Bug 1573245 - Change AuthenticatorTransport to be string, not `enum` r=bzbarsky,keeler

Upstream: https://github.com/w3c/webauthn/issues/1268

Differential Revision: https://phabricator.services.mozilla.com/D41620

--HG--
extra : moz-landing-system : lando

dom/webauthn/WebAuthnManager.cpp

@@ -532,7 +532,19 @@ already_AddRefed<Promise> WebAuthnManager::GetAssertion(
       // Serialize transports.
       if (s.mTransports.WasPassed()) {
         uint8_t transports = 0;
-        for (const auto& t : s.mTransports.Value()) {
+
+        // Transports is a string, but we match it to an enumeration so
+        // that we have forward-compatibility, ignoring unknown transports.
+        for (const nsAString& str : s.mTransports.Value()) {
+          NS_ConvertUTF16toUTF8 cStr(str);
+          int i = FindEnumStringIndexImpl(
+              cStr.get(), cStr.Length(), AuthenticatorTransportValues::strings);
+          if (i < 0 ||
+              i >= static_cast<int>(AuthenticatorTransport::EndGuard_)) {
+            continue;  // Unknown enum
+          }
+          AuthenticatorTransport t = static_cast<AuthenticatorTransport>(i);
+
           if (t == AuthenticatorTransport::Usb) {
             transports |= U2F_AUTHENTICATOR_TRANSPORT_USB;
           }

dom/webauthn/tests/test_webauthn_get_assertion.html

@@ -132,6 +132,22 @@
         .catch(arrivingHereIsBad);
     });
 
+    // Test with an unexpected transport on a valid credential
+    add_task(async () => {
+      let cred = validCred;
+      cred.transports = ["unknown", "usb"];
+
+      let publicKey = {
+        challenge: gAssertionChallenge,
+        unknownValue: "hi",
+        allowCredentials: [cred]
+      };
+
+      await requestGetAssertion({publicKey})
+        .then(arrivingHereIsGood)
+        .catch(arrivingHereIsBad);
+    });
+
     // Test with an invalid credential
     add_task(async () => {
       let publicKey = {

dom/webauthn/tests/test_webauthn_make_credential.html

@@ -334,6 +334,26 @@
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectTypeError);
+        },
+
+        // Test with excluding unknown transports
+        function() {
+          let completeRP = {id: document.domain, name: "Foxxy Name",
+                            icon: "https://example.com/fox.svg"};
+          let completeUser = {id: string2buffer("foxes_are_the_best@example.com"),
+                              name: "Fox F. Foxington",
+                              icon: "https://example.com/fox.svg",
+                              displayName: "Foxxy V"};
+          let excludedUnknownTransport = {type: "public-key",
+                                          id: string2buffer("123"),
+                                          transports: ["unknown", "usb"]};
+          let makeCredentialOptions = {
+            rp: completeRP, user: completeUser, challenge: gCredentialChallenge,
+            pubKeyCredParams: [param], excludeCredentials: [excludedUnknownTransport]
+          };
+          return credm.create({publicKey: makeCredentialOptions})
+                      .then(arrivingHereIsGood)
+                      .catch(arrivingHereIsBad);
         }];
 
       var i = 0;

dom/webidl/WebAuthentication.webidl

@@ -149,7 +149,9 @@ enum PublicKeyCredentialType {
 dictionary PublicKeyCredentialDescriptor {
     required PublicKeyCredentialType      type;
     required BufferSource                 id;
-    sequence<AuthenticatorTransport>      transports;
+    // Transports is a string that is matched against the AuthenticatorTransport
+    // enumeration so that we have forward-compatibility for new transports.
+    sequence<DOMString>                   transports;
 };
 
 enum AuthenticatorTransport {