From bd8124ec9e999ac1c0422981a7bbb2538c2c60fb Mon Sep 17 00:00:00 2001
From: Patrick Honkonen <1883101+SaintPatrck@users.noreply.github.com>
Date: Mon, 20 May 2024 12:01:35 -0400
Subject: [PATCH] PM-5153: Implement FIDO2 credential provider service (passkey
creation entries) (#1370)
---
README.md | 5 +
app/build.gradle.kts | 1 +
app/src/debug/AndroidManifest.xml | 43 ++++
.../bitwarden/BitwardenAppComponentFactory.kt | 25 +-
.../fido2/BitwardenFido2ProviderService.kt | 72 ++++++
.../autofill/fido2/di/Fido2ProviderModule.kt | 42 +++
.../fido2/processor/Fido2ProviderProcessor.kt | 63 +++++
.../processor/Fido2ProviderProcessorImpl.kt | 140 ++++++++++
.../platform/manager/intent/IntentManager.kt | 11 +
.../manager/intent/IntentManagerImpl.kt | 26 ++
app/src/standardDebug/res/xml/provider.xml | 6 +
.../processor/Fido2ProviderProcessorTest.kt | 240 ++++++++++++++++++
gradle/libs.versions.toml | 3 +
13 files changed, 674 insertions(+), 3 deletions(-)
create mode 100644 app/src/debug/AndroidManifest.xml
create mode 100644 app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/BitwardenFido2ProviderService.kt
create mode 100644 app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/di/Fido2ProviderModule.kt
create mode 100644 app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessor.kt
create mode 100644 app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessorImpl.kt
create mode 100644 app/src/standardDebug/res/xml/provider.xml
create mode 100644 app/src/test/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessorTest.kt
diff --git a/README.md b/README.md
index 6eaaf989a..b2442370f 100644
--- a/README.md
+++ b/README.md
@@ -92,6 +92,11 @@ The following is a list of all third-party dependencies included as part of the
- Purpose: Backwards compatible SplashScreen API implementation.
- License: Apache 2.0
+- **AndroidX Credentials**
+ - https://developer.android.com/jetpack/androidx/releases/credentials
+ - Purpose: Unified access to user's credentials.
+ - License: Apache 2.0
+
- **AndroidX Lifecycle**
- https://developer.android.com/jetpack/androidx/releases/lifecycle
- Purpose: Lifecycle aware components and tooling.
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
index ec0f941be..fb440e766 100644
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -147,6 +147,7 @@ dependencies {
implementation(libs.androidx.work.runtime.ktx)
implementation(libs.bitwarden.sdk)
implementation(libs.bumptech.glide)
+ implementation(libs.androidx.credentials)
implementation(libs.google.hilt.android)
ksp(libs.google.hilt.compiler)
implementation(libs.kotlinx.collections.immutable)
diff --git a/app/src/debug/AndroidManifest.xml b/app/src/debug/AndroidManifest.xml
new file mode 100644
index 000000000..b60f59cdd
--- /dev/null
+++ b/app/src/debug/AndroidManifest.xml
@@ -0,0 +1,43 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/app/src/main/java/com/x8bit/bitwarden/BitwardenAppComponentFactory.kt b/app/src/main/java/com/x8bit/bitwarden/BitwardenAppComponentFactory.kt
index ef7bd297b..fdd79525a 100644
--- a/app/src/main/java/com/x8bit/bitwarden/BitwardenAppComponentFactory.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/BitwardenAppComponentFactory.kt
@@ -2,11 +2,15 @@ package com.x8bit.bitwarden
import android.app.Service
import android.content.Intent
+import android.os.Build
import androidx.core.app.AppComponentFactory
import com.x8bit.bitwarden.data.autofill.BitwardenAutofillService
+import com.x8bit.bitwarden.data.autofill.fido2.BitwardenFido2ProviderService
import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
private const val LEGACY_AUTOFILL_SERVICE_NAME = "com.x8bit.bitwarden.Autofill.AutofillService"
+private const val LEGACY_CREDENTIAL_SERVICE_NAME =
+ "com.x8bit.bitwarden.Autofill.CredentialProviderService"
/**
* A factory class that allows us to intercept when a manifest element is being instantiated
@@ -16,9 +20,10 @@ private const val LEGACY_AUTOFILL_SERVICE_NAME = "com.x8bit.bitwarden.Autofill.A
@OmitFromCoverage
class BitwardenAppComponentFactory : AppComponentFactory() {
/**
- * Used to intercept when the [BitwardenAutofillService] is being instantiated and modify which
- * service is created. This is required because the [className] used in the manifest must match
- * the legacy Xamarin app service name but the service name in this app is different.
