Merge branch 'IDTEAM-ipc-error-messages' into 'main'

Bubble IPC error messages up to renderer

See merge request web/clients!16686

Author: MargeBot

applications/pass-desktop/native/src/biometrics/linux.rs

@@ -7,11 +7,7 @@ impl super::BiometricsTrait for Biometrics {
         bail!("Not implemented")
     }
 
-    fn get_decryption_key(_challenge_b64: Option<&str>) -> Result<[String; 2]> {
-        bail!("Not implemented")
-    }
-
-    fn check_presence(_handle: Vec<u8>, _reason: String) -> Result<bool> {
+    fn check_presence(_handle: Vec<u8>, _reason: String) -> Result<()> {
         bail!("Not implemented")
     }
 

applications/pass-desktop/native/src/biometrics/macos.rs

@@ -10,11 +10,7 @@ impl super::BiometricsTrait for Biometrics {
         bail!("Not implemented")
     }
 
-    fn get_decryption_key(_challenge_b64: Option<&str>) -> Result<[String; 2]> {
-        bail!("Not implemented")
-    }
-
-    fn check_presence(_handle: Vec<u8>, _reason: String) -> Result<bool> {
+    fn check_presence(_handle: Vec<u8>, _reason: String) -> Result<()> {
         bail!("Not implemented")
     }
 

applications/pass-desktop/native/src/biometrics/mod.rs

@@ -7,8 +7,7 @@ mod biometrics_platform;
 
 pub trait BiometricsTrait {
     fn can_check_presence() -> Result<bool>;
-    fn check_presence(handle: Vec<u8>, reason: String) -> Result<bool>;
-    fn get_decryption_key(challenge: Option<&str>) -> Result<[String; 2]>;
+    fn check_presence(handle: Vec<u8>, reason: String) -> Result<()>;
     fn get_secret(key: String) -> Result<Vec<u8>>;
     fn set_secret(key: String, data: Vec<u8>) -> Result<()>;
     fn delete_secret(key: String) -> Result<()>;

applications/pass-desktop/native/src/biometrics/windows.rs

@@ -40,45 +40,7 @@ impl super::BiometricsTrait for Biometrics {
         }
     }
 
-    fn get_decryption_key(challenge_b64: Option<&str>) -> Result<[String; 2]> {
-        static KEY_NAME: &HSTRING = h!("ProtonPass");
-
-        let challenge: [u8; 16] = match challenge_b64 {
-            Some(str) => base64_engine
-                .decode(str)?
-                .try_into()
-                .map_err(|_e| anyhow!("Invalid challenge"))?,
-            None => random_challenge(),
-        };
-
-        let open_result =
-            KeyCredentialManager::RequestCreateAsync(KEY_NAME, KeyCredentialCreationOption::FailIfExists)?.get()?;
-
-        let retreive_result = match open_result.Status()? {
-            KeyCredentialStatus::CredentialAlreadyExists => KeyCredentialManager::OpenAsync(KEY_NAME)?.get()?,
-            KeyCredentialStatus::Success => open_result,
-            _ => return Err(anyhow!("Failed to create key credential")),
-        };
-
-        let credential = retreive_result.Credential()?;
-        let challenge_buffer = CryptographicBuffer::CreateFromByteArray(&challenge)?;
-        let signature_result = credential.RequestSignAsync(&challenge_buffer)?.get()?;
-        ensure!(
-            signature_result.Status()? == KeyCredentialStatus::Success,
-            "Failed to sign data"
-        );
-
-        let signature_buffer = signature_result.Result()?;
-        let mut signature_value = Array::<u8>::with_len(signature_buffer.Length()? as usize);
-        CryptographicBuffer::CopyToByteArray(&signature_buffer, &mut signature_value)?;
-
-        let key = Sha256::digest(&*signature_value);
-        let key_b64 = base64_engine.encode(key);
-        let iv_b64 = base64_engine.encode(challenge);
-        Ok([key_b64, iv_b64])
-    }
-
-    fn check_presence(handle: Vec<u8>, reason: String) -> Result<bool> {
+    fn check_presence(handle: Vec<u8>, reason: String) -> Result<()> {
         let h = isize::from_le_bytes(handle.clone().try_into().unwrap());
         let window = HWND(h);
 
