Page MenuHomePhabricator

[keyserver][lib][native] Continue storing password hash in authoritative keyserver MariaDB
ClosedPublic

Authored by ashoat on Jul 2 2024, 4:45 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 22, 9:38 AM
Unknown Object (File)
Tue, Nov 12, 6:58 AM
Unknown Object (File)
Tue, Nov 12, 5:47 AM
Unknown Object (File)
Tue, Nov 12, 4:22 AM
Unknown Object (File)
Mon, Nov 11, 9:34 PM
Unknown Object (File)
Oct 18 2024, 6:17 AM
Unknown Object (File)
Oct 17 2024, 12:04 AM
Unknown Object (File)
Oct 11 2024, 2:30 AM
Subscribers
None

Details

Summary

We want to make sure clients from before the rollout can still auth. We'll revert this soon after launch, once all of the clients have been confirmed to be updated. We don't need to keep it around longer than that because this only concerned brand new users, and brand new users can be expected to have the most recent version of the app.

This addresses ENG-8692.

Test Plan
  1. I created a password account on an iOS simulator with usingCSAT=true
  2. I set usingCSAT=false
  3. I tried logging in on web and confirmed it worked

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

ashoat requested review of this revision.Jul 2 2024, 5:02 PM

We want to make sure clients from before the rollout can still auth. We'll revert this soon after launch, once all of the clients have been confirmed to be updated. We don't need to keep it around longer than that because this only concerned brand new users, and brand new users can be expected to have the most recent version of the app.

I'm having trouble understanding the summary

  1. What is "rollout" you are referring to?
  2. Why do we need clients to update if you say this affects only new clients? What do they need to update?

Do we have tasks that describe reverting this code?

What is "rollout" you are referring to?

Rollout of usingCSAT=true

Why do we need clients to update if you say this affects only new clients? What do they need to update?

I'm not sure I understand the question. Maybe start by reading the test plan. I'll try explaining again:

  1. Before this diff, clients that create accounts with usingCSAT=true will not store hash in MariaDB users table, making it impossible for clients with usingCSAT=false to auth
  2. We need to launch usingCSAT=true on mobile before web, for the reasons described on Linear
  3. In order to allow the usingCSAT=false web clients to auth with accounts created with usingCSAT=true, we need to store the hash in the MariaDB users table

Do we have tasks that describe reverting this code?

Here you go: ENG-8698

That still doesn't explain why we need to wait for some users to be updated. But I'm guessing that we want old clients, who had their accounts setup with usingCSAT=false, to update to usingCSAT=true, and get their primary device registered (a mobile device). Is this correct? How will we know that all clients have been updated?

This revision is now accepted and ready to land.Jul 4 2024, 3:34 AM

But I'm guessing that we want old clients, who had their accounts setup with usingCSAT=false, to update to usingCSAT=true, and get their primary device registered (a mobile device). Is this correct?

Yes

That still doesn't explain why we need to wait for some users to be updated.

We don't want to force-log-out users on web and then prevent them from logging in because they don't have a primary. Some context about this in the deleted task here, and on the Comm thread I added you to yesterday

How will we know that all clients have been updated?

We won't – it's a non-goal to get to 100% updated before launching on web