+ * Used to intercept when the [BitwardenAutofillService] or [BitwardenFido2ProviderService] is
+ * being instantiated and modify which service is created. This is required because the
+ * [className] used in the manifest must match the legacy Xamarin app service name but the
+ * service name in this app is different.
*/
override fun instantiateServiceCompat(
cl: ClassLoader,
@@ -29,6 +34,20 @@ class BitwardenAppComponentFactory : AppComponentFactory() {
super.instantiateServiceCompat(cl, BitwardenAutofillService::class.java.name, intent)
}
+ LEGACY_CREDENTIAL_SERVICE_NAME -> {
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
+ super.instantiateServiceCompat(
+ cl,
+ BitwardenFido2ProviderService::class.java.name,
+ intent,
+ )
+ } else {
+ throw UnsupportedOperationException(
+ "The CredentialProviderService requires API 34 or higher.",
+ )
+ }
+ }
+
else -> super.instantiateServiceCompat(cl, className, intent)
}
}
diff --git a/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/BitwardenFido2ProviderService.kt b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/BitwardenFido2ProviderService.kt
new file mode 100644
index 000000000..0196cd6ad
--- /dev/null
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/BitwardenFido2ProviderService.kt
@@ -0,0 +1,72 @@
+package com.x8bit.bitwarden.data.autofill.fido2
+
+import android.os.Build
+import android.os.CancellationSignal
+import android.os.OutcomeReceiver
+import androidx.annotation.RequiresApi
+import androidx.credentials.exceptions.ClearCredentialException
+import androidx.credentials.exceptions.CreateCredentialException
+import androidx.credentials.exceptions.GetCredentialException
+import androidx.credentials.provider.BeginCreateCredentialRequest
+import androidx.credentials.provider.BeginCreateCredentialResponse
+import androidx.credentials.provider.BeginGetCredentialRequest
+import androidx.credentials.provider.BeginGetCredentialResponse
+import androidx.credentials.provider.CredentialProviderService
+import androidx.credentials.provider.ProviderClearCredentialStateRequest
+import com.x8bit.bitwarden.data.autofill.fido2.processor.Fido2ProviderProcessor
+import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
+import dagger.hilt.android.AndroidEntryPoint
+import javax.inject.Inject
+
+/**
+ * The [CredentialProviderService] for the app. This fulfills FIDO2 credential requests from other
+ * applications.
+ */
+@OmitFromCoverage
+@RequiresApi(Build.VERSION_CODES.UPSIDE_DOWN_CAKE)
+@AndroidEntryPoint
+class BitwardenFido2ProviderService : CredentialProviderService() {
+
+ /**
+ * A processor to handle the FIDO2 credential fulfillment. We keep the service light because it
+ * isn't easily testable.
