Diff
Modified: trunk/Source/WebCore/ChangeLog (258960 => 258961)
--- trunk/Source/WebCore/ChangeLog 2020-03-25 00:02:05 UTC (rev 258960)
+++ trunk/Source/WebCore/ChangeLog 2020-03-25 00:03:19 UTC (rev 258961)
@@ -1,3 +1,23 @@
+2020-03-24 Jiewen Tan <[email protected]>
+
+ [WebAuthn] Customize a bit more on the macOS LocalAuthentication prompt
+ https://bugs.webkit.org/show_bug.cgi?id=208703
+ <rdar://problem/60136974>
+
+ Reviewed by Brent Fulgham.
+
+ Part 2.
+
+ This patch adds a different LocalAuthentication prompt title for getAssertion.
+ It also polishes the text used for makeCredential.
+
+ Besides that, it also enhances the iOS title strings.
+
+ * en.lproj/Localizable.strings:
+ * platform/LocalizedStrings.cpp:
+ (WebCore::getAssertionTouchIDPromptTitle):
+ * platform/LocalizedStrings.h:
+
2020-03-24 Chris Dumez <[email protected]>
Function passed to addEventListener may get garbage collected before the event listener is even added
Modified: trunk/Source/WebCore/en.lproj/Localizable.strings (258960 => 258961)
--- trunk/Source/WebCore/en.lproj/Localizable.strings 2020-03-25 00:02:05 UTC (rev 258960)
+++ trunk/Source/WebCore/en.lproj/Localizable.strings 2020-03-25 00:03:19 UTC (rev 258961)
@@ -1,3 +1,9 @@
+/* Allow the specified bundle to use Touch ID to sign in to the specified website on this device */
+"“%@” would like to use Touch ID for “%@”." = "“%@” would like to use Touch ID for “%@”.";
+
+/* "Allow the specified bundle to sign in to the specified website */
+"“%@” would like to sign in to “%@”." = "“%@” would like to sign in to “%@”.";
+
/* accessibility help text for media controller time value >= 1 day */
"%1$d days %2$d hours %3$d minutes %4$d seconds" = "%1$d days %2$d hours %3$d minutes %4$d seconds";
@@ -313,9 +319,6 @@
/* Video Enter Full Screen context menu item */
"Enter Full Screen" = "Enter Full Screen";
-/* Use passcode as a fallback to sign into this website */
-"Enter passcode to sign into this website." = "Enter passcode to sign into this website.";
-
/* menu item */
"Enter Picture in Picture" = "Enter Picture in Picture";
@@ -865,6 +868,9 @@
/* Unwanted software warning */
"This website may try to trick you into installing software that harms your browsing experience, like changing your settings without your permission or showing you unwanted ads. Once installed, it may be difficult to remove." = "This website may try to trick you into installing software that harms your browsing experience, like changing your settings without your permission or showing you unwanted ads. Once installed, it may be difficult to remove.";
+/* This website would like to use Touch ID */
+"This website would like to use Touch ID." = "This website would like to use Touch ID.";
+
/* Informative text for requesting cross-site cookie and website data access. */
"This will allow “%@” to track your activity." = "This will allow “%@” to track your activity.";
@@ -883,12 +889,9 @@
/* prompt string in authentication panel */
"To view this page, you must log in to this area on %@:" = "To view this page, you must log in to this area on %@:";
-/* Use Touch ID to sign into this website */
-"Touch ID to sign into this website." = "Touch ID to sign into this website.";
+/* Use Touch ID to sign in to this website */
+"Touch ID to sign in to this website." = "Touch ID to sign in to this website.";
-/* Allow using Touch ID to sign into the specified website on this device */
-"Touch ID to allow signing into “%@” with Touch ID." = "Touch ID to allow signing into “%@” with Touch ID.";
-
/* Transformations context sub-menu item */
"Transformations" = "Transformations";
Modified: trunk/Source/WebCore/platform/LocalizedStrings.cpp (258960 => 258961)
--- trunk/Source/WebCore/platform/LocalizedStrings.cpp 2020-03-25 00:02:05 UTC (rev 258960)
+++ trunk/Source/WebCore/platform/LocalizedStrings.cpp 2020-03-25 00:03:19 UTC (rev 258961)
@@ -1208,20 +1208,29 @@
#endif
#if ENABLE(WEB_AUTHN)
-String genericTouchIDPromptTitle()
+// On macOS, Touch ID prompt is not guaranteed to show on top of the UI client, and therefore additional
+// information is provided to help users to make decisions.
+#if PLATFORM(MAC)
+String makeCredentialTouchIDPromptTitle(const String& bundleName, const String& domain)
{
- return WEB_UI_STRING("Touch ID to sign into this website.", "Use Touch ID to sign into this website");
+ return formatLocalizedString(WEB_UI_CFSTRING("“%@” would like to use Touch ID for “%@”.", "Allow the specified bundle to use Touch ID to sign in to the specified website on this device"), bundleName.createCFString().get(), domain.createCFString().get());
}
-String makeCredentialTouchIDPromptTitle(const String& domain)
+String getAssertionTouchIDPromptTitle(const String& bundleName, const String& domain)
{
- return formatLocalizedString(WEB_UI_CFSTRING("Touch ID to allow signing into “%@” with Touch ID.", "Allow using Touch ID to sign into the specified website on this device"), domain.createCFString().get());
+ return formatLocalizedString(WEB_UI_CFSTRING("“%@” would like to sign in to “%@”.", "Allow the specified bundle to sign in to the specified website"), bundleName.createCFString().get(), domain.createCFString().get());
}
+#else
+String makeCredentialTouchIDPromptTitle(const String&, const String&)
+{
+ return WEB_UI_STRING("This website would like to use Touch ID.", "This website would like to use Touch ID");
+}
-String biometricFallbackPromptTitle()
+String getAssertionTouchIDPromptTitle(const String&, const String&)
{
- return WEB_UI_STRING("Enter passcode to sign into this website.", "Use passcode as a fallback to sign into this website");
+ return WEB_UI_STRING("Touch ID to sign in to this website.", "Use Touch ID to sign in to this website");
}
-#endif
+#endif // PLATFORM(MAC)
+#endif // ENABLE(WEB_AUTHN)
} // namespace WebCore
Modified: trunk/Source/WebCore/platform/LocalizedStrings.h (258960 => 258961)
--- trunk/Source/WebCore/platform/LocalizedStrings.h 2020-03-25 00:02:05 UTC (rev 258960)
+++ trunk/Source/WebCore/platform/LocalizedStrings.h 2020-03-25 00:03:19 UTC (rev 258961)
@@ -340,9 +340,8 @@
#endif
#if ENABLE(WEB_AUTHN)
- WEBCORE_EXPORT String genericTouchIDPromptTitle();
- WEBCORE_EXPORT String makeCredentialTouchIDPromptTitle(const String& domain);
- WEBCORE_EXPORT String biometricFallbackPromptTitle();
+ WEBCORE_EXPORT String makeCredentialTouchIDPromptTitle(const String& bundleName, const String& domain);
+ WEBCORE_EXPORT String getAssertionTouchIDPromptTitle(const String& bundleName, const String& domain);
#endif
#if USE(GLIB) && defined(GETTEXT_PACKAGE)
Modified: trunk/Source/WebKit/ChangeLog (258960 => 258961)
--- trunk/Source/WebKit/ChangeLog 2020-03-25 00:02:05 UTC (rev 258960)
+++ trunk/Source/WebKit/ChangeLog 2020-03-25 00:03:19 UTC (rev 258961)
@@ -1,3 +1,28 @@
+2020-03-24 Jiewen Tan <[email protected]>
+
+ [WebAuthn] Customize a bit more on the macOS LocalAuthentication prompt
+ https://bugs.webkit.org/show_bug.cgi?id=208703
+ <rdar://problem/60136974>
+
+ Reviewed by Brent Fulgham.
+
+ Part 2.
+
+ This patch adds a different LocalAuthentication prompt title for getAssertion.
+ It also polishes the text used for makeCredential.
+
+ Besides that, it also enhances the iOS title strings.
