Changeset 263296 in webkit


Ignore:
Timestamp:
Jun 19, 2020 4:40:04 PM (4 years ago)
Author:
jiewen_tan@apple.com
Message:

[WebAuthn] Provide a _WKWebAuthenticationPanelUpdatePINInvalid update to UI clients if the returned PIN from the client is not valid
https://bugs.webkit.org/show_bug.cgi?id=213404
<rdar://problem/64543894>

Reviewed by Brent Fulgham.

Source/WebKit:

Provide a _WKWebAuthenticationPanelUpdatePINInvalid update to UI clients if the returned PIN from the client is not valid such that clients can
reuse the same logic to handle invalid pin from the authenticator. This change makes their life easier.

Covered by API tests.

  • UIProcess/API/APIWebAuthenticationPanelClient.h:

(API::WebAuthenticationPanelClient::requestPin const):

  • UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm:

(WebKit::WebAuthenticationPanelClient::requestPin const):
Now, only null strings are intepreted as cancels.

  • UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:

(WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived):
(WebKit::CtapAuthenticator::continueGetAssertionAfterResponseReceived):
(WebKit::CtapAuthenticator::continueGetPinTokenAfterRequestPin):
(WebKit::CtapAuthenticator::continueRequestAfterGetPinToken):
This patch also removes potential null pointer dereferences.

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:

(TestWebKitAPI::TEST):

  • TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-fake-pin-invalid-error-retry.html: Added.
Location:
trunk
Files:
1 added
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r263295 r263296  
     12020-06-19  Jiewen Tan  <jiewen_tan@apple.com>
     2
     3        [WebAuthn] Provide a _WKWebAuthenticationPanelUpdatePINInvalid update to UI clients if the returned PIN from the client is not valid
     4        https://bugs.webkit.org/show_bug.cgi?id=213404
     5        <rdar://problem/64543894>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        Provide a _WKWebAuthenticationPanelUpdatePINInvalid update to UI clients if the returned PIN from the client is not valid such that clients can
     10        reuse the same logic to handle invalid pin from the authenticator. This change makes their life easier.
     11
     12        Covered by API tests.
     13
     14        * UIProcess/API/APIWebAuthenticationPanelClient.h:
     15        (API::WebAuthenticationPanelClient::requestPin const):
     16        * UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm:
     17        (WebKit::WebAuthenticationPanelClient::requestPin const):
     18        Now, only null strings are intepreted as cancels.
     19
     20        * UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
     21        (WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived):
     22        (WebKit::CtapAuthenticator::continueGetAssertionAfterResponseReceived):
     23        (WebKit::CtapAuthenticator::continueGetPinTokenAfterRequestPin):
     24        (WebKit::CtapAuthenticator::continueRequestAfterGetPinToken):
     25        This patch also removes potential null pointer dereferences.
     26
    1272020-06-19  Per Arne Vollan  <pvollan@apple.com>
    228
  • trunk/Source/WebKit/UIProcess/API/APIWebAuthenticationPanelClient.h

    r258020 r263296  
    5050    virtual void updatePanel(WebKit::WebAuthenticationStatus) const { }
    5151    virtual void dismissPanel(WebKit::WebAuthenticationResult) const { }
    52     virtual void requestPin(uint64_t, CompletionHandler<void(const WTF::String&)>&& completionHandler) const { completionHandler(emptyString()); }
     52    virtual void requestPin(uint64_t, CompletionHandler<void(const WTF::String&)>&& completionHandler) const { completionHandler(WTF::String()); }
    5353    virtual void selectAssertionResponse(Vector<Ref<WebCore::AuthenticatorAssertionResponse>>&&, WebKit::WebAuthenticationSource, CompletionHandler<void(WebCore::AuthenticatorAssertionResponse*)>&& completionHandler) const { completionHandler(nullptr); }
    5454    virtual void decidePolicyForLocalAuthenticator(CompletionHandler<void(WebKit::LocalAuthenticatorPolicy)>&& completionHandler) const { completionHandler(WebKit::LocalAuthenticatorPolicy::Disallow); }
  • trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticationPanelClient.mm

    r257954 r263296  
    119119{
    120120    if (!m_delegateMethods.panelRequestPinWithRemainingRetriesCompletionHandler) {
    121         completionHandler(emptyString());
     121        completionHandler(String());
    122122        return;
    123123    }
     
    125125    auto delegate = m_delegate.get();
    126126    if (!delegate) {
    127         completionHandler(emptyString());
     127        completionHandler(String());
    128128        return;
    129129    }
  • trunk/Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp

    r261588 r263296  
    116116
    117117        if (isPinError(error)) {
    118             if (!m_pinAuth.isEmpty()) // Skip the very first command that acts like wink.
     118            if (!m_pinAuth.isEmpty() && observer()) // Skip the very first command that acts like wink.
    119119                observer()->authenticatorStatusUpdated(toStatus(error));
    120120            if (tryRestartPin(error))
     
    155155
    156156        if (isPinError(error)) {
    157             if (!m_pinAuth.isEmpty()) // Skip the very first command that acts like wink.
     157            if (!m_pinAuth.isEmpty() && observer()) // Skip the very first command that acts like wink.
    158158                observer()->authenticatorStatusUpdated(toStatus(error));
    159159            if (tryRestartPin(error))
     
