From 98cdbda70bdc841be521096b0e0e15b3c53b3c13 Mon Sep 17 00:00:00 2001
From: Nathan Ansel <nathan@livefront.com>
Date: Mon, 19 May 2025 09:44:21 -0500
Subject: [PATCH 1/4] Adjusts the workflow to build the nathan/autofill-fix
 branch

---
 .github/workflows/build-desktop.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml
index 6d954ca1098..176b346d1fd 100644
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -22,6 +22,7 @@ on:
       - 'main'
       - 'rc'
       - 'hotfix-rc-desktop'
+      - 'nathan/autofill-fix'
     paths:
       - 'apps/desktop/**'
       - 'libs/**'

From 3b606e23375aedbad1cfb3f2db4622278a16e47a Mon Sep 17 00:00:00 2001
From: Nathan Ansel <nathan@livefront.com>
Date: Mon, 19 May 2025 10:45:32 -0500
Subject: [PATCH 2/4] Adds application group to the mac build entitlements

---
 .../autofill-extension/autofill_extension.entitlements | 10 +++++-----
 apps/desktop/resources/entitlements.mac.plist          |  4 ++++
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/apps/desktop/macos/autofill-extension/autofill_extension.entitlements b/apps/desktop/macos/autofill-extension/autofill_extension.entitlements
index 86c7195768e..986d7501f49 100644
--- a/apps/desktop/macos/autofill-extension/autofill_extension.entitlements
+++ b/apps/desktop/macos/autofill-extension/autofill_extension.entitlements
@@ -2,11 +2,11 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
-    <key>com.apple.developer.authentication-services.autofill-credential-provider</key>
-    <true/>
-    <key>com.apple.security.app-sandbox</key>
-    <true/>
-    <key>com.apple.security.application-groups</key>
+	<key>com.apple.developer.authentication-services.autofill-credential-provider</key>
+	<true/>
+	<key>com.apple.security.app-sandbox</key>
+	<true/>
+	<key>com.apple.security.application-groups</key>
 	<array>
 		<string>LTZ2PFU5D6.com.bitwarden.desktop</string>
 	</array>
diff --git a/apps/desktop/resources/entitlements.mac.plist b/apps/desktop/resources/entitlements.mac.plist
index fe49256d71c..afbd831cdff 100644
--- a/apps/desktop/resources/entitlements.mac.plist
+++ b/apps/desktop/resources/entitlements.mac.plist
@@ -10,5 +10,9 @@
 	<true/>
 	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
+	<key>com.apple.security.application-groups</key>
+	<array>
+		<string>LTZ2PFU5D6.com.bitwarden.desktop</string>
+	</array>
 </dict>
 </plist>

From 9908a3d931a07d321536d752797735c6a8009e69 Mon Sep 17 00:00:00 2001
From: Nathan Ansel <nathan@livefront.com>
Date: Mon, 19 May 2025 11:52:51 -0500
Subject: [PATCH 3/4] Always use app group for IPC connection

---
 .../desktop_native/core/src/ipc/mod.rs        | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/apps/desktop/desktop_native/core/src/ipc/mod.rs b/apps/desktop/desktop_native/core/src/ipc/mod.rs
index 531aeaa0a0b..71b0c58341e 100644
--- a/apps/desktop/desktop_native/core/src/ipc/mod.rs
+++ b/apps/desktop/desktop_native/core/src/ipc/mod.rs
@@ -56,19 +56,19 @@ pub fn path(name: &str) -> std::path::PathBuf {
             .position(|c| c.as_os_str() == "Containers");
 
         // If the app is sanboxed, we need to use the App Group directory
-        if let Some(position) = containers_position {
-            // We want to use App Groups in /Users/<user>/Library/Group Containers/LTZ2PFU5D6.com.bitwarden.desktop,
-            // so we need to remove all the components after the user. We can use the previous position to do this.
-            while home.components().count() > position - 1 {
-                home.pop();
-            }
-
-            let tmp = home.join("Library/Group Containers/LTZ2PFU5D6.com.bitwarden.desktop/tmp");
-
-            // The tmp directory might not exist, so create it
-            let _ = std::fs::create_dir_all(&tmp);
-            return tmp.join(format!("app.{name}"));
+        let position = containers_position.unwrap_or(4);
+        
+        // We want to use App Groups in /Users/<user>/Library/Group Containers/LTZ2PFU5D6.com.bitwarden.desktop,
+        // so we need to remove all the components after the user. We can use the previous position to do this.
+        while home.components().count() > position - 1 {
+            home.pop();
         }
+
+        let tmp = home.join("Library/Group Containers/LTZ2PFU5D6.com.bitwarden.desktop/tmp");
+
+        // The tmp directory might not exist, so create it
+        let _ = std::fs::create_dir_all(&tmp);
+        return tmp.join(format!("app.{name}"));
     }
 
     #[cfg(any(target_os = "linux", target_os = "macos"))]

From 70fd943ef360d1d09ed5e0488923db7292b5c229 Mon Sep 17 00:00:00 2001
From: Nathan Ansel <nathan@livefront.com>
Date: Mon, 19 May 2025 13:12:03 -0500
Subject: [PATCH 4/4] Adds additional logging

---
 .../CredentialProviderViewController.swift     | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift b/apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
index 5befed88563..17246210262 100644
--- a/apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
+++ b/apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
@@ -152,16 +152,18 @@ class CredentialProviderViewController: ASCredentialProviderViewController {
     override func loadView() {
         let view = NSView()
         // Hide the native window since we only need the IPC connection
-        view.isHidden = true    
+//        view.isHidden = true
         self.view = view
     }
     
     override func prepareInterfaceForExtensionConfiguration() {
+        logger.log("[autofill-extension] prepareInterfaceForExtensionConfiguration called")
         client.sendNativeStatus(key: "request-sync", value: "")
         self.extensionContext.completeExtensionConfigurationRequest()
     }
        
     override func provideCredentialWithoutUserInteraction(for credentialRequest: any ASCredentialRequest) {
+        logger.log("[autofill-extension] provideCredentialWithoutUserInteraction called \(credentialRequest.description)")
         let timeoutTimer = createTimer()
 
         if let request = credentialRequest as? ASPasskeyCredentialRequest {
@@ -228,16 +230,14 @@ class CredentialProviderViewController: ASCredentialProviderViewController {
         logger.log("[autofill-extension] provideCredentialWithoutUserInteraction2 called wrong")
         self.extensionContext.cancelRequest(withError: BitwardenError.Internal("Invalid authentication request"))
     }
-    
-    /*
-     Implement this method if provideCredentialWithoutUserInteraction(for:) can fail with
-     ASExtensionError.userInteractionRequired. In this case, the system may present your extension's
-     UI and call this method. Show appropriate UI for authenticating the user then provide the password
-     by completing the extension request with the associated ASPasswordCredential.
-     
+
+//     Implement this method if provideCredentialWithoutUserInteraction(for:) can fail with
+//     ASExtensionError.userInteractionRequired. In this case, the system may present your extension's
+//     UI and call this method. Show appropriate UI for authenticating the user then provide the password
+//     by completing the extension request with the associated ASPasswordCredential.
      override func prepareInterfaceToProvideCredential(for credentialIdentity: ASPasswordCredentialIdentity) {
+         logger.log("[autofill-extension] prepareInterfaceToProvideCredential called \(credentialIdentity)")
      }
-     */
 
     private func createTimer() -> DispatchWorkItem {
         // Create a timer for 600 second timeout