From 3d8cd34840f99668ad5bde37f54a0fa3a96e3a50 Mon Sep 17 00:00:00 2001
From: marcoscaceres <caceres_m@apple.com>
Date: Fri, 5 Jul 2024 09:33:58 +1000
Subject: [PATCH] Digital Credentials: implement visibility and focus
 requirements https://bugs.webkit.org/show_bug.cgi?id=275782 rdar://130821648

Reviewed by NOBODY (OOPS!).

Adds visibility, focus, and user activation checks as per:
See https://github.com/WICG/digital-credentials/pull/129

* LayoutTests/http/wpt/identity/identitycredentialscontainer-get-basics.https.html:
* LayoutTests/http/wpt/identity/identitycredentialscontainer-get-hidden.https-expected.txt: Added.
* LayoutTests/http/wpt/identity/identitycredentialscontainer-get-hidden.https.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/digital-credentials/get-user-activation.https-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/digital-credentials/get-user-activation.https.html: Added.
* Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h:
* Source/WebCore/Modules/identity/IdentityCredentialsContainer.cpp:
(WebCore::IdentityCredentialsContainer::get):
---
 ...credentialscontainer-get-basics.https.html | 10 ++++++
 ...alscontainer-get-hidden.https-expected.txt |  3 ++
 ...credentialscontainer-get-hidden.https.html | 34 +++++++++++++++++++
 .../get-user-activation.https-expected.txt    |  4 +++
 .../get-user-activation.https.html            | 33 ++++++++++++++++++
 .../CredentialsContainer.h                    |  3 +-
 .../identity/IdentityCredentialsContainer.cpp | 18 ++++++++++
 7 files changed, 103 insertions(+), 2 deletions(-)
 create mode 100644 LayoutTests/http/wpt/identity/identitycredentialscontainer-get-hidden.https-expected.txt
 create mode 100644 LayoutTests/http/wpt/identity/identitycredentialscontainer-get-hidden.https.html
 create mode 100644 LayoutTests/imported/w3c/web-platform-tests/digital-credentials/get-user-activation.https-expected.txt
 create mode 100644 LayoutTests/imported/w3c/web-platform-tests/digital-credentials/get-user-activation.https.html

diff --git a/LayoutTests/http/wpt/identity/identitycredentialscontainer-get-basics.https.html b/LayoutTests/http/wpt/identity/identitycredentialscontainer-get-basics.https.html
index 786f02794cfcc..0849b9704dbe9 100644
--- a/LayoutTests/http/wpt/identity/identitycredentialscontainer-get-basics.https.html
+++ b/LayoutTests/http/wpt/identity/identitycredentialscontainer-get-basics.https.html
@@ -1,9 +1,14 @@
 <!DOCTYPE html>
+<meta charset="utf-8">
 <title>Digital Credential API: get() default behavior checks.</title>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
+<body></body>
 <script>
     promise_test(async (t) => {
+        await test_driver.bless();
         await promise_rejects_dom(
             t,
             "NotSupportedError",
@@ -11,6 +16,7 @@
             "navigator.identity.get() with no argument."
         );
 
+        await test_driver.bless();
         await promise_rejects_dom(
             t,
             "NotSupportedError",
@@ -18,6 +24,7 @@
             "navigator.identity.get() with empty dictionary."
         );
 
+        await test_driver.bless();
         await promise_rejects_js(
             t,
             TypeError,
@@ -25,6 +32,7 @@
             "navigator.identity.get() with bogus digital type"
         );
 
+        await test_driver.bless();
         await promise_rejects_dom(
             t,
             "NotSupportedError",
@@ -32,6 +40,7 @@
             "navigator.identity.get() with unknown key (same as passing empty dictionary)."
         );
 
+        await test_driver.bless();
         await promise_rejects_js(
             t,
             TypeError,
@@ -39,6 +48,7 @@
             "navigator.identity.get() with an empty list of providers"
         );
 
