[webkit-changes] [WebKit/WebKit] 848a80: Send bogus registration if no credentials match fo...

John Pascoe noreply at github.com
Fri Oct 7 09:24:23 PDT 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 848a8058df32588840ba1125a351816c765d7d24
      https://github.com/WebKit/WebKit/commit/848a8058df32588840ba1125a351816c765d7d24
  Author: J Pascoe <j_pascoe at apple.com>
  Date:   2022-10-07 (Fri, 07 Oct 2022)

  Changed paths:
    M LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https.html
    M LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f.https.html
    M Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp
    M Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.h
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-u2f-no-credentials.html

  Log Message:
  -----------
  Send bogus registration if no credentials match for U2F authenticators
https://bugs.webkit.org/show_bug.cgi?id=245904
<rdar://100329828>

Reviewed by Brent Fulgham.

U2F authenticators should wait for a tap before showing the no credentials status, just like
FIDO2 authenticators. This patch accomplishes that by sending a bogus register command whenever
there are no matching credentials from the allow list. The code already did that for registrations,
this starts doing it for assertions.

* Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.cpp:
(WebKit::U2fAuthenticator::issueSignCommand):
(WebKit::U2fAuthenticator::responseReceived):
(WebKit::U2fAuthenticator::continueCheckOnlyCommandAfterResponseReceived):
(WebKit::U2fAuthenticator::continueBogusCommandExcludeCredentialsMatchAfterResponseReceived):
(WebKit::U2fAuthenticator::continueBogusCommandNoCredentialsAfterResponseReceived):
(WebKit::U2fAuthenticator::continueBogusCommandAfterResponseReceived): Deleted.
* Source/WebKit/UIProcess/WebAuthentication/fido/U2fAuthenticator.h:
* LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https.html:
* LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f.https.html:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-u2f-no-credentials.html:

Canonical link: https://commits.webkit.org/255273@main

More information about the webkit-changes mailing list