Multiple conditions for starting caBLE discovery are broken |
|||||
Issue descriptionThe first bug is that the dialog is never shown if caBLE is enabled but the |cable_extension| is not provided in the GetAssertion request. This is because GetAssertionRequestHandler's constructor will not actually create and start a FidoCableDiscovery if the request is missing the |cable_extension| data, while FidoRequestHandlerBase's |notify_observer_callback_| barrier closure will still wait for the discovery to start. The second bug is that caBLE will not be used for a GetAssertion request if the same web page already issued a MakeCredential request before. This is because AuthenticatorImpl::MakeCredential will remove caBLE from AuthenticatorImpl::protocols_. However, the same AuthenticatorImpl instance will be used to service the GetAssertionRequest, which will pass a list of |protocols_| without caBLE to the GetAssertionRequestHandler.
,
Aug 29
,
Aug 29
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3 commit 5b4891f357c8983e5b0dfc8e83adf4a97f227bd3 Author: Balazs Engedy <engedy@chromium.org> Date: Wed Aug 29 23:08:00 2018 Fix two bugs affecting starting caBLE discovery. The first bug is that the WebAuthn dialog is never shown if caBLE is enabled but the |cable_extension| is not provided in the GetAssertion request. It's because GetAssertionRequestHandler's constructor will not actually create and start a FidoCableDiscovery if the request is missing the |cable_extension| data, while FidoRequestHandlerBase's barrier closure will still wait for the discovery to start the transport protocol is marked available in |available_transports|. The second bug is that caBLE will not be used for a GetAssertion request if the same web page already issued a MakeCredential request before. This is because AuthenticatorImpl::MakeCredential will remove caBLE from |protocols_|. However, the same AuthenticatorImpl instance will be used to service the GetAssertionRequest, which will already see a trimmed list of |protocols_| without caBLE, and pass it to GetAssertionRequestHandler. Bug: 878877 Change-Id: I6b7c915fc0de63e6da29399825071734405e424c Reviewed-on: https://chromium-review.googlesource.com/1194040 Reviewed-by: Chris Palmer <palmer@chromium.org> Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org> Commit-Queue: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#587355} [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/content/browser/webauth/authenticator_impl.cc [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/content/browser/webauth/authenticator_impl.h [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/content/browser/webauth/authenticator_impl_unittest.cc [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/content/browser/webauth/authenticator_type_converters.cc [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/content/browser/webauth/authenticator_type_converters.h [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/device/fido/BUILD.gn [add] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/device/fido/cable/cable_discovery_data.h [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/device/fido/cable/fido_cable_discovery.cc [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/device/fido/cable/fido_cable_discovery.h [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/device/fido/cable/fido_cable_discovery_unittest.cc [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/device/fido/ctap_get_assertion_request.cc [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/device/fido/ctap_get_assertion_request.h [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/device/fido/fido_discovery.cc [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/device/fido/fido_discovery.h [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/device/fido/get_assertion_handler_unittest.cc [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/device/fido/get_assertion_request_handler.cc [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/device/fido/make_credential_handler_unittest.cc [modify] https://crrev.com/5b4891f357c8983e5b0dfc8e83adf4a97f227bd3/device/fido/make_credential_request_handler.cc
,
Sep 3
This issue is marked as a release blocker with no OS labels associated. Please add an appropriate OS label. All release blocking issues should have OS labels associated to it, so that the issue can tracked and promptly verified, once it gets fixed. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 3
This made the branch, no merges needed.
,
Sep 3
[Auto-generated comment by a script] We noticed that this issue is targeted for M-70; it appears the fix may have landed after branch point, meaning a merge might be required. Please confirm if a merge is required here - if so add Merge-Request-70 label, otherwise remove Merge-TBD label. Thanks.
,
Sep 4
Double checked that no merge is required. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by engedy@chromium.org
, Aug 29