github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-05-06 07:48:22 -05:00
Code Issues 1.1k Packages Projects Releases 122 Wiki Activity

[PR #6183] [MERGED] [PM-28157] Add string extension to prefix URIs with www #54601

New Issue
Closed
opened 2026-05-01 20:14:51 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-05-01 20:14:51 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/bitwarden/android/pull/6183
Author: @SaintPatrck
Created: 11/20/2025
Status: Merged
Merged: 11/20/2025
Merged by: @SaintPatrck

Base: mainHead: PM-28157/prefix-rpId-with-www

📝 Commits (2)

  • 751127b [PM-28157] Add string extension to prefix URIs with www
  • ecbab22 Address review comments

📊 Changes

4 files changed (+155 additions, -1 deletions)

View changed files

📝 app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/manager/OriginManagerImpl.kt (+8 -1)
📝 app/src/test/kotlin/com/x8bit/bitwarden/data/credentials/manager/OriginManagerTest.kt (+58 -0)
📝 ui/src/main/kotlin/com/bitwarden/ui/platform/base/util/StringExtensions.kt (+28 -0)
📝 ui/src/test/kotlin/com/bitwarden/ui/platform/base/util/StringExtensionsTest.kt (+61 -0)

📄 Description

🎟️ Tracking

PM-28157
Relates to Issue #6164

📔 Objective

This PR adds support for prefixing relying party IDs (rpIds) with "www." during passkey Digital Asset Link validation to improve compatibility with web origins that use the www subdomain.

When validating passkey requests, the Android Credential Manager may receive rpIds in various formats (e.g., example.com, www.example.com, https://example.com). However, Digital Asset Link files are often hosted at https://www.example.com/.well-known/assetlinks.json. Without proper www prefixing, the validation can fail even when valid DAL relationships exist.

Changes:

  • Implements prefixWwwIfNecessaryOrNull() and prefixWwwIfNecessary() string extension functions that intelligently add "www." prefix to URIs while preserving existing schemes
  • Updates OriginManagerImpl.validateCallingApplicationAssetLinks() to apply www prefixing before https prefixing during DAL validation
  • Adds comprehensive unit test coverage for all www-prefixing scenarios

This ensures rpIds are properly normalized to https://www.{domain} format before querying Digital Asset Links, improving passkey authentication success rates for websites using www subdomains.

Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/bitwarden/android/pull/6183 **Author:** [@SaintPatrck](https://github.com/SaintPatrck) **Created:** 11/20/2025 **Status:** ✅ Merged **Merged:** 11/20/2025 **Merged by:** [@SaintPatrck](https://github.com/SaintPatrck) **Base:** `main` ← **Head:** `PM-28157/prefix-rpId-with-www` --- ### 📝 Commits (2) - [`751127b`](https://github.com/bitwarden/android/commit/751127b6a8ae9584ff50610e090ad28e3c30cb43) [PM-28157] Add string extension to prefix URIs with www - [`ecbab22`](https://github.com/bitwarden/android/commit/ecbab226c46ff9ae175aace6da853bbdae61a08f) Address review comments ### 📊 Changes **4 files changed** (+155 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/manager/OriginManagerImpl.kt` (+8 -1) 📝 `app/src/test/kotlin/com/x8bit/bitwarden/data/credentials/manager/OriginManagerTest.kt` (+58 -0) 📝 `ui/src/main/kotlin/com/bitwarden/ui/platform/base/util/StringExtensions.kt` (+28 -0) 📝 `ui/src/test/kotlin/com/bitwarden/ui/platform/base/util/StringExtensionsTest.kt` (+61 -0) </details> ### 📄 Description ## 🎟️ Tracking PM-28157 Relates to Issue #6164 ## 📔 Objective This PR adds support for prefixing relying party IDs (rpIds) with "www." during passkey Digital Asset Link validation to improve compatibility with web origins that use the www subdomain. When validating passkey requests, the Android Credential Manager may receive rpIds in various formats (e.g., `example.com`, `www.example.com`, `https://example.com`). However, Digital Asset Link files are often hosted at `https://www.example.com/.well-known/assetlinks.json`. Without proper www prefixing, the validation can fail even when valid DAL relationships exist. **Changes:** - Implements `prefixWwwIfNecessaryOrNull()` and `prefixWwwIfNecessary()` string extension functions that intelligently add "www." prefix to URIs while preserving existing schemes - Updates `OriginManagerImpl.validateCallingApplicationAssetLinks()` to apply www prefixing before https prefixing during DAL validation - Adds comprehensive unit test coverage for all www-prefixing scenarios This ensures rpIds are properly normalized to `https://www.{domain}` format before querying Digital Asset Links, improving passkey authentication success rates for websites using www subdomains. ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## 🦮 Reviewer guidelines <!-- Suggested interactions but feel free to use (or not) as you desire! --> - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-01 20:14:51 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#54601
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?