mirror of
https://github.com/bitwarden/browser
synced 2025-12-06 00:13:28 +00:00
7cba6f4170
* Turn on passkeys and dev mode
* PM-19138: Add try-catch to desktop-autofill (#13964)
* PM-19424: React to IPC disconnect (#14123)
* React to IPC disconnects
* Minor cleanup
* Update apps/desktop/package.json
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* Relaxed ordering
---------
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* Autofill/pm 9034 implement passkey for unlocked accounts (#13826)
* Passkey stuff
Co-authored-by: Anders Åberg <github@andersaberg.com>
* Ugly hacks
* Work On Modal State Management
* Applying modalStyles
* modal
* Improved hide/show
* fixed promise
* File name
* fix prettier
* Protecting against null API's and undefined data
* Only show fake popup to devs
* cleanup mock code
* rename minmimal-app to modal-app
* Added comment
* Added comment
* removed old comment
* Avoided changing minimum size
* Add small comment
* Rename component
* adress feedback
* Fixed uppercase file
* Fixed build
* Added codeowners
* added void
* commentary
* feat: reset setting on app start
* Moved reset to be in main / process launch
* Add comment to create window
* Added a little bit of styling
* Use Messaging service to loadUrl
* Enable passkeysautofill
* Add logging
* halfbaked
* Integration working
* And now it works without extra delay
* Clean up
* add note about messaging
* lb
* removed console.logs
* Cleanup and adress review feedback
* This hides the swift UI
* add modal components
* update modal with correct ciphers and functionality
* add create screen
* pick credential, draft
* Remove logger
* a whole lot of wiring
* not working
* Improved wiring
* Cancel after 90s
* Introduced observable
* update cipher handling
* update to use matchesUri
* Launching bitwarden if its not running
* Passing position from native to electron
* Rename inModalMode to modalMode
* remove tap
* revert spaces
* added back isDev
* cleaned up a bit
* Cleanup swift file
* tweaked logging
* clean up
* Update apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Update apps/desktop/src/platform/main/autofill/native-autofill.main.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Update apps/desktop/src/platform/services/desktop-settings.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* adress position feedback
* Update apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Removed extra logging
* Adjusted error logging
* Use .error to log errors
* remove dead code
* Update desktop-autofill.service.ts
* use parseCredentialId instead of guidToRawFormat
* Update apps/desktop/src/autofill/services/desktop-autofill.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Change windowXy to a Record instead of [number,number]
* Update apps/desktop/src/autofill/services/desktop-fido2-user-interface.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Remove unsued dep and comment
* changed timeout to be spec recommended maxium, 10 minutes, for now.
* Correctly assume UP
* Removed extra cancelRequest in deinint
* Add timeout and UV to confirmChoseCipher
UV is performed by UI, not the service
* Improved docs regarding undefined cipherId
* cleanup: UP is no longer undefined
* Run completeError if ipc messages conversion failed
* don't throw, instead return undefined
* Disabled passkey provider
* Throw error if no activeUserId was found
* removed comment
* Fixed lint
* removed unsued service
* reset entitlement formatting
* Update entitlements.mas.plist
* Fix build issues
* Fix import issues
* Update route names to use `fido2`
* Fix being unable to select a passkey
* Fix linting issues
* Followup to fix merge issues and other comments
* Update `userHandle` value
* Add error handling for missing session or other errors
* Remove unused route
* Fix linting issues
* Simplify updateCredential method
* Followup to remove comments and timeouts and handle errors
* Address lint issue by using `takeUntilDestroyed`
* PR Followup for typescript and vault concerns
* Add try block for cipher creation
* Make userId manditory for cipher service
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Anders Åberg <github@andersaberg.com>
Co-authored-by: Anders Åberg <anders@andersaberg.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Evan Bassler <evanbassler@Mac.attlocal.net>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* PM-11455: Trigger sync when user enables OS setting (#14127)
* Implemented a SendNativeStatus command
This allows reporting status or asking the electron app to do something.
