[PM-5731] feat: find discoverable credentials

src/Core/Services/Fido2AuthenticatorService.cs

@@ -34,8 +34,7 @@ namespace Bit.Core.Services
                     assertionParams.RpId
                 );
             } else {
-                cipherOptions = new List<CipherView>();
+                cipherOptions = await FindCredentialsByRp(assertionParams.RpId);
-                // cipherOptions = await this.findCredentialsByRp(params.rpId);
             }
 
             if (cipherOptions.Count == 0) {
@@ -82,8 +81,20 @@ namespace Bit.Core.Services
             !cipher.IsDeleted &&
             cipher.Type == CipherType.Login &&
             cipher.Login.HasFido2Credentials &&
-            cipher.Login.Fido2Credentials[0].RpId == rpId &&
+            cipher.Login.MainFido2Credential.RpId == rpId &&
-            ids.Contains(cipher.Login.Fido2Credentials[0].CredentialId)
+            ids.Contains(cipher.Login.MainFido2Credential.CredentialId)
+        );
+    }
+
+    private async Task<List<CipherView>> FindCredentialsByRp(string rpId)
+    {
+        var ciphers = await _cipherService.GetAllDecryptedAsync();
+        return ciphers.FindAll((cipher) =>
+            !cipher.IsDeleted &&
+            cipher.Type == CipherType.Login &&
+            cipher.Login.HasFido2Credentials &&
+            cipher.Login.MainFido2Credential.RpId == rpId &&
+            cipher.Login.MainFido2Credential.IsDiscoverable
         );
     }
 

test/Core.Test/Services/Fido2AuthenticatorTests.cs

@@ -77,6 +77,43 @@ namespace Bit.Core.Test.Services
             ));
         }
 
+        [Theory]
+        [InlineCustomAutoData(new[] { typeof(SutProviderCustomization) })]
+        public async Task GetAssertionAsync_AsksForDiscoverableCredentials_ParamsDoesNotContainsAllowedCredentialsList(SutProvider<Fido2AuthenticatorService> sutProvider, Fido2AuthenticatorGetAssertionParams aParams)
+        {
+            var credentialIds = new[] { Guid.NewGuid(), Guid.NewGuid() };
+            List<CipherView> ciphers = [ 
+                CreateCipherView(credentialIds[0].ToString(), "bitwarden.com", false),
+                CreateCipherView(credentialIds[1].ToString(), "bitwarden.com", true)
+            ];
+            var discoverableCiphers = ciphers.Where((cipher) => cipher.Login.MainFido2Credential.IsDiscoverable).ToList();
+            aParams.RpId = "bitwarden.com";
+            aParams.AllowCredentialDescriptorList = null;
+            sutProvider.GetDependency<ICipherService>().GetAllDecryptedAsync().Returns(ciphers);
+
+            await sutProvider.Sut.GetAssertionAsync(aParams);
+
+            await sutProvider.GetDependency<IFido2UserInterface>().Received().PickCredentialAsync(Arg.Is<Fido2PickCredentialParams>(
+                (pickCredentialParams) => pickCredentialParams.CipherIds.SequenceEqual(discoverableCiphers.Select((cipher) => cipher.Id)) && pickCredentialParams.UserVerification == aParams.RequireUserVerification
+            ));
+        }
+
+    //   it("should only ask for discoverable credentials matched by rpId when params does not contains allowedCredentials list", async () => {
+    //     params.allowCredentialDescriptorList = undefined;
+    //     const discoverableCiphers = ciphers.filter((c) => c.login.fido2Credentials[0].discoverable);
+    //     userInterfaceSession.pickCredential.mockResolvedValue({
+    //       cipherId: discoverableCiphers[0].id,
+    //       userVerified: false,
+    //     });
+
+    //     await authenticator.getAssertion(params, tab);
+
+    //     expect(userInterfaceSession.pickCredential).toHaveBeenCalledWith({
+    //       cipherIds: [discoverableCiphers[0].id],
+    //       userVerification: false,
+    //     });
+    //   });
+
         #endregion
 
         private byte[] RandomBytes(int length)