1552602 - Disable FIDO U2F API for Android

Status: RESOLVED FIXED

(Core :: DOM: Web Authentication, defect, P1)

Description

[J.C. Jones [:jcj] (he/they)]

Per https://bugzilla.mozilla.org/show_bug.cgi?id=1550625#c5 there is no mechanism available for FIDO U2F JS API operations on Android. The exposed API is FIDO2/WebAuthn-only. As such, Firefox cannot support FIDO U2F JS API operations on Android, and we should disable the u2f preference so that window.u2f is not set inappropriately.

Comment 1

[J.C. Jones [:jcj] (he/they)]

Attachment: Bug 1552602 - Disable FIDO U2F API for Android r?keeler

Per https://bugzilla.mozilla.org/show_bug.cgi?id=1550625#c5 there is no
mechanism available for FIDO U2F JS API operations on Android. The exposed API
is FIDO2/WebAuthn-only. As such, Firefox cannot support FIDO U2F JS API
operations on Android, and we should disable the u2f preference so that
window.u2f is not set inappropriately.

Comment 2

[Pulsebot]

Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/8e8ea33ecb3d
Disable FIDO U2F API for Android r=keeler

Comment 3

[Bogdan Tara[:bogdan_tara | bogdant]]

Backed out changeset 8e8ea33ecb3d (Bug 1552602) for test_interfaces_secureContext.html failures

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&searchStr=android%2C4.3%2Capi16%2B%2Cdebug%2Cmochitests%2Cwithout%2Ce10s%2Ctest-android-em-4.3-arm7-api-16%2Fdebug-mochitest-1proc-44%2Cm-1proc%2844%29&fromchange=197df45a8076f497c59951d3ab818af9ba7eedcc&tochange=777492b75f9745bd78dc96155ccd91523b788db0&selectedJob=247146101

Backout link: https://hg.mozilla.org/integration/autoland/rev/777492b75f9745bd78dc96155ccd91523b788db0

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=247146101&repo=autoland&lineNumber=1695

