bitwarden · Tyrrrz · Aug 16, 2024 · Aug 14, 2024 · Aug 15, 2024 · Aug 15, 2024
@@ -23,7 +23,7 @@
     <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore" Version="8.0.7" />
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
     <PackageReference Include="Microsoft.FeatureManagement.AspNetCore" Version="3.5.0" />
-    <PackageReference Include="Passwordless.AspNetCore" Version="2.0.0-beta10" />
+    <PackageReference Include="Passwordless.AspNetCore" Version="2.1.0-beta.1" />
     <PackageReference Include="Stripe.net" Version="41.*" />
   </ItemGroup>
 

@@ -12,7 +12,6 @@
     var requestToken = Antiforgery.GetAndStoreTokens(Model.HttpContext).RequestToken;
 }
 
-
 <div>
     <div class="flex flex-1 flex-col justify-center lg:flex-non bg-gray-200 rounded-md p-6 max-w-fit">
         <div class="w-full max-w-sm lg:w-96">
@@ -85,6 +84,13 @@
                                 }
                             </div>
 
+                            <div>
+                                <label for="hints" class="block text-sm font-medium leading-6 text-gray-900">Credential hints (optional)</label>
+                                <div class="mt-2">
+                                    <input asp-for="Hints" type="text" name="hints" id="hints" class="text-input">
+                                    <span asp-validation-for="Hints"></span>
+                                </div>
+                            </div>
 
                             <div>
                                 <button id="register-btn" class="btn-primary" type="button">Register</button>
@@ -127,7 +133,7 @@ const createNewAccount = async (e) => {
     if (req.ok) {
         const { token } = await req.json();
         const nicknameForDevice = data.get("nickname");
-        const { error } = await p.register(token , nicknameForDevice);
+        const { error } = await p.register(token, nicknameForDevice);
 
         if (error) {
             console.error(error);

@@ -5,33 +5,28 @@
 
 namespace Passwordless.AdminConsole.Pages.App.Playground;
 
-public class NewAccountModel : PageModel
+public class NewAccountModel(IScopedPasswordlessClient passwordlessClient)
+    : PageModel
 {
-    private readonly ILogger<IndexModel> _logger;
-    private readonly IScopedPasswordlessClient _passwordlessClient;
+    [MaxLength(64)]
+    public string Nickname { get; set; } = "";
 
-    public NewAccountModel(ILogger<IndexModel> logger, IScopedPasswordlessClient passwordlessClient)
-    {
-        _logger = logger;
-        this._passwordlessClient = passwordlessClient;
-    }
+    public string Attestation { get; set; } = "none";
 
-    public void OnGet()
-    {
+    public string Hints { get; set; } = "";
 
-    }
-
-    public async Task<IActionResult> OnPostToken(string name, string email, string attestation)
+    public async Task<IActionResult> OnPostToken(string name, string email, string attestation, string hints)
     {
         try
         {
             var userId = Guid.NewGuid().ToString();
-            var token = await _passwordlessClient.CreateRegisterTokenAsync(new RegisterOptions(userId, $"Playground: {email}")
+            var token = await passwordlessClient.CreateRegisterTokenAsync(new RegisterOptions(userId, $"Playground: {email}")
             {
                 DisplayName = name,
-                Aliases = new HashSet<string>(1) { email },
+                Aliases = [email],
                 AliasHashing = false,
-                Attestation = attestation
+                Attestation = attestation,
+                Hints = hints.Split(',', StringSplitOptions.TrimEntries | StringSplitOptions.RemoveEmptyEntries)
             });
 
             return new JsonResult(token);
@@ -44,12 +39,7 @@ public async Task<IActionResult> OnPostToken(string name, string email, string a
 
     public async Task<IActionResult> OnPost(string token)
     {
-        var res = await _passwordlessClient.VerifyAuthenticationTokenAsync(token);
+        var res = await passwordlessClient.VerifyAuthenticationTokenAsync(token);
         return new JsonResult(res);
     }
-
-    [MaxLength(64)]
-    public string Nickname { get; set; }
-
-    public string Attestation { get; set; } = "none";
 }
@@ -74,7 +74,7 @@ public async Task<string> CreateRegisterTokenAsync(RegisterToken tokenProps)
         if (string.IsNullOrEmpty(tokenProps.Attestation)) tokenProps.Attestation = "none";
         TokenValidator.ValidateAttestation(tokenProps, features);
 
-        // check if aliases is available
+        // Check if aliases is available
         if (tokenProps.Aliases != null)
         {
             var hashedAliases = tokenProps.Aliases.Select(alias => HashAlias(alias, _tenantProvider.Tenant));
@@ -152,6 +152,8 @@ public async Task<SessionResponse<CredentialCreateOptions>> RegisterBeginAsync(F
                     CredProps = true
                 });
 
+            options.Hints = token.Hints;
+
             var session = await _tokenService.EncodeTokenAsync(
                 new RegisterSession
                 {

