Page MenuHomePhabricator
Differential D10657

[shared][protos] update UpdateUserPassword and DeleteUser workflows to match whitepaper
AbandonedPublic
Actions

Authored by varun on Jan 16 2024, 11:01 PM.
Tags
None
Referenced Files
Unknown Object (File)
Apr 4 2024, 6:34 PM
Unknown Object (File)
Mar 6 2024, 7:14 PM
Unknown Object (File)
Mar 6 2024, 7:14 PM
Unknown Object (File)
Mar 6 2024, 7:13 PM
Unknown Object (File)
Mar 6 2024, 5:09 PM
Unknown Object (File)
Mar 4 2024, 8:10 PM
Unknown Object (File)
Feb 13 2024, 5:07 AM
Unknown Object (File)
Feb 5 2024, 8:30 PM
View All 13 Files
Subscribers
None

Details

Reviewers
ashoat
bartek
tomek
Summary

In the whitepaper, the protocol for updating a user's password involves running password-based login (with the existing password) before re-running password-based registration (with the new password). Presumably, we'll want to run password-based login before deleting a user's account, too.

This diff updates identity_auth.proto to run password-based login as part of the UpdateUserPassword and DeleteUser workflows. Once this is finalized, I'll update this diff to include the grpc-web, identity service, and other client changes.

Test Plan

none for now. will update this after proto changes are finalized

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

varun created this revision.Jan 16 2024, 11:01 PM
varun published this revision for review.Jan 16 2024, 11:02 PM

skipping CI for now since this diff will need another pass after the proto changes are finalized

Harbormaster failed remote builds in B25819: Diff 35699!Jan 16 2024, 11:08 PM
ashoat resigned from this revision.Jan 17 2024, 8:28 AM

The proto changes look correct to me, but I'm not familiar enough with the OPAQUE stuff to review it. Resigning to allow somebody else to take a look.

Once this is finalized, I'll update this diff to include the grpc-web, identity service, and other client changes.

Feel free to re-add me later if you'd like me to review the grpc-web or client changes!

varun planned changes to this revision.Jan 17 2024, 9:17 AM

great! i feel pretty confident that the OPAQUE stuff is correct so i'll take this diff off reviewers' queues while i update it to include the grpc-web, identity service, and other client changes.

varun updated this revision to Diff 35865.Jan 18 2024, 9:59 PM
This comment was removed by varun.
varun added a child revision: D10738: [identity] identity service changes corresponding to proto updates.Jan 18 2024, 10:05 PM
Harbormaster failed remote builds in B25943: Diff 35865!Jan 18 2024, 10:05 PM
varun added 1 blocking reviewer(s): ashoat.Jan 18 2024, 10:25 PM

Re-requesting review because I changed this substantially. I added a new RPC to distinguish between deleting a wallet account and a password account and I added username to the ...Start request messages because i think it makes it harder for clients to misuse these APIs (e.g. call the DeletePasswordUserStart RPC for a wallet user)

varun added a comment.Jan 18 2024, 10:27 PM

I'm blocked on the grpc-web client changes currently (ENG-6472) but won't land this stack until the last diff passes the CI

varun planned changes to this revision.Jan 18 2024, 11:21 PM

I need to separate this out into two diffs. One for UpdateUserPassword changes and another for DeletePasswordUser/DeleteWalletUser

varun abandoned this revision.Mon, Apr 8, 7:42 AM

Revision Contents
Changeset List

PathSize
shared/
protos/
61 lines

Diff 35865

View Options

shared/protos/identity_auth.proto

Loading...