The WebAuthn popup just used the current selected browser for its context,
while we actually want to stick with the window that brought us to the party.
This adds tests to ensure that the doorhanger stays on the tab it was originally
attached to, avoiding the 'wandering doorhanger' problem from the bug.
Differential Revision: https://phabricator.services.mozilla.com/D72255
The rejection process consumes the ErrorResult, so an rvalue reference is the honest thing here.
Differential Revision: https://phabricator.services.mozilla.com/D62632
--HG--
extra : moz-landing-system : lando
The test changes are for the following reasons:
1) Removing the "empty ArrayBuffer" test: I don't see anything obvious in the
spec that would cause that to reject before prompting the user, and in fact it
does not do that in browsers. All browsers time out on that line.
2) Removing the "name is object" test: This test is wrong. Passing {} where a
string is expected in IDL will come out as the string "[object Object]" on the
other side, and that seems like a perfectly valid name.
3) Removing the "name is null" test: This test is wrong. Passing null where a
string is expected in IDL will come out as the string "null" on the other side,
and that seems like a perfectly valid name.
4) Removing the "name is empty" test: I don't see anything obvious in the
spec that would cause that to reject before prompting the user.
5) Removing the various "icon is whatever" tests: I don't see anything obvious in the
spec that would cause that to reject before prompting the user.
6) Removing the various "displayName is whatever" tests: the same reasoning as
for the coresponding "name is whatever" tests applies.
Differential Revision: https://phabricator.services.mozilla.com/D60685
--HG--
extra : moz-landing-system : lando
Before this patch, the WebAuthnManager/U2F destructors would call MaybeReject on
existing transaction promises. Doing this leaks JS objects. If
WebAuthnManager/U2F are being destructed, though, the window is going away, so
it shouldn't be necessary to reject any outstanding promises. This patch just
clears the transactions.
Differential Revision: https://phabricator.services.mozilla.com/D27346
--HG--
extra : moz-landing-system : lando
This stack is pretty clear that calling StopListeningForVisibilityEvents
(via ClearTransaction) is a no-go from the cycle collector. We need to instead
just do the minimum version of bug 1540378, just reset mTransaction and move on.
Differential Revision: https://phabricator.services.mozilla.com/D25804
--HG--
extra : moz-landing-system : lando
In Bug 1448408 ("Don't listen to visibility events"), it became possible to
close a tab without a visibility event to cause transactions to cancel. This
is a longstanding bug that was covered up by the visibility events. This patch
updates the cycle collection code to ensure that transactions get cleared out
safely, and we don't proceed to RejectTransaction (and subsequent code) on
already-cycle-collected objects.
Differential Revision: https://phabricator.services.mozilla.com/D25641
--HG--
extra : moz-landing-system : lando
The published recommendation of L1 for WebAuthn changed the visibility/focus
listening behaviors to a SHOULD [1], and Chromium, for reasons like our SoftU2F
bug [0], opted to not interrupt on tabswitch/visibility change.
Let's do the same thing.
This changes the visibility mechanism to set a flag on an ongoing transaction,
and then, upon multiple calls to the FIDO/U2F functions, only aborts if
visibility had changed. Otherwise, subsequent callers return early.
This is harder to explain than it is really to use as a user. I think. At least,
my testing feels natural when I'm working within two windows, both potentially
prompting WebAuthn.
Note: This also affects FIDO U2F API.
[0] https://bugzilla.mozilla.org/show_bug.cgi?id=1448408#c0
[1] https://www.w3.org/TR/webauthn-1/#abortoperation
Differential Revision: https://phabricator.services.mozilla.com/D25160
--HG--
extra : moz-landing-system : lando
Per the thread "Intent-to-Ship: Backward-Compatibility FIDO U2F support for
Google Accounts" on dev-platform [0], this bug is to:
1. Enable the security.webauth.u2f by default, to ride the trains
2. Remove the aOp == U2FOperation::Sign check from EvaluateAppID in
WebAuthnUtil.cpp, permitting the Google override to work for Register as
well as Sign.
This would enable Firefox users to use FIDO U2F API on most all sites, subject
to the algorithm limitations discussed in the section "Thorny issues in
enabling our FIDO U2F API implementation" of that post.
[0] https://groups.google.com/d/msg/mozilla.dev.platform/q5cj38hGTEA/lC834665BQAJ
Differential Revision: https://phabricator.services.mozilla.com/D25241
--HG--
extra : moz-landing-system : lando
Summary: Really sorry for the size of the patch. It's mostly automatic
s/nsIDocument/Document/ but I had to fix up in a bunch of places manually to
add the right namespacing and such.
Overall it's not a very interesting patch I think.
nsDocument.cpp turns into Document.cpp, nsIDocument.h into Document.h and
nsIDocumentInlines.h into DocumentInlines.h.
I also changed a bunch of nsCOMPtr usage to RefPtr, but not all of it.
While fixing up some of the bits I also removed some unneeded OwnerDoc() null
checks and such, but I didn't do anything riskier than that.
The webauthn spec mandates that relying party identifiers (RP IDs) are valid
domain strings. This enforces that by ensuring that any passed-in RP IDs parse
correctly when set as the host portion of a URL.
https://w3c.github.io/webauthn/#relying-party-identifier
--HG--
extra : rebase_source : 6be22c9be660db3062f4e8119051cd122bc24a12
Summary:
Always replace attestation statements with a "none" attestation.
Bug 1430150 will introduce a prompt that asks the user for permission whenever
the RP requests "direct" attestation. Only if the user opts in we will forward
the attestation statement with the token's certificate and signature.
Reviewers: jcj
Reviewed By: jcj
Bug #: 1416056
Differential Revision: https://phabricator.services.mozilla.com/D567