@@ -88,8 +50,14 @@ impl super::BiometricsTrait for Biometrics {
         let result = operation.get()?;
 
         match result {
-            UserConsentVerificationResult::Verified => Ok(true),
-            _ => Ok(false),
+            UserConsentVerificationResult::Verified => Ok(),
+            UserConsentVerificationResult::DeviceBusy => Err("Authentication device is busy."),
+            UserConsentVerificationResult::DeviceNotPresent => Err("No authentication device found."),
+            UserConsentVerificationResult::DisabledByPolicy => Err("Authentication device is disabled by policy."),
+            UserConsentVerificationResult::NotConfiguredForUser => Err("No authentication device configured."),
+            UserConsentVerificationResult::Canceled => Err("Authentication cancelled."),
+            UserConsentVerificationResult::RetriesExhausted => Err("There have been too many failed attempts."),
+            _ => Err("Biometric authentication failed."),
         }
     }
 

applications/pass-desktop/native/src/lib.rs

@@ -16,17 +16,10 @@ pub mod biometric {
     }
 
     #[napi]
-    pub async fn check_presence(handle: Buffer, reason: String) -> napi::Result<bool> {
+    pub async fn check_presence(handle: Buffer, reason: String) -> napi::Result<()> {
         Biometrics::check_presence(handle.into(), reason).map_err(|e| napi::Error::from_reason(e.to_string()))
     }
 
-    #[napi]
-    pub async fn get_decryption_key(challenge: Option<&str>) -> napi::Result<Vec<String>> {
-        Biometrics::get_decryption_key(challenge)
-            .map(|v| v.into())
-            .map_err(|e| napi::Error::from_reason(e.to_string()))
-    }
-
     #[napi]
     pub async fn get_secret(key: String) -> napi::Result<Uint8Array> {
         let vec = Biometrics::get_secret(key).map_err(|e| napi::Error::from_reason(e.to_string()))?;

applications/pass-desktop/src/app/App.tsx

@@ -86,12 +86,8 @@ export const getPassCoreProps = (): PassCoreProviderProps => ({
     },
 
     getBiometricsKey: async (store: AuthStore) => {
-        try {
-            const { storageKey, version } = inferBiometricsStorageKey(store);
-            return (await window.ctxBridge?.getSecret(storageKey, version)) ?? null;
-        } catch {
-            return null;
-        }
+        const { storageKey, version } = inferBiometricsStorageKey(store);
+        return (await window.ctxBridge?.getSecret(storageKey, version)) ?? null;
     },
 
     generateBiometricsKey: async () => {

applications/pass-desktop/src/app/reportClientLaunch.ts

@@ -12,7 +12,7 @@ export default async () => {
          */
         setMetricsEnabled(true);
 
-        const { installSource = null } = (await window.ctxBridge?.getInstallInfo()) ?? {};
+        const installSource = (await window.ctxBridge?.getInstallInfo()) ?? null;
         if (installSource !== null) await reportClientLaunch(installSource, 'pass', api);
         void window.ctxBridge?.setInstallSourceReported();
     } catch (err) {

applications/pass-desktop/src/lib/biometrics/biometrics.macos.ts

@@ -8,23 +8,16 @@ import type { BiometricsFactory, BiometricsPlatformHandler } from './types';
 
 const factory: BiometricsFactory = () => {
     /** reason is prefixed by 'Proton Pass wants to' */
-    const checkPresence = async (reason = 'unlock') => {
-        try {
-            await systemPreferences.promptTouchID(reason);
-            return true;
-        } catch (_) {
-            return false;
-        }
-    };
+    const checkPresence = async (reason = 'unlock') => systemPreferences.promptTouchID(reason);
 
     const biometrics: BiometricsPlatformHandler = {
         canCheckPresence: () => Promise.resolve(true),
         checkPresence: (_, reason) => checkPresence(reason),
         getDecryptionKey: () => Promise.resolve(null),
         getSecret: async (_, key, version) => {
-            if (!(await checkPresence())) throw new Error('Biometric authentication failed');
+            await checkPresence();
 
-            const secretBytes = await macBiometrics.getSecret(key).catch(() => null);
+            const secretBytes = await macBiometrics.getSecret(key);
             if (!secretBytes) return null;
 
             /** Version 1 (Legacy): Secrets were stored as UTF-8 encoded strings.

applications/pass-desktop/src/lib/biometrics/biometrics.windows.ts

@@ -7,18 +7,18 @@ import type { BiometricsFactory, BiometricsPlatformHandler } from './types';
 const factory: BiometricsFactory = (getWindow) => {
     const checkPresence = async (reason = 'Proton Pass wants to unlock') => {
         const handle = getWindow()?.getNativeWindowHandle();
-        if (!handle) return false;
-        return winBiometrics.checkPresence(handle, reason).catch(() => false);
+        if (!handle) throw new Error('Failed to acquire window handle');
+        await winBiometrics.checkPresence(handle, reason);
     };
 
     const biometrics: BiometricsPlatformHandler = {
         canCheckPresence: () => winBiometrics.canCheckPresence().catch(() => false),
         checkPresence: (_, reason) => checkPresence(reason),
-        getDecryptionKey: (_, challenge) => winBiometrics.getDecryptionKey(challenge).catch(() => null),
+        getDecryptionKey: (_, challenge) => winBiometrics.getDecryptionKey(challenge),
         getSecret: async (_, key, version) => {
-            if (!(await checkPresence())) throw new Error('Biometric authentication failed');
+            await checkPresence();
 
-            const secretBytes = await winBiometrics.getSecret(key).catch(() => null);
+            const secretBytes = await winBiometrics.getSecret(key);
             if (!secretBytes) return null;
 
             /** Version 1 (Legacy): Secrets were stored as UTF-16 encoded strings in a Vec<u8>,

applications/pass-desktop/src/lib/biometrics/index.ts

@@ -1,8 +1,21 @@
-import { ipcMain } from 'electron';
 import { platform } from 'os';
 
+import type { MaybeNull } from '@proton/pass/types';
+
+import { setupIpcHandler } from '../ipc';
 import type { BiometricsFactory, BiometricsPlatformHandler } from './types';
 
+declare module 'proton-pass-desktop/lib/ipc' {
+    interface IPCChannels {
+        'biometrics:canCheckPresence': IPCChannel<[], boolean>;
+        'biometrics:checkPresence': IPCChannel<[reason?: string], void>;
+        'biometrics:getDecryptionKey': IPCChannel<[challenge: string], MaybeNull<string[]>>;
+        'biometrics:getSecret': IPCChannel<[key: string, version: number], MaybeNull<string>>;
+        'biometrics:setSecret': IPCChannel<[key: string, secret: Uint8Array], void>;
+        'biometrics:deleteSecret': IPCChannel<[key: string], void>;
+    }
+}
+
 const factory: BiometricsFactory = (getWindow) => {
     const platformImplementation: BiometricsPlatformHandler = (() => {
         switch (platform()) {
@@ -22,12 +35,12 @@ const factory: BiometricsFactory = (getWindow) => {
         }
     })();
 
-    ipcMain.handle('biometrics:canCheckPresence', platformImplementation.canCheckPresence);
-    ipcMain.handle('biometrics:checkPresence', platformImplementation.checkPresence);
-    ipcMain.handle('biometrics:getDecryptionKey', platformImplementation.getDecryptionKey);
-    ipcMain.handle('biometrics:getSecret', platformImplementation.getSecret);
-    ipcMain.handle('biometrics:setSecret', platformImplementation.setSecret);
-    ipcMain.handle('biometrics:deleteSecret', platformImplementation.deleteSecret);
+    setupIpcHandler('biometrics:canCheckPresence', platformImplementation.canCheckPresence);
+    setupIpcHandler('biometrics:checkPresence', platformImplementation.checkPresence);
+    setupIpcHandler('biometrics:getDecryptionKey', platformImplementation.getDecryptionKey);
+    setupIpcHandler('biometrics:getSecret', platformImplementation.getSecret);
+    setupIpcHandler('biometrics:setSecret', platformImplementation.setSecret);
+    setupIpcHandler('biometrics:deleteSecret', platformImplementation.deleteSecret);
 
     return platformImplementation;
 };