-
-
Notifications
You must be signed in to change notification settings - Fork 650
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Check Z-Order for making content accessible on the lock screen. (#14416)
Link to issue number: Supercedes #14358 Fixes: #14379 Fixes: #14368 Summary of the issue: Issue 1: Session tracking notification failures (#14358) If NVDA freezes, session tracking notifications may be dropped. If this happens when locking, NVDA will be insecure while on the Windows lock screen. If this happens when unlocking, NVDA will not behave correctly and be inaccessible while Windows is unlocked. This is fixed by querying the session directly, and caching this every core cycle. If a query fails, NVDA should fall back accessible behaviour, rather than secure. Issue 2: Forgot my PIN workflow is inaccessible (#14368) NVDA cannot read content on the forgot my PIN workflow screen. This is a similar situation to the lock screen, except an Edge Spartan window is used for the workflow. This runs on a temporary user profile. This is fixed by detecting the z-order of windows, and making an window above the lock screen window accessible. Issue 2a: Object navigation does not work on the PIN workflow screen (#14416) This is because TextInfo.obj can be a TreeInterceptor, where it was previously documented as just NVDAObject. This assumption caused the _isSecureObjectWhileLockScreenActivated function to fail, making object navigation fail. In those cases, the TreeInterceptor.rootNVDAObject should be checked instead. Issue 3: NVDA fails to install in some environments (#14379) Sometimes an NVDA session query returns an unexpected value. In this case, default to the "session unknown" behaviour. If a session query fails, NVDA should roll back to accessible behaviour rather than failing to run. Description of user facing changes PIN workflow screen should become accessible. NVDA has better session tracking management (i.e. is aware of the lock state more accuractely). NVDA should handle session query failures without preventing installation, blocking usage, etc. Description of development approach There are 4 security modes of NVDA: normal, authenticated user secure mode: secure desktop mode (when serviceDebug param not set), or --secure param provided. Refer to existing docs on this. secure desktop mode: enabled secure mode (when serviceDebug param not set). Also prevents access to some controls, that should not be accessible from the sign-in/UAC dialog. lock screen mode: prevents access to user data. Used on the lock screen, which runs on a user desktop. Also include the reset PIN workflow and out of box experience. (Only Win 10+) Lock state session tracking is handled by NVDA now, by querying the session state every core pump cycle. When on lock screen mode, we need to check the z-order of windows to confirm if an NVDA object should be accessible. The window associated with the NVDAObject should be above the lowest lock screen window. Lock screen windows can be identified by known class names. This is risky as class names may change, but the lockapp appModule isn't detectable on the forgot PIN workflow. We can confirm the windows order by starting at the lowest lock screen, then navigating our way up. If we can confirm that the NVDA Object is not below the lock screen window, we can make the object accessible. This method is risky, as z-ordering is dynamic. There are unit tests to cover this, code aims to make NVDAObjects accessible where the order is unknown.
- Loading branch information
Showing
20 changed files
with
889 additions
and
363 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.