fix: WebAuthn Discoverable Credential (Resident Credential) electron#…

…33353 Enables support for Webauthn discoverable credentials (aka resident credentials). This allows users to authenticate without first having to select or type a username. To decide if discoverable credentials are supported, the class 'AuthenticatorCommon', in the chrome content code, indirectly calls the method 'context::WebAuthenticationDelegate.SupportsResidentKeys(..)'. The default implementation of this returns false, leaving it up to specific implementations to override. This change adds a new class 'ElectronWebAuthenticationDelegate' to subclass 'WebAuthenticationDelegate' and override the behaviour of the 'SupportsResidentKeys' method to return true. The implementation is copied from the Chrome browser equivalent 'ChromeWebAuthenticationDelegate', though the chrome class includes other methods that don't seem to be required for this functionality. The 'ElectronContentClient' class was also updated to store an instance of 'ElectronWebAuthenticationDelegate', and to provide an accessor method, GetWebAuthenticationDelegate().
matthewloft · Aug 15, 2022 · e62adbd · e62adbd
1 parent a8934d2
commit e62adbd
Show file tree

Hide file tree

Showing 5 changed files with 104 additions and 0 deletions.
diff --git a/filenames.gni b/filenames.gni
@@ -519,6 +519,8 @@ filenames = {
     "shell/browser/web_view_guest_delegate.h",
     "shell/browser/web_view_manager.cc",
     "shell/browser/web_view_manager.h",
+    "shell/browser/webauthn/electron_authenticator_request_delegate.cc",
+    "shell/browser/webauthn/electron_authenticator_request_delegate.h",
     "shell/browser/window_list.cc",
     "shell/browser/window_list.h",
     "shell/browser/window_list_observer.h",

diff --git a/shell/browser/electron_browser_client.cc b/shell/browser/electron_browser_client.cc
@@ -103,6 +103,7 @@
 #include "shell/browser/ui/devtools_manager_delegate.h"
 #include "shell/browser/web_contents_permission_helper.h"
 #include "shell/browser/web_contents_preferences.h"
+#include "shell/browser/webauthn/electron_authenticator_request_delegate.h"
 #include "shell/browser/window_list.h"
 #include "shell/common/api/api.mojom.h"
 #include "shell/common/application_info.h"
@@ -1841,4 +1842,13 @@ content::HidDelegate* ElectronBrowserClient::GetHidDelegate() {
   return hid_delegate_.get();
 }
 
+content::WebAuthenticationDelegate*
+ElectronBrowserClient::GetWebAuthenticationDelegate() {
+  if (!web_authentication_delegate_) {
+    web_authentication_delegate_ =
+        std::make_unique<ElectronWebAuthenticationDelegate>();
+  }
+  return web_authentication_delegate_.get();
+}
+
 }  // namespace electron
diff --git a/shell/browser/electron_browser_client.h b/shell/browser/electron_browser_client.h
@@ -38,6 +38,7 @@ namespace electron {
 class ElectronBrowserMainParts;
 class NotificationPresenter;
 class PlatformNotificationService;
+class ElectronWebAuthenticationDelegate;
 
 class ElectronBrowserClient : public content::ContentBrowserClient,
                               public content::RenderProcessHostObserver {
@@ -102,6 +103,8 @@ class ElectronBrowserClient : public content::ContentBrowserClient,
 
   content::HidDelegate* GetHidDelegate() override;
 
+  content::WebAuthenticationDelegate* GetWebAuthenticationDelegate() override;
+
   device::GeolocationManager* GetGeolocationManager() override;
 
   content::PlatformNotificationService* GetPlatformNotificationService();
@@ -330,6 +333,8 @@ class ElectronBrowserClient : public content::ContentBrowserClient,
   std::unique_ptr<ElectronSerialDelegate> serial_delegate_;
   std::unique_ptr<ElectronBluetoothDelegate> bluetooth_delegate_;
   std::unique_ptr<ElectronHidDelegate> hid_delegate_;
+  std::unique_ptr<ElectronWebAuthenticationDelegate>
+      web_authentication_delegate_;
 
 #if BUILDFLAG(IS_MAC)
   ElectronBrowserMainParts* browser_main_parts_ = nullptr;

diff --git a/shell/browser/webauthn/electron_authenticator_request_delegate.cc b/shell/browser/webauthn/electron_authenticator_request_delegate.cc
@@ -0,0 +1,23 @@
+// Copyright 2018 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "shell/browser/webauthn/electron_authenticator_request_delegate.h"
+
+namespace electron {
+// ---------------------------------------------------------------------
+// ElectronWebAuthenticationDelegate
+// ---------------------------------------------------------------------
+
+ElectronWebAuthenticationDelegate::~ElectronWebAuthenticationDelegate() =
+    default;
+
+#if !BUILDFLAG(IS_ANDROID)
+bool ElectronWebAuthenticationDelegate::SupportsResidentKeys(
+    content::RenderFrameHost* render_frame_host) {
+  return true;
+}
+
+#endif  // !IS_ANDROID
+
+}  // namespace electron
diff --git a/shell/browser/webauthn/electron_authenticator_request_delegate.h b/shell/browser/webauthn/electron_authenticator_request_delegate.h
@@ -0,0 +1,64 @@
+// Copyright 2018 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef ELECTRON_BROWSER_WEBAUTHN_CHROME_AUTHENTICATOR_REQUEST_DELEGATE_H_
+#define ELECTRON_BROWSER_WEBAUTHN_CHROME_AUTHENTICATOR_REQUEST_DELEGATE_H_
+
+#include "content/public/browser/authenticator_request_client_delegate.h"
+
+namespace electron {
+// ElectronWebAuthenticationDelegate is the //Electron layer implementation of
+// content::WebAuthenticationDelegate.
+class ElectronWebAuthenticationDelegate
+    : public content::WebAuthenticationDelegate {
+ public:
+#if BUILDFLAG(IS_MAC)
+  // Returns a configuration struct for instantiating the macOS WebAuthn
+  // platform authenticator for the given Profile.
+  static TouchIdAuthenticatorConfig TouchIdAuthenticatorConfigForProfile(
+      Profile* profile);
+#endif  // BUILDFLAG(IS_MAC)
+
+  ~ElectronWebAuthenticationDelegate() override;
+
+#if !BUILDFLAG(IS_ANDROID)
+  // content::WebAuthenticationDelegate:
+  // bool OverrideCallerOriginAndRelyingPartyIdValidation(
+  //    content::BrowserContext* browser_context,
+  //    const url::Origin& caller_origin,
+  //    const std::string& relying_party_id) override;
+  // bool OriginMayUseRemoteDesktopClientOverride(
+  //    content::BrowserContext* browser_context,
+  //    const url::Origin& caller_origin) override;
+  // absl::optional<std::string> MaybeGetRelyingPartyIdOverride(
+  //    const std::string& claimed_relying_party_id,
+  //    const url::Origin& caller_origin) override;
+  // bool ShouldPermitIndividualAttestation(
+  //    content::BrowserContext* browser_context,
+  //    const url::Origin& caller_origin,
+  //    const std::string& relying_party_id) override;
+  bool SupportsResidentKeys(
+      content::RenderFrameHost* render_frame_host) override;
+  // bool IsFocused(content::WebContents* web_contents) override;
+  // absl::optional<bool> IsUserVerifyingPlatformAuthenticatorAvailableOverride(
+  //     content::RenderFrameHost* render_frame_host) override;
+  // content::WebAuthenticationRequestProxy* MaybeGetRequestProxy(
+  //     content::BrowserContext* browser_context) override;
+#endif
+  // #if BUILDFLAG(IS_WIN)
+  //   void OperationSucceeded(content::BrowserContext* browser_context,
+  //                           bool used_win_api) override;
+  // #endif
+  // #if BUILDFLAG(IS_MAC)
+  //   absl::optional<TouchIdAuthenticatorConfig> GetTouchIdAuthenticatorConfig(
+  //       content::BrowserContext* browser_context) override;
+  // #endif  // BUILDFLAG(IS_MAC)
+  // #if BUILDFLAG(IS_CHROMEOS)
+  //   ChromeOSGenerateRequestIdCallback GetGenerateRequestIdCallback(
+  //       content::RenderFrameHost* render_frame_host) override;
+  // #endif  // BUILDFLAG(IS_CHROMEOS)
+};
+
+}  // namespace electron
+#endif