From 259ad0789a61e5218cf8f8b8558697fa9fea23c8 Mon Sep 17 00:00:00 2001 From: Edgar Story Date: Tue, 12 Nov 2024 09:20:38 +0000 Subject: [PATCH] Improve the support for PIN-less FIDO2 devices - We now check if in the handling of two factor option, the option to be used is a SecurityKey. If so, check if a FIDO2 device is attached and if it needs a PIN. - When a PIN is not required, we can just move straight onto assertation, the code for which will present the touch key UI. - Otherwise we fallback to the original flow. --- Xcodes/Backend/AppState.swift | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/Xcodes/Backend/AppState.swift b/Xcodes/Backend/AppState.swift index d855d24..e3997a1 100644 --- a/Xcodes/Backend/AppState.swift +++ b/Xcodes/Backend/AppState.swift @@ -305,11 +305,17 @@ class AppState: ObservableObject { } func handleTwoFactorOption(_ option: TwoFactorOption, authOptions: AuthOptionsResponse, serviceKey: String, sessionID: String, scnt: String) { - self.presentedSheet = .twoFactor(.init( - option: option, - authOptions: authOptions, - sessionData: AppleSessionData(serviceKey: serviceKey, sessionID: sessionID, scnt: scnt) - )) + let sessionData = AppleSessionData(serviceKey: serviceKey, sessionID: sessionID, scnt: scnt) + + if option == .securityKey, fido2DeviceIsPresent() && !fido2DeviceNeedsPin() { + createAndSubmitSecurityKeyAssertationWithPinCode(nil, sessionData: sessionData, authOptions: authOptions) + } else { + self.presentedSheet = .twoFactor(.init( + option: option, + authOptions: authOptions, + sessionData: sessionData + )) + } } func requestSMS(to trustedPhoneNumber: AuthOptionsResponse.TrustedPhoneNumber, authOptions: AuthOptionsResponse, sessionData: AppleSessionData) {