Closed Bug 1773760 Opened 2 years ago Closed 2 years ago

WebAuthn enums should be DOMStrings

Categories

(Core :: DOM: Web Authentication, defect, P2)

Product:
Core
Component:
DOM: Web Authentication
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
111 Branch
Tracking Flags:
Tracking Status
firefox111 --- verified
firefox112 --- verified

People

(Reporter: nsatragno, Assigned: jschanck)

Details

Attachments

(8 files)

Bug 1773760 - part 1: make AuthenticatorAttachment a DOMString. r=keeler
48 bytes, text/x-phabricator-request
Details | Review
Bug 1773760 - part 2: make AttestationConveyancePreference a DOMString. r=keeler
48 bytes, text/x-phabricator-request
Details | Review
Bug 1773760 - part 3: make UserVerificationRequirement a DOMString. r=keeler
48 bytes, text/x-phabricator-request
Details | Review
Bug 1773760 - part 4: make PublicKeyCredentialType a DOMString. r=keeler
48 bytes, text/x-phabricator-request
Details | Review
Bug 1773760 - part 5: remove the AuthenticatorTransport enum. r=keeler
48 bytes, text/x-phabricator-request
Details | Review
Bug 1773760 - part 6: remove the TokenBindingStatus enum. r=keeler
48 bytes, text/x-phabricator-request
Details | Review
Bug 1773760 - part 7: update legacy tests. r=keeler
48 bytes, text/x-phabricator-request
Details | Review
Bug 1773760 - part 8: move string constants to WebAuthnEnumStrings.h. r=keeler
48 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36

Steps to reproduce:

Run

navigator.credentials.create({
    publicKey: {
        challenge: new Uint8Array(),
        authenticatorSelection: {
            authenticatorAttachment: "not a valid member",
        },
        rp: { name: "rp" },
        user: { displayName: "display", name: "user", id: new Uint8Array() },
        pubKeyCredParams: [],
    }
})

Actual results:

Uncaught (in promise) TypeError: CredentialsContainer.create: 'not a valid member' (value of 'authenticatorAttachment' member of AuthenticatorSelectionCriteria) is not a valid value for enumeration AuthenticatorAttachment.
<anonymous> debugger eval code:1

Expected results:

The bad value should be ignored and the default applied instead. See https://github.com/w3c/webauthn/issues/1738

The AuthenticatorAttachment, ResidentKeyRequirement, UserVerificationRequirement, AttestationConveyancePreference enums should all be DOMStrings instead, and invalid values considered the default. It might also be worth it issuing a warning if an invalid value is detected.

The Bugbug bot thinks this bug should belong to the 'DevTools::Debugger' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Debugger
Product: Firefox → DevTools
Component: Debugger → DOM: Web Authentication
Product: DevTools → Core
Priority: -- → P1
Assignee: nobody → bugs
Severity: -- → S4
Assignee: bugs → jschanck
Severity: S4 → S2
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: P1 → P2
Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8507daa63430 part 1: make AuthenticatorAttachment a DOMString. r=keeler,webidl,smaug https://hg.mozilla.org/integration/autoland/rev/7c89625a2b88 part 2: make AttestationConveyancePreference a DOMString. r=keeler,webidl,smaug https://hg.mozilla.org/integration/autoland/rev/5b5584197d5f part 3: make UserVerificationRequirement a DOMString. r=keeler,webidl,smaug https://hg.mozilla.org/integration/autoland/rev/0276c01b26db part 4: make PublicKeyCredentialType a DOMString. r=keeler,webidl,smaug https://hg.mozilla.org/integration/autoland/rev/d644ed6a5b97 part 5: remove the AuthenticatorTransport enum. r=keeler,webidl,smaug https://hg.mozilla.org/integration/autoland/rev/3d270430ac9a part 6: remove the TokenBindingStatus enum. r=webidl,smaug https://hg.mozilla.org/integration/autoland/rev/d874fa9f72da part 7: update legacy tests. r=keeler https://hg.mozilla.org/integration/autoland/rev/d21043c53a8e part 8: move string constants to WebAuthnEnumStrings.h. r=keeler

Backed out for causing multiple failures

  • Backout link
  • Push with failures
  • Failure Log
  • Failure line: TEST-UNEXPECTED-FAIL | dom/webauthn/tests/u2f/test_webauthn_get_assertion.html | Expecting a TypeError, got InvalidStateError: An attempt was made to use an object that is not, or is no longer, usable

Build bustages: https://treeherder.mozilla.org/logviewer?job_id=403556801&repo=autoland

Flags: needinfo?(jschanck)
Flags: needinfo?(jschanck)
Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/add0d611bf3a part 1: make AuthenticatorAttachment a DOMString. r=keeler,webidl,smaug https://hg.mozilla.org/integration/autoland/rev/2effc5a02677 part 2: make AttestationConveyancePreference a DOMString. r=keeler,webidl,smaug https://hg.mozilla.org/integration/autoland/rev/43bae636e48c part 3: make UserVerificationRequirement a DOMString. r=keeler,webidl,smaug https://hg.mozilla.org/integration/autoland/rev/3c4258bfcc1e part 4: make PublicKeyCredentialType a DOMString. r=keeler,webidl,smaug https://hg.mozilla.org/integration/autoland/rev/35f1aa6782f2 part 5: remove the AuthenticatorTransport enum. r=keeler,webidl,smaug https://hg.mozilla.org/integration/autoland/rev/55680d666baa part 6: remove the TokenBindingStatus enum. r=webidl,smaug https://hg.mozilla.org/integration/autoland/rev/90d4cdf53000 part 7: update legacy tests. r=keeler https://hg.mozilla.org/integration/autoland/rev/ef6ac6942132 part 8: move string constants to WebAuthnEnumStrings.h. r=keeler

Reproducible on a 2023-01-25 Nightly build on macOS 12.
Verified as fixed on Firefox 111.0b4(build ID: 20230221190142) and Nightly 112.0a1(build ID: 20230222094403) on macOS 12, Windows 10, Ubuntu 22.

Status: RESOLVED → VERIFIED
status-firefox111: fixedverified
status-firefox112: --- → verified
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: