From 5b6fb1659179264edcb02c9f29ca0890f1a159e8 Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kspearrin@users.noreply.github.com>
Date: Tue, 9 Nov 2021 11:36:41 -0500
Subject: [PATCH] remove callbackUri input for fixed mobile uri (#1282)

---
 src/connectors/webauthn.ts | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/src/connectors/webauthn.ts b/src/connectors/webauthn.ts
index 4f895fd792..31d0c706d6 100644
--- a/src/connectors/webauthn.ts
+++ b/src/connectors/webauthn.ts
@@ -11,7 +11,8 @@ let btnText: string = null;
 let btnReturnText: string = null;
 let parentUrl: string = null;
 let parentOrigin: string = null;
-let callbackUri: string = null;
+let mobileResponse = false;
+let mobileCallbackUri = 'bitwarden://webauthn-callback';
 let stopWebAuthn = false;
 let sentSuccess = false;
 let obj: any = null;
@@ -75,7 +76,14 @@ function parseParametersV1() {
 }
 
 function parseParametersV2() {
-    let dataObj: { data: any, headerText: string; btnText: string; btnReturnText: string; callbackUri?: string } = null;
+    let dataObj: {
+        data: any,
+        headerText: string;
+        btnText: string;
+        btnReturnText: string;
+        callbackUri?: string;
+        mobile?: boolean 
+    } = null;
     try {
         dataObj = JSON.parse(b64Decode(getQsParam('data')));
     }
@@ -84,7 +92,7 @@ function parseParametersV2() {
         return;
     }
 
-    callbackUri = dataObj.callbackUri;
+    mobileResponse = dataObj.callbackUri != null || dataObj.mobile === true;
     webauthnJson = dataObj.data;
     headerText = dataObj.headerText;
     btnText = dataObj.btnText;
@@ -115,7 +123,7 @@ function start() {
 
     stopWebAuthn = false;
 
-    if (callbackUri != null || (navigator.userAgent.indexOf(' Safari/') !== -1 && navigator.userAgent.indexOf('Chrome') === -1)) {
+    if (mobileResponse || (navigator.userAgent.indexOf(' Safari/') !== -1 && navigator.userAgent.indexOf('Chrome') === -1)) {
         // Safari and mobile chrome blocks non-user initiated WebAuthn requests.
     } else {
         executeWebAuthn();
@@ -148,9 +156,9 @@ function onMessage() {
 }
 
 function error(message: string) {
-    if (callbackUri) {
-        document.location.replace(callbackUri + '?error=' + encodeURIComponent(message));
-        returnButton(callbackUri + '?error=' + encodeURIComponent(message));
+    if (mobileResponse) {
+        document.location.replace(mobileCallbackUri + '?error=' + encodeURIComponent(message));
+        returnButton(mobileCallbackUri + '?error=' + encodeURIComponent(message));
     } else {
         parent.postMessage('error|' + message, parentUrl);
     }
@@ -163,9 +171,9 @@ function success(assertedCredential: PublicKeyCredential) {
 
     const dataString = buildDataString(assertedCredential);
 
-    if (callbackUri) {
-        document.location.replace(callbackUri + '?data=' + encodeURIComponent(dataString));
-        returnButton(callbackUri + '?data=' + encodeURIComponent(dataString));
+    if (mobileResponse) {
+        document.location.replace(mobileCallbackUri + '?data=' + encodeURIComponent(dataString));
+        returnButton(mobileCallbackUri + '?data=' + encodeURIComponent(dataString));
     } else {
         parent.postMessage('success|' + dataString, parentUrl);
         sentSuccess = true;
@@ -173,7 +181,7 @@ function success(assertedCredential: PublicKeyCredential) {
 }
 
 function info(message: string) {
-    if (callbackUri) {
+    if (mobileResponse) {
         return;
     }