[PM-4167] Add PRF attestation flow during passkey registration (#3339)

* [PM-4167] feat: add support for `SupportsPrf` * [PM-4167] feat: add `prfStatus` property * [PM-4167] feat: add support for storing PRF keys * [PM-4167] fix: allow credentials to be created without encryption support * [PM-4167] fix: broken test * [PM-4167] chore: remove whitespace * [PM-4167] fix: controller test * [PM-4167] chore: improve readability of `GetPrfStatus` * [PM-4167] fix: make prf optional * [PM-4167] fix: commit missing controller change * [PM-4167] fix: tests
2025-07-13 05:38:25 -05:00 · 2023-11-07 16:59:51 +01:00
parent 8256b58e00
commit e401fc0983
9 changed files with 58 additions and 10 deletions
--- a/src/Api/Auth/Controllers/WebAuthnController.cs
+++ b/src/Api/Auth/Controllers/WebAuthnController.cs
@ -75,7 +75,7 @@ public class WebAuthnController : Controller
            throw new BadRequestException("The token associated with your request is expired. A valid token is required to continue.");
        }

-        var success = await _userService.CompleteWebAuthLoginRegistrationAsync(user, model.Name, tokenable.Options, model.DeviceResponse);
+        var success = await _userService.CompleteWebAuthLoginRegistrationAsync(user, model.Name, tokenable.Options, model.DeviceResponse, model.SupportsPrf, model.EncryptedUserKey, model.EncryptedPublicKey, model.EncryptedPrivateKey);
        if (!success)
        {
            throw new BadRequestException("Unable to complete WebAuthn registration.");
--- a/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs
+++ b/src/Api/Auth/Models/Request/WebAuthn/WebAuthnCredentialRequestModel.cs
@ -1,4 +1,5 @@
 using System.ComponentModel.DataAnnotations;
+using Bit.Core.Utilities;
 using Fido2NetLib;

 namespace Bit.Api.Auth.Models.Request.Webauthn;
@ -13,5 +14,20 @@ public class WebAuthnCredentialRequestModel

    [Required]
    public string Token { get; set; }
+
+    [Required]
+    public bool SupportsPrf { get; set; }
+
+    [EncryptedString]
+    [EncryptedStringLength(2000)]
+    public string EncryptedUserKey { get; set; }
+
+    [EncryptedString]
+    [EncryptedStringLength(2000)]
+    public string EncryptedPublicKey { get; set; }
+
+    [EncryptedString]
+    [EncryptedStringLength(2000)]
+    public string EncryptedPrivateKey { get; set; }
 }

--- a/src/Api/Auth/Models/Response/WebAuthn/WebAuthnCredentialResponseModel.cs
+++ b/src/Api/Auth/Models/Response/WebAuthn/WebAuthnCredentialResponseModel.cs
@ -1,4 +1,5 @@
 using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
 using Bit.Core.Models.Api;

 namespace Bit.Api.Auth.Models.Response.WebAuthn;
@ -11,10 +12,10 @@ public class WebAuthnCredentialResponseModel : ResponseModel
    {
        Id = credential.Id.ToString();
        Name = credential.Name;
-        PrfSupport = false;
+        PrfStatus = credential.GetPrfStatus();
    }

    public string Id { get; set; }
    public string Name { get; set; }
-    public bool PrfSupport { get; set; }
+    public WebAuthnPrfStatus PrfStatus { get; set; }
 }