WebAuthn authenticatorAttachment is always "platform" over hybrid

https://bugs.webkit.org/show_bug.cgi?id=248800 rdar://102608692 Reviewed by J Pascoe. At the time this was written, the type of credential implied the attachment. Now all of the credential types have an attachment property to use instead. Canonical link: https://commits.webkit.org/257576@main
WebKit · Dec 8, 2022 · f1464f7963f4f9e7af500b80138f919596f5ab21 · f1464f7
1 parent 5e92b79
commit f1464f7963f4f9e7af500b80138f919596f5ab21
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 6 deletions.
diff --git a/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h b/Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h
@@ -295,6 +295,7 @@ typedef NS_ENUM(NSInteger, ASCredentialRequestStyle) {
 @property (nonatomic, copy, readonly) NSData *rawClientDataJSON;
 @property (nonatomic, copy) NSArray<NSNumber *> *transports;
 @property (nonatomic, copy, nullable) NSData *extensionOutputsCBOR;
+@property (nonatomic, copy, readonly) NSString *attachment;
 
 + (instancetype)new NS_UNAVAILABLE;
 - (instancetype)init NS_UNAVAILABLE;
@@ -311,6 +312,7 @@ typedef NS_ENUM(NSInteger, ASCredentialRequestStyle) {
 @property (nonatomic, copy, readonly) NSData *attestationObject;
 @property (nonatomic, copy) NSArray<NSNumber *> *transports;
 @property (nonatomic, copy, readonly, nullable) NSData *extensionOutputsCBOR;
+@property (nonatomic, copy, readonly) NSString *attachment;
 
 @end
 
@@ -327,6 +329,7 @@ typedef NS_ENUM(NSInteger, ASCredentialRequestStyle) {
 @property (nonatomic, copy, readonly) NSData *signature;
 @property (nonatomic, copy, readonly, nullable) NSData *userHandle;
 @property (nonatomic, copy, readonly, nullable) NSData *extensionOutputsCBOR;
+@property (nonatomic, copy, readonly) NSString *attachment;
 
 @end
 
@@ -341,6 +344,7 @@ typedef NS_ENUM(NSInteger, ASCredentialRequestStyle) {
 @property (nonatomic, copy, readonly, nullable) NSData *userHandle;
 @property (nonatomic, copy, readonly) NSData *rawClientDataJSON;
 @property (nonatomic, copy, readonly, nullable) NSData *extensionOutputsCBOR;
+@property (nonatomic, copy, readonly) NSString *attachment;
 
 @end
 

diff --git a/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm b/Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm
@@ -391,55 +391,54 @@ static inline ASPublicKeyCredentialResidentKeyPreference toASCResidentKeyPrefere
 static inline void continueAfterRequest(RetainPtr<id <ASCCredentialProtocol>> credential, RetainPtr<NSError> error, RequestCompletionHandler&& handler)
 {
     AuthenticatorResponseData response = { };
-    AuthenticatorAttachment attachment;
     ExceptionData exceptionData = { };
+    NSString *rawAttachment = nil;
 
     if ([credential isKindOfClass:getASCPlatformPublicKeyCredentialRegistrationClass()]) {
-        attachment = AuthenticatorAttachment::Platform;
         response.isAuthenticatorAttestationResponse = true;
 
         ASCPlatformPublicKeyCredentialRegistration *registrationCredential = credential.get();
         response.rawId = toArrayBuffer(registrationCredential.credentialID);
         response.attestationObject = toArrayBuffer(registrationCredential.attestationObject);
+        rawAttachment = registrationCredential.attachment;
         if ([registrationCredential respondsToSelector:@selector(transports)])
             response.transports = toAuthenticatorTransports(registrationCredential.transports);
         if ([registrationCredential respondsToSelector:@selector(extensionOutputsCBOR)])
             response.extensionOutputs = toExtensionOutputs(registrationCredential.extensionOutputsCBOR);
     } else if ([credential isKindOfClass:getASCSecurityKeyPublicKeyCredentialRegistrationClass()]) {
-        attachment = AuthenticatorAttachment::CrossPlatform;
         response.isAuthenticatorAttestationResponse = true;
 
         ASCSecurityKeyPublicKeyCredentialRegistration *registrationCredential = credential.get();
         response.rawId = toArrayBuffer(registrationCredential.credentialID);
         response.attestationObject = toArrayBuffer(registrationCredential.attestationObject);
+        rawAttachment = registrationCredential.attachment;
         if ([registrationCredential respondsToSelector:@selector(transports)])
             response.transports = toAuthenticatorTransports(registrationCredential.transports);
         if ([registrationCredential respondsToSelector:@selector(extensionOutputsCBOR)])
             response.extensionOutputs = toExtensionOutputs(registrationCredential.extensionOutputsCBOR);
     } else if ([credential isKindOfClass:getASCPlatformPublicKeyCredentialAssertionClass()]) {
-        attachment = AuthenticatorAttachment::Platform;
         response.isAuthenticatorAttestationResponse = false;
 
         ASCPlatformPublicKeyCredentialAssertion *assertionCredential = credential.get();
         response.rawId = toArrayBuffer(assertionCredential.credentialID);
         response.authenticatorData = toArrayBuffer(assertionCredential.authenticatorData);
         response.signature = toArrayBuffer(assertionCredential.signature);
         response.userHandle = toArrayBuffer(assertionCredential.userHandle);
+        rawAttachment = assertionCredential.attachment;
         if ([assertionCredential respondsToSelector:@selector(extensionOutputsCBOR)])
             response.extensionOutputs = toExtensionOutputs(assertionCredential.extensionOutputsCBOR);
     } else if ([credential isKindOfClass:getASCSecurityKeyPublicKeyCredentialAssertionClass()]) {
-        attachment = AuthenticatorAttachment::CrossPlatform;
         response.isAuthenticatorAttestationResponse = false;
 
         ASCSecurityKeyPublicKeyCredentialAssertion *assertionCredential = credential.get();
         response.rawId = toArrayBuffer(assertionCredential.credentialID);
         response.authenticatorData = toArrayBuffer(assertionCredential.authenticatorData);
         response.signature = toArrayBuffer(assertionCredential.signature);
         response.userHandle = toArrayBuffer(assertionCredential.userHandle);
+        rawAttachment = assertionCredential.attachment;
         if ([assertionCredential respondsToSelector:@selector(extensionOutputsCBOR)])
             response.extensionOutputs = toExtensionOutputs(assertionCredential.extensionOutputsCBOR);
     } else {
-        attachment = (AuthenticatorAttachment) 0;
         ExceptionCode exceptionCode;
         NSString *errorMessage = nil;
         if ([error.get().domain isEqualToString:WKErrorDomain]) {
@@ -459,6 +458,14 @@ static inline void continueAfterRequest(RetainPtr<id <ASCCredentialProtocol>> cr
 
         exceptionData = { exceptionCode, errorMessage };
     }
+
+    AuthenticatorAttachment attachment;
+    if ([rawAttachment isEqualToString:@"platform"])
+        attachment = AuthenticatorAttachment::Platform;
+    else {
+        ASSERT([rawAttachment isEqualToString:@"cross-platform"]);
+        attachment = AuthenticatorAttachment::CrossPlatform;
+    }
 
     handler(response, attachment, exceptionData);
 }