Diff
Modified: trunk/LayoutTests/ChangeLog (287001 => 287002)
--- trunk/LayoutTests/ChangeLog 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/LayoutTests/ChangeLog 2021-12-14 02:42:38 UTC (rev 287002)
@@ -1,3 +1,15 @@
+2021-12-13 Commit Queue <commit-qu...@webkit.org>
+
+ Unreviewed, reverting r286993.
+ https://bugs.webkit.org/show_bug.cgi?id=234283
+
+
+ Reverted changeset:
+
+ "[WebAuthn] Allow same-site, cross-origin iframe get()"
+ https://bugs.webkit.org/show_bug.cgi?id=234180
+ https://commits.webkit.org/r286993
+
2021-12-13 Christopher Reid <chris.r...@sony.com>
[Curl] Improve curl's cookie conformance in WPT
Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt (287001 => 287002)
--- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https-expected.txt 2021-12-14 02:42:38 UTC (rev 287002)
@@ -2,7 +2,4 @@
PASS Tests that a frame that doesn't share the same origin with all its ancestors could not access the API.
PASS Tests that a frame that doesn't share the same origin with all its ancestors could not access the API. 2
-PASS Tests that a frame that is same-site, cross-origin without publickey-credentials-get feature policy cannot use get().
-PASS Tests that a frame that is same-site, cross-origin with publickey-credentials-get feature policy can use get().
-PASS Tests that a frame that is cross-origin, NOT same-site with publickey-credentials-get feature policy cannot use get().
Modified: trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html (287001 => 287002)
--- trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/LayoutTests/http/wpt/webauthn/public-key-credential-same-origin-with-ancestors.https.html 2021-12-14 02:42:38 UTC (rev 287002)
@@ -22,24 +22,6 @@
assert_equals(message.data, "PASS.");
});
}, "Tests that a frame that doesn't share the same origin with all its ancestors could not access the API. 2");
-
- promise_test(t => {
- return withSameSiteIframe("samesite-iframe.html").then((message) => {
- assert_equals(message.data, "Throw NotAllowedError: The origin of the document is not the same as its ancestors.");
- });
- }, "Tests that a frame that is same-site, cross-origin without publickey-credentials-get feature policy cannot use get().");
-
- promise_test(t => {
- return withSameSiteIframe("samesite-iframe.html", "publickey-credentials-get").then((message) => {
- assert_equals(message.data, "PASS!");
- });
- }, "Tests that a frame that is same-site, cross-origin with publickey-credentials-get feature policy can use get().");
-
- promise_test(t => {
- return withCrossOriginIframe("samesite-iframe.html", "publickey-credentials-get").then((message) => {
- assert_equals(message.data, "Throw NotAllowedError: The origin of the document is not the same as its ancestors.");
- });
- }, "Tests that a frame that is cross-origin, NOT same-site with publickey-credentials-get feature policy cannot use get().");
</script>
</body>
</html>
Deleted: trunk/LayoutTests/http/wpt/webauthn/resources/samesite-iframe.html (287001 => 287002)
--- trunk/LayoutTests/http/wpt/webauthn/resources/samesite-iframe.html 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/LayoutTests/http/wpt/webauthn/resources/samesite-iframe.html 2021-12-14 02:42:38 UTC (rev 287002)
@@ -1,30 +0,0 @@
-<script src=""
-<input type="text" id="input">
-<script>
- const url = "" URL(window.location.href);
- if (window.internals)
-internals.setMockWebAuthenticationConfiguration({ nfc: { error: "success", payloadBase64: [testNfcCtapVersionBase64, testGetInfoResponseApduBase64, testAssertionMessageApduBase64] } });
-
- function messageToTop(message) {
- top.postMessage(message, "*");
- }
-
- const requestOptions = {
- publicKey: {
- challenge: asciiToUint8Array("123456"),
- timeout: 100
- }
- };
-
- if (window.internals)
- internals.withUserGesture(() => { input.focus(); });
-
- navigator.credentials.get(requestOptions).then(
- function(value) {
- messageToTop("PASS!");
- },
- function(exception) {
- messageToTop("Throw " + exception.name + ": " + exception.message);
- }
- );
-</script>
Modified: trunk/LayoutTests/http/wpt/webauthn/resources/util.js (287001 => 287002)
--- trunk/LayoutTests/http/wpt/webauthn/resources/util.js 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/LayoutTests/http/wpt/webauthn/resources/util.js 2021-12-14 02:42:38 UTC (rev 287002)
@@ -304,7 +304,7 @@
});
}
-function withCrossOriginIframe(resourceFile, allow = "")
+function withCrossOriginIframe(resourceFile)
{
return new Promise((resolve) => {
waitForLoad().then((message) => {
@@ -311,26 +311,11 @@
resolve(message);
});
const frame = document.createElement("iframe");
- frame.allow = allow;
frame.src = "" + RESOURCES_DIR + resourceFile;
document.body.appendChild(frame);
});
}
-function withSameSiteIframe(resourceFile, allow = "")
-{
- return new Promise((resolve) => {
- waitForLoad().then((message) => {
- resolve(message);
- });
- const frame = document.createElement("iframe");
- const host = get_host_info();
- frame.allow = allow;
- frame.src = "" + host.ORIGINAL_HOST + ":" + host.HTTPS_PORT2 + RESOURCES_DIR + resourceFile;
- document.body.appendChild(frame);
- });
-}
-
function promiseRejects(test, expected, promise, description)
{
return promise.then(test.unreached_func("Should have rejected: " + description)).catch(function(e) {
Modified: trunk/Source/WebCore/ChangeLog (287001 => 287002)
--- trunk/Source/WebCore/ChangeLog 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebCore/ChangeLog 2021-12-14 02:42:38 UTC (rev 287002)
@@ -1,3 +1,15 @@
+2021-12-13 Commit Queue <commit-qu...@webkit.org>
+
+ Unreviewed, reverting r286993.
+ https://bugs.webkit.org/show_bug.cgi?id=234283
+
+
+ Reverted changeset:
+
+ "[WebAuthn] Allow same-site, cross-origin iframe get()"
+ https://bugs.webkit.org/show_bug.cgi?id=234180
+ https://commits.webkit.org/r286993
+
2021-12-13 Christopher Reid <chris.r...@sony.com>
[Curl] Improve curl's cookie conformance in WPT
Modified: trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp (287001 => 287002)
--- trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.cpp 2021-12-14 02:42:38 UTC (rev 287002)
@@ -37,7 +37,6 @@
#include "JSDOMPromiseDeferred.h"
#include "Page.h"
#include "SecurityOrigin.h"
-#include "WebAuthenticationConstants.h"
namespace WebCore {
@@ -46,27 +45,19 @@
{
}
-WebAuthn::Scope CredentialsContainer::scope()
+bool CredentialsContainer::doesHaveSameOriginAsItsAncestors()
{
+ // The following implements https://w3c.github.io/webappsec-credential-management/#same-origin-with-its-ancestors
+ // as of 14 November 2017.
if (!m_document)
- return WebAuthn::Scope::CrossOrigin;
-
- bool isSameOrigin = true;
- bool isSameSite = true;
+ return false;
+
auto& origin = m_document->securityOrigin();
- auto& url = ""
for (auto* document = m_document->parentDocument(); document; document = document->parentDocument()) {
- if (!origin.isSameOriginDomain(document->securityOrigin()) && !areRegistrableDomainsEqual(url, document->url()))
- isSameSite = false;
if (!origin.isSameOriginAs(document->securityOrigin()))
- isSameOrigin = false;
+ return false;
}
-
- if (isSameOrigin)
- return WebAuthn::Scope::SameOrigin;
- if (isSameSite)
- return WebAuthn::Scope::SameSite;
- return WebAuthn::Scope::CrossOrigin;
+ return true;
}
void CredentialsContainer::get(CredentialRequestOptions&& options, CredentialPromise&& promise)
@@ -98,7 +89,7 @@
return;
}
- m_document->page()->authenticatorCoordinator().discoverFromExternalSource(*m_document, options.publicKey.value(), scope(), WTFMove(options.signal), WTFMove(promise));
+ m_document->page()->authenticatorCoordinator().discoverFromExternalSource(*m_document, options.publicKey.value(), doesHaveSameOriginAsItsAncestors(), WTFMove(options.signal), WTFMove(promise));
}
void CredentialsContainer::store(const BasicCredential&, CredentialPromise&& promise)
@@ -133,7 +124,7 @@
return;
}
- m_document->page()->authenticatorCoordinator().create(*m_document, options.publicKey.value(), scope(), WTFMove(options.signal), WTFMove(promise));
+ m_document->page()->authenticatorCoordinator().create(*m_document, options.publicKey.value(), doesHaveSameOriginAsItsAncestors(), WTFMove(options.signal), WTFMove(promise));
}
void CredentialsContainer::preventSilentAccess(DOMPromiseDeferred<void>&& promise) const
Modified: trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h (287001 => 287002)
--- trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebCore/Modules/credentialmanagement/CredentialsContainer.h 2021-12-14 02:42:38 UTC (rev 287002)
@@ -32,10 +32,6 @@
#include <wtf/RefCounted.h>
#include <wtf/WeakPtr.h>
-namespace WebAuthn {
-enum class Scope;
-}
-
namespace WebCore {
class Document;
@@ -58,7 +54,7 @@
private:
CredentialsContainer(WeakPtr<Document>&&);
- WebAuthn::Scope scope();
+ bool doesHaveSameOriginAsItsAncestors();
WeakPtr<Document> m_document;
};
Modified: trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp (287001 => 287002)
--- trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp 2021-12-14 02:42:38 UTC (rev 287002)
@@ -34,7 +34,6 @@
#include "AuthenticatorCoordinatorClient.h"
#include "AuthenticatorResponseData.h"
#include "Document.h"
-#include "FeaturePolicy.h"
#include "JSBasicCredential.h"
#include "JSDOMPromiseDeferred.h"
#include "PublicKeyCredential.h"
@@ -105,7 +104,7 @@
m_client = WTFMove(client);
}
-void AuthenticatorCoordinator::create(const Document& document, const PublicKeyCredentialCreationOptions& options, WebAuthn::Scope scope, RefPtr<AbortSignal>&& abortSignal, CredentialPromise&& promise) const
+void AuthenticatorCoordinator::create(const Document& document, const PublicKeyCredentialCreationOptions& options, bool sameOriginWithAncestors, RefPtr<AbortSignal>&& abortSignal, CredentialPromise&& promise) const
{
using namespace AuthenticatorCoordinatorInternal;
@@ -115,7 +114,7 @@
// The following implements https://www.w3.org/TR/webauthn/#createCredential as of 5 December 2017.
// Step 1, 3, 16 are handled by the caller.
// Step 2.
- if (scope != WebAuthn::Scope::SameOrigin) {
+ if (!sameOriginWithAncestors) {
promise.reject(Exception { NotAllowedError, "The origin of the document is not the same as its ancestors."_s });
return;
}
@@ -149,7 +148,7 @@
options.extensions = AuthenticationExtensionsClientInputs { String(), processGoogleLegacyAppIdSupportExtension(options.extensions, options.rp.id) };
// Step 13-15.
- auto clientDataJson = buildClientDataJson(ClientDataType::Create, options.challenge, callerOrigin, scope);
+ auto clientDataJson = buildClientDataJson(ClientDataType::Create, options.challenge, callerOrigin);
auto clientDataJsonHash = buildClientDataJsonHash(clientDataJson);
// Step 4, 17-21.
@@ -176,7 +175,7 @@
m_client->makeCredential(*frame, callerOrigin, clientDataJsonHash, options, WTFMove(callback));
}
-void AuthenticatorCoordinator::discoverFromExternalSource(const Document& document, const PublicKeyCredentialRequestOptions& options, WebAuthn::Scope scope, RefPtr<AbortSignal>&& abortSignal, CredentialPromise&& promise) const
+void AuthenticatorCoordinator::discoverFromExternalSource(const Document& document, const PublicKeyCredentialRequestOptions& options, bool sameOriginWithAncestors, RefPtr<AbortSignal>&& abortSignal, CredentialPromise&& promise) const
{
using namespace AuthenticatorCoordinatorInternal;
@@ -186,8 +185,7 @@
// The following implements https://www.w3.org/TR/webauthn/#createCredential as of 5 December 2017.
// Step 1, 3, 13 are handled by the caller.
// Step 2.
- // This implements https://www.w3.org/TR/webauthn-2/#sctn-permissions-policy except only same-site, cross-origin is permitted.
