[PM-4882] Passkeys: funnel rp name or id to the cipher name on save (#…

…7969) * funnel rp name or id to the cipher name on save * remove comment * add rp name and id to addCipher function --------- Co-authored-by: Merissa Weinstein <merissaweinstein@merissas-mbp-2.lan>
bitwarden · Mar 6, 2024 · 5dcc035 · 5dcc035
1 parent 51f482d
commit 5dcc035
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 7 deletions.
diff --git a/apps/browser/src/vault/fido2/browser-fido2-user-interface.service.ts b/apps/browser/src/vault/fido2/browser-fido2-user-interface.service.ts
@@ -67,6 +67,7 @@ export type BrowserFido2Message = { sessionId: string } & (
       userName: string;
       userVerification: boolean;
       fallbackSupported: boolean;
+      rpId: string;
     }
   | {
       type: "ConfirmNewCredentialResponse";
@@ -242,6 +243,7 @@ export class BrowserFido2UserInterfaceSession implements Fido2UserInterfaceSessi
     credentialName,
     userName,
     userVerification,
+    rpId,
   }: NewCredentialParams): Promise<{ cipherId: string; userVerified: boolean }> {
     const data: BrowserFido2Message = {
       type: "ConfirmNewCredentialRequest",
@@ -250,6 +252,7 @@ export class BrowserFido2UserInterfaceSession implements Fido2UserInterfaceSessi
       userName,
       userVerification,
       fallbackSupported: this.fallbackSupported,
+      rpId,
     };
 
     await this.send(data);

diff --git a/apps/browser/src/vault/popup/components/fido2/fido2.component.ts b/apps/browser/src/vault/popup/components/fido2/fido2.component.ts
@@ -16,7 +16,6 @@ import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { SettingsService } from "@bitwarden/common/abstractions/settings.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { SecureNoteType, CipherType } from "@bitwarden/common/vault/enums";
 import { CipherRepromptType } from "@bitwarden/common/vault/enums/cipher-reprompt-type";
@@ -245,7 +244,8 @@ export class Fido2Component implements OnInit, OnDestroy {
   protected async saveNewLogin() {
     const data = this.message$.value;
     if (data?.type === "ConfirmNewCredentialRequest") {
-      await this.createNewCipher();
+      const name = data.credentialName || data.rpId;
+      await this.createNewCipher(name);
 
       // We are bypassing user verification pending implementation of PIN and biometric support.
       this.send({
@@ -296,7 +296,7 @@ export class Fido2Component implements OnInit, OnDestroy {
     // eslint-disable-next-line @typescript-eslint/no-floating-promises
     this.router.navigate(["/add-cipher"], {
       queryParams: {
-        name: Utils.getHostname(this.url),
+        name: data.credentialName || data.rpId,
         uri: this.url,
         uilocation: "popout",
         senderTabId: this.senderTabId,
@@ -344,9 +344,9 @@ export class Fido2Component implements OnInit, OnDestroy {
     this.destroy$.complete();
   }
 
-  private buildCipher() {
+  private buildCipher(name: string) {
     this.cipher = new CipherView();
-    this.cipher.name = Utils.getHostname(this.url);
+    this.cipher.name = name;
     this.cipher.type = CipherType.Login;
     this.cipher.login = new LoginView();
     this.cipher.login.uris = [new LoginUriView()];
@@ -358,8 +358,8 @@ export class Fido2Component implements OnInit, OnDestroy {
     this.cipher.reprompt = CipherRepromptType.None;
   }
 
-  private async createNewCipher() {
-    this.buildCipher();
+  private async createNewCipher(name: string) {
+    this.buildCipher(name);
     const cipher = await this.cipherService.encrypt(this.cipher);
     try {
       await this.cipherService.createWithServer(cipher);

diff --git a/libs/common/src/vault/abstractions/fido2/fido2-user-interface.service.abstraction.ts b/libs/common/src/vault/abstractions/fido2/fido2-user-interface.service.abstraction.ts
@@ -16,6 +16,10 @@ export interface NewCredentialParams {
    * Whether or not the user must be verified before completing the operation.
    */
   userVerification: boolean;
+  /**
+   * The relying party ID is usually the URL
+   */
+  rpId: string;
 }
 
 /**

diff --git a/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts b/libs/common/src/vault/services/fido2/fido2-authenticator.service.spec.ts
@@ -216,6 +216,7 @@ describe("FidoAuthenticatorService", () => {
             credentialName: params.rpEntity.name,
             userName: params.userEntity.displayName,
             userVerification,
+            rpId: params.rpEntity.id,
           } as NewCredentialParams);
         });
       }

diff --git a/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts b/libs/common/src/vault/services/fido2/fido2-authenticator.service.ts
@@ -113,6 +113,7 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
         credentialName: params.rpEntity.name,
         userName: params.userEntity.displayName,
         userVerification: params.requireUserVerification,
+        rpId: params.rpEntity.id,
       });
       const cipherId = response.cipherId;
       userVerified = response.userVerified;