[webkit-changes] [287957] trunk

[j_pascoe]

Title: [287957] trunk

Revision

287957

Author

j_pas...@apple.com

Date

2022-01-12 15:45:51 -0800 (Wed, 12 Jan 2022)

Log Message

[WebAuthn] Fix freebie call without user gesture not being given
https://bugs.webkit.org/show_bug.cgi?id=235078
rdar://87327557

Reviewed by Brent Fulgham.

Source/WebKit:

This logic was previously always requiring a user gesture. The desired
behavior of giving pages a single "freebie" webauthn call without gesture
was lost in a refactor.

Tested manually on iOS device with webauthn.me.

* WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp:
(WebKit::WebAuthenticatorCoordinator::processingUserGesture):

Tools:

Updated API test to reflect user gesture freebie.

* TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html:

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp
• trunk/Tools/ChangeLog
• trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html

Diff

Modified: trunk/Source/WebKit/ChangeLog (287956 => 287957)

--- trunk/Source/WebKit/ChangeLog	2022-01-12 23:36:57 UTC (rev 287956)
+++ trunk/Source/WebKit/ChangeLog	2022-01-12 23:45:51 UTC (rev 287957)
@@ -1,3 +1,20 @@
+2022-01-12  J Pascoe  <j_pas...@apple.com>
+
+        [WebAuthn] Fix freebie call without user gesture not being given
+        https://bugs.webkit.org/show_bug.cgi?id=235078
+        rdar://87327557
+
+        Reviewed by Brent Fulgham.
+
+        This logic was previously always requiring a user gesture. The desired
+        behavior of giving pages a single "freebie" webauthn call without gesture
+        was lost in a refactor.
+
+        Tested manually on iOS device with webauthn.me.
+
+        * WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp:
+        (WebKit::WebAuthenticatorCoordinator::processingUserGesture):
+
 2022-01-12  Brandon Stewart  <brandonstew...@apple.com>
 
         [macOS] Add required system call

Modified: trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp (287956 => 287957)

--- trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp	2022-01-12 23:36:57 UTC (rev 287956)
+++ trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp	2022-01-12 23:45:51 UTC (rev 287957)
@@ -126,13 +126,15 @@
 bool WebAuthenticatorCoordinator::processingUserGesture(const Frame& frame, const FrameIdentifier& frameID)
 {
     auto processingUserGesture = UserGestureIndicator::processingUserGestureForMedia();
-    if (!processingUserGesture && m_requireUserGesture)
+    bool processingUserGestureOrFreebie = processingUserGesture || !m_requireUserGesture;
+    if (!processingUserGestureOrFreebie)
         m_webPage.addConsoleMessage(frameID, MessageSource::Other, MessageLevel::Warning, "User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events."_s);
+
     if (processingUserGesture && m_requireUserGesture)
         m_requireUserGesture = false;
-    else
+    else if (!processingUserGesture)
         m_requireUserGesture = true;
-    return processingUserGesture || !m_requireUserGesture;
+    return processingUserGestureOrFreebie;
 }
 
 } // namespace WebKit

Modified: trunk/Tools/ChangeLog (287956 => 287957)

--- trunk/Tools/ChangeLog	2022-01-12 23:36:57 UTC (rev 287956)
+++ trunk/Tools/ChangeLog	2022-01-12 23:45:51 UTC (rev 287957)
@@ -1,3 +1,15 @@
+2022-01-12  J Pascoe  <j_pas...@apple.com>
+
+        [WebAuthn] Fix freebie call without user gesture not being given
+        https://bugs.webkit.org/show_bug.cgi?id=235078
+        rdar://87327557
+
+        Reviewed by Brent Fulgham.
+
+        Updated API test to reflect user gesture freebie.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html:
+
 2022-01-12  Elliott Williams  <e...@apple.com>
 
         [Xcode] Configure each project for the legacy build system

Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html (287956 => 287957)

--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html	2022-01-12 23:36:57 UTC (rev 287956)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html	2022-01-12 23:45:51 UTC (rev 287957)
@@ -20,10 +20,14 @@
     };
 
     navigator.credentials.create(options).then(credential => {
-        // console.log("Succeeded!");
         window.webkit.messageHandlers.testHandler.postMessage("Succeeded!");
     }, error => {
-        // console.log(error.message);
+        // The first call will consume the freebie, the second will give the no user gesture error.
+        navigator.credentials.create(options).then(credential => {
+            window.webkit.messageHandlers.testHandler.postMessage("Succeeded!");
+        }, error => {
+            window.webkit.messageHandlers.testHandler.postMessage(error.message);
+        });
         window.webkit.messageHandlers.testHandler.postMessage(error.message);
     });
 </script>

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes