[PM-4882] Passkeys: funnel rp name or id to the cipher name on save (#7969)

* funnel rp name or id to the cipher name on save * remove comment * add rp name and id to addCipher function --------- Co-authored-by: Merissa Weinstein <merissaweinstein@merissas-mbp-2.lan>
2024-11-21 11:35:34 +01:00 · 2024-03-06 11:30:12 -06:00 · 2024-03-06 11:30:12 -06:00 · 5dcc035245
commit 5dcc035245
parent 51f482dde9
5 changed files with 16 additions and 7 deletions
--- a/apps/browser/src/vault/fido2/browser-fido2-user-interface.service.ts
+++ b/apps/browser/src/vault/fido2/browser-fido2-user-interface.service.ts
@ -67,6 +67,7 @@ export type BrowserFido2Message = { sessionId: string } & (
      userName: string;
      userVerification: boolean;
      fallbackSupported: boolean;
+      rpId: string;
    }
  | {
      type: "ConfirmNewCredentialResponse";
@ -242,6 +243,7 @@ export class BrowserFido2UserInterfaceSession implements Fido2UserInterfaceSessi
    credentialName,
    userName,
    userVerification,
+    rpId,
  }: NewCredentialParams): Promise<{ cipherId: string; userVerified: boolean }> {
    const data: BrowserFido2Message = {
      type: "ConfirmNewCredentialRequest",
@ -250,6 +252,7 @@ export class BrowserFido2UserInterfaceSession implements Fido2UserInterfaceSessi
      userName,
      userVerification,
      fallbackSupported: this.fallbackSupported,
+      rpId,
    };

    await this.send(data);
--- a/apps/browser/src/vault/popup/components/fido2/fido2.component.ts
+++ b/apps/browser/src/vault/popup/components/fido2/fido2.component.ts
@ -16,7 +16,6 @@ import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { SettingsService } from "@bitwarden/common/abstractions/settings.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { SecureNoteType, CipherType } from "@bitwarden/common/vault/enums";
 import { CipherRepromptType } from "@bitwarden/common/vault/enums/cipher-reprompt-type";
@ -245,7 +244,8 @@ export class Fido2Component implements OnInit, OnDestroy {
  protected async saveNewLogin() {
    const data = this.message$.value;
    if (data?.type === "ConfirmNewCredentialRequest") {
-      await this.createNewCipher();
+      const name = data.credentialName || data.rpId;
+      await this.createNewCipher(name);

      // We are bypassing user verification pending implementation of PIN and biometric support.
      this.send({
@ -296,7 +296,7 @@ export class Fido2Component implements OnInit, OnDestroy {
    // eslint-disable-next-line @typescript-eslint/no-floating-promises
    this.router.navigate(["/add-cipher"], {
      queryParams: {
-        name: Utils.getHostname(this.url),
+        name: data.credentialName || data.rpId,
        uri: this.url,
        uilocation: "popout",
        senderTabId: this.senderTabId,
@ -344,9 +344,9 @@ export class Fido2Component implements OnInit, OnDestroy {
    this.destroy$.complete();
  }

-  private buildCipher() {
+  private buildCipher(name: string) {
    this.cipher = new CipherView();
-    this.cipher.name = Utils.getHostname(this.url);
+    this.cipher.name = name;
    this.cipher.type = CipherType.Login;
    this.cipher.login = new LoginView();
    this.cipher.login.uris = [new LoginUriView()];
@ -358,8 +358,8 @@ export class Fido2Component implements OnInit, OnDestroy {
    this.cipher.reprompt = CipherRepromptType.None;
  }

-  private async createNewCipher() {
-    this.buildCipher();
+  private async createNewCipher(name: string) {
+    this.buildCipher(name);
    const cipher = await this.cipherService.encrypt(this.cipher);
    try {
      await this.cipherService.createWithServer(cipher);
--- a/libs/common/src/vault/abstractions/fido2/fido2-user-interface.service.abstraction.ts
+++ b/libs/common/src/vault/abstractions/fido2/fido2-user-interface.service.abstraction.ts
@ -16,6 +16,10 @@ export interface NewCredentialParams {
   * Whether or not the user must be verified before completing the operation.
   */
  userVerification: boolean;
+  /**
+   * The relying party ID is usually the URL
+   */
+  rpId: string;
 }

 /**
--- a/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts
+++ b/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts
@ -216,6 +216,7 @@ describe("FidoAuthenticatorService", () => {
            credentialName: params.rpEntity.name,
            userName: params.userEntity.displayName,
            userVerification,
+            rpId: params.rpEntity.id,
          } as NewCredentialParams);
        });
      }
--- a/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts
+++ b/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts
@ -113,6 +113,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
        credentialName: params.rpEntity.name,
        userName: params.userEntity.displayName,
        userVerification: params.requireUserVerification,
+        rpId: params.rpEntity.id,
      });
      const cipherId = response.cipherId;
      userVerified = response.userVerified;