[PM-16978] Add support for fido2 2fa on mac

[quexten]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-16978

📔 Objective

Fido2 on electron desktop on mac works, when no pin is required, only the pin is unimplemented. Therefore, we can just enable it for 2fa.

📸 Screenshots

Screen.Recording.2025-01-13.at.13.13.50.mov

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 4d772acb-72d5-48da-8fad-a2a9413c4086

Great job, no security vulnerabilities found in this Pull Request

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.

Project coverage is 34.13%. Comparing base (c1e3836) to head (814cee0).
Report is 21 commits behind head on main.

✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...atform/services/electron-platform-utils.service.ts	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #12823      +/-   ##
==========================================
- Coverage   34.13%   34.13%   -0.01%     
==========================================
  Files        2936     2936              
  Lines       90428    90441      +13     
  Branches    16988    16992       +4     
==========================================
+ Hits        30869    30871       +2     
- Misses      57102    57112      +10     
- Partials     2457     2458       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Hinton]

I suspect there are several flows which do trigger prompts. Security Keys can be configured to always perform UV. TouchID might need UV?

It should be clear to the user that they need to change 2fa method as the default tends to be WebAuthn which might not work.

[Hinton]

Comment should be updated.

[quexten]

Updated the comment. Also doesn't seem like electron will ever add support here, so I removed the reference to the PR and noted this has to be added in a different way.

[Hinton]

Did we plan on improving the error message for users with touchID? Returning NotAllowedError is suboptimal

[quexten]

Sorry, should have linked that. The notallowederror is only present on the old two-factor component, but I've submitted the fix for that here: #12830; the new component shows:

[Hinton]

@quexten That error is not particularly useful to users with a TouchID 2fa though? They would need to get the error, go to our help page and troubleshoot the problem themselves to identify that the platform doesn't support non security keys?