[devtools] Add automaticPresenceSimulation to WebAuthn

This patch adds a function to the Chrome DevTools Protocol in the WebAuthn Domain. This function makes it possible to choose whether an authenticator responds to MakeCredentials / GetAssertion, by toggling the automaticPresenceSimulation parameter in the authenticator. Bug: 1086270 Change-Id: Ief1b98189201d039b087ad37cdfb967d03d3b054 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2280472 Auto-Submit: Fawaz Mohammad <fawazm@google.com> Commit-Queue: Fawaz Mohammad <fawazm@google.com> Reviewed-by: Nina Satragno <nsatragno@chromium.org> Reviewed-by: Andrey Kosyakov <caseq@chromium.org> Cr-Commit-Position: refs/heads/master@{#785805}

[devtools] Add automaticPresenceSimulation to WebAuthn
This patch adds a function to the Chrome DevTools Protocol in the WebAuthn Domain. This function makes it possible to choose whether an authenticator responds to MakeCredentials / GetAssertion, by toggling the automaticPresenceSimulation parameter in the authenticator. Bug: 1086270 Change-Id: Ief1b98189201d039b087ad37cdfb967d03d3b054 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2280472 Auto-Submit: Fawaz Mohammad <fawazm@google.com> Commit-Queue: Fawaz Mohammad <fawazm@google.com> Reviewed-by: Nina Satragno <nsatragno@chromium.org> Reviewed-by: Andrey Kosyakov <caseq@chromium.org> Cr-Commit-Position: refs/heads/master@{#785805}
acd4a8ce · Fawaz Mohammad · Commit Bot · 4617db3c · acd4a8ce · acd4a8ce
Commit acd4a8ce authored Jul 07, 2020 by Fawaz Mohammad Committed by Commit Bot Jul 07, 2020
8 changed files
--- a/content/browser/devtools/protocol/webauthn_handler.cc
+++ b/content/browser/devtools/protocol/webauthn_handler.cc
@@ -288,6 +288,18 @@ Response WebAuthnHandler::SetUserVerified(const String& authenticator_id,
  return Response::Success();
 }

+Response WebAuthnHandler::SetAutomaticPresenceSimulation(
+    const String& authenticator_id,
+    bool enabled) {
+  VirtualAuthenticator* authenticator;
+  Response response = FindAuthenticator(authenticator_id, &authenticator);
+  if (!response.IsSuccess())
+    return response;
+
+  authenticator->SetUserPresence(enabled);
+  return Response::Success();
+}
+
 Response WebAuthnHandler::FindAuthenticator(
    const String& id,
    VirtualAuthenticator** out_authenticator) {

--- a/content/browser/devtools/protocol/webauthn_handler.h
+++ b/content/browser/devtools/protocol/webauthn_handler.h
@@ -50,6 +50,8 @@ class WebAuthnHandler : public DevToolsDomainHandler, public WebAuthn::Backend {
  Response ClearCredentials(const String& in_authenticator_id) override;
  Response SetUserVerified(const String& authenticator_id,
                           bool is_user_verified) override;
+  Response SetAutomaticPresenceSimulation(const String& authenticator_id,
+                                          bool enabled) override;

 private:
  // Finds the authenticator with the given |id|. Returns Response::OK() if

--- a/content/browser/devtools/protocol_config.json
+++ b/content/browser/devtools/protocol_config.json
@@ -110,7 +110,7 @@
            },
            {
                "domain": "WebAuthn",
-                "include": ["enable", "disable", "addVirtualAuthenticator", "removeVirtualAuthenticator", "addCredential", "removeCredential", "clearCredentials", "getCredential", "getCredentials", "setUserVerified"]
+                "include": ["enable", "disable", "addVirtualAuthenticator", "removeVirtualAuthenticator", "addCredential", "removeCredential", "clearCredentials", "getCredential", "getCredentials", "setUserVerified", "setAutomaticPresenceSimulation"]
            }
        ]
    },

--- a/third_party/blink/public/devtools_protocol/browser_protocol.pdl
+++ b/third_party/blink/public/devtools_protocol/browser_protocol.pdl
@@ -7955,6 +7955,13 @@ experimental domain WebAuthn
      AuthenticatorId authenticatorId
      boolean isUserVerified

+  # Sets whether tests of user presence will succeed immediately (if true) or fail to resolve (if false) for an authenticator.
+  # The default is true.
+  command setAutomaticPresenceSimulation
+    parameters
+      AuthenticatorId authenticatorId
+      boolean enabled
+
 # This domain allows detailed inspection of media elements
 experimental domain Media