+        await test_driver.bless();
         await promise_rejects_js(
             t,
             TypeError,
diff --git a/LayoutTests/http/wpt/identity/identitycredentialscontainer-get-hidden.https-expected.txt b/LayoutTests/http/wpt/identity/identitycredentialscontainer-get-hidden.https-expected.txt
new file mode 100644
index 0000000000000..45c33326bf0c6
--- /dev/null
+++ b/LayoutTests/http/wpt/identity/identitycredentialscontainer-get-hidden.https-expected.txt
@@ -0,0 +1,3 @@
+
+PASS navigator.identity.get() can't be used with hidden documents.
+
diff --git a/LayoutTests/http/wpt/identity/identitycredentialscontainer-get-hidden.https.html b/LayoutTests/http/wpt/identity/identitycredentialscontainer-get-hidden.https.html
new file mode 100644
index 0000000000000..fe043b6092cd2
--- /dev/null
+++ b/LayoutTests/http/wpt/identity/identitycredentialscontainer-get-hidden.https.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<meta charset="utf-8" />
+<title>
+  Digital Credential API: get() can't be used with hidden documents.
+</title>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body></body>
+<script>
+    promise_test(async (test) => {
+        await new Promise((resolve) => {
+            assert_equals(document.visibilityState, "visible", "initially visible");
+            document.onvisibilitychange = resolve;
+            testRunner.setPageVisibility("hidden");
+        });
+
+        assert_equals(document.visibilityState, "hidden", "now should be hidden");
+
+        await test_driver.bless();
+
+        assert_true(
+            navigator.userActivation.isActive,
+            "User activation should be active after test_driver.bless()."
+        );
+
+        await promise_rejects_dom(
+            test,
+            "NotAllowedError",
+            navigator.identity.get({})
+        );
+    }, "navigator.identity.get() can't be used with hidden documents.");
+</script>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/digital-credentials/get-user-activation.https-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/digital-credentials/get-user-activation.https-expected.txt
new file mode 100644
index 0000000000000..86c2c4e45e0c0
--- /dev/null
+++ b/LayoutTests/imported/w3c/web-platform-tests/digital-credentials/get-user-activation.https-expected.txt
@@ -0,0 +1,4 @@
+
+PASS navigator.identity.get() calling the API without user activation should reject with NotAllowedError.
+PASS navigator.identity.get() consumes user activation.
+
diff --git a/LayoutTests/imported/w3c/web-platform-tests/digital-credentials/get-user-activation.https.html b/LayoutTests/imported/w3c/web-platform-tests/digital-credentials/get-user-activation.https.html
new file mode 100644
index 0000000000000..6e80ccf73375d
--- /dev/null
+++ b/LayoutTests/imported/w3c/web-platform-tests/digital-credentials/get-user-activation.https.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<title>Digital Credential API: get() consumes user activation.</title>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body></body>
+<script>
+  promise_test(async (t) => {
+    assert_false(
+        navigator.userActivation.isActive,
+        "User activation should not be active"
+    );
+    await promise_rejects_dom(t, "NotAllowedError", navigator.identity.get({}));
+  }, "navigator.identity.get() calling the API without user activation should reject with NotAllowedError.");
+
+  promise_test(async (t) => {
+    await test_driver.bless();
+    assert_true(
+        navigator.userActivation.isActive,
+        "User activation should be active after test_driver.bless()."
+    );
+    await promise_rejects_dom(
+        t,
+        "NotSupportedError",
+        navigator.identity.get({})
+    );
+    assert_false(
+        navigator.userActivation.isActive,
+        "User activation should be consumed after navigator.identity.get()."
+    );
+  }, "navigator.identity.get() consumes user activation.");
+</script>
diff --git a/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h b/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h
index 7b4d6fefcd43a..6b75129e1ca30 100644
--- a/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h
+++ b/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h
@@ -66,9 +66,8 @@ class CredentialsContainer : public RefCounted<CredentialsContainer> {
 private:
     ScopeAndCrossOriginParent scopeAndCrossOriginParent() const;
 
-    WeakPtr<Document, WeakPtrImplWithEventTargetData> m_document;
-
 protected:
+    WeakPtr<Document, WeakPtrImplWithEventTargetData> m_document;
     template<typename Options>
     bool performCommonChecks(const Options&, CredentialPromise&);
 };
diff --git a/Source/WebCore/Modules/identity/IdentityCredentialsContainer.cpp b/Source/WebCore/Modules/identity/IdentityCredentialsContainer.cpp
index c54ba6b841abb..1348e42c020e5 100644
--- a/Source/WebCore/Modules/identity/IdentityCredentialsContainer.cpp
+++ b/Source/WebCore/Modules/identity/IdentityCredentialsContainer.cpp
@@ -36,6 +36,8 @@
 #include "ExceptionOr.h"
 #include "JSDOMPromiseDeferred.h"
 #include "JSDigitalCredential.h"
+#include "LocalDOMWindow.h"
+#include "VisibilityState.h"
 
 namespace WebCore {
 IdentityCredentialsContainer::IdentityCredentialsContainer(WeakPtr<Document, WeakPtrImplWithEventTargetData>&& document)
@@ -48,6 +50,22 @@ void IdentityCredentialsContainer::get(CredentialRequestOptions&& options, Crede
     if (!performCommonChecks(options, promise))
         return;
 
+    if (!m_document->hasFocus()) {
+        promise.reject(Exception { ExceptionCode::NotAllowedError, "The document is not focused."_s });
+        return;
+    }
+
+    if (m_document->visibilityState() != VisibilityState::Visible) {
+        promise.reject(Exception { ExceptionCode::NotAllowedError, "The document is not visible."_s });
+        return;
+    }
+
+    RefPtr window = m_document.get()->domWindow();
+    if (!window || !window->consumeTransientActivation()) {
+        promise.reject(Exception { ExceptionCode::NotAllowedError, "Calling get() needs to be triggered by an activation triggering user event."_s });
+        return;
+    }
+
     if (!options.digital) {
         promise.reject(Exception { ExceptionCode::NotSupportedError, "Only digital member is supported."_s });
         return;