From 29921426816107717d6fa08019f52f5e3114e6cc Mon Sep 17 00:00:00 2001
From: Andreas Coroiu <andreas.coroiu@gmail.com>
Date: Wed, 5 Apr 2023 16:47:48 +0200
Subject: [PATCH] [EC-598] fix: send correct excluded cipher ids

---
 .../webauthn/popup/fido2/fido2.component.html |  6 +---
 .../services/fido2-authenticator.service.ts   | 35 ++++++++++---------
 2 files changed, 19 insertions(+), 22 deletions(-)

diff --git a/apps/browser/src/webauthn/popup/fido2/fido2.component.html b/apps/browser/src/webauthn/popup/fido2/fido2.component.html
index 53ce8d1b450..0f7b44d35f7 100644
--- a/apps/browser/src/webauthn/popup/fido2/fido2.component.html
+++ b/apps/browser/src/webauthn/popup/fido2/fido2.component.html
@@ -41,11 +41,7 @@
       A passkey already exists in Bitwarden for this account
       <div class="box list">
         <div class="box-content">
-          <app-cipher-row
-            *ngFor="let cipher of ciphers"
-            [cipher]="cipher"
-            (onSelected)="pick(cipher)"
-          ></app-cipher-row>
+          <app-cipher-row *ngFor="let cipher of ciphers" [cipher]="cipher"></app-cipher-row>
         </div>
       </div>
     </ng-container>
diff --git a/libs/common/src/webauthn/services/fido2-authenticator.service.ts b/libs/common/src/webauthn/services/fido2-authenticator.service.ts
index 055f2b7fa8f..dc969106ddc 100644
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.ts
@@ -62,13 +62,11 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
       throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Constraint);
     }
 
-    const isExcluded = await this.vaultContainsCredentials(params.excludeCredentialDescriptorList);
-    if (isExcluded) {
-      await userInterfaceSession.informExcludedCredential(
-        // [Utils.guidToStandardFormat(params.excludeCredentialDescriptorList[0].id)],
-        [],
-        abortController
-      );
+    const existingCipherIds = await this.findExistingCredentials(
+      params.excludeCredentialDescriptorList
+    );
+    if (existingCipherIds.length > 0) {
+      await userInterfaceSession.informExcludedCredential(existingCipherIds, abortController);
 
       throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.NotAllowed);
     }
@@ -243,9 +241,10 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
     }
   }
 
-  private async vaultContainsCredentials(
+  /** Finds existing crendetials and returns the `cipherId` for each one */
+  private async findExistingCredentials(
     credentials: PublicKeyCredentialDescriptor[]
-  ): Promise<boolean> {
+  ): Promise<string[]> {
     const ids: string[] = [];
 
     for (const credential of credentials) {
@@ -256,17 +255,19 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
     }
 
     if (ids.length === 0) {
-      return false;
+      return [];
     }
 
     const ciphers = await this.cipherService.getAllDecrypted();
-    return ciphers.some(
-      (cipher) =>
-        (cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) ||
-        (cipher.type === CipherType.Login &&
-          cipher.login.fido2Key != undefined &&
-          ids.includes(cipher.login.fido2Key.nonDiscoverableId))
-    );
+    return ciphers
+      .filter(
+        (cipher) =>
+          (cipher.type === CipherType.Fido2Key && ids.includes(cipher.id)) ||
+          (cipher.type === CipherType.Login &&
+            cipher.login.fido2Key != undefined &&
+            ids.includes(cipher.login.fido2Key.nonDiscoverableId))
+      )
+      .map((cipher) => cipher.id);
   }
 
   private async findNonDiscoverableCredentials(