Attachment 368962 Details for Bug 197543 – Patch for Landing

[patch] Patch for Landing

bug-197543-20190503120609.patch (text/plain), 12.51 KB, created by Jiewen Tan on 2019-05-03 12:06:10 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Jiewen Tan

Created: 2019-05-03 12:06:10 PDT

Size: 12.51 KB

patch

obsolete

>Subversion Revision: 244898
>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
>index af347836d9e6fae8beb7509eec4d23c258853ca8..8a1642eb091328c2d12386f8753c9ecf4a908468 100644
>--- a/Source/WebCore/ChangeLog
>+++ b/Source/WebCore/ChangeLog
>@@ -1,3 +1,23 @@
>+2019-05-02  Jiewen Tan  <jiewen_tan@apple.com>
>+
>+        [WebAuthN] A focused document should be required
>+        https://bugs.webkit.org/show_bug.cgi?id=197543
>+        <rdar://problem/50430989>
>+
>+        Reviewed by Brent Fulgham.
>+
>+        This patch adds a check to see if the invoking document is focused before
>+        calling into WebAuthN. This patch also removes some out-to-dated comments.
>+
>+        Test: http/wpt/webauthn/public-key-credential-unfocused-document.https.html
>+
>+        * Modules/credentialmanagement/CredentialsContainer.cpp:
>+        (WebCore::CredentialsContainer::get):
>+        (WebCore::CredentialsContainer::isCreate):
>+        * Modules/webauthn/AuthenticatorCoordinator.cpp:
>+        (WebCore::AuthenticatorCoordinator::create const):
>+        (WebCore::AuthenticatorCoordinator::discoverFromExternalSource const):
>+
> 2019-05-02  Ryosuke Niwa  <rniwa@webkit.org>
> 
>         Disable software keyboard for a math field textarea on desmos.com
>diff --git a/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp b/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp
>index 7081478e90ccf16739e58f19a33efb4bdacbbbf1..2f03895496c407b66badf575dd32b5fc587b36be 100644
>--- a/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp
>+++ b/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp
>@@ -83,6 +83,12 @@ void CredentialsContainer::get(CredentialRequestOptions&& options, CredentialPro
>         return;
>     }
> 
>+    // Extra.
>+    if (!m_document->hasFocus()) {
>+        promise.reject(Exception { NotAllowedError, "The document is not focused."_s });
>+        return;
>+    }
>+
>     m_document->page()->authenticatorCoordinator().discoverFromExternalSource(m_document->securityOrigin(), options.publicKey.value(), doesHaveSameOriginAsItsAncestors(), WTFMove(options.signal), WTFMove(promise));
> }
> 
>@@ -112,6 +118,12 @@ void CredentialsContainer::isCreate(CredentialCreationOptions&& options, Credent
>         return;
>     }
> 
>+    // Extra.
>+    if (!m_document->hasFocus()) {
>+        promise.reject(Exception { NotAllowedError, "The document is not focused."_s });
>+        return;
>+    }
>+
>     m_document->page()->authenticatorCoordinator().create(m_document->securityOrigin(), options.publicKey.value(), doesHaveSameOriginAsItsAncestors(), WTFMove(options.signal), WTFMove(promise));
> }
> 
>diff --git a/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp b/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
>index a4d20acdb7c970c1cb2e94ed7fdab4a6843c661a..747aab32f328fd112329b68592ecb8ba93f9f935 100644
>--- a/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
>+++ b/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
>@@ -166,10 +166,7 @@ void AuthenticatorCoordinator::create(const SecurityOrigin& callerOrigin, const
>     auto clientDataJsonHash = produceClientDataJsonHash(clientDataJson);
> 
>     // Step 4, 17-21.
>-    // Only platform attachments will be supported at this stage. Assuming one authenticator per device.
>-    // Also, resident keys, user verifications and direct attestation are enforced at this tage.
>-    // For better performance, transports of options.excludeCredentials are checked in LocalAuthenticator.
>-    if (!m_client)  {
>+    if (!m_client) {
>         promise.reject(Exception { UnknownError, "Unknown internal error."_s });
>         return;
>     }
>@@ -237,10 +234,7 @@ void AuthenticatorCoordinator::discoverFromExternalSource(const SecurityOrigin&
>     auto clientDataJsonHash = produceClientDataJsonHash(clientDataJson);
> 
>     // Step 4, 14-19.
>-    // Only platform attachments will be supported at this stage. Assuming one authenticator per device.
>-    // Also, resident keys, user verifications and direct attestation are enforced at this tage.