[task 2019-05-18T00:46:25.750Z] 00:46:25 INFO - 123 INFO TEST-START | dom/tests/mochitest/general/test_interfaces_secureContext.html
[task 2019-05-18T00:47:07.826Z] 00:47:07 INFO - <snipped 2326 output lines - if you need more context, please use SimpleTest.requestCompleteLog() in your test>
[task 2019-05-18T00:47:07.827Z] 00:47:07 INFO - Buffered messages logged at 00:46:56
[task 2019-05-18T00:47:07.828Z] 00:47:07 INFO - 124 INFO TEST-PASS | dom/tests/mochitest/general/test_interfaces_secureContext.html | If this is failing: DANGER, are you sure you want to expose the new interface Comment to all webpages as a property on the window? Do not make a change to this file without a review from a DOM peer for that specific change!!! (or a JS peer for changes to ecmaGlobals)
...
[task 2019-05-18T00:47:07.882Z] 00:47:07 INFO - 222 INFO TEST-PASS | dom/tests/mochitest/general/test_interfaces_secureContext.html | ScopedCredentialInfo should NOT be defined on the global scope
[task 2019-05-18T00:47:07.883Z] 00:47:07 INFO - 223 INFO TEST-PASS | dom/tests/mochitest/general/test_interfaces_secureContext.html | StorageManager should NOT be defined on the global scope
[task 2019-05-18T00:47:07.883Z] 00:47:07 INFO - Buffered messages finished
[task 2019-05-18T00:47:07.887Z] 00:47:07 INFO - 224 INFO TEST-UNEXPECTED-FAIL | dom/tests/mochitest/general/test_interfaces_secureContext.html | U2F should be defined on the global scope
[task 2019-05-18T00:47:07.888Z] 00:47:07 INFO - SimpleTest.ok@https://example.com/tests/SimpleTest/SimpleTest.js:275:18
[task 2019-05-18T00:47:07.889Z] 00:47:07 INFO - runTest@https://example.com/tests/dom/tests/mochitest/general/test_interfaces.js:1337:5
[task 2019-05-18T00:47:07.889Z] 00:47:07 INFO - @https://example.com/tests/dom/tests/mochitest/general/test_interfaces.js:1347:1
[task 2019-05-18T00:47:07.890Z] 00:47:07 INFO - 225 INFO TEST-PASS | dom/tests/mochitest/general/test_interfaces_secureContext.html | UserProximityEvent should NOT be defined on the global scope
[task 2019-05-18T00:47:07.891Z] 00:47:07 INFO - 226 INFO TEST-PASS | dom/tests/mochitest/general/test_interfaces_secureContext.html | WebAuthnAssertion should NOT be defined on the global scope
[task 2019-05-18T00:47:07.892Z] 00:47:07 INFO - 227 INFO TEST-PASS | dom/tests/mochitest/general/test_interfaces_secureContext.html | WebAuthnAttestation should NOT be defined on the global scope
[task 2019-05-18T00:47:07.892Z] 00:47:07 INFO - 228 INFO TEST-PASS | dom/tests/mochitest/general/test_interfaces_secureContext.html | WebAuthentication should NOT be defined on the global scope
[task 2019-05-18T00:47:07.893Z] 00:47:07 INFO - 229 INFO TEST-UNEXPECTED-FAIL | dom/tests/mochitest/general/test_interfaces_secureContext.html | The following interface(s) are not enumerated: U2F - got 1, expected +0
[task 2019-05-18T00:47:07.893Z] 00:47:07 INFO - SimpleTest.is@https://example.com/tests/SimpleTest/SimpleTest.js:320:16
[task 2019-05-18T00:47:07.894Z] 00:47:07 INFO - runTest@https://example.com/tests/dom/tests/mochitest/general/test_interfaces.js:1343:3
[task 2019-05-18T00:47:07.894Z] 00:47:07 INFO - @https://example.com/tests/dom/tests/mochitest/general/test_interfaces.js:1347:1
[task 2019-05-18T00:47:07.895Z] 00:47:07 INFO - 230 INFO TEST-OK | dom/tests/mochitest/general/test_interfaces_secureContext.html | took 43711ms
[task 2019-05-18T00:47:07.895Z] 00:47:07 INFO - 231 INFO TEST-START | Shutdown
[task 2019-05-18T00:47:07.895Z] 00:47:07 INFO - 232 INFO Passed: 2430
[task 2019-05-18T00:47:07.896Z] 00:47:07 WARNING - 233 INFO Failed: 2
[task 2019-05-18T00:47:07.896Z] 00:47:07 WARNING - One or more unittests failed.
[task 2019-05-18T00:47:07.896Z] 00:47:07 INFO - 234 INFO Todo: 0
[task 2019-05-18T00:47:07.896Z] 00:47:07 INFO - 235 INFO Mode: non-e10s
[task 2019-05-18T00:47:07.897Z] 00:47:07 INFO - 236 INFO Slowest: 43708ms - /tests/dom/tests/mochitest/general/test_interfaces_secureContext.html
[task 2019-05-18T00:47:07.897Z] 00:47:07 INFO - 237 INFO SimpleTest FINISHED
[task 2019-05-18T00:48:21.045Z] 00:48:21 INFO - Failed to get top activity, retrying, once...
[task 2019-05-18T00:48:21.962Z] 00:48:21 INFO - wait for org.mozilla.fennec_aurora complete; top activity=com.android.launcher
[task 2019-05-18T00:48:22.168Z] 00:48:22 INFO - remoteautomation.py | Application ran for: 0:04:39.736009
[task 2019-05-18T00:48:22.790Z] 00:48:22 INFO - Stopping web server
[task 2019-05-18T00:48:22.799Z] 00:48:22 INFO - Stopping web socket server
[task 2019-05-18T00:48:22.820Z] 00:48:22 INFO - Stopping ssltunnel
[task 2019-05-18T00:48:22.843Z] 00:48:22 INFO - leakcheck | refcount logging is off, so leaks can't be detected!
[task 2019-05-18T00:48:22.843Z] 00:48:22 INFO - runtests.py | Running tests: end.

Comment 4

[J.C. Jones [:jcj] (he/they)]

[Tracking Requested - why for this release]:

I'm out Monday the 20th, so assuming I miss the merge with the rework (it's on try and r? bz), we'll need to uplift this to 68 as part of the Fennec/WebAuthn support.

Comment 5

[Pulsebot]

Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/0b5457f89030
Disable FIDO U2F API for Android r=keeler,bzbarsky

Comment 6

[Arthur Iakab [arthur_iakab]]

https://hg.mozilla.org/mozilla-central/rev/0b5457f89030

Comment 7

[J.C. Jones [:jcj] (he/they)]

Comment on attachment 9065830 [details]
Bug 1552602 - Disable FIDO U2F API for Android r?keeler

Beta/Release Uplift Approval Request

• User impact if declined: Capability checking will assume the FIDO U2F API is available when it is not.
• Is this code covered by automated tests?: Yes
• Has the fix been verified in Nightly?: No
• Needs manual test from QE?: No
• If yes, steps to reproduce:
• List of other uplifts needed: None
• Risk to taking this patch: Low
• Why is the change risky/not risky? (and alternatives if risky): It's a pref-off and a test-flip. However, there's no way to test Fennec features in Nightly anymore, so we effectively must go straight to Beta.
• String changes made/needed:

Comment 8

[Julien Cristau [:jcristau]]

Comment on attachment 9065830 [details]
Bug 1552602 - Disable FIDO U2F API for Android r?keeler

disable fido u2f api for upcoming fennec nightly and beta builds

Comment 9

[Alexandru Michis [:malexandru]]

https://hg.mozilla.org/releases/mozilla-beta/rev/fc4e6975d7fe