Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PM-14240] Add Quetta Browser to Privileged Apps #4189

Open
wants to merge 21 commits into
base: main
Choose a base branch
from

Conversation

SymphonicDeviation
Copy link

@SymphonicDeviation SymphonicDeviation commented Oct 29, 2024

🎟️ Tracking

I added Quetta browser to allow for passkey support.

📔 Objective

Adds Quetta Browser to privileged apps for passkey support.

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
    issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@CLAassistant
Copy link

CLAassistant commented Oct 29, 2024

CLA assistant check
All committers have signed the CLA.

@bitwarden-bot
Copy link

Thank you for your contribution! We've added this to our internal Community PR board for review.
ID: PM-14240

@bitwarden-bot bitwarden-bot changed the title Add Quetta Browser to Privileged Apps [PM-14240] Add Quetta Browser to Privileged Apps Oct 29, 2024
@SaintPatrck
Copy link
Contributor

SaintPatrck commented Nov 6, 2024

Hi @SymphonicDeviation,

I tested these changes on several sites known to have working passkey implementations but I was not able to get the browser to trigger registration or authentication. Due to this, I'm hesitant to accept the changes as they are.

If you provide a video of the browser supporting passkeys with your changes we can consider adding the browser.

@SymphonicDeviation
Copy link
Author

SymphonicDeviation commented Nov 7, 2024

Hi @SymphonicDeviation,

I tested these changes on several sites known to have working passkey implementations but I was not able to get the browser to trigger registration or authentication. Due to this, I'm hesitant to accept the changes as they are.

If you provide a video of the browser supporting passkeys with your changes we can consider adding the browser.

Hi @SaintPatrck,

I forgot to mention that I had to enable the passkey flag in the quetta flags section via quetta://flags

Screenshot_20241106_201551_Quetta.png

Here is the requested video

},
{
"build": "release",
"cert_fingerprint_sha256": "32:57:D5:99:A4:9D:2C:96:1A:47:1C:A9:84:3F:59:D3:41:A4:05:88:45:83:FC:08:7D:F4:23:7B:73:3B:BD:6D"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are there two fingerprints here? I suppose one is from Google Play but what would be the other one?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly, it has been a few weeks since I've made this commit. I used "App Manager" to get the sha256 values. I tested it again without that other fingerprint and it seems to be working fine. It must have been removed since I do not see that sha256 fingerprint in "App Manager".

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that case this would be a security concern, I'd take it off;

BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80 I can confirm is from the Play Store, but the other one I cannot.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In that case this would be a security concern, I'd take it off;

BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80 I can confirm is from the Play Store, but the other one I cannot.

Yes, I did take it off and removed it on my end. I'll be pushing the commit with the removal to my version/repo once I am home tonight. And if you're not aware, Quetta also updated the browser to support autofill, I tested the browser with the latest commits in the custom built apk. I can confirm that the autofill works with bitwarden now.

@lucasmz-dev
Copy link
Contributor

I tested these changes on several sites known to have working passkey implementations but I was not able to get the browser to trigger registration or authentication. Due to this, I'm hesitant to accept the changes as they are.

To be fair all of the Chromium-based browsers I've added originally with 20383f0 do not seem to work properly with passkeys... Well, for me anyway. They did seem to work in the past but randomly broke, and weirdly this weird Quetta browser does seem to work...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants