mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-11 08:13:35 +00:00
Bug 1537552 - Web Authentication - isUserVerifyingPlatformAuthenticatorAvailable should return false r=keeler
The WebAuthn spec changed from the days of https://bugzilla.mozilla.org/show_bug.cgi?id=1406468#c1. Now the spec says, if there are no user-verifying platform authenticators available [0]: > Otherwise, the promise is resolved with the value of `false` ...so we should resolve false instead of never resolving. [0] https://w3c.github.io/webauthn/#abortoperation Differential Revision: https://phabricator.services.mozilla.com/D24266 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
349f8a0865
commit
ee356ad019
@ -89,27 +89,18 @@ PublicKeyCredential::IsUserVerifyingPlatformAuthenticatorAvailable(
|
||||
|
||||
// https://w3c.github.io/webauthn/#isUserVerifyingPlatformAuthenticatorAvailable
|
||||
//
|
||||
// If on latest windows, call system APIs, otherwise
|
||||
// We currently implement no platform authenticators, so this would always
|
||||
// resolve to false. For those cases, the spec recommends a resolve timeout
|
||||
// on the order of 10 minutes to avoid fingerprinting.
|
||||
//
|
||||
// A simple solution is thus to never resolve the promise, otherwise we'd
|
||||
// have to track every single call to this method along with a promise
|
||||
// and timer to resolve it after exactly X minutes.
|
||||
//
|
||||
// A Relying Party has to deal with a non-response in a timely fashion, so
|
||||
// we can keep this as-is (and not resolve) even when we support platform
|
||||
// authenticators but they're not available, or a user rejects a website's
|
||||
// request to use them.
|
||||
// If on latest windows, call system APIs, otherwise return false, as we don't
|
||||
// have other UVPAAs available at this time.
|
||||
#ifdef OS_WIN
|
||||
|
||||
if (WinWebAuthnManager::IsUserVerifyingPlatformAuthenticatorAvailable()) {
|
||||
promise->MaybeResolve(true);
|
||||
return promise.forget();
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
promise->MaybeResolve(false);
|
||||
return promise.forget();
|
||||
}
|
||||
|
||||
|
@ -24,26 +24,19 @@ SimpleTest.waitForExplicitFinish();
|
||||
SpecialPowers.pushPrefEnv({"set": [["security.webauth.webauthn", true],
|
||||
["security.webauth.webauthn_enable_softtoken", true],
|
||||
["security.webauth.webauthn_enable_usbtoken", false]]},
|
||||
function() {
|
||||
async function() {
|
||||
// This test ensures that isUserVerifyingPlatformAuthenticatorAvailable()
|
||||
// is a callable method, but we currently can't test that it works in an
|
||||
// automated way. If it resolves to false, per spec, we SHOULD wait
|
||||
// ~10 minutes before resolving.
|
||||
let p1 = PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()
|
||||
// is a callable method, but with the softtoken enabled, it's not useful to
|
||||
// figure out what it actually returns, so we'll just make sure it runs.
|
||||
await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()
|
||||
.then(function(aResult) {
|
||||
ok(false, "We shouldn't get here.");
|
||||
ok(true, "Resolved: " + aResult);
|
||||
})
|
||||
.catch(function(aProblem) {
|
||||
ok(false, "Problem encountered: " + aProblem);
|
||||
});
|
||||
|
||||
// Finish on the next tick.
|
||||
let p2 = Promise.resolve();
|
||||
|
||||
Promise.race([p1, p2]).then(function() {
|
||||
ok(true, "isUserVerifyingPlatformAuthenticatorAvailable() is callable");
|
||||
SimpleTest.finish();
|
||||
});
|
||||
SimpleTest.finish();
|
||||
});
|
||||
|
||||
</script>
|
||||
|
Loading…
Reference in New Issue
Block a user