[Webkit-unassigned] [Bug 225199] New: WebAuthn "user gesture required" console message for .get references ".create"

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 29 11:14:38 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=225199

            Bug ID: 225199
           Summary: WebAuthn "user gesture required" console message for
                    .get references ".create"
           Product: WebKit
           Version: Safari 14
          Hardware: Mac (Intel)
                OS: macOS 11
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: matthew at millerti.me

Created attachment 427361

  --> https://bugs.webkit.org/attachment.cgi?id=427361&action=review

Screenshot of console output from within Safari referencing incorrect API

Calls to WebAuthn's `navigator.credentials.get()` outside of a user gesture errors out as expected. However, the console warning output from this operations mentions "navigator.credentials.create":

> User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' within user activated events.
Console output generated by a call to `navigator.credentials.get` should reference "navigator.credentials.get" instead.

This appears to be caused by a recent change to `WebAuthenticatorCoordinator::processingUserGesture()` that hardcodes "navigator.credentials.create" into the message:

https://trac.webkit.org/browser/webkit/branches/safari-611-branch/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp#L112

The following LayoutTests confirm that the same incorrect message is used for `navigator.credentials.get()` user gesture issues as well:

- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local-silent.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-nfc.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-nfc.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-u2f.https-expected.txt

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210429/ea6a8d64/attachment.htm>

More information about the webkit-unassigned mailing list