fido: don't show a retry error on the first UV attempt

Make AuthTokenRequester not invoke its Delegate's PromptInternalUVRetry() method the first time it calls GetUvToken() and awaits a user interaction. Fixed: 1142969 Change-Id: I38ce9ebd35a968c7346ce0cecd6a3109a0b6fb34 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2504598 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Nina Satragno <nsatragno@chromium.org> Cr-Commit-Position: refs/heads/master@{#821883}

fido: don't show a retry error on the first UV attempt
Make AuthTokenRequester not invoke its Delegate's PromptInternalUVRetry() method the first time it calls GetUvToken() and awaits a user interaction. Fixed: 1142969 Change-Id: I38ce9ebd35a968c7346ce0cecd6a3109a0b6fb34 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2504598 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Nina Satragno <nsatragno@chromium.org> Cr-Commit-Position: refs/heads/master@{#821883}
9c76fd45 · Martin Kreichgauer · Commit Bot · 650740ea · 9c76fd45 · 9c76fd45
Commit 9c76fd45 authored Oct 28, 2020 by Martin Kreichgauer Committed by Commit Bot Oct 28, 2020
3 changed files
--- a/device/fido/auth_token_requester.cc
+++ b/device/fido/auth_token_requester.cc
@@ -138,7 +138,9 @@ void AuthTokenRequester::OnGetUVRetries(
    return;
  }

+  if (is_internal_uv_retry_) {
    delegate_->PromptForInternalUVRetry(response->retries);
+  }
  authenticator_->GetUvToken({std::begin(options_.token_permissions),
                              std::end(options_.token_permissions)},
                             options_.rp_id,
@@ -178,6 +180,7 @@ void AuthTokenRequester::OnGetUVToken(

  if (status == CtapDeviceResponseCode::kCtap2ErrUvInvalid) {
    // The attempt failed, but a retry is possible.
+    is_internal_uv_retry_ = true;
    ObtainTokenFromInternalUV();
    return;
  }

--- a/device/fido/auth_token_requester.h
+++ b/device/fido/auth_token_requester.h
@@ -164,6 +164,7 @@ class COMPONENT_EXPORT(DEVICE_FIDO) AuthTokenRequester {
  Options options_;

  bool authenticator_was_selected_ = false;
+  bool is_internal_uv_retry_ = false;

  base::WeakPtrFactory<AuthTokenRequester> weak_factory_{this};
 };

--- a/device/fido/auth_token_requester_unittest.cc
+++ b/device/fido/auth_token_requester_unittest.cc
@@ -42,7 +42,8 @@ class TestAuthTokenRequesterDelegate : public AuthTokenRequester::Delegate {
  base::Optional<pin::TokenResponse>& response() { return response_; }
  bool pin_was_set() { return pin_was_set_; }
  bool pin_was_collected() { return pin_was_collected_; }
-  bool internal_uv_was_prompted() { return internal_uv_was_prompted_; }
+  bool internal_uv_was_retried() { return internal_uv_num_retries_ > 0u; }
+  size_t internal_uv_num_retries() { return internal_uv_num_retries_; }
  bool internal_uv_was_locked() { return internal_uv_was_locked_; }

 private:
@@ -61,7 +62,7 @@ class TestAuthTokenRequesterDelegate : public AuthTokenRequester::Delegate {
    std::move(provide_pin_cb).Run(pin_);
  }
  void PromptForInternalUVRetry(int attempts) override {
-    internal_uv_was_prompted_ = true;
+    internal_uv_num_retries_++;
  }
  void InternalUVLockedForAuthToken() override {
    internal_uv_was_locked_ = true;
@@ -83,7 +84,7 @@ class TestAuthTokenRequesterDelegate : public AuthTokenRequester::Delegate {

  bool pin_was_collected_ = false;
  bool pin_was_set_ = false;
-  bool internal_uv_was_prompted_ = false;
+  size_t internal_uv_num_retries_ = 0u;
  bool internal_uv_was_locked_ = false;