--- a/third_party/blink/web_tests/http/tests/inspector-protocol/webauthn/webauthn-set-aps-errors-expected.txt
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/webauthn/webauthn-set-aps-errors-expected.txt
+Check that the WebAuthn command setAutomaticPresenceSimulation validates parameters
+{
+    error : {
+        code : -32000
+        message : The Virtual Authenticator Environment has not been enabled for this session
+    }
+    id : <number>
+    sessionId : <string>
+}
+{
+    error : {
+        code : -32602
+        message : Could not find a Virtual Authenticator matching the ID
+    }
+    id : <number>
+    sessionId : <string>
+}
+
--- a/third_party/blink/web_tests/http/tests/inspector-protocol/webauthn/webauthn-set-aps-errors.js
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/webauthn/webauthn-set-aps-errors.js
+(async function(testRunner) {
+  const {page, session, dp} = await testRunner.startBlank(
+      'Check that the WebAuthn command setAutomaticPresenceSimulation validates parameters');
+
+  // Try without enabling the WebAuthn environment.
+  testRunner.log(await dp.WebAuthn.setAutomaticPresenceSimulation(
+      {authenticatorId: 'nonsense', enabled: false}));
+
+  // Try for an authenticator that does not exist.
+  await dp.WebAuthn.enable();
+  testRunner.log(await dp.WebAuthn.setAutomaticPresenceSimulation(
+      {authenticatorId: 'nonsense', enabled: false}));
+
+  testRunner.completeTest();
+})
\ No newline at end of file
--- a/third_party/blink/web_tests/http/tests/inspector-protocol/webauthn/webauthn-set-aps-expected.txt
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/webauthn/webauthn-set-aps-expected.txt
+Check that the WebAuthn command setAutomaticPresenceSimulation works
+{
+    id : <number>
+    result : {
+    }
+    sessionId : <string>
+}
+OK
+0
+1
+{
+    id : <number>
+    result : {
+    }
+    sessionId : <string>
+}
+{
+    id : <number>
+    result : {
+    }
+    sessionId : <string>
+}
+OK
+1
+1
+
--- a/third_party/blink/web_tests/http/tests/inspector-protocol/webauthn/webauthn-set-aps.js
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/webauthn/webauthn-set-aps.js
+(async function(testRunner) {
+  const {page, session, dp} = await testRunner.startURL(
+      'https://devtools.test:8443/inspector-protocol/webauthn/resources/webauthn-test.https.html',
+      'Check that the WebAuthn command setAutomaticPresenceSimulation works');
+
+  await dp.WebAuthn.enable();
+  const authenticatorId1 = (await dp.WebAuthn.addVirtualAuthenticator({
+                             options: {
+                               protocol: 'ctap2',
+                               transport: 'usb',
+                               hasResidentKey: true,
+                               hasUserVerification: true,
+                               isUserVerified: true,
+                               automaticPresenceSimulation: true,
+                             },
+                           })).result.authenticatorId;
+
+  const authenticatorId2 = (await dp.WebAuthn.addVirtualAuthenticator({
+                             options: {
+                               protocol: 'ctap2',
+                               transport: 'usb',
+                               hasResidentKey: true,
+                               hasUserVerification: true,
+                               isUserVerified: true,
+                               automaticPresenceSimulation: true,
+                             },
+                           })).result.authenticatorId;
+
+  // Set authenticator 1 APS to false, create credential.
+  testRunner.log(await dp.WebAuthn.setAutomaticPresenceSimulation(
+      {authenticatorId: authenticatorId1, enabled: false}));
+  testRunner.log((await session.evaluateAsync('registerCredential()')).status);
+
+  // Check that authenticator 1 didn't register first credential and that
+  // authenticator 2 did.
+  testRunner.log((await dp.WebAuthn.getCredentials({
+                   authenticatorId: authenticatorId1
+                 })).result.credentials.length);  // Should be 0.
+  testRunner.log((await dp.WebAuthn.getCredentials({
+                   authenticatorId: authenticatorId2
+                 })).result.credentials.length);  // Should be 1.
+
+  // Set authenticator 1 APS to true, set authenticator 2 APS to false, create
+  // credential.
+  testRunner.log(await dp.WebAuthn.setAutomaticPresenceSimulation(
+      {authenticatorId: authenticatorId1, enabled: true}));
+  testRunner.log(await dp.WebAuthn.setAutomaticPresenceSimulation(
+      {authenticatorId: authenticatorId2, enabled: false}));
+
+  testRunner.log((await session.evaluateAsync('registerCredential()')).status);
+
+  // Check that authenticator 1 did register second credential and that
+  // authenticator 2 didn't.
+  testRunner.log((await dp.WebAuthn.getCredentials({
+                   authenticatorId: authenticatorId1
+                 })).result.credentials.length);  // Should be 1.
+  testRunner.log((await dp.WebAuthn.getCredentials({
+                   authenticatorId: authenticatorId2
+                 })).result.credentials.length);  // Should be 1.
+
+  testRunner.completeTest();
+})