mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1773760 - part 3: make UserVerificationRequirement a DOMString. r=keeler,webidl,smaug 

Depends on D167747

Differential Revision: https://phabricator.services.mozilla.com/D167748
This commit is contained in:
John Schanck 2023-01-25 22:12:06 +00:00
Родитель 0ac78da65a
Коммит 7e87c63940
9 изменённых файлов: 37 добавлений и 90 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
dom/webauthn/AndroidWebAuthnTokenManager.cpp
Просмотреть файл

@ -161,8 +161,7 @@ RefPtr<U2FRegisterPromise> AndroidWebAuthnTokenManager::Register(
java::sdk::Integer::ValueOf(1)); java::sdk::Integer::ValueOf(1));
} }
if (sel.userVerificationRequirement() == if (sel.userVerificationRequirement().EqualsLiteral("required")) {
UserVerificationRequirement::Required) {
GECKOBUNDLE_PUT(authSelBundle, "requireUserVerification", GECKOBUNDLE_PUT(authSelBundle, "requireUserVerification",
java::sdk::Integer::ValueOf(1)); java::sdk::Integer::ValueOf(1));
} }

10
dom/webauthn/CTAPHIDTokenManager.cpp
Просмотреть файл

@ -141,11 +141,8 @@ RefPtr<U2FRegisterPromise> CTAPHIDTokenManager::Register(
const auto& extra = aInfo.Extra().ref(); const auto& extra = aInfo.Extra().ref();
const WebAuthnAuthenticatorSelection& sel = extra.AuthenticatorSelection(); const WebAuthnAuthenticatorSelection& sel = extra.AuthenticatorSelection();
UserVerificationRequirement userVerificationRequirement =
sel.userVerificationRequirement();
bool requireUserVerification = bool requireUserVerification =
userVerificationRequirement == UserVerificationRequirement::Required; sel.userVerificationRequirement().EqualsLiteral("required");
bool requirePlatformAttachment = false; bool requirePlatformAttachment = false;
if (sel.authenticatorAttachment().isSome()) { if (sel.authenticatorAttachment().isSome()) {
@ -272,11 +269,8 @@ RefPtr<U2FSignPromise> CTAPHIDTokenManager::Sign(
if (aInfo.Extra().isSome()) { if (aInfo.Extra().isSome()) {
const auto& extra = aInfo.Extra().ref(); const auto& extra = aInfo.Extra().ref();
UserVerificationRequirement userVerificationReq =
extra.userVerificationRequirement();
// Set flags for credential requests. // Set flags for credential requests.
if (userVerificationReq == UserVerificationRequirement::Required) { if (extra.userVerificationRequirement().EqualsLiteral("required")) {
signFlags |= U2F_FLAG_REQUIRE_USER_VERIFICATION; signFlags |= U2F_FLAG_REQUIRE_USER_VERIFICATION;
} }

5
dom/webauthn/PWebAuthnTransaction.ipdl
Просмотреть файл

@ -17,14 +17,13 @@
include protocol PBackground; include protocol PBackground;
using mozilla::dom::MaybeDiscardedBrowsingContext from "mozilla/dom/BrowsingContext.h"; using mozilla::dom::MaybeDiscardedBrowsingContext from "mozilla/dom/BrowsingContext.h";
using mozilla::dom::UserVerificationRequirement from "mozilla/dom/WebAuthnUtil.h";
namespace mozilla { namespace mozilla {
namespace dom { namespace dom {
struct WebAuthnAuthenticatorSelection { struct WebAuthnAuthenticatorSelection {
bool requireResidentKey; bool requireResidentKey;
UserVerificationRequirement userVerificationRequirement; nsString userVerificationRequirement;
nsString? authenticatorAttachment; nsString? authenticatorAttachment;
}; };
@ -107,7 +106,7 @@ struct WebAuthnMakeCredentialResult {
struct WebAuthnGetAssertionExtraInfo { struct WebAuthnGetAssertionExtraInfo {
WebAuthnExtension[] Extensions; WebAuthnExtension[] Extensions;
UserVerificationRequirement userVerificationRequirement; nsString userVerificationRequirement;
}; };
struct WebAuthnGetAssertionInfo { struct WebAuthnGetAssertionInfo {

