PM- 2059 Update Two factor webauthn dialog

[KiruthigaManivannan]

Type of change

- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [x] Other

Objective

Update Two factor webauthn dialog component to use the component library

Code changes

• two-factor-webauthn.component.html: Converted modal to dialog compoenents
• two-factor-webauthn.component.ts: Added dialog open method. Data passed to dialog is typed.
• two-factor-setup.component.ts: Added Web authn dialog logic and passing the result of two factor verify dialog in the switch statement of mange method call.

Screenshots

Two-step.login._Webauth_.Bitwarden.Web.vault.-.Google.Chrome.2024-05-02.13-42-28.mp4

[KiruthigaManivannan]

@rr-bw When I click the read key button , it is not opening the windows authentication using PIN like in QA vault. That may be due to that im running using local host. Because I get the following err ..

This error is due to the rp value in publicKeyCredentials passed to navigator. So I think this will work in qa vault

[codecov]

Codecov Report

Attention: Patch coverage is 13.04348% with 20 lines in your changes missing coverage. Please review.

Project coverage is 28.16%. Comparing base (419c107) to head (44f1e65).

Files	Patch %	Lines
...app/auth/settings/two-factor-webauthn.component.ts	14.28%	17 Missing and 1 partial ⚠️
...rc/app/auth/settings/two-factor-setup.component.ts	0.00%	2 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #9009   +/-   ##
=======================================
  Coverage   28.15%   28.16%           
=======================================
  Files        2432     2432           
  Lines       71563    71575   +12     
  Branches    13372    13373    +1     
=======================================
+ Hits        20146    20156   +10     
- Misses      49830    49831    +1     
- Partials     1587     1588    +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Checkmarx One – Scan Summary & Details – e81efbab-5923-4ec0-9995-5b81842e692d

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	Client_Privacy_Violation	/apps/browser/src/background/main.background.ts: [1073](https://github.com/bitwarden/clients/blob/PM-2059-update-two-factor-webauthn-dialog//apps/browser/src/background/main.background.ts# L1073)	Attack Vector

[rr-bw]

When I click "Save" I get the following error, are you able to track this down? Everything works fine on main. Let me know if you need help debugging.

[KiruthigaManivannan]

When I click "Save" I get the following error, are you able to track this down? Everything works fine on main. Let me know if you need help debugging.

@rr-bw Actually the issue is when we give name in the name input field , it should read key. Since we already have issue in reading key in local host , webAuthnResponse is null. And actual workflow is if webAuthnResponse is null Save button should be disabled. It should not be enabled and user is unable to click. But here even if the webAuthnResponse is null save is getting enabled. Yes please help me in debugging.

[KiruthigaManivannan]

When I click "Save" I get the following error, are you able to track this down? Everything works fine on main. Let me know if you need help debugging.

@rr-bw Actually the issue is when we give name in the name input field , it should read key. Since we already have issue in reading key in local host , webAuthnResponse is null. And actual workflow is if webAuthnResponse is null Save button should be disabled. It should not be enabled and user is unable to click. But here even if the webAuthnResponse is null save is getting enabled. Yes please help me in debugging.

@rr-bw Please advise on the above

[rr-bw]

It won't let me comment on the specific line, but line 39 of the html file needs updated to tw-text-muted.

[rr-bw]

Do will still need name? Where do we access this property?

[KiruthigaManivannan]

@rr-bw Yes this is used in setup component , to immediately send enabled status to set up component , the enabled tick mark should appear before we close the dialog . so we are using this event emitter.

[rr-bw]

I think tw-flex-row is unnecessary because it is the default.

[rr-bw]

When I click "Save" I get the following error, are you able to track this down? Everything works fine on main. Let me know if you need help debugging.

@rr-bw Actually the issue is when we give name in the name input field , it should read key. Since we already have issue in reading key in local host , webAuthnResponse is null. And actual workflow is if webAuthnResponse is null Save button should be disabled. It should not be enabled and user is unable to click. But here even if the webAuthnResponse is null save is getting enabled. Yes please help me in debugging.

@jlf0dev or @JaredSnider-Bitwarden Would either of you have capacity to help in debugging this? I can't seem to track down the issue. The "save" button is somehow getting enabled when you simply start typing in the name field. It's supposed to remain disabled as long as webAuthnResponse is null. It's almost like form status changes are overriding our [disabled]="!webAuthnResponse" on the "save" button. One odd thing I noticed is that if I remove bitFormButton from the "save" button, it will in fact remain disabled until you Read Key. (But we still then have the problem where clicking "save" gives an error).

[rr-bw]

@KiruthigaManivannan Reading the key should now work, and the "save" button will also remain disabled until the appropriate time. Could you now fix the remaining issues when clicking "deactivate all keys". The dialog should close, a toast should appear, and the green check mark next to "FIDO2 WebAuthn" should get removed. Here is a video of the correct deactivate flow on main:

deactivate.mov

[KiruthigaManivannan]

@KiruthigaManivannan Reading the key should now work, and the "save" button will also remain disabled until the appropriate time. Could you now fix the remaining issues when clicking "deactivate all keys". The dialog should close, a toast should appear, and the green check mark next to "FIDO2 WebAuthn" should get removed. Here is a video of the correct deactivate flow on main:

deactivate.mov

@willmartian As you said , save button is working as expected now. But clicking on read key button does not do anything.

This occurs not only in this branch , but also in main while running in localhost