Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: WebAuthn Discoverable Credential (Resident Credential) #35374

Merged
merged 12 commits into from Sep 20, 2022
Merged

fix: WebAuthn Discoverable Credential (Resident Credential) #35374

merged 12 commits into from Sep 20, 2022

Conversation

matthewloft
Copy link
Contributor

@matthewloft matthewloft commented Aug 18, 2022
edited by codebytere

Description of Change

Enables support for Webauthn discoverable credentials (aka resident
credentials). This allows users to authenticate without first having to
select or type a username.

To decide if discoverable credentials are supported, the class
'AuthenticatorCommon', in the chrome content code, indirectly calls the
method 'context::WebAuthenticationDelegate.SupportsResidentKeys(..)'.
The default implementation of this returns false, leaving it up to
specific implementations to override.

This change adds a new class 'ElectronWebAuthenticationDelegate' to
subclass 'WebAuthenticationDelegate' and override the behaviour of the
'SupportsResidentKeys' method to return true.
The implementation is copied from the Chrome browser equivalent
'ChromeWebAuthenticationDelegate', though the chrome class includes
other methods that don't seem to be required for this functionality.

The 'ElectronContentClient' class was also updated to store an instance
of 'ElectronWebAuthenticationDelegate', and to provide an accessor
method, GetWebAuthenticationDelegate().

Checklist

Release Notes

Notes: Added support for Webauthn discoverable keys (aka resident keys), allowing users to authenticate without first having to select or type a username.

@matthewloft
fix: WebAuthn Discoverable Credential (Resident Credential) electron#…
e62adbd 
…33353

Enables support for Webauthn discoverable credentials (aka resident
credentials). This allows users to authenticate without first having to
select or type a username.

To decide if discoverable credentials are supported, the class
'AuthenticatorCommon', in the chrome content code, indirectly calls the
method 'context::WebAuthenticationDelegate.SupportsResidentKeys(..)'.
The default implementation of this returns false, leaving it up to
specific implementations to override.

This change adds a new class 'ElectronWebAuthenticationDelegate' to
subclass 'WebAuthenticationDelegate' and override the behaviour of the
'SupportsResidentKeys' method to return true.
The implementation is copied from the Chrome browser equivalent
'ChromeWebAuthenticationDelegate', though the chrome class includes
other methods that don't seem to be required for this functionality.

The 'ElectronContentClient' class was also updated to store an instance
of 'ElectronWebAuthenticationDelegate', and to provide an accessor
method, GetWebAuthenticationDelegate().
@matthewloft
Remove redundant, commented-out code
cde3049
@matthewloft
style: comment cleanup
c009f7f
@matthewloft
Merge branch 'electron:main' into defect-33353-Webauthn-discoverable-…
ae82279 
…credential
@matthewloft
Merge branch 'electron:main' into defect-33353-Webauthn-discoverable-…
c6ee135 
…credential
@matthewloft
Merge branch 'electron:main' into defect-33353-Webauthn-discoverable-…
05fd98a 
…credential
@welcome
Copy link

welcome bot commented Aug 18, 2022

💖 Thanks for opening this pull request! 💖

We use semantic commit messages to streamline the release process. Before your pull request can be merged, you should update your pull request title to start with a semantic prefix.

Examples of commit messages with semantic prefixes:

  • fix: don't overwrite prevent_default if default wasn't prevented
  • feat: add app.isPackaged() method
  • docs: app.isDefaultProtocolClient is now available on Linux

Things that will help get your PR across the finish line:

  • Follow the JavaScript, C++, and Python coding style.
  • Run npm run lint locally to catch formatting errors earlier.
  • Document any user-facing changes you've made following the documentation styleguide.
  • Include tests when adding/changing behavior.
  • Include screenshots and animated GIFs whenever possible.

We get a lot of pull requests on this repo, so please be patient and we will get back to you as soon as we can.

@electron-cation electron-cation bot added the new-pr 🌱 PR opened in the last 24 hours label Aug 18, 2022
@matthewloft matthewloft mentioned this pull request Aug 18, 2022
Closed
3 tasks
codebytere
codebytere requested changes Aug 22, 2022
View reviewed changes
Copy link
Member

@codebytere codebytere left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few small changes, but overall looks good! I think we should look towards adding WebAuthn specs (Node.js does it so I know it's doable) but i recognize that might be a lot of work for the scope of this PR so once comments are addressed i'm happy to move forward w/ this!

shell/browser/webauthn/electron_authenticator_request_delegate.cc Outdated Show resolved Hide resolved
shell/browser/webauthn/electron_authenticator_request_delegate.cc Outdated Show resolved Hide resolved
shell/browser/webauthn/electron_authenticator_request_delegate.h Outdated Show resolved Hide resolved
shell/browser/webauthn/electron_authenticator_request_delegate.h Outdated Show resolved Hide resolved
Vana12330 referenced this pull request Aug 22, 2022
@itsananderson
docs: update Quick Start Guide for Electron 12 (#28223)
b6ff12e 
* docs: Update Quick Start Guide for Electron 12

With `contextIsolation` enabled by default in Electron 12, the Getting Started Guide no longer works as it is written. In order for the basic example to display values from `process.versions`, we need to add a `preload.js` to the example.

* fix: annotate preload code block with a language

* docs: update quick-start Fiddle example to use preload to provide version info

* fix: ensure example files end in a newline

* docs: add security warning to instructions for turning off contextIsolation

Co-authored-by: John Kleinschmidt <jkleinsc@github.com>

* docs: treat preload as an adjective instead of a noun

Co-authored-by: John Kleinschmidt <jkleinsc@github.com>

Co-authored-by: John Kleinschmidt <jkleinsc@github.com>
@matthewloft
Copy link
Contributor Author

Thanks for the review, and appreciate your comments.

I hadn't added tests as I wasn't sure of the best approach.
The Chrome browser has some C++ unit tests I didn't see the equivalent in Electron.
This change is intended to support physical security keys (I tested with a Yubikey on Windows). The original base class method WebAuthenticationDelegate::SupportsResidentKeys() seems to already return true for virtual authenticators that might be present in an automated test, so could obscure the results of this change.

@codebytere codebytere changed the title fix: WebAuthn Discoverable Credential (Resident Credential) #33353 fix: WebAuthn Discoverable Credential (Resident Credential) Aug 24, 2022
codebytere
codebytere approved these changes Aug 24, 2022
View reviewed changes
Copy link
Member

@codebytere codebytere left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm 🥳

Just fix these two lint issues:

shell/browser/webauthn/electron_authenticator_request_delegate.h:5:  (cpplint) #ifndef header guard has wrong style, please use: ELECTRON_SHELL_BROWSER_WEBAUTHN_ELECTRON_AUTHENTICATOR_REQUEST_DELEGATE_H_  [build/header_guard] [5]
shell/browser/webauthn/electron_authenticator_request_delegate.h:23:  (cpplint) #endif line should be "#endif  // ELECTRON_SHELL_BROWSER_WEBAUTHN_ELECTRON_AUTHENTICATOR_REQUEST_DELEGATE_H_"  [build/header_guard] [5]
Total errors found: 2

@codebytere codebytere added the semver/patch backwards-compatible bug fixes label Aug 24, 2022
@electron-cation electron-cation bot removed the new-pr 🌱 PR opened in the last 24 hours label Aug 24, 2022
@matthewloft
Copy link
Contributor Author

Thanks for the approval, have made the lint changes.

@matthewloft matthewloft mentioned this pull request Sep 2, 2022
Closed
3 tasks
@matthewloft
Copy link
Contributor Author

Hi @codebytere ,
What is required to add backport labels?
I can't see how to add them, and it looks like they are needed to complete the checks.
Thanks!

@MarshallOfSound MarshallOfSound merged commit 4935fd2 into electron:main Sep 20, 2022
@welcome
Copy link

welcome bot commented Sep 20, 2022

Congrats on merging your first pull request! 🎉🎉🎉

@release-clerk
Copy link

release-clerk bot commented Sep 20, 2022

Release Notes Persisted

Added support for Webauthn discoverable keys (aka resident keys), allowing users to authenticate without first having to select or type a username.

@matthewloft matthewloft deleted the defect-33353-Webauthn-discoverable-credential branch September 20, 2022 22:58
@commit-lint commit-lint bot mentioned this pull request Jan 16, 2023
Open
khalwa pushed a commit to solarwindscloud/electron that referenced this pull request Feb 22, 2023
@matthewloft @khalwa
fix: WebAuthn Discoverable Credential (Resident Credential) (electron…
de96d3b 
…#35374)

* fix: WebAuthn Discoverable Credential (Resident Credential) electron#33353

Enables support for Webauthn discoverable credentials (aka resident
credentials). This allows users to authenticate without first having to
select or type a username.

To decide if discoverable credentials are supported, the class
'AuthenticatorCommon', in the chrome content code, indirectly calls the
method 'context::WebAuthenticationDelegate.SupportsResidentKeys(..)'.
The default implementation of this returns false, leaving it up to
specific implementations to override.

This change adds a new class 'ElectronWebAuthenticationDelegate' to
subclass 'WebAuthenticationDelegate' and override the behaviour of the
'SupportsResidentKeys' method to return true.
The implementation is copied from the Chrome browser equivalent
'ChromeWebAuthenticationDelegate', though the chrome class includes
other methods that don't seem to be required for this functionality.

The 'ElectronContentClient' class was also updated to store an instance
of 'ElectronWebAuthenticationDelegate', and to provide an accessor
method, GetWebAuthenticationDelegate().

* Remove redundant, commented-out code

* style: comment cleanup

* style: updated comments and formatting based on pull request review

* style: fix lint error on header guard clause
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codebytere codebytere codebytere approved these changes

@MarshallOfSound MarshallOfSound MarshallOfSound approved these changes

Assignees
No one assigned
Labels
no-backport semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@matthewloft @codebytere @MarshallOfSound @erickzhao