Show more request context in the UI (fix #69)

msirringhaus · msirringhaus · commit 69dd5799b8e7 · 2025-10-29T13:16:04.000+01:00
diff --git a/credentialsd-common/src/server.rs b/credentialsd-common/src/server.rs
@@ -484,6 +484,8 @@ where
 pub struct ViewRequest {
     pub operation: Operation,
     pub id: RequestId,
+    pub rp_id: String,
+    pub requesting_app: String,
 }
 
 fn value_to_owned(value: &Value<'_>) -> OwnedValue {
diff --git a/credentialsd-ui/po/credentialsd-ui.pot b/credentialsd-ui/po/credentialsd-ui.pot
@@ -3,7 +3,7 @@ msgstr ""
 "Project-Id-Version: credentialsd-ui\n"
 "Report-Msgid-Bugs-To: \"https://github.com/linux-credentials/credentialsd/"
 "issues\"\n"
-"POT-Creation-Date: 2025-10-24 08:05+0200\n"
+"POT-Creation-Date: 2025-10-29 13:04+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language: \n"
@@ -111,7 +111,7 @@ msgstr ""
 msgid "Something went wrong."
 msgstr ""
 
-#: data/resources/ui/window.ui:217 src/gui/view_model/mod.rs:233
+#: data/resources/ui/window.ui:217 src/gui/view_model/mod.rs:247
 msgid ""
 "Something went wrong while retrieving a credential. Please try again later "
 "or use a different authenticator."
@@ -187,32 +187,36 @@ msgstr ""
 msgid "A security key"
 msgstr ""
 
-#: src/gui/view_model/mod.rs:65
-msgid "Create new credential"
+#: src/gui/view_model/mod.rs:70
+msgid "unknown application"
 msgstr ""
 
-#: src/gui/view_model/mod.rs:66
-msgid "Use a credential"
+#: src/gui/view_model/mod.rs:75
+msgid "Create a new credential for %s1 via %s2"
 msgstr ""
 
-#: src/gui/view_model/mod.rs:173
+#: src/gui/view_model/mod.rs:76
+msgid "Use a credential on %s1 via %s2"
+msgstr ""
+
+#: src/gui/view_model/mod.rs:187
 msgid "Failed to select credential from device."
 msgstr ""
 
-#: src/gui/view_model/mod.rs:227
+#: src/gui/view_model/mod.rs:241
 msgid "No matching credentials found on this authenticator."
 msgstr ""
 
-#: src/gui/view_model/mod.rs:230
+#: src/gui/view_model/mod.rs:244
 msgid ""
 "No more PIN attempts allowed. Try removing your device and plugging it back "
 "in."
 msgstr ""
 
-#: src/gui/view_model/mod.rs:236
+#: src/gui/view_model/mod.rs:250
 msgid "This credential is already registered on this authenticator."
 msgstr ""
 
-#: src/gui/view_model/mod.rs:284
+#: src/gui/view_model/mod.rs:298
 msgid "Something went wrong. Try again later or use a different authenticator."
 msgstr ""
diff --git a/credentialsd-ui/po/de_DE.po b/credentialsd-ui/po/de_DE.po
@@ -3,7 +3,7 @@ msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \"https://github.com/linux-credentials/credentialsd/"
 "issues\"\n"
-"POT-Creation-Date: 2025-10-24 08:05+0200\n"
+"POT-Creation-Date: 2025-10-29 13:04+0100\n"
 "PO-Revision-Date: 2025-10-10 14:45+0200\n"
 "Last-Translator: Martin Sirringhaus <martin.sirringhaus@suse.com>\n"
 "Language: de_DE\n"
@@ -106,7 +106,7 @@ msgstr "Fertig!"
 msgid "Something went wrong."
 msgstr "Etwas ist schief gegangen."
 