* fmt
* Update apps/desktop/src/autofill/services/desktop-autofill.service.ts
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* clean up
* Don't add empty callbacks
* Removed comment
---------
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* Added support for handling a locked vault
Handle unlocktimeout
* PM-19511: Add support for ExcludedCredentials (#14128)
* works
* Add mapping
* remove the build script
* cleanup
* simplify updatedCipher (#14179)
* Fix base64url decode on MacOS passkeys (#14227)
* Add support for padding in base64url decode
* whitespace
* whitespace
* Autofill/pm 17444 use reprompt (#14004)
* Passkey stuff
Co-authored-by: Anders Åberg <github@andersaberg.com>
* Ugly hacks
* Work On Modal State Management
* Applying modalStyles
* modal
* Improved hide/show
* fixed promise
* File name
* fix prettier
* Protecting against null API's and undefined data
* Only show fake popup to devs
* cleanup mock code
* rename minmimal-app to modal-app
* Added comment
* Added comment
* removed old comment
* Avoided changing minimum size
* Add small comment
* Rename component
* adress feedback
* Fixed uppercase file
* Fixed build
* Added codeowners
* added void
* commentary
* feat: reset setting on app start
* Moved reset to be in main / process launch
* Add comment to create window
* Added a little bit of styling
* Use Messaging service to loadUrl
* Enable passkeysautofill
* Add logging
* halfbaked
* Integration working
* And now it works without extra delay
* Clean up
* add note about messaging
* lb
* removed console.logs
* Cleanup and adress review feedback
* This hides the swift UI
* add modal components
* update modal with correct ciphers and functionality
* add create screen
* pick credential, draft
* Remove logger
* a whole lot of wiring
* not working
* Improved wiring
* Cancel after 90s
* Introduced observable
* update cipher handling
* update to use matchesUri
* Launching bitwarden if its not running
* Passing position from native to electron
* Rename inModalMode to modalMode
* remove tap
* revert spaces
* added back isDev
* cleaned up a bit
* Cleanup swift file
* tweaked logging
* clean up
* Update apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Update apps/desktop/src/platform/main/autofill/native-autofill.main.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Update apps/desktop/src/platform/services/desktop-settings.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* adress position feedback
* Update apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Removed extra logging
* Adjusted error logging
* Use .error to log errors
* remove dead code
* Update desktop-autofill.service.ts
* use parseCredentialId instead of guidToRawFormat
* Update apps/desktop/src/autofill/services/desktop-autofill.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Change windowXy to a Record instead of [number,number]
* Update apps/desktop/src/autofill/services/desktop-fido2-user-interface.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Remove unsued dep and comment
* changed timeout to be spec recommended maxium, 10 minutes, for now.
* Correctly assume UP
* Removed extra cancelRequest in deinint
* Add timeout and UV to confirmChoseCipher
UV is performed by UI, not the service
* Improved docs regarding undefined cipherId
* cleanup: UP is no longer undefined
* Run completeError if ipc messages conversion failed
* don't throw, instead return undefined
* Disabled passkey provider
* Throw error if no activeUserId was found
* removed comment
* Fixed lint
* removed unsued service
* reset entitlement formatting
* Update entitlements.mas.plist
* Fix build issues
* Fix import issues
* Update route names to use `fido2`
* Fix being unable to select a passkey
* Fix linting issues
* Added support for handling a locked vault
* Followup to fix merge issues and other comments
* Update `userHandle` value
* Add error handling for missing session or other errors
* Remove unused route
* Fix linting issues
* Simplify updateCredential method
* Add master password reprompt on passkey create
* Followup to remove comments and timeouts and handle errors
* Address lint issue by using `takeUntilDestroyed`
* Add MP prompt to cipher selection
* Change how timeout is handled
* Include `of` from rxjs
* Hide blue header for passkey popouts (#14095)
* Hide blue header for passkey popouts
* Fix issue with test
* Fix ngOnDestroy complaint
* Import OnDestroy correctly
* Only require master password if item requires it
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Anders Åberg <github@andersaberg.com>
Co-authored-by: Anders Åberg <anders@andersaberg.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Evan Bassler <evanbassler@Mac.attlocal.net>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Change modal size to 600x600
* Improve MacOS Syncing
This changes the behaviour to react to logoff, but not to account locks. It also adds better error handling on the native side.
* Improved modalPosition by allowing multiple calls to applyModalStyles
* moved imports to please lint
* Make passkey header stick for select and create (#14357)
* Added local build command
* Exclude credentials using kvc to avoid comilation error in cicd (#14568)
* Fix syntax error
* Don't use kvc
* Enables the autofill extension in mac and mas builds (#14373)
* Enables autofill extension building
* Try use macos-14
* add --break-system-packages for macos14
* revert using build-native
* try add rustup target add x86_64-apple-darwin
* add more rustup target add x86_64-apple-darwin
* try to force sdk version
* Show SDK versions
* USE KVC for excludedCredentials
* added xcodebuild deugging
* Revert "try to force sdk version"
This reverts commit d94f2550ad.
