Page MenuHomePhabricator
Differential D10834

[lib] Logout after failing to auth with Ashoat's keyserver
ClosedPublic
Actions

Authored by tomek on Jan 26 2024, 6:29 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, May 22, 11:51 AM
Unknown Object (File)
Wed, May 22, 9:38 AM
Unknown Object (File)
Wed, May 22, 9:38 AM
Unknown Object (File)
Wed, May 22, 9:38 AM
Unknown Object (File)
Wed, May 22, 9:38 AM
Unknown Object (File)
Mar 7 2024, 11:02 AM
Unknown Object (File)
Mar 7 2024, 9:05 AM
Unknown Object (File)
Mar 7 2024, 9:05 AM
View All 18 Files
Subscribers
ashoat

Details

Reviewers
varun
inka
kamil
ashoat
Commits
rCOMM2223dde652af: [lib] Logout after failing to auth with Ashoat's keyserver
Summary

https://linear.app/comm/issue/ENG-6400/log-the-user-out-of-identity-if-login-to-ashoats-keyserver-fails

Depends on D10831

Test Plan

Throw an exception while logging in to the keyserver and check if a user gets logged out. At this point the action doesn't log out from identity (should be implemented as a part of https://linear.app/comm/issue/ENG-1075/have-clients-registerlogin-directly-with-identity-service-to-then-log) but in https://linear.app/comm/issue/ENG-6424/delete-state-on-identity-login-logout-delete-account we've decided it will be the same action which logs out from a keyserver.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

tomek created this revision.Jan 26 2024, 6:29 AM
Herald added a subscriber: ashoat. · View Herald TranscriptJan 26 2024, 6:29 AM
tomek updated this revision to Diff 36163.Jan 26 2024, 6:36 AM

Check if dataLoaded

tomek added inline comments.Jan 26 2024, 6:38 AM
lib/components/keyserver-connection-handler.js
147 ↗(On Diff #36163)

We shouldn't log out on every failed attempt. If we were able to successfully log in, then e.g. connection issue shouldn't log the user out.

Harbormaster completed remote builds in B26180: Diff 36162.Jan 26 2024, 6:48 AM
Harbormaster completed remote builds in B26181: Diff 36163.Jan 26 2024, 6:54 AM
tomek requested review of this revision.Jan 26 2024, 6:54 AM
tomek added a child revision: D10842: [lib] Don't automatically log out on connection issue when using CSAT.Jan 26 2024, 8:48 AM
ashoat added inline comments.Jan 26 2024, 6:53 PM
lib/components/keyserver-connection-handler.js
147 ↗(On Diff #36163)

This feels a bit messy, but not sure I can think of an obviously better solution.

Separately, we should think about how to handle session invalidation with my keyserver. I suppose that too should cause a forced logout. I wonder if we should handle that forced logout here, in CallKeyserverEndpointProvider, callSingleKeyserverEndpoint, or somewhere else

tomek added inline comments.Jan 29 2024, 6:43 AM
lib/components/keyserver-connection-handler.js
147 ↗(On Diff #36163)

I'm not sure if the forced logout is necessary.

  1. The app should work fine if it is disconnected from any keyserver. We need your keyserver initially, e.g. to get the data that isn't yet moved to a more appropriate place, but the app should work fine without it (it is the same as e.g. keyserver going offline for some time).
  2. Our session recovery should be able to fix the session. Not sure if there are some scenarios where retrying later won't fix it.
ashoat accepted this revision.Feb 2 2024, 3:33 PM
ashoat added inline comments.
lib/components/keyserver-connection-handler.js
147 ↗(On Diff #36163)

We certainly should not log out before attempting session recovery. But what happens if keyserverAuth fails during session recovery for my keyserver?

There's a possibility that keyserverAuth fails due to network connectivity issues, even though the session invalidation was delivered across the network. But keyserverAuth can also fail due to a mismatch between the keys that the keyserver is using, and the keys that the client is getting from the identity service for that keyserver.

I think that there's no need to log the user out due to network connectivity issues, but it might be a good idea to log them out if there is a key mismatch, since that likely indicates a persistent inability for the client to connect to my keyserver, which might result in broken functionality.

Either way, this is a discussion for another diff.

This revision is now accepted and ready to land.Feb 2 2024, 3:33 PM
tomek added inline comments.Feb 5 2024, 6:56 AM
lib/components/keyserver-connection-handler.js
147 ↗(On Diff #36163)

Created a task to track https://linear.app/comm/issue/ENG-6679/handle-auth-failure-during-session-recovery

Closed by commit rCOMM2223dde652af: [lib] Logout after failing to auth with Ashoat's keyserver (authored by tomek). · Explain WhyFeb 5 2024, 7:23 AM
This revision was automatically updated to reflect the committed changes.
tomek added a commit: rCOMM2223dde652af: [lib] Logout after failing to auth with Ashoat's keyserver.

Revision Contents
Changeset List

PathSize
lib/
components/
6 lines

Diff 36623

View Options

lib/components/keyserver-connection-handler.js

Loading...