Title: [294332] trunk
- Revision
- 294332
- Author
- j_pas...@apple.com
- Date
- 2022-05-17 12:09:56 -0700 (Tue, 17 May 2022)
Log Message
[WebAuthn] Add SPI to update platform credential's displayName
https://bugs.webkit.org/show_bug.cgi?id=240471
<rdar://93362894>
Reviewed by Brent Fulgham.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
(TestWebKitAPI::TEST):
Updated API test.
* Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:
(+[_WKWebAuthenticationPanel setUsernameForLocalCredentialWithGroupAndID:credential:username:]):
(+[_WKWebAuthenticationPanel setDisplayNameForLocalCredentialWithGroupAndID:credential:displayName:]):
This change introduces setDisplayNameForLocalCredentialWithGroupAndID, which will supercede
the existing setUsernameForLocalCredentialWithGroupAndID once all callers are updated.
Canonical link: https://commits.webkit.org/250652@main
Modified Paths
Diff
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h (294331 => 294332)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2022-05-17 19:02:27 UTC (rev 294331)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2022-05-17 19:09:56 UTC (rev 294332)
@@ -128,6 +128,7 @@
+ (void)clearAllLocalAuthenticatorCredentials WK_API_AVAILABLE(macos(12.0), ios(15.0));
+ (void)setUsernameForLocalCredentialWithID:(NSData *)credentialID username: (NSString *)username WK_API_AVAILABLE(macos(12.0), ios(15.0));
+ (void)setUsernameForLocalCredentialWithGroupAndID:(NSString * _Nullable)group credential:(NSData *)credentialID username: (NSString *)username WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
++ (void)setDisplayNameForLocalCredentialWithGroupAndID:(NSString * _Nullable)group credential:(NSData *)credentialID displayName: (NSString *)displayName WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+ (NSData *)exportLocalAuthenticatorCredentialWithID:(NSData *)credentialID error:(NSError **)error WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+ (NSData *)exportLocalAuthenticatorCredentialWithGroupAndID:(NSString * _Nullable)group credential:(NSData *)credentialID error:(NSError **)error WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm (294331 => 294332)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-05-17 19:02:27 UTC (rev 294331)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm 2022-05-17 19:09:56 UTC (rev 294332)
@@ -363,6 +363,7 @@
[self setUsernameForLocalCredentialWithGroupAndID:nil credential:credentialID username:username];
}
+// rdar://93366441 - Remove this method once callers updated
+ (void)setUsernameForLocalCredentialWithGroupAndID:(NSString *)group credential:(NSData *)credentialID username: (NSString *)username
{
#if ENABLE(WEB_AUTHN)
@@ -428,7 +429,71 @@
#endif
}
++ (void)setDisplayNameForLocalCredentialWithGroupAndID:(NSString *)group credential:(NSData *)credentialID displayName: (NSString *)displayName
+{
#if ENABLE(WEB_AUTHN)
+ auto query = adoptNS([[NSMutableDictionary alloc] init]);
+ [query setDictionary:@{
+ (__bridge id)kSecClass: bridge_id_cast(kSecClassKey),
+ (__bridge id)kSecReturnAttributes: @YES,
+ (__bridge id)kSecAttrApplicationLabel: credentialID,
+ (__bridge id)kSecReturnPersistentRef : bridge_id_cast(kCFBooleanTrue),
+ (__bridge id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny,
+ (__bridge id)kSecUseDataProtectionKeychain: @YES
+ }];
+ updateQueryForGroupIfNecessary(query.get(), group);
+
+ CFTypeRef attributesArrayRef = nullptr;
+ OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query.get(), &attributesArrayRef);
+ if (status && status != errSecItemNotFound) {
+ ASSERT_NOT_REACHED();
+ return;
+ }
+ NSDictionary *attributes = (__bridge NSDictionary *)attributesArrayRef;
+ auto decodedResponse = cbor::CBORReader::read(vectorFromNSData(attributes[bridge_id_cast(kSecAttrApplicationTag)]));
+ if (!decodedResponse || !decodedResponse->isMap()) {
+ ASSERT_NOT_REACHED();
+ return;
+ }
+ auto& previousUserMap = decodedResponse->getMap();
+
+ bool nameSet = false;
+ cbor::CBORValue::MapValue updatedUserMap;