+ */
+ @Inject
+ lateinit var processor: Fido2ProviderProcessor
+
+ override fun onBeginCreateCredentialRequest(
+ request: BeginCreateCredentialRequest,
+ cancellationSignal: CancellationSignal,
+ callback: OutcomeReceiver,
+ ) {
+ processor.processCreateCredentialRequest(
+ request,
+ cancellationSignal,
+ callback,
+ )
+ }
+
+ override fun onBeginGetCredentialRequest(
+ request: BeginGetCredentialRequest,
+ cancellationSignal: CancellationSignal,
+ callback: OutcomeReceiver,
+ ) {
+ processor.processGetCredentialRequest(
+ request,
+ cancellationSignal,
+ callback,
+ )
+ }
+
+ override fun onClearCredentialStateRequest(
+ request: ProviderClearCredentialStateRequest,
+ cancellationSignal: CancellationSignal,
+ callback: OutcomeReceiver,
+ ) {
+ processor.processClearCredentialStateRequest(
+ request,
+ cancellationSignal,
+ callback,
+ )
+ }
+}
diff --git a/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/di/Fido2ProviderModule.kt b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/di/Fido2ProviderModule.kt
new file mode 100644
index 000000000..8d095981a
--- /dev/null
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/di/Fido2ProviderModule.kt
@@ -0,0 +1,42 @@
+package com.x8bit.bitwarden.data.autofill.fido2.di
+
+import android.content.Context
+import android.os.Build
+import androidx.annotation.RequiresApi
+import com.x8bit.bitwarden.data.auth.repository.AuthRepository
+import com.x8bit.bitwarden.data.autofill.fido2.processor.Fido2ProviderProcessor
+import com.x8bit.bitwarden.data.autofill.fido2.processor.Fido2ProviderProcessorImpl
+import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
+import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
+import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
+import dagger.Module
+import dagger.Provides
+import dagger.hilt.InstallIn
+import dagger.hilt.android.qualifiers.ApplicationContext
+import dagger.hilt.components.SingletonComponent
+import javax.inject.Singleton
+
+/**
+ * Provides dependencies within the fido2 package.
+ */
+@OmitFromCoverage
+@Module
+@InstallIn(SingletonComponent::class)
+object Fido2ProviderModule {
+
+ @RequiresApi(Build.VERSION_CODES.S)
+ @Singleton
+ @Provides
+ fun provideCredentialProviderProcessor(
+ @ApplicationContext context: Context,
+ authRepository: AuthRepository,
+ dispatcherManager: DispatcherManager,
+ intentManager: IntentManager,
+ ): Fido2ProviderProcessor =
+ Fido2ProviderProcessorImpl(
+ context,
+ authRepository,
+ intentManager,
+ dispatcherManager,
+ )
+}
diff --git a/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessor.kt b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessor.kt
new file mode 100644
index 000000000..d88a2b331
--- /dev/null
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessor.kt
@@ -0,0 +1,63 @@
+package com.x8bit.bitwarden.data.autofill.fido2.processor
+
+import android.os.CancellationSignal
+import android.os.OutcomeReceiver
+import androidx.credentials.exceptions.ClearCredentialException
+import androidx.credentials.exceptions.CreateCredentialException
+import androidx.credentials.exceptions.GetCredentialException
+import androidx.credentials.provider.BeginCreateCredentialRequest
+import androidx.credentials.provider.BeginCreateCredentialResponse
+import androidx.credentials.provider.BeginGetCredentialRequest
+import androidx.credentials.provider.BeginGetCredentialResponse
+import androidx.credentials.provider.ProviderClearCredentialStateRequest
+
+/**
+ * A class to handle FIDO2 credential request processing. This includes save and autofill requests.
+ */
+interface Fido2ProviderProcessor {
+
+ /**
+ * Process the [BeginCreateCredentialRequest] and invoke the [callback] with the result.
+ *
+ * @param request The request data from the OS that contains data about the requesting provider.
+ * @param cancellationSignal signal for observing cancellation requests. The system will use
+ * this to notify us that the result is no longer needed and we should stop handling it in order
+ * to save our resources.
+ * @param callback the callback object to be used to notify the response or error
+ */
+ fun processCreateCredentialRequest(
+ request: BeginCreateCredentialRequest,
+ cancellationSignal: CancellationSignal,
+ callback: OutcomeReceiver,
+ )
+
+ /**
+ * Process the [BeginGetCredentialRequest] and invoke the [callback] with the result.
+ *
+ * @param request The request data form the OS that contains data about the requesting provider.
+ * @param cancellationSignal signal for observing cancellation requests. The system will use
+ * this to notify us that the result is no longer needed and we should stop handling it in order
+ * to save our resources.
+ * @param callback the callback object to be used to notify the response or error
+ */
+ fun processGetCredentialRequest(
+ request: BeginGetCredentialRequest,
+ cancellationSignal: CancellationSignal,
+ callback: OutcomeReceiver,
+ )
+
+ /**
+ * Process the [ProviderClearCredentialStateRequest] and invoke the [callback] with the result.
+ *
+ * @param request The request data form the OS that contains data about the requesting provider.
+ * @param cancellationSignal signal for observing cancellation requests. The system will use
+ * this to notify us that the result is no longer needed and we should stop handling it in order
+ * to save our resources.
