[PM-5731] feat: add support for counter

2025-02-17 01:21:25 +01:00 · 2024-01-22 13:26:19 +01:00 · 2024-01-22 13:26:19 +01:00 · d0e0f0ecdb
commit d0e0f0ecdb
parent ad80defa40
4 changed files with 114 additions and 10 deletions
--- a/src/Core/Models/View/Fido2CredentialView.cs
+++ b/src/Core/Models/View/Fido2CredentialView.cs
@ -27,6 +27,11 @@ namespace Bit.Core.Models.View
        public string Counter { get; set; }
        public DateTime CreationDate { get; set; }

+        public int CounterValue {
+            get => int.TryParse(Counter, out var counter) ? counter : 0;
+            set => Counter = value.ToString();
+        }
+
        public override string SubTitle => UserName;
        public override List<KeyValuePair<string, LinkedIdType>> LinkedFieldOptions => new List<KeyValuePair<string, LinkedIdType>>();
        public bool IsDiscoverable => bool.TryParse(Discoverable, out var isDiscoverable) && isDiscoverable;
--- a/src/Core/Services/Fido2AuthenticatorService.cs
+++ b/src/Core/Services/Fido2AuthenticatorService.cs
@ -68,17 +68,27 @@ namespace Bit.Core.Services

                throw new NotAllowedError();
            }
-
-            // if (
-            //     !userVerified &&
-            //     (params.requireUserVerification || selectedCipher.reprompt !== CipherRepromptType.None)
-            // ) {
-            //     this.logService?.warning(
-            //     `[Fido2Authenticator] Aborting because user verification was unsuccessful.`,
-            //     );
-            //     throw new Fido2AuthenticatorError(Fido2AuthenticatorErrorCode.NotAllowed);
-            // }
            
+            try {
+                var selectedFido2Credential = selectedCipher.Login.MainFido2Credential;
+                var selectedCredentialId = selectedFido2Credential.CredentialId;
+
+                if (selectedFido2Credential.CounterValue != 0) {
+                    ++selectedFido2Credential.CounterValue;
+                }
+
+                var encrypted = await _cipherService.EncryptAsync(selectedCipher);
+                await _cipherService.SaveWithServerAsync(encrypted);
+
+                
+            } catch {
+                _logService.Info(
+                    "[Fido2Authenticator] Aborting because no matching credentials were found in the vault."
+                );
+
+                throw new UnknownError();
+            }
+
            // TODO: IMPLEMENT this
            return new Fido2AuthenticatorGetAssertionResult
            {
--- a/src/Core/Utilities/Fido2/Fido2AuthenticatorException.cs
+++ b/src/Core/Utilities/Fido2/Fido2AuthenticatorException.cs
@ -13,4 +13,11 @@ namespace Bit.Core.Utilities.Fido2
        {
        }
    }
+
+    public class UnknownError : Fido2AuthenticatorException
+    {
+        public UnknownError() : base("UnknownError")
+        {
+        }
+    }
 }
--- a/test/Core.Test/Services/Fido2AuthenticatorTests.cs
+++ b/test/Core.Test/Services/Fido2AuthenticatorTests.cs
@ -230,6 +230,88 @@ namespace Bit.Core.Test.Services

        #endregion

+        #region assertion of credential
+
+        [Theory]
+        [InlineCustomAutoData(new[] { typeof(SutProviderCustomization) })]
+        // Spec: Increment the credential associated signature counter
+        public async Task GetAssertionAsync_IncrementsCounter_CounterIsLargerThanZero(SutProvider<Fido2AuthenticatorService> sutProvider, Fido2AuthenticatorGetAssertionParams aParams, Cipher encryptedCipher) {
+            // Common Arrange
+            var cipherView = CreateCipherView(null, "bitwarden.com", true);
+            aParams.RpId = cipherView.Login.MainFido2Credential.RpId;
+            aParams.AllowCredentialDescriptorList = null;
+            sutProvider.GetDependency<ICipherService>().GetAllDecryptedAsync().Returns(new List<CipherView> { cipherView });
+            sutProvider.GetDependency<IFido2UserInterface>().PickCredentialAsync(Arg.Any<Fido2PickCredentialParams>()).Returns(new Fido2PickCredentialResult {
+                CipherId = cipherView.Id,
+                UserVerified = true
+            });
+
+            // Arrange
+            cipherView.Login.MainFido2Credential.CounterValue = 9000;
+            sutProvider.GetDependency<ICipherService>().EncryptAsync(cipherView).Returns(encryptedCipher);
+            
+            // Act
+            await sutProvider.Sut.GetAssertionAsync(aParams);
+
+            // Assert
+            await sutProvider.GetDependency<ICipherService>().Received().SaveWithServerAsync(encryptedCipher);
+            await sutProvider.GetDependency<ICipherService>().Received().EncryptAsync(Arg.Is<CipherView>(
+                (cipher) => cipher.Login.MainFido2Credential.CounterValue == 9001
+            ));
+        }
+
+        [Theory]
+        [InlineCustomAutoData(new[] { typeof(SutProviderCustomization) })]
+        // Spec: Increment the credential associated signature counter
+        public async Task GetAssertionAsync_DoesNotIncrementsCounter_CounterIsZero(SutProvider<Fido2AuthenticatorService> sutProvider, Fido2AuthenticatorGetAssertionParams aParams, Cipher encryptedCipher) {
+            // Common Arrange
+            var cipherView = CreateCipherView(null, "bitwarden.com", true);
+            aParams.RpId = cipherView.Login.MainFido2Credential.RpId;
+            aParams.AllowCredentialDescriptorList = null;
+            sutProvider.GetDependency<ICipherService>().GetAllDecryptedAsync().Returns(new List<CipherView> { cipherView });
+            sutProvider.GetDependency<IFido2UserInterface>().PickCredentialAsync(Arg.Any<Fido2PickCredentialParams>()).Returns(new Fido2PickCredentialResult {
+                CipherId = cipherView.Id,
+                UserVerified = true
+            });
+
+            // Arrange
+            cipherView.Login.MainFido2Credential.CounterValue = 0;
+            sutProvider.GetDependency<ICipherService>().EncryptAsync(cipherView).Returns(encryptedCipher);
+            
+            // Act
+            await sutProvider.Sut.GetAssertionAsync(aParams);
+
+            // Assert
+            await sutProvider.GetDependency<ICipherService>().Received().SaveWithServerAsync(encryptedCipher);
+            await sutProvider.GetDependency<ICipherService>().Received().EncryptAsync(Arg.Is<CipherView>(
+                (cipher) => cipher.Login.MainFido2Credential.CounterValue == 0
+            ));
+        }
+
+        [Theory]
+        [InlineCustomAutoData(new[] { typeof(SutProviderCustomization) })]
+        // Spec: Increment the credential associated signature counter
+        public async Task GetAssertionAsync_ThrowsUnknownError_SaveFails(SutProvider<Fido2AuthenticatorService> sutProvider, Fido2AuthenticatorGetAssertionParams aParams, Cipher encryptedCipher) {
+            // Common Arrange
+            var cipherView = CreateCipherView(null, "bitwarden.com", true);
+            aParams.RpId = cipherView.Login.MainFido2Credential.RpId;
+            aParams.AllowCredentialDescriptorList = null;
+            sutProvider.GetDependency<ICipherService>().GetAllDecryptedAsync().Returns(new List<CipherView> { cipherView });
+            sutProvider.GetDependency<IFido2UserInterface>().PickCredentialAsync(Arg.Any<Fido2PickCredentialParams>()).Returns(new Fido2PickCredentialResult {
+                CipherId = cipherView.Id,
+                UserVerified = true
+            });
+
+            // Arrange
+            cipherView.Login.MainFido2Credential.CounterValue = 0;
+            sutProvider.GetDependency<ICipherService>().SaveWithServerAsync(Arg.Any<Cipher>()).Throws(new Exception());
+
+            // Act & Assert
+            await Assert.ThrowsAsync<UnknownError>(() => sutProvider.Sut.GetAssertionAsync(aParams));
+        }
+
+        #endregion
+
        private byte[] RandomBytes(int length)
        {
            var bytes = new byte[length];