gecko-dev/dom/webidl/U2F.webidl

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

109 строки
3.4 KiB
Plaintext
Исходник Обычный вид История

/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/.
*
* The origin of this IDL file is a combination of the FIDO U2F Raw Message Formats:
* https://www.fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-raw-message-formats-v1.1-id-20160915.html
* and the U2F JavaScript API v1.1:
* https://www.fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-javascript-api-v1.1-id-20160915.html
*/
interface mixin GlobalU2F {
Bug 1551282 and bug 1553436. Allow pages to override window.u2f but not the "sign" and "register" properties on the U2F object. r=jcj,smaug There are two related problems this patch is trying to address. The first, and simpler, one is bug 1553436: there are websites that use existing variables and functions named "u2f" and adding a non-replaceable readonly property with that name on Window breaks them. The fix for this is straightforward: mark the property [Replaceable]. The second problem, covered by bug 1551282, involves sites that use the Google U2F polyfill. The relevant parts of that polyfill look like this: 'use strict'; var u2f = u2f || {}; u2f.register = some_function_that_only_works_right_in_Chrome; u2f.sign = some_function_that_only_works_right_in_Chrome; The failure mode for that code before this fix is that the assignment to "u2f" throws because it's a readonly property and we're in strict mode, so any code the page concatenates in the same file after the polyfill does not get run. That's what bug 1551282 is about. The [Replaceable] annotation fixes that issue, because now the polyfill gets the value of window.u2f and then redefines the property (via the [Replaceable] setter) to be a value property with that value. So far, so good. But then we need to prevent the sets of u2f.register and u2f.sign from taking effect, because if they are allowed to happen, the actual sign/register functionality on the page will not work in Firefox. We can't just make the properties readonly, because then the sets will throw due to being in strict mode, and we still have bug 1551282. The proposed fix is to make these accessor properties with a no-op setter, which is exactly what [LenientSetter] gives us. The rest of the patch is just setting up infrastructure for generating the normal bits we would generate if "sign" and "register" were methods and using that to create the JSFunctions at the point when the getter is called. The JSFunctions then get cached on the u2f instance object. Differential Revision: https://phabricator.services.mozilla.com/D32357 --HG-- extra : moz-landing-system : lando
2019-05-24 23:40:59 +03:00
[SecureContext, Throws, Pref="security.webauth.u2f", Replaceable]
readonly attribute U2F u2f;
};
typedef unsigned short ErrorCode;
typedef sequence<Transport> Transports;
enum Transport {
"bt",
"ble",
"nfc",
"usb"
};
[GenerateToJSON]
dictionary U2FClientData {
DOMString typ; // Spelling is from the specification
DOMString challenge;
DOMString origin;
// cid_pubkey for Token Binding is not implemented
};
dictionary RegisterRequest {
DOMString version;
DOMString challenge;
};
dictionary RegisterResponse {
DOMString version;
DOMString registrationData;
DOMString clientData;
// From Error
ErrorCode? errorCode;
DOMString? errorMessage;
};
dictionary RegisteredKey {
DOMString version;
DOMString keyHandle;
Transports? transports;
DOMString? appId;
};
dictionary SignResponse {
DOMString keyHandle;
DOMString signatureData;
DOMString clientData;
// From Error
ErrorCode? errorCode;
DOMString? errorMessage;
};
callback U2FRegisterCallback = void(RegisterResponse response);
callback U2FSignCallback = void(SignResponse response);
[SecureContext, Pref="security.webauth.u2f",
Exposed=Window]
interface U2F {
// These enumerations are defined in the FIDO U2F Javascript API under the
// interface "ErrorCode" as constant integers, and also in the U2F.cpp file.
// Any changes to these must occur in both locations.
const unsigned short OK = 0;
const unsigned short OTHER_ERROR = 1;
const unsigned short BAD_REQUEST = 2;
const unsigned short CONFIGURATION_UNSUPPORTED = 3;
const unsigned short DEVICE_INELIGIBLE = 4;
const unsigned short TIMEOUT = 5;
Bug 1551282 and bug 1553436. Allow pages to override window.u2f but not the "sign" and "register" properties on the U2F object. r=jcj,smaug There are two related problems this patch is trying to address. The first, and simpler, one is bug 1553436: there are websites that use existing variables and functions named "u2f" and adding a non-replaceable readonly property with that name on Window breaks them. The fix for this is straightforward: mark the property [Replaceable]. The second problem, covered by bug 1551282, involves sites that use the Google U2F polyfill. The relevant parts of that polyfill look like this: 'use strict'; var u2f = u2f || {}; u2f.register = some_function_that_only_works_right_in_Chrome; u2f.sign = some_function_that_only_works_right_in_Chrome; The failure mode for that code before this fix is that the assignment to "u2f" throws because it's a readonly property and we're in strict mode, so any code the page concatenates in the same file after the polyfill does not get run. That's what bug 1551282 is about. The [Replaceable] annotation fixes that issue, because now the polyfill gets the value of window.u2f and then redefines the property (via the [Replaceable] setter) to be a value property with that value. So far, so good. But then we need to prevent the sets of u2f.register and u2f.sign from taking effect, because if they are allowed to happen, the actual sign/register functionality on the page will not work in Firefox. We can't just make the properties readonly, because then the sets will throw due to being in strict mode, and we still have bug 1551282. The proposed fix is to make these accessor properties with a no-op setter, which is exactly what [LenientSetter] gives us. The rest of the patch is just setting up infrastructure for generating the normal bits we would generate if "sign" and "register" were methods and using that to create the JSFunctions at the point when the getter is called. The JSFunctions then get cached on the u2f instance object. Differential Revision: https://phabricator.services.mozilla.com/D32357 --HG-- extra : moz-landing-system : lando
2019-05-24 23:40:59 +03:00
// Returns a Function. It's readonly + [LenientSetter] to keep the Google
// U2F polyfill from stomping on the value.
[LenientSetter, Pure, Cached, Throws]
readonly attribute object register;
// A way to generate the actual implementation of register()
[Unexposed, Throws, BinaryName="Register"]
void register_impl(DOMString appId,
sequence<RegisterRequest> registerRequests,
sequence<RegisteredKey> registeredKeys,
U2FRegisterCallback callback,
optional long? opt_timeoutSeconds);
// Returns a Function. It's readonly + [LenientSetter] to keep the Google
// U2F polyfill from stomping on the value.
[LenientSetter, Pure, Cached, Throws]
readonly attribute object sign;
// A way to generate the actual implementation of sign()
[Unexposed, Throws, BinaryName="Sign"]
void sign_impl (DOMString appId,
DOMString challenge,
sequence<RegisteredKey> registeredKeys,
U2FSignCallback callback,
optional long? opt_timeoutSeconds);
};