search

bitwarden / mobile

Retired Bitwarden mobile app for iOS and Android (MAUI/Xamarin).
https://bitwarden.com
GNU General Public License v3.0
25 stars 3 forks source link

URl escaped if WebAuthN is not supported #2364

Open c034SUEKzEfbvgZEAexlKuHHpLgFzuKHMsLZKPF opened 1 year ago

c034SUEKzEfbvgZEAexlKuHHpLgFzuKHMsLZKPF commented 1 year ago

Steps To Reproduce

  1. Install BitWarden on a phone with only the default AOSP browser (no Chrome or Firefox)
  2. Sign in to an account protected by a FIDO security key
  3. Attempt to sign in using WebAuthN
  4. An error message is displayed - the URl is improperly escaped

Expected Result

URl should be presented in an unescaped format.

Actual Result

The NotAllowedError message is difficult to read.

Screenshots or Videos

Screenshot of the error

Additional Context

I believe this may have been introduced by #1534? It could also relate to #2334. It is also documented in https://github.com/bitwarden/mobile/issues/1594#issuecomment-1412097146

Operating System

Android

Operating System Version

13

Device

OnePlus 5T

Build Version

2023.1.0 (5786)

Beta

tAbIkUi4blEAu4VW0M5YzJirfSmb81ikaEnVLxy commented 1 year ago

Hi @edent,

Thank you for reporting this. Just to make sure that you and I are on the same page, by "default AOSP browser" are you referring to Android WebView?

Thank you in advance,

c034SUEKzEfbvgZEAexlKuHHpLgFzuKHMsLZKPF commented 1 year ago

@SergeantConfused yes, the default Android WebView.

As per this announcement, it doesn't support WebAuthN https://groups.google.com/a/chromium.org/g/blink-dev/c/qCJhuuZH5p0

See also https://hwsecurity.dev/guide/fido-webview/ and https://mobile.twitter.com/agl__/status/1536058673327288320