Changeset 270724 in webkit

Timestamp:

Dec 11, 2020 6:03:32 PM (3 years ago)

Author:

jiewen_tan@apple.com

Message:

[WebAuthn] Adopt new UI for the Security Key getAssertion flow
​https://bugs.webkit.org/show_bug.cgi?id=219711
<rdar://problem/72154840>

Reviewed by Brent Fulgham.

This patch adopts the new UI for the security key getAssertion flow which contains two part:

1. showing a informative UI to ask the user to connect their security keys,
2. showing an account picker for users to select a credential to use.

Covered by manual tests.

• Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h:

Paperwork.

• UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.h:
• UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm:

(WebKit::AuthenticatorPresenterCoordinator::AuthenticatorPresenterCoordinator):
(WebKit::AuthenticatorPresenterCoordinator::selectAssertionResponse):
(WebKit::AuthenticatorPresenterCoordinator::didSelectAssertionResponse):

• UIProcess/WebAuthentication/Cocoa/WKASCAuthorizationPresenterDelegate.mm:

(-[WKASCAuthorizationPresenterDelegate authorizationPresenter:credentialRequestedForLoginChoice:authenticatedContext:completionHandler:]):
Implements the two flows.

Location:

trunk/Source/WebKit

Files:

• ChangeLog (modified) (1 diff)
• Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h (modified) (3 diffs)
• UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.h (modified) (4 diffs)
• UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm (modified) (4 diffs)
• UIProcess/WebAuthentication/Cocoa/WKASCAuthorizationPresenterDelegate.mm (modified) (1 diff)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2020-12-11  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthn] Adopt new UI for the Security Key getAssertion flow
+        https://bugs.webkit.org/show_bug.cgi?id=219711
+        <rdar://problem/72154840>
+
+        Reviewed by Brent Fulgham.
+
+        This patch adopts the new UI for the security key getAssertion flow which contains two part:
+        1. showing a informative UI to ask the user to connect their security keys,
+        2. showing an account picker for users to select a credential to use.
+
+        Covered by manual tests.
+
+        * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h:
+        Paperwork.
+
+        * UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.h:
+        * UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm:
+        (WebKit::AuthenticatorPresenterCoordinator::AuthenticatorPresenterCoordinator):
+        (WebKit::AuthenticatorPresenterCoordinator::selectAssertionResponse):
+        (WebKit::AuthenticatorPresenterCoordinator::didSelectAssertionResponse):
+        * UIProcess/WebAuthentication/Cocoa/WKASCAuthorizationPresenterDelegate.mm:
+        (-[WKASCAuthorizationPresenterDelegate authorizationPresenter:credentialRequestedForLoginChoice:authenticatedContext:completionHandler:]):
+        Implements the two flows.
+
 2020-12-11  John Wilander  <wilander@apple.com>
 

trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h

@@ -70 +70 @@
 
 - (void)presentAuthorizationWithContext:(ASCAuthorizationPresentationContext *)context completionHandler:(void (^)(id<ASCCredentialProtocol> _Nullable, NSError * _Nullable))completionHandler;
+- (void)updateInterfaceWithLoginChoices:(NSArray<id <ASCLoginChoiceProtocol>> *)loginChoices;
 
 @property (nonatomic, weak) id <ASCAuthorizationPresenterDelegate> delegate;
@@ -90 +91 @@
 @property (nonatomic, readonly, copy) NSString *appIdentifier;
 @property (nonatomic, readonly, copy) NSArray<id<ASCLoginChoiceProtocol>> *loginChoices;
-@property (nonatomic, nullable, copy) NSString *relyingPartyIdentifier;
+@property (nonatomic, nullable, copy) NSString *serviceName;
 
 @property (nonatomic, copy) NSString *proxiedAppName;
@@ -103 +104 @@
 @end
 
+typedef NS_ENUM(NSInteger, ASCSecurityKeyPublicKeyCredentialLoginChoiceKind) {
+    ASCSecurityKeyPublicKeyCredentialLoginChoiceKindRegistration,
+    ASCSecurityKeyPublicKeyCredentialLoginChoiceKindAssertion,
+    ASCSecurityKeyPublicKeyCredentialLoginChoiceKindAssertionPlaceholder,
+};
+
 @interface ASCSecurityKeyPublicKeyCredentialLoginChoice : NSObject <ASCLoginChoiceProtocol>
 
 - (instancetype)initRegistrationChoice;
 - (instancetype)initWithName:(NSString *)name displayName:(NSString *)displayName userHandle:(NSData *)userHandle;
+- (instancetype)initAssertionPlaceholderChoice;
 
-@property (nonatomic, readonly, copy) NSString *name;
-@property (nonatomic, readonly, copy) NSString *displayName;
-@property (nonatomic, readonly, copy) NSData *userHandle;
-@property (nonatomic, readonly) BOOL isRegistrationRequest;
+@property (nonatomic, nullable, readonly, copy) NSString *name;
+@property (nonatomic, nullable, readonly, copy) NSString *displayName;
+@property (nonatomic, nullable, readonly, copy) NSData *userHandle;
+@property (nonatomic, readonly) ASCSecurityKeyPublicKeyCredentialLoginChoiceKind loginChoiceKind;
 
