Bug 183530

<rdar://problem/43357305>

Also, we need to carefully pick sentences to describe error such that we can protect user privacy: https://www.w3.org/TR/webauthn/#sctn-privacy-considerations.

For example, we might want to make NotAllowedError indistinguishable between each other.

Created attachment 398712 [details]
Patch

Comment on attachment 398712 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=398712&action=review

I think this looks good, but I think you made a typo "NSDate instead of NSData".

> Source/WebKit/ChangeLog:3
> +        [WebAuthn] Roll back the newly created credential if an error happens afterwards

Maybe "Roll back newly created credentials if an error occurs"?

> Source/WebKit/ChangeLog:9
> +        Otherwise, the newly created credential will be a dangling credential.

Maybe "We should clean up any newly created credentials if an error occurs before the relying party registers the identity. Otherwise we are left with a dangling credential."

> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h:78
> +    RetainPtr<NSDate> m_newlyCreatedCredentialId;

This should be an NSData, I think (not an NSDate).

Maybe we should call this "m_provisionalCredentialId"?

Also: Should this be nulled at some point when the credential moves from 'provisional' to 'committed' (or 'complete') ?

> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:340
> +        m_newlyCreatedCredentialId = toNSData(credentialId);

m_provisionalCredentialId

> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:605
> +            LOG_ERROR(makeString("Couldn't delete older credential: "_s, status).utf8().data());

I think this should say something like:

"Couldn't delete provisional credential while handling error: "

Comment on attachment 398712 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=398712&action=review

Thanks Brent for reviewing this patch.

>> Source/WebKit/ChangeLog:3
>> +        [WebAuthn] Roll back the newly created credential if an error happens afterwards
> 
> Maybe "Roll back newly created credentials if an error occurs"?

Fixed.

>> Source/WebKit/ChangeLog:9
>> +        Otherwise, the newly created credential will be a dangling credential.
> 
> Maybe "We should clean up any newly created credentials if an error occurs before the relying party registers the identity. Otherwise we are left with a dangling credential."

Fixed.

>> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.h:78
>> +    RetainPtr<NSDate> m_newlyCreatedCredentialId;
> 
> This should be an NSData, I think (not an NSDate).
> 
> Maybe we should call this "m_provisionalCredentialId"?
> 
> Also: Should this be nulled at some point when the credential moves from 'provisional' to 'committed' (or 'complete') ?

Oops, it is indeed a type. But strangely, it compiles and works. There is no needs to commit it. Once the credential is returned to the RP, the LocalAuthenticator object will be cleared.

>> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:340
>> +        m_newlyCreatedCredentialId = toNSData(credentialId);
> 
> m_provisionalCredentialId

Fixed.

>> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:605
>> +            LOG_ERROR(makeString("Couldn't delete older credential: "_s, status).utf8().data());
> 
> I think this should say something like:
> 
> "Couldn't delete provisional credential while handling error: "

Fixed.

Created attachment 398821 [details]
Patch

Created attachment 398823 [details]
Patch

Comment on attachment 398823 [details]
Patch

r=me

(In reply to Brent Fulgham from comment #8)
> Comment on attachment 398823 [details]
> Patch
> 
> r=me

Thanks for r+ the patch.

Committed r261366: <https://trac.webkit.org/changeset/261366>