>-    // For better performance, filtering of options.allowCredentials is done in LocalAuthenticator.
>-    if (!m_client)  {
>+    if (!m_client) {
>         promise.reject(Exception { UnknownError, "Unknown internal error."_s });
>         return;
>     }
>diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
>index 27c59a88b7ee530f57cca60cfed1a6b73fd11d1f..bd56ac01968f6043f6643d37eee8a8df0f5dc902 100644
>--- a/LayoutTests/ChangeLog
>+++ b/LayoutTests/ChangeLog
>@@ -1,3 +1,17 @@
>+2019-05-03  Jiewen Tan  <jiewen_tan@apple.com>
>+
>+        [WebAuthN] A focused document should be required
>+        https://bugs.webkit.org/show_bug.cgi?id=197543
>+        <rdar://problem/50430989>
>+
>+        Reviewed by Brent Fulgham.
>+
>+        * http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html:
>+        * http/wpt/webauthn/public-key-credential-unfocused-document.https-expected.txt: Added.
>+        * http/wpt/webauthn/public-key-credential-unfocused-document.https.html: Copied from LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html.
>+        * http/wpt/webauthn/resources/last-layer-frame.https.html:
>+        * http/wpt/webauthn/resources/second-layer-frame.https.html:
>+
> 2019-05-02  Chris Dumez  <cdumez@apple.com>
> 
>         Add test coverage for <rdar://problem/49731231>
>diff --git a/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html b/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html
>index 21f147b24db15c83f89b3f2155a0b5f972109dbf..c01edc0854c88b9b3dbfbc9b78c906631502e5dc 100644
>--- a/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html
>+++ b/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html
>@@ -12,7 +12,7 @@
> <body>
>     <script>
>         promise_test(t => {
>-            return withCrossOriginIframe("last-layer-frame.https.html").then((message) => {
>+            return withCrossOriginIframe("last-layer-frame.https.html?shouldFocus=true&exceptionMessage=The origin of the document is not the same as its ancestors.").then((message) => {
>                 assert_equals(message.data, "PASS.");
>             });
>         }, "Tests that a frame that doesn't share the same origin with all its ancestors could not access the API.");
>diff --git a/LayoutTests/http/wpt/webauthn/public-key-credential-unfocused-document.https-expected.txt b/LayoutTests/http/wpt/webauthn/public-key-credential-unfocused-document.https-expected.txt
>new file mode 100644
>index 0000000000000000000000000000000000000000..02b71fb201501fa0bfef3bfe6917d90b243420cd
>--- /dev/null
>+++ b/LayoutTests/http/wpt/webauthn/public-key-credential-unfocused-document.https-expected.txt
>@@ -0,0 +1,4 @@
>+  
>+
>+PASS Tests that a frame that doesn't have the focus could not access the API. 
>+
>diff --git a/LayoutTests/http/wpt/webauthn/public-key-credential-unfocused-document.https.html b/LayoutTests/http/wpt/webauthn/public-key-credential-unfocused-document.https.html
>new file mode 100644
>index 0000000000000000000000000000000000000000..b78c708c8e6eaa181a0477fd783c2fba5a425bd9
>--- /dev/null
>+++ b/LayoutTests/http/wpt/webauthn/public-key-credential-unfocused-document.https.html
>@@ -0,0 +1,22 @@
>+<!DOCTYPE html>
>+<html>
>+<head>
>+    <meta charset="utf-8">
>+    <title>Web Authentication API: Tests that a frame that doesn't have the focus could not access the API.</title>
>+    <script src="/resources/testharness.js"></script>
>+    <script src="/resources/testharnessreport.js"></script>
>+    <script src="/common/utils.js"></script>
>+    <script src="/common/get-host-info.sub.js"></script>
>+    <script src="./resources/util.js"></script>
>+</head>
>+<body>
>+    <iframe src=""></iframe>
>+    <script>
>+        promise_test(t => {
>+            return withCrossOriginIframe("last-layer-frame.https.html?shouldFocus=false&exceptionMessage=The document is not focused.").then((message) => {
>+                assert_equals(message.data, "PASS.");
>+            });
>+        }, "Tests that a frame that doesn't have the focus could not access the API.");
>+    </script>
>+</body>
>+</html>
>diff --git a/LayoutTests/http/wpt/webauthn/resources/last-layer-frame.https.html b/LayoutTests/http/wpt/webauthn/resources/last-layer-frame.https.html
>index 6a4da4cd5c22d3e6eeb1519358c44a61e15b80e3..df787aed432e60eaad4f0eecdbad871a8137238d 100644
>--- a/LayoutTests/http/wpt/webauthn/resources/last-layer-frame.https.html
>+++ b/LayoutTests/http/wpt/webauthn/resources/last-layer-frame.https.html
