Update authenticator.mojom's error codes and DomException messages.

- Remove messages that no longer apply now that CTAP2 is implemented on desktop
- Add Android-only error messages. I prepended these with 'ANDROID' for
clarity.

Bug: 678885
Change-Id: I96e5850752829c0b1e454837a9e1d1fdfa3a9630
Reviewed-on: https://chromium-review.googlesource.com/1139578
Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#576332}

components/password_manager/content/common/credential_manager_mojom_traits.cc

@@ -85,11 +85,11 @@ bool EnumTraits<blink::mojom::CredentialManagerError,
           password_manager::CredentialManagerError::PASSWORDSTOREUNAVAILABLE;
       return true;
     case blink::mojom::CredentialManagerError::NOT_ALLOWED:
+    case blink::mojom::CredentialManagerError::ANDROID_NOT_SUPPORTED_ERROR:
+    case blink::mojom::CredentialManagerError::ANDROID_ALGORITHM_UNSUPPORTED:
+    case blink::mojom::CredentialManagerError::ANDROID_EMPTY_ALLOW_CREDENTIALS:
     case blink::mojom::CredentialManagerError::
-        AUTHENTICATOR_CRITERIA_UNSUPPORTED:
-    case blink::mojom::CredentialManagerError::ALGORITHM_UNSUPPORTED:
-    case blink::mojom::CredentialManagerError::EMPTY_ALLOW_CREDENTIALS:
-    case blink::mojom::CredentialManagerError::USER_VERIFICATION_UNSUPPORTED:
+        ANDROID_USER_VERIFICATION_UNSUPPORTED:
     case blink::mojom::CredentialManagerError::INVALID_DOMAIN:
     case blink::mojom::CredentialManagerError::CREDENTIAL_EXCLUDED:
     case blink::mojom::CredentialManagerError::CREDENTIAL_NOT_RECOGNIZED:

third_party/WebKit/LayoutTests/http/tests/credentialmanager/credentialscontainer-create-basics.html

@@ -116,13 +116,6 @@ promise_test(t => {
       navigator.credentials.create({ publicKey : MAKE_CREDENTIAL_OPTIONS}));
 }, "Verify that not allowed error returned by mock is properly handled.");
 
-promise_test(t => {
-  mockAuthenticator.setAuthenticatorStatus(
-      webauth.mojom.AuthenticatorStatus.AUTHENTICATOR_CRITERIA_UNSUPPORTED);
-  return promise_rejects(t, "NotSupportedError",
-      navigator.credentials.create({ publicKey : MAKE_CREDENTIAL_OPTIONS}));
-}, "Verify that authenticator criteria unsupported error returned by mock is properly handled.");
-
 promise_test(t => {
   mockAuthenticator.setAuthenticatorStatus(
       webauth.mojom.AuthenticatorStatus.ALGORITHM_UNSUPPORTED);
@@ -205,7 +198,7 @@ promise_test(_ => {
 promise_test(t => {
   mockAuthenticator.reset();
   mockAuthenticator.setAuthenticatorStatus(
-      webauth.mojom.AuthenticatorStatus.AUTHENTICATOR_CRITERIA_UNSUPPORTED);
+      webauth.mojom.AuthenticatorStatus.EMPTY_ALLOW_CREDENTIALS);
   var customMakeCredOptions = deepCopy(MAKE_CREDENTIAL_OPTIONS);
   return promise_rejects(t, "NotSupportedError",
       navigator.credentials.create({publicKey: customMakeCredOptions}));
@@ -214,7 +207,7 @@ promise_test(t => {
 promise_test(t => {
   mockAuthenticator.reset();
   mockAuthenticator.setAuthenticatorStatus(
-      webauth.mojom.AuthenticatorStatus.AUTHENTICATOR_CRITERIA_UNSUPPORTED);
+      webauth.mojom.AuthenticatorStatus.USER_VERIFICATION_UNSUPPORTED);
   var customMakeCredOptions = deepCopy(MAKE_CREDENTIAL_OPTIONS);
   customMakeCredOptions.authenticatorSelection.userVerification = 'required';
   return promise_rejects(t, "NotSupportedError",
@@ -234,7 +227,7 @@ promise_test(_ => {
 promise_test(t => {
   mockAuthenticator.reset();
   mockAuthenticator.setAuthenticatorStatus(
-      webauth.mojom.AuthenticatorStatus.AUTHENTICATOR_CRITERIA_UNSUPPORTED);
+      webauth.mojom.AuthenticatorStatus.USER_VERIFICATION_UNSUPPORTED);
   var customMakeCredOptions = deepCopy(MAKE_CREDENTIAL_OPTIONS);
   customMakeCredOptions.authenticatorSelection.authenticatorAttachment = 'platform';
   return promise_rejects(t, "NotSupportedError",

third_party/blink/public/platform/modules/credentialmanager/credential_manager.mojom

