Page MenuHomePhabricator
Differential D10493

[keyserver] olm auth responder
ClosedPublic
Actions

Authored by varun on Dec 29 2023, 8:47 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Jan 27, 8:18 PM
Unknown Object (File)
Tue, Jan 21, 4:08 PM
Unknown Object (File)
Jan 12 2025, 7:42 AM
Unknown Object (File)
Jan 12 2025, 7:21 AM
Unknown Object (File)
Jan 12 2025, 6:57 AM
Unknown Object (File)
Jan 12 2025, 6:57 AM
Unknown Object (File)
Jan 10 2025, 6:03 AM
Unknown Object (File)
Jan 6 2025, 7:59 AM
View All 82 Files
Subscribers
None

Details

Reviewers
ashoat
atul
inka
tomek
Commits
rCOMM5274f74c1c2a: [keyserver] olm auth responder
Summary

this diff introduces the olm auth responder

Test Plan

successfully called the olm auth responder by calling the olm auth action from native.

  • confirmed that we don't create a new account on keyserver if doNotRegister is true
  • if olm session creation fails, the responder returns an error and the OLM_AUTH_FAILED action type is dispatched

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

varun created this revision.Dec 29 2023, 8:47 AM
varun added a parent revision: D10492: [keyserver] processOlmAccountCreation.Dec 29 2023, 8:48 AM
varun published this revision for review.Dec 29 2023, 8:51 AM
Harbormaster completed remote builds in B25404: Diff 35102.Dec 29 2023, 9:04 AM
varun added inline comments.Dec 29 2023, 9:42 AM
keyserver/src/responders/user-responders.js
334–349 ↗(On Diff #35102)

i think i can just do this actually

ashoat added inline comments.Dec 29 2023, 10:59 AM
keyserver/src/responders/user-responders.js
719 ↗(On Diff #35102)

We need doNotRegister in siweAuthResponder because we have two places where we allow users to log in with an existing SIWE account but NOT register a new one:

  1. web
  2. native login flow

We don't have that problem in other responders, where we separate login and registration.

Regarding the new olm_auth responder, I'm not sure we need doNotRegister. It's no longer the responsibility of the keyserver to handle registration.

740 ↗(On Diff #35102)

I think we can drop this since we don't need doNotRegister

752 ↗(On Diff #35102)

We don't need to wait for the earlier await before this one. This can be moved up to that Promise.all

756–759 ↗(On Diff #35102)

What's the difference between identityInfo.userId and identifier.userID?

ashoat added inline comments.Dec 29 2023, 11:02 AM
keyserver/src/responders/user-responders.js
740 ↗(On Diff #35102)

Actually, we DO need this so we know to trigger processOLMAccountCreation. But we should be able to fetch the same data based on userID rather than username

ashoat requested changes to this revision.Dec 29 2023, 11:13 AM
ashoat added inline comments.
keyserver/src/responders/user-responders.js
330–333 ↗(On Diff #35102)

Why do we block on this now? Previously it looks like we were able to generate the cookie at the same time

334–349 ↗(On Diff #35102)

That makes sense. I would additionally wrap the whole thing in an async IIFE so you can run it in parallel with the policies check (assuming we want to keep that in parallel)

388 ↗(On Diff #35102)

Can we add a comment explaining why we do content vs notifications differently here?

772 ↗(On Diff #35102)

Can we add a comment explaining why we do content vs notifications differently here?

This revision now requires changes to proceed.Dec 29 2023, 11:13 AM
varun marked 9 inline comments as done.Jan 5 2024, 10:45 PM
varun added inline comments.
keyserver/src/responders/user-responders.js
330–333 ↗(On Diff #35102)

we shouldn't. wrapped the set cookie logic in an async iife so that we don't have to block

756–759 ↗(On Diff #35102)

identityInfo.userId is the keyserver's user ID (needed to validate the CSAT). identifier.userID is the userID of the auth responder caller.

varun updated this revision to Diff 35331.Jan 5 2024, 10:45 PM
varun marked 2 inline comments as done.

address feedback

Harbormaster failed remote builds in B25565: Diff 35331!Jan 5 2024, 11:13 PM
varun added inline comments.Jan 5 2024, 11:17 PM
keyserver/src/responders/user-responders.js
29 ↗(On Diff #35331)

not sure what happened here but i'll make sure to add the .js suffix back

ashoat mentioned this in D10491: [keyserver] separate olm session creation and persistence.Jan 6 2024, 6:03 AM
ashoat accepted this revision.Jan 6 2024, 6:20 AM

PS – created ENG-6369 for the iOS CI issue

keyserver/src/responders/user-responders.js
329 ↗(On Diff #35331)

Nit: I'd reverse condition and reduce indentation here... it's more lines than the other ones

772–803 ↗(On Diff #35331)

Can we do steps 3 and 4 at the same time?

788 ↗(On Diff #35331)

Do we really need this variable? Looks like it's always equal to !existingUsername

This revision is now accepted and ready to land.Jan 6 2024, 6:20 AM
Harbormaster completed remote builds in B25565: Diff 35331.Jan 6 2024, 6:20 AM
varun marked 2 inline comments as done.Jan 9 2024, 8:44 PM
varun added inline comments.
keyserver/src/responders/user-responders.js
772–803 ↗(On Diff #35331)

yeah i think we can

788 ↗(On Diff #35331)

we don't

varun marked an inline comment as done.Jan 9 2024, 8:48 PM
Closed by commit rCOMM5274f74c1c2a: [keyserver] olm auth responder (authored by varun). · Explain WhyJan 9 2024, 9:31 PM
This revision was automatically updated to reflect the committed changes.
varun added a commit: rCOMM5274f74c1c2a: [keyserver] olm auth responder.

Revision Contents
Changeset List

PathSize
keyserver/
src/
8 lines
responders/
187 lines

Diff 35446

View Options

keyserver/src/endpoints.js

Loading...
View Options

keyserver/src/responders/user-responders.js

Loading...