+
+ * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
+ (WebKit::LocalAuthenticator::continueMakeCredentialAfterDecidePolicy):
+ (WebKit::LocalAuthenticator::continueGetAssertionAfterResponseSelected):
+ * UIProcess/WebAuthentication/Cocoa/LocalConnection.h:
+ * UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:
+ (WebKit::LocalConnection::verifyUser const):
+ * UIProcess/WebAuthentication/Mock/MockLocalConnection.h:
+ * UIProcess/WebAuthentication/Mock/MockLocalConnection.mm:
+ (WebKit::MockLocalConnection::verifyUser const):
+
2020-03-24 Kate Cheney <[email protected]>
Ignore in-app browser privacy checks for apps with com.apple.private.applemediaservices entitlement
Modified: trunk/Source/WebKit/Sources.txt (258960 => 258961)
--- trunk/Source/WebKit/Sources.txt 2020-03-25 00:02:05 UTC (rev 258960)
+++ trunk/Source/WebKit/Sources.txt 2020-03-25 00:03:19 UTC (rev 258961)
@@ -469,6 +469,7 @@
UIProcess/WebAuthentication/AuthenticatorTransportService.cpp
UIProcess/WebAuthentication/Authenticator.cpp
UIProcess/WebAuthentication/WebAuthenticatorCoordinatorProxy.cpp
+UIProcess/WebAuthentication/WebAuthenticationRequestData.cpp
UIProcess/WebsiteData/WebDeviceOrientationAndMotionAccessController.cpp
UIProcess/WebsiteData/WebsiteDataRecord.cpp
Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp (258960 => 258961)
--- trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp 2020-03-25 00:02:05 UTC (rev 258960)
+++ trunk/Source/WebKit/UIProcess/WebAuthentication/AuthenticatorManager.cpp 2020-03-25 00:03:19 UTC (rev 258961)
@@ -143,13 +143,6 @@
return WTF::get<PublicKeyCredentialRequestOptions>(options).rpId;
}
-static ClientDataType getClientDataType(const Variant<PublicKeyCredentialCreationOptions, PublicKeyCredentialRequestOptions>& options)
-{
- if (WTF::holds_alternative<PublicKeyCredentialCreationOptions>(options))
- return ClientDataType::Create;
- return ClientDataType::Get;
-}
-
} // namespace
const size_t AuthenticatorManager::maxTransportNumber = 3;
Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm (258960 => 258961)
--- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2020-03-25 00:02:05 UTC (rev 258960)
+++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm 2020-03-25 00:03:19 UTC (rev 258961)
@@ -263,7 +263,7 @@
weakThis->continueMakeCredentialAfterUserVerification(accessControl.get(), verification, context);
};
- m_connection->verifyUser(creationOptions.rp.id, accessControlRef, WTFMove(callback));
+ m_connection->verifyUser(creationOptions.rp.id, getClientDataType(requestData().options), accessControlRef, WTFMove(callback));
}
void LocalAuthenticator::continueMakeCredentialAfterUserVerification(SecAccessControlRef accessControlRef, LocalConnection::UserVerification verification, LAContext *context)
@@ -491,7 +491,7 @@
weakThis->continueGetAssertionAfterUserVerification(WTFMove(response), verification, context);
};
- m_connection->verifyUser(requestOptions.rpId, accessControlRef, WTFMove(callback));
+ m_connection->verifyUser(requestOptions.rpId, getClientDataType(requestData().options), accessControlRef, WTFMove(callback));
}
void LocalAuthenticator::continueGetAssertionAfterUserVerification(Ref<WebCore::AuthenticatorAssertionResponse>&& response, LocalConnection::UserVerification verification, LAContext *context)
Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.h (258960 => 258961)
--- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.h 2020-03-25 00:02:05 UTC (rev 258960)
+++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.h 2020-03-25 00:03:19 UTC (rev 258961)
@@ -37,6 +37,7 @@
namespace WebCore {
class AuthenticatorAssertionResponse;
+enum class ClientDataType : bool;
}
namespace WebKit {
@@ -59,10 +60,11 @@
using UserVerificationCallback = CompletionHandler<void(UserVerification, LAContext *)>;
LocalConnection() = default;
+ // FIXME(183534): Invalidate the LAContext.
virtual ~LocalConnection() = default;
// Overrided by MockLocalConnection.
- virtual void verifyUser(const String& rpId, SecAccessControlRef, UserVerificationCallback&&) const;
+ virtual void verifyUser(const String& rpId, WebCore::ClientDataType, SecAccessControlRef, UserVerificationCallback&&) const;
virtual RetainPtr<SecKeyRef> createCredentialPrivateKey(LAContext *, SecAccessControlRef, const String& secAttrLabel, NSData *secAttrApplicationTag) const;
virtual void getAttestation(SecKeyRef, NSData *authData, NSData *hash, AttestationCallback&&) const;
virtual void filterResponses(HashSet<Ref<WebCore::AuthenticatorAssertionResponse>>&) const { };
Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm (258960 => 258961)
--- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm 2020-03-25 00:02:05 UTC (rev 258960)
+++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm 2020-03-25 00:03:19 UTC (rev 258961)
@@ -39,24 +39,42 @@
#import "LocalAuthenticationSoftLink.h"
namespace WebKit {
+using namespace WebCore;