@@ -25,15 +25,15 @@ enum CredentialManagerError {
   PENDING_REQUEST,
   PASSWORD_STORE_UNAVAILABLE,
   NOT_ALLOWED,
-  AUTHENTICATOR_CRITERIA_UNSUPPORTED,
-  ALGORITHM_UNSUPPORTED,
-  EMPTY_ALLOW_CREDENTIALS,
-  USER_VERIFICATION_UNSUPPORTED,
   INVALID_DOMAIN,
   CREDENTIAL_EXCLUDED,
   CREDENTIAL_NOT_RECOGNIZED,
   NOT_IMPLEMENTED,
   NOT_FOCUSED,
+  ANDROID_ALGORITHM_UNSUPPORTED,
+  ANDROID_EMPTY_ALLOW_CREDENTIALS,
+  ANDROID_NOT_SUPPORTED_ERROR,
+  ANDROID_USER_VERIFICATION_UNSUPPORTED,
   UNKNOWN
 };
 

third_party/blink/public/platform/modules/webauth/authenticator.mojom

@@ -16,15 +16,15 @@ enum AuthenticatorStatus {
   SUCCESS,
   PENDING_REQUEST,
   NOT_ALLOWED_ERROR,
-  AUTHENTICATOR_CRITERIA_UNSUPPORTED,
-  ALGORITHM_UNSUPPORTED,
-  EMPTY_ALLOW_CREDENTIALS,
-  USER_VERIFICATION_UNSUPPORTED,
   INVALID_DOMAIN,
   CREDENTIAL_EXCLUDED,
   CREDENTIAL_NOT_RECOGNIZED,
   NOT_IMPLEMENTED,
   NOT_FOCUSED,
+  USER_VERIFICATION_UNSUPPORTED,
+  ALGORITHM_UNSUPPORTED,
+  EMPTY_ALLOW_CREDENTIALS,
+  ANDROID_NOT_SUPPORTED_ERROR,
   UNKNOWN_ERROR,
 };
 

third_party/blink/renderer/modules/credentialmanager/credential_manager_type_converters.cc

@@ -114,16 +114,6 @@ CredentialManagerError
 TypeConverter<CredentialManagerError, AuthenticatorStatus>::Convert(
     const AuthenticatorStatus& status) {
   switch (status) {
-    case webauth::mojom::blink::AuthenticatorStatus::
-        AUTHENTICATOR_CRITERIA_UNSUPPORTED:
-      return CredentialManagerError::AUTHENTICATOR_CRITERIA_UNSUPPORTED;
-    case webauth::mojom::blink::AuthenticatorStatus::ALGORITHM_UNSUPPORTED:
-      return CredentialManagerError::ALGORITHM_UNSUPPORTED;
-    case webauth::mojom::blink::AuthenticatorStatus::EMPTY_ALLOW_CREDENTIALS:
-      return CredentialManagerError::EMPTY_ALLOW_CREDENTIALS;
-    case webauth::mojom::blink::AuthenticatorStatus::
-        USER_VERIFICATION_UNSUPPORTED:
-      return CredentialManagerError::USER_VERIFICATION_UNSUPPORTED;
     case webauth::mojom::blink::AuthenticatorStatus::NOT_ALLOWED_ERROR:
       return CredentialManagerError::NOT_ALLOWED;
     case webauth::mojom::blink::AuthenticatorStatus::UNKNOWN_ERROR:
@@ -140,6 +130,16 @@ TypeConverter<CredentialManagerError, AuthenticatorStatus>::Convert(
       return CredentialManagerError::NOT_IMPLEMENTED;
     case webauth::mojom::blink::AuthenticatorStatus::NOT_FOCUSED:
       return CredentialManagerError::NOT_FOCUSED;
+    case webauth::mojom::blink::AuthenticatorStatus::ALGORITHM_UNSUPPORTED:
+      return CredentialManagerError::ANDROID_ALGORITHM_UNSUPPORTED;
+    case webauth::mojom::blink::AuthenticatorStatus::EMPTY_ALLOW_CREDENTIALS:
+      return CredentialManagerError::ANDROID_EMPTY_ALLOW_CREDENTIALS;
+    case webauth::mojom::blink::AuthenticatorStatus::
+        ANDROID_NOT_SUPPORTED_ERROR:
+      return CredentialManagerError::ANDROID_NOT_SUPPORTED_ERROR;
+    case webauth::mojom::blink::AuthenticatorStatus::
+        USER_VERIFICATION_UNSUPPORTED:
+      return CredentialManagerError::ANDROID_USER_VERIFICATION_UNSUPPORTED;
     case webauth::mojom::blink::AuthenticatorStatus::SUCCESS:
       NOTREACHED();
       break;

