Bug 236657 - [WebAuthn] Add credentialID to _WKWebAuthenticationAssertionResponse and userHandle in getAllLocalAuthenticatorCredentials
Summary: [WebAuthn] Add credentialID to _WKWebAuthenticationAssertionResponse and user...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: pascoe@apple.com
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-02-15 11:53 PST by pascoe@apple.com
Modified: 2022-02-18 12:38 PST (History)
2 users (show)

See Also:

Attachments
Patch (10.49 KB, patch)
2022-02-15 15:34 PST, pascoe@apple.com 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description pascoe@apple.com 2022-02-15 11:53:10 PST 
These fields are needed for internal needs.
Comment 1 Radar WebKit Bug Importer 2022-02-15 11:53:19 PST 
<rdar://problem/88979279>
Comment 2 pascoe@apple.com 2022-02-15 15:34:04 PST 
Created attachment 452103 [details]
Patch
Comment 3 Brent Fulgham 2022-02-18 11:20:18 PST 
Comment on attachment 452103 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=452103&action=review

r=me

> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.mm:73
> +    return wrapper(_response->credentialID());

Is it possible for _response to be nullptr?
Comment 4 Brent Fulgham 2022-02-18 11:21:41 PST 
Comment on attachment 452103 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=452103&action=review

>> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.mm:73
>> +    return wrapper(_response->credentialID());
> 
> Is it possible for _response to be nullptr?

Update: No, it's always dereferenced without checking.
Comment 5 pascoe@apple.com 2022-02-18 11:25:44 PST 
Comment on attachment 452103 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=452103&action=review

>> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationAssertionResponse.mm:73
>> +    return wrapper(_response->credentialID());
> 
> Is it possible for _response to be nullptr?

I don't believe so, this is similar to userHandle. The only way we initialize _WKWebAuthenticationAssertionResponse is via APIWebAuthenticationAssertionResponse, which populates the _response.
Comment 6 EWS 2022-02-18 12:38:14 PST 
Committed r290154 (247493@main): <https://commits.webkit.org/247493@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 452103 [details].