Bug 1878742 - only show hybrid transport option on macOS if it might be used. r=dveditz

Differential Revision: https://phabricator.services.mozilla.com/D205148
2024-04-22 18:54:53 +00:00 · 2024-04-22 18:54:53 +00:00 · eb4700a6be
commit eb4700a6be
parent 7b76404e84
1 changed files with 20 additions and 0 deletions
--- a/dom/webauthn/MacOSWebAuthnService.mm
+++ b/dom/webauthn/MacOSWebAuthnService.mm
@ -941,6 +941,17 @@ void MacOSWebAuthnService::DoGetAssertion(
          Unused << aArgs->GetAllowList(allowList);
          Unused << aArgs->GetAllowListTransports(allowListTransports);
        }
+        // Compute the union of the transport sets.
+        uint8_t transports = 0;
+        for (uint8_t credTransports : allowListTransports) {
+          if (credTransports == 0) {
+            // treat the empty transport set as "all transports".
+            transports = ~0;
+            break;
+          }
+          transports |= credTransports;
+        }
+
        NSMutableArray* platformAllowedCredentials =
            [[NSMutableArray alloc] init];
        for (const auto& allowedCredentialId : allowList) {
@ -999,6 +1010,15 @@ void MacOSWebAuthnService::DoGetAssertion(
          platformAssertionRequest.userVerificationPreference =
              *userVerificationPreference;
        }
+        if (__builtin_available(macos 13.5, *)) {
+          // Show the hybrid transport option if (1) we have no transport hints
+          // or (2) at least one allow list entry lists the hybrid transport.
+          bool shouldShowHybridTransport =
+              !transports ||
+              (transports & MOZ_WEBAUTHN_AUTHENTICATOR_TRANSPORT_ID_HYBRID);
+          platformAssertionRequest.shouldShowHybridTransport =
+              shouldShowHybridTransport;
+        }

        // Initialize the cross-platform provider with the rpId.
        ASAuthorizationSecurityKeyPublicKeyCredentialProvider*