From 5dcc035245ccb2a2675767478f516b5b7b214467 Mon Sep 17 00:00:00 2001 From: Merissa Weinstein Date: Wed, 6 Mar 2024 11:30:12 -0600 Subject: [PATCH] [PM-4882] Passkeys: funnel rp name or id to the cipher name on save (#7969) * funnel rp name or id to the cipher name on save * remove comment * add rp name and id to addCipher function --------- Co-authored-by: Merissa Weinstein --- .../fido2/browser-fido2-user-interface.service.ts | 3 +++ .../popup/components/fido2/fido2.component.ts | 14 +++++++------- .../fido2-user-interface.service.abstraction.ts | 4 ++++ .../fido2/fido2-authenticator.service.spec.ts | 1 + .../services/fido2/fido2-authenticator.service.ts | 1 + 5 files changed, 16 insertions(+), 7 deletions(-) diff --git a/apps/browser/src/vault/fido2/browser-fido2-user-interface.service.ts b/apps/browser/src/vault/fido2/browser-fido2-user-interface.service.ts index 35f97d514c..55bf2468d6 100644 --- a/apps/browser/src/vault/fido2/browser-fido2-user-interface.service.ts +++ b/apps/browser/src/vault/fido2/browser-fido2-user-interface.service.ts @@ -67,6 +67,7 @@ export type BrowserFido2Message = { sessionId: string } & ( userName: string; userVerification: boolean; fallbackSupported: boolean; + rpId: string; } | { type: "ConfirmNewCredentialResponse"; @@ -242,6 +243,7 @@ export class BrowserFido2UserInterfaceSession implements Fido2UserInterfaceSessi credentialName, userName, userVerification, + rpId, }: NewCredentialParams): Promise<{ cipherId: string; userVerified: boolean }> { const data: BrowserFido2Message = { type: "ConfirmNewCredentialRequest", @@ -250,6 +252,7 @@ export class BrowserFido2UserInterfaceSession implements Fido2UserInterfaceSessi userName, userVerification, fallbackSupported: this.fallbackSupported, + rpId, }; await this.send(data); diff --git a/apps/browser/src/vault/popup/components/fido2/fido2.component.ts b/apps/browser/src/vault/popup/components/fido2/fido2.component.ts index fcd9dd20a7..6cd5046826 100644 --- a/apps/browser/src/vault/popup/components/fido2/fido2.component.ts +++ b/apps/browser/src/vault/popup/components/fido2/fido2.component.ts @@ -16,7 +16,6 @@ import { SearchService } from "@bitwarden/common/abstractions/search.service"; import { SettingsService } from "@bitwarden/common/abstractions/settings.service"; import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; -import { Utils } from "@bitwarden/common/platform/misc/utils"; import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service"; import { SecureNoteType, CipherType } from "@bitwarden/common/vault/enums"; import { CipherRepromptType } from "@bitwarden/common/vault/enums/cipher-reprompt-type"; @@ -245,7 +244,8 @@ export class Fido2Component implements OnInit, OnDestroy { protected async saveNewLogin() { const data = this.message$.value; if (data?.type === "ConfirmNewCredentialRequest") { - await this.createNewCipher(); + const name = data.credentialName || data.rpId; + await this.createNewCipher(name); // We are bypassing user verification pending implementation of PIN and biometric support. this.send({ @@ -296,7 +296,7 @@ export class Fido2Component implements OnInit, OnDestroy { // eslint-disable-next-line @typescript-eslint/no-floating-promises this.router.navigate(["/add-cipher"], { queryParams: { - name: Utils.getHostname(this.url), + name: data.credentialName || data.rpId, uri: this.url, uilocation: "popout", senderTabId: this.senderTabId, @@ -344,9 +344,9 @@ export class Fido2Component implements OnInit, OnDestroy { this.destroy$.complete(); } - private buildCipher() { + private buildCipher(name: string) { this.cipher = new CipherView(); - this.cipher.name = Utils.getHostname(this.url); + this.cipher.name = name; this.cipher.type = CipherType.Login; this.cipher.login = new LoginView(); this.cipher.login.uris = [new LoginUriView()]; @@ -358,8 +358,8 @@ export class Fido2Component implements OnInit, OnDestroy { this.cipher.reprompt = CipherRepromptType.None; } - private async createNewCipher() { - this.buildCipher(); + private async createNewCipher(name: string) { + this.buildCipher(name); const cipher = await this.cipherService.encrypt(this.cipher); try { await this.cipherService.createWithServer(cipher); diff --git a/libs/common/src/vault/abstractions/fido2/fido2-user-interface.service.abstraction.ts b/libs/common/src/vault/abstractions/fido2/fido2-user-interface.service.abstraction.ts index 9abea5f94a..aba18f9ecd 100644 --- a/libs/common/src/vault/abstractions/fido2/fido2-user-interface.service.abstraction.ts +++ b/libs/common/src/vault/abstractions/fido2/fido2-user-interface.service.abstraction.ts @@ -16,6 +16,10 @@ export interface NewCredentialParams { * Whether or not the user must be verified before completing the operation. */ userVerification: boolean; + /** + * The relying party ID is usually the URL + */ + rpId: string; } /** diff --git a/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts b/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts index a86dadab8f..23027b6c2a 100644 --- a/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts +++ b/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts @@ -216,6 +216,7 @@ describe("FidoAuthenticatorService", () => { credentialName: params.rpEntity.name, userName: params.userEntity.displayName, userVerification, + rpId: params.rpEntity.id, } as NewCredentialParams); }); } diff --git a/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts b/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts index e84f7add92..43d78f1ddc 100644 --- a/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts +++ b/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts @@ -113,6 +113,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr credentialName: params.rpEntity.name, userName: params.userEntity.displayName, userVerification: params.requireUserVerification, + rpId: params.rpEntity.id, }); const cipherId = response.cipherId; userVerified = response.userVerified;