not have been called");
+ });
+
+ var retval = controller.get(HTTP_TEST_DOMAIN, {
+ tosURL: "/tos.html",
+ privacyURL: "javascript:alert(1)"
+ });
+
+ equal(retval, "relative urls not allowed: (javascript:alert(1))", "expected error");
+ testErrorVisible();
+ start();
+ }
+ });
+ });
+
+ asyncTest("get with invalid httpg protocol for privacyURL - print error screen", function() {
+ createController({
+ ready: function() {
+ mediator.subscribe("start", function(msg, info) {
+ ok(false, "start should not have been called");
+ });
+
+ var retval = controller.get(HTTP_TEST_DOMAIN, {
+ tosURL: "/tos.html",
+ privacyURL: "httpg://testdomain.com/privacy.html"
+ });
+
+ equal(retval, "relative urls not allowed: (httpg://testdomain.com/privacy.html)", "expected error");
+ testErrorVisible();
+ start();
+ }
+ });
+ });
+
+
+ asyncTest("get with valid absolute tosURL & privacyURL - go to start", function() {
+ createController({
+ ready: function() {
+ var startInfo;
+ mediator.subscribe("start", function(msg, info) {
+ startInfo = info;
+ });
+
+ var retval = controller.get(HTTP_TEST_DOMAIN, {
+ tosURL: "/tos.html",
+ privacyURL: "/privacy.html"
+ });
+
+ testHelpers.testObjectValuesEqual(startInfo, {
+ tosURL: HTTP_TEST_DOMAIN + "/tos.html",
+ privacyURL: HTTP_TEST_DOMAIN + "/privacy.html"
+ });
+
+ equal(typeof retval, "undefined", "no error expected");
+ testErrorNotVisible();
+ start();
+ }
+ });
+ });
+
+ asyncTest("get with valid fully qualified http tosURL & privacyURL - go to start", function() {
+ createController({
+ ready: function() {
+ var startInfo;
+ mediator.subscribe("start", function(msg, info) {
+ startInfo = info;
+ });
+
+ var retval = controller.get(HTTP_TEST_DOMAIN, {
+ tosURL: HTTP_TEST_DOMAIN + "/tos.html",
+ privacyURL: HTTP_TEST_DOMAIN + "/privacy.html"
+ });
+
+ testHelpers.testObjectValuesEqual(startInfo, {
+ tosURL: HTTP_TEST_DOMAIN + "/tos.html",
+ privacyURL: HTTP_TEST_DOMAIN + "/privacy.html"
+ });
+
+ equal(typeof retval, "undefined", "no error expected");
+ testErrorNotVisible();
+ start();
+ }
+ });
+ });
+
+
+ asyncTest("get with valid fully qualified https tosURL & privacyURL - go to start", function() {
+ createController({
+ ready: function() {
+ var startInfo;
+ mediator.subscribe("start", function(msg, info) {
+ startInfo = info;
+ });
+
+ var retval = controller.get(HTTP_TEST_DOMAIN, {
+ tosURL: HTTPS_TEST_DOMAIN + "/tos.html",
+ privacyURL: HTTPS_TEST_DOMAIN + "/privacy.html"
+ });
+
+ testHelpers.testObjectValuesEqual(startInfo, {
+ tosURL: HTTPS_TEST_DOMAIN + "/tos.html",
+ privacyURL: HTTPS_TEST_DOMAIN + "/privacy.html"
+ });
+ equal(typeof retval, "undefined", "no error expected");
+ testErrorNotVisible();
+ start();
+ }
+ });
+ });
}());
diff --git a/resources/static/test/cases/pages/verify_secondary_address.js b/resources/static/test/cases/pages/verify_secondary_address.js
index d7eacaa574bb8d489c7a5897d0913c2060d43a6b..23aea9f564ba7e0949ba0031eb7cc19540ff445d 100644
--- a/resources/static/test/cases/pages/verify_secondary_address.js
+++ b/resources/static/test/cases/pages/verify_secondary_address.js
@@ -125,6 +125,20 @@
});
});
+ asyncTest("password: bad password", function() {
+ $("#password").val("password");
+
+ xhr.useResult("mustAuth");
+ createController(config, function() {
+ xhr.useResult("badPassword");
+ controller.submit(function(status) {
+ equal(status, false, "correct status");
+ testHelpers.testTooltipVisible();
+ start();
+ });
+ });
+ });
+
asyncTest("password: good password bad token", function() {
$("#password").val("password");
diff --git a/resources/static/test/cases/resources/helpers.js b/resources/static/test/cases/resources/helpers.js
index 8ab3ed0a89d4127db4b6101a8a7aa2025328a103..e7b65da5847814d9d0c1741815a69e1c50115eb8 100644
--- a/resources/static/test/cases/resources/helpers.js
+++ b/resources/static/test/cases/resources/helpers.js
@@ -15,16 +15,13 @@
testHelpers = bid.TestHelpers,
user = bid.User,
provisioning = bid.Mocks.Provisioning,
- closeCB,
+ mediator = bid.Mediator,
errorCB,
expectedError = testHelpers.expectedXHRFailure,
badError = testHelpers.unexpectedXHRFailure;
var controllerMock = {
- publish: function(message, info) {
- closeCB && closeCB(message, info);
- },
-
+ publish: mediator.publish,
getErrorDialog: function(info) {
return function() {
errorCB && errorCB(info);
@@ -32,30 +29,25 @@
}
};
- function expectedClose(message, field, value) {
- return function(m, info) {
+ function expectedMessage(message, expectedFields) {
+ mediator.subscribe(message, function(m, info) {
equal(m, message, "correct message: " + message);
- if(field) {
- if(value) {
- equal(info[field], value, field + " has correct value of " + value);
- }
- else {
- ok(info[field], field + " has a value");
- }
- }
- }
+ testHelpers.testObjectValuesEqual(info, expectedFields);
+ });
}
- function badClose() {
- ok(false, "close should have never been called");
+ function unexpectedMessage(message) {
+ mediator.subscribe(message, function(m, info) {
+ ok(false, "close should have never been called");
+ });
}
module("resources/helpers", {
setup: function() {
testHelpers.setup();
- closeCB = errorCB = null;
+ errorCB = null;
errorCB = badError;
user.init({
provisioning: provisioning
@@ -69,7 +61,9 @@
});
asyncTest("getAssertion happy case", function() {
- closeCB = expectedClose("assertion_generated", "assertion");
+ mediator.subscribe("assertion_generated", function(msg, info) {
+ testHelpers.testKeysInObject(info, ["assertion"]);
+ });
storage.addEmail("registered@testuser.com", {});
dialogHelpers.getAssertion.call(controllerMock, "registered@testuser.com", function(assertion) {
@@ -79,7 +73,7 @@
});
asyncTest("getAssertion with XHR error", function() {
- closeCB = badClose;
+ unexpectedMessage("assertion_generated");
errorCB = expectedError;
xhr.useResult("ajaxError");
@@ -106,15 +100,15 @@
errorCB = expectedError;
xhr.useResult("ajaxError");
- dialogHelpers.authenticateUser.call(controllerMock, "testuser@testuser.com", "password", function() {
- ok(false, "unexpected success callback");
- start();
- });
+ dialogHelpers.authenticateUser.call(controllerMock, "testuser@testuser.com", "password", testHelpers.unexpectedSuccess);
});
asyncTest("createUser with unknown secondary happy case, expect 'user_staged' message", function() {
xhr.useResult("unknown_secondary");
- closeCB = expectedClose("user_staged", "email", "unregistered@testuser.com");
+ expectedMessage("user_staged", {
+ email: "unregistered@testuser.com",
+ password: "password"
+ });
dialogHelpers.createUser.call(controllerMock, "unregistered@testuser.com", "password", function(staged) {
equal(staged, true, "user was staged");
@@ -123,7 +117,7 @@
});
asyncTest("createUser with unknown secondary, user throttled", function() {
- closeCB = badClose;
+ unexpectedMessage("user_staged");
xhr.useResult("throttle");
dialogHelpers.createUser.call(controllerMock, "unregistered@testuser.com", "password", function(staged) {
@@ -141,7 +135,10 @@
asyncTest("addEmail with primary email happy case, expects primary_user message", function() {
xhr.useResult("primary");
- closeCB = expectedClose("primary_user", "add", true);
+ expectedMessage("primary_user", {
+ add: true
+ });
+
dialogHelpers.addEmail.call(controllerMock, "unregistered@testuser.com", function(status) {
ok(status, "correct status");
start();
@@ -150,7 +147,10 @@
asyncTest("addEmail with secondary email - trigger add_email_submit_with_secondary", function() {
xhr.useResult("unknown_secondary");
- closeCB = expectedClose("add_email_submit_with_secondary", "email", "unregistered@testuser.com");
+ expectedMessage("add_email_submit_with_secondary", {
+ email: "unregistered@testuser.com"
+ });
+
dialogHelpers.addEmail.call(controllerMock, "unregistered@testuser.com", function(success) {
equal(success, true, "success status");
start();
@@ -161,10 +161,7 @@
errorCB = expectedError;
xhr.useResult("ajaxError");
- dialogHelpers.addEmail.call(controllerMock, "unregistered@testuser.com", function(added) {
- ok(false, "unexpected close");
- start();
- });
+ dialogHelpers.addEmail.call(controllerMock, "unregistered@testuser.com", testHelpers.unexpectedSuccess);
});
asyncTest("addEmail trying to add an email the user already controls - prints a tooltip", function() {
@@ -176,8 +173,47 @@
});
});
+ asyncTest("addSecondaryEmail success - call `email_staged` with email and password", function() {
+
+ mediator.subscribe("email_staged", function(msg, info) {
+ testHelpers.testObjectValuesEqual(info, {
+ email: "testuser@testuser.com",
+ password: "password"
+ });
+ start();
+ });
+
+ dialogHelpers.addSecondaryEmail.call(controllerMock, "testuser@testuser.com", "password", function(added) {
+ equal(added, true, "email reported as added");
+ });
+ });
+
+ asyncTest("addSecondaryEmail throttled - tooltip displayed", function() {
+
+ xhr.useResult("throttle");
+ unexpectedMessage("email_staged");
+
+ dialogHelpers.addSecondaryEmail.call(controllerMock, "testuser@testuser.com", "password", function(added) {
+ equal(added, false, "email not added");
+ testHelpers.testTooltipVisible();
+ start();
+ });
+ });
+
+ asyncTest("addSecondaryEmail with XHR error - error message displayed", function() {
+
+ xhr.useResult("ajaxError");
+ unexpectedMessage("email_staged");
+ errorCB = expectedError;
+
+ dialogHelpers.addSecondaryEmail.call(controllerMock, "testuser@testuser.com", "password", testHelpers.unexpectedSuccess);
+ });
+
asyncTest("resetPassword happy case", function() {
- closeCB = expectedClose("password_reset", "email", "registered@testuser.com");
+ expectedMessage("password_reset", {
+ email: "registered@testuser.com"
+ });
+
dialogHelpers.resetPassword.call(controllerMock, "registered@testuser.com", "password", function(reset) {
ok(reset, "password reset");
start();
@@ -197,10 +233,7 @@
errorCB = expectedError;
xhr.useResult("ajaxError");
- dialogHelpers.resetPassword.call(controllerMock, "registered@testuser.com", "password", function(reset) {
- ok(false, "unexpected close");
- start();
- });
+ dialogHelpers.resetPassword.call(controllerMock, "registered@testuser.com", "password", testHelpers.unexpectedSuccess);
});
}());
diff --git a/resources/static/test/cases/resources/state.js b/resources/static/test/cases/resources/state.js