- if (scope != WebAuthn::Scope::SameOrigin && !(scope == WebAuthn::Scope::SameSite && isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::PublickeyCredentialsGetRule, document, LogFeaturePolicyFailure::No))) {
+ if (!sameOriginWithAncestors) {
promise.reject(Exception { NotAllowedError, "The origin of the document is not the same as its ancestors."_s });
return;
}
@@ -221,7 +219,7 @@
}
// Step 10-12.
- auto clientDataJson = buildClientDataJson(ClientDataType::Get, options.challenge, callerOrigin, scope);
+ auto clientDataJson = buildClientDataJson(ClientDataType::Get, options.challenge, callerOrigin);
auto clientDataJsonHash = buildClientDataJsonHash(clientDataJson);
// Step 4, 14-19.
Modified: trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h (287001 => 287002)
--- trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h 2021-12-14 02:42:38 UTC (rev 287002)
@@ -31,10 +31,6 @@
#include <wtf/Forward.h>
#include <wtf/Noncopyable.h>
-namespace WebAuthn {
-enum class Scope;
-}
-
namespace WebCore {
class AbortSignal;
@@ -57,8 +53,8 @@
WEBCORE_EXPORT void setClient(std::unique_ptr<AuthenticatorCoordinatorClient>&&);
// The following methods implement static methods of PublicKeyCredential.
- void create(const Document&, const PublicKeyCredentialCreationOptions&, WebAuthn::Scope, RefPtr<AbortSignal>&&, CredentialPromise&&) const;
- void discoverFromExternalSource(const Document&, const PublicKeyCredentialRequestOptions&, WebAuthn::Scope, RefPtr<AbortSignal>&&, CredentialPromise&&) const;
+ void create(const Document&, const PublicKeyCredentialCreationOptions&, bool sameOriginWithAncestors, RefPtr<AbortSignal>&&, CredentialPromise&&) const;
+ void discoverFromExternalSource(const Document&, const PublicKeyCredentialRequestOptions&, bool sameOriginWithAncestors, RefPtr<AbortSignal>&&, CredentialPromise&&) const;
void isUserVerifyingPlatformAuthenticatorAvailable(DOMPromiseDeferred<IDLBoolean>&&) const;
void resetUserGestureRequirement();
Modified: trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h (287001 => 287002)
--- trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebCore/Modules/webauthn/WebAuthenticationConstants.h 2021-12-14 02:42:38 UTC (rev 287002)
@@ -80,13 +80,3 @@
const char LocalAuthenticatiorAccessGroup[] = "com.apple.webkit.webauthn";
} // namespace WebCore
-
-namespace WebAuthn {
-
-enum class Scope {
- CrossOrigin,
- SameOrigin,
- SameSite
-};
-
-} // namespace WebAuthn
Modified: trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp (287001 => 287002)
--- trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.cpp 2021-12-14 02:42:38 UTC (rev 287002)
@@ -134,7 +134,7 @@
}
// FIXME(181948): Add token binding ID.
-Ref<ArrayBuffer> buildClientDataJson(ClientDataType type, const BufferSource& challenge, const SecurityOrigin& origin, WebAuthn::Scope scope)
+Ref<ArrayBuffer> buildClientDataJson(ClientDataType type, const BufferSource& challenge, const SecurityOrigin& origin)
{
auto object = JSON::Object::create();
switch (type) {
@@ -147,8 +147,6 @@
}
object->setString("challenge"_s, base64URLEncodeToString(challenge.data(), challenge.length()));
object->setString("origin"_s, origin.toRawString());
- if (scope != WebAuthn::Scope::SameOrigin)
- object->setBoolean("crossOrigin"_s, scope != WebAuthn::Scope::SameOrigin);
auto utf8JSONString = object->toJSONString().utf8();
Modified: trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h (287001 => 287002)
--- trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebCore/Modules/webauthn/WebAuthenticationUtils.h 2021-12-14 02:42:38 UTC (rev 287002)