  base::RunLoop wait_for_result_loop_;
@@ -225,7 +226,7 @@ TEST_F(AuthTokenRequesterTest, AuthenticatorWithoutUVTokenSupport) {
      EXPECT_FALSE(delegate_->pin_was_set());
      EXPECT_FALSE(delegate_->pin_was_collected());
    }
-    EXPECT_FALSE(delegate_->internal_uv_was_prompted());
+    EXPECT_FALSE(delegate_->internal_uv_was_retried());
    EXPECT_FALSE(delegate_->internal_uv_was_locked());
  }
 }
@@ -305,9 +306,7 @@ TEST_F(AuthTokenRequesterTest, AuthenticatorWithUVTokenSupport) {
                t.client_pin == ClientPinAvailability::kSupportedAndPinSet &&
                    t.user_verification !=
                        UserVerificationAvailability::kSupportedAndConfigured);
-      EXPECT_EQ(delegate_->internal_uv_was_prompted(),
-                t.user_verification ==
-                    UserVerificationAvailability::kSupportedAndConfigured);
+      EXPECT_FALSE(delegate_->internal_uv_was_retried());
      EXPECT_FALSE(delegate_->internal_uv_was_locked());
    } else {
      EXPECT_EQ(*delegate_->result(),
@@ -315,7 +314,7 @@ TEST_F(AuthTokenRequesterTest, AuthenticatorWithUVTokenSupport) {
      EXPECT_FALSE(delegate_->response());
      EXPECT_FALSE(delegate_->pin_was_set());
      EXPECT_FALSE(delegate_->pin_was_collected());
-      EXPECT_FALSE(delegate_->internal_uv_was_prompted());
+      EXPECT_FALSE(delegate_->internal_uv_was_retried());
      EXPECT_FALSE(delegate_->internal_uv_was_locked());
    }
  }
@@ -341,7 +340,7 @@ TEST_F(AuthTokenRequesterTest, PINSoftLock) {
  EXPECT_FALSE(delegate_->response());
  EXPECT_FALSE(delegate_->pin_was_set());
  EXPECT_TRUE(delegate_->pin_was_collected());
-  EXPECT_FALSE(delegate_->internal_uv_was_prompted());
+  EXPECT_FALSE(delegate_->internal_uv_was_retried());
  EXPECT_FALSE(delegate_->internal_uv_was_locked());
 }

@@ -365,7 +364,7 @@ TEST_F(AuthTokenRequesterTest, PINHardLock) {
  EXPECT_FALSE(delegate_->response());
  EXPECT_FALSE(delegate_->pin_was_set());
  EXPECT_FALSE(delegate_->pin_was_collected());
-  EXPECT_FALSE(delegate_->internal_uv_was_prompted());
+  EXPECT_FALSE(delegate_->internal_uv_was_retried());
  EXPECT_FALSE(delegate_->internal_uv_was_locked());
 }

@@ -374,8 +373,9 @@ TEST_F(AuthTokenRequesterTest, UVLockedPINFallback) {
  config.pin_uv_auth_token_support = true;
  config.ctap2_versions = {std::begin(kCtap2Versions2_1),
                           std::end(kCtap2Versions2_1)};
+  config.user_verification_succeeds = false;
  auto state = base::MakeRefCounted<VirtualFidoDevice::State>();
-  state->uv_retries = 0;
+  state->uv_retries = 3;

  RunTestCase(std::move(config), state,
              TestCase{
@@ -388,7 +388,7 @@ TEST_F(AuthTokenRequesterTest, UVLockedPINFallback) {
  EXPECT_TRUE(delegate_->response());
  EXPECT_FALSE(delegate_->pin_was_set());
  EXPECT_TRUE(delegate_->pin_was_collected());
-  EXPECT_FALSE(delegate_->internal_uv_was_prompted());
+  EXPECT_EQ(delegate_->internal_uv_num_retries(), 2u);
  EXPECT_TRUE(delegate_->internal_uv_was_locked());
 }