fix: WebAuthn Discoverable Credential (Resident Credential) (#35374)

* fix: WebAuthn Discoverable Credential (Resident Credential) #33353 Enables support for Webauthn discoverable credentials (aka resident credentials). This allows users to authenticate without first having to select or type a username. To decide if discoverable credentials are supported, the class 'AuthenticatorCommon', in the chrome content code, indirectly calls the method 'context::WebAuthenticationDelegate.SupportsResidentKeys(..)'. The default implementation of this returns false, leaving it up to specific implementations to override. This change adds a new class 'ElectronWebAuthenticationDelegate' to subclass 'WebAuthenticationDelegate' and override the behaviour of the 'SupportsResidentKeys' method to return true. The implementation is copied from the Chrome browser equivalent 'ChromeWebAuthenticationDelegate', though the chrome class includes other methods that don't seem to be required for this functionality. The 'ElectronContentClient' class was also updated to store an instance of 'ElectronWebAuthenticationDelegate', and to provide an accessor method, GetWebAuthenticationDelegate(). * Remove redundant, commented-out code * style: comment cleanup * style: updated comments and formatting based on pull request review * style: fix lint error on header guard clause
electron · Sep 20, 2022 · 4935fd2 · 4935fd2
1 parent 99f4a42
commit 4935fd2
Show file tree

Hide file tree

Showing 5 changed files with 57 additions and 0 deletions.
diff --git a/filenames.gni b/filenames.gni
@@ -515,6 +515,8 @@ filenames = {
     "shell/browser/web_view_guest_delegate.h",
     "shell/browser/web_view_manager.cc",
     "shell/browser/web_view_manager.h",
+    "shell/browser/webauthn/electron_authenticator_request_delegate.cc",
+    "shell/browser/webauthn/electron_authenticator_request_delegate.h",
     "shell/browser/window_list.cc",
     "shell/browser/window_list.h",
     "shell/browser/window_list_observer.h",

diff --git a/shell/browser/electron_browser_client.cc b/shell/browser/electron_browser_client.cc
@@ -104,6 +104,7 @@
 #include "shell/browser/ui/devtools_manager_delegate.h"
 #include "shell/browser/web_contents_permission_helper.h"
 #include "shell/browser/web_contents_preferences.h"
+#include "shell/browser/webauthn/electron_authenticator_request_delegate.h"
 #include "shell/browser/window_list.h"
 #include "shell/common/api/api.mojom.h"
 #include "shell/common/application_info.h"
@@ -1857,4 +1858,13 @@ content::HidDelegate* ElectronBrowserClient::GetHidDelegate() {
   return hid_delegate_.get();
 }
 
+content::WebAuthenticationDelegate*
+ElectronBrowserClient::GetWebAuthenticationDelegate() {
+  if (!web_authentication_delegate_) {
+    web_authentication_delegate_ =
+        std::make_unique<ElectronWebAuthenticationDelegate>();
+  }
+  return web_authentication_delegate_.get();
+}
+
 }  // namespace electron
diff --git a/shell/browser/electron_browser_client.h b/shell/browser/electron_browser_client.h
@@ -38,6 +38,7 @@ namespace electron {
 class ElectronBrowserMainParts;
 class NotificationPresenter;
 class PlatformNotificationService;
+class ElectronWebAuthenticationDelegate;
 
 class ElectronBrowserClient : public content::ContentBrowserClient,
                               public content::RenderProcessHostObserver {
@@ -102,6 +103,8 @@ class ElectronBrowserClient : public content::ContentBrowserClient,
 
   content::HidDelegate* GetHidDelegate() override;
 
+  content::WebAuthenticationDelegate* GetWebAuthenticationDelegate() override;
+
   device::GeolocationManager* GetGeolocationManager() override;
 
   content::PlatformNotificationService* GetPlatformNotificationService();
@@ -330,6 +333,8 @@ class ElectronBrowserClient : public content::ContentBrowserClient,
   std::unique_ptr<ElectronSerialDelegate> serial_delegate_;
   std::unique_ptr<ElectronBluetoothDelegate> bluetooth_delegate_;
   std::unique_ptr<ElectronHidDelegate> hid_delegate_;
+  std::unique_ptr<ElectronWebAuthenticationDelegate>
+      web_authentication_delegate_;
 
 #if BUILDFLAG(IS_MAC)
   ElectronBrowserMainParts* browser_main_parts_ = nullptr;

diff --git a/shell/browser/webauthn/electron_authenticator_request_delegate.cc b/shell/browser/webauthn/electron_authenticator_request_delegate.cc
@@ -0,0 +1,17 @@
+// Copyright (c) 2022 GitHub, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#include "shell/browser/webauthn/electron_authenticator_request_delegate.h"
+
+namespace electron {
+
+ElectronWebAuthenticationDelegate::~ElectronWebAuthenticationDelegate() =
+    default;
+
+bool ElectronWebAuthenticationDelegate::SupportsResidentKeys(
+    content::RenderFrameHost* render_frame_host) {
+  return true;
+}
+
+}  // namespace electron
diff --git a/shell/browser/webauthn/electron_authenticator_request_delegate.h b/shell/browser/webauthn/electron_authenticator_request_delegate.h
@@ -0,0 +1,23 @@
+// Copyright (c) 2022 GitHub, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#ifndef ELECTRON_SHELL_BROWSER_WEBAUTHN_ELECTRON_AUTHENTICATOR_REQUEST_DELEGATE_H_
+#define ELECTRON_SHELL_BROWSER_WEBAUTHN_ELECTRON_AUTHENTICATOR_REQUEST_DELEGATE_H_
+
+#include "content/public/browser/authenticator_request_client_delegate.h"
+
+namespace electron {
+
+// Modified from chrome/browser/webauthn/chrome_authenticator_request_delegate.h
+class ElectronWebAuthenticationDelegate
+    : public content::WebAuthenticationDelegate {
+ public:
+  ~ElectronWebAuthenticationDelegate() override;
+
+  bool SupportsResidentKeys(
+      content::RenderFrameHost* render_frame_host) override;
+};
+
+}  // namespace electron
+#endif  // ELECTRON_SHELL_BROWSER_WEBAUTHN_ELECTRON_AUTHENTICATOR_REQUEST_DELEGATE_H_