Merge branch 'main' into multiple_devices

Author: iinuwa

.github/workflows/main.yml

@@ -18,10 +18,26 @@ jobs:
       - name: Install system dependencies
         run: |
           sudo apt install -y --no-install-recommends \
-            curl git build-essential meson \
+            curl git build-essential \
             libgtk-4-dev gettext libdbus-1-dev libssl-dev libudev-dev \
-            libxml2-utils desktop-file-utils
+            libxml2-utils desktop-file-utils \
+            python3-pip ninja-build
+      - name: Install Meson
+        run: |
+          # Newer version needed for --interactive flag needed below
+          python3 -m pip install --user -v 'meson==1.5.0'
       - name: Setup meson project
         run: meson setup build
       - name: Build
         run: ninja -C build
+      - name: Test
+        # We have to use the --interactive flag because of some
+        # weird issue with meson hanging after cargo exits due to the TestDBus.
+        # Probably has to do with forking the test processes.
+        run: meson test --interactive
+        working-directory: build/
+      - name: Check clippy recommendations
+        run: env CARGO_HOME=build/cargo-home cargo clippy --manifest-path xyz-iinuwa-credential-manager-portal-gtk/Cargo.toml --target-dir build/xyz-iinuwa-credential-manager-portal-gtk/src
+      - name: Check formatting
+        run: cargo fmt --check
+        working-directory: xyz-iinuwa-credential-manager-portal-gtk

contrib/xyz.iinuwa.credentials.CredentialManager.xml

@@ -16,6 +16,9 @@
       <arg name="request" type="a{sv}" direction="in"/>
       <arg type="a{sv}" direction="out"/>
     </method>
+    <method name="GetClientCapabilities">
+      <arg type="a{sv}" direction="out"/>
+    </method>
   </interface>
   <interface name="org.freedesktop.DBus.Peer">
     <method name="Ping">

demo_client/main.py

@@ -52,7 +52,7 @@ async def run(cmd):
     elif cmd == 'get':
         user_data = json.load(open('./user.json', 'r'))
         cred_id = util.b64_decode(user_data['cred_id'])
-        auth_data = await get_passkey(interface, origin, is_same_origin, rp_id, cred_id, user_data)
+        auth_data = await get_passkey(interface, origin, top_origin, rp_id, cred_id, user_data)
         print(auth_data)
     else:
         print(f"unknown cmd: {cmd}")
@@ -140,7 +140,8 @@ async def create_passkey(interface, origin, top_origin, rp_id, user_handle, user
     return webauthn.verify_create_response(response_json, options, origin)
 
 
-async def get_passkey(interface, origin, is_same_origin, rp_id, cred_id, user: Optional[dict]):
+async def get_passkey(interface, origin, top_origin, rp_id, cred_id, user: Optional[dict]):
+    is_same_origin = origin == top_origin
     options = {
         "challenge": util.b64_encode(secrets.token_bytes(16)),
         "rpId": rp_id,

meson.build

@@ -2,7 +2,7 @@ project(
   'xyz-iinuwa-credential-manager-portal-gtk',
   'rust',
   version: '0.1.0',
-  meson_version: '>= 0.60',
+  meson_version: '>= 1.5.0',
   # license: 'MIT',
 )
 

webext/add-on/background.js

@@ -36,12 +36,16 @@ function rcvFromContent(msg) {
   // const isCrossOrigin = origin === topOrigin
   // const isTopLevel = contentPort.sender.frameId === 0;
 
