diff --git a/dom/webauthn/PublicKeyCredential.cpp b/dom/webauthn/PublicKeyCredential.cpp index 2b20a385cd12..e7da644b262a 100644 --- a/dom/webauthn/PublicKeyCredential.cpp +++ b/dom/webauthn/PublicKeyCredential.cpp @@ -84,7 +84,7 @@ PublicKeyCredential::SetResponse(RefPtr aResponse) } /* static */ already_AddRefed -PublicKeyCredential::IsPlatformAuthenticatorAvailable(GlobalObject& aGlobal) +PublicKeyCredential::IsUserVerifyingPlatformAuthenticatorAvailable(GlobalObject& aGlobal) { nsIGlobalObject* globalObject = xpc::NativeGlobal(JS::CurrentGlobalOrNull(aGlobal.Context())); @@ -94,15 +94,24 @@ PublicKeyCredential::IsPlatformAuthenticatorAvailable(GlobalObject& aGlobal) ErrorResult rv; RefPtr promise = Promise::Create(globalObject, rv); - if(rv.Failed()) { + if (rv.Failed()) { return nullptr; } - // Complete in Bug 1406468. This shouldn't just always return true, it should - // follow the guidelines in - // https://w3c.github.io/webauthn/#isPlatformAuthenticatorAvailable - // such as ensuring that U2FTokenManager isn't in some way disabled. - promise->MaybeResolve(true); + // https://w3c.github.io/webauthn/#isUserVerifyingPlatformAuthenticatorAvailable + // + // We currently implement no platform authenticators, so this would always + // resolve to false. For those cases, the spec recommends a resolve timeout + // on the order of 10 minutes to avoid fingerprinting. + // + // A simple solution is thus to never resolve the promise, otherwise we'd + // have to track every single call to this method along with a promise + // and timer to resolve it after exactly X minutes. + // + // A Relying Party has to deal with a non-response in a timely fashion, so + // we can keep this as-is (and not resolve) even when we support platform + // authenticators but they're not available, or a user rejects a website's + // request to use them. return promise.forget(); } diff --git a/dom/webauthn/PublicKeyCredential.h b/dom/webauthn/PublicKeyCredential.h index b69e7d7fdca1..5fe8b8acfa49 100644 --- a/dom/webauthn/PublicKeyCredential.h +++ b/dom/webauthn/PublicKeyCredential.h @@ -47,7 +47,7 @@ public: SetResponse(RefPtr); static already_AddRefed - IsPlatformAuthenticatorAvailable(GlobalObject& aGlobal); + IsUserVerifyingPlatformAuthenticatorAvailable(GlobalObject& aGlobal); private: CryptoBuffer mRawId; diff --git a/dom/webauthn/tests/test_webauthn_isplatformauthenticatoravailable.html b/dom/webauthn/tests/test_webauthn_isplatformauthenticatoravailable.html index cc349f1f7989..1416ed5929e1 100644 --- a/dom/webauthn/tests/test_webauthn_isplatformauthenticatoravailable.html +++ b/dom/webauthn/tests/test_webauthn_isplatformauthenticatoravailable.html @@ -1,7 +1,7 @@ - Test for W3C Web Authentication isPlatformAuthenticatorAvailable + Test for W3C Web Authentication isUserVerifyingPlatformAuthenticatorAvailable @@ -12,7 +12,7 @@ -

Test for W3C Web Authentication isPlatformAuthenticatorAvailable

+

Test for W3C Web Authentication isUserVerifyingPlatformAuthenticatorAvailable

Mozilla Bug 1309284 diff --git a/dom/webidl/WebAuthentication.webidl b/dom/webidl/WebAuthentication.webidl index bb11c3913d97..267b1c997a4b 100644 --- a/dom/webidl/WebAuthentication.webidl +++ b/dom/webidl/WebAuthentication.webidl @@ -19,7 +19,7 @@ interface PublicKeyCredential : Credential { [SecureContext] partial interface PublicKeyCredential { - static Promise isPlatformAuthenticatorAvailable(); + static Promise isUserVerifyingPlatformAuthenticatorAvailable(); }; [SecureContext, Pref="security.webauth.webauthn"] @@ -124,4 +124,5 @@ typedef long COSEAlgorithmIdentifier; typedef sequence AuthenticatorSelectionList; -typedef BufferSource AAGUID; \ No newline at end of file +typedef BufferSource AAGUID; +