Changeset 258961 in webkit

Timestamp:

Mar 24, 2020 5:03:19 PM (4 years ago)

Author:

jiewen_tan@apple.com

Message:

[WebAuthn] Customize a bit more on the macOS LocalAuthentication prompt
​https://bugs.webkit.org/show_bug.cgi?id=208703
<rdar://problem/60136974>

Reviewed by Brent Fulgham.

Part 2.

This patch adds a different LocalAuthentication prompt title for getAssertion.
It also polishes the text used for makeCredential.

Besides that, it also enhances the iOS title strings.

Source/WebCore:

• en.lproj/Localizable.strings:
• platform/LocalizedStrings.cpp:

(WebCore::getAssertionTouchIDPromptTitle):

• platform/LocalizedStrings.h:

Source/WebKit:

• UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:

(WebKit::LocalAuthenticator::continueMakeCredentialAfterDecidePolicy):
(WebKit::LocalAuthenticator::continueGetAssertionAfterResponseSelected):

• UIProcess/WebAuthentication/Cocoa/LocalConnection.h:
• UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:

(WebKit::LocalConnection::verifyUser const):

• UIProcess/WebAuthentication/Mock/MockLocalConnection.h:
• UIProcess/WebAuthentication/Mock/MockLocalConnection.mm:

(WebKit::MockLocalConnection::verifyUser const):

Location:

trunk/Source

Files:

• WebCore/ChangeLog (modified) (1 diff)
• WebCore/en.lproj/Localizable.strings (modified) (4 diffs)
• WebCore/platform/LocalizedStrings.cpp (modified) (1 diff)
• WebCore/platform/LocalizedStrings.h (modified) (1 diff)
• WebKit/ChangeLog (modified) (1 diff)
• WebKit/Sources.txt (modified) (1 diff)
• WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp (modified) (1 diff)
• WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (modified) (2 diffs)
• WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.h (modified) (2 diffs)
• WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm (modified) (1 diff)
• WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.h (modified) (1 diff)
• WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm (modified) (1 diff)
• WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.cpp (copied) (copied from trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.h) (2 diffs)
• WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h (modified) (2 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2020-03-24  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthn] Customize a bit more on the macOS LocalAuthentication prompt
+        https://bugs.webkit.org/show_bug.cgi?id=208703
+        <rdar://problem/60136974>
+
+        Reviewed by Brent Fulgham.
+
+        Part 2.
+
+        This patch adds a different LocalAuthentication prompt title for getAssertion.
+        It also polishes the text used for makeCredential.
+
+        Besides that, it also enhances the iOS title strings.
+
+        * en.lproj/Localizable.strings:
+        * platform/LocalizedStrings.cpp:
+        (WebCore::getAssertionTouchIDPromptTitle):
+        * platform/LocalizedStrings.h:
+
 2020-03-24  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WebCore/en.lproj/Localizable.strings

@@ +1 @@
+/* Allow the specified bundle to use Touch ID to sign in to the specified website on this device */
+"“%@” would like to use Touch ID for “%@”." = "“%@” would like to use Touch ID for “%@”.";
+
+/* "Allow the specified bundle to sign in to the specified website */
+"“%@” would like to sign in to “%@”." = "“%@” would like to sign in to “%@”.";
+
 /* accessibility help text for media controller time value >= 1 day */
 "%1$d days %2$d hours %3$d minutes %4$d seconds" = "%1$d days %2$d hours %3$d minutes %4$d seconds";
@@ -314 +320 @@
 "Enter Full Screen" = "Enter Full Screen";
 
-/* Use passcode as a fallback to sign into this website */
-"Enter passcode to sign into this website." = "Enter passcode to sign into this website.";
-
 /* menu item */
 "Enter Picture in Picture" = "Enter Picture in Picture";
@@ -866 +869 @@
 "This website may try to trick you into installing software that harms your browsing experience, like changing your settings without your permission or showing you unwanted ads. Once installed, it may be difficult to remove." = "This website may try to trick you into installing software that harms your browsing experience, like changing your settings without your permission or showing you unwanted ads. Once installed, it may be difficult to remove.";
 