-#: data/resources/ui/window.ui:217 src/gui/view_model/mod.rs:233
+#: data/resources/ui/window.ui:217 src/gui/view_model/mod.rs:247
 msgid ""
 "Something went wrong while retrieving a credential. Please try again later "
 "or use a different authenticator."
@@ -188,35 +188,41 @@ msgstr "Ein NFC-Gerät"
 msgid "A security key"
 msgstr "Ein Security-Token"
 
-#: src/gui/view_model/mod.rs:65
-msgid "Create new credential"
-msgstr "Neue Zugangsdaten erstellen"
+#: src/gui/view_model/mod.rs:70
+msgid "unknown application"
+msgstr "unbekannter Applikation"
 
-#: src/gui/view_model/mod.rs:66
-msgid "Use a credential"
-msgstr "Zugangsdaten abrufen"
+#: src/gui/view_model/mod.rs:75
+#, fuzzy
+msgid "Create a new credential for %s1 via %s2"
+msgstr "Neue Zugangsdaten für %s1 via %s2 erstellen"
+
+#: src/gui/view_model/mod.rs:76
+#, fuzzy
+msgid "Use a credential on %s1 via %s2"
+msgstr "Zugangsdaten für %s1 via %s2 abrufen"
 
-#: src/gui/view_model/mod.rs:173
+#: src/gui/view_model/mod.rs:187
 msgid "Failed to select credential from device."
 msgstr "Zugangsdaten vom Gerät konnten nicht ausgewählt werden."
 
-#: src/gui/view_model/mod.rs:227
+#: src/gui/view_model/mod.rs:241
 msgid "No matching credentials found on this authenticator."
 msgstr "Keine passenden Zugangsdaten auf diesem Gerät gefunden."
 
-#: src/gui/view_model/mod.rs:230
+#: src/gui/view_model/mod.rs:244
 msgid ""
 "No more PIN attempts allowed. Try removing your device and plugging it back "
 "in."
 msgstr ""
 "Keine weiteren PIN-Eingaben erlaubt. Versuchen Sie ihr Gerät aus- und wieder "
 "einzustecken."
 
-#: src/gui/view_model/mod.rs:236
+#: src/gui/view_model/mod.rs:250
 msgid "This credential is already registered on this authenticator."
 msgstr "Diese Zugangsdaten sind bereits auf diesem Gerät registriert."
 
-#: src/gui/view_model/mod.rs:284
+#: src/gui/view_model/mod.rs:298
 msgid "Something went wrong. Try again later or use a different authenticator."
 msgstr ""
 "Es ist ein Fehler aufgetreten. Bitte versuchen Sie es später noch einmal, "
diff --git a/credentialsd-ui/po/en_US.po b/credentialsd-ui/po/en_US.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \"https://github.com/linux-credentials/credentialsd/"
 "issues\"\n"
-"POT-Creation-Date: 2025-10-24 08:05+0200\n"
+"POT-Creation-Date: 2025-10-29 13:04+0100\n"
 "PO-Revision-Date: 2025-10-10 14:45+0200\n"
 "Last-Translator: Martin Sirringhaus <martin.sirringhaus@suse.com>\n"
 "Language: en_US\n"
@@ -107,7 +107,7 @@ msgstr "Done!"
 msgid "Something went wrong."
 msgstr "Something went wrong."
 
-#: data/resources/ui/window.ui:217 src/gui/view_model/mod.rs:233
+#: data/resources/ui/window.ui:217 src/gui/view_model/mod.rs:247
 msgid ""
 "Something went wrong while retrieving a credential. Please try again later "
 "or use a different authenticator."
@@ -188,35 +188,41 @@ msgstr "An NFC device"
 msgid "A security key"
 msgstr "A security key"
 
-#: src/gui/view_model/mod.rs:65
-msgid "Create new credential"
-msgstr "Create new credential"
+#: src/gui/view_model/mod.rs:70
+msgid "unknown application"
+msgstr "unknown application"
 
-#: src/gui/view_model/mod.rs:66
-msgid "Use a credential"
-msgstr "Use a credential"
+#: src/gui/view_model/mod.rs:75
+#, fuzzy
+msgid "Create a new credential for %s1 via %s2"
+msgstr "Create a new credential for %s1 via %s2"
+
+#: src/gui/view_model/mod.rs:76
+#, fuzzy
+msgid "Use a credential on %s1 via %s2"
+msgstr "Use a credential on %s1 via %s2"
 
-#: src/gui/view_model/mod.rs:173
+#: src/gui/view_model/mod.rs:187
 msgid "Failed to select credential from device."
 msgstr "Failed to select credential from device."
 
-#: src/gui/view_model/mod.rs:227
+#: src/gui/view_model/mod.rs:241
 msgid "No matching credentials found on this authenticator."
 msgstr "No matching credentials found on this authenticator."
 
