diff --git a/src/browser/BrowserPasskeys.cpp b/src/browser/BrowserPasskeys.cpp index 74a4368dfc..b1dfe5120d 100644 --- a/src/browser/BrowserPasskeys.cpp +++ b/src/browser/BrowserPasskeys.cpp @@ -59,6 +59,11 @@ const QString BrowserPasskeys::PASSKEYS_ATTESTATION_NONE = QStringLiteral("none" const QString BrowserPasskeys::KPEX_PASSKEY_USERNAME = QStringLiteral("KPEX_PASSKEY_USERNAME"); const QString BrowserPasskeys::KPEX_PASSKEY_CREDENTIAL_ID = QStringLiteral("KPEX_PASSKEY_CREDENTIAL_ID"); + +// For compatibility with StrongBox +const QString BrowserPasskeys::KPEX_PASSKEY_GENERATED_USER_ID = QStringLiteral("KPEX_PASSKEY_GENERATED_USER_ID"); +const QString BrowserPasskeys::KPXC_PASSKEY_USERNAME = QStringLiteral("KPXC_PASSKEY_USERNAME"); + const QString BrowserPasskeys::KPEX_PASSKEY_PRIVATE_KEY_PEM = QStringLiteral("KPEX_PASSKEY_PRIVATE_KEY_PEM"); const QString BrowserPasskeys::KPEX_PASSKEY_RELYING_PARTY = QStringLiteral("KPEX_PASSKEY_RELYING_PARTY"); const QString BrowserPasskeys::KPEX_PASSKEY_USER_HANDLE = QStringLiteral("KPEX_PASSKEY_USER_HANDLE"); diff --git a/src/browser/BrowserPasskeys.h b/src/browser/BrowserPasskeys.h index 806b663f8d..0c09e3314a 100644 --- a/src/browser/BrowserPasskeys.h +++ b/src/browser/BrowserPasskeys.h @@ -105,8 +105,10 @@ class BrowserPasskeys : public QObject static const QString PASSKEYS_ATTESTATION_DIRECT; static const QString PASSKEYS_ATTESTATION_NONE; + static const QString KPXC_PASSKEY_USERNAME; static const QString KPEX_PASSKEY_USERNAME; static const QString KPEX_PASSKEY_CREDENTIAL_ID; + static const QString KPEX_PASSKEY_GENERATED_USER_ID; static const QString KPEX_PASSKEY_PRIVATE_KEY_PEM; static const QString KPEX_PASSKEY_RELYING_PARTY; static const QString KPEX_PASSKEY_USER_HANDLE; diff --git a/src/browser/BrowserService.cpp b/src/browser/BrowserService.cpp index 5646bf3d07..7395b72c3c 100644 --- a/src/browser/BrowserService.cpp +++ b/src/browser/BrowserService.cpp @@ -673,7 +673,7 @@ QJsonObject BrowserService::showPasskeysAuthenticationPrompt(const QJsonObject& } const auto privateKeyPem = selectedEntry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_PRIVATE_KEY_PEM); - const auto credentialId = selectedEntry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_CREDENTIAL_ID); + const auto credentialId = passkeyUtils()->getCredentialIdFromEntry(selectedEntry); const auto userHandle = selectedEntry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_USER_HANDLE); auto publicKeyCredential = @@ -739,13 +739,12 @@ void BrowserService::addPasskeyToEntry(Entry* entry, // Ask confirmation if entry already contains a Passkey if (entry->hasPasskey()) { - if (MessageBox::question( - m_currentDatabaseWidget, - tr("KeePassXC - Update Passkey"), - tr("Entry already has a Passkey.\nDo you want to overwrite the Passkey in %1 - %2?") - .arg(entry->title(), entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_USERNAME)), - MessageBox::Overwrite | MessageBox::Cancel, - MessageBox::Cancel) + if (MessageBox::question(m_currentDatabaseWidget, + tr("KeePassXC - Update Passkey"), + tr("Entry already has a Passkey.\nDo you want to overwrite the Passkey in %1 - %2?") + .arg(entry->title(), passkeyUtils()->getUsernameFromEntry(entry)), + MessageBox::Overwrite | MessageBox::Cancel, + MessageBox::Cancel) != MessageBox::Overwrite) { return; } @@ -1136,7 +1135,7 @@ QJsonObject BrowserService::prepareEntry(const Entry* entry) QJsonObject res; #ifdef WITH_XC_BROWSER_PASSKEYS // Use Passkey's username instead if found - res["login"] = entry->hasPasskey() ? entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_USERNAME) + res["login"] = entry->hasPasskey() ? passkeyUtils()->getUsernameFromEntry(entry) : entry->resolveMultiplePlaceholders(entry->username()); #else res["login"] = entry->resolveMultiplePlaceholders(entry->username()); @@ -1370,7 +1369,7 @@ QList BrowserService::getPasskeyAllowedEntries(const QJsonObject& assert // If allowedCredentials.isEmpty() check if entry contains an extra attribute for user handle. // If that is found, the entry should be