+/* This website would like to use Touch ID */
+"This website would like to use Touch ID." = "This website would like to use Touch ID.";
+
 /* Informative text for requesting cross-site cookie and website data access. */
 "This will allow “%@” to track your activity." = "This will allow “%@” to track your activity.";
@@ -884 +890 @@
 "To view this page, you must log in to this area on %@:" = "To view this page, you must log in to this area on %@:";
 
-/* Use Touch ID to sign into this website */
-"Touch ID to sign into this website." = "Touch ID to sign into this website.";
-
-/* Allow using Touch ID to sign into the specified website on this device */
-"Touch ID to allow signing into “%@” with Touch ID." = "Touch ID to allow signing into “%@” with Touch ID.";
+/* Use Touch ID to sign in to this website */
+"Touch ID to sign in to this website." = "Touch ID to sign in to this website.";
 
 /* Transformations context sub-menu item */

trunk/Source/WebCore/platform/LocalizedStrings.cpp

@@ -1209 +1209 @@
 
 #if ENABLE(WEB_AUTHN)
-String genericTouchIDPromptTitle()
-{
-    return WEB_UI_STRING("Touch ID to sign into this website.", "Use Touch ID to sign into this website");
-}
-
-String makeCredentialTouchIDPromptTitle(const String& domain)
-{
-    return formatLocalizedString(WEB_UI_CFSTRING("Touch ID to allow signing into “%@” with Touch ID.", "Allow using Touch ID to sign into the specified website on this device"), domain.createCFString().get());
-}
-
-String biometricFallbackPromptTitle()
-{
-    return WEB_UI_STRING("Enter passcode to sign into this website.", "Use passcode as a fallback to sign into this website");
-}
-#endif
+// On macOS, Touch ID prompt is not guaranteed to show on top of the UI client, and therefore additional
+// information is provided to help users to make decisions.
+#if PLATFORM(MAC)
+String makeCredentialTouchIDPromptTitle(const String& bundleName, const String& domain)
+{
+    return formatLocalizedString(WEB_UI_CFSTRING("“%@” would like to use Touch ID for “%@”.", "Allow the specified bundle to use Touch ID to sign in to the specified website on this device"), bundleName.createCFString().get(), domain.createCFString().get());
+}
+
+String getAssertionTouchIDPromptTitle(const String& bundleName, const String& domain)
+{
+    return formatLocalizedString(WEB_UI_CFSTRING("“%@” would like to sign in to “%@”.", "Allow the specified bundle to sign in to the specified website"), bundleName.createCFString().get(), domain.createCFString().get());
+}
+#else
+String makeCredentialTouchIDPromptTitle(const String&, const String&)
+{
+    return WEB_UI_STRING("This website would like to use Touch ID.", "This website would like to use Touch ID");
+}
+
+String getAssertionTouchIDPromptTitle(const String&, const String&)
+{
+    return WEB_UI_STRING("Touch ID to sign in to this website.", "Use Touch ID to sign in to this website");
+}
+#endif // PLATFORM(MAC)
+#endif // ENABLE(WEB_AUTHN)
 
 } // namespace WebCore

trunk/Source/WebCore/platform/LocalizedStrings.h

@@ -341 +341 @@
 
 #if ENABLE(WEB_AUTHN)
-    WEBCORE_EXPORT String genericTouchIDPromptTitle();
-    WEBCORE_EXPORT String makeCredentialTouchIDPromptTitle(const String& domain);
-    WEBCORE_EXPORT String biometricFallbackPromptTitle();
+    WEBCORE_EXPORT String makeCredentialTouchIDPromptTitle(const String& bundleName, const String& domain);
+    WEBCORE_EXPORT String getAssertionTouchIDPromptTitle(const String& bundleName, const String& domain);
 #endif
 

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2020-03-24  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthn] Customize a bit more on the macOS LocalAuthentication prompt
+        https://bugs.webkit.org/show_bug.cgi?id=208703
+        <rdar://problem/60136974>
+
+        Reviewed by Brent Fulgham.
+
+        Part 2.
+
+        This patch adds a different LocalAuthentication prompt title for getAssertion.
+        It also polishes the text used for makeCredential.
+
+        Besides that, it also enhances the iOS title strings.
+
+        * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
+        (WebKit::LocalAuthenticator::continueMakeCredentialAfterDecidePolicy):
+        (WebKit::LocalAuthenticator::continueGetAssertionAfterResponseSelected):
+        * UIProcess/WebAuthentication/Cocoa/LocalConnection.h:
+        * UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:
+        (WebKit::LocalConnection::verifyUser const):
+        * UIProcess/WebAuthentication/Mock/MockLocalConnection.h:
+        * UIProcess/WebAuthentication/Mock/MockLocalConnection.mm:
+        (WebKit::MockLocalConnection::verifyUser const):
+
 2020-03-24  Kate Cheney  <katherine_cheney@apple.com>
 

trunk/Source/WebKit/Sources.txt

@@ -470 +470 @@
 UIProcess/WebAuthentication/Authenticator.cpp
 UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp
+UIProcess/WebAuthentication/WebAuthenticationRequestData.cpp
 
 UIProcess/WebsiteData/WebDeviceOrientationAndMotionAccessController.cpp

trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp

@@ -144 +144 @@
 }
 
-static ClientDataType getClientDataType(const Variant<PublicKeyCredentialCreationOptions, PublicKeyCredentialRequestOptions>& options)
-{
-    if (WTF::holds_alternative<PublicKeyCredentialCreationOptions>(options))
-        return ClientDataType::Create;
-    return ClientDataType::Get;
-}
-
 } // namespace
 

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm

@@ -264 +264 @@
         weakThis->continueMakeCredentialAfterUserVerification(accessControl.get(), verification, context);
     };
-    m_connection->verifyUser(creationOptions.rp.id, accessControlRef, WTFMove(callback));
+    m_connection->verifyUser(creationOptions.rp.id, getClientDataType(requestData().options), accessControlRef, WTFMove(callback));
 }
 
@@ -492 +492 @@
         weakThis->continueGetAssertionAfterUserVerification(WTFMove(response), verification, context);
     };
-    m_connection->verifyUser(requestOptions.rpId, accessControlRef, WTFMove(callback));
+    m_connection->verifyUser(requestOptions.rpId, getClientDataType(requestData().options), accessControlRef, WTFMove(callback));
 }
 

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.h

@@ -38 +38 @@
 namespace WebCore {
 class AuthenticatorAssertionResponse;
+enum class ClientDataType : bool;
 }
 
@@ -60 +61 @@
 
     LocalConnection() = default;
+    // FIXME(183534): Invalidate the LAContext.
     virtual ~LocalConnection() = default;
 
     // Overrided by MockLocalConnection.
-    virtual void verifyUser(const String& rpId, SecAccessControlRef, UserVerificationCallback&&) const;
+    virtual void verifyUser(const String& rpId, WebCore::ClientDataType, SecAccessControlRef, UserVerificationCallback&&) const;
     virtual RetainPtr<SecKeyRef> createCredentialPrivateKey(LAContext *, SecAccessControlRef, const String& secAttrLabel, NSData *secAttrApplicationTag) const;
     virtual void getAttestation(SecKeyRef, NSData *authData, NSData *hash, AttestationCallback&&) const;

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm

@@ -40 +40 @@
 
 namespace WebKit {
+using namespace WebCore;
 
-void LocalConnection::verifyUser(const String& rpId, SecAccessControlRef accessControl, UserVerificationCallback&& completionHandler) const
+namespace {
+static String bundleName()
 {
+    String bundleName;
+
+#if PLATFORM(MAC)
+    bundleName = [[NSRunningApplication currentApplication] localizedName];
+#endif
+
+    return bundleName;
+}
+} // namespace
+
+void LocalConnection::verifyUser(const String& rpId, ClientDataType type, SecAccessControlRef accessControl, UserVerificationCallback&& completionHandler) const
+{
+    String title;
+    switch (type) {
+    case ClientDataType::Create:
+        title = makeCredentialTouchIDPromptTitle(bundleName(), rpId);
+        break;
+    case ClientDataType::Get:
+        title = getAssertionTouchIDPromptTitle(bundleName(), rpId);
+        break;
+    default:
+        ASSERT_NOT_REACHED();
+    }
+
     auto context = adoptNS([allocLAContextInstance() init]);
 
