commit | 5bac165c3a66f63ce3511975a81d72c8b7031058 | [log] [tgz] |
---|---|---|
author | Martin Kreichgauer <martinkr@google.com> | Wed Aug 22 16:41:10 2018 |
committer | Commit Bot <commit-bot@chromium.org> | Wed Aug 22 16:41:10 2018 |
tree | 9b79c49c8e699f8094f48996c415926418f27946 | |
parent | 844c12c60076653ccd709a5ab2593e2be8461ec3 [diff] |
fido: return NOT_ALLOWED_ERROR for OPERATION_DENIED from platform authenticator This changes FidoRequestHandler to translate any CtapDeviceResponseCode::kCtap2ErrOperationDenied (CTAP2_ERR_OPERATION_DENIED) responses from platform authenticators into FidoReturnCode::kUserConsentDenied. Upon receiving this error, all outstanding authenticator requests are cancelled, and the error is bubbled up into a NOT_ALLOWED_ERROR. More concretely, this is going to change UI behavior such that the request is cancelled if the user clicks cancel or fails verification in the native macOS Touch ID dialog. The WebAuthn spec in sections 5.1.3 and 5.1.4 states that "If any authenticator returns a status indicating that the user cancelled the operation", which indicate that the UA should cancel the entire operation and return NOT_ALLOWED_ERROR in this case". CTAP2_ERR_OPERATION_DENIED is used by the CTAP2 spec to signal - user declined to create a credential - user failed gesture verification - time out during user consent collection - user failing to select a credential on authenticators with account chooser UI (deny or timeout) Because of the reference to authenticator-defined timeouts, it is debatable whether this CTAP error sufficiently indicates that "the user cancelled the operation". For internal authenticators (Touch ID), however, this is definitely the case. I will track a follow-up discussion whether to extend this behavior to external authenticators also in crbug/875982. Also fix a bug in MockFidoDevice GetId generation and add a |ExpectCtapRequestAndReturnError| helper method. Bug: 875982, 678128 Change-Id: I616b319accb7d387c0d98de059c52b04bc80ce59 Reviewed-on: https://chromium-review.googlesource.com/1181863 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Jun Choi <hongjunchoi@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#585070}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .