[WebAuthN] userPresence should always be true
authorjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 21 Dec 2018 23:27:27 +0000 (23:27 +0000)
committerjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 21 Dec 2018 23:27:27 +0000 (23:27 +0000)
https://bugs.webkit.org/show_bug.cgi?id=192835
<rdar://problem/46538788>

Reviewed by Brent Fulgham.

Source/WebCore:

In the current spec as of 7 August 2018, userPresence is suggested to set to the inverse of userVerification.
This doesn't comply with the CTAP spec. Details in: https://github.com/w3c/webauthn/issues/1123.
After discussing with other members of the working group, we decided to make userPresence always default to true.

Covered by exisiting tests.

* Modules/webauthn/fido/DeviceRequestConverter.cpp:
(fido::encodeGetAssertionRequestAsCBOR):

Tools:

* TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239523 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WebCore/FidoTestData.h

index 415b202..afe006a 100644 (file)
@@ -1,5 +1,22 @@
 2018-12-21  Jiewen Tan  <jiewen_tan@apple.com>
 
+        [WebAuthN] userPresence should always be true
+        https://bugs.webkit.org/show_bug.cgi?id=192835
+        <rdar://problem/46538788>
+
+        Reviewed by Brent Fulgham.
+
+        In the current spec as of 7 August 2018, userPresence is suggested to set to the inverse of userVerification.
+        This doesn't comply with the CTAP spec. Details in: https://github.com/w3c/webauthn/issues/1123.
+        After discussing with other members of the working group, we decided to make userPresence always default to true.
+
+        Covered by exisiting tests.
+
+        * Modules/webauthn/fido/DeviceRequestConverter.cpp:
+        (fido::encodeGetAssertionRequestAsCBOR):
+
+2018-12-21  Jiewen Tan  <jiewen_tan@apple.com>
+
         [WebAuthN] Import an APDU coder from Chromium
         https://bugs.webkit.org/show_bug.cgi?id=192949
         <rdar://problem/46879933>
index 2d2d922..ebdb192 100644 (file)
@@ -159,7 +159,7 @@ Vector<uint8_t> encodeGetAssertionRequestAsCBOR(const Vector<uint8_t>& hash, con
         requireUserVerification = false;
     }
     optionMap[CBORValue(kUserVerificationMapKey)] = CBORValue(requireUserVerification);
-    optionMap[CBORValue(kUserPresenceMapKey)] = CBORValue(!requireUserVerification);
+    optionMap[CBORValue(kUserPresenceMapKey)] = CBORValue(true);
 
     if (!optionMap.empty())
         cborMap[CBORValue(5)] = CBORValue(WTFMove(optionMap));
index 4f52c7b..09e26b9 100644 (file)
@@ -1,3 +1,14 @@
+2018-12-21  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebAuthN] userPresence should always be true
+        https://bugs.webkit.org/show_bug.cgi?id=192835
+        <rdar://problem/46538788>
+
+        Reviewed by Brent Fulgham.
+
+        * TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp:
+        (TestWebKitAPI::TEST):
+
 2018-12-19  Simon Fraser  <simon.fraser@apple.com>
 
         Add support to run-benchmark to use non-default copies of the browser apps
index efea65b..60d37f5 100644 (file)
@@ -344,8 +344,8 @@ constexpr uint8_t kTestComplexCtapGetAssertionRequest[] = {
     0xa2,
     // key -"up"
     0x62, 0x75, 0x70,
-    // value - False(20)
-    0xf4,
+    // value - True(21)
+    0xf5,
     // key - "uv"
     0x62, 0x75, 0x76,
     // value - True(21)