Implement getClientCapabilities (all false for now)

msirringhaus · msirringhaus · commit 5827b9e8200c · 2025-05-20T15:40:12.000+02:00
diff --git a/contrib/xyz.iinuwa.credentials.CredentialManager.xml b/contrib/xyz.iinuwa.credentials.CredentialManager.xml
@@ -16,6 +16,9 @@
       <arg name="request" type="a{sv}" direction="in"/>
       <arg type="a{sv}" direction="out"/>
     </method>
+    <method name="GetClientCapabilities">
+      <arg type="a{sv}" direction="out"/>
+    </method>
   </interface>
   <interface name="org.freedesktop.DBus.Peer">
     <method name="Ping">
diff --git a/webext/add-on/background.js b/webext/add-on/background.js
@@ -36,12 +36,16 @@ function rcvFromContent(msg) {
   // const isCrossOrigin = origin === topOrigin
   // const isTopLevel = contentPort.sender.frameId === 0;
 
-
-  const serializedOptions = serializeRequest(options)
-
-  console.debug(options.publicKey.challenge)
-  console.debug("background script received options, passing onto native app")
-  nativePort.postMessage({ requestId, cmd, options: serializedOptions, origin, topOrigin })
+  if (options) {
+    const serializedOptions = serializeRequest(options)
+
+    console.debug(options.publicKey.challenge)
+    console.debug("background script received options, passing onto native app")
+    nativePort.postMessage({ requestId, cmd, options: serializedOptions, origin, topOrigin })
+  } else {
+    console.debug("background script received message without arguments, passing onto native app")
+    nativePort.postMessage({ requestId, cmd, origin, topOrigin })
+  }
 }
 
 function rcvFromNative(msg) {
diff --git a/webext/add-on/content.js b/webext/add-on/content.js
@@ -14,6 +14,11 @@ exportFunction(createCredential, navigator.credentials, { defineAs: "create"})
 exportFunction(getCredential, navigator.credentials, { defineAs: "get"})
 
 
+if (window.PublicKeyCredential) {
+  console.log("overriding PublicKeyCredential.getClientCapabilities() in content script");
+  exportFunction(getClientCapabilities, PublicKeyCredential, { defineAs: "getClientCapabilities"})
+}
+
 function startRequest() {
     const requestId = requestCounter++;
     const {promise, resolve, reject } = window.Promise.withResolvers();
@@ -182,3 +187,10 @@ function getCredential(request) {
     webauthnPort.postMessage({ requestId, cmd: 'get', options, })
     return promise.then(cloneCredentialResponse)
 };
+
+function getClientCapabilities() {
+    console.log("forwarding getClientCapabilities call from content script to background script")
+    const { requestId, promise } = startRequest();
+    webauthnPort.postMessage({ requestId, cmd: 'getClientCapabilities', })
+    return promise
+};
diff --git a/webext/app/credential_manager_shim.py b/webext/app/credential_manager_shim.py
@@ -343,7 +343,7 @@ async def run(cmd, options, origin, top_origin):
 
     interface = proxy_object.get_interface(
         'xyz.iinuwa.credentials.CredentialManagerUi1')
-    logging.debug(f"COnnected to interface at {interface.path}")
+    logging.debug(f"Connected to interface at {interface.path}")
 
     if cmd == 'create':
         if 'publicKey' in options:
@@ -355,6 +355,12 @@ async def run(cmd, options, origin, top_origin):
             return await get_passkey(interface, options['publicKey'], origin, top_origin)
         else:
             raise Exception(f"Could not get unknown credential type: {options.keys()[0]}")
+    elif cmd == 'getClientCapabilities':
+        rsp = await interface.call_get_client_capabilities()
+        response = {}
+        for name, val in rsp.items():
+            response[name] = val.value
+        return response
     else:
         raise Exception(f"unknown cmd: {cmd}")
 
@@ -366,7 +372,10 @@ async def run(cmd, options, origin, top_origin):
     request_id = receivedMessage['requestId']
     try:
         cmd = receivedMessage['cmd']
-        options = receivedMessage['options']
+
+        options = None
+        if 'options' in receivedMessage:
+            options = receivedMessage['options']
         origin = receivedMessage['origin']
         top_origin = receivedMessage['topOrigin']
         loop = asyncio.get_event_loop()
diff --git a/xyz-iinuwa-credential-manager-portal-gtk/src/dbus.rs b/xyz-iinuwa-credential-manager-portal-gtk/src/dbus.rs
@@ -241,6 +241,20 @@ impl CredentialManager {
             ))
         }
     }
+
+    async fn get_client_capabilities(&self) -> fdo::Result<GetClientCapabilitiesResponse> {
+        Ok(GetClientCapabilitiesResponse {
+            conditional_create: false,
+            conditional_get: false,
+            hybrid_transport: false,
+            passkey_platform_authenticator: false,
+            user_verifying_platform_authenticator: false,
+            related_origins: false,
+            signal_all_accepted_credentials: false,
+            signal_current_user_details: false,
+            signal_unknown_credential: false,
+        })
+    }
 }
 
 async fn create_password(
@@ -838,6 +852,20 @@ impl From<GetPublicKeyCredentialResponse> for GetCredentialResponse {
     }
 }
 
+#[derive(SerializeDict, Type)]
+#[zvariant(signature = "dict")]
+pub struct GetClientCapabilitiesResponse {
+    conditional_create: bool,
+    conditional_get: bool,
+    hybrid_transport: bool,
+    passkey_platform_authenticator: bool,
+    user_verifying_platform_authenticator: bool,
+    related_origins: bool,
+    signal_all_accepted_credentials: bool,
+    signal_current_user_details: bool,
+    signal_unknown_credential: bool,
+}
+
 fn format_client_data_json(
     op: Operation,
     challenge: &str,
