-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CREDENTIAL: Generic matching algorithm #292
Conversation
Implemented a more generic matching logic using an isMatch() method hook on the Credential class.
Before I skim in more detail, would you mind rebasing on top of master? This patch doesn't cleanly apply locally. |
(Also, thanks for taking a stab at this!) |
This reverts commit d98c689.
@mikewest Not sure why, I mistakenly committed my .gitignore but have reverted that. The changes are only in index.src.html and were on top of the latest from master. My git-fu is pretty basic, any suggestions on how to fix this? |
Something like the above should do the trick! :) |
Implemented a more generic matching logic using an isMatch() method hook on the Credential class.
This reverts commit d98c689.
Conflicts: specs/credentialmanagement/index.src.html
Done. Mixing and matching betwen the GUI tool and command line is a mistake! This was my first adventure into writing WebIDL definitions so there may be some tweaks required however I think it get's the genera; gist across. I'll add an example of using a custom credential (defined in script) later today as I think that will truly illustrate the reasons for the change. |
@@ -329,9 +331,16 @@ <h4 id="examples-post-signin">Post-sign-in Confirmation</h4> | |||
credential.send("https://example.com/sign-in/") | |||
.then(function (response) { | |||
if (response.status == 200) | |||
// Inspect response to determine if this was a successful login then... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Put this before the if
, please. Otherwise you'll need {}
around the clause for clarity (because it's multi-line).
resolving this by rejecting the promise if the types listed in | ||
{{CredentialRequest/types}} aren't all instances of the same type, but that | ||
resolving this by rejecting the promise if the types listed as keys in | ||
{{CredentialRequestFilters}} map aren't all instances of the same type, but that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You dropped this constraint above. If you intend to drop it, we'll need to drop this issue as well. As I noted, it's not clear that we can.
Thanks for the PR! I've left a number of comments. I'm fine with the central suggestion of exposing the matching algorithm, as that seems to allow some extensibility. However, I don't like the fact that this makes the use cases the document actually intends to address more complex. Especially in the case of It's also not clear to me that Does "filtering" fit into @dlongley's modeling of the world? It's not clear that it does. |
@mikewest I've been poring over this and I have come to conclusion that it won't work... The issue is that trying to create something extensible to the developer means creating a callback that could potentially open a security hole since the code is defined and executed against the DOM. A |
What's the threat model you're worried about? If an attacker can define an arbitrary callback, they can already execute arbitrary code in your origin, can't they? |
Again, I may be showing my ignorance wrt the differentiation between the execution context of code behind a browser API vs that defined on the DOM within client scripts. My proposal was for the site to provide a script that defines a custom I like the idea of the extensibility you get from encapsulating the filtering logic in that function but don't really understand enough about the line between the two execution contexts within the browser to add anything more to this proposal. |
Based on the conversation in #292, and the critique in #349, this patch restructures `get()` to accept two arguments: a sequence of types, and a dictionary of dictionaries that specifies the filter options for each relevant type. This does not completely address the request in #292, as the matching algorithm is not exposed as a method on LocallyStoredCredential. I need to think a bit more about the impact of doing that. Splitting up the patch to make sure the pieces we know we need get in for feedback.
This issue was moved to w3c/webappsec-credential-management#4 |
This change updates the model for
Credential
to include anisMatch()
function hook which is called during processing of the Credential request algorithm. The hook can be overridden by developers designing their ownCredential
classes in script therefor making the API flexible and extensible through ECMAScript.Resolves #274