Changeset 287957 in webkit

Timestamp:

Jan 12, 2022 3:45:51 PM (6 months ago)

Author:

J Pascoe

Message:

[WebAuthn] Fix freebie call without user gesture not being given
​https://bugs.webkit.org/show_bug.cgi?id=235078
rdar://87327557

Reviewed by Brent Fulgham.

Source/WebKit:

This logic was previously always requiring a user gesture. The desired
behavior of giving pages a single "freebie" webauthn call without gesture
was lost in a refactor.

Tested manually on iOS device with webauthn.me.

• WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp:

(WebKit::WebAuthenticatorCoordinator::processingUserGesture):

Tools:

Updated API test to reflect user gesture freebie.

• TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html:

Location:

trunk

Files:

• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html (modified) (1 diff)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2022-01-12  J Pascoe  <j_pascoe@apple.com>
+
+        [WebAuthn] Fix freebie call without user gesture not being given
+        https://bugs.webkit.org/show_bug.cgi?id=235078
+        rdar://87327557
+
+        Reviewed by Brent Fulgham.
+
+        This logic was previously always requiring a user gesture. The desired
+        behavior of giving pages a single "freebie" webauthn call without gesture
+        was lost in a refactor.
+
+        Tested manually on iOS device with webauthn.me.
+
+        * WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp:
+        (WebKit::WebAuthenticatorCoordinator::processingUserGesture):
+
 2022-01-12  Brandon Stewart  <brandonstewart@apple.com>
 

trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp

@@ -127 +127 @@
 {
     auto processingUserGesture = UserGestureIndicator::processingUserGestureForMedia();
-    if (!processingUserGesture && m_requireUserGesture)
+    bool processingUserGestureOrFreebie = processingUserGesture || !m_requireUserGesture;
+    if (!processingUserGestureOrFreebie)
         m_webPage.addConsoleMessage(frameID, MessageSource::Other, MessageLevel::Warning, "User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events."_s);
+
     if (processingUserGesture && m_requireUserGesture)
         m_requireUserGesture = false;
-    else
+    else if (!processingUserGesture)
         m_requireUserGesture = true;
-    return processingUserGesture || !m_requireUserGesture;
+    return processingUserGestureOrFreebie;
 }
 

trunk/Tools/ChangeLog

@@ +1 @@
+2022-01-12  J Pascoe  <j_pascoe@apple.com>
+
+        [WebAuthn] Fix freebie call without user gesture not being given
+        https://bugs.webkit.org/show_bug.cgi?id=235078
+        rdar://87327557
+
+        Reviewed by Brent Fulgham.
+
+        Updated API test to reflect user gesture freebie.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html:
+
 2022-01-12  Elliott Williams  <emw@apple.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html

@@ -21 +21 @@
 
     navigator.credentials.create(options).then(credential => {
-        // console.log("Succeeded!");
         window.webkit.messageHandlers.testHandler.postMessage("Succeeded!");
     }, error => {
-        // console.log(error.message);
+        // The first call will consume the freebie, the second will give the no user gesture error.
+        navigator.credentials.create(options).then(credential => {
+            window.webkit.messageHandlers.testHandler.postMessage("Succeeded!");
+        }, error => {
+            window.webkit.messageHandlers.testHandler.postMessage(error.message);
+        });
         window.webkit.messageHandlers.testHandler.postMessage(error.message);
     });