From 807d907ccd02977e541a8b9abdd972b4b541d131 Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Wed, 15 May 2024 14:36:12 +0200 Subject: [PATCH] change where we transform UV --- .../src/platform/fido2/authenticator.rs | 29 ++++++++----------- crates/bitwarden/src/platform/fido2/types.rs | 12 +++++++- 2 files changed, 23 insertions(+), 18 deletions(-) diff --git a/crates/bitwarden/src/platform/fido2/authenticator.rs b/crates/bitwarden/src/platform/fido2/authenticator.rs index b65f93224..4b8761f87 100644 --- a/crates/bitwarden/src/platform/fido2/authenticator.rs +++ b/crates/bitwarden/src/platform/fido2/authenticator.rs @@ -12,7 +12,7 @@ use passkey::{ use super::{ crypto::attested_credential_data_into_iter, types::*, CheckUserOptions, CipherViewContainer, - Fido2CredentialStore, Fido2UserInterface, SelectedCredential, Verification, AAGUID, + Fido2CredentialStore, Fido2UserInterface, SelectedCredential, AAGUID, }; use crate::{ error::{require, Error, Result}, @@ -42,6 +42,14 @@ impl<'a> Fido2Authenticator<'a> { .expect("Mutex is not poisoned") .replace(request.options.uv); + let verification_enabled = self.user_interface.is_verification_enabled().await; + let uv = match (request.options.uv, verification_enabled) { + (UV::Preferred, true) => true, + (UV::Preferred, false) => false, + (UV::Required, _) => true, + (UV::Discouraged, _) => false, + }; + let response = authenticator .make_credential(ctap2::make_credential::Request { client_data_hash: request.client_data_hash.into(), @@ -70,7 +78,7 @@ impl<'a> Fido2Authenticator<'a> { options: passkey::types::ctap2::make_credential::Options { rk: request.options.rk, up: true, - uv: request.options.uv != UV::Discouraged, + uv, }, pin_auth: None, pin_protocol: None, @@ -398,13 +406,7 @@ impl passkey::authenticator::UserValidationMethod for UserValidationMethodImpl<' // make_credential Should we validate that it matches with what we stored? _verification: bool, ) -> Result { - let verification_enabled = self - .authenticator - .user_interface - .is_verification_enabled() - .await; - - let selected_uv = self + let verification = self .authenticator .selected_uv .lock() @@ -412,16 +414,9 @@ impl passkey::authenticator::UserValidationMethod for UserValidationMethodImpl<' .take() .ok_or(Ctap2Error::UserVerificationInvalid)?; - let require_verification = match (selected_uv, verification_enabled) { - (UV::Preferred, true) => Verification::Required, - (UV::Preferred, false) => Verification::Discouraged, - (UV::Required, _) => Verification::Required, - (UV::Discouraged, _) => Verification::Discouraged, - }; - let options = CheckUserOptions { require_presence: presence, - require_verification, + require_verification: verification.into(), }; let result = self diff --git a/crates/bitwarden/src/platform/fido2/types.rs b/crates/bitwarden/src/platform/fido2/types.rs index e79fb9c8e..b9cd51015 100644 --- a/crates/bitwarden/src/platform/fido2/types.rs +++ b/crates/bitwarden/src/platform/fido2/types.rs @@ -1,6 +1,6 @@ use serde::Serialize; -use super::{get_enum_from_string_name, SelectedCredential}; +use super::{get_enum_from_string_name, SelectedCredential, Verification}; #[cfg_attr(feature = "mobile", derive(uniffi::Record))] pub struct PublicKeyCredentialRpEntity { @@ -101,6 +101,16 @@ pub enum UV { Required, } +impl From for Verification { + fn from(value: UV) -> Self { + match value { + UV::Discouraged => Verification::Discouraged, + UV::Preferred => Verification::Preferred, + UV::Required => Verification::Required, + } + } +} + #[cfg_attr(feature = "mobile", derive(uniffi::Record))] pub struct GetAssertionResult { pub credential_id: Vec,