* Use macos-15
* undo merge
* remove macos-15 from cli
* remove macos-15 from browser
---------
Co-authored-by: Anders Åberg <anders@andersaberg.com>
* Improve Autofill IPC reliability (#14358)
* Delay IPC server start
* Better ipc handling
* Rename ready() to listenerReady()
---------
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* feat: add test and check for too long buffers (#14775)
* Autofill/PM-19511: Overwrite and reprompt (#14288)
* Show items for url that don't have passkey
* Show existing login items in the UI
* Filter available cipher results (#14399)
* Filter available cipher results
* Fix linting issues
* Update logic for eligible ciphers
* Remove unused method to check matching username
* PM-20608 update styling for excludedCredentials (#14444)
* PM-20608 update styling for excludedCredentials
* Have flow correctly move to creation for excluded cipher
* Remove duplicate confirmNeCredential call
* Revert fido2-authenticator changes and move the excluded check
* Create a separate component for excluded cipher view
* Display traffic light MacOS buttons when the vault is locked (#14673)
* Remove unneccessary filter for excludedCiphers
* Remove dead code from the excluded ciphers work
* Remove excludedCipher checks from fido2 create and vault
* Remove excludedCipher remnants from vault and simplify create cipher logic
* Move cipherHasNoOtherPasskeys to shared fido2-utils
* Remove all containsExcludedCipher references
* Use `bufferToString` to convert `userHandle`
---------
Co-authored-by: Jeffrey Holland <jholland@livefront.com>
Co-authored-by: Jeffrey Holland <124393578+jholland-livefront@users.noreply.github.com>
* Move modal files to `autofill` and rename dir to `credentials` (#14757)
* Show existing login items in the UI
* Filter available cipher results (#14399)
* Filter available cipher results
* Fix linting issues
* Update logic for eligible ciphers
* Remove unused method to check matching username
* PM-20608 update styling for excludedCredentials (#14444)
* PM-20608 update styling for excludedCredentials
* Have flow correctly move to creation for excluded cipher
* Remove duplicate confirmNeCredential call
* Revert fido2-authenticator changes and move the excluded check
* Create a separate component for excluded cipher view
* Display traffic light MacOS buttons when the vault is locked (#14673)
* Remove unneccessary filter for excludedCiphers
* Remove dead code from the excluded ciphers work
* Remove excludedCipher checks from fido2 create and vault
* Move modal files to `autofill` and rename dir to `credentials`
* Update merge issues
* Add tests for `cipherHasNoOtherPasskeys` (#14829)
* Adjust spacing to place new login button below other items (#14877)
* Adjust spacing to place new login button below other items
* Add correct design when no credentials available (#14879)
* Autofill/pm 21903 use translations everywhere for passkeys (#14908)
* Adjust spacing to place new login button below other items
* Add correct design when no credentials available
* Add correct design when no credentials available (#14879)
* Remove hardcoded strings and use translations in passkey flow
* Remove duplicate `select` translation
* Autofill/pm 21864 center unlock vault modal (#14867)
* Center the Locked Vault modal when using passkeys
* Revert swift changes and handle offscreen modals
* Remove comments
* Add rustup for cicd to work (#15055)
* Hide credentials that are in the bin (#15034)
* Add tests for passkey components (#15185)
* Add tests for passkey components
* Reuse cipher in chooseCipher tests and simplify mock creation
* Autofill/pm 22821 center vault modal (#15243)
* Center the vault modal for passkeys
* Add comments and fix electron-builder.json
* Set values to Int32 in the ternaries
* Refactor Fido2 Components (#15105)
* Refactor Fido2 Components
* Address error message and missing session
* Address remaining missing session
* Reset modals so subsequent creates work (#15145)
* Fix broken test
* Rename relevantCiphers to displayedCiphers
* Clean up heading settings, errors, and other concerns
* Address missing comments and throw error in try block
* fix type issue for SimpleDialogType
* fix type issue for SimpleDialogType
* Revert new type
* try using as null to satisfy type issue
* Remove use of firstValueFrom in create component
* PM-22476: Show config UI while enabling Bitwarden (#15149)
* Show config ui while enabling Bitwarden
* locals
* Added Localizable strings
* Changed the linebreakmode
* Removed swedish locals
* Add provisioning profile values to electron build (#15412)
* Address BitwardenShield icon issue
* Fix fido2-vault component
* Display the vault modal when selecting Bitwarden... (#15257)
* Passkeys filtering breaks on SSH keys (#15448)
* Display the blue header on the locked vault passkey flow (#15655)
* PM-23848: Use the MacOS UI-friendly API instead (#15650)
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Fix action text and close vault modal (#15634)
* Fix action text and close vault modal
* Fix broken tests
* Update SVG to support dark mode (#15805)
* When a locked vault is unlocked displays correctly (#15612)
* When a locked vault is unlocked displays correctly
* Keep old behavior while checking for recently unlocked vault
* Revert the electron-builder
* Simplify by using a simple redirect when vault unlocked
* Remove single use of `userSelectedCipher`
* Add a guard clause to unlock
* Revert to original spacing
* Add reactive guard to unlock vault
* Fix for passkey picker closing prematurely
* Remove unneeded root navigation in ensureUnlockedVault
* Fix vault not unlocking
* Update broken tests for lock component
* Add missing brace to preload.ts
* Run lint
* Added explainer
* Moved the explainer
* Tidying up readme
* Add feature flag to short-circuit the passkey provider (#16003)
