WebKit Bugzilla
Attachment 368867 Details for
Bug 197543
: [WebAuthN] A focused document should be required
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-197543-20190502190259.patch (text/plain), 4.26 KB, created by
Jiewen Tan
on 2019-05-02 19:03:00 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Jiewen Tan
Created:
2019-05-02 19:03:00 PDT
Size:
4.26 KB
patch
obsolete
>Subversion Revision: 244898 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index af347836d9e6fae8beb7509eec4d23c258853ca8..f36e022ba47530cd364bd0e3626f686e2409ffd9 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,24 @@ >+2019-05-02 Jiewen Tan <jiewen_tan@apple.com> >+ >+ [WebAuthN] A focused document should be required >+ https://bugs.webkit.org/show_bug.cgi?id=197543 >+ <rdar://problem/50430989> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This patch adds a check to see if the invoking document is focused before >+ calling into WebAuthN. Sadly, it is really hard to blur a document in layout >+ tests and therefore not tests. >+ >+ This patch also removes some out-to-dated comments. >+ >+ * Modules/credentialmanagement/CredentialsContainer.cpp: >+ (WebCore::CredentialsContainer::get): >+ (WebCore::CredentialsContainer::isCreate): >+ * Modules/webauthn/AuthenticatorCoordinator.cpp: >+ (WebCore::AuthenticatorCoordinator::create const): >+ (WebCore::AuthenticatorCoordinator::discoverFromExternalSource const): >+ > 2019-05-02 Ryosuke Niwa <rniwa@webkit.org> > > Disable software keyboard for a math field textarea on desmos.com >diff --git a/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp b/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp >index 7081478e90ccf16739e58f19a33efb4bdacbbbf1..2f03895496c407b66badf575dd32b5fc587b36be 100644 >--- a/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp >+++ b/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp >@@ -83,6 +83,12 @@ void CredentialsContainer::get(CredentialRequestOptions&& options, CredentialPro > return; > } > >+ // Extra. >+ if (!m_document->hasFocus()) { >+ promise.reject(Exception { NotAllowedError, "The document is not focused."_s }); >+ return; >+ } >+ > m_document->page()->authenticatorCoordinator().discoverFromExternalSource(m_document->securityOrigin(), options.publicKey.value(), doesHaveSameOriginAsItsAncestors(), WTFMove(options.signal), WTFMove(promise)); > } > >@@ -112,6 +118,12 @@ void CredentialsContainer::isCreate(CredentialCreationOptions&& options, Credent > return; > } > >+ // Extra. >+ if (!m_document->hasFocus()) { >+ promise.reject(Exception { NotAllowedError, "The document is not focused."_s }); >+ return; >+ } >+ > m_document->page()->authenticatorCoordinator().create(m_document->securityOrigin(), options.publicKey.value(), doesHaveSameOriginAsItsAncestors(), WTFMove(options.signal), WTFMove(promise)); > } > >diff --git a/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp b/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp >index a4d20acdb7c970c1cb2e94ed7fdab4a6843c661a..747aab32f328fd112329b68592ecb8ba93f9f935 100644 >--- a/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp >+++ b/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp >@@ -166,10 +166,7 @@ void AuthenticatorCoordinator::create(const SecurityOrigin& callerOrigin, const > auto clientDataJsonHash = produceClientDataJsonHash(clientDataJson); > > // Step 4, 17-21. >- // Only platform attachments will be supported at this stage. Assuming one authenticator per device. >- // Also, resident keys, user verifications and direct attestation are enforced at this tage. >- // For better performance, transports of options.excludeCredentials are checked in LocalAuthenticator. >- if (!m_client) { >+ if (!m_client) { > promise.reject(Exception { UnknownError, "Unknown internal error."_s }); > return; > } >@@ -237,10 +234,7 @@ void AuthenticatorCoordinator::discoverFromExternalSource(const SecurityOrigin& > auto clientDataJsonHash = produceClientDataJsonHash(clientDataJson); > > // Step 4, 14-19. >- // Only platform attachments will be supported at this stage. Assuming one authenticator per device. >- // Also, resident keys, user verifications and direct attestation are enforced at this tage. >- // For better performance, filtering of options.allowCredentials is done in LocalAuthenticator. >- if (!m_client) { >+ if (!m_client) { > promise.reject(Exception { UnknownError, "Unknown internal error."_s }); > return; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=368867">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
bfulgham
:
review+
ews-watchlist
:
commit-queue-
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 197543
: 368867 |
368876
|
368884
|
368896
|
368962