[webkit-reviews] review denied: [Bug 218893] [WebAuthn] Implement SPI for AuthenticationServices.Framework : [Attachment 414496] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 18 15:38:17 PST 2020
Alex Christensen <achristensen at apple.com> has denied Jiewen Tan
<jiewen_tan at apple.com>'s request for review:
Bug 218893: [WebAuthn] Implement SPI for AuthenticationServices.Framework
https://bugs.webkit.org/show_bug.cgi?id=218893
Attachment 414496: Patch
https://bugs.webkit.org/attachment.cgi?id=414496&action=review
--- Comment #8 from Alex Christensen <achristensen at apple.com> ---
Comment on attachment 414496
--> https://bugs.webkit.org/attachment.cgi?id=414496
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=414496&action=review
> Source/WebKit/ChangeLog:15
> + is the change of ownerships. Priori to this change,
AuthenticatorManager owns the APIWebAuthenticationPanel.
Prior
> Source/WebKit/UIProcess/API/APIWebAuthenticationPanel.cpp:45
> + : m_manager(WTF::makeUnique<AuthenticatorManager>())
I think WTF:: is unnecessary here.
> Source/WebKit/UIProcess/API/APIWebAuthenticationPanel.h:68
> + // FIXME<rdar://problem/71509848>: Remove the folowing deprecated
methods.
Space and colon before <
// FIXME: <rdar:...
Also, is there something that should be done before these should be removed?
Why don't we just remove them in this patch?
> Source/WebKit/UIProcess/API/APIWebAuthenticationPanel.h:79
> + std::unique_ptr<WebKit::AuthenticatorManager> m_manager; // FIXME():
Change to UniqueRef.
Why don't we just do this now?
> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:85
> + _WKPublicKeyCredentialTypePublicKey,
I don't think this one-value enum is useful unless there are plans to add to
it.
> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:117
> +- (instancetype)init NS_UNAVAILABLE;
new should also be NS_UNAVAILABLE
> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:154
> + at property (nonatomic, copy) NSNumber *alg;
This should have a better name.
"algorithm"?
> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:162
> + at property (nonatomic) BOOL requireResidentKey; // Default to NO.
If this comment is necessary, please use header doc style like in our public
API headers.
> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:173
> + at property (nonatomic) _WKPublicKeyCredentialType type;
I feel like a lot of these should be readonly.
> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:182
> + at property (nullable, nonatomic, copy) NSString *appid;
What is this?
> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:259
> +// FIXME: <rdar://problem/71509485>
Please add some comment here or remove this.
> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:328
> + result.append((const uint8_t*)[data bytes], [data length]);
Dot syntax?
> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:496
> + return [[_WKAuthenticatorAttestationResponse alloc]
initWithRawId:[NSData dataWithBytes:data.rawId->data()
length:data.rawId->byteLength()] extensions:nil attestationObject:[NSData
dataWithBytes:data.attestationObject->data()
length:data.attestationObject->byteLength()]];
This looks like a memory leak.
> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:543
> + return [[_WKAuthenticatorAssertionResponse alloc] initWithRawId:[NSData
dataWithBytes:data.rawId->data() length:data.rawId->byteLength()]
extensions:nil authenticatorData:[NSData
dataWithBytes:data.authenticatorData->data()
length:data.authenticatorData->byteLength()] signature:[NSData
dataWithBytes:data.signature->data() length:data.signature->byteLength()]
userHandle:userHandle];
ditto
> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanelForTesting.h:39
> +// For testing only.
The name of this header makes this comment unnecessary.
> Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:1724
> + _WKAuthenticationExtensionsClientInputs *extensions =
[[_WKAuthenticationExtensionsClientInputs alloc] init];
Let's not leak memory, even in tests. This doesn't use ARC yet.
More information about the webkit-reviews
mailing list