Passkeys: Add Resident Key error

keepassxreboot · Jan 13, 2024 · c60c955 · c60c955
1 parent 54d829b
commit c60c955
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 2 deletions.
diff --git a/share/translations/keepassxc_en.ts b/share/translations/keepassxc_en.ts
@@ -8232,6 +8232,38 @@ This options is deprecated, use --set-key-file instead.</source>
         <source>Passkeys</source>
         <translation type="unfinished"></translation>
     </message>
+    <message>
+        <source>Attestation not supported</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Credential is excluded</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Passkeys request canceled</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Invalid user verification</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Empty public key</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Invalid URL provided</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Resident Keys are not supported</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Access to all entries is denied</source>
+        <translation type="unfinished"></translation>
+    </message>
     <message>
         <source>allow screenshots and app recording (Windows/macOS)</source>
         <translation type="unfinished"></translation>

diff --git a/src/browser/BrowserMessageBuilder.cpp b/src/browser/BrowserMessageBuilder.cpp
@@ -126,6 +126,22 @@ QString BrowserMessageBuilder::getErrorMessage(const int errorCode) const
         return QObject::tr("Cannot create new group");
     case ERROR_KEEPASS_NO_VALID_UUID_PROVIDED:
         return QObject::tr("No valid UUID provided");
+    case ERROR_KEEPASS_ACCESS_TO_ALL_ENTRIES_DENIED:
+        return QObject::tr("Access to all entries is denied");
+    case ERROR_PASSKEYS_ATTESTATION_NOT_SUPPORTED:
+        return QObject::tr("Attestation not supported");
+    case ERROR_PASSKEYS_CREDENTIAL_IS_EXCLUDED:
+        return QObject::tr("Credential is excluded");
+    case ERROR_PASSKEYS_REQUEST_CANCELED:
+        return QObject::tr("Passkeys request canceled");
+    case ERROR_PASSKEYS_INVALID_USER_VERIFICATION:
+        return QObject::tr("Invalid user verification");
+    case ERROR_PASSKEYS_EMPTY_PUBLIC_KEY:
+        return QObject::tr("Empty public key");
+    case ERROR_PASSKEYS_INVALID_URL_PROVIDED:
+        return QObject::tr("Invalid URL provided");
+    case ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED:
+        return QObject::tr("Resident Keys are not supported");
     default:
         return QObject::tr("Unknown error");
     }

diff --git a/src/browser/BrowserMessageBuilder.h b/src/browser/BrowserMessageBuilder.h
@@ -54,7 +54,8 @@ namespace
         ERROR_PASSKEYS_REQUEST_CANCELED = 22,
         ERROR_PASSKEYS_INVALID_USER_VERIFICATION = 23,
         ERROR_PASSKEYS_EMPTY_PUBLIC_KEY = 24,
-        ERROR_PASSKEYS_INVALID_URL_PROVIDED = 25
+        ERROR_PASSKEYS_INVALID_URL_PROVIDED = 25,
+        ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED = 26,
     };
 }
 

diff --git a/src/browser/BrowserService.cpp b/src/browser/BrowserService.cpp
@@ -580,13 +580,19 @@ QJsonObject BrowserService::showPasskeysRegisterPrompt(const QJsonObject& public
     const auto excludeCredentials = publicKey["excludeCredentials"].toArray();
     const auto attestation = publicKey["attestation"].toString();
 
+    // Check Resident Key requirement
+    const auto authenticatorSelection = publicKey["authenticatorSelection"].toObject();
+    const auto requireResidentKey = authenticatorSelection["requireResidentKey"].toBool();
+    if (requireResidentKey) {
+        return getPasskeyError(ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED);
+    }
+
     // Only support these two for now
     if (attestation != BrowserPasskeys::PASSKEYS_ATTESTATION_NONE
         && attestation != BrowserPasskeys::PASSKEYS_ATTESTATION_DIRECT) {
         return getPasskeyError(ERROR_PASSKEYS_ATTESTATION_NOT_SUPPORTED);
     }
 
-    const auto authenticatorSelection = publicKey["authenticatorSelection"].toObject();
     const auto userVerification = authenticatorSelection["userVerification"].toString();
     if (!browserPasskeys()->isUserVerificationValid(userVerification)) {
         return getPasskeyError(ERROR_PASSKEYS_INVALID_USER_VERIFICATION);