Page MenuHomePhabricator
Differential D11268

[keyserver] Instruct to restart nix if login / register fails in the new flow
ClosedPublic
Actions

Authored by inka on Mar 7 2024, 3:42 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 14, 8:51 PM
Unknown Object (File)
Thu, Nov 14, 10:53 AM
Unknown Object (File)
Wed, Nov 13, 4:35 AM
Unknown Object (File)
Wed, Nov 13, 4:35 AM
Unknown Object (File)
Wed, Nov 13, 4:35 AM
Unknown Object (File)
Wed, Nov 13, 4:35 AM
Unknown Object (File)
Wed, Nov 13, 4:35 AM
Unknown Object (File)
Wed, Nov 13, 4:35 AM
View All Files
Subscribers
ashoat

Details

Reviewers
tomek
michal
ashoat
Commits
rCOMMfe6b73d91e9d: [keyserver] Instruct to restart nix if login / register fails in the new flow
Summary

issue: ENG-7137
If the dev is using the new multikeyserver flow, they had provided some credentials during when nix was run. If registration with these credentials failed, they neeed to rerun nix, so that they can provide new credentials, but also so that the db gets fixed.

Test Plan

Tested that if registration fails, and the flag is set, the warning is printed

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

inka created this revision.Mar 7 2024, 3:42 AM
Herald added a subscriber: ashoat. · View Herald TranscriptMar 7 2024, 3:42 AM
inka added a parent revision: D11267: [keyserver] Print warnings if usingIdentityCredentials not set.Mar 7 2024, 3:42 AM
Harbormaster completed remote builds in B27377: Diff 37918.Mar 7 2024, 4:03 AM
inka requested review of this revision.Mar 7 2024, 4:03 AM
ashoat added inline comments.Mar 7 2024, 7:23 PM
keyserver/src/user/login.js
149 ↗(On Diff #37918)

Is the === true part really necessary?

150–155 ↗(On Diff #37918)

Same comment as here: https://phab.comm.dev/D11267#inline-68282

151 ↗(On Diff #37918)

(Might need to split lines again to maintain 80 chars)

152 ↗(On Diff #37918)
ashoat added a comment.Mar 7 2024, 7:24 PM

Should we only print this log in dev mode?

inka added a child revision: D11282: [keyserver] Create json files with authoritative keyserver id.Mar 8 2024, 2:46 AM
inka added a comment.Mar 8 2024, 9:03 AM

Should we only print this log in dev mode?

It looks like the way we check if this is dev mode is by checking process.env.NODE_ENV === 'development'. But docker keyserver prints undefined as the value of process.env.NODE_ENV. Would checking process.env.NODE_ENV !== 'production' make sense? Is the real production keyserver set up to have process.env.NODE_ENV == 'production'?

inka updated this revision to Diff 37952.Mar 8 2024, 9:05 AM

Address revie

Harbormaster completed remote builds in B27406: Diff 37952.Mar 8 2024, 9:20 AM
ashoat added a comment.Mar 8 2024, 6:37 PM

But docker keyserver prints undefined as the value of process.env.NODE_ENV

Hmm... we shouild probably should avoid this ambiguous situation, and make sure we always specify NODE_ENV in the Docker environment. Can you create a task?

Would checking process.env.NODE_ENV !== 'production' make sense? Is the real production keyserver set up to have process.env.NODE_ENV == 'production'?

It doesn't look like I have anything specified in the .env file. If you're correct that the default keyserver is to have undefined, then I'm guessing my keyserver in production also has undefined. If it's helpful, I can do some additional testing on this.

inka added a comment.Mar 11 2024, 3:23 AM
In D11268#325681, @ashoat wrote:

But docker keyserver prints undefined as the value of process.env.NODE_ENV

Hmm... we shouild probably should avoid this ambiguous situation, and make sure we always specify NODE_ENV in the Docker environment. Can you create a task?

Would checking process.env.NODE_ENV !== 'production' make sense? Is the real production keyserver set up to have process.env.NODE_ENV == 'production'?

It doesn't look like I have anything specified in the .env file. If you're correct that the default keyserver is to have undefined, then I'm guessing my keyserver in production also has undefined. If it's helpful, I can do some additional testing on this.

In general the keyserver run in Docker is always a production keyserver. And I think we want this warning to show up, since it means that the keyserver is set up to use the multikeyserver flows, but something went wrong and some action is required to fix this state.

we shouild probably should avoid this ambiguous situation, and make sure we always specify NODE_ENV in the Docker environment

Since the Docker keyserver is always a prodution keyserver, does that make sense? I feel like we should either decide that production keyservers don't have the value set up, or specify it as 'production' for all production keyservers

ashoat added a comment.Mar 11 2024, 11:49 AM

In general the keyserver run in Docker is always a production keyserver. And I think we want this warning to show up, since it means that the keyserver is set up to use the multikeyserver flows, but something went wrong and some action is required to fix this state.

I don't think it makes sense to print this particular warning language in the Docker environment, since we aren't using nix develop there. I'm open to printing a warning, but I think it should make sure where it's printed.

I feel like we should either decide that production keyservers don't have the value set up, or specify it as 'production' for all production keyservers

I'm okay with either solution, but if you opt for the first one ("decide that production keyservers don't have the value set up"), we should go through places where we check that NODE_ENV is 'production'. In those case, we likely need to be checking that NODE_ENV is not set OR it's 'production'. Similarly, we should consider places where we check that NODE_ENV is NOT 'production', in which case we should check whether NODE_ENV is set AND it's NOT 'production'.

git grep NODE_ENV | grep production could be a good place to start this search:

  • The process.env.NODE_ENV !== 'production' check in createAsyncMigrate can arguably be removed entirely... it seems superfluous
  • I'm not sure about the process.env.NODE_ENV check in web/push-notif/service-worker.js. This appears to occur on web, but our Webpack config seems to make sure that NODE_ENV is always either 'production' or 'development'
  • The other results don't appear to be relevant
inka added a comment.Mar 12 2024, 6:28 AM

I created a task to update NODE_ENV usage: ENG-7195

I don't think it makes sense to print this particular warning language in the Docker environment, since we aren't using nix develop there. I'm open to printing a warning, but I think it should make sure where it's printed.

I see, I will only print the "nix" part in dev mode then

inka updated this revision to Diff 38020.Mar 12 2024, 7:01 AM

Print instructions for nix only in dev mode

Harbormaster completed remote builds in B27471: Diff 38020.Mar 12 2024, 7:17 AM
ashoat accepted this revision.Mar 12 2024, 7:29 AM
ashoat added inline comments.
keyserver/src/user/login.js
163 ↗(On Diff #38020)

Production keyserver can still be in non-Docker, right? Can the language also give guidance for the non-Docker environment? ("re-enter nix develop")

This revision is now accepted and ready to land.Mar 12 2024, 7:29 AM
inka updated this revision to Diff 38023.Mar 12 2024, 7:55 AM

Address review

Harbormaster completed remote builds in B27474: Diff 38023.Mar 12 2024, 8:11 AM
ashoat accepted this revision.Mar 12 2024, 3:36 PM
Closed by commit rCOMMfe6b73d91e9d: [keyserver] Instruct to restart nix if login / register fails in the new flow (authored by inka). · Explain WhyMar 13 2024, 3:57 AM
This revision was automatically updated to reflect the committed changes.
inka added a commit: rCOMMfe6b73d91e9d: [keyserver] Instruct to restart nix if login / register fails in the new flow.

Revision Contents
Changeset List

PathSize
keyserver/
src/
user/
15 lines

Diff 38038

View Options

keyserver/src/user/login.js

Loading...