* Add feature flag to short-circuit the passkey provider
* Check FF in renderer instead
* Lint fixes
* PM-22175: Improve launch of app + window positioning (#15658)
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Fix launch of app + window pos
* Wait for animation to complete and use proper position
* Wait for animation to complete and use proper position
* Added commentary
* Remove console.log
* Remove call to removed function
---------
Co-authored-by: Jeffrey Holland <jholland@livefront.com>
Co-authored-by: Jeffrey Holland <124393578+jholland-livefront@users.noreply.github.com>
* Update fido2-vault and fido2-service implementations
* Use tailwind-alike classes for new styles
* Add label to biticons in passkey modals
* Fix broken vault test
* Revert to original `isDev` function
* Add comment to lock component describing `disable-redirect` param
* Use tailwind classes instead of custom sticky header class
* Use standard `tw-z-10` for z-index
* Change log service levels
* Mock svg icons for CI
* Add back provisioning profiles
* Remove `--break-system-packages` and simplify commands
* Revert `cipherId` param for `confirmNewCredential`
* Remove placeholder UI
* Small improvements to the readme
* Remove optional userId and deprecated method
* Autofill should own the macos_provider (#16271)
* Autofill should own the macos_provider
* Autofill should own the macos_provider
* Remove unnecessary logs, no magic numbers, revert `cipherId?`
* Fixes for broken build
* Update test issues
* [BEEEP] Use tracing in macOS provider
* Update comments and add null check for ciphers
* Update status comments and readme
* Remove electron modal mode link
* Clarify modal mode use
* Add comment about usernames
* Add comment that we don't support extensions yet
* Added comment about base64 format
* Use NO_CALLBACK_INDICATOR
* cb -> callback
* Update apps/desktop/desktop_native/napi/src/lib.rs
Co-authored-by: neuronull <9162534+neuronull@users.noreply.github.com>
* Clean up Fido2Create subscriptions and update comments
* added comment to clarify silent exception
* Add comments
* clean up unwrap()
* set log level filter to INFO
* Address modal popup issue
* plutil on Info.plist
* Adhere to style guides
* Fix broken lock ui component tests
* Fix broken lock ui component tests
* Added codeowners entry
* logservice.warning -> debug
* Uint8Array -> ArrayBuffer
* Remove autofill entitlement
* Fix linting issues
* Fix arm build issue
* Adjust build command
* Add missing entitlement
* revert missing entitlement change
* Add proper autofill entitlements
* Remove autofill extension from mas builds
* Run rust formatter
---------
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
Co-authored-by: Jeffrey Holland <124393578+jholland-livefront@users.noreply.github.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Evan Bassler <evanbassler@Mac.attlocal.net>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
Co-authored-by: Nathan Ansel <nathan@livefront.com>
Co-authored-by: Jeffrey Holland <jholland@livefront.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
Co-authored-by: neuronull <9162534+neuronull@users.noreply.github.com>
482 lines
22 KiB
Swift
482 lines
22 KiB
Swift
//
|
|
// CredentialProviderViewController.swift
|
|
// autofill-extension
|
|
//
|
|
// Created by Andreas Coroiu on 2023-12-21.
|
|
//
|
|
|
|
import AuthenticationServices
|
|
import os
|
|
|
|
class CredentialProviderViewController: ASCredentialProviderViewController {
|
|
let logger: Logger
|
|
|
|
@IBOutlet weak var statusLabel: NSTextField!
|
|
@IBOutlet weak var logoImageView: NSImageView!
|
|
|
|
// The IPC client to communicate with the Bitwarden desktop app
|
|
private var client: MacOsProviderClient?
|
|
|
|
// Timer for checking connection status
|
|
private var connectionMonitorTimer: Timer?
|
|
private var lastConnectionStatus: ConnectionStatus = .disconnected
|
|
|
|
// We changed the getClient method to be async, here's why:
|
|
// This is so that we can check if the app is running, and launch it, without blocking the main thread
|
|
// Blocking the main thread caused MacOS layouting to 'fail' or at least be very delayed, which caused our getWindowPositioning code to sent 0,0.
|
|
// We also properly retry the IPC connection which sometimes would take some time to be up and running, depending on CPU load, phase of jupiters moon, etc.
|
|
private func getClient() async -> MacOsProviderClient {
|
|
if let client = self.client {
|
|
return client
|
|
}
|
|
|
|
let logger = Logger(subsystem: "com.bitwarden.desktop.autofill-extension", category: "credential-provider")
|
|
|
|
// Check if the Electron app is running
|
|
let workspace = NSWorkspace.shared
|
|
let isRunning = workspace.runningApplications.contains { app in
|
|
app.bundleIdentifier == "com.bitwarden.desktop"
|
|
}
|
|
|
|
if !isRunning {
|
|
logger.log("[autofill-extension] Bitwarden Desktop not running, attempting to launch")
|
|
|
|
// Launch the app and wait for it to be ready
|
|
if let appURL = workspace.urlForApplication(withBundleIdentifier: "com.bitwarden.desktop") {
|
|
await withCheckedContinuation { continuation in
|
|
workspace.openApplication(at: appURL, configuration: NSWorkspace.OpenConfiguration()) { app, error in
|
|
if let error = error {
|
|
logger.error("[autofill-extension] Failed to launch Bitwarden Desktop: \(error.localizedDescription)")
|
|
} else {
|
|
logger.log("[autofill-extension] Successfully launched Bitwarden Desktop")
|
|
}
|
|
continuation.resume()
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
logger.log("[autofill-extension] Connecting to Bitwarden over IPC")
|
|
|
|
// Retry connecting to the Bitwarden IPC with an increasing delay
|
|
let maxRetries = 20
|
|
let delayMs = 500
|
|
var newClient: MacOsProviderClient?
|
|
|
|
for attempt in 1...maxRetries {
|
|
logger.log("[autofill-extension] Connection attempt \(attempt)")
|
|
|
|
// Create a new client instance for each retry
|
|
newClient = MacOsProviderClient.connect()
|
|
try? await Task.sleep(nanoseconds: UInt64(100 * attempt + (delayMs * 1_000_000))) // Convert ms to nanoseconds
|
|
let connectionStatus = newClient!.getConnectionStatus()
|
|
|
|
logger.log("[autofill-extension] Connection attempt \(attempt), status: \(connectionStatus == .connected ? "connected" : "disconnected")")
|
|
|
|
if connectionStatus == .connected {
|
|
logger.log("[autofill-extension] Successfully connected to Bitwarden (attempt \(attempt))")
|
|
break
|
|
} else {
|
|
if attempt < maxRetries {
|
|
logger.log("[autofill-extension] Retrying connection")
|
|
} else {
|
|
logger.error("[autofill-extension] Failed to connect after \(maxRetries) attempts, final status: \(connectionStatus == .connected ? "connected" : "disconnected")")
|
|
}
|
|
}
|
|
}
|
|
|
|
self.client = newClient
|
|
return newClient!
|
|
}
|
|
|
|
// Setup the connection monitoring timer
|
|
private func setupConnectionMonitoring() {
|
|
// Check connection status every 1 second
|
|
connectionMonitorTimer = Timer.scheduledTimer(withTimeInterval: 1.0, repeats: true) { [weak self] _ in
|
|
self?.checkConnectionStatus()
|
|
}
|
|
|
|
// Make sure timer runs even when UI is busy
|
|
RunLoop.current.add(connectionMonitorTimer!, forMode: .common)
|
|
|
|
// Initial check
|
|
checkConnectionStatus()
|
|
}
|
|
|
|
// Check the connection status by calling into Rust
|
|
// If the connection is has changed and is now disconnected, cancel the request
|
|
private func checkConnectionStatus() {
|
|
// Only check connection status if the client has been initialized.
|
|
// Initialization is done asynchronously, so we might be called before it's ready
|
|
// In that case we just skip this check and wait for the next timer tick and re-check
|
|
guard let client = self.client else {
|
|
return
|
|
}
|
|
|
|
// Get the current connection status from Rust
|
|
let currentStatus = client.getConnectionStatus()
|
|
|
|
// Only post notification if state changed
|
|
if currentStatus != lastConnectionStatus {
|
|
if(currentStatus == .connected) {
|
|
logger.log("[autofill-extension] Connection status changed: Connected")
|
|
} else {
|
|
logger.log("[autofill-extension] Connection status changed: Disconnected")
|
|
}
|
|
|
|
// Save the new status
|
|
lastConnectionStatus = currentStatus
|
|
|
|
// If we just disconnected, try to cancel the request
|
|
if currentStatus == .disconnected {
|
|
self.extensionContext.cancelRequest(withError: BitwardenError.Internal("Bitwarden desktop app disconnected"))
|
|
}
|
|
}
|
|
}
|
|
|
|
init() {
|
|
logger = Logger(subsystem: "com.bitwarden.desktop.autofill-extension", category: "credential-provider")
|
|
|
|
logger.log("[autofill-extension] initializing extension")
|
|
|
|
super.init(nibName: "CredentialProviderViewController", bundle: nil)
|
|
|
|
// Setup connection monitoring now that self is available
|
|
setupConnectionMonitoring()
|
|
}
|
|
|
|
required init?(coder: NSCoder) {
|
|
fatalError("init(coder:) has not been implemented")
|
|
}
|
|
|
|
deinit {
|
|
logger.log("[autofill-extension] deinitializing extension")
|
|
|
|
// Stop the connection monitor timer
|
|
connectionMonitorTimer?.invalidate()
|
|
connectionMonitorTimer = nil
|
|
}
|
|
|
|
private func getWindowPosition() async -> Position {
|
|
let screenHeight = NSScreen.main?.frame.height ?? 1440
|
|
|
|
logger.log("[autofill-extension] position: Getting window position")
|
|
|
|
// To whomever is reading this. Sorry. But MacOS couldn't give us an accurate window positioning, possibly due to animations
|
|
// So I added some retry logic, as well as a fall back to the mouse position which is likely at the sort of the right place.