index a8d859f1953e82c540e3723183dbc00dcd168b77..16b634350c30c0e48c836aaa93640b9c742afb63 100644
--- a/resources/static/test/cases/resources/state.js
+++ b/resources/static/test/cases/resources/state.js
@@ -376,28 +376,6 @@
equal(actions.called.doCheckAuth, true, "checking auth on start");
});
- test("start with invalid requiredEmail - print error screen", function() {
- mediator.publish("start", {
- requiredEmail: "bademail"
- });
-
- equal(actions.called.doError, true, "error screen is shown");
- });
-
- test("start with empty requiredEmail - prints error screen", function() {
- mediator.publish("start", {
- requiredEmail: ""
- });
-
- equal(actions.called.doError, true, "error screen is shown");
- });
-
- test("start with valid requiredEmail - go to doCheckAuth", function() {
- mediator.publish("start", { requiredEmail: TEST_EMAIL });
-
- equal(actions.called.doCheckAuth, true, "checking auth on start");
- });
-
asyncTest("start to complete successful primary email verification - goto 'primary_user'", function() {
mediator.subscribe("primary_user", function(msg, info) {
equal(info.email, TEST_EMAIL, "correct email given");
diff --git a/resources/static/test/cases/shared/network.js b/resources/static/test/cases/shared/network.js
index e98a049029126e6eb623820d7a95fae563f7a7ea..ef310d932c20905bea77f4aca7dbe8e263c7ca85 100644
--- a/resources/static/test/cases/shared/network.js
+++ b/resources/static/test/cases/shared/network.js
@@ -174,9 +174,9 @@
}, testHelpers.unexpectedXHRFailure);
});
- asyncTest("completeEmailRegistration with valid token, missing password", function() {
- transport.useResult("missing_password");
- network.completeEmailRegistration("token", undefined,
+ asyncTest("completeEmailRegistration with valid token, bad password", function() {
+ transport.useResult("badPassword");
+ network.completeEmailRegistration("token", "password",
testHelpers.unexpectedSuccess,
testHelpers.expectedXHRFailure);
});
@@ -280,9 +280,9 @@
}, testHelpers.unexpectedFailure);
});
- asyncTest("completeUserRegistration with valid token, missing password", function() {
- transport.useResult("missing_password");
- network.completeUserRegistration("token", undefined,
+ asyncTest("completeUserRegistration with valid token, bad password", function() {
+ transport.useResult("badPassword");
+ network.completeUserRegistration("token", "password",
testHelpers.unexpectedSuccess,
testHelpers.expectedXHRFailure);
});
diff --git a/resources/static/test/mocks/xhr.js b/resources/static/test/mocks/xhr.js
index fc30baca72a584bef9a3ebc2470550ebdc073edf..e2d56028acabded23da7beaeea1bfa7726cfc26b 100644
--- a/resources/static/test/mocks/xhr.js
+++ b/resources/static/test/mocks/xhr.js
@@ -40,6 +40,7 @@ BrowserID.Mocks.xhr = (function() {
"get /wsapi/email_for_token?token=token valid": { email: "testuser@testuser.com" },
"get /wsapi/email_for_token?token=token mustAuth": { email: "testuser@testuser.com", must_auth: true },
"get /wsapi/email_for_token?token=token needsPassword": { email: "testuser@testuser.com", needs_password: true },
+ "get /wsapi/email_for_token?token=token badPassword": { email: "testuser@testuser.com", must_auth: true },
"get /wsapi/email_for_token?token=token invalid": { success: false },
"post /wsapi/authenticate_user valid": { success: true, userid: 1 },
"post /wsapi/authenticate_user invalid": { success: false },
@@ -53,7 +54,7 @@ BrowserID.Mocks.xhr = (function() {
"post /wsapi/cert_key invalid": undefined,
