From 798a8fa184d9787aaa3eb8d15a10f31277479e3e Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Mon, 2 Oct 2023 23:01:38 -0700 Subject: Require "webauthn" be solo or at the end --- packages/browser/src/methods/startAuthentication.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'packages/browser/src') diff --git a/packages/browser/src/methods/startAuthentication.ts b/packages/browser/src/methods/startAuthentication.ts index 6e3940d..2c95a34 100644 --- a/packages/browser/src/methods/startAuthentication.ts +++ b/packages/browser/src/methods/startAuthentication.ts @@ -59,13 +59,13 @@ export async function startAuthentication( // Check for an with "webauthn" in its `autocomplete` attribute const eligibleInputs = document.querySelectorAll( - 'input[autocomplete*=\'webauthn\']', + 'input[autocomplete$=\'webauthn\']', ); // WebAuthn autofill requires at least one valid input if (eligibleInputs.length < 1) { throw Error( - 'No with `"webauthn"` in its `autocomplete` attribute was detected', + 'No with `"webauthn"` as the only or last value in its `autocomplete` attribute was detected', ); } -- cgit v1.2.3 From 5e0079f2304428a58cc2fc7118f329b40c403b52 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Mon, 2 Oct 2023 23:01:42 -0700 Subject: Update tests --- .../src/methods/startAuthentication.test.ts | 35 ++++++++++++++++++++++ 1 file changed, 35 insertions(+) (limited to 'packages/browser/src') diff --git a/packages/browser/src/methods/startAuthentication.test.ts b/packages/browser/src/methods/startAuthentication.test.ts index fb31dcc..3aaf33d 100644 --- a/packages/browser/src/methods/startAuthentication.test.ts +++ b/packages/browser/src/methods/startAuthentication.test.ts @@ -297,6 +297,22 @@ test('should set up autofill a.k.a. Conditional UI', async () => { .toEqual(0); }); +test('should set up conditional UI if "webauthn" is the only autocomplete token', async () => { + /** + * According to WHATWG "webauthn" can be the only token in the autocomplete attribute: + * https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill-detail-tokens + */ + document.body.innerHTML = ` +
+ + + +
+ `; + + await expect(startAuthentication(goodOpts1, true)).resolves; +}); + test('should throw error if autofill not supported', async () => { mockSupportsAutofill.mockResolvedValue(false); @@ -320,6 +336,25 @@ test('should throw error if no acceptable is found', async () => { rejected.toThrow(/no /i); }); +test('should throw error if "webauthn" is not final autocomplete token', async () => { + /** + * According to WHATWG "webauthn" must be the final token in the autocomplete attribute when + * multiple tokens are present: + * https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill-detail-tokens + */ + document.body.innerHTML = ` +
+ + + +
+ `; + + const rejected = await expect(startAuthentication(goodOpts1, true)).rejects; + rejected.toThrow(Error); + rejected.toThrow(/no /i); +}); + test('should return authenticatorAttachment if present', async () => { // Mock extension return values from authenticator mockNavigatorGet.mockImplementation((): Promise => { -- cgit v1.2.3 From 24830ec796113333594832216c4cdda9843c46f7 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Mon, 2 Oct 2023 23:10:47 -0700 Subject: Tweak error message --- packages/browser/src/methods/startAuthentication.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'packages/browser/src') diff --git a/packages/browser/src/methods/startAuthentication.ts b/packages/browser/src/methods/startAuthentication.ts index 2c95a34..fdf14bf 100644 --- a/packages/browser/src/methods/startAuthentication.ts +++ b/packages/browser/src/methods/startAuthentication.ts @@ -65,7 +65,7 @@ export async function startAuthentication( // WebAuthn autofill requires at least one valid input if (eligibleInputs.length < 1) { throw Error( - 'No with `"webauthn"` as the only or last value in its `autocomplete` attribute was detected', + 'No with "webauthn" as the only or last value in its `autocomplete` attribute was detected', ); } -- cgit v1.2.3