|
|
// In my testing we often succed after 4-7 attempts.
|
|
// Wait for window frame to stabilize (animation to complete)
|
|
var lastFrame: CGRect = .zero
|
|
var stableCount = 0
|
|
let requiredStableChecks = 3
|
|
let maxAttempts = 20
|
|
var attempts = 0
|
|
|
|
while stableCount < requiredStableChecks && attempts < maxAttempts {
|
|
let currentFrame: CGRect = self.view.window?.frame ?? .zero
|
|
|
|
if currentFrame.equalTo(lastFrame) && !currentFrame.equalTo(.zero) {
|
|
stableCount += 1
|
|
} else {
|
|
stableCount = 0
|
|
lastFrame = currentFrame
|
|
}
|
|
|
|
try? await Task.sleep(nanoseconds: 16_666_666) // ~60fps (16.67ms)
|
|
attempts += 1
|
|
}
|
|
|
|
let finalWindowFrame = self.view.window?.frame ?? .zero
|
|
logger.log("[autofill-extension] position: Final window frame: \(NSStringFromRect(finalWindowFrame))")
|
|
|
|
// Use stabilized window frame if available, otherwise fallback to mouse position
|
|
if finalWindowFrame.origin.x != 0 || finalWindowFrame.origin.y != 0 {
|
|
let centerX = Int32(round(finalWindowFrame.origin.x))
|
|
let centerY = Int32(round(screenHeight - finalWindowFrame.origin.y))
|
|
logger.log("[autofill-extension] position: Using window position: x=\(centerX), y=\(centerY)")
|
|
return Position(x: centerX, y: centerY)
|
|
} else {
|
|
// Fallback to mouse position
|
|
let mouseLocation = NSEvent.mouseLocation
|
|
let mouseX = Int32(round(mouseLocation.x))
|
|
let mouseY = Int32(round(screenHeight - mouseLocation.y))
|
|
logger.log("[autofill-extension] position: Using mouse position fallback: x=\(mouseX), y=\(mouseY)")
|
|
return Position(x: mouseX, y: mouseY)
|
|
}
|
|
}
|
|
|
|
override func viewDidLoad() {
|
|
super.viewDidLoad()
|
|
|
|
// Initially hide the view
|
|
self.view.isHidden = true
|
|
}
|
|
|
|
override func prepareInterfaceForExtensionConfiguration() {
|
|
// Show the configuration UI
|
|
self.view.isHidden = false
|
|
|
|
// Set the localized message
|
|
statusLabel.stringValue = NSLocalizedString("autofillConfigurationMessage", comment: "Message shown when Bitwarden is enabled in system settings")
|
|
|
|
// Send the native status request asynchronously
|
|
Task {
|
|
let client = await getClient()
|
|
client.sendNativeStatus(key: "request-sync", value: "")
|
|
}
|
|
|
|
// Complete the configuration after 2 seconds
|
|
DispatchQueue.main.asyncAfter(deadline: .now() + 2.0) { [weak self] in
|
|
self?.extensionContext.completeExtensionConfigurationRequest()
|
|
}
|
|
}
|
|
|
|
/*
|
|
In order to implement this method, we need to query the state of the vault to be unlocked and have one and only one matching credential so that it doesn't need to show ui.
|
|
If we do show UI, it's going to fail and disconnect after the platform timeout which is 3s.
|
|
For now we just claim to always need UI displayed.
|
|
*/
|
|
override func provideCredentialWithoutUserInteraction(for credentialRequest: any ASCredentialRequest) {
|
|
let error = ASExtensionError(.userInteractionRequired)
|
|
self.extensionContext.cancelRequest(withError: error)
|
|
return
|
|
}
|
|
|
|
/*
|
|
Implement this method if provideCredentialWithoutUserInteraction(for:) can fail with
|
|
ASExtensionError.userInteractionRequired. In this case, the system may present your extension's
|
|
UI and call this method. Show appropriate UI for authenticating the user then provide the password
|
|
by completing the extension request with the associated ASPasswordCredential.
|
|
*/
|
|
override func prepareInterfaceToProvideCredential(for credentialRequest: ASCredentialRequest) {
|
|
let timeoutTimer = createTimer()
|
|
if let request = credentialRequest as? ASPasskeyCredentialRequest {
|
|
if let passkeyIdentity = request.credentialIdentity as? ASPasskeyCredentialIdentity {
|
|
|
|
logger.log("[autofill-extension] prepareInterfaceToProvideCredential (passkey) called \(request)")
|
|
|
|
class CallbackImpl: PreparePasskeyAssertionCallback {
|
|
let ctx: ASCredentialProviderExtensionContext
|
|
let logger: Logger
|
|
let timeoutTimer: DispatchWorkItem
|
|
required init(_ ctx: ASCredentialProviderExtensionContext,_ logger: Logger, _ timeoutTimer: DispatchWorkItem) {
|
|
self.ctx = ctx
|
|
self.logger = logger
|
|
self.timeoutTimer = timeoutTimer
|
|
}
|
|
|
|
func onComplete(credential: PasskeyAssertionResponse) {
|
|
self.timeoutTimer.cancel()
|
|
ctx.completeAssertionRequest(using: ASPasskeyAssertionCredential(
|
|
userHandle: credential.userHandle,
|
|
relyingParty: credential.rpId,
|
|
signature: credential.signature,
|
|
clientDataHash: credential.clientDataHash,
|
|
authenticatorData: credential.authenticatorData,
|
|
credentialID: credential.credentialId
|
|
))
|
|
}
|
|
|
|
func onError(error: BitwardenError) {
|
|
logger.error("[autofill-extension] OnError called, cancelling the request \(error)")
|
|
self.timeoutTimer.cancel()
|
|
ctx.cancelRequest(withError: error)
|
|
}
|
|
}
|
|
|
|
let userVerification = switch request.userVerificationPreference {
|
|
case .preferred:
|
|
UserVerification.preferred
|
|
case .required:
|
|
UserVerification.required
|
|
default:
|
|
UserVerification.discouraged
|
|
}
|
|
|
|
/*
|
|
We're still using the old request type here, because we're sending the same data, we're expecting a single credential to be used
|
|
*/
|
|
Task {
|
|
let windowPosition = await self.getWindowPosition()
|
|
let req = PasskeyAssertionWithoutUserInterfaceRequest(
|
|
rpId: passkeyIdentity.relyingPartyIdentifier,
|
|
credentialId: passkeyIdentity.credentialID,
|
|
userName: passkeyIdentity.userName,
|
|
userHandle: passkeyIdentity.userHandle,
|
|
recordIdentifier: passkeyIdentity.recordIdentifier,
|
|
clientDataHash: request.clientDataHash,
|
|
userVerification: userVerification,
|
|
windowXy: windowPosition
|
|
)
|
|
|
|
let client = await getClient()
|
|
client.preparePasskeyAssertionWithoutUserInterface(request: req, callback: CallbackImpl(self.extensionContext, self.logger, timeoutTimer))
|
|
}
|
|
return
|
|
}
|
|
}
|
|
|
|
timeoutTimer.cancel()
|
|
|
|
logger.log("[autofill-extension] provideCredentialWithoutUserInteraction2 called wrong")
|
|
self.extensionContext.cancelRequest(withError: BitwardenError.Internal("Invalid authentication request"))
|
|
}
|
|
|
|
private func createTimer() -> DispatchWorkItem {
|
|
// Create a timer for 600 second timeout
|
|
let timeoutTimer = DispatchWorkItem { [weak self] in
|
|
guard let self = self else { return }
|
|
logger.log("[autofill-extension] The operation timed out after 600 seconds")
|
|
self.extensionContext.cancelRequest(withError: BitwardenError.Internal("The operation timed out"))
|
|
}
|
|
|
|
// Schedule the timeout
|
|
DispatchQueue.main.asyncAfter(deadline: .now() + 600, execute: timeoutTimer)
|
|
|
|
return timeoutTimer
|
|
}
|
|
|
|
override func prepareInterface(forPasskeyRegistration registrationRequest: ASCredentialRequest) {
|
|
logger.log("[autofill-extension] prepareInterface")
|
|
let timeoutTimer = createTimer()
|
|
|
|
|
|
if let request = registrationRequest as? ASPasskeyCredentialRequest {
|
|
if let passkeyIdentity = registrationRequest.credentialIdentity as? ASPasskeyCredentialIdentity {
|
|
logger.log("[autofill-extension] prepareInterface(passkey) called \(request)")
|
|
|
|
class CallbackImpl: PreparePasskeyRegistrationCallback {
|
|
let ctx: ASCredentialProviderExtensionContext
|
|
let timeoutTimer: DispatchWorkItem
|
|
let logger: Logger
|
|
|
|
required init(_ ctx: ASCredentialProviderExtensionContext, _ logger: Logger,_ timeoutTimer: DispatchWorkItem) {
|
|
self.ctx = ctx
|
|
self.logger = logger
|
|
self.timeoutTimer = timeoutTimer
|
|
}
|
|
|
|
func onComplete(credential: PasskeyRegistrationResponse) {
|
|
self.timeoutTimer.cancel()
|
|
