mirror of
https://github.com/bitwarden/browser
synced 2025-01-03 05:38:33 +01:00
51f6594d4b
* Add messaging for macos passkey provider * fix: credential id conversion * Make build.sh executable Co-authored-by: Colton Hurst <colton@coltonhurst.com> * chore: add TODO --------- Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com> Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com>
227 lines
11 KiB
Swift
227 lines
11 KiB
Swift
//
|
|
// CredentialProviderViewController.swift
|
|
// autofill-extension
|
|
//
|
|
// Created by Andreas Coroiu on 2023-12-21.
|
|
//
|
|
|
|
import AuthenticationServices
|
|
import os
|
|
|
|
class CredentialProviderViewController: ASCredentialProviderViewController {
|
|
let logger: Logger
|
|
|
|
// There is something a bit strange about the initialization/deinitialization in this class.
|
|
// Sometimes deinit won't be called after a request has successfully finished,
|
|
// which would leave this class hanging in memory and the IPC connection open.
|
|
//
|
|
// If instead I make this a static, the deinit gets called correctly after each request.
|
|
// I think we still might want a static regardless, to be able to reuse the connection if possible.
|
|
static let client: MacOsProviderClient = {
|
|
let instance = MacOsProviderClient.connect()
|
|
// setup code
|
|
return instance
|
|
}()
|
|
|
|
init() {
|
|
logger = Logger(subsystem: "com.bitwarden.desktop.autofill-extension", category: "credential-provider")
|
|
|
|
logger.log("[autofill-extension] initializing extension")
|
|
|
|
super.init(nibName: nil, bundle: nil)
|
|
}
|
|
|
|
required init?(coder: NSCoder) {
|
|
fatalError("init(coder:) has not been implemented")
|
|
}
|
|
|
|
deinit {
|
|
logger.log("[autofill-extension] deinitializing extension")
|
|
}
|
|
|
|
|
|
@IBAction func cancel(_ sender: AnyObject?) {
|
|
self.extensionContext.cancelRequest(withError: NSError(domain: ASExtensionErrorDomain, code: ASExtensionError.userCanceled.rawValue))
|
|
}
|
|
|
|
@IBAction func passwordSelected(_ sender: AnyObject?) {
|
|
let passwordCredential = ASPasswordCredential(user: "j_appleseed", password: "apple1234")
|
|
self.extensionContext.completeRequest(withSelectedCredential: passwordCredential, completionHandler: nil)
|
|
}
|
|
|
|
/*
|
|
Implement this method if your extension supports showing credentials in the QuickType bar.
|
|
When the user selects a credential from your app, this method will be called with the
|
|
ASPasswordCredentialIdentity your app has previously saved to the ASCredentialIdentityStore.
|
|
Provide the password by completing the extension request with the associated ASPasswordCredential.
|
|
If using the credential would require showing custom UI for authenticating the user, cancel
|
|
the request with error code ASExtensionError.userInteractionRequired.
|
|
|
|
*/
|
|
|
|
// Deprecated
|
|
override func provideCredentialWithoutUserInteraction(for credentialIdentity: ASPasswordCredentialIdentity) {
|
|
logger.log("[autofill-extension] provideCredentialWithoutUserInteraction called \(credentialIdentity)")
|
|
logger.log("[autofill-extension] user \(credentialIdentity.user)")
|
|
logger.log("[autofill-extension] id \(credentialIdentity.recordIdentifier ?? "")")
|
|
logger.log("[autofill-extension] sid \(credentialIdentity.serviceIdentifier.identifier)")
|
|
logger.log("[autofill-extension] sidt \(credentialIdentity.serviceIdentifier.type.rawValue)")
|
|
|
|
// let databaseIsUnlocked = true
|
|
// if (databaseIsUnlocked) {
|
|
let passwordCredential = ASPasswordCredential(user: credentialIdentity.user, password: "example1234")
|
|
self.extensionContext.completeRequest(withSelectedCredential: passwordCredential, completionHandler: nil)
|
|
// } else {
|
|
// self.extensionContext.cancelRequest(withError: NSError(domain: ASExtensionErrorDomain, code:ASExtensionError.userInteractionRequired.rawValue))
|
|
// }
|
|
}
|
|
|
|
override func provideCredentialWithoutUserInteraction(for credentialRequest: any ASCredentialRequest) {
|
|
if let request = credentialRequest as? ASPasskeyCredentialRequest {
|
|
if let passkeyIdentity = request.credentialIdentity as? ASPasskeyCredentialIdentity {
|
|
|
|
logger.log("[autofill-extension] provideCredentialWithoutUserInteraction2(passkey) called \(request)")
|
|
|
|
class CallbackImpl: PreparePasskeyAssertionCallback {
|
|
let ctx: ASCredentialProviderExtensionContext
|
|
required init(_ ctx: ASCredentialProviderExtensionContext) {
|
|
self.ctx = ctx
|
|
}
|
|
|
|
func onComplete(credential: PasskeyAssertionResponse) {
|
|
ctx.completeAssertionRequest(using: ASPasskeyAssertionCredential(
|
|
userHandle: credential.userHandle,
|
|
relyingParty: credential.rpId,
|
|
signature: credential.signature,
|
|
clientDataHash: credential.clientDataHash,
|
|
authenticatorData: credential.authenticatorData,
|
|
credentialID: credential.credentialId
|