+ for (auto it = previousUserMap.begin(); it != previousUserMap.end(); ++it) {
+ if (it->first.isString() && it->first.getString() == fido::kDisplayNameMapKey) {
+ if (displayName)
+ updatedUserMap[it->first.clone()] = cbor::CBORValue(String(displayName));
+ nameSet = true;
+ } else
+ updatedUserMap[it->first.clone()] = it->second.clone();
+ }
+ if (!nameSet && displayName)
+ updatedUserMap[cbor::CBORValue(fido::kDisplayNameMapKey)] = cbor::CBORValue(String(displayName));
+ updatedUserMap[cbor::CBORValue(WebCore::userEntityLastModifiedKey)] = cbor::CBORValue((int64_t)WallTime::now().secondsSinceEpoch().value());
+ auto updatedTag = cbor::CBORWriter::write(cbor::CBORValue(WTFMove(updatedUserMap)));
+
+ auto secAttrApplicationTag = adoptNS([[NSData alloc] initWithBytes:updatedTag->data() length:updatedTag->size()]);
+
+ NSDictionary *updateParams = @{
+ (__bridge id)kSecAttrApplicationTag: secAttrApplicationTag.get(),
+ };
+
+ [query setDictionary:@{
+ (__bridge id)kSecValuePersistentRef: [attributes objectForKey:bridge_id_cast(kSecValuePersistentRef)],
+ (__bridge id)kSecClass: bridge_id_cast(kSecClassKey),
+ (__bridge id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny,
+ }];
+ updateQueryForGroupIfNecessary(query.get(), group);
+
+ status = SecItemUpdate((__bridge CFDictionaryRef)query.get(), (__bridge CFDictionaryRef)updateParams);
+ if (status && status != errSecItemNotFound) {
+ ASSERT_NOT_REACHED();
+ return;
+ }
+#endif
+}
+
+#if ENABLE(WEB_AUTHN)
static void createNSErrorFromWKErrorIfNecessary(NSError **error, WKErrorCode errorCode)
{
if (error)
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm (294331 => 294332)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-05-17 19:02:27 UTC (rev 294331)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm 2022-05-17 19:09:56 UTC (rev 294332)
@@ -2319,7 +2319,7 @@
EXPECT_WK_STREQ([command base64EncodedStringWithOptions:0], "AaQBWCABAgMEAQIDBAECAwQBAgMEAQIDBAECAwQBAgMEAQIDBAKhZG5hbWVrZXhhbXBsZS5jb20Do2JpZEQBAgMEZG5hbWV2amFwcGxlc2VlZEBleGFtcGxlLmNvbWtkaXNwbGF5TmFtZWtKIEFwcGxlc2VlZASBomNhbGcmZHR5cGVqcHVibGljLWtleQ==");
}
-TEST(WebAuthenticationPanel, UpdateCredentialUsername)
+TEST(WebAuthenticationPanel, UpdateCredentialDisplayName)
{
reset();
cleanUpKeychain("example.com"_s);
@@ -2332,8 +2332,9 @@
EXPECT_NOT_NULL([credentials firstObject]);
EXPECT_WK_STREQ([credentials firstObject][_WKLocalAuthenticatorCredentialNameKey], "John");
+ EXPECT_NULL([credentials firstObject][_WKLocalAuthenticatorCredentialDisplayNameKey]);
- [_WKWebAuthenticationPanel setUsernameForLocalCredentialWithID:[credentials firstObject][_WKLocalAuthenticatorCredentialIDKey] username: @"Saffron"];
+ [_WKWebAuthenticationPanel setDisplayNameForLocalCredentialWithGroupAndID:nil credential:[credentials firstObject][_WKLocalAuthenticatorCredentialIDKey] displayName: @"Saffron"];
credentials = [_WKWebAuthenticationPanel getAllLocalAuthenticatorCredentialsWithAccessGroup:@"com.apple.TestWebKitAPI"];
EXPECT_NOT_NULL(credentials);
@@ -2340,8 +2341,18 @@
EXPECT_EQ([credentials count], 1lu);
EXPECT_NOT_NULL([credentials firstObject]);
- EXPECT_WK_STREQ([credentials firstObject][_WKLocalAuthenticatorCredentialNameKey], "Saffron");
+ EXPECT_WK_STREQ([credentials firstObject][_WKLocalAuthenticatorCredentialNameKey], "John");
+ EXPECT_WK_STREQ([credentials firstObject][_WKLocalAuthenticatorCredentialDisplayNameKey], "Saffron");
+ [_WKWebAuthenticationPanel setDisplayNameForLocalCredentialWithGroupAndID:nil credential:[credentials firstObject][_WKLocalAuthenticatorCredentialIDKey] displayName: @"Something Different"];
+
+ credentials = [_WKWebAuthenticationPanel getAllLocalAuthenticatorCredentialsWithAccessGroup:@"com.apple.TestWebKitAPI"];
+ EXPECT_NOT_NULL(credentials);
+ EXPECT_EQ([credentials count], 1lu);
+
+ EXPECT_NOT_NULL([credentials firstObject]);
+ EXPECT_WK_STREQ([credentials firstObject][_WKLocalAuthenticatorCredentialDisplayNameKey], "Something Different");
+
cleanUpKeychain("example.com"_s);
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes