Bug 1831392 - add an excluded WebAuthn credential prompt. r=keeler

Depends on D177944 Differential Revision: https://phabricator.services.mozilla.com/D178113
2023-05-15 23:26:24 +00:00 · 2023-05-15 23:26:24 +00:00 · 53e2e3ea9b
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@ -7573,6 +7573,14 @@ var WebAuthnPromptHelper = {
      this.pin_required(mgr, data);
    } else if (data.action == "select-sign-result") {
      this.select_sign_result(mgr, data);
+    } else if (data.action == "already-registered") {
+      this.show_info(
+        mgr,
+        data.origin,
+        data.tid,
+        "alreadyRegistered",
+        "webauthn.alreadyRegisteredPrompt"
+      );
    } else if (data.action == "select-device") {
      this.show_info(
        mgr,
--- a/browser/locales/en-US/chrome/browser/browser.properties
+++ b/browser/locales/en-US/chrome/browser/browser.properties
@ -431,6 +431,7 @@ webauthn.deviceBlockedPrompt=User verification failed on %S. There are no attemp
 webauthn.pinAuthBlockedPrompt=User verification failed on %S. There were too many failed attempts in a row and PIN authentication has been temporarily blocked. Your device needs a power cycle (unplug and re-insert).
 # LOCALIZATION NOTE (webauthn.pinNotSetPrompt): %S is hostname
 webauthn.pinNotSetPrompt=User verification failed on %S. You may need to set a PIN on your device.
+webauthn.alreadyRegisteredPrompt=This device is already registered. Try a different device.
 webauthn.cancel=Cancel
 webauthn.cancel.accesskey=c
 webauthn.proceed=Proceed
--- a/dom/webauthn/authrs_bridge/src/lib.rs
+++ b/dom/webauthn/authrs_bridge/src/lib.rs
@ -66,6 +66,7 @@ fn authrs_to_nserror(e: &AuthenticatorError) -> nsresult {
        AuthenticatorError::PinError(PinError::PinAuthBlocked) => NS_ERROR_DOM_OPERATION_ERR,
        AuthenticatorError::PinError(PinError::PinBlocked) => NS_ERROR_DOM_OPERATION_ERR,
        AuthenticatorError::PinError(PinError::PinNotSet) => NS_ERROR_DOM_OPERATION_ERR,
+        AuthenticatorError::CredentialExcluded => NS_ERROR_DOM_OPERATION_ERR,
        _ => NS_ERROR_DOM_UNKNOWN_ERR,
    }
 }
@ -547,6 +548,7 @@ impl AuthrsTransport {
        .dispatch_background_task()?;

        let controller = self.controller.clone();
+        let callback_origin = origin.to_string();
        let state_callback = StateCallback::<Result<RegisterResult, AuthenticatorError>>::new(
            Box::new(move |result| {
                let result = match result {
@ -562,6 +564,16 @@ impl AuthrsTransport {
                        }
                        Ok(RegisterResult::CTAP2(attestation_object))
                    }
+                    Err(e @ AuthenticatorError::CredentialExcluded) => {
+                        let notification_str = make_prompt(
+                            "already-registered",
+                            tid,
+                            &callback_origin,
+                            browsing_context_id,
+                        );
+                        controller.send_prompt(tid, &notification_str);
+                        Err(e)
+                    }
                    Err(e) => Err(e),
                };
                let _ = controller.finish_register(tid, result);