Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PM-14240] Add Quetta Browser to Privileged Apps #4189

Merged
merged 28 commits into from
Jan 10, 2025

Conversation

SymphonicDeviation
Copy link
Contributor

@SymphonicDeviation SymphonicDeviation commented Oct 29, 2024

🎟️ Tracking

I added Quetta browser to allow for passkey support.

📔 Objective

Adds Quetta Browser to privileged apps for passkey support.

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
    issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@CLAassistant
Copy link

CLAassistant commented Oct 29, 2024

CLA assistant check
All committers have signed the CLA.

@bitwarden-bot
Copy link

Thank you for your contribution! We've added this to our internal Community PR board for review.
ID: PM-14240

@bitwarden-bot bitwarden-bot changed the title Add Quetta Browser to Privileged Apps [PM-14240] Add Quetta Browser to Privileged Apps Oct 29, 2024
@SaintPatrck
Copy link
Contributor

SaintPatrck commented Nov 6, 2024

Hi @SymphonicDeviation,

I tested these changes on several sites known to have working passkey implementations but I was not able to get the browser to trigger registration or authentication. Due to this, I'm hesitant to accept the changes as they are.

If you provide a video of the browser supporting passkeys with your changes we can consider adding the browser.

@SymphonicDeviation
Copy link
Contributor Author

SymphonicDeviation commented Nov 7, 2024

Hi @SymphonicDeviation,

I tested these changes on several sites known to have working passkey implementations but I was not able to get the browser to trigger registration or authentication. Due to this, I'm hesitant to accept the changes as they are.

If you provide a video of the browser supporting passkeys with your changes we can consider adding the browser.

Hi @SaintPatrck,

I forgot to mention that I had to enable the passkey flag in the quetta flags section via quetta://flags

Screenshot_20241106_201551_Quetta.png

Here is the requested video

},
{
"build": "release",
"cert_fingerprint_sha256": "32:57:D5:99:A4:9D:2C:96:1A:47:1C:A9:84:3F:59:D3:41:A4:05:88:45:83:FC:08:7D:F4:23:7B:73:3B:BD:6D"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are there two fingerprints here? I suppose one is from Google Play but what would be the other one?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly, it has been a few weeks since I've made this commit. I used "App Manager" to get the sha256 values. I tested it again without that other fingerprint and it seems to be working fine. It must have been removed since I do not see that sha256 fingerprint in "App Manager".

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that case this would be a security concern, I'd take it off;

BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80 I can confirm is from the Play Store, but the other one I cannot.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that case this would be a security concern, I'd take it off;

BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80 I can confirm is from the Play Store, but the other one I cannot.

Yes, I did take it off and removed it on my end. I'll be pushing the commit with the removal to my version/repo once I am home tonight. And if you're not aware, Quetta also updated the browser to support autofill, I tested the browser with the latest commits in the custom built apk. I can confirm that the autofill works with bitwarden now.

@lucasmz-dev
Copy link
Contributor

I tested these changes on several sites known to have working passkey implementations but I was not able to get the browser to trigger registration or authentication. Due to this, I'm hesitant to accept the changes as they are.

To be fair all of the Chromium-based browsers I've added originally with 20383f0 do not seem to work properly with passkeys... Well, for me anyway. They did seem to work in the past but randomly broke, and weirdly this weird Quetta browser does seem to work...

Copy link
Contributor

@SaintPatrck SaintPatrck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for removing the other signatures. I was able to confirm Quetta works with these changes.

If you can move the new entry so that it is sorted alphabetically, I'd be happy to approve your PR.

@SymphonicDeviation
Copy link
Contributor Author

Thank you for removing the other signatures. I was able to confirm Quetta works with these changes.

If you can move the new entry so that it is sorted alphabetically, I'd be happy to approve your PR.

I will change it as soon as I get the chance.

Copy link
Contributor

github-actions bot commented Jan 9, 2025

Logo
Checkmarx One – Scan Summary & Details32348ca0-1d4b-4ca4-bf7d-a27b4e46e3a1

No New Or Fixed Issues Found

@SaintPatrck SaintPatrck enabled auto-merge January 10, 2025 14:21
@SaintPatrck SaintPatrck added this pull request to the merge queue Jan 10, 2025
Copy link

codecov bot commented Jan 10, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.31%. Comparing base (3e55256) to head (f851620).
Report is 5 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #4189   +/-   ##
=======================================
  Coverage   88.31%   88.31%           
=======================================
  Files         603      603           
  Lines       40269    40269           
  Branches     5697     5697           
=======================================
  Hits        35562    35562           
  Misses       2721     2721           
  Partials     1986     1986           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Merged via the queue into bitwarden:main with commit a3096c0 Jan 10, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants