It's dead code because we never create AuthenticatorResponse objects directly,
and all subclasses override WrapObject.
Differential Revision: https://phabricator.services.mozilla.com/D32205
--HG--
extra : moz-landing-system : lando
This replaces the in-tree u2fhid (which has been renamed to
authenticator) by the published crate.
Differential Revision: https://phabricator.services.mozilla.com/D32221
--HG--
extra : moz-landing-system : lando
The code that blocks on a UX prompt for a Direct Attestation has to be disabled
for Android, as Android has no UX at present. Until Bug 1550164 resolves,
we'll have to let direct attestations be downgraded to anonymized ("None")
attestations.
Differential Revision: https://phabricator.services.mozilla.com/D31360
--HG--
extra : moz-landing-system : lando
The new Android functionality can conflict with the tests' expected behavior,
so it should be generally disabled, like the Rust module.
Differential Revision: https://phabricator.services.mozilla.com/D31266
--HG--
extra : moz-landing-system : lando
ANDROID is true for platforms based only on the native parts of the stack so can't
be used when what you depend on is actually the Java layer.
Differential Revision: https://phabricator.services.mozilla.com/D30965
--HG--
extra : moz-landing-system : lando
Support using the Google Play-provided FIDO2 API for Web Authentication.
FIDO U2F API support is being handled subsequently in Bug 1550625.
This patch uses the privileged APIs and thus will only work on Fennec Nightly, Beta, and Release builds.
Differential Revision: https://phabricator.services.mozilla.com/D1148
--HG--
extra : moz-landing-system : lando
This is split from the previous changeset since if we include dom/ the file size is too
large for phabricator to handle.
This is an autogenerated commit to handle scripts loading mochitest harness files, in
the simple case where the script src is on the same line as the tag.
This was generated with https://bug1544322.bmoattachments.org/attachment.cgi?id=9058170
using the `--part 2` argument.
Differential Revision: https://phabricator.services.mozilla.com/D27457
--HG--
extra : moz-landing-system : lando
Before this patch, the WebAuthnManager/U2F destructors would call MaybeReject on
existing transaction promises. Doing this leaks JS objects. If
WebAuthnManager/U2F are being destructed, though, the window is going away, so
it shouldn't be necessary to reject any outstanding promises. This patch just
clears the transactions.
Differential Revision: https://phabricator.services.mozilla.com/D27346
--HG--
extra : moz-landing-system : lando
This stack is pretty clear that calling StopListeningForVisibilityEvents
(via ClearTransaction) is a no-go from the cycle collector. We need to instead
just do the minimum version of bug 1540378, just reset mTransaction and move on.
Differential Revision: https://phabricator.services.mozilla.com/D25804
--HG--
extra : moz-landing-system : lando
In Bug 1448408 ("Don't listen to visibility events"), I changed `U2FTokenManager::
ClearTransaction` to send aborts, to handle the new visibility states. However,
`WebAuthnTransactionParent::ActorDestroy` is called at the conclusion of IPC
shutdown, which calls `MaybeClearTransaction` in `U2FTokenManager`, which calls
ClearTransaction, which then tries to send an Abort, which is a state machine
failure since we just shut the IPC down.
This patch creates a new `AbortOngoingTransaction` method which is used
to send the aborts instead of shoehorning that into `ClearTransaction`, reverting
`ClearTransaction` back to the prior form, and instead changes `Register` and
`Sign` to call the new method.
Differential Revision: https://phabricator.services.mozilla.com/D25687
--HG--
extra : moz-landing-system : lando
In Bug 1448408 ("Don't listen to visibility events"), it became possible to
close a tab without a visibility event to cause transactions to cancel. This
is a longstanding bug that was covered up by the visibility events. This patch
updates the cycle collection code to ensure that transactions get cleared out
safely, and we don't proceed to RejectTransaction (and subsequent code) on
already-cycle-collected objects.
Differential Revision: https://phabricator.services.mozilla.com/D25641
--HG--
extra : moz-landing-system : lando
The published recommendation of L1 for WebAuthn changed the visibility/focus
listening behaviors to a SHOULD [1], and Chromium, for reasons like our SoftU2F
bug [0], opted to not interrupt on tabswitch/visibility change.
Let's do the same thing.
This changes the visibility mechanism to set a flag on an ongoing transaction,
and then, upon multiple calls to the FIDO/U2F functions, only aborts if
visibility had changed. Otherwise, subsequent callers return early.
This is harder to explain than it is really to use as a user. I think. At least,
my testing feels natural when I'm working within two windows, both potentially
prompting WebAuthn.
Note: This also affects FIDO U2F API.
[0] https://bugzilla.mozilla.org/show_bug.cgi?id=1448408#c0
[1] https://www.w3.org/TR/webauthn-1/#abortoperation
Differential Revision: https://phabricator.services.mozilla.com/D25160
--HG--
extra : moz-landing-system : lando
Per the thread "Intent-to-Ship: Backward-Compatibility FIDO U2F support for
Google Accounts" on dev-platform [0], this bug is to:
1. Enable the security.webauth.u2f by default, to ride the trains
2. Remove the aOp == U2FOperation::Sign check from EvaluateAppID in
WebAuthnUtil.cpp, permitting the Google override to work for Register as
well as Sign.
This would enable Firefox users to use FIDO U2F API on most all sites, subject
to the algorithm limitations discussed in the section "Thorny issues in
enabling our FIDO U2F API implementation" of that post.
[0] https://groups.google.com/d/msg/mozilla.dev.platform/q5cj38hGTEA/lC834665BQAJ
Differential Revision: https://phabricator.services.mozilla.com/D25241
--HG--
extra : moz-landing-system : lando
U2F support, behind the `security.webauth.u2f` pref and exposed by `dom/u2f/U2F.cpp`, was broken when using Windows Hello, as the correct options for compatibility weren't set. This patch sets up Windows Hello to handle U2F-protocol backward compatibility properly.
Differential Revision: https://phabricator.services.mozilla.com/D21844
--HG--
extra : moz-landing-system : lando
We support CTAP2 devices on one specific platform, making it hard for RPs to
decide whether or not Firefox will support the tokens they're asking for. This
adds a non-standard method to divine that information while Firefox moves toward
CTAP2 support.
Differential Revision: https://phabricator.services.mozilla.com/D19826
--HG--
extra : moz-landing-system : lando
Replacing existing getParentProcessScalars with a generic implementation of getProcessScalars
Differential Revision: https://phabricator.services.mozilla.com/D18861
--HG--
extra : moz-landing-system : lando
For cases where the class has direct calls (that is, we cast `this` to the
subclass before making the call) no longer declare Recv/Answer methods on the
base class at all. This should ensure that slots for them are not generated in
vtables, and also allow the derived class to choose the method signature (e.g.
whether it wants to take something by reference or by value).
Differential Revision: https://phabricator.services.mozilla.com/D18132
--HG--
extra : moz-landing-system : lando
Replacing browser_webauthn_telemetry.js's custom getParentProcessScalars method with the method defined in TelemetryTestUtils module
Differential Revision: https://phabricator.services.mozilla.com/D16568
--HG--
extra : moz-landing-system : lando
Tom Schuster
Mihai Alexandru Michis
Victor Porof
J.C. Jones
Mark Banner
Boris Zbarsky
Bastien Orivel
Dzmitry Malyshau
Cosmin Sabou
Fabrice Desré
Brian Grinstead
Dana Keeler
Sylvestre Ledru
Akshay Kumar
Csoregi Natalia
Narcis Beleuzu
Alex Gaynor
Ryan Hunt
Sebastian Hengst
Varun Dey