|
))
|
|
}
|
|
|
|
func onError(error: BitwardenError) {
|
|
ctx.cancelRequest(withError: error)
|
|
}
|
|
}
|
|
|
|
let userVerification = switch request.userVerificationPreference {
|
|
case .preferred:
|
|
UserVerification.preferred
|
|
case .required:
|
|
UserVerification.required
|
|
default:
|
|
UserVerification.discouraged
|
|
}
|
|
|
|
let req = PasskeyAssertionRequest(
|
|
rpId: passkeyIdentity.relyingPartyIdentifier,
|
|
credentialId: passkeyIdentity.credentialID,
|
|
userName: passkeyIdentity.userName,
|
|
userHandle: passkeyIdentity.userHandle,
|
|
recordIdentifier: passkeyIdentity.recordIdentifier,
|
|
clientDataHash: request.clientDataHash,
|
|
userVerification: userVerification
|
|
)
|
|
|
|
CredentialProviderViewController.client.preparePasskeyAssertion(request: req, callback: CallbackImpl(self.extensionContext))
|
|
return
|
|
}
|
|
}
|
|
|
|
if let request = credentialRequest as? ASPasswordCredentialRequest {
|
|
logger.log("[autofill-extension] provideCredentialWithoutUserInteraction2(password) called \(request)")
|
|
return;
|
|
}
|
|
|
|
logger.log("[autofill-extension] provideCredentialWithoutUserInteraction2 called wrong")
|
|
self.extensionContext.cancelRequest(withError: BitwardenError.Internal("Invalid authentication request"))
|
|
}
|
|
|
|
/*
|
|
Implement this method if provideCredentialWithoutUserInteraction(for:) can fail with
|
|
ASExtensionError.userInteractionRequired. In this case, the system may present your extension's
|
|
UI and call this method. Show appropriate UI for authenticating the user then provide the password
|
|
by completing the extension request with the associated ASPasswordCredential.
|
|
|
|
override func prepareInterfaceToProvideCredential(for credentialIdentity: ASPasswordCredentialIdentity) {
|
|
}
|
|
*/
|
|
|
|
|
|
override func prepareInterfaceForExtensionConfiguration() {
|
|
logger.log("[autofill-extension] prepareInterfaceForExtensionConfiguration called")
|
|
}
|
|
|
|
override func prepareInterface(forPasskeyRegistration registrationRequest: ASCredentialRequest) {
|
|
if let request = registrationRequest as? ASPasskeyCredentialRequest {
|
|
if let passkeyIdentity = registrationRequest.credentialIdentity as? ASPasskeyCredentialIdentity {
|
|
class CallbackImpl: PreparePasskeyRegistrationCallback {
|
|
let ctx: ASCredentialProviderExtensionContext
|
|
required init(_ ctx: ASCredentialProviderExtensionContext) {
|
|
self.ctx = ctx
|
|
}
|
|
|
|
func onComplete(credential: PasskeyRegistrationResponse) {
|
|
ctx.completeRegistrationRequest(using: ASPasskeyRegistrationCredential(
|
|
relyingParty: credential.rpId,
|
|
clientDataHash: credential.clientDataHash,
|
|
credentialID: credential.credentialId,
|
|
attestationObject: credential.attestationObject
|
|
))
|
|
}
|
|
|
|
func onError(error: BitwardenError) {
|
|
ctx.cancelRequest(withError: error)
|
|
}
|
|
}
|
|
|
|
let userVerification = switch request.userVerificationPreference {
|
|
case .preferred:
|
|
UserVerification.preferred
|
|
case .required:
|
|
UserVerification.required
|
|
default:
|
|
UserVerification.discouraged
|
|
}
|
|
|
|
let req = PasskeyRegistrationRequest(
|
|
rpId: passkeyIdentity.relyingPartyIdentifier,
|
|
userName: passkeyIdentity.userName,
|
|
userHandle: passkeyIdentity.userHandle,
|
|
clientDataHash: request.clientDataHash,
|
|
userVerification: userVerification,
|
|
supportedAlgorithms: request.supportedAlgorithms.map{ Int32($0.rawValue) }
|
|
)
|
|
CredentialProviderViewController.client.preparePasskeyRegistration(request: req, callback: CallbackImpl(self.extensionContext))
|
|
return
|
|
}
|
|
}
|
|
|
|
// If we didn't get a passkey, return an error
|
|
self.extensionContext.cancelRequest(withError: BitwardenError.Internal("Invalid registration request"))
|
|
}
|
|
|
|
/*
|
|
Prepare your UI to list available credentials for the user to choose from. The items in
|
|
'serviceIdentifiers' describe the service the user is logging in to, so your extension can
|
|
prioritize the most relevant credentials in the list.
|
|
*/
|
|
override func prepareCredentialList(for serviceIdentifiers: [ASCredentialServiceIdentifier]) {
|
|
logger.log("[autofill-extension] prepareCredentialList for serviceIdentifiers: \(serviceIdentifiers.count)")
|
|
|
|
for serviceIdentifier in serviceIdentifiers {
|
|
logger.log(" service: \(serviceIdentifier.identifier)")
|
|
}
|
|
}
|
|
|
|
override func prepareCredentialList(for serviceIdentifiers: [ASCredentialServiceIdentifier], requestParameters: ASPasskeyCredentialRequestParameters) {
|
|
logger.log("[autofill-extension] prepareCredentialList(passkey) for serviceIdentifiers: \(serviceIdentifiers.count)")
|
|
logger.log("request parameters: \(requestParameters.relyingPartyIdentifier)")
|
|
|
|
for serviceIdentifier in serviceIdentifiers {
|
|
logger.log(" service: \(serviceIdentifier.identifier)")
|
|
}
|
|
}
|
|
|
|
}
|