@@ -1,4 +1,5 @@
 using System.ComponentModel.DataAnnotations;
+using Fido2NetLib.Objects;
 using MessagePack;
 using Passwordless.Common.Validation;
 
@@ -20,17 +21,26 @@ public class RegisterToken : Token
 
     [MessagePack.Key(13)]
     public string Attestation { get; set; } = "None";
+
     [MessagePack.Key(14)]
     public string AuthenticatorType { get; set; }
+
     [MessagePack.Key(15)]
     public bool Discoverable { get; set; } = true;
+
     [MessagePack.Key(16)]
     public string UserVerification { get; set; } = "Preferred";
+
     [MessagePack.Key(17)]
     [MaxLength(10), MaxLengthCollection(250), RequiredCollection(AllowEmptyStrings = false)]
-    public HashSet<string> Aliases { get; set; }
+    public HashSet<string>? Aliases { get; set; }
 
-    [MessagePack.Key(18)] public bool AliasHashing { get; set; } = true;
+    [MessagePack.Key(18)]
+    public bool AliasHashing { get; set; } = true;
+
+    [MessagePack.Key(19)]
+    [MaxLength(3)]
+    public IReadOnlyList<PublicKeyCredentialHint> Hints { get; set; } = [];
 }
 
 [MessagePackObject]

@@ -149,31 +149,25 @@ private async Task<Tuple<Key, int>> GetRandomKeyAsync()
 
     public async Task<string> EncodeTokenAsync<T>(T token, string prefix, bool contractless = false)
     {
-        byte[] msgpack;
-        if (contractless)
-        {
-            msgpack = MessagePackSerializer.Serialize(token, ContractlessStandardResolver.Options);
-        }
-        else
-        {
-            msgpack = MessagePackSerializer.Serialize(token);
-        }
+        var msgpack = contractless
+            ? MessagePackSerializer.Serialize(token, ContractlessStandardResolver.Options)
+            : MessagePackSerializer.Serialize(token);
 
-        (Key key, int keyId) = await GetRandomKeyAsync();
+        (Key key, var keyId) = await GetRandomKeyAsync();
 
         _log.LogInformation("Encoding using keyId={keyId}", keyId);
         var mac = CreateMac(key, msgpack);
 
         var envelope = new MacEnvelope { Mac = mac, Token = msgpack, KeyId = keyId };
-        var envelop_binary = MessagePackSerializer.Serialize(envelope);
-        var envelop_binary_b64 = Base64Url.Encode(envelop_binary);
+        var envelopeBinary = MessagePackSerializer.Serialize(envelope);
+        var envelopeBinaryB64 = Base64Url.Encode(envelopeBinary);
 
         if (!string.IsNullOrEmpty(prefix))
         {
-            return prefix + envelop_binary_b64;
+            return prefix + envelopeBinaryB64;
         }
 
-        return envelop_binary_b64;
+        return envelopeBinaryB64;
     }
 
     /// <summary>

@@ -74,7 +74,7 @@ public async Task CreateRegisterToken_Throws_ApiException_WhenMaxUsersExceededFo
             .ReturnsAsync("test_token");
         _mockFeatureContextProvider.Setup(x => x.UseContext()).ReturnsAsync(new FeaturesContext(false, 0, null, 10000, false, true, true));
         _mockTenantStorage.Setup(x => x.GetUsersCount()).ReturnsAsync(10000);
-        _mockTenantStorage.Setup(x => x.GetCredentialsByUserIdAsync(It.Is<string>(p => p == "test"))).ReturnsAsync(new List<StoredCredential>(0));
+        _mockTenantStorage.Setup(x => x.GetCredentialsByUserIdAsync(It.Is<string>(p => p == "test"))).ReturnsAsync([]);
 
         // act
         var actual = await Assert.ThrowsAsync<ApiException>(async () =>
@@ -104,7 +104,19 @@ public async Task CreateRegisterToken_Works_WhenMaxUsersExceededForExistingUser(
         _mockFeatureContextProvider.Setup(x => x.UseContext()).ReturnsAsync(new FeaturesContext(false, 0, null, 10000, false, true, true));
         _mockTenantStorage.Setup(x => x.GetUsersCount()).ReturnsAsync(10000);
         _mockTenantStorage.Setup(x => x.GetCredentialsByUserIdAsync(It.Is<string>(p => p == "test"))).ReturnsAsync(
-            new List<StoredCredential>(1) { new() { UserHandle = "test"u8.ToArray(), Descriptor = null!, Origin = null!, AttestationFmt = null!, CreatedAt = DateTime.UtcNow, PublicKey = null!, SignatureCounter = 123, RPID = null! } });
+        [
+            new StoredCredential
+            {
+                UserHandle = "test"u8.ToArray(),
+                Descriptor = null!,
+                Origin = null!,
+                AttestationFmt = null!,
+                CreatedAt = DateTime.UtcNow,
+                PublicKey = null!,
+                SignatureCounter = 123,
+                RPID = null!
+            }
+        ]);
 
         // act
         var actual = await _sut.CreateRegisterTokenAsync(new RegisterToken