 + (instancetype)new NS_UNAVAILABLE;

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.h

@@ -29 +29 @@
 
 #include "WebAuthenticationFlags.h"
+#include <WebCore/AuthenticatorAssertionResponse.h>
 #include <WebCore/AuthenticatorTransport.h>
 #include <WebCore/WebAuthenticationConstants.h>
@@ -36 +37 @@
 
 OBJC_CLASS ASCAuthorizationPresenter;
+OBJC_CLASS ASCLoginChoiceProtocol;
 OBJC_CLASS LAContext;
 OBJC_CLASS WKASCAuthorizationPresenterDelegate;
@@ -65 +67 @@
     void setLAContext(LAContext *);
 
+    void didSelectAssertionResponse(ASCLoginChoiceProtocol *);
+
 private:
     WeakPtr<AuthenticatorManager> m_manager;
@@ -74 +78 @@
     CompletionHandler<void(LAContext *)> m_laContextHandler;
     RetainPtr<LAContext> m_laContext;
+
+    CompletionHandler<void(WebCore::AuthenticatorAssertionResponse*)> m_responseHandler;
+    HashMap<ASCLoginChoiceProtocol *, RefPtr<WebCore::AuthenticatorAssertionResponse>> m_credentials;
 };
 

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm

@@ -31 +31 @@
 #import "AuthenticatorManager.h"
 #import "WKASCAuthorizationPresenterDelegate.h"
-#import <WebCore/NotImplemented.h>
 #import <wtf/BlockPtr.h>
 
@@ -55 +54 @@
         break;
     case ClientDataType::Get:
-        // FIXME(219710): Adopt new UI for the Platform Authenticator getAssertion flow.
-        // FIXME(219711): Adopt new UI for the Security Key getAssertion flow.
+        if (transports.contains(AuthenticatorTransport::Usb) || transports.contains(AuthenticatorTransport::Nfc))
+            [presentationContext addLoginChoice:adoptNS([allocASCSecurityKeyPublicKeyCredentialLoginChoiceInstance() initAssertionPlaceholderChoice]).get()];
         break;
     default:
@@ -92 +91 @@
 }
 
-void AuthenticatorPresenterCoordinator::selectAssertionResponse(Vector<Ref<AuthenticatorAssertionResponse>>&&, WebAuthenticationSource, CompletionHandler<void(AuthenticatorAssertionResponse*)>&&)
+void AuthenticatorPresenterCoordinator::selectAssertionResponse(Vector<Ref<AuthenticatorAssertionResponse>>&& responses, WebAuthenticationSource source, CompletionHandler<void(AuthenticatorAssertionResponse*)>&& completionHandler)
 {
+#if HAVE(ASC_AUTH_UI)
+    if (m_responseHandler)
+        m_responseHandler(nullptr);
+    m_responseHandler = WTFMove(completionHandler);
+
+    if (source == WebAuthenticationSource::External) {
+        auto loginChoices = adoptNS([[NSMutableArray alloc] init]);
+
+        for (auto& response : responses) {
+            RetainPtr<NSData> userHandle;
+            if (response->userHandle())
+                userHandle = adoptNS([[NSData alloc] initWithBytes:response->userHandle()->data() length:response->userHandle()->byteLength()]);
+
+            auto loginChoice = adoptNS([allocASCSecurityKeyPublicKeyCredentialLoginChoiceInstance() initWithName:response->name() displayName:response->displayName() userHandle:userHandle.get()]);
+            [loginChoices addObject:loginChoice.get()];
+
+            m_credentials.add((ASCLoginChoiceProtocol *)loginChoice.get(), WTFMove(response));
+        }
+
+        [m_presenter updateInterfaceWithLoginChoices:loginChoices.get()];
+        return;
+    }
     // FIXME(219710): Adopt new UI for the Platform Authenticator getAssertion flow.
-    // FIXME(219711): Adopt new UI for the Security Key getAssertion flow.
+#endif // HAVE(ASC_AUTH_UI)
 }
 
@@ -127 +148 @@
 }
 
+void AuthenticatorPresenterCoordinator::didSelectAssertionResponse(ASCLoginChoiceProtocol *loginChoice)
+{
+    auto response = m_credentials.take(loginChoice);
+    if (!response)
+        return;
+
+    m_responseHandler(response.get());
+}
+
 } // namespace WebKit
 

trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WKASCAuthorizationPresenterDelegate.mm

@@ -66 +66 @@
         }
     }
+
+    if ([loginChoice isKindOfClass:WebKit::getASCSecurityKeyPublicKeyCredentialLoginChoiceClass()]) {
+        if ([(ASCSecurityKeyPublicKeyCredentialLoginChoice *)loginChoice loginChoiceKind] == ASCSecurityKeyPublicKeyCredentialLoginChoiceKindAssertion) {
+            [self dispatchCoordinatorCallback:[loginChoice] (WebKit::AuthenticatorPresenterCoordinator& coordinator) mutable {
+                coordinator.didSelectAssertionResponse((ASCLoginChoiceProtocol *)loginChoice);
+            }];
+
+            return;
+        }
+    }
 }