Page MenuHomePhabricator

[identity] add optional force param to password login RPC
ClosedPublic

Authored by varun on Mar 7 2024, 11:57 PM.
Tags
None
Referenced Files
F3505132: D11278.diff
Fri, Dec 20, 12:22 PM
Unknown Object (File)
Mon, Dec 16, 1:42 PM
Unknown Object (File)
Mon, Dec 16, 1:42 PM
Unknown Object (File)
Mon, Dec 16, 1:42 PM
Unknown Object (File)
Mon, Dec 16, 1:41 PM
Unknown Object (File)
Mon, Dec 16, 1:41 PM
Unknown Object (File)
Fri, Nov 22, 5:22 PM
Unknown Object (File)
Nov 13 2024, 4:35 AM
Subscribers

Details

Summary

context here

tl;dr we neeed an optional force param so that we can determine when a user is intentionally replacing their existing keyserver with a new one

Test Plan

logged in to local identity from local keyserver. then tried logging in from docker keyserver with the same credentials -- this failed. then tried logging in again from the docker keyserver with the same credentials AND force set to true -- this succeeded. The old keyserver device id was removed from DDB and the new one was added

Diff Detail

Repository
rCOMM Comm
Branch
limit1keyserver
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

Harbormaster returned this revision to the author for changes because remote builds failed.Mar 8 2024, 12:03 AM
Harbormaster failed remote builds in B27395: Diff 37939!

fix CI and add integration test

services/commtest/tests/identity_device_list_tests.rs
219

should we avoid generating this extra update? it occurs because we remove keyserver 1 and add keyserver 2 in separate transactions in log_in_password_user_finish

services/identity/src/client_service.rs
360–378

related to the question above -- can/should these be a single transaction?

varun requested review of this revision.Mar 8 2024, 1:19 AM
services/commtest/tests/identity_device_list_tests.rs
219

Good question - it depends on how we understand Whitepaper section 5.2.3:

  • At most one device was added and at most one device was removed via this update

If we can do one addition OR one deletion, there it should be two transactions. But if the above means that a device can be replaced, then I think it should be done in a single transaction.


However, if this RPC is going to be deprecated, and replaced by a primary-device-managed device list, then we don't have to care much about this now. Identity service is managing the device list only temporarily

services/identity/src/client_service.rs
360–378

Not in this way.
If you want to do it in a single transaction, you need to create a separate function next to add_user_device() and remove_device() that directly calls transact_update_devicelist() and does the replacement there

varun added inline comments.
services/commtest/tests/identity_device_list_tests.rs
219

However, if this RPC is going to be deprecated, and replaced by a primary-device-managed device list, then we don't have to care much about this now. Identity service is managing the device list only temporarily

i think this is correct. probably not worth spending time making keyserver replacement a single device list update, then. what do you think, @ashoat ?

ashoat added inline comments.
services/commtest/tests/identity_device_list_tests.rs
219

In the eventual system, it's actually important that this is one transaction. It can't be validated as two transactions, since in the first transaction the old primary would be removed, and there should be a new primary signing the device list, but the new primary isn't there yet.

In the current system, we don't have signing so it doesn't seem that important.

varun removed a reviewer: ashoat. varun added 1 blocking reviewer(s): bartek.Mar 11 2024, 12:18 PM
bartek added inline comments.
services/commtest/src/identity/device.rs
122

It's pointless to create an option each time we call this

155
services/commtest/tests/identity_device_list_tests.rs
219

As identity-managed device list updates aren't going to be signed, I think we can leave two transactions now

services/identity/src/client_service.rs
307

Instead of passing reference to option, can we simply unwrap_or(false)?

This revision is now accepted and ready to land.Mar 12 2024, 2:17 AM
varun added inline comments.
services/commtest/src/identity/device.rs
122

i actually prefer Option<bool> here because this only applies to keyservers, so it makes more sense to me to provide None when calling this function to log in, say, an iOS device. i don't feel too strongly, though, so i've made the change you requested

services/identity/src/client_service.rs
360–378

going to leave it as two transactions

This revision was automatically updated to reflect the committed changes.
varun marked 2 inline comments as done.