13
dom/webauthn/U2FHIDTokenManager.cpp
Просмотреть файл

@ -113,12 +113,6 @@ RefPtr<U2FRegisterPromise> U2FHIDTokenManager::Register(
const auto& extra = aInfo.Extra().ref(); const auto& extra = aInfo.Extra().ref();
const WebAuthnAuthenticatorSelection& sel = extra.AuthenticatorSelection(); const WebAuthnAuthenticatorSelection& sel = extra.AuthenticatorSelection();
UserVerificationRequirement userVerificaitonRequirement =
sel.userVerificationRequirement();
bool requireUserVerification =
userVerificaitonRequirement == UserVerificationRequirement::Required;
bool requirePlatformAttachment = false; bool requirePlatformAttachment = false;
if (sel.authenticatorAttachment().isSome()) { if (sel.authenticatorAttachment().isSome()) {
const nsString& authenticatorAttachment = const nsString& authenticatorAttachment =
@ -132,7 +126,7 @@ RefPtr<U2FRegisterPromise> U2FHIDTokenManager::Register(
if (sel.requireResidentKey()) { if (sel.requireResidentKey()) {
registerFlags |= U2F_FLAG_REQUIRE_RESIDENT_KEY; registerFlags |= U2F_FLAG_REQUIRE_RESIDENT_KEY;
} }
if (requireUserVerification) { if (sel.userVerificationRequirement().EqualsLiteral("required")) {
registerFlags |= U2F_FLAG_REQUIRE_USER_VERIFICATION; registerFlags |= U2F_FLAG_REQUIRE_USER_VERIFICATION;
} }
if (requirePlatformAttachment) { if (requirePlatformAttachment) {
@ -231,11 +225,8 @@ RefPtr<U2FSignPromise> U2FHIDTokenManager::Sign(
if (aInfo.Extra().isSome()) { if (aInfo.Extra().isSome()) {
const auto& extra = aInfo.Extra().ref(); const auto& extra = aInfo.Extra().ref();
UserVerificationRequirement userVerificaitonReq =
extra.userVerificationRequirement();
// Set flags for credential requests. // Set flags for credential requests.
if (userVerificaitonReq == UserVerificationRequirement::Required) { if (extra.userVerificationRequirement().EqualsLiteral("required")) {
signFlags |= U2F_FLAG_REQUIRE_USER_VERIFICATION; signFlags |= U2F_FLAG_REQUIRE_USER_VERIFICATION;
} }

10
dom/webauthn/U2FSoftTokenManager.cpp
Просмотреть файл

@ -581,11 +581,8 @@ RefPtr<U2FRegisterPromise> U2FSoftTokenManager::Register(
const auto& extra = aInfo.Extra().ref(); const auto& extra = aInfo.Extra().ref();
const WebAuthnAuthenticatorSelection& sel = extra.AuthenticatorSelection(); const WebAuthnAuthenticatorSelection& sel = extra.AuthenticatorSelection();
UserVerificationRequirement userVerificaitonRequirement =
sel.userVerificationRequirement();
bool requireUserVerification = bool requireUserVerification =
userVerificaitonRequirement == UserVerificationRequirement::Required; sel.userVerificationRequirement().EqualsLiteral("required");
bool requirePlatformAttachment = false; bool requirePlatformAttachment = false;
if (sel.authenticatorAttachment().isSome()) { if (sel.authenticatorAttachment().isSome()) {
@ -824,11 +821,8 @@ RefPtr<U2FSignPromise> U2FSoftTokenManager::Sign(
if (aInfo.Extra().isSome()) { if (aInfo.Extra().isSome()) {
const auto& extra = aInfo.Extra().ref(); const auto& extra = aInfo.Extra().ref();
UserVerificationRequirement userVerificaitonReq =
extra.userVerificationRequirement();
// The U2F softtoken doesn't support user verification. // The U2F softtoken doesn't support user verification.
if (userVerificaitonReq == UserVerificationRequirement::Required) { if (extra.userVerificationRequirement().EqualsLiteral("required")) {
return U2FSignPromise::CreateAndReject(NS_ERROR_DOM_NOT_ALLOWED_ERR, return U2FSignPromise::CreateAndReject(NS_ERROR_DOM_NOT_ALLOWED_ERR,
__func__); __func__);
} }

11
dom/webauthn/WebAuthnUtil.h
Просмотреть файл

@ -62,15 +62,4 @@ nsresult BuildTransactionHashes(const nsCString& aRpId,
} // namespace mozilla::dom } // namespace mozilla::dom
namespace IPC {
template <>
struct ParamTraits<mozilla::dom::UserVerificationRequirement>
: public ContiguousEnumSerializer<
mozilla::dom::UserVerificationRequirement,
mozilla::dom::UserVerificationRequirement::Required,
mozilla::dom::UserVerificationRequirement::EndGuard_> {};
} // namespace IPC
#endif // mozilla_dom_WebAuthnUtil_h #endif // mozilla_dom_WebAuthnUtil_h

