225199 – WebAuthn "user gesture required" console message for .get references ".create"

Bug 225199 - WebAuthn "user gesture required" console message for .get references ".create"

Summary: WebAuthn "user gesture required" console message for .get references ".create"

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	Safari 14
Hardware:	Mac (Intel) macOS 11

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-04-29 11:14 PDT by matthew
Modified:	2021-05-06 11:15 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Screenshot of console output from within Safari referencing incorrect API (18.60 KB, image/png) 2021-04-29 11:14 PDT, matthew	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description matthew 2021-04-29 11:14:38 PDT

Created attachment 427361 [details]
Screenshot of console output from within Safari referencing incorrect API

Calls to WebAuthn's `navigator.credentials.get()` outside of a user gesture errors out as expected. However, the console warning output from this operations mentions "navigator.credentials.create":

> User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' within user activated events.
Console output generated by a call to `navigator.credentials.get` should reference "navigator.credentials.get" instead.

This appears to be caused by a recent change to `WebAuthenticatorCoordinator::processingUserGesture()` that hardcodes "navigator.credentials.create" into the message:

https://trac.webkit.org/browser/webkit/branches/safari-611-branch/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp#L112

The following LayoutTests confirm that the same incorrect message is used for `navigator.credentials.get()` user gesture issues as well:

- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local-silent.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-nfc.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-nfc.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-u2f.https-expected.txt

Comment 1 matthew 2021-04-30 08:50:02 PDT

I should clarify that this is observed in Safari 14.1 on macOS 11.3

Comment 2 Radar WebKit Bug Importer 2021-05-06 11:15:40 PDT

<rdar://problem/77616652>