REGRESSION(273918@main): WebAuthn cancel completion handler is never …

…called https://bugs.webkit.org/show_bug.cgi?id=270473 rdar://122985287 Reviewed by Pascoe. A completion handler from the web process is stored in `m_cancelHandler` to be called by the delegate. However, the delegate is immediately cleared, so the completion handler will never be called. We shouldn’t clear the delegate and controller until `m_cancelHandler` is called. * Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm: Canonical link: https://commits.webkit.org/275673@main
WebKit · Mar 5, 2024 · 6c90d82 · 6c90d82
1 parent e1d3b91
commit 6c90d82
Showing 1 changed file with 13 additions and 8 deletions.
diff --git a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm
@@ -466,14 +466,14 @@ static inline ASAuthorizationPublicKeyCredentialLargeBlobSupportRequirement toAS
             if (weakThis) {
                 if (activeConditionalMediationProxy() == weakThis)
                     activeConditionalMediationProxy() = nullptr;
-                if (auto cancelHandler = WTFMove(weakThis->m_cancelHandler))
-                    cancelHandler();
                 if (!weakThis->m_paused) {
                     weakThis->m_completionHandler(response, attachment, exceptionData);
                     weakThis->m_delegate.clear();
                     weakThis->m_controller.clear();
                     weakThis->m_isConditionalMediation = false;
                 }
+                if (auto cancelHandler = WTFMove(weakThis->m_cancelHandler))
+                    cancelHandler();
             }
         });
     }).get()]);
@@ -1063,7 +1063,16 @@ static inline void getArePasskeysDisallowedForRelyingParty(const WebCore::Securi
 #else
     if (m_proxy) {
 #endif
-        m_cancelHandler = WTFMove(handler);
+        m_cancelHandler = [weakThis = WeakPtr { *this }, handler = WTFMove(handler)]() mutable {
+#if HAVE(WEB_AUTHN_AS_MODERN)
+            if (weakThis) {
+                weakThis->m_controller.clear();
+                weakThis->m_delegate.clear();
+                weakThis->m_completionHandler = nullptr;
+            }
+#endif
+            handler();
+        };
     } else
         handler();
 
@@ -1072,12 +1081,8 @@ static inline void getArePasskeysDisallowedForRelyingParty(const WebCore::Securi
         m_proxy.clear();
     }
 #if HAVE(WEB_AUTHN_AS_MODERN)
-    if (m_controller) {
+    if (m_controller)
         [m_controller cancel];
-        m_controller.clear();
-        m_delegate.clear();
-        m_completionHandler = nullptr;
-    }
 #endif
 }