mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-23 06:48:16 +00:00
core/webauthn: Reply with ERR_CHANNEL_BUSY once a U2F request has been declined to stop Chrome from polling.
This commit is contained in:
parent
4d3c634732
commit
0b851d6959
@ -1140,11 +1140,18 @@ def msg_register(req: Msg, dialog_mgr: DialogManager) -> Cmd:
|
||||
dialog_mgr.reset_timeout()
|
||||
|
||||
# wait for a button or continue
|
||||
if dialog_mgr.result != _RESULT_CONFIRM:
|
||||
if dialog_mgr.result == _RESULT_NONE:
|
||||
if __debug__:
|
||||
log.info(__name__, "waiting for button")
|
||||
return msg_error(req.cid, _SW_CONDITIONS_NOT_SATISFIED)
|
||||
|
||||
if dialog_mgr.result != _RESULT_CONFIRM:
|
||||
if __debug__:
|
||||
log.info(__name__, "request declined")
|
||||
# There is no standard way to decline a U2F request, but responding with ERR_CHANNEL_BUSY
|
||||
# doesn't seem to violate the protocol and at least stops Chrome from polling.
|
||||
return cmd_error(req.cid, _ERR_CHANNEL_BUSY)
|
||||
|
||||
# sign the registration challenge and return
|
||||
if __debug__:
|
||||
log.info(__name__, "signing register")
|
||||
@ -1229,11 +1236,18 @@ def msg_authenticate(req: Msg, dialog_mgr: DialogManager) -> Cmd:
|
||||
dialog_mgr.reset_timeout()
|
||||
|
||||
# wait for a button or continue
|
||||
if dialog_mgr.result != _RESULT_CONFIRM:
|
||||
if dialog_mgr.result == _RESULT_NONE:
|
||||
if __debug__:
|
||||
log.info(__name__, "waiting for button")
|
||||
return msg_error(req.cid, _SW_CONDITIONS_NOT_SATISFIED)
|
||||
|
||||
if dialog_mgr.result != _RESULT_CONFIRM:
|
||||
if __debug__:
|
||||
log.info(__name__, "request declined")
|
||||
# There is no standard way to decline a U2F request, but responding with ERR_CHANNEL_BUSY
|
||||
# doesn't seem to violate the protocol and at least stops Chrome from polling.
|
||||
return cmd_error(req.cid, _ERR_CHANNEL_BUSY)
|
||||
|
||||
# sign the authentication challenge and return
|
||||
if __debug__:
|
||||
log.info(__name__, "signing authentication")
|
||||
|
Loading…
Reference in New Issue
Block a user