-#: src/gui/view_model/mod.rs:230
+#: src/gui/view_model/mod.rs:244
 msgid ""
 "No more PIN attempts allowed. Try removing your device and plugging it back "
 "in."
 msgstr ""
 "No more PIN attempts allowed. Try removing your device and plugging it back "
 "in."
 
-#: src/gui/view_model/mod.rs:236
+#: src/gui/view_model/mod.rs:250
 msgid "This credential is already registered on this authenticator."
 msgstr "This credential is already registered on this authenticator."
 
-#: src/gui/view_model/mod.rs:284
+#: src/gui/view_model/mod.rs:298
 msgid "Something went wrong. Try again later or use a different authenticator."
 msgstr ""
 "Something went wrong. Try again later or use a different authenticator."
diff --git a/credentialsd-ui/src/gui/mod.rs b/credentialsd-ui/src/gui/mod.rs
@@ -27,19 +27,19 @@ fn run_gui<F: FlowController + Send + Sync + 'static>(
     flow_controller: Arc<AsyncMutex<F>>,
     request: ViewRequest,
 ) {
-    let operation = request.operation;
     let (tx_update, rx_update) = async_std::channel::unbounded::<ViewUpdate>();
     let (tx_event, rx_event) = async_std::channel::unbounded::<ViewEvent>();
     let event_loop = async_std::task::spawn(async move {
+        let request_id = request.id;
         let mut vm =
-            view_model::ViewModel::new(operation, flow_controller.clone(), rx_event, tx_update);
+            view_model::ViewModel::new(request, flow_controller.clone(), rx_event, tx_update);
         vm.start_event_loop().await;
         tracing::debug!("Finishing user request.");
         // If cancellation fails, that's fine.
         let _ = flow_controller
             .lock()
             .await
-            .cancel_request(request.id)
+            .cancel_request(request_id)
             .await;
     });
 
diff --git a/credentialsd-ui/src/gui/view_model/mod.rs b/credentialsd-ui/src/gui/view_model/mod.rs
@@ -7,6 +7,7 @@ use async_std::{
     channel::{Receiver, Sender},
     sync::Mutex as AsyncMutex,
 };
+use credentialsd_common::server::ViewRequest;
 use gettextrs::gettext;
 use serde::{Deserialize, Serialize};
 use tracing::{error, info};
@@ -29,6 +30,8 @@ where
     rx_event: Receiver<ViewEvent>,
     title: String,
     operation: Operation,
+    rp_id: String,
+    requesting_app: String,
 
     // This includes devices like platform authenticator, USB, hybrid
     devices: Vec<Device>,
@@ -42,7 +45,7 @@ where
 
 impl<F: FlowController + Send> ViewModel<F> {
     pub(crate) fn new(
-        operation: Operation,
+        request: ViewRequest,
         flow_controller: Arc<AsyncMutex<F>>,
         rx_event: Receiver<ViewEvent>,
         tx_update: Sender<ViewUpdate>,
@@ -51,7 +54,9 @@ impl<F: FlowController + Send> ViewModel<F> {
             flow_controller,
             rx_event,
             tx_update,
-            operation,
+            operation: request.operation,
+            rp_id: request.rp_id,
+            requesting_app: request.requesting_app,
             title: String::default(),
             devices: Vec::new(),
             selected_device: None,
@@ -61,11 +66,20 @@ impl<F: FlowController + Send> ViewModel<F> {
     }
 
     async fn update_title(&mut self) {
-        self.title = match self.operation {
-            Operation::Create => gettext("Create new credential"),
-            Operation::Get => gettext("Use a credential"),
+        let requesting_app = if self.requesting_app.is_empty() {
+            gettext("unknown application")
+        } else {
+            self.requesting_app.clone()
+        };
+        let mut title = match self.operation {
+            Operation::Create => gettext("Create a new credential for %s1 via %s2"),
+            Operation::Get => gettext("Use a credential on %s1 via %s2"),
         }
         .to_string();
+
+        title = title.replace("%s1", &self.rp_id);
+        title = title.replace("%s2", &requesting_app);
+        self.title = title;
         self.tx_update
             .send(ViewUpdate::SetTitle(self.title.to_string()))
             .await
diff --git a/credentialsd/src/credential_service/mod.rs b/credentialsd/src/credential_service/mod.rs
@@ -101,6 +101,7 @@ impl<H: HybridHandler + Debug, U: UsbHandler + Debug, UC: UiController + Debug>
     pub async fn init_request(
         &self,
         request: &CredentialRequest,
+        requesting_app: Option<String>,
         tx: Sender<Result<CredentialResponse, CredentialServiceError>>,
     ) {
         let request_id = {
@@ -126,9 +127,15 @@ impl<H: HybridHandler + Debug, U: UsbHandler + Debug, UC: UiController + Debug>
             CredentialRequest::CreatePublicKeyCredentialRequest(_) => Operation::Create,
             CredentialRequest::GetPublicKeyCredentialRequest(_) => Operation::Get,
         };
+        let rp_id = match &request {
+            CredentialRequest::CreatePublicKeyCredentialRequest(r) => r.relying_party.id.clone(),
+            CredentialRequest::GetPublicKeyCredentialRequest(r) => r.relying_party_id.clone(),
+        };
         let view_request = ViewRequest {
             operation,
             id: request_id,
+            rp_id,
+            requesting_app: requesting_app.unwrap_or_default(), // We can't send Options, so we send an empty string instead, if we don't know the peer
         };
 
         let launch_ui_response = self
@@ -364,7 +371,11 @@ mod test {
                 cred_service
                     .lock()
                     .await
-                    .init_request(&request, request_tx)
+                    .init_request(
+                        &request,
+                        Some(String::from("test_hybrid_sets_credential")),
+                        request_tx,
+                    )
                     .await;
                 user.request_hybrid_credential().await;
                 tokio::time::timeout(Duration::from_secs(5), request_rx)
diff --git a/credentialsd/src/dbus/flow_control.rs b/credentialsd/src/dbus/flow_control.rs
@@ -43,6 +43,7 @@ pub async fn start_flow_control_service<
     Connection,
     Sender<(
         CredentialRequest,
+        Option<String>, // Application name sending the request
         oneshot::Sender<Result<CredentialResponse, CredentialServiceError>>,
     )>,
 )> {
@@ -66,8 +67,11 @@ pub async fn start_flow_control_service<
     let (initiator_tx, mut initiator_rx) = mpsc::channel(2);
     tokio::spawn(async move {
         let svc = svc2;
-        while let Some((msg, tx)) = initiator_rx.recv().await {
-            svc.lock().await.init_request(&msg, tx).await;
+        while let Some((msg, requesting_app, tx)) = initiator_rx.recv().await {
+            svc.lock()
+                .await
+                .init_request(&msg, requesting_app, tx)
+                .await;
         }
     });
     Ok((conn, initiator_tx))
@@ -300,24 +304,30 @@ enum SignalState {
 pub trait CredentialRequestController {
     fn request_credential(
         &self,
+        requesting_app: Option<String>,
         request: CredentialRequest,
     ) -> impl Future<Output = Result<CredentialResponse, WebAuthnError>> + Send;
 }
 
 pub struct CredentialRequestControllerClient {
     pub initiator: Sender<(
         CredentialRequest,
+        Option<String>, // Application name sending the request
         oneshot::Sender<Result<CredentialResponse, CredentialServiceError>>,
     )>,
 }
 
 impl CredentialRequestController for CredentialRequestControllerClient {
     async fn request_credential(
         &self,
+        requesting_app: Option<String>,
         request: CredentialRequest,
     ) -> Result<CredentialResponse, WebAuthnError> {
         let (tx, rx) = oneshot::channel();
-        self.initiator.send((request, tx)).await.unwrap();
+        self.initiator
+            .send((request, requesting_app, tx))
+            .await
+            .unwrap();
         let response = rx.await.map_err(|_| {
             tracing::error!("Credential response channel closed prematurely");
             WebAuthnError::NotAllowedError
diff --git a/credentialsd/src/dbus/gateway.rs b/credentialsd/src/dbus/gateway.rs

Original file line number	Diff line number	Diff line change
`@@ -484,6 +484,8 @@ where`
`484`	`484`	`pub struct ViewRequest {`
`485`	`485`	`pub operation: Operation,`
`486`	`486`	`pub id: RequestId,`
	`487`	`+ pub rp_id: String,`
	`488`	`+ pub requesting_app: String,`
`487`	`489`	`}`
`488`	`490`
`489`	`491`	`fn value_to_owned(value: &Value<'_>) -> OwnedValue {`