[EC-598] feat: add support for user verifiction using MP during assertion

2025-12-17 16:53:34 +00:00 · 2023-04-20 16:34:53 +02:00
parent 757050430d
commit 3a1b56860e
6 changed files with 60 additions and 60 deletions
--- a/apps/browser/src/fido2/popup/fido2/fido2.component.html
+++ b/apps/browser/src/fido2/popup/fido2/fido2.component.html
@@ -1,17 +1,6 @@
 <ng-container *ngIf="data$ | async as data">
  <div class="auth-wrapper">
    <i class="bwi bwi-spinner bwi-lg bwi-spin" [hidden]="!loading" aria-hidden="true"></i>
-    <ng-container *ngIf="data.type == 'ConfirmCredentialRequest'">
-      A site is asking for authentication using the following credential:
-      <div class="box list">
-        <div class="box-content">
-          <app-cipher-row [cipher]="ciphers[0]"></app-cipher-row>
-        </div>
-      </div>
-      <button type="button" class="btn btn-outline-secondary" (click)="confirm()">
-        Authenticate
-      </button>
-    </ng-container>
    <ng-container
      *ngIf="
        data.type == 'PickCredentialRequest' ||
@@ -36,7 +25,7 @@
          <app-cipher-row [cipher]="ciphers[0]"></app-cipher-row>
        </div>
      </div>
-      <button type="button" class="btn btn-outline-secondary" (click)="confirmNew()">Create</button>
+      <button type="button" class="btn btn-outline-secondary" (click)="confirm()">Create</button>
    </ng-container>
    <ng-container *ngIf="data.type == 'InformExcludedCredentialRequest'">
      A passkey already exists in Bitwarden for this account
--- a/apps/browser/src/fido2/popup/fido2/fido2.component.ts
+++ b/apps/browser/src/fido2/popup/fido2/fido2.component.ts
@@ -77,9 +77,6 @@ export class Fido2Component implements OnInit, OnDestroy {
            cipher.fido2Key = new Fido2KeyView();
            cipher.fido2Key.userName = data.userName;
            this.ciphers = [cipher];
-          } else if (data?.type === "ConfirmCredentialRequest") {
-            const cipher = await this.cipherService.get(data.cipherId);
-            this.ciphers = [await cipher.decrypt()];
          } else if (data?.type === "PickCredentialRequest") {
            this.ciphers = await Promise.all(
              data.cipherIds.map(async (cipherId) => {
@@ -117,10 +114,16 @@ export class Fido2Component implements OnInit, OnDestroy {
  async pick(cipher: CipherView) {
    const data = this.data$.value;
    if (data?.type === "PickCredentialRequest") {
+      let userVerified = false;
+      if (data.userVerification) {
+        userVerified = await this.passwordRepromptService.showPasswordPrompt();
+      }
+
      this.send({
        sessionId: this.sessionId,
        cipherId: cipher.id,
        type: "PickCredentialResponse",
+        userVerified,
      });
    } else if (data?.type === "ConfirmNewNonDiscoverableCredentialRequest") {
      let userVerified = false;
@@ -139,15 +142,7 @@ export class Fido2Component implements OnInit, OnDestroy {
    this.loading = true;
  }

-  confirm() {
-    this.send({
-      sessionId: this.sessionId,
-      type: "ConfirmCredentialResponse",
-    });
-    this.loading = true;
-  }
-
-  async confirmNew() {
+  async confirm() {
    const data = this.data$.value;
    if (data.type !== "ConfirmNewCredentialRequest") {
      return;
--- a/apps/browser/src/services/fido2/browser-fido2-user-interface.service.ts
+++ b/apps/browser/src/services/fido2/browser-fido2-user-interface.service.ts
@@ -15,6 +15,7 @@ import {
  Fido2UserInterfaceService as Fido2UserInterfaceServiceAbstraction,
  Fido2UserInterfaceSession,
  NewCredentialParams,
+  PickCredentialParams,
 } from "@bitwarden/common/fido2/abstractions/fido2-user-interface.service.abstraction";
 import { Utils } from "@bitwarden/common/misc/utils";

@@ -46,17 +47,12 @@ export type BrowserFido2Message = { sessionId: string } & (
  | {
      type: "PickCredentialRequest";
      cipherIds: string[];
+      userVerification: boolean;
    }
  | {
      type: "PickCredentialResponse";
      cipherId?: string;
-    }
-  | {
-      type: "ConfirmCredentialRequest";
-      cipherId: string;
-    }
-  | {
-      type: "ConfirmCredentialResponse";
+      userVerified: boolean;
    }
  | {
      type: "ConfirmNewCredentialRequest";
@@ -179,30 +175,21 @@ export class BrowserFido2UserInterfaceSession implements Fido2UserInterfaceSessi
    return this.abortController.signal.aborted;
  }

-  async confirmCredential(cipherId: string): Promise<boolean> {
-    const data: BrowserFido2Message = {
-      type: "ConfirmCredentialRequest",
-      cipherId,
-      sessionId: this.sessionId,
-    };
-
-    await this.send(data);
-    await this.receive("ConfirmCredentialResponse");
-
-    return true;
-  }
-
-  async pickCredential(cipherIds: string[]): Promise<string> {
+  async pickCredential({
+    cipherIds,
+    userVerification,
+  }: PickCredentialParams): Promise<{ cipherId: string; userVerified: boolean }> {
    const data: BrowserFido2Message = {
      type: "PickCredentialRequest",
      cipherIds,
      sessionId: this.sessionId,
+      userVerification,
    };

    await this.send(data);
    const response = await this.receive("PickCredentialResponse");

-    return response.cipherId;
+    return { cipherId: response.cipherId, userVerified: response.userVerified };
  }

  async confirmNewCredential({