third_party/blink/renderer/modules/credentialmanager/credentials_container.cc

@@ -219,30 +219,6 @@ DOMException* CredentialManagerErrorToDOMException(
           DOMExceptionCode::kNotAllowedError,
           "The operation either timed out or was not allowed. See: "
           "https://w3c.github.io/webauthn/#sec-assertion-privacy.");
-    case CredentialManagerError::AUTHENTICATOR_CRITERIA_UNSUPPORTED:
-      return DOMException::Create(DOMExceptionCode::kNotSupportedError,
-                                  "The specified `authenticatorSelection` "
-                                  "criteria cannot be fulfilled by CTAP1/U2F "
-                                  "authenticators, and CTAP2 authenticators "
-                                  "are not yet supported.");
-    case CredentialManagerError::ALGORITHM_UNSUPPORTED:
-      return DOMException::Create(DOMExceptionCode::kNotSupportedError,
-                                  "None of the algorithms specified in "
-                                  "`pubKeyCredParams` are compatible with "
-                                  "CTAP1/U2F authenticators, and CTAP2 "
-                                  "authenticators are not yet supported.");
-    case CredentialManagerError::EMPTY_ALLOW_CREDENTIALS:
-      return DOMException::Create(DOMExceptionCode::kNotSupportedError,
-                                  "The `allowCredentials` list cannot be left "
-                                  "empty for CTAP1/U2F authenticators, and "
-                                  "support for CTAP2 authenticators is not yet "
-                                  "implemented.");
-    case CredentialManagerError::USER_VERIFICATION_UNSUPPORTED:
-      return DOMException::Create(DOMExceptionCode::kNotSupportedError,
-                                  "The specified `userVerification` "
-                                  "requirement cannot be fulfilled by "
-                                  "CTAP1/U2F authenticators, and CTAP2 "
-                                  "authenticators are not yet supported.");
     case CredentialManagerError::INVALID_DOMAIN:
       return DOMException::Create(DOMExceptionCode::kSecurityError,
                                   "This is an invalid domain.");
@@ -263,6 +239,26 @@ DOMException* CredentialManagerErrorToDOMException(
       return DOMException::Create(DOMExceptionCode::kNotAllowedError,
                                   "The operation is not allowed at this time "
                                   "because the page does not have focus.");
+    case CredentialManagerError::ANDROID_ALGORITHM_UNSUPPORTED:
+      return DOMException::Create(DOMExceptionCode::kNotSupportedError,
+                                  "None of the algorithms specified in "
+                                  "`pubKeyCredParams` are supported by "
+                                  "this device.");
+    case CredentialManagerError::ANDROID_EMPTY_ALLOW_CREDENTIALS:
+      return DOMException::Create(DOMExceptionCode::kNotSupportedError,
+                                  "Use of an empty `allowCredentials` list is "
+                                  "not supported on this device.");
+    case CredentialManagerError::ANDROID_NOT_SUPPORTED_ERROR:
+      return DOMException::Create(DOMExceptionCode::kNotSupportedError,
+                                  "Either the device has received unexpected "
+                                  "request parameters, or the device "
+                                  "cannot support this request.");
+    case CredentialManagerError::ANDROID_USER_VERIFICATION_UNSUPPORTED:
+      return DOMException::Create(DOMExceptionCode::kNotSupportedError,
+                                  "The specified `userVerification` "
+                                  "requirement cannot be fulfilled by "
+                                  "this device unless the device is secured "
+                                  "with a screen lock.");
     case CredentialManagerError::UNKNOWN:
       return DOMException::Create(DOMExceptionCode::kNotReadableError,
                                   "An unknown error occurred while talking "