Page MenuHomePhabricator
Differential D10972

[lib] Clear sessionRecoveryInProgress during auth / deauth
ClosedPublic
Actions

Authored by ashoat on Feb 6 2024, 12:23 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mar 8 2024, 3:26 AM
Unknown Object (File)
Mar 8 2024, 3:25 AM
Unknown Object (File)
Mar 8 2024, 3:25 AM
Unknown Object (File)
Mar 8 2024, 3:25 AM
Unknown Object (File)
Mar 8 2024, 3:25 AM
Unknown Object (File)
Mar 2 2024, 1:39 PM
Unknown Object (File)
Feb 29 2024, 11:24 AM
Unknown Object (File)
Feb 21 2024, 1:35 AM
View All 18 Files
Subscribers
None

Details

Reviewers
tomek
inka
Commits
rCOMM9cf7e4aac023: [lib] Clear sessionRecoveryInProgress during auth / deauth
Summary

This is basically the login/logout case. When a keyserver is authorized or deauthorized, we should clear any active session recovery. These are the same cases when we clear the connectionIssue.

Depends on D10970

Test Plan
  1. Test successful session invalidation in single keyserver world
    1. I prevented the Socket from rendering by adding a return null line before the other returns in KeyserverConnectionHandler. This avoided the Socket triggering session recovery.
    2. I started the iOS simulator and logged in using a test user.
    3. I opened the Redux Dev Tools
    4. I deleted the test user's cookie from the MariaDB database: DELETE FROM cookies WHERE user = 6390578 AND platform = 'ios'
    5. I sent a message as the test user
    6. I confirmed that session recovery was triggered in the Redux dev tools (and through some console logs)
    7. I repeated the process above several times to make sure it consistently worked multiple times in a single run
    8. I confirmed that the message was delivered "transparently" (without any visible issues, or evidence of session invalidation)
  2. Test failed session invalidation in single keyserver world
    1. I ran through the above test, but I hacked legacy-recover-keyserver-session.js to use the wrong password so the session recovery would fail
    2. I confirmed that I was logged out, and that an alert appeared explaining that my session was invalidated
  3. Test logging out during session recovery
    1. I triggered an infinite loop of session recoveries by running through the above test, but swallowing the SET_NEW_SESSION
    2. I logged out of the app
    3. I confirmed that the session recovery loop stopped, and that I was logged out successfully

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

ashoat created this revision.Feb 6 2024, 12:23 PM
Harbormaster completed remote builds in B26586: Diff 36734.Feb 6 2024, 12:40 PM
ashoat requested review of this revision.Feb 6 2024, 12:40 PM
tomek accepted this revision.Feb 7 2024, 6:37 AM
This revision is now accepted and ready to land.Feb 7 2024, 6:37 AM
ashoat mentioned this in D10954: [lib] Move CallKeyserverEndpoint session recovery to KeyserverConnectionHandler.Feb 7 2024, 7:18 AM
ashoat added a comment.Feb 7 2024, 7:23 AM

After receiving a comment from @tomek here, I reviewed this diff in more detail. I think there's one edge case I missed, and one case that should arguably be simplified

lib/reducers/keyserver-reducer.js
110 ↗(On Diff #36734)

Since this results in isUserAuthenticated becoming false (see point 2 here), we should also set sessionRecoveryInProgress to false

166 ↗(On Diff #36734)

This should cover all cases where isUserAuthenticated becomes false (see point 2 here). That said, it might be worth simplifying this case to instead just check if sessionChange.cookie !== undefined

ashoat updated this revision to Diff 36805.Feb 7 2024, 1:28 PM

Changes described above

Harbormaster completed remote builds in B26634: Diff 36805.Feb 7 2024, 1:44 PM
tomek accepted this revision.Feb 8 2024, 1:48 AM
tomek added inline comments.
lib/reducers/keyserver-reducer.js
146–174 ↗(On Diff #36805)

This isn't related to this diff but having this flag makes this code fragile and can be easily avoided.

ashoat updated this revision to Diff 36851.Feb 8 2024, 7:30 AM

@tomek's suggestion

Harbormaster completed remote builds in B26654: Diff 36851.Feb 8 2024, 7:51 AM
ashoat updated this revision to Diff 37551.Feb 23 2024, 2:06 PM

Rebase

Harbormaster failed remote builds in B27134: Diff 37551!Feb 23 2024, 3:08 PM
Harbormaster completed remote builds in B27134: Diff 37551.Feb 26 2024, 2:30 PM
ashoat updated this revision to Diff 37630.Feb 26 2024, 6:15 PM

Rebase

Harbormaster completed remote builds in B27192: Diff 37630.Feb 26 2024, 6:33 PM
ashoat updated this revision to Diff 37738.Mar 3 2024, 5:48 PM

Rebase

Harbormaster completed remote builds in B27261: Diff 37738.Mar 3 2024, 6:04 PM
ashoat updated this revision to Diff 37742.Mar 3 2024, 8:37 PM

Rebase

ashoat added a child revision: D11210: [lib][native] Separate out recoveryActionSources.Mar 3 2024, 8:40 PM
Harbormaster completed remote builds in B27265: Diff 37742.Mar 3 2024, 8:52 PM
Closed by commit rCOMM9cf7e4aac023: [lib] Clear sessionRecoveryInProgress during auth / deauth (authored by ashoat). · Explain WhyMar 5 2024, 8:52 AM
This revision was automatically updated to reflect the committed changes.
ashoat added a commit: rCOMM9cf7e4aac023: [lib] Clear sessionRecoveryInProgress during auth / deauth.

Revision Contents
Changeset List

PathSize
lib/
reducers/
34 lines

Diff 37834

View Options

lib/reducers/keyserver-reducer.js

Loading...