ctx.completeRegistrationRequest(using: ASPasskeyRegistrationCredential(
|
|
relyingParty: credential.rpId,
|
|
clientDataHash: credential.clientDataHash,
|
|
credentialID: credential.credentialId,
|
|
attestationObject: credential.attestationObject
|
|
))
|
|
}
|
|
|
|
func onError(error: BitwardenError) {
|
|
logger.error("[autofill-extension] OnError called, cancelling the request \(error)")
|
|
self.timeoutTimer.cancel()
|
|
ctx.cancelRequest(withError: error)
|
|
}
|
|
}
|
|
|
|
let userVerification = switch request.userVerificationPreference {
|
|
case .preferred:
|
|
UserVerification.preferred
|
|
case .required:
|
|
UserVerification.required
|
|
default:
|
|
UserVerification.discouraged
|
|
}
|
|
|
|
// Convert excluded credentials to an array of credential IDs
|
|
var excludedCredentialIds: [Data] = []
|
|
if #available(macOSApplicationExtension 15.0, *) {
|
|
if let excludedCreds = request.excludedCredentials {
|
|
excludedCredentialIds = excludedCreds.map { $0.credentialID }
|
|
}
|
|
}
|
|
|
|
logger.log("[autofill-extension] prepareInterface(passkey) calling preparePasskeyRegistration")
|
|
|
|
Task {
|
|
let windowPosition = await self.getWindowPosition()
|
|
let req = PasskeyRegistrationRequest(
|
|
rpId: passkeyIdentity.relyingPartyIdentifier,
|
|
userName: passkeyIdentity.userName,
|
|
userHandle: passkeyIdentity.userHandle,
|
|
clientDataHash: request.clientDataHash,
|
|
userVerification: userVerification,
|
|
supportedAlgorithms: request.supportedAlgorithms.map{ Int32($0.rawValue) },
|
|
windowXy: windowPosition,
|
|
excludedCredentials: excludedCredentialIds
|
|
)
|
|
|
|
let client = await getClient()
|
|
client.preparePasskeyRegistration(request: req, callback: CallbackImpl(self.extensionContext, self.logger, timeoutTimer))
|
|
}
|
|
return
|
|
}
|
|
}
|
|
|
|
logger.log("[autofill-extension] We didn't get a passkey")
|
|
|
|
timeoutTimer.cancel()
|
|
// If we didn't get a passkey, return an error
|
|
self.extensionContext.cancelRequest(withError: BitwardenError.Internal("Invalid registration request"))
|
|
}
|
|
|
|
override func prepareCredentialList(for serviceIdentifiers: [ASCredentialServiceIdentifier], requestParameters: ASPasskeyCredentialRequestParameters) {
|
|
logger.log("[autofill-extension] prepareCredentialList(passkey) for serviceIdentifiers: \(serviceIdentifiers.count)")
|
|
|
|
class CallbackImpl: PreparePasskeyAssertionCallback {
|
|
let ctx: ASCredentialProviderExtensionContext
|
|
let timeoutTimer: DispatchWorkItem
|
|
let logger: Logger
|
|
required init(_ ctx: ASCredentialProviderExtensionContext,_ logger: Logger, _ timeoutTimer: DispatchWorkItem) {
|
|
self.ctx = ctx
|
|
self.logger = logger
|
|
self.timeoutTimer = timeoutTimer
|
|
}
|
|
|
|
func onComplete(credential: PasskeyAssertionResponse) {
|
|
self.timeoutTimer.cancel()
|
|
ctx.completeAssertionRequest(using: ASPasskeyAssertionCredential(
|
|
userHandle: credential.userHandle,
|
|
relyingParty: credential.rpId,
|
|
signature: credential.signature,
|
|
clientDataHash: credential.clientDataHash,
|
|
authenticatorData: credential.authenticatorData,
|
|
credentialID: credential.credentialId
|
|
))
|
|
}
|
|
|
|
func onError(error: BitwardenError) {
|
|
logger.error("[autofill-extension] OnError called, cancelling the request \(error)")
|
|
self.timeoutTimer.cancel()
|
|
ctx.cancelRequest(withError: error)
|
|
}
|
|
}
|
|
|
|
let userVerification = switch requestParameters.userVerificationPreference {
|
|
case .preferred:
|
|
UserVerification.preferred
|
|
case .required:
|
|
UserVerification.required
|
|
default:
|
|
UserVerification.discouraged
|
|
}
|
|
|
|
let timeoutTimer = createTimer()
|
|
|
|
Task {
|
|
let windowPosition = await self.getWindowPosition()
|
|
let req = PasskeyAssertionRequest(
|
|
rpId: requestParameters.relyingPartyIdentifier,
|
|
clientDataHash: requestParameters.clientDataHash,
|
|
userVerification: userVerification,
|
|
allowedCredentials: requestParameters.allowedCredentials,
|
|
windowXy: windowPosition
|
|
//extensionInput: requestParameters.extensionInput, // We don't support extensions yet
|
|
)
|
|
|
|
let client = await getClient()
|
|
client.preparePasskeyAssertion(request: req, callback: CallbackImpl(self.extensionContext, self.logger, timeoutTimer))
|
|
}
|
|
return
|
|
}
|
|
}
|