ChangeLog

2021-01-14  Jiewen Tan  <jiewen_tan@apple.com>

        [WebAuthn] Polish the new WebAuthn UI

        https://bugs.webkit.org/show_bug.cgi?id=220617

        <rdar://problem/73185470>

        Reviewed by NOBODY (OOPS!).

        This patch does the following few things:

        1. It updates the way how the PIN error for security keys is handled.

        2. It uses the credential name to identify a credential that passed to the UI instead of the login choice object

        as it turns out that the UI won't return the same object at all.

        3. It delays to show the UI if the platform authenticator is involved given the platform authenticator might not contain

        the requested credentials. If not, we should either show an error or just requesting the security key ones.

        Covered by manual tests.

        * Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h:

        (NS_ERROR_ENUM):

        * UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.h:

        * UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm:

        (WebKit::AuthenticatorPresenterCoordinator::AuthenticatorPresenterCoordinator):

        (WebKit::AuthenticatorPresenterCoordinator::updatePresenter):

        (WebKit::AuthenticatorPresenterCoordinator::selectAssertionResponse):

        (WebKit::AuthenticatorPresenterCoordinator::didSelectAssertionResponse):

        * UIProcess/WebAuthentication/Cocoa/WKASCAuthorizationPresenterDelegate.mm:

        (-[WKASCAuthorizationPresenterDelegate authorizationPresenter:credentialRequestedForLoginChoice:authenticatedContext:completionHandler:]):

2021-01-12  BJ Burg  <bburg@apple.com>

        [Cocoa] Web Inspector: move browser domain activation methods back to WKWebView and UIDelegate

Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h

@@typedef NS_ERROR_ENUM(ASCAuthorizationErrorDomain, ASCAuthorizationError) {

    ASCAuthorizationErrorNoCredentialsFound,

    ASCAuthorizationErrorLAError,

    ASCAuthorizationErrorLAExcludeCredentialsMatched,

};

extern NSString * const ASCPINValidationResultKey;

typedef NS_ENUM(NSInteger, ASCPINValidationResult) {

    ASCPINValidationResultPINBlocked,

    ASCPINValidationResultPINAuthBlocked,

    ASCPINValidationResultPINInvalid,

    ASCAuthorizationErrorPINInvalid,

    ASCAuthorizationErrorAuthenticatorTemporarilyLocked,

    ASCAuthorizationErrorAuthenticatorPermanentlyLocked,

};

NS_ASSUME_NONNULL_END

Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.h

@@public:

    void setCredentialRequestHandler(CredentialRequestHandler&& handler) { m_credentialRequestHandler = WTFMove(handler); }

    void setLAContext(LAContext *);

68 void didSelectAssertionResponse(A~~SCLoginCho~~iceProtocol *, LAContext *);

68 void didSelectAssertionResponse(const String& credentialName, LAContext *);

    void setPin(const String&);

private:

@@private:

    RetainPtr<ASCAuthorizationPresentationContext> m_context;

    RetainPtr<ASCAuthorizationPresenter> m_presenter;

    RetainPtr<WKASCAuthorizationPresenterDelegate> m_presenterDelegate;

    Function<void()> m_delayedPresentation;

#if HAVE(ASC_AUTH_UI)

    bool m_delayedPresentationNeedsSecurityKey { false };

#endif

    CredentialRequestHandler m_credentialRequestHandler;

@@private:

    RetainPtr<LAContext> m_laContext;

    CompletionHandler<void(WebCore::AuthenticatorAssertionResponse*)> m_responseHandler;

83 HashMap<A~~SCLog~~inChoiceProtocol *, RefPtr<WebCore::AuthenticatorAssertionResponse>> m_credentials;

87 HashMap<String, RefPtr<WebCore::AuthenticatorAssertionResponse>> m_credentials;

    CompletionHandler<void(const String&)> m_pinHandler;

};

Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm

@@AuthenticatorPresenterCoordinator::AuthenticatorPresenterCoordinator(const Authe

            [m_context addLoginChoice:adoptNS([allocASCSecurityKeyPublicKeyCredentialLoginChoiceInstance() initRegistrationChoice]).get()];

        break;

    case ClientDataType::Get:

56 if (transports.contains(AuthenticatorTransport::Usb) || transports.contains(AuthenticatorTransport::Nfc))

56 if ((transports.contains(AuthenticatorTransport::Usb) || transports.contains(AuthenticatorTransport::Nfc)) && !transports.contains(AuthenticatorTransport::Internal))

            [m_context addLoginChoice:adoptNS([allocASCSecurityKeyPublicKeyCredentialLoginChoiceInstance() initAssertionPlaceholderChoice]).get()];

        break;

    default:

@@AuthenticatorPresenterCoordinator::AuthenticatorPresenterCoordinator(const Authe

    [m_presenter setDelegate:m_presenterDelegate.get()];

    auto completionHandler = makeBlockPtr([manager = m_manager] (id<ASCCredentialProtocol> credential, NSError *error) mutable {

68 ASSERT(!RunLoop::isMain());

        if (credential || !error)

            return;

@@AuthenticatorPresenterCoordinator::AuthenticatorPresenterCoordinator(const Authe

                manager->cancel();

        });

    });

    if (type == ClientDataType::Get && transports.contains(AuthenticatorTransport::Internal)) {

        m_delayedPresentationNeedsSecurityKey = (transports.contains(AuthenticatorTransport::Usb) || transports.contains(AuthenticatorTransport::Nfc));

        m_delayedPresentation = [completionHandler = WTFMove(completionHandler), this] {

            [m_presenter presentAuthorizationWithContext:m_context.get() completionHandler:completionHandler.get()];

        };

        return;

    }

    [m_presenter presentAuthorizationWithContext:m_context.get() completionHandler:completionHandler.get()];

#endif // HAVE(ASC_AUTH_UI)

}

@@void AuthenticatorPresenterCoordinator::updatePresenter(WebAuthenticationStatus

#if HAVE(ASC_AUTH_UI)

    switch (status) {

    case WebAuthenticationStatus::PinBlocked: {

98 auto error = adoptNS([[NSError alloc] initWithDomain:ASCAuthorizationErrorDomain code:ASCAuthorizationError~~PINRequi~~red userInfo:~~@{ ASCPINValidationResultKey: @(ASCPINValidationResultPINBlocked) }~~]);

106 auto error = adoptNS([[NSError alloc] initWithDomain:ASCAuthorizationErrorDomain code:ASCAuthorizationErrorAuthenticatorPermanentlyLocked userInfo:nil]);

        m_credentialRequestHandler(nil, error.get());

        break;

    }

    case WebAuthenticationStatus::PinAuthBlocked: {

103 auto error = adoptNS([[NSError alloc] initWithDomain:ASCAuthorizationErrorDomain code:ASCAuthorizationError~~PINRequ~~ired userInfo:~~@{ ASCPINValidationResultKey: @(ASCPINValidationResultPINAuthBlocked) }~~]);

111 auto error = adoptNS([[NSError alloc] initWithDomain:ASCAuthorizationErrorDomain code:ASCAuthorizationErrorAuthenticatorTemporarilyLocked userInfo:nil]);

        m_credentialRequestHandler(nil, error.get());

        break;

    }

    case WebAuthenticationStatus::PinInvalid: {

108 auto error = adoptNS([[NSError alloc] initWithDomain:ASCAuthorizationErrorDomain code:ASCAuthorizationErrorPIN~~Require~~d userInfo:~~@{ ASCPINValidationResultKey: @(ASCPINValidationResultPINInvalid) }~~]);

116 auto error = adoptNS([[NSError alloc] initWithDomain:ASCAuthorizationErrorDomain code:ASCAuthorizationErrorPINInvalid userInfo:nil]);

        m_credentialRequestHandler(nil, error.get());

        break;

    }

@@void AuthenticatorPresenterCoordinator::updatePresenter(WebAuthenticationStatus

        [m_presenter updateInterfaceForUserVisibleError:error.get()];

        break;

    }

117 case WebAuthenticationStatus::NoCredentialsFound:

118 case WebAuthenticationStatus::LANoCredential: {

    case WebAuthenticationStatus::LANoCredential:

        if (m_delayedPresentationNeedsSecurityKey)

            [m_context addLoginChoice:adoptNS([allocASCSecurityKeyPublicKeyCredentialLoginChoiceInstance() initAssertionPlaceholderChoice]).get()];

        m_delayedPresentation();

        break;

    case WebAuthenticationStatus::NoCredentialsFound: {

        auto error = adoptNS([[NSError alloc] initWithDomain:ASCAuthorizationErrorDomain code:ASCAuthorizationErrorNoCredentialsFound userInfo:nil]);

        [m_presenter updateInterfaceForUserVisibleError:error.get()];

        break;

@@void AuthenticatorPresenterCoordinator::selectAssertionResponse(Vector<Ref<Authe

            auto loginChoice = adoptNS([allocASCSecurityKeyPublicKeyCredentialLoginChoiceInstance() initWithName:response->name() displayName:response->displayName() userHandle:userHandle.get()]);

            [loginChoices addObject:loginChoice.get()];

166 m_credentials.add(~~(ASCLoginChoiceProtocol *)loginChoice.get~~(), WTFMove(response));

178 m_credentials.add(response->name(), WTFMove(response));

        }

        [m_presenter updateInterfaceWithLoginChoices:loginChoices.get()];

@@void AuthenticatorPresenterCoordinator::selectAssertionResponse(Vector<Ref<Authe

    }

    if (source == WebAuthenticationSource::Local) {

174 auto loginChoices = adoptNS([[NSMutableArray alloc] init]);

175

        for (auto& response : responses) {

            RetainPtr<NSData> userHandle;

            if (response->userHandle())

                userHandle = adoptNS([[NSData alloc] initWithBytes:response->userHandle()->data() length:response->userHandle()->byteLength()]);

            auto loginChoice = adoptNS([allocASCPlatformPublicKeyCredentialLoginChoiceInstance() initWithName:response->name() displayName:response->displayName() userHandle:userHandle.get()]);

182 [loginChoice~~s addObject~~:loginChoice.get()];

192 [m_context addLoginChoice:loginChoice.get()];

183193

184 m_credentials.add(~~(ASCLoginChoiceProtocol *)loginChoice.get~~(), WTFMove(response));

194 m_credentials.add(response->name(), WTFMove(response));

185195 }

186196

187 [loginChoices addObjectsFromArray:[m_context loginChoices]]; // Adds the security key option if exists.

188 [m_presenter updateInterfaceWithLoginChoices:loginChoices.get()];

        if (m_delayedPresentationNeedsSecurityKey)

            [m_context addLoginChoice:adoptNS([allocASCSecurityKeyPublicKeyCredentialLoginChoiceInstance() initAssertionPlaceholderChoice]).get()];

        m_delayedPresentation();

        return;

    }

#endif // HAVE(ASC_AUTH_UI)

@@void AuthenticatorPresenterCoordinator::setLAContext(LAContext *context)

    m_laContext = context;

}

228 void AuthenticatorPresenterCoordinator::didSelectAssertionResponse(A~~SCLoginChoiceProtocol *loginChoic~~e, LAContext *context)

239void AuthenticatorPresenterCoordinator::didSelectAssertionResponse(const String& credentialName, LAContext *context)

229240{

230 auto response = m_credentials.take(~~loginChoic~~e);

241 auto response = m_credentials.take(credentialName);

    if (!response)

        return;

Source/WebKit/UIProcess/WebAuthentication/Cocoa/WKASCAuthorizationPresenterDelegate.mm

@@- (void)authorizationPresenter:(ASCAuthorizationPresenter *)presenter credential

    }];

    if ([loginChoice isKindOfClass:WebKit::getASCPlatformPublicKeyCredentialLoginChoiceClass()]) {

58 if ([(ASCPlatformPublicKeyCredentialLoginChoice *)loginChoice isRegistrationRequest]) {

        auto *platformLoginChoice = (ASCPlatformPublicKeyCredentialLoginChoice *)loginChoice;

        if ([platformLoginChoice isRegistrationRequest]) {

            [self dispatchCoordinatorCallback:[context = retainPtr(context)] (WebKit::AuthenticatorPresenterCoordinator& coordinator) mutable {

                coordinator.setLAContext(context.get());

            }];

@@- (void)authorizationPresenter:(ASCAuthorizationPresenter *)presenter credential

            return;

        }

        if (![(ASCPlatformPublicKeyCredentialLoginChoice *)loginChoice isRegistrationRequest]) {

            [self dispatchCoordinatorCallback:[loginChoice, context = retainPtr(context)] (WebKit::AuthenticatorPresenterCoordinator& coordinator) mutable {

                coordinator.didSelectAssertionResponse((ASCLoginChoiceProtocol *)loginChoice, context.get());

            }];

        String loginChoiceName = platformLoginChoice.name;

        [self dispatchCoordinatorCallback:[loginChoiceName = WTFMove(loginChoiceName), context = retainPtr(context)] (WebKit::AuthenticatorPresenterCoordinator& coordinator) mutable {

            coordinator.didSelectAssertionResponse(loginChoiceName, context.get());

        }];

7072

71 return;

72 }

73 return;

    }

    if ([loginChoice isKindOfClass:WebKit::getASCSecurityKeyPublicKeyCredentialLoginChoiceClass()]) {

        if ([(ASCSecurityKeyPublicKeyCredentialLoginChoice *)loginChoice loginChoiceKind] == ASCSecurityKeyPublicKeyCredentialLoginChoiceKindAssertion) {

            [self dispatchCoordinatorCallback:[loginChoice] (WebKit::AuthenticatorPresenterCoordinator& coordinator) mutable {

                coordinator.didSelectAssertionResponse((ASCLoginChoiceProtocol *)loginChoice, nil);

        auto *securityKeyLoginChoice = (ASCSecurityKeyPublicKeyCredentialLoginChoice *)loginChoice;

        if ([securityKeyLoginChoice loginChoiceKind] == ASCSecurityKeyPublicKeyCredentialLoginChoiceKindAssertion) {

            String loginChoiceName = securityKeyLoginChoice.name;

            [self dispatchCoordinatorCallback:[loginChoiceName = WTFMove(loginChoiceName)] (WebKit::AuthenticatorPresenterCoordinator& coordinator) mutable {

                coordinator.didSelectAssertionResponse(loginChoiceName, nil);

            }];

            return;