[identity] Support tuples in device list verification
ClosedPublic
Actions

Authored by bartek on Mon, Mar 24, 4:27 AM.

Details

Reviewers

kamil

Commits

rCOMM691efa2c3585: [identity] Support tuples in device list verification

Summary

Addresses ENG-10232 and verification part of ENG-10239.
Updated verification function to allow tuples if keyserver device ID is some.

Original "strict form" breaks existing clients if they're keyserver owners (so breaks dev experience) so implemented an opt-in flag, of which removal is tracked in ENG-10414.

Test Plan

Both strict/non-strict tested on staging:

No behavior change when no keyserver present
When keyserver is present, devce lists of length 2 are allowed
- Additionally in strict form, keyserver device ID must match and singletons are no longer allowed

Diff Detail

Repository

rCOMM Comm

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

bartek created this revision.Mon, Mar 24, 4:27 AM

bartek held this revision as a draft.

Herald added subscribers: tomek, ashoat. · View Herald TranscriptMon, Mar 24, 4:27 AM

bartek added a child revision: D14491: [native] Add keyserver to device list during restore.Mon, Mar 24, 4:29 AM

Harbormaster completed remote builds in B33813: Diff 47524.Mon, Mar 24, 4:46 AM

bartek published this revision for review.Mon, Mar 24, 4:53 AM

bartek added inline comments.

services/identity/src/device_list.rs
226 ↗	(On Diff #47524)	I'm considering renaming this because it can now be either a singleton or a tuple. I'm not sure how we name this type of device list.
318 ↗	(On Diff #47524)

kamil accepted this revision.Tue, Mar 25, 2:40 AM

kamil added inline comments.

services/identity/src/device_list.rs
226 ↗	(On Diff #47524)	Maybe `verify_baseline_device_list` to highlight the fact that this is the new "starting point" but it is not default and includes some setup - previous or new primary and/or keyserver? But not sure, we can just do `erify_singleton_or_tuple_device_list` and it will be fine too. just update all logs after renaming
318 ↗	(On Diff #47524)	singleton -> tuple, in this condition

This revision is now accepted and ready to land.Tue, Mar 25, 2:40 AM

bartek added a child revision: D14501: [identity] Skip keyserver during primary logout and restore.Tue, Mar 25, 7:01 AM

Add comment about singleton/tuple, fix log message

Harbormaster failed remote builds in B33840: Diff 47558!Wed, Mar 26, 3:56 AM

Harbormaster completed remote builds in B33840: Diff 47558.Wed, Mar 26, 7:16 AM

bartek added inline comments.Wed, Mar 26, 7:50 AM

services/identity/src/device_list.rs
226 ↗	(On Diff #47524)	Renaming this function isn't necessary if we don't have a specific name in the whitepaper. I'll only add a comment that this can be a tuple