fix(Passkey): If user verification is 'preferred' then always set 'uv' flag #739

2024-12-09 00:03:39 +02:00 · 2024-12-09 00:03:39 +02:00 · af821c788c
commit af821c788c
parent 24dd880ad1
4 changed files with 23 additions and 4 deletions
--- a/common/src/androidMain/kotlin/com/artemchep/keyguard/android/PasskeyCreateRequest.kt
+++ b/common/src/androidMain/kotlin/com/artemchep/keyguard/android/PasskeyCreateRequest.kt
@ -100,7 +100,10 @@ class PasskeyCreateRequest(
            credentialId = credentialIdBytes,
            credentialPublicKey = publicKeyCborBytes,
            attestation = data.attestation,
-            userVerification = userVerified,
+            userVerification = passkeyUtils.userVerification(
+                mode = data.authenticatorSelection.userVerification,
+                userVerified = userVerified,
+            ),
            userPresence = true,
        )
        val attestationObjectBytes = defaultAttestationObject(
--- a/common/src/androidMain/kotlin/com/artemchep/keyguard/android/PasskeyProviderGetRequest.kt
+++ b/common/src/androidMain/kotlin/com/artemchep/keyguard/android/PasskeyProviderGetRequest.kt
@ -88,9 +88,10 @@ class PasskeyProviderGetRequest(
            counter = counter,
            credentialId = credentialIdBytes,
            credentialPublicKey = null,
-            // True, if we asked a user to enter the password of
-            // biometrics and he has passed the check.
-            userVerification = userVerified,
+            userVerification = passkeyUtils.userVerification(
+                mode = js.userVerification,
+                userVerified = userVerified,
+            ),
            userPresence = true,
        )

--- a/common/src/androidMain/kotlin/com/artemchep/keyguard/android/PasskeyUtils.kt
+++ b/common/src/androidMain/kotlin/com/artemchep/keyguard/android/PasskeyUtils.kt
@ -358,6 +358,20 @@ class PasskeyUtils(

    fun generateCredentialId() = cryptoService.uuid()

+    // See:
+    // https://github.com/1Password/passkey-rs/blob/90c1c282649eceeb7cbe771bb8ce17b1b8463c60/passkey-client/src/lib.rs#L407
+    // https://github.com/kanidm/webauthn-rs/blame/25bc74ac0dc4280bf67ed3ff53fdf804dbb142c2/webauthn-rs-core/src/core.rs#L866
+    fun userVerification(
+        mode: String?,
+        userVerified: Boolean,
+    ): Boolean = when (mode ?: "preferred") {
+        "required" -> userVerified
+        "preferred" -> true
+        "discouraged" -> false
+        // should never happen
+        else -> userVerified
+    }
+
    fun authData(
        rpId: String,
        counter: Int,
--- a/common/src/commonMain/kotlin/com/artemchep/keyguard/common/service/passkey/entity/CreatePasskeyRequest.kt
+++ b/common/src/commonMain/kotlin/com/artemchep/keyguard/common/service/passkey/entity/CreatePasskeyRequest.kt
@ -82,6 +82,7 @@ data class CreatePasskeyPubKeyCredParams(
 data class CreatePasskeyAuthenticatorSelection(
    val residentKey: String = "discouraged",
    val requireResidentKey: Boolean = residentKey == "required",
+    val userVerification: String? = null,
 )

 /*