WebKit Bugzilla
Attachment 369585 Details for
Bug 193269
: [WebAuthN] InvalidStateError should be reported to sites
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-193269-20190510130633.patch (text/plain), 14.18 KB, created by
Jiewen Tan
on 2019-05-10 13:06:35 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Jiewen Tan
Created:
2019-05-10 13:06:35 PDT
Size:
14.18 KB
patch
obsolete
>Subversion Revision: 245052 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 35bd7dfc40d3f34119216cd7af333217406b031a..22be11ae5dfc0f338bd7bf29c0b6480d7f00c5ad 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,19 @@ >+2019-05-10 Jiewen Tan <jiewen_tan@apple.com> >+ >+ [WebAuthN] InvalidStateError should be reported to sites >+ https://bugs.webkit.org/show_bug.cgi?id=193269 >+ <rdar://problem/48298264> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This patch implements step 20 about InvalidStateError of the spec: >+ https://www.w3.org/TR/webauthn/#createCredential. >+ >+ * UIProcess/WebAuthentication/AuthenticatorManager.cpp: >+ (WebKit::AuthenticatorManager::respondReceived): >+ * UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp: >+ (WebKit::CtapHidAuthenticator::continueMakeCredentialAfterResponseReceived const): >+ > 2019-05-07 Chris Dumez <cdumez@apple.com> > > Simplify logic to prevent App Nap in WebPage >diff --git a/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp b/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp >index ca7ae5e05a95e5936f873d5e022ea5fb9fde293e..0c5d25c554301c0c1b57f7dad5497e9150cdecfa 100644 >--- a/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp >+++ b/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp >@@ -194,9 +194,12 @@ void AuthenticatorManager::respondReceived(Respond&& respond) > ASSERT(RunLoop::isMain()); > if (!m_requestTimeOutTimer.isActive()) > return; >- > ASSERT(m_pendingCompletionHandler); >- if (WTF::holds_alternative<PublicKeyCredentialData>(respond)) { >+ >+ auto shouldComplete = WTF::holds_alternative<PublicKeyCredentialData>(respond); >+ if (!shouldComplete) >+ shouldComplete = WTF::get<ExceptionData>(respond).code == InvalidStateError; >+ if (shouldComplete) { > m_pendingCompletionHandler(WTFMove(respond)); > clearStateAsync(); > m_requestTimeOutTimer.stop(); >diff --git a/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp b/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp >index 2a4bd196ebd4a37679232e09f5cec3297f0f13ce..08cd5a343b127f45cad2fedfeea98a1a0eb9adfe 100644 >--- a/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp >+++ b/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp >@@ -62,7 +62,11 @@ void CtapHidAuthenticator::continueMakeCredentialAfterResponseReceived(Vector<ui > { > auto response = readCTAPMakeCredentialResponse(data); > if (!response) { >- receiveRespond(ExceptionData { UnknownError, makeString("Unknown internal error. Error code: ", data.size() == 1 ? data[0] : -1) }); >+ auto error = getResponseCode(data); >+ if (error == CtapDeviceResponseCode::kCtap2ErrCredentialExcluded) >+ receiveRespond(ExceptionData { InvalidStateError, "At least one credential matches an entry of the excludeCredentials list in the authenticator."_s }); >+ else >+ receiveRespond(ExceptionData { UnknownError, makeString("Unknown internal error. Error code: ", static_cast<uint8_t>(error)) }); > return; > } > receiveRespond(WTFMove(*response)); >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 737451a18bf0b71abb346d22ef5c21b6651de3a0..82a1515d2a1eba18b98437411300641ff86c4693 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,19 @@ >+2019-05-10 Jiewen Tan <jiewen_tan@apple.com> >+ >+ [WebAuthN] InvalidStateError should be reported to sites >+ https://bugs.webkit.org/show_bug.cgi?id=193269 >+ <rdar://problem/48298264> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * http/wpt/webauthn/ctap-hid-failure.https.html: >+ * http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https-expected.txt: >+ * http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html: >+ * http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt: >+ * http/wpt/webauthn/public-key-credential-create-failure-hid.https.html: >+ * http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https.html: >+ * http/wpt/webauthn/resources/util.js: >+ > 2019-05-08 Jiewen Tan <jiewen_tan@apple.com> > > Unreviewed, a build fix after r245043 >diff --git a/LayoutTests/http/wpt/webauthn/ctap-hid-failure.https.html b/LayoutTests/http/wpt/webauthn/ctap-hid-failure.https.html >index c46ee39138f0efecf741296edae7f9328a54ce96..4f0fd6aa06609c943516f9e76a8376caa6da92d9 100644 >--- a/LayoutTests/http/wpt/webauthn/ctap-hid-failure.https.html >+++ b/LayoutTests/http/wpt/webauthn/ctap-hid-failure.https.html >@@ -65,6 +65,6 @@ > promise_test(function(t) { > if (window.testRunner) > testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "wrong-channel-id", payloadBase64:[testDummyMessagePayloadBase64] } }); >- return promiseRejects(t, "UnknownError", navigator.credentials.create(defaultOptions), "Unknown internal error. Error code: -1"); >+ return promiseRejects(t, "UnknownError", navigator.credentials.create(defaultOptions), "Unknown internal error. Error code: 18"); > }, "CTAP HID with request::msg stage wrong channel id error in a mock hid authenticator."); > </script> >diff --git a/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https-expected.txt b/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https-expected.txt >index c7087575d17906f71084a8eee74c4c823a349cc5..f32671e9d466baee9e217dd7cb05817f014d59ba 100644 >--- a/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https-expected.txt >+++ b/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https-expected.txt >@@ -3,4 +3,5 @@ PASS PublicKeyCredential's [[create]] with malicious payload in a mock hid authe > PASS PublicKeyCredential's [[create]] with unsupported options in a mock hid authenticator. > PASS PublicKeyCredential's [[create]] with unsupported options in a mock hid authenticator. 2 > PASS PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator. >+PASS PublicKeyCredential's [[create]] with InvalidStateError in a mock hid authenticator. > >diff --git a/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html b/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html >index 66004a32153e6544cb0886ff84a6f91edd646565..66b5da4f3992cecf6178b7f6b63bf67e78d85236 100644 >--- a/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html >+++ b/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html >@@ -94,4 +94,25 @@ > testRunner.setWebAuthenticationMockConfiguration({ silentFailure: true, hid: { stage: "request", subStage: "msg", error: "unsupported-options" } }); > return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out."); > }, "PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator."); >+ >+ promise_test(function(t) { >+ const options = { >+ publicKey: { >+ rp: { >+ name: "example.com" >+ }, >+ user: { >+ name: "John Appleseed", >+ id: asciiToUint8Array("123456"), >+ displayName: "John", >+ }, >+ challenge: asciiToUint8Array("123456"), >+ pubKeyCredParams: [{ type: "public-key", alg: -7 }] >+ } >+ }; >+ >+ if (window.testRunner) >+ testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "malicious-payload", payloadBase64: [testCtapErrCredentialExcludedOnlyResponseBase64] } }); >+ return promiseRejects(t, "InvalidStateError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the authenticator."); >+ }, "PublicKeyCredential's [[create]] with InvalidStateError in a mock hid authenticator."); > </script> >diff --git a/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt b/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt >index e5fc45c665d2c1a828de0436adf59956e802c93c..721db3b77b2d947d3d8c0679112b54d5a5526bcc 100644 >--- a/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt >+++ b/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt >@@ -5,4 +5,5 @@ PASS PublicKeyCredential's [[create]] with unsupported options in a mock hid aut > PASS PublicKeyCredential's [[create]] with unsupported options in a mock hid authenticator. 