Title: [287957] trunk
- Revision
- 287957
- Author
- j_pas...@apple.com
- Date
- 2022-01-12 15:45:51 -0800 (Wed, 12 Jan 2022)
Log Message
[WebAuthn] Fix freebie call without user gesture not being given
https://bugs.webkit.org/show_bug.cgi?id=235078
rdar://87327557
Reviewed by Brent Fulgham.
Source/WebKit:
This logic was previously always requiring a user gesture. The desired
behavior of giving pages a single "freebie" webauthn call without gesture
was lost in a refactor.
Tested manually on iOS device with webauthn.me.
* WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp:
(WebKit::WebAuthenticatorCoordinator::processingUserGesture):
Tools:
Updated API test to reflect user gesture freebie.
* TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (287956 => 287957)
--- trunk/Source/WebKit/ChangeLog 2022-01-12 23:36:57 UTC (rev 287956)
+++ trunk/Source/WebKit/ChangeLog 2022-01-12 23:45:51 UTC (rev 287957)
@@ -1,3 +1,20 @@
+2022-01-12 J Pascoe <j_pas...@apple.com>
+
+ [WebAuthn] Fix freebie call without user gesture not being given
+ https://bugs.webkit.org/show_bug.cgi?id=235078
+ rdar://87327557
+
+ Reviewed by Brent Fulgham.
+
+ This logic was previously always requiring a user gesture. The desired
+ behavior of giving pages a single "freebie" webauthn call without gesture
+ was lost in a refactor.
+
+ Tested manually on iOS device with webauthn.me.
+
+ * WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp:
+ (WebKit::WebAuthenticatorCoordinator::processingUserGesture):
+
2022-01-12 Brandon Stewart <brandonstew...@apple.com>
[macOS] Add required system call
Modified: trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp (287956 => 287957)
--- trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp 2022-01-12 23:36:57 UTC (rev 287956)
+++ trunk/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp 2022-01-12 23:45:51 UTC (rev 287957)
@@ -126,13 +126,15 @@
bool WebAuthenticatorCoordinator::processingUserGesture(const Frame& frame, const FrameIdentifier& frameID)
{
auto processingUserGesture = UserGestureIndicator::processingUserGestureForMedia();
- if (!processingUserGesture && m_requireUserGesture)
+ bool processingUserGestureOrFreebie = processingUserGesture || !m_requireUserGesture;
+ if (!processingUserGestureOrFreebie)
m_webPage.addConsoleMessage(frameID, MessageSource::Other, MessageLevel::Warning, "User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events."_s);
+
if (processingUserGesture && m_requireUserGesture)
m_requireUserGesture = false;
- else
+ else if (!processingUserGesture)
m_requireUserGesture = true;
- return processingUserGesture || !m_requireUserGesture;
+ return processingUserGestureOrFreebie;
}
} // namespace WebKit
Modified: trunk/Tools/ChangeLog (287956 => 287957)
--- trunk/Tools/ChangeLog 2022-01-12 23:36:57 UTC (rev 287956)
+++ trunk/Tools/ChangeLog 2022-01-12 23:45:51 UTC (rev 287957)
@@ -1,3 +1,15 @@
+2022-01-12 J Pascoe <j_pas...@apple.com>
+
+ [WebAuthn] Fix freebie call without user gesture not being given
+ https://bugs.webkit.org/show_bug.cgi?id=235078
+ rdar://87327557
+
+ Reviewed by Brent Fulgham.
+
+ Updated API test to reflect user gesture freebie.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html:
+
2022-01-12 Elliott Williams <e...@apple.com>
[Xcode] Configure each project for the legacy build system
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html (287956 => 287957)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html 2022-01-12 23:36:57 UTC (rev 287956)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html 2022-01-12 23:45:51 UTC (rev 287957)
@@ -20,10 +20,14 @@
};
navigator.credentials.create(options).then(credential => {
- // console.log("Succeeded!");
window.webkit.messageHandlers.testHandler.postMessage("Succeeded!");
}, error => {
- // console.log(error.message);
+ // The first call will consume the freebie, the second will give the no user gesture error.
+ navigator.credentials.create(options).then(credential => {
+ window.webkit.messageHandlers.testHandler.postMessage("Succeeded!");
+ }, error => {
+ window.webkit.messageHandlers.testHandler.postMessage(error.message);
+ });
window.webkit.messageHandlers.testHandler.postMessage(error.message);
});
</script>
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes