Closed Bug 1435527 Opened 2 years ago Closed 2 years ago

Web Authentication - Run to Timeout from navigator.credentials.get when PublicKeyCredentialRequestOptions.allowCredentials is empty

Categories

(Core :: DOM: Device Interfaces, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla60
Tracking Status
firefox60 --- fixed

People

(Reporter: mail, Assigned: ttaubert)

References

Details

(Whiteboard: [webauthn][webauthn-interop])

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Build ID: 20180203100135

Steps to reproduce:

This bug is related to WebAuthn.
https://bugzilla.mozilla.org/show_bug.cgi?id=1294514

# Setup

create a credential by calling `navigator.credentials.create`

# Test

call `navigator.credentials.get` with PublicKeyCredentialRequestOptions whose allowCredentials is empty.



Actual results:

DOMException with message "The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission." is thrown.

(It is confirmed that an assertion is returned when putting item with a crednetialId to allowCredentials.)


Expected results:

assertion should be returned
Summary: Nothing returned from when PublicKeyCredentialRequestOptions.allowCredentials is empty → DOMException thrown from navigator.credentials.get when PublicKeyCredentialRequestOptions.allowCredentials is empty
Summary: DOMException thrown from navigator.credentials.get when PublicKeyCredentialRequestOptions.allowCredentials is empty → DOMException is thrown from navigator.credentials.get when PublicKeyCredentialRequestOptions.allowCredentials is empty
Since we don't support any authenticators yet that can operate without a passed-in AllowCredential, we can't return an assertion. (U2F devices -- all we support -- have no internal storage)

That said, per 5.1.4 [1] step 19, we should return a NotAllowedError at the end of the timeout, not immediately.

You can reproduce this easily with:

navigator.credentials.get({publicKey: {
  timeout: 3000,
  challenge: new Uint8Array(),
  allowCredentials: [],
}})
.catch( (e) => {console.log("Should be NotAllowedError after timeout. Error = ", e.name);} );


[1] https://w3c.github.io/webauthn/#discover-from-external-source
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Unspecified → All
Priority: -- → P1
Hardware: Unspecified → All
Summary: DOMException is thrown from navigator.credentials.get when PublicKeyCredentialRequestOptions.allowCredentials is empty → Web Authentication - Run to Timeout from navigator.credentials.get when PublicKeyCredentialRequestOptions.allowCredentials is empty
Whiteboard: [webauthn][webauthn-interop]
Assignee: nobody → ttaubert
Status: NEW → ASSIGNED
Comment on attachment 8949112 [details]
Bug 1435527 - Run to Timeout from navigator.credentials.get when PublicKeyCredentialRequestOptions.allowCredentials is empty r=jcj

J.C. Jones [:jcj] has approved the revision.

https://phabricator.services.mozilla.com/D559
Attachment #8949112 - Flags: review+
Pushed by ttaubert@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/e2818fa57916
Run to timeout from navigator.credentials.get() when PublicKeyCredentialRequestOptions.allowCredentials is empty r=jcj
Backout by aciure@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/ec6cd52c3fde
Backed out changeset e2818fa57916 mochitest leakcheck failures, a=backout on a CLOSED TREE
Turns out that using a global `let credm = navigator.credentials` together with the new `add_task()` routines somehow leaks... Going to fix up the test a bit.
Pushed by ttaubert@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/c4034229cf62
Run to timeout from navigator.credentials.get() when PublicKeyCredentialRequestOptions.allowCredentials is empty r=jcj
https://hg.mozilla.org/mozilla-central/rev/c4034229cf62
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Thank you for clarification, but I got another DOMException named "UnknownError" from `navigator.credentials.get` wih 60.0a1 (2018-02-09).

DOMException
 name: UnknownError
 message: The operation failed for an unknown transient reason

Demo site to reproduce:
https://ynojima.github.io/webauthn-exp/

My environment:
  OS: Windows 10 64bit
  Browser: Firefox Nigtly 60.0a1 (2018-02-09)
  FIDO U2FKey : Yubico FIDO U2F Security Key
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Please don't reopen bugs. File a new one for new issues.
Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Resolution: --- → FIXED
Depends on: 1437487
You need to log in before you can comment on or make changes to this bug.