allowed. // See: https://w3c.github.io/webauthn/#dom-authenticatorassertionresponse-userhandle - if (allowedCredentials.contains(entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_CREDENTIAL_ID)) + if (allowedCredentials.contains(passkeyUtils()->getCredentialIdFromEntry(entry)) || (allowedCredentials.isEmpty() && entry->attributes()->hasKey(BrowserPasskeys::KPEX_PASSKEY_USER_HANDLE))) { entries << entry; @@ -1392,7 +1391,7 @@ bool BrowserService::isPasskeyCredentialExcluded(const QJsonArray& excludeCreden const auto passkeyEntries = getPasskeyEntries(rpId, keyList); return std::any_of(passkeyEntries.begin(), passkeyEntries.end(), [&](const auto& entry) { - return allIds.contains(entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_CREDENTIAL_ID)); + return allIds.contains(passkeyUtils()->getCredentialIdFromEntry(entry)); }); } diff --git a/src/browser/PasskeyUtils.cpp b/src/browser/PasskeyUtils.cpp index a018a6b528..0dda93a6ea 100644 --- a/src/browser/PasskeyUtils.cpp +++ b/src/browser/PasskeyUtils.cpp @@ -352,3 +352,27 @@ QStringList PasskeyUtils::getAllowedCredentialsFromAssertionOptions(const QJsonO return allowedCredentials; } + +// For compatibility with StrongBox (and other possible clients in the future) +QString PasskeyUtils::getCredentialIdFromEntry(const Entry* entry) const +{ + if (!entry) { + return {}; + } + + return entry->attributes()->hasKey(BrowserPasskeys::KPEX_PASSKEY_GENERATED_USER_ID) + ? entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_GENERATED_USER_ID) + : entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_CREDENTIAL_ID); +} + +// For compatibility with StrongBox (and other possible clients in the future) +QString PasskeyUtils::getUsernameFromEntry(const Entry* entry) const +{ + if (!entry) { + return {}; + } + + return entry->attributes()->hasKey(BrowserPasskeys::KPXC_PASSKEY_USERNAME) + ? entry->attributes()->value(BrowserPasskeys::KPXC_PASSKEY_USERNAME) + : entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_USERNAME); +} diff --git a/src/browser/PasskeyUtils.h b/src/browser/PasskeyUtils.h index 1a08e295ad..0ac689ae6b 100644 --- a/src/browser/PasskeyUtils.h +++ b/src/browser/PasskeyUtils.h @@ -24,6 +24,7 @@ #include #include "BrowserCbor.h" +#include "core/Entry.h" #define DEFAULT_TIMEOUT 300000 #define DEFAULT_DISCOURAGED_TIMEOUT 120000 @@ -53,6 +54,8 @@ class PasskeyUtils : public QObject QByteArray buildExtensionData(QJsonObject& extensionObject) const; QJsonObject buildClientDataJson(const QJsonObject& publicKey, const QString& origin, bool get) const; QStringList getAllowedCredentialsFromAssertionOptions(const QJsonObject& assertionOptions) const; + QString getCredentialIdFromEntry(const Entry* entry) const; + QString getUsernameFromEntry(const Entry* entry) const; private: Q_DISABLE_COPY(PasskeyUtils); diff --git a/src/gui/passkeys/PasskeyExporter.cpp b/src/gui/passkeys/PasskeyExporter.cpp index e1483930fa..2585c76e04 100644 --- a/src/gui/passkeys/PasskeyExporter.cpp +++ b/src/gui/passkeys/PasskeyExporter.cpp @@ -19,6 +19,7 @@ #include "PasskeyExportDialog.h" #include "browser/BrowserPasskeys.h" +#include "browser/PasskeyUtils.h" #include "core/Entry.h" #include "core/Tools.h" #include "gui/MessageBox.h" @@ -90,8 +91,8 @@ void PasskeyExporter::exportSelectedEntry(const Entry* entry, const QString& fol QJsonObject passkeyObject; passkeyObject["relyingParty"] = entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_RELYING_PARTY); passkeyObject["url"] = entry->url(); - passkeyObject["username"] = entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_USERNAME); - passkeyObject["credentialId"] = entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_CREDENTIAL_ID); + passkeyObject["username"] = passkeyUtils()->getUsernameFromEntry(entry); + passkeyObject["credentialId"] = passkeyUtils()->getCredentialIdFromEntry(entry); passkeyObject["userHandle"] = entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_USER_HANDLE); passkeyObject["privateKey"] = entry->attributes()->value(BrowserPasskeys::KPEX_PASSKEY_PRIVATE_KEY_PEM);