-void LocalConnection::verifyUser(const String& rpId, SecAccessControlRef accessControl, UserVerificationCallback&& completionHandler) const
+namespace {
+static String bundleName()
{
+ String bundleName;
+
+#if PLATFORM(MAC)
+ bundleName = [[NSRunningApplication currentApplication] localizedName];
+#endif
+
+ return bundleName;
+}
+} // namespace
+
+void LocalConnection::verifyUser(const String& rpId, ClientDataType type, SecAccessControlRef accessControl, UserVerificationCallback&& completionHandler) const
+{
+ String title;
+ switch (type) {
+ case ClientDataType::Create:
+ title = makeCredentialTouchIDPromptTitle(bundleName(), rpId);
+ break;
+ case ClientDataType::Get:
+ title = getAssertionTouchIDPromptTitle(bundleName(), rpId);
+ break;
+ default:
+ ASSERT_NOT_REACHED();
+ }
+
auto context = adoptNS([allocLAContextInstance() init]);
auto options = adoptNS([[NSMutableDictionary alloc] init]);
if ([context biometryType] == LABiometryTypeTouchID) {
-#if PLATFORM(IOS)
- [options setObject:WebCore::genericTouchIDPromptTitle() forKey:@(LAOptionAuthenticationTitle)];
- ASSERT_UNUSED(rpId, rpId);
-#else
- [options setObject:WebCore::makeCredentialTouchIDPromptTitle(rpId) forKey:@(LAOptionAuthenticationTitle)];
-#endif
+ [options setObject:title forKey:@(LAOptionAuthenticationTitle)];
[options setObject:@NO forKey:@(LAOptionFallbackVisible)];
}
-#if PLATFORM(IOS)
- [options setObject:WebCore::biometricFallbackPromptTitle() forKey:@(LAOptionPasscodeTitle)];
-#endif
auto reply = makeBlockPtr([context, completionHandler = WTFMove(completionHandler)] (NSDictionary *, NSError *error) mutable {
ASSERT(!RunLoop::isMain());
Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.h (258960 => 258961)
--- trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.h 2020-03-25 00:02:05 UTC (rev 258960)
+++ trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.h 2020-03-25 00:03:19 UTC (rev 258961)
@@ -37,7 +37,7 @@
explicit MockLocalConnection(const WebCore::MockWebAuthenticationConfiguration&);
private:
- void verifyUser(const String&, SecAccessControlRef, UserVerificationCallback&&) const final;
+ void verifyUser(const String&, WebCore::ClientDataType, SecAccessControlRef, UserVerificationCallback&&) const final;
RetainPtr<SecKeyRef> createCredentialPrivateKey(LAContext *, SecAccessControlRef, const String& secAttrLabel, NSData *secAttrApplicationTag) const final;
void getAttestation(SecKeyRef, NSData *authData, NSData *hash, AttestationCallback&&) const final;
void filterResponses(HashSet<Ref<WebCore::AuthenticatorAssertionResponse>>&) const final;
Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm (258960 => 258961)
--- trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm 2020-03-25 00:02:05 UTC (rev 258960)
+++ trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.mm 2020-03-25 00:03:19 UTC (rev 258961)
@@ -44,7 +44,7 @@
{
}
-void MockLocalConnection::verifyUser(const String&, SecAccessControlRef, UserVerificationCallback&& callback) const
+void MockLocalConnection::verifyUser(const String&, WebCore::ClientDataType, SecAccessControlRef, UserVerificationCallback&& callback) const
{
// Mock async operations.
RunLoop::main().dispatch([configuration = m_configuration, callback = WTFMove(callback)]() mutable {
Copied: trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.cpp (from rev 258960, trunk/Source/WebKit/UIProcess/WebAuthentication/Mock/MockLocalConnection.h) (0 => 258961)
--- trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.cpp (rev 0)
+++ trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.cpp 2020-03-25 00:03:19 UTC (rev 258961)
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2020 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "WebAuthenticationRequestData.h"
+
+#if ENABLE(WEB_AUTHN)
+
+namespace WebKit {
+using namespace WebCore;
+
+ClientDataType getClientDataType(const Variant<PublicKeyCredentialCreationOptions, PublicKeyCredentialRequestOptions>& options)
+{
+ if (WTF::holds_alternative<PublicKeyCredentialCreationOptions>(options))
+ return ClientDataType::Create;
+ return ClientDataType::Get;
+}
+
+} // namespace WebKit
+
+#endif // ENABLE(WEB_AUTHN)
Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h (258960 => 258961)
--- trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h 2020-03-25 00:02:05 UTC (rev 258960)
+++ trunk/Source/WebKit/UIProcess/WebAuthentication/WebAuthenticationRequestData.h 2020-03-25 00:03:19 UTC (rev 258961)
@@ -33,6 +33,7 @@
#include <WebCore/GlobalFrameIdentifier.h>
#include <WebCore/PublicKeyCredentialCreationOptions.h>
#include <WebCore/PublicKeyCredentialRequestOptions.h>
+#include <WebCore/WebAuthenticationConstants.h>
#include <wtf/Variant.h>
#include <wtf/Vector.h>
#include <wtf/WeakPtr.h>
@@ -51,6 +52,8 @@
WebKit::FrameInfoData frameInfo;
};
+WebCore::ClientDataType getClientDataType(const Variant<WebCore::PublicKeyCredentialCreationOptions, WebCore::PublicKeyCredentialRequestOptions>&);
+
} // namespace WebKit
#endif // ENABLE(WEB_AUTHN)
