Closed Bug 1933195 Opened 3 months ago Closed 9 days ago

Several WebAuthn endpoints do not work and throw a "405 Method Not Allowed" error

Categories

(Testing :: geckodriver, defect, P2)

Product:
Testing
Component:
geckodriver
Type:
defect
Points:
2

Tracking

(firefox137 fixed)

Status:
RESOLVED FIXED
Milestone:
137 Branch
Tracking Flags:
Tracking Status
firefox137 --- fixed

People

(Reporter: whimboo, Assigned: whimboo)

References

(Blocks 1 open bug)

Details

(Whiteboard: [webdriver:m15])

Attachments

(2 files)

Bug 1933195 - [geckodriver] Fix route registration for WebAuthn commands.
48 bytes, text/x-phabricator-request
Details | Review
Bug 1933195 - [geckodriver] Add trace logs for registered standard and extension routes.
48 bytes, text/x-phabricator-request
Details | Review

Originally filed as https://github.com/mozilla/geckodriver/issues/2187.

Running curl on an active WebDriver session and trying to eg. adding a virtual authenticator geckodriver fails with the above mentioned error. Here an example:

$ curl -vvv -d "{}" -H 'Content-Type: application/json' 127.0.0.1:4444/session/709a661e-e94f-4755-934b-1cda5a4426c0/webauthn/authenticator
*   Trying 127.0.0.1:4444...
* Connected to 127.0.0.1 (127.0.0.1) port 4444
> POST /session/709a661e-e94f-4755-934b-1cda5a4426c0/webauthn/authenticator HTTP/1.1
> Host: 127.0.0.1:4444
> User-Agent: curl/8.4.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 2
>
< HTTP/1.1 405 Method Not Allowed
< content-type: text/plain; charset=utf-8
< content-length: 23
< date: Mon, 25 Nov 2024 13:39:11 GMT

As it looks like our WebAuthn implementation is not complete or some patch matching doesn't work in geckodriver given that it's all implemented in Marionette.

It would be nice if we would log a line to stdout in case we see a non-supported route. Right now there is no log at all.

As per the WebAuthn specification the above URL fragment is correct.

Blocks: 1910592
Severity: -- → S3
Points: --- → 3
Priority: -- → P3
Whiteboard: [webdriver:m14]
Whiteboard: [webdriver:m14] → [webdriver:m15]

The problem here is that we actually setup the routes for /sessions/{session_id}/... but not for /session/{session_id}/.... As it looks like no-one ever used these webauthn commands yet since we released geckodriver 0.34.0! Otherwise we would have clearly got failure reports.

I would suggest to just fix the route handling for the upcoming geckodriver 0.37.0 release, and follow-up with webdriver tests in another bug.

Blocks: 1948775

I filed bug 1948775 for creating the tests.

Assignee: nobody → hskupin
Status: NEW → ASSIGNED

Bumping to P2 because all the methods are actually broken.

Assignee: hskupin → nobody
Status: ASSIGNED → NEW
Priority: P3 → P2
Assignee: nobody → hskupin
Status: NEW → ASSIGNED
Pushed by hskupin@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3ab5882d8aa9 [geckodriver] Fix route registration for WebAuthn commands. r=webdriver-reviewers,jdescottes https://hg.mozilla.org/integration/autoland/rev/21956037ce19 [geckodriver] Add trace logs for registered standard and extension routes. r=webdriver-reviewers,jgraham

https://hg.mozilla.org/mozilla-central/rev/3ab5882d8aa9
https://hg.mozilla.org/mozilla-central/rev/21956037ce19

Status: ASSIGNED → RESOLVED
Closed: 9 days ago
status-firefox137: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 137 Branch

Including the investigation necessary the fix isn't worth more than 2 points.

Points: 3 → 2
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: