Open LeoColomb opened 1 month ago
Assigning to @getsentry/support for routing ⏲️
Routing to @getsentry/product-owners-settings-auth for triage ⏲️
We're looking into this. Thanks for the detailed bug report!
@LeoColomb
I'm able to recreate this using the Bitwarden Browser Extension 2024.4.2 and Chrome 124.0.6367.156. I don't receive a prompt from Bitwarden to setup a passkey. Is this what you're experiencing? Could you share your extension and browser versions?
Interestingly, I cannot recreate this using 1Password. It successfully prompts to create a new passkey and registers it fine.
@mdtro Good to know! I don't think the version numbers are going to explain anything: I've tried with 3 different browsers (Chrome, Firefox, Brave), with different versions (I'm facing this issue for half a year at least). Same for Bitwarden. In any case, the latest versions are affected.
The prompt is not shown because of the error reported by Bitwarden's background script.
@mdtro After further investigation, it appears that the user.id
provided is actually the challenge data encoded with CBOR+base64.
The user.id
inside that data is the valid one.
@LeoColomb Good catch! Our backend API returns this in a JSON response to a GET on /api/0/users/me/authenticators/u2f/enroll/
.
{
...
"challenge": {
"webAuthnRegisterData": "<encoded data>"
}
}
@leedongwei I'm not great with the frontend code. Is it possible we are decoding this incorrectly and putting the wrong values in user.id
? Or is this an issue with the BitWarden client/extension?
Environment
SaaS (https://sentry.io/)
Steps to Reproduce
Expected Result
All the enrollment to run without issues and the key challenge to be accepted. The
user.id
standard to be respectedActual Result
The interface shows an error.![image](https://github.com/getsentry/sentry/assets/846943/3f2df084-153d-4481-8e25-b2f7408e5937)
The passkeys manager receives an incorrect
user.id
length.The password manager logs an error.
Ref: https://github.com/bitwarden/clients/issues/8756
I tried to dig in where the wrong length was created, but it seems to be generated to correct way:
https://github.com/getsentry/sentry/blob/9d2044811ebac0d3412a57cb755c79d650fd8668/src/sentry/auth/authenticators/u2f.py#L111
Some ideas:
user.id
Product Area
Settings - Auth
Link
https://sentry.io/settings/account/security/mfa/u2f/enroll/
DSN
No response
Version
No response