From 3e62559f4498f934f8a2192850b65eaa68b728c9 Mon Sep 17 00:00:00 2001 From: Todd Martin <106564991+trmartin4@users.noreply.github.com> Date: Thu, 26 Oct 2023 13:01:20 -0400 Subject: [PATCH] [PM-4580] Removed user verification requirement (#6711) * Revert the undefined UV check. * Adjusted formatting * Remove restriction on passkeys for users without MPs. * Removed user verification checks --- .../popup/components/fido2/fido2.component.ts | 38 +++++-------------- .../services/fido2/fido2-client.service.ts | 5 ++- 2 files changed, 13 insertions(+), 30 deletions(-) diff --git a/apps/browser/src/vault/popup/components/fido2/fido2.component.ts b/apps/browser/src/vault/popup/components/fido2/fido2.component.ts index b5247169aa..6f0bf96dee 100644 --- a/apps/browser/src/vault/popup/components/fido2/fido2.component.ts +++ b/apps/browser/src/vault/popup/components/fido2/fido2.component.ts @@ -122,20 +122,6 @@ export class Fido2Component implements OnInit, OnDestroy { return; } - // Show dialog if user account does not have master password - if (!(await this.passwordRepromptService.enabled())) { - await this.dialogService.openSimpleDialog({ - title: { key: "featureNotSupported" }, - content: { key: "passkeyFeatureIsNotImplementedForAccountsWithoutMasterPassword" }, - acceptButtonText: { key: "ok" }, - cancelButtonText: null, - type: "info", - }); - - this.abort(true); - return; - } - return message; }), filter((message) => !!message), @@ -261,20 +247,14 @@ export class Fido2Component implements OnInit, OnDestroy { protected async saveNewLogin() { const data = this.message$.value; if (data?.type === "ConfirmNewCredentialRequest") { - let userVerified = false; - if (data.userVerification) { - userVerified = await this.passwordRepromptService.showPasswordPrompt(); - } - - if (!data.userVerification || userVerified) { - await this.createNewCipher(); - } + await this.createNewCipher(); + // We are bypassing user verification pending implementation of PIN and biometric support. this.send({ sessionId: this.sessionId, cipherId: this.cipher?.id, type: "ConfirmNewCredentialResponse", - userVerified, + userVerified: data.userVerification, }); } @@ -386,17 +366,17 @@ export class Fido2Component implements OnInit, OnDestroy { } private async handleUserVerification( - userVerification: boolean, + userVerificationRequested: boolean, cipher: CipherView ): Promise { - const masterPasswordRepromptRequiered = cipher && cipher.reprompt !== 0; - const verificationRequired = userVerification || masterPasswordRepromptRequiered; + const masterPasswordRepromptRequired = cipher && cipher.reprompt !== 0; - if (!verificationRequired) { - return false; + if (masterPasswordRepromptRequired) { + return await this.passwordRepromptService.showPasswordPrompt(); } - return await this.passwordRepromptService.showPasswordPrompt(); + // We are bypassing user verification pending implementation of PIN and biometric support. + return userVerificationRequested; } private send(msg: BrowserFido2Message) { diff --git a/libs/common/src/vault/services/fido2/fido2-client.service.ts b/libs/common/src/vault/services/fido2/fido2-client.service.ts index 1349514fd0..0d113d5d45 100644 --- a/libs/common/src/vault/services/fido2/fido2-client.service.ts +++ b/libs/common/src/vault/services/fido2/fido2-client.service.ts @@ -365,6 +365,7 @@ function mapToMakeCredentialParams({ const requireUserVerification = params.authenticatorSelection?.userVerification === "required" || + params.authenticatorSelection?.userVerification === "preferred" || params.authenticatorSelection?.userVerification === undefined; return { @@ -403,7 +404,9 @@ function mapToGetAssertionParams({ })); const requireUserVerification = - params.userVerification === "required" || params.userVerification === undefined; + params.userVerification === "required" || + params.userVerification === "preferred" || + params.userVerification === undefined; return { rpId: params.rpId,