From 564bb03038137033e75b5a580507058b7cb85343 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Thu, 23 Nov 2023 10:30:16 +0100 Subject: [PATCH] [PM-4881]: Added userName to fido2credential (#6922) * [PM-4881]: Added userName to fido2credential * added user.name as input params * Fixed some type errors --- apps/browser/src/vault/fido2/webauthn-utils.ts | 1 + libs/common/src/models/export/fido2-credential.export.ts | 6 ++++++ .../abstractions/fido2/fido2-client.service.abstraction.ts | 1 + libs/common/src/vault/api/fido2-credential.api.ts | 2 ++ libs/common/src/vault/models/data/fido2-credential.data.ts | 2 ++ .../src/vault/models/domain/fido2-credential.spec.ts | 7 +++++++ libs/common/src/vault/models/domain/fido2-credential.ts | 6 ++++++ libs/common/src/vault/models/domain/login.spec.ts | 4 ++++ libs/common/src/vault/models/request/cipher.request.ts | 1 + libs/common/src/vault/models/view/fido2-credential.view.ts | 1 + libs/common/src/vault/services/cipher.service.ts | 1 + .../services/fido2/fido2-authenticator.service.spec.ts | 2 ++ .../vault/services/fido2/fido2-authenticator.service.ts | 1 + .../src/vault/services/fido2/fido2-client.service.spec.ts | 6 ++++-- .../src/vault/services/fido2/fido2-client.service.ts | 1 + 15 files changed, 40 insertions(+), 2 deletions(-) diff --git a/apps/browser/src/vault/fido2/webauthn-utils.ts b/apps/browser/src/vault/fido2/webauthn-utils.ts index 2422736077..b747825e9c 100644 --- a/apps/browser/src/vault/fido2/webauthn-utils.ts +++ b/apps/browser/src/vault/fido2/webauthn-utils.ts @@ -45,6 +45,7 @@ export class WebauthnUtils { user: { id: Fido2Utils.bufferToString(keyOptions.user.id), displayName: keyOptions.user.displayName, + name: keyOptions.user.name, }, timeout: keyOptions.timeout, sameOriginWithAncestors, diff --git a/libs/common/src/models/export/fido2-credential.export.ts b/libs/common/src/models/export/fido2-credential.export.ts index 258699c8da..d41b7d67c9 100644 --- a/libs/common/src/models/export/fido2-credential.export.ts +++ b/libs/common/src/models/export/fido2-credential.export.ts @@ -19,6 +19,7 @@ export class Fido2CredentialExport { req.keyValue = "keyValue"; req.rpId = "rpId"; req.userHandle = "userHandle"; + req.userName = "userName"; req.counter = "counter"; req.rpName = "rpName"; req.userDisplayName = "userDisplayName"; @@ -41,6 +42,7 @@ export class Fido2CredentialExport { view.keyValue = req.keyValue; view.rpId = req.rpId; view.userHandle = req.userHandle; + view.userName = req.userName; view.counter = parseInt(req.counter); view.rpName = req.rpName; view.userDisplayName = req.userDisplayName; @@ -63,6 +65,7 @@ export class Fido2CredentialExport { domain.keyValue = req.keyValue != null ? new EncString(req.keyValue) : null; domain.rpId = req.rpId != null ? new EncString(req.rpId) : null; domain.userHandle = req.userHandle != null ? new EncString(req.userHandle) : null; + domain.userName = req.userName != null ? new EncString(req.userName) : null; domain.counter = req.counter != null ? new EncString(req.counter) : null; domain.rpName = req.rpName != null ? new EncString(req.rpName) : null; domain.userDisplayName = @@ -79,6 +82,7 @@ export class Fido2CredentialExport { keyValue: string; rpId: string; userHandle: string; + userName: string; counter: string; rpName: string; userDisplayName: string; @@ -103,6 +107,7 @@ export class Fido2CredentialExport { this.keyValue = o.keyValue; this.rpId = o.rpId; this.userHandle = o.userHandle; + this.userName = o.userName; this.counter = String(o.counter); this.rpName = o.rpName; this.userDisplayName = o.userDisplayName; @@ -115,6 +120,7 @@ export class Fido2CredentialExport { this.keyValue = o.keyValue?.encryptedString; this.rpId = o.rpId?.encryptedString; this.userHandle = o.userHandle?.encryptedString; + this.userName = o.userName?.encryptedString; this.counter = o.counter?.encryptedString; this.rpName = o.rpName?.encryptedString; this.userDisplayName = o.userDisplayName?.encryptedString; diff --git a/libs/common/src/vault/abstractions/fido2/fido2-client.service.abstraction.ts b/libs/common/src/vault/abstractions/fido2/fido2-client.service.abstraction.ts index fca73c8d99..9bb346ccc5 100644 --- a/libs/common/src/vault/abstractions/fido2/fido2-client.service.abstraction.ts +++ b/libs/common/src/vault/abstractions/fido2/fido2-client.service.abstraction.ts @@ -103,6 +103,7 @@ export interface CreateCredentialParams { user: { id: string; // b64 encoded displayName: string; + name: string; }; /** Forwarded to user interface */ fallbackSupported: boolean; diff --git a/libs/common/src/vault/api/fido2-credential.api.ts b/libs/common/src/vault/api/fido2-credential.api.ts index bfe32fc9b5..4a836d4d83 100644 --- a/libs/common/src/vault/api/fido2-credential.api.ts +++ b/libs/common/src/vault/api/fido2-credential.api.ts @@ -8,6 +8,7 @@ export class Fido2CredentialApi extends BaseResponse { keyValue: string; rpId: string; userHandle: string; + userName: string; counter: string; rpName: string; userDisplayName: string; @@ -27,6 +28,7 @@ export class Fido2CredentialApi extends BaseResponse { this.keyValue = this.getResponseProperty("keyValue"); this.rpId = this.getResponseProperty("RpId"); this.userHandle = this.getResponseProperty("UserHandle"); + this.userName = this.getResponseProperty("UserName"); this.counter = this.getResponseProperty("Counter"); this.rpName = this.getResponseProperty("RpName"); this.userDisplayName = this.getResponseProperty("UserDisplayName"); diff --git a/libs/common/src/vault/models/data/fido2-credential.data.ts b/libs/common/src/vault/models/data/fido2-credential.data.ts index 8f5160d91b..0ba13682b9 100644 --- a/libs/common/src/vault/models/data/fido2-credential.data.ts +++ b/libs/common/src/vault/models/data/fido2-credential.data.ts @@ -8,6 +8,7 @@ export class Fido2CredentialData { keyValue: string; rpId: string; userHandle: string; + userName: string; counter: string; rpName: string; userDisplayName: string; @@ -26,6 +27,7 @@ export class Fido2CredentialData { this.keyValue = data.keyValue; this.rpId = data.rpId; this.userHandle = data.userHandle; + this.userName = data.userName; this.counter = data.counter; this.rpName = data.rpName; this.userDisplayName = data.userDisplayName; diff --git a/libs/common/src/vault/models/domain/fido2-credential.spec.ts b/libs/common/src/vault/models/domain/fido2-credential.spec.ts index 0b2b76a19c..9705862460 100644 --- a/libs/common/src/vault/models/domain/fido2-credential.spec.ts +++ b/libs/common/src/vault/models/domain/fido2-credential.spec.ts @@ -25,6 +25,7 @@ describe("Fido2Credential", () => { keyValue: null, rpId: null, userHandle: null, + userName: null, rpName: null, userDisplayName: null, counter: null, @@ -42,6 +43,7 @@ describe("Fido2Credential", () => { keyValue: "keyValue", rpId: "rpId", userHandle: "userHandle", + userName: "userName", counter: "counter", rpName: "rpName", userDisplayName: "userDisplayName", @@ -58,6 +60,7 @@ describe("Fido2Credential", () => { keyValue: { encryptedString: "keyValue", encryptionType: 0 }, rpId: { encryptedString: "rpId", encryptionType: 0 }, userHandle: { encryptedString: "userHandle", encryptionType: 0 }, + userName: { encryptedString: "userName", encryptionType: 0 }, counter: { encryptedString: "counter", encryptionType: 0 }, rpName: { encryptedString: "rpName", encryptionType: 0 }, userDisplayName: { encryptedString: "userDisplayName", encryptionType: 0 }, @@ -85,6 +88,7 @@ describe("Fido2Credential", () => { credential.keyValue = mockEnc("keyValue"); credential.rpId = mockEnc("rpId"); credential.userHandle = mockEnc("userHandle"); + credential.userName = mockEnc("userName"); credential.counter = mockEnc("2"); credential.rpName = mockEnc("rpName"); credential.userDisplayName = mockEnc("userDisplayName"); @@ -101,6 +105,7 @@ describe("Fido2Credential", () => { keyValue: "keyValue", rpId: "rpId", userHandle: "userHandle", + userName: "userName", rpName: "rpName", userDisplayName: "userDisplayName", counter: 2, @@ -120,6 +125,7 @@ describe("Fido2Credential", () => { keyValue: "keyValue", rpId: "rpId", userHandle: "userHandle", + userName: "userName", counter: "2", rpName: "rpName", userDisplayName: "userDisplayName", @@ -144,6 +150,7 @@ describe("Fido2Credential", () => { credential.keyValue = createEncryptedEncString("keyValue"); credential.rpId = createEncryptedEncString("rpId"); credential.userHandle = createEncryptedEncString("userHandle"); + credential.userName = createEncryptedEncString("userName"); credential.counter = createEncryptedEncString("2"); credential.rpName = createEncryptedEncString("rpName"); credential.userDisplayName = createEncryptedEncString("userDisplayName"); diff --git a/libs/common/src/vault/models/domain/fido2-credential.ts b/libs/common/src/vault/models/domain/fido2-credential.ts index 84f075458a..f8f006af79 100644 --- a/libs/common/src/vault/models/domain/fido2-credential.ts +++ b/libs/common/src/vault/models/domain/fido2-credential.ts @@ -14,6 +14,7 @@ export class Fido2Credential extends Domain { keyValue: EncString; rpId: EncString; userHandle: EncString; + userName: EncString; counter: EncString; rpName: EncString; userDisplayName: EncString; @@ -37,6 +38,7 @@ export class Fido2Credential extends Domain { keyValue: null, rpId: null, userHandle: null, + userName: null, counter: null, rpName: null, userDisplayName: null, @@ -58,6 +60,7 @@ export class Fido2Credential extends Domain { keyValue: null, rpId: null, userHandle: null, + userName: null, rpName: null, userDisplayName: null, discoverable: null, @@ -102,6 +105,7 @@ export class Fido2Credential extends Domain { keyValue: null, rpId: null, userHandle: null, + userName: null, counter: null, rpName: null, userDisplayName: null, @@ -122,6 +126,7 @@ export class Fido2Credential extends Domain { const keyValue = EncString.fromJSON(obj.keyValue); const rpId = EncString.fromJSON(obj.rpId); const userHandle = EncString.fromJSON(obj.userHandle); + const userName = EncString.fromJSON(obj.userName); const counter = EncString.fromJSON(obj.counter); const rpName = EncString.fromJSON(obj.rpName); const userDisplayName = EncString.fromJSON(obj.userDisplayName); @@ -136,6 +141,7 @@ export class Fido2Credential extends Domain { keyValue, rpId, userHandle, + userName, counter, rpName, userDisplayName, diff --git a/libs/common/src/vault/models/domain/login.spec.ts b/libs/common/src/vault/models/domain/login.spec.ts index d0b24d8c17..b4b5065272 100644 --- a/libs/common/src/vault/models/domain/login.spec.ts +++ b/libs/common/src/vault/models/domain/login.spec.ts @@ -135,6 +135,7 @@ describe("Login DTO", () => { keyValue: "keyValue" as EncryptedString, rpId: "rpId" as EncryptedString, userHandle: "userHandle" as EncryptedString, + userName: "userName" as EncryptedString, counter: "counter" as EncryptedString, rpName: "rpName" as EncryptedString, userDisplayName: "userDisplayName" as EncryptedString, @@ -159,6 +160,7 @@ describe("Login DTO", () => { keyValue: "keyValue_fromJSON", rpId: "rpId_fromJSON", userHandle: "userHandle_fromJSON", + userName: "userName_fromJSON", counter: "counter_fromJSON", rpName: "rpName_fromJSON", userDisplayName: "userDisplayName_fromJSON", @@ -185,6 +187,7 @@ function initializeFido2Credential(key: T): T { key.keyValue = "keyValue"; key.rpId = "rpId"; key.userHandle = "userHandle"; + key.userName = "userName"; key.counter = "counter"; key.rpName = "rpName"; key.userDisplayName = "userDisplayName"; @@ -202,6 +205,7 @@ function encryptFido2Credential(key: Fido2CredentialLike): Fido2Credential { encrypted.keyValue = { encryptedString: key.keyValue, encryptionType: 0 } as EncString; encrypted.rpId = { encryptedString: key.rpId, encryptionType: 0 } as EncString; encrypted.userHandle = { encryptedString: key.userHandle, encryptionType: 0 } as EncString; + encrypted.userName = { encryptedString: key.userName, encryptionType: 0 } as EncString; encrypted.counter = { encryptedString: key.counter, encryptionType: 0 } as EncString; encrypted.rpName = { encryptedString: key.rpName, encryptionType: 0 } as EncString; encrypted.userDisplayName = { diff --git a/libs/common/src/vault/models/request/cipher.request.ts b/libs/common/src/vault/models/request/cipher.request.ts index 949d36ab05..4fabd57d4a 100644 --- a/libs/common/src/vault/models/request/cipher.request.ts +++ b/libs/common/src/vault/models/request/cipher.request.ts @@ -81,6 +81,7 @@ export class CipherRequest { keyApi.rpName = key.rpName != null ? key.rpName.encryptedString : null; keyApi.counter = key.counter != null ? key.counter.encryptedString : null; keyApi.userHandle = key.userHandle != null ? key.userHandle.encryptedString : null; + keyApi.userName = key.userName != null ? key.userName.encryptedString : null; keyApi.userDisplayName = key.userDisplayName != null ? key.userDisplayName.encryptedString : null; keyApi.discoverable = diff --git a/libs/common/src/vault/models/view/fido2-credential.view.ts b/libs/common/src/vault/models/view/fido2-credential.view.ts index b6894e84ff..f07347f662 100644 --- a/libs/common/src/vault/models/view/fido2-credential.view.ts +++ b/libs/common/src/vault/models/view/fido2-credential.view.ts @@ -10,6 +10,7 @@ export class Fido2CredentialView extends ItemView { keyValue: string; rpId: string; userHandle: string; + userName: string; counter: number; rpName: string; userDisplayName: string; diff --git a/libs/common/src/vault/services/cipher.service.ts b/libs/common/src/vault/services/cipher.service.ts index 6f669555ae..d800d69982 100644 --- a/libs/common/src/vault/services/cipher.service.ts +++ b/libs/common/src/vault/services/cipher.service.ts @@ -1158,6 +1158,7 @@ export class CipherService implements CipherServiceAbstraction { rpId: null, rpName: null, userHandle: null, + userName: null, userDisplayName: null, origin: null, }, diff --git a/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts b/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts index 39a77152c7..0fbf96922b 100644 --- a/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts +++ b/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts @@ -247,6 +247,7 @@ describe("FidoAuthenticatorService", () => { rpId: params.rpEntity.id, rpName: params.rpEntity.name, userHandle: Fido2Utils.bufferToString(params.userEntity.id), + userName: params.userEntity.name, counter: 0, userDisplayName: params.userEntity.displayName, discoverable: false, @@ -796,6 +797,7 @@ function createCipherView( fido2CredentialView.counter = fido2Credential.counter ?? 0; fido2CredentialView.userHandle = fido2Credential.userHandle ?? Fido2Utils.bufferToString(randomBytes(16)); + fido2CredentialView.userName = fido2Credential.userName; fido2CredentialView.keyAlgorithm = fido2Credential.keyAlgorithm ?? "ECDSA"; fido2CredentialView.keyCurve = fido2Credential.keyCurve ?? "P-256"; fido2CredentialView.discoverable = fido2Credential.discoverable ?? true; diff --git a/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts b/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts index 292413b3bd..43b1c67f82 100644 --- a/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts +++ b/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts @@ -401,6 +401,7 @@ async function createKeyView( fido2Credential.keyValue = Fido2Utils.bufferToString(pkcs8Key); fido2Credential.rpId = params.rpEntity.id; fido2Credential.userHandle = Fido2Utils.bufferToString(params.userEntity.id); + fido2Credential.userName = params.userEntity.name; fido2Credential.counter = 0; fido2Credential.rpName = params.rpEntity.name; fido2Credential.userDisplayName = params.userEntity.displayName; diff --git a/libs/common/src/vault/services/fido2/fido2-client.service.spec.ts b/libs/common/src/vault/services/fido2/fido2-client.service.spec.ts index 46aa40c049..af845ac093 100644 --- a/libs/common/src/vault/services/fido2/fido2-client.service.spec.ts +++ b/libs/common/src/vault/services/fido2/fido2-client.service.spec.ts @@ -58,7 +58,7 @@ describe("FidoAuthenticatorService", () => { // Spec: If the length of options.user.id is not between 1 and 64 bytes (inclusive) then return a TypeError. it("should throw error if user.id is too small", async () => { - const params = createParams({ user: { id: "", displayName: "name" } }); + const params = createParams({ user: { id: "", displayName: "displayName", name: "name" } }); const result = async () => await client.createCredential(params, tab); @@ -70,7 +70,8 @@ describe("FidoAuthenticatorService", () => { const params = createParams({ user: { id: "YWJzb2x1dGVseS13YXktd2F5LXRvby1sYXJnZS1iYXNlNjQtZW5jb2RlZC11c2VyLWlkLWJpbmFyeS1zZXF1ZW5jZQ", - displayName: "name", + displayName: "displayName", + name: "name", }, }); @@ -261,6 +262,7 @@ describe("FidoAuthenticatorService", () => { user: params.user ?? { id: "YmFzZTY0LWVuY29kZWQtdXNlci1pZA", displayName: "User Name", + name: "name", }, fallbackSupported: params.fallbackSupported ?? false, timeout: params.timeout, diff --git a/libs/common/src/vault/services/fido2/fido2-client.service.ts b/libs/common/src/vault/services/fido2/fido2-client.service.ts index a810d0accd..e9eeef1980 100644 --- a/libs/common/src/vault/services/fido2/fido2-client.service.ts +++ b/libs/common/src/vault/services/fido2/fido2-client.service.ts @@ -395,6 +395,7 @@ function mapToMakeCredentialParams({ userEntity: { id: Fido2Utils.stringToBuffer(params.user.id), displayName: params.user.displayName, + name: params.user.name, }, fallbackSupported: params.fallbackSupported, };