Changeset 264543 in webkit

Timestamp:

Jul 17, 2020 3:58:51 PM (4 years ago)

Author:

jiewen_tan@apple.com

Message:

[WebAuthn] Cache the PIN to improve NFC user experience
​https://bugs.webkit.org/show_bug.cgi?id=213900
<rdar://problem/60073622>

Reviewed by Brent Fulgham.

Source/WebKit:

Cache the PIN to improve NFC user experience. Users might not hold the NFC key against the NFC scanner all the time
while entering the PIN. Therefore, we cache the PIN from the previous connection and immediately return the cached PIN to
the current connection such that users don't need to enter the PIN again.

The only downside for this optimization is that a wrong PIN could be used if the user switch to another authenticator for
the new connection. Given there is no UUID to identify a particular authenticator, there is nothing we can do to resolve the
issue. The probability of the issue, however, should be rare.

Covered by new API tests.

• UIProcess/WebAuthentication/AuthenticatorManager.cpp:

(WebKit::AuthenticatorManager::authenticatorStatusUpdated):
(WebKit::AuthenticatorManager::requestPin):
Where the above logic is implemented.

• UIProcess/WebAuthentication/Cocoa/NfcConnection.mm:

(WebKit::NfcConnection::transact const):
Adds a comment.

• UIProcess/WebAuthentication/WebAuthenticationRequestData.h:
• UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp:

(WebKit::WebAuthenticatorCoordinatorProxy::makeCredential):
(WebKit::WebAuthenticatorCoordinatorProxy::getAssertion):
Adds a field for the cached PIN.

Tools:

• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:

(TestWebKitAPI::TEST):

• TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-nfc-pin-disconnect.html: Added.

Location:

trunk

Files:

• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp (modified) (2 diffs)
• Source/WebKit/UIProcess/WebAuthentication/Cocoa/NfcConnection.mm (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h (modified) (1 diff)
• Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (modified) (4 diffs)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-nfc-pin-disconnect.html (added)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2020-07-17  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthn] Cache the PIN to improve NFC user experience
+        https://bugs.webkit.org/show_bug.cgi?id=213900
+        <rdar://problem/60073622>
+
+        Reviewed by Brent Fulgham.
+
+        Cache the PIN to improve NFC user experience. Users might not hold the NFC key against the NFC scanner all the time
+        while entering the PIN. Therefore, we cache the PIN from the previous connection and immediately return the cached PIN to
+        the current connection such that users don't need to enter the PIN again.
+
+        The only downside for this optimization is that a wrong PIN could be used if the user switch to another authenticator for
+        the new connection. Given there is no UUID to identify a particular authenticator, there is nothing we can do to resolve the
+        issue. The probability of the issue, however, should be rare.
+
+        Covered by new API tests.
+
+        * UIProcess/WebAuthentication/AuthenticatorManager.cpp:
+        (WebKit::AuthenticatorManager::authenticatorStatusUpdated):
+        (WebKit::AuthenticatorManager::requestPin):
+        Where the above logic is implemented.
+
+        * UIProcess/WebAuthentication/Cocoa/NfcConnection.mm:
+        (WebKit::NfcConnection::transact const):
+        Adds a comment.
+
+        * UIProcess/WebAuthentication/WebAuthenticationRequestData.h:
+        * UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp:
+        (WebKit::WebAuthenticatorCoordinatorProxy::makeCredential):
+        (WebKit::WebAuthenticatorCoordinatorProxy::getAssertion):
+        Adds a field for the cached PIN.
+
 2020-07-17  Per Arne Vollan  <pvollan@apple.com>
 

trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp

@@ -265 +265 @@
 void AuthenticatorManager::authenticatorStatusUpdated(WebAuthenticationStatus status)
 {
+    // Immediately invalidate the cache if the PIN is incorrect. A status update often means
+    // an error. We don't really care what kind of error it really is.
+    m_pendingRequestData.cachedPin = String();
+
     dispatchPanelClientCall([status] (const API::WebAuthenticationPanel& panel) {
         panel.client().updatePanel(status);
@@ -272 +276 @@
 void AuthenticatorManager::requestPin(uint64_t retries, CompletionHandler<void(const WTF::String&)>&& completionHandler)
 {
-    dispatchPanelClientCall([retries, completionHandler = WTFMove(completionHandler)] (const API::WebAuthenticationPanel& panel) mutable {
-        panel.client().requestPin(retries, WTFMove(completionHandler));
+    // Cache the PIN to improve NFC user experience so that a momentary movement of the NFC key away from the scanner doesn't
+    // force the PIN entry to be re-entered.
+    // We don't distinguish USB and NFC here becuase there is no harms to have this optimization for USB even though it is useless.
+    if (!m_pendingRequestData.cachedPin.isNull()) {
+        completionHandler(m_pendingRequestData.cachedPin);
+        m_pendingRequestData.cachedPin = String();
+        return;
+    }
+
+    auto callback = [weakThis = makeWeakPtr(*this), this, completionHandler = WTFMove(completionHandler)] (const WTF::String& pin) mutable {
+        if (!weakThis)
+            return;
+
+        m_pendingRequestData.cachedPin = pin;
+        completionHandler(pin);
+    };
+
+    dispatchPanelClientCall([retries, callback = WTFMove(callback)] (const API::WebAuthenticationPanel& panel) mutable {
+        panel.client().requestPin(retries, WTFMove(callback));
     });
 }

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/NfcConnection.mm

@@ -92 +92 @@
 {
     Vector<uint8_t> response;
+    // The method will return an empty NSData if the tag is disconnected.
     auto *responseData = [m_session transceive:adoptNS([[NSData alloc] initWithBytes:data.data() length:data.size()]).get()];
     response.append(reinterpret_cast<const uint8_t*>(responseData.bytes), responseData.length);

trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h

@@ -52 +52 @@
     WebKit::FrameInfoData frameInfo;
     bool processingUserGesture;
+    String cachedPin; // Only used to improve NFC Client PIN experience.
 };
 

trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp

@@ -58 +58 @@
 void WebAuthenticatorCoordinatorProxy::makeCredential(FrameIdentifier frameId, FrameInfoData&& frameInfo, Vector<uint8_t>&& hash, PublicKeyCredentialCreationOptions&& options, bool processingUserGesture, RequestCompletionHandler&& handler)
 {
-    handleRequest({ WTFMove(hash), WTFMove(options), makeWeakPtr(m_webPageProxy), WebAuthenticationPanelResult::Unavailable, nullptr, GlobalFrameIdentifier { m_webPageProxy.webPageID(), frameId }, WTFMove(frameInfo), processingUserGesture }, WTFMove(handler));
+    handleRequest({ WTFMove(hash), WTFMove(options), makeWeakPtr(m_webPageProxy), WebAuthenticationPanelResult::Unavailable, nullptr, GlobalFrameIdentifier { m_webPageProxy.webPageID(), frameId }, WTFMove(frameInfo), processingUserGesture, String() }, WTFMove(handler));
 }
 
 void WebAuthenticatorCoordinatorProxy::getAssertion(FrameIdentifier frameId, FrameInfoData&& frameInfo, Vector<uint8_t>&& hash, PublicKeyCredentialRequestOptions&& options, bool processingUserGesture, RequestCompletionHandler&& handler)
 {
-    handleRequest({ WTFMove(hash), WTFMove(options), makeWeakPtr(m_webPageProxy), WebAuthenticationPanelResult::Unavailable, nullptr, GlobalFrameIdentifier { m_webPageProxy.webPageID(), frameId }, WTFMove(frameInfo), processingUserGesture }, WTFMove(handler));
+    handleRequest({ WTFMove(hash), WTFMove(options), makeWeakPtr(m_webPageProxy), WebAuthenticationPanelResult::Unavailable, nullptr, GlobalFrameIdentifier { m_webPageProxy.webPageID(), frameId }, WTFMove(frameInfo), processingUserGesture, String() }, WTFMove(handler));
 }
 

trunk/Tools/ChangeLog

@@ +1 @@
+2020-07-17  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthn] Cache the PIN to improve NFC user experience
+        https://bugs.webkit.org/show_bug.cgi?id=213900
+        <rdar://problem/60073622>
+
+        Reviewed by Brent Fulgham.
+
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
+        (TestWebKitAPI::TEST):
+        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-nfc-pin-disconnect.html: Added.
+
 2020-07-17  Wenson Hsieh  <wenson_hsieh@apple.com>
 

trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj

@@ -374 +374 @@
                 574F55D2204D47F0002948C6 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 574F55D0204D471C002948C6 /* Security.framework */; };
                 5751B28A249D5BC500664C2A /* web-authentication-make-credential-hid-pin-get-pin-token-fake-pin-invalid-error-retry.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5751B289249D5B9900664C2A /* web-authentication-make-credential-hid-pin-get-pin-token-fake-pin-invalid-error-retry.html */; };
+                57537EE824BEA05F0048DBA5 /* web-authentication-get-assertion-nfc-pin-disconnect.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 57537EE724BEA0190048DBA5 /* web-authentication-get-assertion-nfc-pin-disconnect.html */; };
                 5758597F23A2527A00C74572 /* CtapPinTest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5758597E23A2527A00C74572 /* CtapPinTest.cpp */; };
                 5758598423C3C3A400C74572 /* web-authentication-make-credential-hid-pin-get-retries-error.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5758598323C3C36200C74572 /* web-authentication-make-credential-hid-pin-get-retries-error.html */; };
@@ -1603 +1604 @@
                                 572CEF71240F874700C412A2 /* web-authentication-get-assertion-la.html in Copy Resources */,
                                 579833922368FA37008E5547 /* web-authentication-get-assertion-nfc-multiple-tags.html in Copy Resources */,
+                                57537EE824BEA05F0048DBA5 /* web-authentication-get-assertion-nfc-pin-disconnect.html in Copy Resources */,
                                 57663DEA234EA66D00E85E09 /* web-authentication-get-assertion-nfc.html in Copy Resources */,
                                 577454D22359BB01008E1ED7 /* web-authentication-get-assertion-u2f-no-credentials.html in Copy Resources */,
@@ -2077 +2079 @@
                 574F55D0204D471C002948C6 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; };
                 5751B289249D5B9900664C2A /* web-authentication-make-credential-hid-pin-get-pin-token-fake-pin-invalid-error-retry.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-make-credential-hid-pin-get-pin-token-fake-pin-invalid-error-retry.html"; sourceTree = "<group>"; };
+                57537EE724BEA0190048DBA5 /* web-authentication-get-assertion-nfc-pin-disconnect.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; path = "web-authentication-get-assertion-nfc-pin-disconnect.html"; sourceTree = "<group>"; };
                 5758597D23A2527A00C74572 /* CtapPinTest.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CtapPinTest.h; sourceTree = "<group>"; };
                 5758597E23A2527A00C74572 /* CtapPinTest.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = CtapPinTest.cpp; sourceTree = "<group>"; };
@@ -3785 +3788 @@
                                 572CEF70240F86AE00C412A2 /* web-authentication-get-assertion-la.html */,
                                 5798337B235EB65C008E5547 /* web-authentication-get-assertion-nfc-multiple-tags.html */,
+                                57537EE724BEA0190048DBA5 /* web-authentication-get-assertion-nfc-pin-disconnect.html */,
                                 57663DE9234EA60B00E85E09 /* web-authentication-get-assertion-nfc.html */,
                                 577454D12359BAD5008E1ED7 /* web-authentication-get-assertion-u2f-no-credentials.html */,

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm

@@ -1159 +1159 @@
 }
 
+#if HAVE(NEAR_FIELD)
+TEST(WebAuthenticationPanel, NfcPinCachedDisconnect)
+{
+    reset();
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"web-authentication-get-assertion-nfc-pin-disconnect" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
+    [[configuration preferences] _setEnabled:YES forExperimentalFeature:webAuthenticationExperimentalFeature()];
+
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSZeroRect configuration:configuration]);
+    auto delegate = adoptNS([[TestWebAuthenticationPanelUIDelegate alloc] init]);
+    [webView setUIDelegate:delegate.get()];
+
+    webAuthenticationPanelPin = "1234";
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    [webView waitForMessage:@"Succeeded!"];
+}
+#endif // HAVE(NEAR_FIELD)
+
 TEST(WebAuthenticationPanel, MultipleAccountsNullDelegate)
 {