@@ -52,7 +52,7 @@
// https://www.w3.org/TR/webauthn/#attestation-object
WEBCORE_EXPORT Vector<uint8_t> buildAttestationObject(Vector<uint8_t>&& authData, String&& format, cbor::CBORValue::MapValue&& statementMap, const AttestationConveyancePreference&);
-WEBCORE_EXPORT Ref<ArrayBuffer> buildClientDataJson(ClientDataType /*type*/, const BufferSource& challenge, const SecurityOrigin& /*origin*/, WebAuthn::Scope);
+WEBCORE_EXPORT Ref<ArrayBuffer> buildClientDataJson(ClientDataType /*type*/, const BufferSource& challenge, const SecurityOrigin& /*origin*/);
WEBCORE_EXPORT Vector<uint8_t> buildClientDataJsonHash(const ArrayBuffer& clientDataJson);
Modified: trunk/Source/WebCore/html/FeaturePolicy.cpp (287001 => 287002)
--- trunk/Source/WebCore/html/FeaturePolicy.cpp 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebCore/html/FeaturePolicy.cpp 2021-12-14 02:42:38 UTC (rev 287002)
@@ -67,10 +67,6 @@
case FeaturePolicy::Type::Magnetometer:
return "Magnetometer";
#endif
-#if ENABLE(WEB_AUTHN)
- case FeaturePolicy::Type::PublickeyCredentialsGetRule:
- return "PublickeyCredentialsGet";
-#endif
#if ENABLE(WEBXR)
case FeaturePolicy::Type::XRSpatialTracking:
return "XRSpatialTracking";
@@ -188,9 +184,6 @@
bool isAccelerometerInitialized = false;
bool isMagnetometerInitialized = false;
#endif
-#if ENABLE(WEB_AUTHN)
- bool isPublickeyCredentialsGetInitialized = false;
-#endif
#if ENABLE(WEBXR)
bool isXRSpatialTrackingInitialized = false;
#endif
@@ -258,13 +251,6 @@
continue;
}
#endif
-#if ENABLE(WEB_AUTHN)
- if (item.startsWith("publickey-credentials-get")) {
- isPublickeyCredentialsGetInitialized = true;
- updateList(document, policy.m_publickeyCredentialsGetRule, item.substring(26));
- continue;
- }
-#endif
#if ENABLE(WEBXR)
if (item.startsWith("xr-spatial-tracking")) {
isXRSpatialTrackingInitialized = true;
@@ -297,10 +283,6 @@
if (!isMagnetometerInitialized)
policy.m_magnetometerRule.allowedList.add(document.securityOrigin().data());
#endif
-#if ENABLE(WEB_AUTHN)
- if (!isPublickeyCredentialsGetInitialized)
- policy.m_publickeyCredentialsGetRule.allowedList.add(document.securityOrigin().data());
-#endif
#if ENABLE(WEBXR)
if (!isXRSpatialTrackingInitialized)
policy.m_xrSpatialTrackingRule.allowedList.add(document.securityOrigin().data());
@@ -356,10 +338,6 @@
case Type::Magnetometer:
return isAllowedByFeaturePolicy(m_magnetometerRule, origin);
#endif
-#if ENABLE(WEB_AUTHN)
- case Type::PublickeyCredentialsGetRule:
- return isAllowedByFeaturePolicy(m_publickeyCredentialsGetRule, origin);
-#endif
#if ENABLE(WEBXR)
case Type::XRSpatialTracking:
return isAllowedByFeaturePolicy(m_xrSpatialTrackingRule, origin);
Modified: trunk/Source/WebCore/html/FeaturePolicy.h (287001 => 287002)
--- trunk/Source/WebCore/html/FeaturePolicy.h 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebCore/html/FeaturePolicy.h 2021-12-14 02:42:38 UTC (rev 287002)
@@ -53,9 +53,6 @@
Accelerometer,
Magnetometer,
#endif
-#if ENABLE(WEB_AUTHN)
- PublickeyCredentialsGetRule,
-#endif
#if ENABLE(WEBXR)
XRSpatialTracking,
#endif
@@ -84,9 +81,6 @@
AllowRule m_accelerometerRule;
AllowRule m_magnetometerRule;
#endif
-#if ENABLE(WEB_AUTHN)
- AllowRule m_publickeyCredentialsGetRule;
-#endif
#if ENABLE(WEBXR)
AllowRule m_xrSpatialTrackingRule;
#endif
Modified: trunk/Source/WebKit/ChangeLog (287001 => 287002)
--- trunk/Source/WebKit/ChangeLog 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebKit/ChangeLog 2021-12-14 02:42:38 UTC (rev 287002)
@@ -1,3 +1,15 @@
+2021-12-13 Commit Queue <commit-qu...@webkit.org>
+
+ Unreviewed, reverting r286993.
