fix: Browser selection and URL scheme

2025-12-04 15:49:33 +01:00 · 2025-08-27 23:27:48 +02:00
parent 5f27f161a5
commit 98007c962d
4 changed files with 34 additions and 19 deletions
--- a/app/src/main/java/com/kunzisoft/keepass/credentialprovider/activity/PasskeyLauncherActivity.kt
+++ b/app/src/main/java/com/kunzisoft/keepass/credentialprovider/activity/PasskeyLauncherActivity.kt
@@ -92,24 +92,35 @@ class PasskeyLauncherActivity : DatabaseModeActivity() {
                    passkey?.let {
                        mUsageParameters?.let { usageParameters ->
                            // Check verified origin
-                            usageParameters.androidApp.checkInAppOrigin(
+                            if (usageParameters.androidAppVerified) {
-                                appOrigin = appOrigin,
+                                PendingIntentHandler.setGetCredentialResponse(
-                                onOriginChecked = {
+                                    responseIntent,
-                                    usageParameters.androidAppVerified = true
+                                    GetCredentialResponse(
-                                    PendingIntentHandler.setGetCredentialResponse(
+                                        buildPasskeyPublicKeyCredential(
-                                        responseIntent,
+                                            usageParameters = usageParameters,
-                                        GetCredentialResponse(
+                                            passkey = passkey
                                            buildPasskeyPublicKeyCredential(
                                                usageParameters = usageParameters,
                                                passkey = passkey
                                            )
                                        )
                                    )
-                                },
+                                )
-                                onOriginNotChecked = {
+                            } else {
-                                    throw SecurityException("Wrong signature for ${usageParameters.androidApp.id}")
+                                usageParameters.androidApp.checkInAppOrigin(
-                                }
+                                    appOrigin = appOrigin,
-                            )
+                                    onOriginChecked = {
                                        PendingIntentHandler.setGetCredentialResponse(
                                            responseIntent,
                                            GetCredentialResponse(
                                                buildPasskeyPublicKeyCredential(
                                                    usageParameters = usageParameters,
                                                    passkey = passkey
                                                )
                                            )
                                        )
                                    },
                                    onOriginNotChecked = {
                                        throw SecurityException("Wrong signature for ${usageParameters.androidApp.id}")
                                    }
                                )
                            }
                        } ?: run {
                            throw IOException("Usage parameters is null")
                        }
--- a/app/src/main/java/com/kunzisoft/keepass/credentialprovider/passkey/data/PublicKeyCredentialUsageParameters.kt
+++ b/app/src/main/java/com/kunzisoft/keepass/credentialprovider/passkey/data/PublicKeyCredentialUsageParameters.kt
@@ -25,5 +25,5 @@ data class PublicKeyCredentialUsageParameters(
        val publicKeyCredentialRequestOptions: PublicKeyCredentialRequestOptions,
        val clientDataResponse: ClientDataResponse,
        val androidApp: AppIdentifier,
-        var androidAppVerified: Boolean
+        val androidAppVerified: Boolean
 )
--- a/app/src/main/java/com/kunzisoft/keepass/credentialprovider/passkey/util/OriginManager.kt
+++ b/app/src/main/java/com/kunzisoft/keepass/credentialprovider/passkey/util/OriginManager.kt
@@ -45,7 +45,7 @@ class OriginManager(
            onOriginRetrieved = { appIdentifier, callOrigin, clientDataHash ->
                onOriginRetrieved(
                    AppOrigin().apply {
-                        addIdentifier(appIdentifier)
+                        // Do not store Web Browser AppId -> addIdentifier(appIdentifier)
                        addWebDomain(callOrigin)
                    },
                    clientDataHash
--- a/database/src/main/java/com/kunzisoft/keepass/model/AppOriginEntryField.kt
+++ b/database/src/main/java/com/kunzisoft/keepass/model/AppOriginEntryField.kt
@@ -83,7 +83,11 @@ object AppOriginEntryField {
        // If unable to save web domain in custom field or URL not populated, save in URL
        webDomain?.let {
            val webScheme = if (scheme.isNullOrEmpty()) "https" else scheme
-            val webDomainToStore = "$webScheme://$webDomain"
+            val webDomainToStore = if (webDomain.contains("://")) {
                webDomain
            } else {
                "$webScheme://$webDomain"
            }
            if (!containsDomainOrApplicationId(webDomain)) {
                if (!customFieldsAllowed || url.isEmpty()) {
                    url = webDomainToStore