summaryrefslogtreecommitdiffstats
path: root/toolkit/components/satchel/integrations/WebAuthnFeature.sys.mjs
blob: b5805d5a93130224b8b31833676611d6e98f96e0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

import {
  LoginHelper,
  ParentAutocompleteOption,
} from "resource://gre/modules/LoginHelper.sys.mjs";

import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";

const lazy = {};

XPCOMUtils.defineLazyServiceGetter(
  lazy,
  "webauthnService",
  "@mozilla.org/webauthn/service;1",
  "nsIWebAuthnService"
);

ChromeUtils.defineLazyGetter(
  lazy,
  "strings",
  () => new Localization(["browser/webauthnDialog.ftl"])
);
ChromeUtils.defineLazyGetter(lazy, "log", () =>
  LoginHelper.createLogger("WebAuthnFeature")
);

if (Services.appinfo.processType !== Services.appinfo.PROCESS_TYPE_DEFAULT) {
  throw new Error(
    "PasskeySupport.sys.mjs should only run in the parent process"
  );
}

class WebAuthnSupport {
  async *#getAutocompleteItemsAsync(browsingContextId, formOrigin) {
    let transactionId = lazy.webauthnService.hasPendingConditionalGet(
      browsingContextId,
      formOrigin
    );
    if (transactionId == 0) {
      // No pending transaction
      return;
    }
    let credentials = lazy.webauthnService.getAutoFillEntries(transactionId);

    let labels = credentials.map(x => ({
      id: "webauthn-specific-passkey-label",
      args: { domain: x.rpId },
    }));
    if (!credentials.length) {
      labels.push({ id: "webauthn-a-passkey-label" });
    } else {
      labels.push({ id: "webauthn-another-passkey-label" });
    }
    const formattedLabels = await lazy.strings.formatValues(labels);
    for (let i = 0; i < credentials.length; i++) {
      yield new ParentAutocompleteOption(
        "chrome://browser/content/logos/passkey.svg",
        credentials[i].userName,
        formattedLabels[i],
        "PasswordManager:promptForAuthenticator",
        {
          selection: {
            transactionId,
            credentialId: credentials[i].credentialId,
          },
        }
      );
    }
    // `getAutoFillEntries` may not return all of the credentials on the device
    // (in particular it will not include credentials with a protection policy
    // that forbids silent discovery), so we include a catch-all entry in the
    // list. If the user selects this entry, the WebAuthn transaction will
    // proceed using the modal UI.
    yield new ParentAutocompleteOption(
      "chrome://browser/content/logos/passkey.svg",
      formattedLabels[formattedLabels.length - 1],
      "",
      "PasswordManager:promptForAuthenticator",
      {
        selection: {
          transactionId,
        },
      }
    );
  }

  /**
   *
   * @param {int} browsingContextId the browsing context ID associated with this request
   * @param {string} formOrigin
   * @param {string} scenarioName can be "SignUpFormScenario" or undefined
   * @param {string} isWebAuthn indicates whether "webauthn" was included in the input's autocomplete value
   * @returns {ParentAutocompleteOption} the optional WebAuthn autocomplete item
   */
  async autocompleteItemsAsync(
    browsingContextId,
    formOrigin,
    scenarioName,
    isWebAuthn
  ) {
    const result = [];
    if (scenarioName !== "SignUpFormScenario" || isWebAuthn) {
      for await (const item of this.#getAutocompleteItemsAsync(
        browsingContextId,
        formOrigin
      )) {
        result.push(item);
      }
    }
    return result;
  }

  async promptForAuthenticator(browser, selection) {
    lazy.log.info("Prompting to authenticate with relying party.");
    if (selection.credentialId) {
      lazy.webauthnService.selectAutoFillEntry(
        selection.transactionId,
        selection.credentialId
      );
    } else {
      lazy.webauthnService.resumeConditionalGet(selection.transactionId);
    }
  }
}

export const WebAuthnFeature = new WebAuthnSupport();