56
dom/webauthn/WinWebAuthnManager.cpp
Просмотреть файл

@ -231,24 +231,17 @@ void WinWebAuthnManager::Register(
const auto& sel = extra.AuthenticatorSelection(); const auto& sel = extra.AuthenticatorSelection();
UserVerificationRequirement userVerificationReq = const nsString& userVerificationRequirement =
sel.userVerificationRequirement(); sel.userVerificationRequirement();
switch (userVerificationReq) { if (userVerificationRequirement.EqualsLiteral("required")) {
case UserVerificationRequirement::Required: winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED;
winUserVerificationReq = } else if (userVerificationRequirement.EqualsLiteral("preferred")) {
WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED; winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED;
break; } else if (userVerificationRequirement.EqualsLiteral("discouraged")) {
case UserVerificationRequirement::Preferred: winUserVerificationReq =
winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED;
WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED; } else {
break; winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY;
case UserVerificationRequirement::Discouraged:
winUserVerificationReq =
WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED;
break;
default:
winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY;
break;
} }
if (sel.authenticatorAttachment().isSome()) { if (sel.authenticatorAttachment().isSome()) {
@ -565,25 +558,16 @@ void WinWebAuthnManager::Sign(PWebAuthnTransactionParent* aTransactionParent,
rpID = aInfo.RpId().get(); rpID = aInfo.RpId().get();
// User Verification Requirement // User Verification Requirement
UserVerificationRequirement userVerificationReq = const nsString& userVerificationReq = extra.userVerificationRequirement();
extra.userVerificationRequirement(); if (userVerificationReq.EqualsLiteral("required")) {
winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED;
switch (userVerificationReq) { } else if (userVerificationReq.EqualsLiteral("preferred")) {
case UserVerificationRequirement::Required: winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED;
winUserVerificationReq = } else if (userVerificationReq.EqualsLiteral("discouraged")) {
WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED; winUserVerificationReq =
break; WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED;
case UserVerificationRequirement::Preferred: } else {
winUserVerificationReq = winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY;
WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED;
break;
case UserVerificationRequirement::Discouraged:
winUserVerificationReq =
WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED;
break;
default:
winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY;
break;
} }
} else { } else {
rpID = aInfo.Origin().get(); rpID = aInfo.Origin().get();

9
dom/webauthn/tests/test_webauthn_make_credential.html
Просмотреть файл

@ -70,7 +70,7 @@
add_task(test_too_large_user_id); add_task(test_too_large_user_id);
add_task(test_excluding_unknown_transports); add_task(test_excluding_unknown_transports);
add_task(test_unknown_attestation_type); add_task(test_unknown_attestation_type);
add_task(test_unknown_authenticator_attachment); add_task(test_unknown_selection_criteria);
function arrivingHereIsGood(aResult) { function arrivingHereIsGood(aResult) {
ok(true, "Good result! Received a: " + aResult); ok(true, "Good result! Received a: " + aResult);
@ -394,10 +394,13 @@
.catch(arrivingHereIsBad); .catch(arrivingHereIsBad);
} }
async function test_unknown_authenticator_attachment() { async function test_unknown_selection_criteria() {
let makeCredentialOptions = { let makeCredentialOptions = {
rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [param], rp, user, challenge: gCredentialChallenge, pubKeyCredParams: [param],
authenticatorSelection: { authenticatorAttachment: "unknown authenticator attachment type" }, authenticatorSelection: {
userVerificationRequirement: "unknown UV requirement",
authenticatorAttachment: "unknown authenticator attachment type"
},
}; };
return credm.create({publicKey: makeCredentialOptions }) return credm.create({publicKey: makeCredentialOptions })
.then(arrivingHereIsGood) .then(arrivingHereIsGood)

10
dom/webidl/WebAuthentication.webidl
Просмотреть файл

@ -82,13 +82,7 @@ dictionary PublicKeyCredentialUserEntity : PublicKeyCredentialEntity {
dictionary AuthenticatorSelectionCriteria { dictionary AuthenticatorSelectionCriteria {
DOMString authenticatorAttachment; DOMString authenticatorAttachment;
boolean requireResidentKey = false; boolean requireResidentKey = false;
UserVerificationRequirement userVerification = "preferred"; DOMString userVerification = "preferred";
};
enum UserVerificationRequirement {
"required",
"preferred",
"discouraged"
}; };
dictionary PublicKeyCredentialRequestOptions { dictionary PublicKeyCredentialRequestOptions {
@ -96,7 +90,7 @@ dictionary PublicKeyCredentialRequestOptions {
unsigned long timeout; unsigned long timeout;
USVString rpId; USVString rpId;
sequence<PublicKeyCredentialDescriptor> allowCredentials = []; sequence<PublicKeyCredentialDescriptor> allowCredentials = [];
UserVerificationRequirement userVerification = "preferred"; DOMString userVerification = "preferred";
// FIXME: bug 1493860: should this "= {}" be here? // FIXME: bug 1493860: should this "= {}" be here?
AuthenticationExtensionsClientInputs extensions = {}; AuthenticationExtensionsClientInputs extensions = {};
}; };