     auto options = adoptNS([[NSMutableDictionary alloc] init]);
     if ([context biometryType] == LABiometryTypeTouchID) {
-#if PLATFORM(IOS)
-        [options setObject:WebCore::genericTouchIDPromptTitle() forKey:@(LAOptionAuthenticationTitle)];
-        ASSERT_UNUSED(rpId, rpId);
-#else
-        [options setObject:WebCore::makeCredentialTouchIDPromptTitle(rpId) forKey:@(LAOptionAuthenticationTitle)];
-#endif
+        [options setObject:title forKey:@(LAOptionAuthenticationTitle)];
         [options setObject:@NO forKey:@(LAOptionFallbackVisible)];
     }
-#if PLATFORM(IOS)
-    [options setObject:WebCore::biometricFallbackPromptTitle() forKey:@(LAOptionPasscodeTitle)];
-#endif
 
     auto reply = makeBlockPtr([context, completionHandler = WTFMove(completionHandler)] (NSDictionary *, NSError *error) mutable {

trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.h

@@ -38 +38 @@
 
 private:
-    void verifyUser(const String&, SecAccessControlRef, UserVerificationCallback&&) const final;
+    void verifyUser(const String&, WebCore::ClientDataType, SecAccessControlRef, UserVerificationCallback&&) const final;
     RetainPtr<SecKeyRef> createCredentialPrivateKey(LAContext *, SecAccessControlRef, const String& secAttrLabel, NSData *secAttrApplicationTag) const final;
     void getAttestation(SecKeyRef, NSData *authData, NSData *hash, AttestationCallback&&) const final;

trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm

@@ -45 +45 @@
 }
 
-void MockLocalConnection::verifyUser(const String&, SecAccessControlRef, UserVerificationCallback&& callback) const
+void MockLocalConnection::verifyUser(const String&, WebCore::ClientDataType, SecAccessControlRef, UserVerificationCallback&& callback) const
 {
     // Mock async operations.

trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -24 +24 @@
  */
 
-#pragma once
+#include "config.h"
+#include "WebAuthenticationRequestData.h"
 
 #if ENABLE(WEB_AUTHN)
 
-#include "LocalConnection.h"
-#include <WebCore/MockWebAuthenticationConfiguration.h>
+namespace WebKit {
+using namespace WebCore;
 
-namespace WebKit {
-
-class MockLocalConnection final : public LocalConnection {
-public:
-    explicit MockLocalConnection(const WebCore::MockWebAuthenticationConfiguration&);
-
-private:
-    void verifyUser(const String&, SecAccessControlRef, UserVerificationCallback&&) const final;
-    RetainPtr<SecKeyRef> createCredentialPrivateKey(LAContext *, SecAccessControlRef, const String& secAttrLabel, NSData *secAttrApplicationTag) const final;
-    void getAttestation(SecKeyRef, NSData *authData, NSData *hash, AttestationCallback&&) const final;
-    void filterResponses(HashSet<Ref<WebCore::AuthenticatorAssertionResponse>>&) const final;
-
-    WebCore::MockWebAuthenticationConfiguration m_configuration;
-};
+ClientDataType getClientDataType(const Variant<PublicKeyCredentialCreationOptions, PublicKeyCredentialRequestOptions>& options)
+{
+    if (WTF::holds_alternative<PublicKeyCredentialCreationOptions>(options))
+        return ClientDataType::Create;
+    return ClientDataType::Get;
+}
 
 } // namespace WebKit

trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h

@@ -34 +34 @@
 #include <WebCore/PublicKeyCredentialCreationOptions.h>
 #include <WebCore/PublicKeyCredentialRequestOptions.h>
+#include <WebCore/WebAuthenticationConstants.h>
 #include <wtf/Variant.h>
 #include <wtf/Vector.h>
@@ -52 +53 @@
 };
 
+WebCore::ClientDataType getClientDataType(const Variant<WebCore::PublicKeyCredentialCreationOptions, WebCore::PublicKeyCredentialRequestOptions>&);
+
 } // namespace WebKit