2 > PASS PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator. > PASS PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator. 2 >+PASS PublicKeyCredential's [[create]] with InvalidStateError in a mock hid authenticator. > >diff --git a/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html b/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html >index f163a396f2add938928bffd3761ef57f4afcdd39..2f837c66326b87ff7a9287ab1702dad340066df0 100644 >--- a/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html >+++ b/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html >@@ -47,7 +47,7 @@ > > if (window.testRunner) > testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "malicious-payload", payloadBase64: [testDummyMessagePayloadBase64] } }); >- return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error. Error code: -1"); >+ return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error. Error code: 255"); > }, "PublicKeyCredential's [[create]] with malicious payload in a mock hid authenticator."); > > promise_test(function(t) { >@@ -138,4 +138,25 @@ > testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "unsupported-options" } }); > return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error. Error code: 43"); > }, "PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator. 2"); >+ >+ promise_test(function(t) { >+ const options = { >+ publicKey: { >+ rp: { >+ name: "example.com" >+ }, >+ user: { >+ name: "John Appleseed", >+ id: asciiToUint8Array("123456"), >+ displayName: "John", >+ }, >+ challenge: asciiToUint8Array("123456"), >+ pubKeyCredParams: [{ type: "public-key", alg: -7 }] >+ } >+ }; >+ >+ if (window.testRunner) >+ testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "malicious-payload", payloadBase64: [testCtapErrCredentialExcludedOnlyResponseBase64] } }); >+ return promiseRejects(t, "InvalidStateError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the authenticator."); >+ }, "PublicKeyCredential's [[create]] with InvalidStateError in a mock hid authenticator."); > </script> >diff --git a/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https.html b/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https.html >index 5417998bc718714a98d30a5487225f10bcb26f60..641c0ef7ca063631e1f8dbb1e0ce52a81f8595c7 100644 >--- a/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https.html >+++ b/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https.html >@@ -113,7 +113,7 @@ > > if (window.testRunner) > testRunner.setWebAuthenticationMockConfiguration({ silentFailure: true, hid: { stage: "request", subStage: "msg", error: "malicious-payload", isU2f: true, payloadBase64: [testU2fApduNoErrorOnlyResponseBase64, testU2fApduNoErrorOnlyResponseBase64] } }); >- return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out."); >+ return promiseRejects(t, "InvalidStateError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the authenticator."); > }, "PublicKeyCredential's [[create]] with first exclude credential matched in a mock hid authenticator."); > > // Match the second exclude credential. >@@ -137,7 +137,7 @@ > > if (window.testRunner) > testRunner.setWebAuthenticationMockConfiguration({ silentFailure: true, hid: { stage: "request", subStage: "msg", error: "malicious-payload", isU2f: true, payloadBase64: [testU2fApduWrongDataOnlyResponseBase64, testU2fApduNoErrorOnlyResponseBase64, testU2fApduNoErrorOnlyResponseBase64] } }); >- return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out."); >+ return promiseRejects(t, "InvalidStateError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the authenticator."); > }, "PublicKeyCredential's [[create]] with second exclude credential matched in a mock hid authenticator."); > > promise_test(function(t) { >diff --git a/LayoutTests/http/wpt/webauthn/resources/util.js b/LayoutTests/http/wpt/webauthn/resources/util.js >index f60986b47227eced31a18f22c0c91f94ac4fa1bd..f9a3204118001e599c2f8e72d0c7ff88592ac7cd 100644 >--- a/LayoutTests/http/wpt/webauthn/resources/util.js >+++ b/LayoutTests/http/wpt/webauthn/resources/util.js >@@ -97,6 +97,7 @@ const testU2fCredentialIdBase64 = > const testU2fSignResponse = > "AQAAADswRAIge94KUqwfTIsn4AOjcM1mpMcRjdItVEeDX0W5nGhCP/cCIDxRe0eH" + > "f4V4LeEAhqeD0effTjY553H19q+jWq1Tc4WOkAA="; >+const testCtapErrCredentialExcludedOnlyResponseBase64 = "GQ=="; > > const RESOURCES_DIR = "/WebKit/webauthn/resources/"; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=369585">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193269
: 369585