Passkeys: Do not ask update with a new user handle

2025-02-05 01:15:33 -05:00 · 2024-03-12 20:21:11 +02:00 · 2024-03-12 20:21:11 +02:00 · 8a4787278d
commit 8a4787278d
parent 9329df2b48
2 changed files with 22 additions and 4 deletions
--- a/src/browser/BrowserService.cpp
+++ b/src/browser/BrowserService.cpp
@ -633,12 +633,15 @@ QJsonObject BrowserService::showPasskeysRegisterPrompt(const QJsonObject& public
    const auto rpId = publicKeyOptions["rp"]["id"].toString();
    const auto timeout = publicKeyOptions["timeout"].toInt();
    const auto username = credentialCreationOptions["user"].toObject()["name"].toString();
    const auto user = credentialCreationOptions["user"].toObject();
    const auto userId = user["id"].toString();
    // Parse excludeCredentialDescriptorList
    if (!excludeCredentials.isEmpty() && isPasskeyCredentialExcluded(excludeCredentials, rpId, keyList)) {
        return getPasskeyError(ERROR_PASSKEYS_CREDENTIAL_IS_EXCLUDED);
    }
-    const auto existingEntries = getPasskeyEntries(rpId, keyList);
+
    const auto existingEntries = getPasskeyEntriesWithUserHandle(rpId, userId, keyList);
    raiseWindow();
    BrowserPasskeysConfirmationDialog confirmDialog;
@ -654,9 +657,6 @@ QJsonObject BrowserService::showPasskeysRegisterPrompt(const QJsonObject& public
        }
        const auto rpName = publicKeyOptions["rp"]["name"].toString();
        const auto user = credentialCreationOptions["user"].toObject();
        const auto userId = user["id"].toString();
        if (confirmDialog.isPasskeyUpdated()) {
            addPasskeyToEntry(confirmDialog.getSelectedEntry(),
                              rpId,
@ -1347,6 +1347,22 @@ QList<Entry*> BrowserService::getPasskeyEntries(const QString& rpId, const Strin
    return entries;
 }
 // Returns all Passkey entries for the current Relying Party and identical user handle
 QList<Entry*> BrowserService::getPasskeyEntriesWithUserHandle(const QString& rpId,
                                                              const QString& userId,
                                                              const StringPairList& keyList)
 {
    QList<Entry*> entries;
    for (const auto& entry : searchEntries(rpId, "", keyList, true)) {
        if (entry->hasPasskey() && entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_RELYING_PARTY) == rpId
            && entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_USER_HANDLE) == userId) {
            entries << entry;
        }
    }
    return entries;
 }
 // Get all entries for the site that are allowed by the server
 QList<Entry*> BrowserService::getPasskeyAllowedEntries(const QJsonObject& assertionOptions,
                                                       const QString& rpId,
--- a/src/browser/BrowserService.h
+++ b/src/browser/BrowserService.h
@ -184,6 +184,8 @@ private:
 #ifdef WITH_XC_BROWSER_PASSKEYS
    QList<Entry*> getPasskeyEntries(const QString& rpId, const StringPairList& keyList);
    QList<Entry*>
    getPasskeyEntriesWithUserHandle(const QString& rpId, const QString& userId, const StringPairList& keyList);
    QList<Entry*>
    getPasskeyAllowedEntries(const QJsonObject& assertionOptions, const QString& rpId, const StringPairList& keyList);
    bool isPasskeyCredentialExcluded(const QJsonArray& excludeCredentials,
                                     const QString& rpId,