Page MenuHomePhabricator

[keyserver] Improve logging in checkInputValidator
ClosedPublic

Authored by ashoat on Jun 10 2024, 9:09 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Dec 7, 9:32 PM
Unknown Object (File)
Mon, Nov 25, 2:04 AM
Unknown Object (File)
Sun, Nov 24, 11:55 PM
Unknown Object (File)
Nov 23 2024, 10:39 PM
Unknown Object (File)
Nov 7 2024, 6:14 PM
Unknown Object (File)
Nov 7 2024, 4:42 PM
Unknown Object (File)
Nov 6 2024, 8:33 AM
Unknown Object (File)
Nov 2 2024, 5:50 AM
Subscribers
None

Details

Summary

This diff does two things:

  1. Adds logging in checkInputValidator so we know what input validator is being failed.
  2. Makes sure that we don't throw a different error if sanitizeInput fails due to input validation. Instead, we'll just not include the sanitizedInput in the error.

(On the second point, I'm not entirely sure if it's ever possible for sanitizeInput to succeed input validation if it fails earlier...)

Depends on D12386

Test Plan

Prior to this, I was seeing an input validation failure when I tested an old client initiating a session recovery with refetchUserDataAfterAcknowledgment removed from the code.

The input validation failure was triggering a second input validation failure when trying to sanitize inputs, which was resulting in a weird error being returned to the client.

Following this change, I was seeing helpful logs of the keyserver side (indicating that the input validation failure was with keyserver_auth), and the keyserver started returning the expected invalid_parameters ServerError.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

keyserver/src/utils/validation-utils.js
100 ↗(On Diff #41195)

I'm a little confused why we expect sanitizeInput to work in this case, given that input validation failed. sanitizeInput calls convertObject, which is fairly complicated to understand... but it seems like it's just recursively applying the same validation. Curious if reviewers have any perspective here

tomek added inline comments.
keyserver/src/utils/validation-utils.js
100 ↗(On Diff #41195)

Agree, it looks quite surprising. It seems like any time the validation fails, sanitization will replace the input with null.

This revision is now accepted and ready to land.Jun 11 2024, 4:18 AM
kamil added inline comments.
keyserver/src/utils/validation-utils.js
100 ↗(On Diff #41195)

spent some time thinking about this and this looks really confusing - I think we could just remove this code as if I understand it correctly, the sanitizedInput will always be set to null

keyserver/src/utils/validation-utils.js
100 ↗(On Diff #41195)

I investigated more closely and found that before D7488, sanitizeInput was able to handle cases where validation fails.

I found a way to get convertObject to work even when validation fails. Will put up a separate diff for that shortly.

keyserver/src/utils/validation-utils.js
100 ↗(On Diff #41195)