[webkit-reviews] review denied: [Bug 181946] [WebAuthN] Revisit the whole async model of task dispatching, timeout and aborting : [Attachment 333145] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 6 13:35:16 PST 2018 

Chris Dumez <cdumez at apple.com> has denied Jiewen Tan <jiewen_tan at apple.com>'s
request for review:
Bug 181946: [WebAuthN] Revisit the whole async model of task dispatching,
timeout and aborting
https://bugs.webkit.org/show_bug.cgi?id=181946

Attachment 333145: Patch

https://bugs.webkit.org/attachment.cgi?id=333145&action=review




--- Comment #7 from Chris Dumez <cdumez at apple.com> ---
Comment on attachment 333145
  --> https://bugs.webkit.org/attachment.cgi?id=333145
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=333145&action=review

> Source/WebCore/ChangeLog:12
> +	   threading model. To coperate that, a CredentialsMessenger class is
then created and

I don't think "coperate" is a word.

> Source/WebCore/ChangeLog:13
> +	   all task dispatching codes are moved thre.

typo: thre

also probably s/codes are/code is/

> Source/WebCore/ChangeLog:15
> +	   As an improvement over existing codes, static methods from
PublicKeyCredential are

s/codes/code
static functions

> Source/WebCore/ChangeLog:17
> +	   when static methods are called, they could reach the
CredentialsMessenger to interact

static functions

> Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp:-140
> -    if (!options.publicKey) {

I liked it better is early return for error handling. This is a more usual
pattern.

> Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp:88
> +    promise->reject(Exception { NotSupportedError });

It would be nice to provide a more detailed error message.

> Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp:113
> +    if (options.publicKey) {

Liked it better with early return for error handling.

> Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp:119
> +    promise->reject(Exception { NotSupportedError });

It would be nice to provide a more detailed error message.

> Source/WebCore/Modules/credentialmanagement/CredentialsMessenger.h:43
> +    AssertionReturnBundle(Ref<ArrayBuffer>&& id, Ref<ArrayBuffer>&& data,
Ref<ArrayBuffer>&& sig, Ref<ArrayBuffer>&& handle)

What does sig mean? unless it is a well-established abbreviation in the spec, I
would avoid using abbreviations.

> Source/WebCore/Modules/credentialmanagement/CredentialsMessenger.h:57
> +using CreationCompletionHandler =
Function<void(ExceptionOr<Vector<uint8_t>>&&)>;

Based on their name, you may want to use WTF::CompletionHandler instead of
WTF::Function.

> Source/WebCore/Modules/credentialmanagement/CredentialsMessenger.h:58
> +using RequestCompletionHandler =
Function<void(ExceptionOr<AssertionReturnBundle>&&)>;

ditto.

> Source/WebCore/Modules/credentialmanagement/CredentialsMessenger.h:90
> +    m_pendingCreationCompletionHandlers.add(m_accumulatedMessageId,
WTFMove(handler));

Would be nice to ASSERT that this is a new entry.

> Source/WebCore/Modules/credentialmanagement/CredentialsMessenger.h:99
> +inline uint64_t
CredentialsMessenger::addRequestCompletionHandler(RequestCompletionHandler&&
handler)

Would be nice to ASSERT that this is a new entry.

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:49
> +namespace AuthenticatorManagerInternal {

Why this namespace. I do not believe this is a common pattern in WebKit.

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:82
> +static Vector<uint8_t> produceClientDataJsonHash(const Ref<ArrayBuffer>&
clientDataJson)

We may want to use const ArrayBuffer& as parameter type.

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:102
> +static std::unique_ptr<Timer> initTimer(std::optional<unsigned long>
timeOutInMs, const Ref<DeferredPromise>& promise)

We prefer to use Seconds type. May be nice to use DeferredPromise& as parameter
too.

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:104
> +    std::unique_ptr<Timer> timer = nullptr;

We prefer early return:
if (!timeOutInMs)
  return nullptr;
...

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:107
> +	       promise->reject(Exception { NotAllowedError });

It would be nice to provide a more detailed error message. Also, is
NotAllowedError the right exception type for a timeout?

