Passkeys: Add Resident Key error

share/translations/keepassxc_en.ts

@@ -8247,6 +8247,34 @@ Kernel: %3 %4</source>
         <source>Passkeys</source>
         <translation type="unfinished"></translation>
     </message>
+    <message>
+        <source>Attestation not supported</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Credential is excluded</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Passkeys request canceled</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Invalid user verification</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Empty public key</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Invalid URL provided</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <source>Resident Keys are not supported</source>
+        <translation type="unfinished"></translation>
+    </message>
 </context>
 <context>
     <name>QtIOCompressor</name>

src/browser/BrowserMessageBuilder.cpp

@@ -128,6 +128,20 @@ QString BrowserMessageBuilder::getErrorMessage(const int errorCode) const
         return QObject::tr("No valid UUID provided");
     case ERROR_KEEPASS_ACCESS_TO_ALL_ENTRIES_DENIED:
         return QObject::tr("Access to all entries is denied");
+    case ERROR_PASSKEYS_ATTESTATION_NOT_SUPPORTED:
+        return QObject::tr("Attestation not supported");
+    case ERROR_PASSKEYS_CREDENTIAL_IS_EXCLUDED:
+        return QObject::tr("Credential is excluded");
+    case ERROR_PASSKEYS_REQUEST_CANCELED:
+        return QObject::tr("Passkeys request canceled");
+    case ERROR_PASSKEYS_INVALID_USER_VERIFICATION:
+        return QObject::tr("Invalid user verification");
+    case ERROR_PASSKEYS_EMPTY_PUBLIC_KEY:
+        return QObject::tr("Empty public key");
+    case ERROR_PASSKEYS_INVALID_URL_PROVIDED:
+        return QObject::tr("Invalid URL provided");
+    case ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED:
+        return QObject::tr("Resident Keys are not supported");
     default:
         return QObject::tr("Unknown error");
     }

src/browser/BrowserMessageBuilder.h

@@ -54,7 +54,8 @@ namespace
         ERROR_PASSKEYS_REQUEST_CANCELED = 22,
         ERROR_PASSKEYS_INVALID_USER_VERIFICATION = 23,
         ERROR_PASSKEYS_EMPTY_PUBLIC_KEY = 24,
-        ERROR_PASSKEYS_INVALID_URL_PROVIDED = 25
+        ERROR_PASSKEYS_INVALID_URL_PROVIDED = 25,
+        ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED = 26,
     };
 }
 

src/browser/BrowserService.cpp

@@ -628,13 +628,19 @@ QJsonObject BrowserService::showPasskeysRegisterPrompt(const QJsonObject& public
     const auto excludeCredentials = publicKey["excludeCredentials"].toArray();
     const auto attestation = publicKey["attestation"].toString();
 
+    // Check Resident Key requirement
+    const auto authenticatorSelection = publicKey["authenticatorSelection"].toObject();
+    const auto requireResidentKey = authenticatorSelection["requireResidentKey"].toBool();
+    if (requireResidentKey) {
+        return getPasskeyError(ERROR_PASSKEYS_RESIDENT_KEYS_NOT_SUPPORTED);
+    }
+
     // Only support these two for now
     if (attestation != BrowserPasskeys::PASSKEYS_ATTESTATION_NONE
         && attestation != BrowserPasskeys::PASSKEYS_ATTESTATION_DIRECT) {
         return getPasskeyError(ERROR_PASSKEYS_ATTESTATION_NOT_SUPPORTED);
     }
 
-    const auto authenticatorSelection = publicKey["authenticatorSelection"].toObject();
     const auto userVerification = authenticatorSelection["userVerification"].toString();
     if (!browserPasskeys()->isUserVerificationValid(userVerification)) {
         return getPasskeyError(ERROR_PASSKEYS_INVALID_USER_VERIFICATION);