+ * @param callback the callback object to be used to notify the response or error
+ */
+ fun processClearCredentialStateRequest(
+ request: ProviderClearCredentialStateRequest,
+ cancellationSignal: CancellationSignal,
+ callback: OutcomeReceiver,
+ )
+}
diff --git a/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessorImpl.kt b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessorImpl.kt
new file mode 100644
index 000000000..404d555f0
--- /dev/null
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessorImpl.kt
@@ -0,0 +1,140 @@
+package com.x8bit.bitwarden.data.autofill.fido2.processor
+
+import android.content.Context
+import android.os.Build
+import android.os.CancellationSignal
+import android.os.OutcomeReceiver
+import androidx.annotation.RequiresApi
+import androidx.credentials.exceptions.ClearCredentialException
+import androidx.credentials.exceptions.ClearCredentialUnsupportedException
+import androidx.credentials.exceptions.CreateCredentialCancellationException
+import androidx.credentials.exceptions.CreateCredentialException
+import androidx.credentials.exceptions.CreateCredentialUnknownException
+import androidx.credentials.exceptions.GetCredentialException
+import androidx.credentials.exceptions.GetCredentialUnsupportedException
+import androidx.credentials.provider.BeginCreateCredentialRequest
+import androidx.credentials.provider.BeginCreateCredentialResponse
+import androidx.credentials.provider.BeginCreatePublicKeyCredentialRequest
+import androidx.credentials.provider.BeginGetCredentialRequest
+import androidx.credentials.provider.BeginGetCredentialResponse
+import androidx.credentials.provider.CreateEntry
+import androidx.credentials.provider.ProviderClearCredentialStateRequest
+import com.x8bit.bitwarden.R
+import com.x8bit.bitwarden.data.auth.repository.AuthRepository
+import com.x8bit.bitwarden.data.auth.repository.model.UserState
+import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
+import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.cancel
+import kotlinx.coroutines.launch
+import java.util.concurrent.atomic.AtomicInteger
+
+private const val CREATE_PASSKEY_INTENT = "com.x8bit.bitwarden.fido2.ACTION_CREATE_PASSKEY"
+
+/**
+ * The default implementation of [Fido2ProviderProcessor]. Its purpose is to handle FIDO2 related
+ * processing.
+ */
+@RequiresApi(Build.VERSION_CODES.S)
+class Fido2ProviderProcessorImpl(
+ private val context: Context,
+ private val authRepository: AuthRepository,
+ private val intentManager: IntentManager,
+ dispatcherManager: DispatcherManager,
+) : Fido2ProviderProcessor {
+
+ private val requestCode = AtomicInteger()
+ private val scope = CoroutineScope(dispatcherManager.unconfined)
+
+ override fun processCreateCredentialRequest(
+ request: BeginCreateCredentialRequest,
+ cancellationSignal: CancellationSignal,
+ callback: OutcomeReceiver,
+ ) {
+ cancellationSignal.setOnCancelListener {
+ callback.onError(CreateCredentialCancellationException())
+ scope.cancel()
+ }
+
+ val userId = authRepository.activeUserId
+ if (userId == null) {
+ callback.onError(CreateCredentialUnknownException("Active user is required."))
+ return
+ }
+
+ scope.launch {
+ processCreateCredentialRequest(request = request)
+ ?.let { callback.onResult(it) }
+ ?: callback.onError(CreateCredentialUnknownException())
+ }
+ }
+
+ private fun processCreateCredentialRequest(
+ request: BeginCreateCredentialRequest,
+ ): BeginCreateCredentialResponse? {
+ return when (request) {
+ is BeginCreatePublicKeyCredentialRequest -> {
+ handleCreatePasskeyQuery(request)
+ }
+
+ else -> null
+ }
+ }
+
+ @Suppress("ReturnCount")
+ private fun handleCreatePasskeyQuery(
+ request: BeginCreatePublicKeyCredentialRequest,
+ ): BeginCreateCredentialResponse? {
+ val requestJson = request
+ .candidateQueryData
+ .getString("androidx.credentials.BUNDLE_KEY_REQUEST_JSON")
+
+ if (requestJson.isNullOrEmpty()) return null
+
+ val userState = authRepository.userStateFlow.value ?: return null
+
+ return BeginCreateCredentialResponse.Builder()
+ .setCreateEntries(userState.accounts.toCreateEntries())
+ .build()
+ }
+
+ private fun List.toCreateEntries() = map { it.toCreateEntry() }
+
+ private fun UserState.Account.toCreateEntry(): CreateEntry {
+ val accountName = name ?: email
+ return CreateEntry
+ .Builder(
+ accountName = accountName,
+ pendingIntent = intentManager.createFido2CreationPendingIntent(
+ CREATE_PASSKEY_INTENT,
+ userId,
+ requestCode.getAndIncrement(),
+ ),
+ )
+ .setDescription(
+ context.getString(
+ R.string.your_passkey_will_be_saved_to_your_bitwarden_vault_for_x,
+ accountName,
+ ),
+ )
+ .build()
+ }
+
+ override fun processGetCredentialRequest(
+ request: BeginGetCredentialRequest,
+ cancellationSignal: CancellationSignal,
+ callback: OutcomeReceiver,
+ ) {
+ // no-op: RFU
+ callback.onError(GetCredentialUnsupportedException())
+ }
+
+ override fun processClearCredentialStateRequest(
+ request: ProviderClearCredentialStateRequest,
+ cancellationSignal: CancellationSignal,
+ callback: OutcomeReceiver,
+ ) {
+ // no-op: RFU
+ callback.onError(ClearCredentialUnsupportedException())
+ }
+}
diff --git a/app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/intent/IntentManager.kt b/app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/intent/IntentManager.kt
index 3f502005a..34bf86d9c 100644
--- a/app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/intent/IntentManager.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/intent/IntentManager.kt
@@ -1,5 +1,6 @@
package com.x8bit.bitwarden.ui.platform.manager.intent
+import android.app.PendingIntent
import android.content.Intent
import android.net.Uri
import android.os.Parcelable
@@ -80,6 +81,16 @@ interface IntentManager {
*/
fun createDocumentIntent(fileName: String): Intent
+ /**
+ * Creates a pending intent to use when providing [androidx.credentials.provider.CreateEntry]
+ * instances for FIDO 2 credential creation.
+ */
+ fun createFido2CreationPendingIntent(
+ action: String,
+ userId: String,
+ requestCode: Int,
+ ): PendingIntent
+
/**
* Represents file information.
*/
diff --git a/app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/intent/IntentManagerImpl.kt b/app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/intent/IntentManagerImpl.kt
index 684c2a742..20b9a85fe 100644
--- a/app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/intent/IntentManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/intent/IntentManagerImpl.kt
@@ -1,6 +1,7 @@
package com.x8bit.bitwarden.ui.platform.manager.intent
import android.app.Activity
+import android.app.PendingIntent
import android.content.ActivityNotFoundException
import android.content.ComponentName
import android.content.Context
@@ -20,6 +21,7 @@ import androidx.core.content.ContextCompat
import androidx.core.content.FileProvider
import com.x8bit.bitwarden.BuildConfig
import com.x8bit.bitwarden.R
+import com.x8bit.bitwarden.data.autofill.util.toPendingIntentMutabilityFlag
import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
import com.x8bit.bitwarden.ui.platform.util.toFormattedPattern
import java.io.File
@@ -42,6 +44,13 @@ private const val TEMP_CAMERA_IMAGE_NAME: String = "temp_camera_image.jpg"
*/
private const val TEMP_CAMERA_IMAGE_DIR: String = "camera_temp"
+/**
+ * Key for the user id included in FIDO 2 provider "create entries".
+ *
+ * @see IntentManager.createFido2CreationPendingIntent
+ */
+private const val EXTRA_KEY_USER_ID: String = "EXTRA_KEY_USER_ID"
+
/**
* The default implementation of the [IntentManager] for simplifying the handling of Android
* Intents within a given context.
@@ -185,6 +194,23 @@ class IntentManagerImpl(
putExtra(Intent.EXTRA_TITLE, fileName)
}
+ override fun createFido2CreationPendingIntent(
+ action: String,
+ userId: String,
+ requestCode: Int,
+ ): PendingIntent {
+ val intent = Intent(action)
+ .setPackage(context.packageName)
+ .putExtra(EXTRA_KEY_USER_ID, userId)
+
+ return PendingIntent.getActivity(
+ /* context = */ context,
+ /* requestCode = */ requestCode,
+ /* intent = */ intent,
+ /* flags = */ PendingIntent.FLAG_UPDATE_CURRENT.toPendingIntentMutabilityFlag(),
+ )
+ }
+
private fun getCameraFileData(): IntentManager.FileData {
val tmpDir = File(context.filesDir, TEMP_CAMERA_IMAGE_DIR)
val file = File(tmpDir, TEMP_CAMERA_IMAGE_NAME)
diff --git a/app/src/standardDebug/res/xml/provider.xml b/app/src/standardDebug/res/xml/provider.xml
new file mode 100644
index 000000000..395d04812
--- /dev/null
+++ b/app/src/standardDebug/res/xml/provider.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
diff --git a/app/src/test/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessorTest.kt b/app/src/test/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessorTest.kt
new file mode 100644
index 000000000..9fcf258e2
--- /dev/null
+++ b/app/src/test/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessorTest.kt
@@ -0,0 +1,240 @@
+package com.x8bit.bitwarden.data.autofill.fido2.processor
+
+import android.app.PendingIntent
+import android.content.Context
+import android.os.Bundle
+import android.os.CancellationSignal
+import android.os.OutcomeReceiver
+import androidx.credentials.exceptions.CreateCredentialException
+import androidx.credentials.exceptions.CreateCredentialUnknownException
+import androidx.credentials.provider.BeginCreateCredentialRequest
+import androidx.credentials.provider.BeginCreateCredentialResponse
+import androidx.credentials.provider.BeginCreatePasswordCredentialRequest
+import androidx.credentials.provider.BeginCreatePublicKeyCredentialRequest
+import com.x8bit.bitwarden.data.auth.repository.AuthRepository
+import com.x8bit.bitwarden.data.auth.repository.model.UserState
+import com.x8bit.bitwarden.data.auth.repository.model.VaultUnlockType
+import com.x8bit.bitwarden.data.platform.base.FakeDispatcherManager
+import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
+import com.x8bit.bitwarden.data.platform.repository.model.Environment
+import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
+import io.mockk.every
+import io.mockk.just
+import io.mockk.mockk
+import io.mockk.runs
+import io.mockk.slot
+import io.mockk.verify
+import kotlinx.coroutines.flow.MutableStateFlow
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.BeforeEach
+import org.junit.jupiter.api.Test
+
+class Fido2ProviderProcessorTest {
+
+ private lateinit var fido2Processor: Fido2ProviderProcessor
+
+ private val context: Context = mockk()
+ private val mutableUserStateFlow = MutableStateFlow(null)
+ private val authRepository: AuthRepository = mockk {
+ every { activeUserId } returns "mockActiveUserId"
+ every { userStateFlow } returns mutableUserStateFlow
+ }
+ private val intentManager: IntentManager = mockk()
+ private val dispatcherManager: DispatcherManager = FakeDispatcherManager()
+ private val cancellationSignal: CancellationSignal = mockk()
+
+ @BeforeEach
+ fun setUp() {
+ fido2Processor = Fido2ProviderProcessorImpl(
+ context,
+ authRepository,
+ intentManager,
+ dispatcherManager,
+ )
+ }
+
+ @Test
+ fun `processCreateCredentialRequest should invoke callback with error when user id is null`() {
+ val request: BeginCreateCredentialRequest = mockk()
+ val callback: OutcomeReceiver =
+ mockk()
+ val captureSlot = slot()
+ every { authRepository.activeUserId } returns null
+ every { cancellationSignal.setOnCancelListener(any()) } just runs
+ every { callback.onError(capture(captureSlot)) } just runs