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:114
> +static bool didTimerFire(const std::unique_ptr<Timer>& timer)

May be nicer to pass a Timer* in.

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:116
> +    if (timer) {

if (!timer)
  return false;

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:128
> +    static NeverDestroyed<AuthenticatorManager> authenticator;

Can you please assert that: ASSERT(isMainThread()); ?

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:132
> +void AuthenticatorManager::setMessenger(WeakPtr<CredentialsMessenger>&&
messenger)

Can we pass in a CredentialsMessenger&, and have this method construct the
WeakPtr?

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:146
> +	   promise->reject(Exception { NotAllowedError });

It would be nice to provide a more detailed error message.

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:157
> +    if (!options.rp.id.isEmpty() && !(callerOrigin.host() == options.rp.id))
{

Why isn't this using && callerOrigin.host() != options.rp.id ?

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:158
> +	   promise->reject(Exception { SecurityError });

Would be nice to provide a more detailed error message.

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:168
> +	   promise->reject(Exception { NotSupportedError });

Would be nice to provide a more detailed error message.

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:181
> +	   promise->reject(Exception { UnknownError });

Would be nice to provide a more detailed error message. Should this be an
InvalidStateError?

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:189
> +	       promise->reject(Exception { AbortError });

Would be nice to provide a more detailed error message.

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:197
> +	   auto attestationObject = result.returnValue();

This copies attestationObject unnecessarily. Either:
- Get rid of this local variable
or
- use auto&

You can also releaseReturnValue() if it is beneficial to transfer ownership.

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:200
> +    // Async operation are dispatched and handled in the messenger.

operations

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:213
> +	   promise->reject(Exception { NotAllowedError });

Would be nice to provide a more detailed error message.

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:224
> +    if (!options.rpId.isEmpty() && !(callerOrigin.host() == options.rpId)) {

Why not != ?

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:240
> +	   promise->reject(Exception { UnknownError });

Should this be an InvalidStateError?

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:248
> +	       promise->reject(Exception { AbortError });

Would be nice to provide a more detailed error message.

> Source/WebCore/Modules/webauthn/AuthenticatorManager.cpp:252
> +	       promise->reject(result.exception());

Would be nice to provide a more detailed error message.

> Source/WebCore/testing/Internals.cpp:536
> +    m_mockCredentialsMessenger = new MockCredentialsMessenger();

Isn't this leaking? Should we use a unique_ptr?

> Source/WebCore/testing/MockCredentialsMessenger.cpp:50
> +    auto messageId = addCreationCompletionHandler(WTFMove(handler));

Isn't the handler left in the map when m_timeOut is true or when
m_attestationObject.isEmpty()?

> Source/WebCore/testing/MockCredentialsMessenger.cpp:57
> +	   didMakeCredential(messageId, Exception { NotAllowedError });

Please provide a better exception message.

> Source/WebCore/testing/MockCredentialsMessenger.cpp:69
> +    auto messageId = addRequestCompletionHandler(WTFMove(handler));

Isn't the handler left in the map when m_timeOut is true or when !m_bundle?

> Source/WebCore/testing/MockCredentialsMessenger.h:40
> +    void setTimeOut() { m_timeOut = true; }

Bad naming

> Source/WebCore/testing/MockCredentialsMessenger.h:41
> +    void setUserCancel() { m_userCancel = true; }

Bad naming

> Source/WebCore/testing/MockCredentialsMessenger.h:45
> +    void ref() const { }

This looks really weird.

> Source/WebCore/testing/MockCredentialsMessenger.h:46
> +    void deref() const { }

ditto.

> Source/WebCore/testing/MockCredentialsMessenger.h:55
> +    bool m_timeOut { false };

m_timeOut is very confusingly named and not as per coding style. It needs a
prefix like "m_didTimeOut".

> Source/WebCore/testing/MockCredentialsMessenger.h:56
> +    bool m_userCancel { false };

Bad naming as well.

> Source/WebCore/testing/MockCredentialsMessenger.idl:30
> +    void setTimeOut();

bad naming

> Source/WebCore/testing/MockCredentialsMessenger.idl:31
> +    void setUserCancel();

bad naming

More information about the webkit-reviews mailing list