>@@ -1,48 +1,61 @@
>-<script src="./util.js"></script>
>-<script>
>-function messageToTop(message) {
>-    top.postMessage(message, "*");
>-}
>+<!DOCTYPE html>
>+<html>
>+<head>
>+    <script src="./util.js"></script>
>+</head>
>+<body>
>+    <input type="text" id="input">
>+    <script>
>+        const url = new URL(window.location.href);
>+        const shouldFocus = url.searchParams.get("shouldFocus");
>+        const exceptionMessage = url.searchParams.get("exceptionMessage");
> 
>-const makeOptions = {
>-    publicKey: {
>-        rp: {
>-            name: "example.com"
>-        },
>-        user: {
>-            name: "John Appleseed",
>-            id: asciiToUint8Array("123456"),
>-            displayName: "Appleseed",
>-        },
>-        challenge: asciiToUint8Array("123456"),
>-        pubKeyCredParams: [{ type: "public-key", alg: -7 }]
>-    }
>-};
>-const requestOptions = {
>-    publicKey: {
>-        challenge: asciiToUint8Array("123456"),
>-    }
>-};
>+        function messageToTop(message) {
>+            top.postMessage(message, "*");
>+        }
> 
>+        const makeOptions = {
>+            publicKey: {
>+                rp: {
>+                    name: "example.com"
>+                },
>+                user: {
>+                    name: "John Appleseed",
>+                    id: asciiToUint8Array("123456"),
>+                    displayName: "Appleseed",
>+                },
>+                challenge: asciiToUint8Array("123456"),
>+                pubKeyCredParams: [{ type: "public-key", alg: -7 }]
>+            }
>+        };
>+        const requestOptions = {
>+            publicKey: {
>+                challenge: asciiToUint8Array("123456"),
>+            }
>+        };
> 
>-navigator.credentials.create(makeOptions).then(
>-    function(value) {
>-        messageToTop("Access granted. " + value);
>-    },
>-    function(exception) {
>-        if (exception.name == "NotAllowedError" && exception.message == "The origin of the document is not the same as its ancestors.")
>-            return navigator.credentials.get(requestOptions);
>-        else
>-            messageToTop("Throw " + exception.name  + ".");
>-    }
>-).then(function(value) {
>-        messageToTop("Access granted. " + value);
>-    },
>-    function(exception) {
>-        if (exception.name == "NotAllowedError" && exception.message == "The origin of the document is not the same as its ancestors.")
>-            messageToTop("PASS.");
>-        else
>-            messageToTop("Throw " + exception.name  + ".");
>-    }
>-);
>-</script>
>+        if (shouldFocus == "true")
>+            input.focus();
>+        navigator.credentials.create(makeOptions).then(
>+            function(value) {
>+                messageToTop("Access granted. " + value);
>+            },
>+            function(exception) {
>+                if (exception.name == "NotAllowedError" && exception.message == exceptionMessage)
>+                    return navigator.credentials.get(requestOptions);
>+                else
>+                    messageToTop("Throw " + exception.name  + ".");
>+            }
>+        ).then(function(value) {
>+                messageToTop("Access granted. " + value);
>+            },
>+            function(exception) {
>+                if (exception.name == "NotAllowedError" && exception.message == exceptionMessage)
>+                    messageToTop("PASS.");
>+                else
>+                    messageToTop("Throw " + exception.name  + ".");
>+            }
>+        );
>+    </script>
>+</body>
>+</html>
>diff --git a/LayoutTests/http/wpt/webauthn/resources/second-layer-frame.https.html b/LayoutTests/http/wpt/webauthn/resources/second-layer-frame.https.html
>index 3cf1630e40f4cd1b5aec3ab6bb9da44ccef37627..a38dc9685b68ea7e74807d092a8efc74344c8f92 100644
>--- a/LayoutTests/http/wpt/webauthn/resources/second-layer-frame.https.html
>+++ b/LayoutTests/http/wpt/webauthn/resources/second-layer-frame.https.html
>@@ -3,6 +3,6 @@
> <head>
> </head>
> <body>
>-    <iframe src="last-layer-frame.https.html"></iframe>
>+    <iframe src="last-layer-frame.https.html?shouldFocus=true&exceptionMessage=The origin of the document is not the same as its ancestors."></iframe>
> </body>
> </html>

Flags:

jiewen_tan: commit-queue+

Actions: View | Formatted Diff | Diff

Attachments on bug 197543: 368867 | 368876 | 368884 | 368896 | 368962