+
+ fido2Processor.processCreateCredentialRequest(request, cancellationSignal, callback)
+
+ verify(exactly = 1) { callback.onError(any()) }
+
+ verify(exactly = 0) { callback.onResult(any()) }
+
+ assert(captureSlot.captured is CreateCredentialUnknownException)
+ assertEquals("Active user is required.", captureSlot.captured.errorMessage)
+ }
+
+ @Suppress("MaxLineLength")
+ @Test
+ fun `processCreateCredentialRequest should invoke callback with error on password create request`() {
+ val request: BeginCreatePasswordCredentialRequest = mockk()
+ val callback: OutcomeReceiver =
+ mockk()
+ val captureSlot = slot()
+ every { cancellationSignal.setOnCancelListener(any()) } just runs
+ every { callback.onError(capture(captureSlot)) } just runs
+
+ fido2Processor.processCreateCredentialRequest(request, cancellationSignal, callback)
+
+ verify(exactly = 1) { callback.onError(any()) }
+ verify(exactly = 0) { callback.onResult(any()) }
+
+ assert(captureSlot.captured is CreateCredentialUnknownException)
+ }
+
+ @Suppress("MaxLineLength")
+ @Test
+ fun `processCreateCredentialRequest should invoke callback with error when json is null or empty`() {
+ val request: BeginCreatePublicKeyCredentialRequest = mockk()
+ val candidateQueryData: Bundle = mockk()
+ val callback: OutcomeReceiver =
+ mockk()
+ val captureSlot = slot()
+ every { cancellationSignal.setOnCancelListener(any()) } just runs
+ every { request.candidateQueryData } returns candidateQueryData
+ every {
+ candidateQueryData.getString("androidx.credentials.BUNDLE_KEY_REQUEST_JSON")
+ } returns null
+ every { callback.onError(capture(captureSlot)) } just runs
+
+ fido2Processor.processCreateCredentialRequest(request, cancellationSignal, callback)
+
+ verify(exactly = 1) { callback.onError(any()) }
+ verify(exactly = 0) { callback.onResult(any()) }
+
+ assert(captureSlot.captured is CreateCredentialUnknownException)
+ }
+
+ @Test
+ fun `processCreateCredentialRequest should invoke callback with error when user state null`() {
+ val request: BeginCreatePublicKeyCredentialRequest = mockk()
+ val candidateQueryData: Bundle = mockk()
+ val callback: OutcomeReceiver =
+ mockk()
+ val captureSlot = slot()
+ every { cancellationSignal.setOnCancelListener(any()) } just runs
+ every { request.candidateQueryData } returns candidateQueryData
+ every {
+ candidateQueryData.getString("androidx.credentials.BUNDLE_KEY_REQUEST_JSON")
+ } returns "{\"mockJsonRequest\":1}"
+ every { callback.onError(capture(captureSlot)) } just runs
+
+ fido2Processor.processCreateCredentialRequest(request, cancellationSignal, callback)
+
+ verify(exactly = 1) { callback.onError(any()) }
+ verify(exactly = 0) { callback.onResult(any()) }
+
+ assert(captureSlot.captured is CreateCredentialUnknownException)
+ }
+
+ @Suppress("MaxLineLength")
+ @Test
+ fun `processCreateCredentialRequest should invoke callback with result when user state is valid`() {
+ val request: BeginCreatePublicKeyCredentialRequest = mockk()
+ val candidateQueryData: Bundle = mockk()
+ val callback: OutcomeReceiver =
+ mockk()
+ val captureSlot = slot()
+ val mockIntent: PendingIntent = mockk()
+ mutableUserStateFlow.value = DEFAULT_USER_STATE
+ every { context.packageName } returns "com.x8bit.bitwarden"
+ every { context.getString(any(), any()) } returns "mockDescription"
+ every {
+ intentManager.createFido2CreationPendingIntent(
+ any(),
+ any(),
+ any(),
+ )
+ } returns mockIntent
+ every { cancellationSignal.setOnCancelListener(any()) } just runs
+ every { request.candidateQueryData } returns candidateQueryData
+ every {
+ candidateQueryData.getString("androidx.credentials.BUNDLE_KEY_REQUEST_JSON")
+ } returns "{\"mockJsonRequest\":1}"
+ every { callback.onResult(capture(captureSlot)) } just runs
+
