Merge pull request #3510 from nextcloud/chore/noid/updateFido

Bump hwsecurity-fido from 2.4.5 to 4.1.0-patch2
2025-03-10 08:00:57 +00:00 · 2023-12-18 10:21:17 +01:00 · 2023-12-18 10:21:17 +01:00 · 8067240fd2
commit 8067240fd2
parent 59227f8668 a77ad7bf74
2 changed files with 14 additions and 1 deletions
--- a/app/build.gradle
+++ b/app/build.gradle
@ -145,6 +145,7 @@ ext {
    coilKtVersion = "2.5.0"
    daggerVersion = "2.49"
    emojiVersion = "1.4.0"
+    fidoVersion = "4.1.0-patch2"
    lifecycleVersion = '2.6.2'
    okhttpVersion = "4.12.0"
    markwonVersion = "4.6.2"
@ -252,7 +253,8 @@ dependencies {
    implementation "io.coil-kt:coil-svg:${coilKtVersion}"
    implementation 'com.github.natario1:Autocomplete:v1.1.0'

-    implementation 'com.github.cotechde.hwsecurity:hwsecurity-fido:2.4.5'
+    implementation "com.github.nextcloud-deps.hwsecurity:hwsecurity-fido:${fidoVersion}"
+    implementation "com.github.nextcloud-deps.hwsecurity:hwsecurity-fido2:${fidoVersion}"

    implementation 'com.novoda:merlin:1.2.1'

--- a/app/src/main/java/com/nextcloud/talk/account/WebViewLoginActivity.kt
+++ b/app/src/main/java/com/nextcloud/talk/account/WebViewLoginActivity.kt
@ -66,6 +66,8 @@ import com.nextcloud.talk.utils.bundle.BundleKeys.KEY_TOKEN
 import com.nextcloud.talk.utils.bundle.BundleKeys.KEY_USERNAME
 import com.nextcloud.talk.utils.ssl.TrustManager
 import de.cotech.hw.fido.WebViewFidoBridge
+import de.cotech.hw.fido2.WebViewWebauthnBridge
+import de.cotech.hw.fido2.ui.WebauthnDialogOptions
 import io.reactivex.disposables.Disposable
 import java.lang.reflect.Field
 import java.net.CookieManager
@ -99,6 +101,7 @@ class WebViewLoginActivity : BaseActivity() {
    private var loginStep = 0
    private var automatedLoginAttempted = false
    private var webViewFidoBridge: WebViewFidoBridge? = null
+    private var webViewWebauthnBridge: WebViewWebauthnBridge? = null

    private val onBackPressedCallback = object : OnBackPressedCallback(true) {
        override fun handleOnBackPressed() {
@ -164,6 +167,12 @@ class WebViewLoginActivity : BaseActivity() {
        binding.webview.clearHistory()
        WebView.clearClientCertPreferences(null)
        webViewFidoBridge = WebViewFidoBridge.createInstanceForWebView(this, binding.webview)
+
+        val webauthnOptionsBuilder = WebauthnDialogOptions.builder().setShowSdkLogo(true).setAllowSkipPin(true)
+        webViewWebauthnBridge = WebViewWebauthnBridge.createInstanceForWebView(
+            this, binding.webview, webauthnOptionsBuilder
+        )
+
        CookieSyncManager.createInstance(this)
        android.webkit.CookieManager.getInstance().removeAllCookies(null)
        val headers: MutableMap<String, String> = HashMap()
@ -172,12 +181,14 @@ class WebViewLoginActivity : BaseActivity() {
            private var basePageLoaded = false
            override fun shouldInterceptRequest(view: WebView, request: WebResourceRequest): WebResourceResponse? {
                webViewFidoBridge?.delegateShouldInterceptRequest(view, request)
+                webViewWebauthnBridge?.delegateShouldInterceptRequest(view, request)
                return super.shouldInterceptRequest(view, request)
            }

            override fun onPageStarted(view: WebView, url: String, favicon: Bitmap?) {
                super.onPageStarted(view, url, favicon)
                webViewFidoBridge?.delegateOnPageStarted(view, url, favicon)
+                webViewWebauthnBridge?.delegateOnPageStarted(view, url, favicon)
            }

            @Deprecated("Use shouldOverrideUrlLoading(WebView view, WebResourceRequest request)")