[WebAuthn] Provide more informative error for UV unavailability

It is possible to create a credential on an authenticator that supports
user verification but doesn't have it configured.

If the user then tries to authenticate using that credential, and the
relying party sets UV=required, the message returned says that no
credential exists. This could be confusing for developers trying to
debug problems.

This patch changes the error to indicate that UV is not available.

Fixed: 1029285
Change-Id: Id70960d0a3830854decfa9d02464cd51c1c8f52a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1943386
Commit-Queue: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Reviewed-by: Adam Langley <agl@chromium.org>
Cr-Commit-Position: refs/heads/master@{#720624}

content/browser/webauth/webauth_browsertest.cc

@@ -989,7 +989,7 @@ IN_PROC_BROWSER_TEST_F(WebAuthJavascriptClientBrowserTest,
 // Tests that when navigator.credentials.get() is called with user verification
 // required, we get an NotAllowedError because the virtual device isn't
 // configured with UV and GetAssertionRequestHandler will return
-// |kUserConsentButCredentialNotRecognized| when such an authenticator is
+// |kAuthenticatorMissingUserVerification| when such an authenticator is
 // touched in that case.
 IN_PROC_BROWSER_TEST_F(WebAuthJavascriptClientBrowserTest,
                        GetPublicKeyCredentialUserVerification) {

device/fido/get_assertion_handler_unittest.cc

@@ -236,7 +236,7 @@ TEST_F(FidoGetAssertionHandlerTest, TestIncompatibleUserVerificationSetting) {
   discovery()->AddDevice(std::move(device));
 
   task_environment_.FastForwardUntilNoTasksRemain();
-  EXPECT_EQ(GetAssertionStatus::kUserConsentButCredentialNotRecognized,
+  EXPECT_EQ(GetAssertionStatus::kAuthenticatorMissingUserVerification,
             get_assertion_callback().status());
 }
 
@@ -259,7 +259,7 @@ TEST_F(FidoGetAssertionHandlerTest,
   discovery()->AddDevice(std::move(device));
 
   task_environment_.FastForwardUntilNoTasksRemain();
-  EXPECT_EQ(GetAssertionStatus::kUserConsentButCredentialNotRecognized,
+  EXPECT_EQ(GetAssertionStatus::kAuthenticatorMissingUserVerification,
             get_assertion_callback().status());
 }
 

device/fido/get_assertion_request_handler.cc

@@ -284,7 +284,7 @@ void GetAssertionRequestHandler::DispatchRequest(
                       << " cannot satisfy assertion request. Requesting "
                          "touch in order to handle error case.";
       authenticator->GetTouch(base::BindOnce(
-          &GetAssertionRequestHandler::HandleInapplicableAuthenticator,
+          &GetAssertionRequestHandler::HandleAuthenticatorMissingUV,
           weak_factory_.GetWeakPtr(), authenticator));
       return;
 
@@ -516,13 +516,13 @@ void GetAssertionRequestHandler::HandleTouch(FidoAuthenticator* authenticator) {
                      weak_factory_.GetWeakPtr()));
 }
 
-void GetAssertionRequestHandler::HandleInapplicableAuthenticator(
+void GetAssertionRequestHandler::HandleAuthenticatorMissingUV(
     FidoAuthenticator* authenticator) {
   // User touched an authenticator that cannot handle this request.
   state_ = State::kFinished;
   CancelActiveAuthenticators(authenticator->GetId());
   std::move(completion_callback_)
-      .Run(GetAssertionStatus::kUserConsentButCredentialNotRecognized,
+      .Run(GetAssertionStatus::kAuthenticatorMissingUserVerification,
            base::nullopt, nullptr);
 }
 

device/fido/get_assertion_request_handler.h

@@ -96,7 +96,7 @@ class COMPONENT_EXPORT(DEVICE_FIDO) GetAssertionRequestHandler
       CtapDeviceResponseCode response_code,
       base::Optional<AuthenticatorGetAssertionResponse> response);
   void HandleTouch(FidoAuthenticator* authenticator);
-  void HandleInapplicableAuthenticator(FidoAuthenticator* authenticator);
+  void HandleAuthenticatorMissingUV(FidoAuthenticator* authenticator);
   void OnRetriesResponse(CtapDeviceResponseCode status,
                          base::Optional<pin::RetriesResponse> response);
   void OnHavePIN(std::string pin);