Changeset 251979 in webkit


Ignore:
Timestamp:
Nov 3, 2019 11:33:28 PM (4 years ago)
Author:
jiewen_tan@apple.com
Message:

[WebAuthn] CtapAuthenticator::tryDowngrade should distinguish requestData().options
https://bugs.webkit.org/show_bug.cgi?id=203771
<rdar://problem/56832618>

Reviewed by Brent Fulgham.

CtapAuthenticator::tryDowngrade assumes the request is a getAssertion request. This is true
for most cases but not for Google's registration. For Google's registration, a quirk is
implemented to use U2F commands for registration if GoogleLegacyAppIdSupportExtension asks
us to do so.

No tests given there is no way to simulate google.com in our test infrastructures.

  • UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:

(WebKit::CtapAuthenticator::tryDowngrade):

Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r251976 r251979  
     12019-11-03  Jiewen Tan  <jiewen_tan@apple.com>
     2
     3        [WebAuthn] CtapAuthenticator::tryDowngrade should distinguish requestData().options
     4        https://bugs.webkit.org/show_bug.cgi?id=203771
     5        <rdar://problem/56832618>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        CtapAuthenticator::tryDowngrade assumes the request is a getAssertion request. This is true
     10        for most cases but not for Google's registration. For Google's registration, a quirk is
     11        implemented to use U2F commands for registration if GoogleLegacyAppIdSupportExtension asks
     12        us to do so.
     13
     14        No tests given there is no way to simulate google.com in our test infrastructures.
     15
     16        * UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
     17        (WebKit::CtapAuthenticator::tryDowngrade):
     18
    1192019-11-03  Tim Horton  <timothy_horton@apple.com>
    220
  • trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp

    r251317 r251979  
    108108    if (m_info.versions().find(ProtocolVersion::kU2f) == m_info.versions().end())
    109109        return false;
    110     if (!isConvertibleToU2fSignCommand(WTF::get<PublicKeyCredentialRequestOptions>(requestData().options)))
     110    if (!observer())
    111111        return false;
    112     if (!observer())
     112
     113    bool isConvertible = false;
     114    WTF::switchOn(requestData().options, [&](const PublicKeyCredentialCreationOptions& options) {
     115        isConvertible = isConvertibleToU2fRegisterCommand(options);
     116    }, [&](const PublicKeyCredentialRequestOptions& options) {
     117        isConvertible = isConvertibleToU2fSignCommand(options);
     118    });
     119    if (!isConvertible)
    113120        return false;
    114121
Note: See TracChangeset for help on using the changeset viewer.