+ https://bugs.webkit.org/show_bug.cgi?id=234283
+
+
+ Reverted changeset:
+
+ "[WebAuthn] Allow same-site, cross-origin iframe get()"
+ https://bugs.webkit.org/show_bug.cgi?id=234180
+ https://commits.webkit.org/r286993
+
2021-12-13 Tim Horton <timothy_hor...@apple.com>
Momentum Event Dispatcher: Excessive "kick" at the beginning of scrolling (especially on 60fps displays)
Modified: trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h (287001 => 287002)
--- trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h 2021-12-14 02:42:38 UTC (rev 287002)
@@ -107,8 +107,7 @@
@interface ASCPublicKeyCredentialCreationOptions : NSObject <NSSecureCoding>
-@property (nonatomic, nullable, copy) NSData *challenge;
-@property (nonatomic, nullable, copy) NSData *clientDataHash;
+@property (nonatomic, copy) NSData *challenge;
@property (nonatomic, copy) NSString *relyingPartyIdentifier;
@property (nonatomic, copy) NSString *userName;
@property (nonatomic, copy) NSData *userIdentifier;
@@ -119,13 +118,6 @@
@end
-@interface ASCPublicKeyCredentialAssertionOptions : NSObject <NSSecureCoding>
-@property (nonatomic, copy, readonly) NSString *relyingPartyIdentifier;
-@property (nonatomic, nullable, copy, readonly) NSData *challenge;
-@property (nonatomic, nullable, copy) NSData *clientDataHash;
-@property (nonatomic, nullable, readonly, copy) NSString *userVerificationPreference;
-@end
-
@interface ASCSecurityKeyPublicKeyCredentialLoginChoice : NSObject <ASCLoginChoiceProtocol>
- (instancetype)initRegistrationChoiceWithOptions:(ASCPublicKeyCredentialCreationOptions *)options;
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (287001 => 287002)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2021-12-14 02:42:38 UTC (rev 287002)
@@ -87,7 +87,7 @@
auto challengeBuffer = ArrayBuffer::tryCreate(reinterpret_cast<const uint8_t*>(challenge.bytes), challenge.length);
auto securityOrigin = WebCore::SecurityOrigin::createFromString(origin);
- auto clientDataJson = buildClientDataJson(clientDataType, WebCore::BufferSource(challengeBuffer), securityOrigin, WebAuthn::Scope::SameOrigin);
+ auto clientDataJson = buildClientDataJson(clientDataType, WebCore::BufferSource(challengeBuffer), securityOrigin);
return adoptNS([[NSData alloc] initWithBytes:clientDataJson->data() length:clientDataJson->byteLength()]);
}
Modified: trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm (287001 => 287002)
--- trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2021-12-14 02:20:20 UTC (rev 287001)
+++ trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm 2021-12-14 02:42:38 UTC (rev 287002)
@@ -145,7 +145,7 @@
return adoptNS([allocASCPublicKeyCredentialDescriptorInstance() initWithCredentialID:WebCore::toNSData(descriptor.id).get() transports:transports.get()]);
}
-static RetainPtr<ASCCredentialRequestContext> configureRegistrationRequestContext(const PublicKeyCredentialCreationOptions& options, NSData *hash)
+static RetainPtr<ASCCredentialRequestContext> configureRegistrationRequestContext(const PublicKeyCredentialCreationOptions& options)
{
ASCCredentialRequestTypes requestTypes = ASCCredentialRequestTypePlatformPublicKeyRegistration | ASCCredentialRequestTypeSecurityKeyPublicKeyRegistration;
@@ -169,10 +169,7 @@
auto credentialCreationOptions = adoptNS([allocASCPublicKeyCredentialCreationOptionsInstance() init]);
- if ([credentialCreationOptions respondsToSelector:@selector(setClientDataHash:)])
- [credentialCreationOptions setClientDataHash:toNSData(hash).get()];
- else
- [credentialCreationOptions setChallenge:WebCore::toNSData(options.challenge).get()];
+ [credentialCreationOptions setChallenge:WebCore::toNSData(options.challenge).get()];
[credentialCreationOptions setRelyingPartyIdentifier:options.rp.id];
[credentialCreationOptions setUserName:options.user.name];
