[PM-24258] Building a specific Fido2AttestationResponse to work with Binance

[aj-rosado]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-24258

📔 Objective

When creating a passkey on Binance it is being labeled as "Broken".
Sending a sanitized Fido2AttestationResponse with the response object without the transports on the Binance flow fixes that.

fixes #5608

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 25dcfaa2-1e64-4dd4-adbe-53652ad4e524

Fixed Issues (2)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultViewModelTest.kt: 3050
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultScreenTest.kt: 816

[codecov]

Codecov Report

❌ Patch coverage is 85.71429% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.59%. Comparing base (d306813) to head (650de19).
⚠️ Report is 17 commits behind head on main.

Files with missing lines	Patch %	Lines
...dentials/manager/BitwardenCredentialManagerImpl.kt	75.00%	0 Missing and 1 partial ⚠️
...ntialAuthenticatorAttestationResponseExtensions.kt	90.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@           Coverage Diff            @@
##             main    #5986    +/-   ##
========================================
  Coverage   84.58%   84.59%            
========================================
  Files         718      722     +4     
  Lines       54618    54882   +264     
  Branches     7521     7569    +48     
========================================
+ Hits        46199    46427   +228     
- Misses       5787     5805    +18     
- Partials     2632     2650    +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[david-livefront]

Can we drop this suppression now?

[david-livefront]

Could we leave this unchanged and add the explicit nulls for the Binance case.

This should be temporary and we only need these default values in this one scenario

[david-livefront]

Can we generate a ticket to track that this needs to be removed eventually?

[david-livefront]

Based on the previous code, I thought more of this data would be null. Has something changed?

[aj-rosado]

Binance only complains with the extra transports, but only needs the clientDataJson and attestationObject.

publicKeyAlgorithm, publicKey, authenticatorData are present inside the attestationObject and they are only needed here for chromium browsers. For some reason chromium browsers won't work without any of these fields.

Both chromium and firefox needs transports, it is not present on the attestationObject.

I had only tested previously with clientDataJson, attestationObject and transports as all other fields are in attestation. But publicKeyAlgorithm is not nullable so gave it a try and it works as well, with all other fields also work, so seems that is only an issue with transports.

To keep the changes minimal, despite not necessary I am sending all the other data as well and just nulling transports

[david-livefront]

If it's just this one property, can we simplify this?

Fido2AttestationResponse.RegistrationResponse(
    clientDataJson = response.clientDataJson.base64EncodeForFido2Response(),
    attestationObject = response.attestationObject.base64EncodeForFido2Response(),
    transports = response.transports.takeUnless {
        // Setting transports as null, otherwise Binance labels the passkey broken
        // PM-26734 remove this flow if not necessary anymore
        callingPackageName == BINANCE_PACKAGE_NAME
    },
    publicKeyAlgorithm = response.publicKeyAlgorithm,
    publicKey = response.publicKey?.base64EncodeForFido2Response(),
    authenticatorData = response.authenticatorData.base64EncodeForFido2Response(),
)

[aj-rosado]

yes that looks better

[SaintPatrck]

LGTM!