+ fido2Processor.processCreateCredentialRequest(request, cancellationSignal, callback)
+
+ verify(exactly = 1) { callback.onResult(any()) }
+ verify(exactly = 0) { callback.onError(any()) }
+
+ assertEquals(DEFAULT_USER_STATE.accounts.size, captureSlot.captured.createEntries.size)
+ val capturedEntry = captureSlot.captured.createEntries[0]
+ assertEquals(DEFAULT_USER_STATE.accounts[0].email, capturedEntry.accountName)
+ }
+
+ @Test
+ fun `processCreateCredentialRequest should generate result entries for each user account`() {
+ val request: BeginCreatePublicKeyCredentialRequest = mockk()
+ val candidateQueryData: Bundle = mockk()
+ val callback: OutcomeReceiver =
+ mockk()
+ mutableUserStateFlow.value = DEFAULT_USER_STATE
+ val captureSlot = slot()
+ val mockIntent: PendingIntent = mockk()
+ every { context.packageName } returns "com.x8bit.bitwarden.dev"
+ every { context.getString(any(), any()) } returns "mockDescription"
+ every { cancellationSignal.setOnCancelListener(any()) } just runs
+ every { request.candidateQueryData } returns candidateQueryData
+ every {
+ candidateQueryData.getString("androidx.credentials.BUNDLE_KEY_REQUEST_JSON")
+ } returns "{\"mockJsonRequest\":1}"
+ every { callback.onResult(capture(captureSlot)) } just runs
+ every {
+ intentManager.createFido2CreationPendingIntent(
+ any(),
+ any(),
+ any(),
+ )
+ } returns mockIntent
+
+ fido2Processor.processCreateCredentialRequest(request, cancellationSignal, callback)
+
+ verify(exactly = 1) { callback.onResult(any()) }
+ verify(exactly = 0) { callback.onError(any()) }
+
+ assertEquals(DEFAULT_USER_STATE.accounts.size, captureSlot.captured.createEntries.size)
+ DEFAULT_USER_STATE.accounts.forEachIndexed { index, mockAccount ->
+ assertEquals(mockAccount.email, captureSlot.captured.createEntries[index].accountName)
+ }
+ }
+}
+
+private val DEFAULT_USER_STATE = UserState(
+ activeUserId = "mockUserId-1",
+ accounts = createMockAccounts(2),
+)
+
+private fun createMockAccounts(number: Int): List {
+ val accounts = mutableListOf()
+ repeat(number) {
+ accounts.add(
+ UserState.Account(
+ userId = "mockUserId-$it",
+ name = null,
+ email = "mockEmail-$it",
+ avatarColorHex = "$it",
+ environment = Environment.Us,
+ isPremium = true,
+ isLoggedIn = true,
+ isVaultUnlocked = true,
+ needsPasswordReset = false,
+ needsMasterPassword = false,
+ trustedDevice = null,
+ organizations = emptyList(),
+ isBiometricsEnabled = false,
+ vaultUnlockType = VaultUnlockType.MASTER_PASSWORD,
+ ),
+ )
+ }
+ return accounts
+}
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index d79e8db64..b069edadc 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -14,6 +14,7 @@ androidxBrowser = "1.8.0"
androidxCamera = "1.3.3"
androidxComposeBom = "2024.05.00"
androidxCore = "1.13.1"
+androidxCredentials = "1.2.2"
androidxHiltNavigationCompose = "1.2.0"
androidxLifecycle = "2.7.0"
androidxNavigation = "2.7.7"
@@ -71,6 +72,8 @@ androidx-compose-ui-test-manifest = { module = "androidx.compose.ui:ui-test-mani
androidx-compose-ui-tooling = { module = "androidx.compose.ui:ui-tooling" }
androidx-compose-ui-tooling-preview = { module = "androidx.compose.ui:ui-tooling-preview" }
androidx-core-ktx = { module = "androidx.core:core-ktx", version.ref = "androidxCore" }
+#noinspection CredentialDependency - Used for Passkey support, which is not available below Android 14
+androidx-credentials = { module = "androidx.credentials:credentials", version.ref = "androidxCredentials" }
androidx-hilt-navigation-compose = { module = "androidx.hilt:hilt-navigation-compose", version.ref = "androidxHiltNavigationCompose" }
androidx-lifecycle-process = { module = "androidx.lifecycle:lifecycle-process", version.ref = "androidxLifecycle" }
androidx-lifecycle-runtime-compose = { module = "androidx.lifecycle:lifecycle-runtime-compose", version.ref = "androidxLifecycle" }