[credentialCreationOptions setUserIdentifier:WebCore::toNSData(options.user.id).get()];
@@ -205,7 +202,7 @@
return requestContext;
}
-static RetainPtr<ASCCredentialRequestContext> configurationAssertionRequestContext(const PublicKeyCredentialRequestOptions& options, Vector<uint_8> hash)
+static RetainPtr<ASCCredentialRequestContext> configurationAssertionRequestContext(const PublicKeyCredentialRequestOptions& options)
{
ASCCredentialRequestTypes requestTypes = ASCCredentialRequestTypePlatformPublicKeyAssertion | ASCCredentialRequestTypeSecurityKeyPublicKeyAssertion;
@@ -230,30 +227,13 @@
auto requestContext = adoptNS([allocASCCredentialRequestContextInstance() initWithRequestTypes:requestTypes]);
[requestContext setRelyingPartyIdentifier:options.rpId];
- if (requestTypes & ASCCredentialRequestTypePlatformPublicKeyAssertion) {
- auto assertionOptions = adoptNS(allocASCPublicKeyCredentialAssertionOptionsInstance());
- if ([assertionOptions respondsToSelector:@selector(initWithKind:relyingPartyIdentifier:clientDataHash:userVerificationPreference:allowedCredentials:)]) {
- auto nsHash = toNSData(hash);
- [assertionOptions initWithKind:ASCPublicKeyCredentialKindPlatform relyingPartyIdentifier:options.rpId clientDataHash:nsHash userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]
- } else {
- auto challenge = WebCore::toNSData(options.challenge);
- [assertionOptions initWithKind:ASCPublicKeyCredentialKindPlatform relyingPartyIdentifier:options.rpId challenge:challenge.get() userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]
- }
+ auto challenge = WebCore::toNSData(options.challenge);
- [requestContext setPlatformKeyCredentialAssertionOptions:assertionOptions.get()];
- }
+ if (requestTypes & ASCCredentialRequestTypePlatformPublicKeyAssertion)
+ [requestContext setPlatformKeyCredentialAssertionOptions:[allocASCPublicKeyCredentialAssertionOptionsInstance() initWithKind:ASCPublicKeyCredentialKindPlatform relyingPartyIdentifier:options.rpId challenge:challenge.get() userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]];
- if (requestTypes & ASCCredentialRequestTypeSecurityKeyPublicKeyAssertion) {
- auto assertionOptions = adoptNS(allocASCPublicKeyCredentialAssertionOptionsInstance());
- if ([assertionOptions respondsToSelector:@selector(initWithKind:relyingPartyIdentifier:clientDataHash:userVerificationPreference:allowedCredentials:)]) {
- auto nsHash = toNSData(hash);
- [assertionOptions initWithKind:ASCPublicKeyCredentialKindSecurityKey relyingPartyIdentifier:options.rpId clientDataHash:nsHash userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]];
- } else {
- auto challenge = WebCore::toNSData(options.challenge);
- [assertionOptions initWithKind:ASCPublicKeyCredentialKindSecurityKey relyingPartyIdentifier:options.rpId challenge:challenge.get() userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]];
- }
- [requestContext setSecurityKeyCredentialAssertionOptions:assertionOptions.get()];
- }
+ if (requestTypes & ASCCredentialRequestTypeSecurityKeyPublicKeyAssertion)
+ [requestContext setSecurityKeyCredentialAssertionOptions:[allocASCPublicKeyCredentialAssertionOptionsInstance() initWithKind:ASCPublicKeyCredentialKindSecurityKey relyingPartyIdentifier:options.rpId challenge:challenge.get() userVerificationPreference:userVerification.get() allowedCredentials:allowedCredentials.get()]];
return requestContext;
}
@@ -262,9 +242,9 @@
{
RetainPtr<ASCCredentialRequestContext> result;
WTF::switchOn(requestData.options, [&](const PublicKeyCredentialCreationOptions& options) {
- result = configureRegistrationRequestContext(options, requestData.hash);
+ result = configureRegistrationRequestContext(options);
}, [&](const PublicKeyCredentialRequestOptions& options) {
- result = configurationAssertionRequestContext(options, requestData.hash);
+ result = configurationAssertionRequestContext(options);
});
return result;
}