-
Notifications
You must be signed in to change notification settings - Fork 15k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add support for the U2F Web API #30438
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
broadly lgtm
// permissions::PermissionRequestManager::FromWebContents(web_contents); | ||
// nullptr; | ||
// if (!permission_request_manager) { | ||
return RespondNow(Error("no PermissionRequestManager")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm... it looks like we always respond with an error here. Do we need to expose something through our permission check handlers?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This API isn't actually used by the U2F extension, I think it might be a private API that some google.com sites use 馃 So I wasn't too concerned with wiring this up to anything in particular.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For other extensions APIs that I've copied from Chrome, I've stripped out the bits we explicitly don't want to support. If we don't care about this API at all, maybe replace the entire implementation with just return RespondNow(Error("API not supported in Electron"))
or so?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did that but in order to make diffing easier in the future I left the old implementation here with #if 0
wrappers
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hm ok, i'm not sure that makes diffing easier but sure.
// Profile* const profile = Profile::FromBrowserContext(browser_context()); | ||
// const PrefService* const prefs = profile->GetPrefs(); | ||
// const base::ListValue* const permit_attestation = | ||
// prefs->GetList(prefs::kSecurityKeyPermitAttestation); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probs don't need both //
and #if 0
// permissions::PermissionRequestManager::FromWebContents(web_contents); | ||
// nullptr; | ||
// if (!permission_request_manager) { | ||
return RespondNow(Error("no PermissionRequestManager")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hm ok, i'm not sure that makes diffing easier but sure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but is there any way to add a test for this feature?
Not without a U2F key plugged in and a human there to touch it. |
Release Notes Persisted
|
This feature is coming to version 14 or 15? |
@MarshallOfSound you mention you tested it on https://mdp.github.io/u2fdemo, but I also did the same, and nothing seems to happen. I've tried it with Electron v16.0.0 using $ git clone https://github.com/electron/electron-quick-start
$ cd electron-quick-start
$ npm install && npm start And then loading the registration page in diff --git a/main.js b/main.js
index 815c04b..6b58c35 100644
--- a/main.js
+++ b/main.js
@@ -13,10 +13,11 @@ function createWindow () {
})
// and load the index.html of the app.
- mainWindow.loadFile('index.html')
+ // mainWindow.loadFile('index.html')
+ mainWindow.loadURL('https://mdp.github.io/u2fdemo/#reg')
// Open the DevTools.
- // mainWindow.webContents.openDevTools()
+ mainWindow.webContents.openDevTools()
}
// This method will be called when Electron has finished It logs the following in the console until the timeout kicks in: |
It looks like the U2F API is deprecated in favor of WebAuthn: https://www.yubico.com/blog/google-chrome-u2f-api-decommission/ |
Closes #3226
The large files in this PR namely
cryptotoken_private_api.cc
andcryptotoken_private.idl
are 99% copied from Chromium source. They're copied for build system reasons, the difference is as follows;Everything else is just annoyingly undocumented wiring to make this magic U2F component extension work.
Tested this out on https://mdp.github.io/u2fdemo and it appears to work great 馃憤
Notes: Added support for the U2F Web API