From b2e6dc5fda05bb13110683d2ee71f58d6c77ef72 Mon Sep 17 00:00:00 2001 From: varjolintu Date: Thu, 23 Nov 2023 16:30:22 +0200 Subject: [PATCH] Passkeys: Add Resident Key error --- share/translations/keepassxc_en.ts | 28 +++++++++++++++++++++++++++ src/browser/BrowserMessageBuilder.cpp | 14 ++++++++++++++ src/browser/BrowserMessageBuilder.h | 3 ++- src/browser/BrowserService.cpp | 8 +++++++- 4 files changed, 51 insertions(+), 2 deletions(-) diff --git a/share/translations/keepassxc_en.ts b/share/translations/keepassxc_en.ts index 14a24c01d..33dfbd1ad 100644 --- a/share/translations/keepassxc_en.ts +++ b/share/translations/keepassxc_en.ts @@ -8251,6 +8251,34 @@ Kernel: %3 %4 Passkeys + + Attestation not supported + + + + Credential is excluded + + + + Passkeys request canceled + + + + Invalid user verification + + + + Empty public key + + + + Invalid URL provided + + + + Resident Keys are not supported + + QtIOCompressor diff --git a/src/browser/BrowserMessageBuilder.cpp b/src/browser/BrowserMessageBuilder.cpp index 583b9f33e..bbae928d2 100644 --- a/src/browser/BrowserMessageBuilder.cpp +++ b/src/browser/BrowserMessageBuilder.cpp @@ -128,6 +128,20 @@ QString BrowserMessageBuilder::getErrorMessage(const int errorCode) const return QObject::tr("No valid UUID provided"); case ERROR_KEEPASS_ACCESS_TO_ALL_ENTRIES_DENIED: return QObject::tr("Access to all entries is denied"); + case ERROR_PASSKEYS_ATTESTATION_NOT_SUPPORTED: + return QObject::tr("Attestation not supported"); + case ERROR_PASSKEYS_CREDENTIAL_IS_EXCLUDED: + return QObject::tr("Credential is excluded"); + case ERROR_PASSKEYS_REQUEST_CANCELED: + return QObject::tr("Passkeys request canceled"); + case ERROR_PASSKEYS_INVALID_USER_VERIFICATION: + return QObject::tr("Invalid user verification"); + case ERROR_PASSKEYS_EMPTY_PUBLIC_KEY: + return QObject::tr("Empty public key"); + case ERROR_PASSKEYS_INVALID_URL_PROVIDED: + return QObject::tr("Invalid URL provided"); + case ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED: + return QObject::tr("Resident Keys are not supported"); default: return QObject::tr("Unknown error"); } diff --git a/src/browser/BrowserMessageBuilder.h b/src/browser/BrowserMessageBuilder.h index b9e172380..9b6474d19 100644 --- a/src/browser/BrowserMessageBuilder.h +++ b/src/browser/BrowserMessageBuilder.h @@ -54,7 +54,8 @@ namespace ERROR_PASSKEYS_REQUEST_CANCELED = 22, ERROR_PASSKEYS_INVALID_USER_VERIFICATION = 23, ERROR_PASSKEYS_EMPTY_PUBLIC_KEY = 24, - ERROR_PASSKEYS_INVALID_URL_PROVIDED = 25 + ERROR_PASSKEYS_INVALID_URL_PROVIDED = 25, + ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED = 26, }; } diff --git a/src/browser/BrowserService.cpp b/src/browser/BrowserService.cpp index 616a55a3a..6903eceef 100644 --- a/src/browser/BrowserService.cpp +++ b/src/browser/BrowserService.cpp @@ -628,13 +628,19 @@ QJsonObject BrowserService::showPasskeysRegisterPrompt(const QJsonObject& public const auto excludeCredentials = publicKey["excludeCredentials"].toArray(); const auto attestation = publicKey["attestation"].toString(); + // Check Resident Key requirement + const auto authenticatorSelection = publicKey["authenticatorSelection"].toObject(); + const auto requireResidentKey = authenticatorSelection["requireResidentKey"].toBool(); + if (requireResidentKey) { + return getPasskeyError(ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED); + } + // Only support these two for now if (attestation != BrowserPasskeys::PASSKEYS_ATTESTATION_NONE && attestation != BrowserPasskeys::PASSKEYS_ATTESTATION_DIRECT) { return getPasskeyError(ERROR_PASSKEYS_ATTESTATION_NOT_SUPPORTED); } - const auto authenticatorSelection = publicKey["authenticatorSelection"].toObject(); const auto userVerification = authenticatorSelection["userVerification"].toString(); if (!browserPasskeys()->isUserVerificationValid(userVerification)) { return getPasskeyError(ERROR_PASSKEYS_INVALID_USER_VERIFICATION);