Changeset 245262 in webkit


Ignore:
Timestamp:
May 13, 2019 4:09:39 PM (5 years ago)
Author:
jiewen_tan@apple.com
Message:

[WebAuthN] InvalidStateError should be reported to sites
https://bugs.webkit.org/show_bug.cgi?id=193269
<rdar://problem/48298264>

Reviewed by Brent Fulgham.

Source/WebKit:

This patch implements step 20 about InvalidStateError of the spec:
https://www.w3.org/TR/webauthn/#createCredential.

  • UIProcess/WebAuthentication/AuthenticatorManager.cpp:

(WebKit::AuthenticatorManager::respondReceived):

  • UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp:

(WebKit::CtapHidAuthenticator::continueMakeCredentialAfterResponseReceived const):

LayoutTests:

  • http/wpt/webauthn/ctap-hid-failure.https.html:
  • http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https-expected.txt:
  • http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html:
  • http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt:
  • http/wpt/webauthn/public-key-credential-create-failure-hid.https.html:
  • http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https.html:
  • http/wpt/webauthn/resources/util.js:
Location:
trunk
Files:
11 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r245257 r245262  
     12019-05-13  Jiewen Tan  <jiewen_tan@apple.com>
     2
     3        [WebAuthN] InvalidStateError should be reported to sites
     4        https://bugs.webkit.org/show_bug.cgi?id=193269
     5        <rdar://problem/48298264>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        * http/wpt/webauthn/ctap-hid-failure.https.html:
     10        * http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https-expected.txt:
     11        * http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html:
     12        * http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt:
     13        * http/wpt/webauthn/public-key-credential-create-failure-hid.https.html:
     14        * http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https.html:
     15        * http/wpt/webauthn/resources/util.js:
     16
    1172019-05-13  Devin Rousso  <drousso@apple.com>
    218

  • trunk/LayoutTests/http/wpt/webauthn/ctap-hid-failure.https.html

    r239752 r245262  
    6666        if (window.testRunner)
    6767            testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "wrong-channel-id", payloadBase64:[testDummyMessagePayloadBase64] } });
    68         return promiseRejects(t, "UnknownError", navigator.credentials.create(defaultOptions), "Unknown internal error. Error code: -1");
     68        return promiseRejects(t, "UnknownError", navigator.credentials.create(defaultOptions), "Unknown internal error. Error code: 18");
    6969    }, "CTAP HID with request::msg stage wrong channel id error in a mock hid authenticator.");
    7070</script>

  • trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https-expected.txt

    r238166 r245262  
    44PASS PublicKeyCredential's [[create]] with unsupported options in a mock hid authenticator. 2
    55PASS PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator.
     6PASS PublicKeyCredential's [[create]] with InvalidStateError in a mock hid authenticator.
    67

  • trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid-silent.https.html

    r239752 r245262  
    9595        return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.");
    9696    }, "PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator.");
     97
     98   promise_test(function(t) {
     99       const options = {
     100           publicKey: {
     101               rp: {
     102                   name: "example.com"
     103               },
     104               user: {
     105                   name: "John Appleseed",
     106                   id: asciiToUint8Array("123456"),
     107                   displayName: "John",
     108               },
     109               challenge: asciiToUint8Array("123456"),
     110               pubKeyCredParams: [{ type: "public-key", alg: -7 }]
     111           }
     112       };
     113
     114       if (window.testRunner)
     115           testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "malicious-payload", payloadBase64: [testCtapErrCredentialExcludedOnlyResponseBase64] } });
     116       return promiseRejects(t, "InvalidStateError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the authenticator.");
     117   }, "PublicKeyCredential's [[create]] with InvalidStateError in a mock hid authenticator.");
    97118</script>

  • trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt

    r238166 r245262  
    66PASS PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator.
    77PASS PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator. 2
     8PASS PublicKeyCredential's [[create]] with InvalidStateError in a mock hid authenticator.
    89

  • trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html

    r239752 r245262  
    4848        if (window.testRunner)
    4949            testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "malicious-payload", payloadBase64: [testDummyMessagePayloadBase64] } });
    50         return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error. Error code: -1");
     50        return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error. Error code: 255");
    5151    }, "PublicKeyCredential's [[create]] with malicious payload in a mock hid authenticator.");
    5252
     
    139139        return promiseRejects(t, "UnknownError", navigator.credentials.create(options), "Unknown internal error. Error code: 43");
    140140    }, "PublicKeyCredential's [[create]] with mixed options in a mock hid authenticator. 2");
     141
     142    promise_test(function(t) {
     143        const options = {
     144            publicKey: {
     145                rp: {
     146                    name: "example.com"
     147                },
     148                user: {
     149                    name: "John Appleseed",
     150                    id: asciiToUint8Array("123456"),
     151                    displayName: "John",
     152                },
     153                challenge: asciiToUint8Array("123456"),
     154                pubKeyCredParams: [{ type: "public-key", alg: -7 }]
     155            }
     156        };
     157
     158        if (window.testRunner)
     159            testRunner.setWebAuthenticationMockConfiguration({ hid: { stage: "request", subStage: "msg", error: "malicious-payload", payloadBase64: [testCtapErrCredentialExcludedOnlyResponseBase64] } });
     160        return promiseRejects(t, "InvalidStateError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the authenticator.");
     161    }, "PublicKeyCredential's [[create]] with InvalidStateError in a mock hid authenticator.");
    141162</script>

  • trunk/LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-u2f-silent.https.html

    r239752 r245262  
    114114        if (window.testRunner)
    115115            testRunner.setWebAuthenticationMockConfiguration({ silentFailure: true, hid: { stage: "request", subStage: "msg", error: "malicious-payload", isU2f: true, payloadBase64: [testU2fApduNoErrorOnlyResponseBase64, testU2fApduNoErrorOnlyResponseBase64] } });
    116         return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.");
     116        return promiseRejects(t, "InvalidStateError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the authenticator.");
    117117    }, "PublicKeyCredential's [[create]] with first exclude credential matched in a mock hid authenticator.");
    118118
     
    138138        if (window.testRunner)
    139139            testRunner.setWebAuthenticationMockConfiguration({ silentFailure: true, hid: { stage: "request", subStage: "msg", error: "malicious-payload", isU2f: true, payloadBase64: [testU2fApduWrongDataOnlyResponseBase64, testU2fApduNoErrorOnlyResponseBase64, testU2fApduNoErrorOnlyResponseBase64] } });
    140         return promiseRejects(t, "NotAllowedError", navigator.credentials.create(options), "Operation timed out.");
     140        return promiseRejects(t, "InvalidStateError", navigator.credentials.create(options), "At least one credential matches an entry of the excludeCredentials list in the authenticator.");
    141141    }, "PublicKeyCredential's [[create]] with second exclude credential matched in a mock hid authenticator.");
    142142

  • trunk/LayoutTests/http/wpt/webauthn/resources/util.js

    r239752 r245262  
    9898    "AQAAADswRAIge94KUqwfTIsn4AOjcM1mpMcRjdItVEeDX0W5nGhCP/cCIDxRe0eH" +
    9999    "f4V4LeEAhqeD0effTjY553H19q+jWq1Tc4WOkAA=";
     100const testCtapErrCredentialExcludedOnlyResponseBase64 = "GQ==";
    100101
    101102const RESOURCES_DIR = "/WebKit/webauthn/resources/";

  • trunk/Source/WebKit/ChangeLog

    r245255 r245262  
     12019-05-13  Jiewen Tan  <jiewen_tan@apple.com>
     2
     3        [WebAuthN] InvalidStateError should be reported to sites
     4        https://bugs.webkit.org/show_bug.cgi?id=193269
     5        <rdar://problem/48298264>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        This patch implements step 20 about InvalidStateError of the spec:
     10        https://www.w3.org/TR/webauthn/#createCredential.
     11
     12        * UIProcess/WebAuthentication/AuthenticatorManager.cpp:
     13        (WebKit::AuthenticatorManager::respondReceived):
     14        * UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp:
     15        (WebKit::CtapHidAuthenticator::continueMakeCredentialAfterResponseReceived const):
     16
    1172019-05-13  Jer Noble  <jer.noble@apple.com>
    218

  • trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp

    r245043 r245262  
    195195    if (!m_requestTimeOutTimer.isActive())
    196196        return;
    197 
    198197    ASSERT(m_pendingCompletionHandler);
    199     if (WTF::holds_alternative<PublicKeyCredentialData>(respond)) {
     198
     199    auto shouldComplete = WTF::holds_alternative<PublicKeyCredentialData>(respond);
     200    if (!shouldComplete)
     201        shouldComplete = WTF::get<ExceptionData>(respond).code == InvalidStateError;
     202    if (shouldComplete) {
    200203        m_pendingCompletionHandler(WTFMove(respond));
    201204        clearStateAsync();

  • trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidAuthenticator.cpp

    r239852 r245262  
    6363    auto response = readCTAPMakeCredentialResponse(data);
    6464    if (!response) {
    65         receiveRespond(ExceptionData { UnknownError, makeString("Unknown internal error. Error code: ", data.size() == 1 ? data[0] : -1) });
     65        auto error = getResponseCode(data);
     66        if (error == CtapDeviceResponseCode::kCtap2ErrCredentialExcluded)
     67            receiveRespond(ExceptionData { InvalidStateError, "At least one credential matches an entry of the excludeCredentials list in the authenticator."_s });
     68        else
     69            receiveRespond(ExceptionData { UnknownError, makeString("Unknown internal error. Error code: ", static_cast<uint8_t>(error)) });
    6670        return;
    6771    }
Note: See TracChangeset for help on using the changeset viewer.