Return error message for iOS authenticator requests (#101)

LucFauvel · web-flow · commit 9717762293d5 · 2025-04-10T08:45:51.000-04:00
diff --git a/src/webauthn/authenticator/native.rs b/src/webauthn/authenticator/native.rs
@@ -22,6 +22,8 @@ mod ios {
     pub struct AuthenticatorRequestResponse {
         pub auth_data_bytes: Vec<u8>,
         pub signature: Vec<u8>,
+        pub success: bool,
+        pub error_message: String,
     }
 
     #[repr(C)]
@@ -129,25 +131,42 @@ mod ios {
 
         let auth_data = WebauthnAuthenticator::generate_authenticator_data(rp_id_str.as_str(), u8::from_be(attestation_flags), None);
 
-        if auth_data.is_err() {
-            return null_mut();
+        if let Err(e) = auth_data {
+            return Box::into_raw(Box::new(AuthenticatorRequestResponse {
+                auth_data_bytes: Vec::new(),
+                signature: Vec::new(),
+                success: false,
+                error_message: format!("Error generating auth data: {e:?}"),
+            }));
         }
 
         let auth_data_bytes = auth_data.expect("Checked above").to_vec();
-        if auth_data_bytes.is_err() {
-            return null_mut();
+        if let Err(e) = auth_data_bytes {
+            return Box::into_raw(Box::new(AuthenticatorRequestResponse {
+                auth_data_bytes: Vec::new(),
+                signature: Vec::new(),
+                success: false,
+                error_message: format!("Error converting auth data to bytes: {e:?}"),
+            }));
         }
         let auth_data_bytes = auth_data_bytes.expect("Checked above");
 
         let signature = WebauthnAuthenticator::generate_signature(auth_data_bytes.as_slice(), client_data_hash.as_slice(), private_key);
 
-        if signature.is_err() {
-            return null_mut();
+        if let Err(e) = signature {
+            return Box::into_raw(Box::new(AuthenticatorRequestResponse {
+                auth_data_bytes: Vec::new(),
+                signature: Vec::new(),
+                success: false,
+                error_message: format!("Error signing data: {e:?}"),
+            }));
         }
 
         Box::into_raw(Box::new(AuthenticatorRequestResponse {
             auth_data_bytes,
             signature: signature.expect("Checked above"),
+            success: true,
+            error_message: String::new(),
         }))
     }
 
@@ -163,6 +182,28 @@ mod ios {
         }
     }
 
+    #[no_mangle]
+    pub unsafe extern "C" fn is_success(res: *mut AuthenticatorRequestResponse) -> bool {
+        if res.is_null() {
+            return false;
+        }
+
+        (*res).success
+    }
+
+    #[no_mangle]
+    pub unsafe extern "C" fn get_error_message(res: *mut AuthenticatorRequestResponse) -> *mut c_char {
+        if res.is_null() {
+            return null_mut();
+        }
+
+        let cstring = CString::new((*res).error_message.clone());
+        match cstring {
+            Ok(cstring) => cstring.into_raw(),
+            Err(_) => null_mut(),
+        }
+    }
+
     #[no_mangle]
     pub unsafe extern "C" fn get_signature_from_response(res: *mut AuthenticatorRequestResponse) -> Buffer {
         if res.is_null() {
diff --git a/wrappers/swift/classes/WebAuthnRequestResponse.swift b/wrappers/swift/classes/WebAuthnRequestResponse.swift
@@ -1,17 +1,17 @@
 @available(iOS 15.0, *)
 public class WebAuthnRequestResponse: NSObject, RustObject {
 
-	var raw: OpaquePointer
+    var raw: OpaquePointer
 
-	required init(raw: OpaquePointer) {
-		self.raw = raw
-	}
+    required init(raw: OpaquePointer) {
+        self.raw = raw
+    }
 
-	func intoRaw() -> OpaquePointer {
-		return self.raw
-	}
+    func intoRaw() -> OpaquePointer {
+        return self.raw
+    }
 
-	public func getAuthData() -> Data {
+    public func getAuthData() -> Data {
         let buffer = get_auth_data_from_response(self.raw)
         return Data(bytes: buffer.data, count: Int(buffer.len))
     }
@@ -21,16 +21,32 @@ public class WebAuthnRequestResponse: NSObject, RustObject {
         return Data(bytes: buffer.data, count: Int(buffer.len))
     }
 
-	public convenience init(rpId: String, attestationFlags: UInt8, clientDataHash: Data, privateKey: String) throws {
-	    let clientDataHashPointer = UnsafeMutablePointer<UInt8>.allocate(capacity: clientDataHash.count)
+    public func isSuccess() -> Bool {
+        return is_success(self.raw)
+    }
+
+    public func getErrorMessage() -> String {
+        let cString = get_error_message(self.raw)
+        let errorMessage = String(cString: cString!)
+        free(cString)
+        return errorMessage
+    }
+
+    public convenience init(
+        rpId: String, attestationFlags: UInt8, clientDataHash: Data, privateKey: String
+    ) throws {
+        let clientDataHashPointer = UnsafeMutablePointer<UInt8>.allocate(
+            capacity: clientDataHash.count)
         clientDataHash.copyBytes(to: clientDataHashPointer, count: clientDataHash.count)
 
-        let r = generate_credential_request_response(rpId, privateKey, attestationFlags.bigEndian, clientDataHashPointer, UInt(clientDataHash.count))
+        let r = generate_credential_request_response(
+            rpId, privateKey, attestationFlags.bigEndian, clientDataHashPointer,
+            UInt(clientDataHash.count))
         if r == nil {
             throw Err(message: "Invalid parameters")
         } else {
             self.init(raw: r!)
         }
         clientDataHashPointer.deallocate()
-	}
-}
+    }
+}