"post /wsapi/cert_key ajaxError": undefined,
"post /wsapi/complete_email_addition valid": { success: true },
- "post /wsapi/complete_email_addition missing_password": 401,
+ "post /wsapi/complete_email_addition badPassword": 401,
"post /wsapi/complete_email_addition invalid": { success: false },
"post /wsapi/complete_email_addition ajaxError": undefined,
"post /wsapi/stage_user unknown_secondary": { success: true },
@@ -67,7 +68,7 @@ BrowserID.Mocks.xhr = (function() {
"get /wsapi/user_creation_status?email=registered%40testuser.com noRegistration": { status: "noRegistration" },
"get /wsapi/user_creation_status?email=registered%40testuser.com ajaxError": undefined,
"post /wsapi/complete_user_creation valid": { success: true },
- "post /wsapi/complete_user_creation missing_password": 401,
+ "post /wsapi/complete_user_creation badPassword": 401,
"post /wsapi/complete_user_creation invalid": { success: false },
"post /wsapi/complete_user_creation ajaxError": undefined,
"post /wsapi/logout valid": { success: true },
diff --git a/resources/static/test/testHelpers/helpers.js b/resources/static/test/testHelpers/helpers.js
index 5f72fae9ff39fc56b9b95de99c2b142962d89816..d7909c38ec34113049d0a3d6695a7900148b674f 100644
--- a/resources/static/test/testHelpers/helpers.js
+++ b/resources/static/test/testHelpers/helpers.js
@@ -127,6 +127,10 @@ BrowserID.TestHelpers = (function() {
equal(TestHelpers.errorVisible(), true, "error screen is visible");
},
+ testErrorNotVisible: function() {
+ equal(TestHelpers.errorVisible(), false, "error screen is not visible");
+ },
+
waitVisible: function() {
return screens.wait.visible;
},
diff --git a/resources/views/add_email_address.ejs b/resources/views/add_email_address.ejs
index 45b711cec7d8d7b53a9da83b7f2c1f933de87ca4..2bbff96c54e1f8f46cbc55b5125b11684b1c953b 100644
--- a/resources/views/add_email_address.ejs
+++ b/resources/views/add_email_address.ejs
@@ -30,6 +30,10 @@
<div class="tooltip" id="password_length" for="password">
<%= gettext('Password must be between 8 and 80 characters long.') %>
</div>
+
+ <div id="cannot_authenticate" class="tooltip" for="password">
+ <%= gettext('The account cannot be verified with this username and password.') %>
+ </div>
</li>
<li class="password_entry" id="verify_password">
diff --git a/resources/views/test.ejs b/resources/views/test.ejs
index 5b1890c5630a9ea5cb134fe3c722dbf4c1e44fff..630b4bd062eae6ecc7a18fabc2cbf31cd04745f9 100644
--- a/resources/views/test.ejs
+++ b/resources/views/test.ejs
@@ -76,6 +76,7 @@
<script src="/lib/hub.js"></script>
<script src="/lib/module.js"></script>
<script src="/lib/jschannel.js"></script>
+ <script src="/lib/urlparse.js"></script>
<script src="mocks/mocks.js"></script>
<script src="mocks/xhr.js"></script>
<script src="mocks/templates.js"></script>
diff --git a/resources/views/verify_email_address.ejs b/resources/views/verify_email_address.ejs
index 1f275d3fe8c3362f98b6360c58484d401e2a9e9c..77f688b448d07e38570705fd6b9f3a25f17f2b17 100644
--- a/resources/views/verify_email_address.ejs
+++ b/resources/views/verify_email_address.ejs
@@ -30,6 +30,10 @@
<div class="tooltip" id="password_length" for="password">
<%= gettext('Password must be between 8 and 80 characters long.') %>
</div>
+
+ <div id="cannot_authenticate" class="tooltip" for="password">
+ <%= gettext('The account cannot be verified with this username and password.') %>
+ </div>
</li>
<li class="password_entry" id="verify_password">