From c60c955c2db564985134905202e55722c2c5af33 Mon Sep 17 00:00:00 2001 From: Jonathan White Date: Fri, 12 Jan 2024 18:26:46 -0500 Subject: [PATCH] Passkeys: Add Resident Key error --- share/translations/keepassxc_en.ts | 32 +++++++++++++++++++++++++++ src/browser/BrowserMessageBuilder.cpp | 16 ++++++++++++++ src/browser/BrowserMessageBuilder.h | 3 ++- src/browser/BrowserService.cpp | 8 ++++++- 4 files changed, 57 insertions(+), 2 deletions(-) diff --git a/share/translations/keepassxc_en.ts b/share/translations/keepassxc_en.ts index 4427ca4882..9bd195fc80 100644 --- a/share/translations/keepassxc_en.ts +++ b/share/translations/keepassxc_en.ts @@ -8232,6 +8232,38 @@ This options is deprecated, use --set-key-file instead. Passkeys + + Attestation not supported + + + + Credential is excluded + + + + Passkeys request canceled + + + + Invalid user verification + + + + Empty public key + + + + Invalid URL provided + + + + Resident Keys are not supported + + + + Access to all entries is denied + + allow screenshots and app recording (Windows/macOS) diff --git a/src/browser/BrowserMessageBuilder.cpp b/src/browser/BrowserMessageBuilder.cpp index 41d3cfe8f2..bbae928d21 100644 --- a/src/browser/BrowserMessageBuilder.cpp +++ b/src/browser/BrowserMessageBuilder.cpp @@ -126,6 +126,22 @@ QString BrowserMessageBuilder::getErrorMessage(const int errorCode) const return QObject::tr("Cannot create new group"); case ERROR_KEEPASS_NO_VALID_UUID_PROVIDED: return QObject::tr("No valid UUID provided"); + case ERROR_KEEPASS_ACCESS_TO_ALL_ENTRIES_DENIED: + return QObject::tr("Access to all entries is denied"); + case ERROR_PASSKEYS_ATTESTATION_NOT_SUPPORTED: + return QObject::tr("Attestation not supported"); + case ERROR_PASSKEYS_CREDENTIAL_IS_EXCLUDED: + return QObject::tr("Credential is excluded"); + case ERROR_PASSKEYS_REQUEST_CANCELED: + return QObject::tr("Passkeys request canceled"); + case ERROR_PASSKEYS_INVALID_USER_VERIFICATION: + return QObject::tr("Invalid user verification"); + case ERROR_PASSKEYS_EMPTY_PUBLIC_KEY: + return QObject::tr("Empty public key"); + case ERROR_PASSKEYS_INVALID_URL_PROVIDED: + return QObject::tr("Invalid URL provided"); + case ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED: + return QObject::tr("Resident Keys are not supported"); default: return QObject::tr("Unknown error"); } diff --git a/src/browser/BrowserMessageBuilder.h b/src/browser/BrowserMessageBuilder.h index b9e172380b..9b6474d198 100644 --- a/src/browser/BrowserMessageBuilder.h +++ b/src/browser/BrowserMessageBuilder.h @@ -54,7 +54,8 @@ namespace ERROR_PASSKEYS_REQUEST_CANCELED = 22, ERROR_PASSKEYS_INVALID_USER_VERIFICATION = 23, ERROR_PASSKEYS_EMPTY_PUBLIC_KEY = 24, - ERROR_PASSKEYS_INVALID_URL_PROVIDED = 25 + ERROR_PASSKEYS_INVALID_URL_PROVIDED = 25, + ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED = 26, }; } diff --git a/src/browser/BrowserService.cpp b/src/browser/BrowserService.cpp index 484a9d21e0..bfd91a4eac 100644 --- a/src/browser/BrowserService.cpp +++ b/src/browser/BrowserService.cpp @@ -580,13 +580,19 @@ QJsonObject BrowserService::showPasskeysRegisterPrompt(const QJsonObject& public const auto excludeCredentials = publicKey["excludeCredentials"].toArray(); const auto attestation = publicKey["attestation"].toString(); + // Check Resident Key requirement + const auto authenticatorSelection = publicKey["authenticatorSelection"].toObject(); + const auto requireResidentKey = authenticatorSelection["requireResidentKey"].toBool(); + if (requireResidentKey) { + return getPasskeyError(ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED); + } + // Only support these two for now if (attestation != BrowserPasskeys::PASSKEYS_ATTESTATION_NONE && attestation != BrowserPasskeys::PASSKEYS_ATTESTATION_DIRECT) { return getPasskeyError(ERROR_PASSKEYS_ATTESTATION_NOT_SUPPORTED); } - const auto authenticatorSelection = publicKey["authenticatorSelection"].toObject(); const auto userVerification = authenticatorSelection["userVerification"].toString(); if (!browserPasskeys()->isUserVerificationValid(userVerification)) { return getPasskeyError(ERROR_PASSKEYS_INVALID_USER_VERIFICATION);