Page MenuHomePhabricator

D14172.id46570.diff
No OneTemporary

D14172.id46570.diff

diff --git a/services/identity/src/client_service.rs b/services/identity/src/client_service.rs
--- a/services/identity/src/client_service.rs
+++ b/services/identity/src/client_service.rs
@@ -14,6 +14,7 @@
use crate::comm_service::tunnelbroker;
// Workspace crate imports
use crate::config::CONFIG;
+use crate::constants::staff::AUTHORITATIVE_KEYSERVER_OWNER_USER_ID;
use crate::constants::{error_types, tonic_status_messages};
use crate::database::{
DBDeviceTypeInt, DatabaseClient, DeviceType, KeyPayload, UserInfoAndPasswordFile,
@@ -296,6 +297,7 @@
&self,
request: tonic::Request<OpaqueLoginStartRequest>,
) -> Result<tonic::Response<OpaqueLoginStartResponse>, tonic::Status> {
+ let platform_metadata = get_platform_metadata(&request)?;
let message = request.into_inner();
debug!("Attempting to log in user: {:?}", &message.username);
@@ -333,11 +335,16 @@
));
};
- if self
- .client
- .get_user_login_flow(&user_id)
- .await?
- .is_signed_device_list_flow()
+ let caller_is_authoritative_keyserver = user_id
+ == AUTHORITATIVE_KEYSERVER_OWNER_USER_ID
+ && platform_metadata.device_type == "keyserver";
+
+ if !caller_is_authoritative_keyserver
+ && self
+ .client
+ .get_user_login_flow(&user_id)
+ .await?
+ .is_signed_device_list_flow()
{
return Err(tonic::Status::failed_precondition(
tonic_status_messages::USE_NEW_FLOW,
diff --git a/services/identity/src/constants.rs b/services/identity/src/constants.rs
--- a/services/identity/src/constants.rs
+++ b/services/identity/src/constants.rs
@@ -333,4 +333,5 @@
// Comm staff
pub mod staff {
pub const STAFF_USER_IDS: [&str; 1] = ["256"];
+ pub const AUTHORITATIVE_KEYSERVER_OWNER_USER_ID: &str = "256";
}

File Metadata

Mime Type
text/plain
Expires
Fri, Dec 20, 7:41 PM (15 h, 42 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2680425
Default Alt Text
D14172.id46570.diff (1 KB)

Event Timeline