    275275void CtapAuthenticator::continueGetPinTokenAfterRequestPin(const String& pin, const CryptoKeyEC& peerKey)
    276276{
     277    if (pin.isNull()) {
     278        receiveRespond(ExceptionData { UnknownError, "Pin is null."_s });
     279        return;
     280    }
     281
    277282    auto pinUtf8 = pin::validateAndConvertToUTF8(pin);
    278283    if (!pinUtf8) {
    279         receiveRespond(ExceptionData { UnknownError, makeString("Pin is not valid: ", pin) });
     284        // Fake a pin invalid response from the authenticator such that clients could show some error to the user.
     285        if (auto* observer = this->observer())
     286            observer->authenticatorStatusUpdated(WebAuthenticationStatus::PinInvalid);
     287        tryRestartPin(CtapDeviceResponseCode::kCtap2ErrPinInvalid);
    280288        return;
    281289    }
     
    302310
    303311        if (isPinError(error)) {
    304             observer()->authenticatorStatusUpdated(toStatus(error));
     312            if (auto* observer = this->observer())
     313                observer->authenticatorStatusUpdated(toStatus(error));
    305314            if (tryRestartPin(error))
    306315                return;
  • trunk/Tools/ChangeLog

    r263291 r263296  
     12020-06-19  Jiewen Tan  <jiewen_tan@apple.com>
     2
     3        [WebAuthn] Provide a _WKWebAuthenticationPanelUpdatePINInvalid update to UI clients if the returned PIN from the client is not valid
     4        https://bugs.webkit.org/show_bug.cgi?id=213404
     5        <rdar://problem/64543894>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
     10        * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
     11        (TestWebKitAPI::TEST):
     12        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-hid-pin-get-pin-token-fake-pin-invalid-error-retry.html: Added.
     13
    1142020-06-19  Jonathan Bedard  <jbedard@apple.com>
    215
  • trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj

    r263112 r263296  
    372372                5742178E2400D2DF002B303D /* web-authentication-make-credential-la.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5742178D2400D26C002B303D /* web-authentication-make-credential-la.html */; };
    373373                574F55D2204D47F0002948C6 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 574F55D0204D471C002948C6 /* Security.framework */; };
     374                5751B28A249D5BC500664C2A /* web-authentication-make-credential-hid-pin-get-pin-token-fake-pin-invalid-error-retry.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5751B289249D5B9900664C2A /* web-authentication-make-credential-hid-pin-get-pin-token-fake-pin-invalid-error-retry.html */; };
    374375                5758597F23A2527A00C74572 /* CtapPinTest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5758597E23A2527A00C74572 /* CtapPinTest.cpp */; };
    375376                5758598423C3C3A400C74572 /* web-authentication-make-credential-hid-pin-get-retries-error.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5758598323C3C36200C74572 /* web-authentication-make-credential-hid-pin-get-retries-error.html */; };
     
    12261227                        dstSubfolderSpec = 7;
    12271228                        files = (
     1229                                5751B28A249D5BC500664C2A /* web-authentication-make-credential-hid-pin-get-pin-token-fake-pin-invalid-error-retry.html in Copy Resources */,
    12281230                                55A817FF2181021A0004A39A /* 100x100-red.tga in Copy Resources */,
    12291231                                1A9E52C913E65EF4006917F5 /* 18-characters.html in Copy Resources */,
     
    20552057                5742178D2400D26C002B303D /* web-authentication-make-credential-la.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-la.html"; sourceTree = "<group>"; };
    20562058                574F55D0204D471C002948C6 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; };
     2059                5751B289249D5B9900664C2A /* web-authentication-make-credential-hid-pin-get-pin-token-fake-pin-invalid-error-retry.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-pin-token-fake-pin-invalid-error-retry.html"; sourceTree = "<group>"; };
    20572060                5758597D23A2527A00C74572 /* CtapPinTest.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CtapPinTest.h; sourceTree = "<group>"; };
    20582061                5758597E23A2527A00C74572 /* CtapPinTest.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = CtapPinTest.cpp; sourceTree = "<group>"; };
     
    37423745                                578DA44723ECD01300246010 /* web-authentication-make-credential-hid-pin-auth-blocked-error.html */,
    37433746                                570D26F323C3CA5500D5CF67 /* web-authentication-make-credential-hid-pin-get-key-agreement-error.html */,
     3747                                5751B289249D5B9900664C2A /* web-authentication-make-credential-hid-pin-get-pin-token-fake-pin-invalid-error-retry.html */,
    37443748                                578DA44123ECC76B00246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-blocked-error.html */,
    37453749                                578DA44523ECCBD000246010 /* web-authentication-make-credential-hid-pin-get-pin-token-pin-auth-invalid-error-retry.html */,
  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm

    r261366 r263296  
    938938    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]);
    939939    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
    940     [webView waitForMessage:@"Pin is not valid: "];
     940    [webView waitForMessage:@"Pin is null."];
    941941}
    942942
     
    955955
    956956    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
    957     [webView waitForMessage:@"Pin is not valid: "];
     957    [webView waitForMessage:@"Pin is null."];
    958958}
    959959
     
    961961{
    962962    reset();
    963     RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-make-credential-hid-pin" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
     963    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-make-credential-hid-pin-get-pin-token-fake-pin-invalid-error-retry" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
    964964
    965965    auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
     
    972972    webAuthenticationPanelPin = "123";
    973973    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
    974     [webView waitForMessage:@"Pin is not valid: 123"];
     974    Util::run(&webAuthenticationPanelUpdatePINInvalid);
     975    webAuthenticationPanelPin = "1234";
     976    [webView waitForMessage:@"Succeeded!"];
    975977}
    976978
Note: See TracChangeset for help on using the changeset viewer.