[webkit-changes] [WebKit/WebKit] a6664c: [WebAuthn] Give back user gesture freebie after su...

Thu, 15 Dec 2022 10:49:39 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: a6664c87fe8f76c799e342e496d18e852134d751
      
https://github.com/WebKit/WebKit/commit/a6664c87fe8f76c799e342e496d18e852134d751
  Author: J Pascoe <[email protected]>
  Date:   2022-12-15 (Thu, 15 Dec 2022)

  Changed paths:
    M LayoutTests/http/wpt/webauthn/ctap-hid-success.https-expected.txt
    M LayoutTests/http/wpt/webauthn/idl.https-expected.txt
    M 
LayoutTests/http/wpt/webauthn/public-key-credential-create-success-ccid.https-expected.txt
    M 
LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt
    M 
LayoutTests/http/wpt/webauthn/public-key-credential-create-success-local.https-expected.txt
    M 
LayoutTests/http/wpt/webauthn/public-key-credential-create-success-nfc.https-expected.txt
    M 
LayoutTests/http/wpt/webauthn/public-key-credential-create-success-u2f.https-expected.txt
    M 
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt
    M 
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https-expected.txt
    M 
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-nfc.https-expected.txt
    M 
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-u2f.https-expected.txt
    M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
    M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h

  Log Message:
  -----------
  [WebAuthn] Give back user gesture freebie after successful 
assertion/registration
https://bugs.webkit.org/show_bug.cgi?id=244990
<rdar://99535178>

Reviewed by Brent Fulgham.

Some SPA-based application's user gestures don't register, causing headaches 
with WebAuthn
flows. Here we partially mitigate that issue by restoring the user gesture 
freebie upon a
successful registration/assertion. This does not make it possible for an RP to 
spam
WebAuthn calls as the freebie is only restored after the user provided consent 
for the previous
operation.

* Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:
(WebCore::AuthenticatorCoordinator::create):
(WebCore::AuthenticatorCoordinator::discoverFromExternalSource):
(WebCore::AuthenticatorCoordinator::create const): Deleted.
(WebCore::AuthenticatorCoordinator::discoverFromExternalSource const): Deleted.
* Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
(TestWebKitAPI::TEST):
* 
Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html:

Canonical link: https://commits.webkit.org/257940@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to