Changeset 244863 in webkit
- Timestamp:
- May 1, 2019 7:20:51 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r244858 r244863 1 2019-05-01 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthN] Adopt SecurityOrigin::isMatchingRegistrableDomainSuffix() 4 https://bugs.webkit.org/show_bug.cgi?id=197481 5 6 Reviewed by Brent Fulgham. 7 8 * http/wpt/webauthn/public-key-credential-create-failure.https.html: 9 * http/wpt/webauthn/public-key-credential-get-failure.https.html: 10 * http/wpt/webauthn/public-key-credential-ip-address-expected.txt: Added. 11 * http/wpt/webauthn/public-key-credential-ip-address.html: Added. 12 * http/wpt/webauthn/resources/public-key-credential-ip-address.https.html: Added. 13 1 14 2019-05-01 Devin Rousso <drousso@apple.com> 2 15 -
trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure.https.html
r236842 r244863 48 48 49 49 return promiseRejects(t, "SecurityError", 50 navigator.credentials.create(options), "The origin of the document is not a registrable domain suffix of the provided RP ID.");50 navigator.credentials.create(options), "The provided RP ID is not a registrable domain suffix of the effective domain of the document."); 51 51 }, "PublicKeyCredential's [[create]] with a mismatched RP ID"); 52 52 -
trunk/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure.https.html
r243193 r244863 30 30 31 31 return promiseRejects(t, "SecurityError", 32 navigator.credentials.get(options), "The origin of the document is not a registrable domain suffix of the provided RP ID.");32 navigator.credentials.get(options), "The provided RP ID is not a registrable domain suffix of the effective domain of the document."); 33 33 }, "PublicKeyCredential's [[get]] with a mismatched RP ID"); 34 34 -
trunk/Source/WebCore/ChangeLog
r244860 r244863 1 2019-05-01 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthN] Adopt SecurityOrigin::isMatchingRegistrableDomainSuffix() 4 https://bugs.webkit.org/show_bug.cgi?id=197481 5 6 Reviewed by Brent Fulgham. 7 8 This patch implements Step 6-7 from: 9 https://www.w3.org/TR/webauthn/#createCredential, 10 https://www.w3.org/TR/webauthn/#discover-from-external-source. 11 12 Test: http/wpt/webauthn/public-key-credential-ip-address.html 13 14 * Modules/webauthn/AuthenticatorCoordinator.cpp: 15 (WebCore::AuthenticatorCoordinator::create const): 16 (WebCore::AuthenticatorCoordinator::discoverFromExternalSource const): 17 1 18 2019-05-01 Youenn Fablet <youenn@apple.com> 2 19 -
trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
r243193 r244863 127 127 } 128 128 129 // Step 5-7. 130 // FIXME(181950): We lack fundamental support from SecurityOrigin to determine if a host is a valid domain or not. 131 // Step 6 is therefore skipped. Also, we lack the support to determine whether a domain is a registrable 132 // domain suffix of another domain. Hence restrict the comparison to equal in Step 7. 133 if (!options.rp.id.isEmpty() && callerOrigin.host() != options.rp.id) { 134 promise.reject(Exception { SecurityError, "The origin of the document is not a registrable domain suffix of the provided RP ID."_s }); 129 // Step 5. Skipped since SecurityOrigin doesn't have the concept of "opaque origin". 130 // Step 6. The effective domain may be represented in various manners, such as a domain or an ip address. 131 // Only the domain format of host is permitted in WebAuthN. 132 if (URL::hostIsIPAddress(callerOrigin.domain())) { 133 promise.reject(Exception { SecurityError, "The effective domain of the document is not a valid domain."_s }); 134 return; 135 } 136 137 // Step 7. 138 if (!options.rp.id.isEmpty() && !callerOrigin.isMatchingRegistrableDomainSuffix(options.rp.id)) { 139 promise.reject(Exception { SecurityError, "The provided RP ID is not a registrable domain suffix of the effective domain of the document."_s }); 135 140 return; 136 141 } 137 142 if (options.rp.id.isEmpty()) 138 options.rp.id = callerOrigin. host();143 options.rp.id = callerOrigin.domain(); 139 144 140 145 // Step 8-10. … … 189 194 } 190 195 191 // Step 5-7. 192 // FIXME(181950): We lack fundamental support from SecurityOrigin to determine if a host is a valid domain or not. 193 // Step 6 is therefore skipped. Also, we lack the support to determine whether a domain is a registrable 194 // domain suffix of another domain. Hence restrict the comparison to equal in Step 7. 195 if (!options.rpId.isEmpty() && callerOrigin.host() != options.rpId) { 196 promise.reject(Exception { SecurityError, "The origin of the document is not a registrable domain suffix of the provided RP ID."_s }); 196 // Step 5. Skipped since SecurityOrigin doesn't have the concept of "opaque origin". 197 // Step 6. The effective domain may be represented in various manners, such as a domain or an ip address. 198 // Only the domain format of host is permitted in WebAuthN. 199 if (URL::hostIsIPAddress(callerOrigin.domain())) { 200 promise.reject(Exception { SecurityError, "The effective domain of the document is not a valid domain."_s }); 201 return; 202 } 203 204 // Step 7. 205 if (!options.rpId.isEmpty() && !callerOrigin.isMatchingRegistrableDomainSuffix(options.rpId)) { 206 promise.reject(Exception { SecurityError, "The provided RP ID is not a registrable domain suffix of the effective domain of the document."_s }); 197 207 return; 198 208 } 199 209 if (options.rpId.isEmpty()) 200 options.rpId = callerOrigin. host();210 options.rpId = callerOrigin.domain(); 201 211 202 212 // Step 8-9.
Note: See TracChangeset
for help on using the changeset viewer.