Resolve "U2F: Allow using U2F in Chrome for Android"
Preface
This is basically my old MR (gitlab-ce!19942) which was closed as part of the CE / EE unification process (I hope my procedure of "reopening" the MR was right). I did some refactoring, added a spec and rebased the branch, but nothing fundamental changed.
However, in the long run replacing all this U2F code and switching to WebAuthn (as described in gitlab-ce#47084) might be preferable.
What does this MR do?
This MR improves the detection if we can use U2F in the browser, so that U2F can be used more often (for example in Chrome for Android).
Are there points in the code the reviewer needs to double check?
The now used mix of browser and feature detection is not perfect, which is mainly due to the fact that the individual browsers implement the feature differently (I couldn't find the "perfect" way).
This can lead to browsers being mistakenly regarded as supported, i.e. the user has to switch manually to the regular 2FA dialog. Thus !19938 (merged) is sometimes being thwarted here, but I don't think that's a real problem.
Additionally, testing some part of this code (the getApiVersion behaviour) is quite hard as this is very browser specific.
Why was this MR needed?
As described in gitlab-ee#778, the previous detection gave up too often too quickly so that users could not use the functionality, although it would have been technically possible.
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Tests updated for this feature/bug - Conform by the code review guidelines
-
Has been reviewed by a Frontend maintainer
-
-
Conform by the merge request performance guides -
Conform by the style guides -
If you have multiple commits, please combine them into a few logically organized commits by squashing them
What are the relevant issue numbers?
Closes #778 (moved), gitlab-ce#52440