Changeset 244938 in webkit
- Timestamp:
- May 3, 2019 4:41:36 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 7 edited
- 1 copied
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r244935 r244938 1 2019-05-03 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthN] A focused document should be required 4 https://bugs.webkit.org/show_bug.cgi?id=197543 5 <rdar://problem/50430989> 6 7 Reviewed by Brent Fulgham. 8 9 * http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html: 10 * http/wpt/webauthn/public-key-credential-unfocused-document.https-expected.txt: Added. 11 * http/wpt/webauthn/public-key-credential-unfocused-document.https.html: Copied from LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html. 12 * http/wpt/webauthn/resources/last-layer-frame.https.html: 13 * http/wpt/webauthn/resources/second-layer-frame.https.html: 14 1 15 2019-05-03 Youenn Fablet <youenn@apple.com> 2 16 -
trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html
r236625 r244938 13 13 <script> 14 14 promise_test(t => { 15 return withCrossOriginIframe("last-layer-frame.https.html ").then((message) => {15 return withCrossOriginIframe("last-layer-frame.https.html?shouldFocus=true&exceptionMessage=The origin of the document is not the same as its ancestors.").then((message) => { 16 16 assert_equals(message.data, "PASS."); 17 17 }); -
trunk/LayoutTests/http/wpt/webauthn/public-key-credential-unfocused-document.https.html
r244937 r244938 3 3 <head> 4 4 <meta charset="utf-8"> 5 <title>Web Authentication API: Tests that a frame that doesn't share the same origin with all its ancestors could not access the API.</title>5 <title>Web Authentication API: Tests that a frame that doesn't have the focus could not access the API.</title> 6 6 <script src="/resources/testharness.js"></script> 7 7 <script src="/resources/testharnessreport.js"></script> … … 11 11 </head> 12 12 <body> 13 <iframe src=""></iframe> 13 14 <script> 14 15 promise_test(t => { 15 return withCrossOriginIframe("last-layer-frame.https.html ").then((message) => {16 return withCrossOriginIframe("last-layer-frame.https.html?shouldFocus=false&exceptionMessage=The document is not focused.").then((message) => { 16 17 assert_equals(message.data, "PASS."); 17 18 }); 18 }, "Tests that a frame that doesn't share the same origin with all its ancestors could not access the API."); 19 20 promise_test(t => { 21 return withCrossOriginIframe("second-layer-frame.https.html").then((message) => { 22 assert_equals(message.data, "PASS."); 23 }); 24 }, "Tests that a frame that doesn't share the same origin with all its ancestors could not access the API. 2"); 19 }, "Tests that a frame that doesn't have the focus could not access the API."); 25 20 </script> 26 21 </body> -
trunk/LayoutTests/http/wpt/webauthn/resources/last-layer-frame.https.html
r236625 r244938 1 <script src="./util.js"></script> 2 <script> 3 function messageToTop(message) { 4 top.postMessage(message, "*"); 5 } 1 <!DOCTYPE html> 2 <html> 3 <head> 4 <script src="./util.js"></script> 5 </head> 6 <body> 7 <input type="text" id="input"> 8 <script> 9 const url = new URL(window.location.href); 10 const shouldFocus = url.searchParams.get("shouldFocus"); 11 const exceptionMessage = url.searchParams.get("exceptionMessage"); 6 12 7 const makeOptions = { 8 publicKey: { 9 rp: { 10 name: "example.com" 11 }, 12 user: { 13 name: "John Appleseed", 14 id: asciiToUint8Array("123456"), 15 displayName: "Appleseed", 16 }, 17 challenge: asciiToUint8Array("123456"), 18 pubKeyCredParams: [{ type: "public-key", alg: -7 }] 19 } 20 }; 21 const requestOptions = { 22 publicKey: { 23 challenge: asciiToUint8Array("123456"), 24 } 25 }; 13 function messageToTop(message) { 14 top.postMessage(message, "*"); 15 } 26 16 17 const makeOptions = { 18 publicKey: { 19 rp: { 20 name: "example.com" 21 }, 22 user: { 23 name: "John Appleseed", 24 id: asciiToUint8Array("123456"), 25 displayName: "Appleseed", 26 }, 27 challenge: asciiToUint8Array("123456"), 28 pubKeyCredParams: [{ type: "public-key", alg: -7 }] 29 } 30 }; 31 const requestOptions = { 32 publicKey: { 33 challenge: asciiToUint8Array("123456"), 34 } 35 }; 27 36 28 navigator.credentials.create(makeOptions).then( 29 function(value) { 30 messageToTop("Access granted. " + value); 31 }, 32 function(exception) { 33 if (exception.name == "NotAllowedError" && exception.message == "The origin of the document is not the same as its ancestors.") 34 return navigator.credentials.get(requestOptions); 35 else 36 messageToTop("Throw " + exception.name + "."); 37 } 38 ).then(function(value) { 39 messageToTop("Access granted. " + value); 40 }, 41 function(exception) { 42 if (exception.name == "NotAllowedError" && exception.message == "The origin of the document is not the same as its ancestors.") 43 messageToTop("PASS."); 44 else 45 messageToTop("Throw " + exception.name + "."); 46 } 47 ); 48 </script> 37 if (shouldFocus == "true") 38 input.focus(); 39 navigator.credentials.create(makeOptions).then( 40 function(value) { 41 messageToTop("Access granted. " + value); 42 }, 43 function(exception) { 44 if (exception.name == "NotAllowedError" && exception.message == exceptionMessage) 45 return navigator.credentials.get(requestOptions); 46 else 47 messageToTop("Throw " + exception.name + "."); 48 } 49 ).then(function(value) { 50 messageToTop("Access granted. " + value); 51 }, 52 function(exception) { 53 if (exception.name == "NotAllowedError" && exception.message == exceptionMessage) 54 messageToTop("PASS."); 55 else 56 messageToTop("Throw " + exception.name + "."); 57 } 58 ); 59 </script> 60 </body> 61 </html> -
trunk/LayoutTests/http/wpt/webauthn/resources/second-layer-frame.https.html
r236625 r244938 4 4 </head> 5 5 <body> 6 <iframe src="last-layer-frame.https.html "></iframe>6 <iframe src="last-layer-frame.https.html?shouldFocus=true&exceptionMessage=The origin of the document is not the same as its ancestors."></iframe> 7 7 </body> 8 8 </html> -
trunk/Source/WebCore/ChangeLog
r244933 r244938 1 2019-05-02 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthN] A focused document should be required 4 https://bugs.webkit.org/show_bug.cgi?id=197543 5 <rdar://problem/50430989> 6 7 Reviewed by Brent Fulgham. 8 9 This patch adds a check to see if the invoking document is focused before 10 calling into WebAuthN. This patch also removes some out-to-dated comments. 11 12 Test: http/wpt/webauthn/public-key-credential-unfocused-document.https.html 13 14 * Modules/credentialmanagement/CredentialsContainer.cpp: 15 (WebCore::CredentialsContainer::get): 16 (WebCore::CredentialsContainer::isCreate): 17 * Modules/webauthn/AuthenticatorCoordinator.cpp: 18 (WebCore::AuthenticatorCoordinator::create const): 19 (WebCore::AuthenticatorCoordinator::discoverFromExternalSource const): 20 1 21 2019-05-03 Devin Rousso <drousso@apple.com> 2 22 -
trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp
r242804 r244938 84 84 } 85 85 86 // Extra. 87 if (!m_document->hasFocus()) { 88 promise.reject(Exception { NotAllowedError, "The document is not focused."_s }); 89 return; 90 } 91 86 92 m_document->page()->authenticatorCoordinator().discoverFromExternalSource(m_document->securityOrigin(), options.publicKey.value(), doesHaveSameOriginAsItsAncestors(), WTFMove(options.signal), WTFMove(promise)); 87 93 } … … 113 119 } 114 120 121 // Extra. 122 if (!m_document->hasFocus()) { 123 promise.reject(Exception { NotAllowedError, "The document is not focused."_s }); 124 return; 125 } 126 115 127 m_document->page()->authenticatorCoordinator().create(m_document->securityOrigin(), options.publicKey.value(), doesHaveSameOriginAsItsAncestors(), WTFMove(options.signal), WTFMove(promise)); 116 128 } -
trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
r244879 r244938 167 167 168 168 // Step 4, 17-21. 169 // Only platform attachments will be supported at this stage. Assuming one authenticator per device. 170 // Also, resident keys, user verifications and direct attestation are enforced at this tage. 171 // For better performance, transports of options.excludeCredentials are checked in LocalAuthenticator. 172 if (!m_client) { 169 if (!m_client) { 173 170 promise.reject(Exception { UnknownError, "Unknown internal error."_s }); 174 171 return; … … 238 235 239 236 // Step 4, 14-19. 240 // Only platform attachments will be supported at this stage. Assuming one authenticator per device. 241 // Also, resident keys, user verifications and direct attestation are enforced at this tage. 242 // For better performance, filtering of options.allowCredentials is done in LocalAuthenticator. 243 if (!m_client) { 237 if (!m_client) { 244 238 promise.reject(Exception { UnknownError, "Unknown internal error."_s }); 245 239 return;
Note: See TracChangeset
for help on using the changeset viewer.