-
-  const serializedOptions = serializeRequest(options)
-
-  console.debug(options.publicKey.challenge)
-  console.debug("background script received options, passing onto native app")
-  nativePort.postMessage({ requestId, cmd, options: serializedOptions, origin, topOrigin })
+  if (options) {
+    const serializedOptions = serializeRequest(options)
+
+    console.debug(options.publicKey.challenge)
+    console.debug("background script received options, passing onto native app")
+    nativePort.postMessage({ requestId, cmd, options: serializedOptions, origin, topOrigin })
+  } else {
+    console.debug("background script received message without arguments, passing onto native app")
+    nativePort.postMessage({ requestId, cmd, origin, topOrigin })
+  }
 }
 
 function rcvFromNative(msg) {

webext/add-on/content.js

@@ -14,6 +14,11 @@ exportFunction(createCredential, navigator.credentials, { defineAs: "create"})
 exportFunction(getCredential, navigator.credentials, { defineAs: "get"})
 
 
+if (window.PublicKeyCredential) {
+  console.log("overriding PublicKeyCredential.getClientCapabilities() in content script");
+  exportFunction(getClientCapabilities, PublicKeyCredential, { defineAs: "getClientCapabilities"})
+}
+
 function startRequest() {
     const requestId = requestCounter++;
     const {promise, resolve, reject } = window.Promise.withResolvers();
@@ -182,3 +187,10 @@ function getCredential(request) {
     webauthnPort.postMessage({ requestId, cmd: 'get', options, })
     return promise.then(cloneCredentialResponse)
 };
+
+function getClientCapabilities() {
+    console.log("forwarding getClientCapabilities call from content script to background script")
+    const { requestId, promise } = startRequest();
+    webauthnPort.postMessage({ requestId, cmd: 'getClientCapabilities', })
+    return promise.then((capabilities) => cloneInto(capabilities, window))
+};

webext/app/credential_manager_shim.py

@@ -343,7 +343,7 @@ async def run(cmd, options, origin, top_origin):
 
     interface = proxy_object.get_interface(
         'xyz.iinuwa.credentials.CredentialManagerUi1')
-    logging.debug(f"COnnected to interface at {interface.path}")
+    logging.debug(f"Connected to interface at {interface.path}")
 
     if cmd == 'create':
         if 'publicKey' in options:
@@ -355,6 +355,12 @@ async def run(cmd, options, origin, top_origin):
             return await get_passkey(interface, options['publicKey'], origin, top_origin)
         else:
             raise Exception(f"Could not get unknown credential type: {options.keys()[0]}")
+    elif cmd == 'getClientCapabilities':
+        rsp = await interface.call_get_client_capabilities()
+        response = {}
+        for name, val in rsp.items():
+            response[name] = val.value
+        return response
     else:
         raise Exception(f"unknown cmd: {cmd}")
 
@@ -366,7 +372,10 @@ async def run(cmd, options, origin, top_origin):
     request_id = receivedMessage['requestId']
     try:
         cmd = receivedMessage['cmd']
-        options = receivedMessage['options']
+
+        options = None
+        if 'options' in receivedMessage:
+            options = receivedMessage['options']
         origin = receivedMessage['origin']
         top_origin = receivedMessage['topOrigin']
         loop = asyncio.get_event_loop()

xyz-iinuwa-credential-manager-portal-gtk/.gitignore

@@ -1 +1,2 @@
 src/config.rs
+tests/config/mod.rs

xyz-iinuwa-credential-manager-portal-gtk/meson.build

@@ -65,6 +65,7 @@ endif
 subdir('data')
 subdir('po')
 subdir('src')
+subdir('tests')
 
 gnome.post_install(
   gtk_update_icon_cache: true,

xyz-iinuwa-credential-manager-portal-gtk/src/application.rs

@@ -57,11 +57,13 @@ mod imp {
             vm2.clone().connect_completed_notify(move |vm| {
                 if vm.completed() {
                     glib::spawn_future_local(clone!(
-                        #[weak] window2,
+                        #[weak]
+                        window2,
                         async move {
                             // Wait to show confirmation before closing.
                             async_std::task::sleep(Duration::from_millis(500)).await;
-                            gtk::prelude::WidgetExt::activate_action(&window2, "window.close", None).unwrap()
+                            gtk::prelude::WidgetExt::activate_action(&window2, "window.close", None)
+                                .unwrap()
                         }
                     ));
                 }