[identity] add optional force param to password login RPC
ClosedPublic
Actions

Authored by varun on Mar 7 2024, 11:57 PM.

Details

Reviewers

bartek

Commits

rCOMM913012d3c753: [identity] add optional force param to password login RPC

Summary

context here

tl;dr we neeed an optional force param so that we can determine when a user is intentionally replacing their existing keyserver with a new one

Test Plan

logged in to local identity from local keyserver. then tried logging in from docker keyserver with the same credentials -- this failed. then tried logging in again from the docker keyserver with the same credentials AND force set to true -- this succeeded. The old keyserver device id was removed from DDB and the new one was added

Diff Detail

Repository

rCOMM Comm

Branch

limit1keyserver

Lint

No Lint Coverage

Unit

No Test Coverage

Event Timeline

varun created this revision.Mar 7 2024, 11:57 PM

Herald added subscribers: tomek, ashoat. · View Herald TranscriptMar 7 2024, 11:57 PM

Harbormaster returned this revision to the author for changes because remote builds failed.Mar 8 2024, 12:03 AM

Harbormaster failed remote builds in B27395: Diff 37939!

fix CI and add integration test

varun added inline comments.Mar 8 2024, 1:09 AM

services/commtest/tests/identity_device_list_tests.rs
219 ↗	(On Diff #37943)	should we avoid generating this extra update? it occurs because we remove keyserver 1 and add keyserver 2 in separate transactions in `log_in_password_user_finish`
services/identity/src/client_service.rs
360–378 ↗	(On Diff #37943)	related to the question above -- can/should these be a single transaction?

Harbormaster completed remote builds in B27399: Diff 37943.Mar 8 2024, 1:19 AM

varun requested review of this revision.Mar 8 2024, 1:19 AM

varun added a child revision: D11285: [keyserver] make force login configurable.Mar 8 2024, 8:25 PM

bartek added inline comments.Mar 11 2024, 4:06 AM

services/commtest/tests/identity_device_list_tests.rs
219 ↗	(On Diff #37943)	Good question - it depends on how we understand Whitepaper section 5.2.3: At most one device was added and at most one device was removed via this update If we can do one addition OR one deletion, there it should be two transactions. But if the above means that a device can be replaced, then I think it should be done in a single transaction. However, if this RPC is going to be deprecated, and replaced by a primary-device-managed device list, then we don't have to care much about this now. Identity service is managing the device list only temporarily
services/identity/src/client_service.rs
360–378 ↗	(On Diff #37943)	Not in this way. If you want to do it in a single transaction, you need to create a separate function next to `add_user_device()` and `remove_device()` that directly calls `transact_update_devicelist()` and does the replacement there

varun added a reviewer: ashoat.Mar 11 2024, 6:26 AM

varun added inline comments.

services/commtest/tests/identity_device_list_tests.rs
219 ↗	(On Diff #37943)	However, if this RPC is going to be deprecated, and replaced by a primary-device-managed device list, then we don't have to care much about this now. Identity service is managing the device list only temporarily i think this is correct. probably not worth spending time making keyserver replacement a single device list update, then. what do you think, @ashoat ?

ashoat resigned from this revision.Mar 11 2024, 12:01 PM

ashoat added inline comments.

services/commtest/tests/identity_device_list_tests.rs
219 ↗	(On Diff #37943)	In the eventual system, it's actually important that this is one transaction. It can't be validated as two transactions, since in the first transaction the old primary would be removed, and there should be a new primary signing the device list, but the new primary isn't there yet. In the current system, we don't have signing so it doesn't seem that important.

varun removed a reviewer: ashoat. varun added 1 blocking reviewer(s): bartek.Mar 11 2024, 12:18 PM

bartek accepted this revision.Mar 12 2024, 2:17 AM

bartek added inline comments.

services/commtest/src/identity/device.rs
122 ↗	(On Diff #37943)	It's pointless to create an option each time we call this
155 ↗	(On Diff #37943)
services/commtest/tests/identity_device_list_tests.rs
219 ↗	(On Diff #37943)	As identity-managed device list updates aren't going to be signed, I think we can leave two transactions now
services/identity/src/client_service.rs
307 ↗	(On Diff #37943)	Instead of passing reference to option, can we simply `unwrap_or(false)`?

This revision is now accepted and ready to land.Mar 12 2024, 2:17 AM

varun marked 7 inline comments as done.Mar 12 2024, 11:08 PM

varun added inline comments.

services/commtest/src/identity/device.rs
122 ↗	(On Diff #37943)	i actually prefer `Option<bool>` here because this only applies to keyservers, so it makes more sense to me to provide `None` when calling this function to log in, say, an iOS device. i don't feel too strongly, though, so i've made the change you requested
services/identity/src/client_service.rs
360–378 ↗	(On Diff #37943)	going to leave it as two transactions