[keyserver] Update keyserver delete account endpoint to not require password
ClosedPublic
Actions

Authored by varun on Sep 19 2023, 9:04 PM.

Details

Reviewers

ashoat

Commits

rCOMMfa2517d77fef: [keyserver] Update keyserver delete account endpoint to not require password

Summary

in the future we won't be sending passwords to keyservers at all. will update client side to not send password hash to keyserver when account deletion flow goes through identity service.

Test Plan

 varun  ~  Code  comm  keyserver  git diff                                                            ST 228   ab660e6 
diff --git a/keyserver/src/responders/handlers.js b/keyserver/src/responders/handlers.js
index 2ecc83081..b9c0908bc 100644
--- a/keyserver/src/responders/handlers.js
+++ b/keyserver/src/responders/handlers.js
@@ -46,6 +46,7 @@ function createJSONResponder<I, O>(
 ): JSONResponder {
   return {
     responder: async (viewer, input) => {
+      console.log('Got request with password ' + JSON.stringify(input));
       const request = await validateInput(viewer, inputValidator, input);
       const result = await responder(viewer, request);
       return validateOutput(viewer.platformDetails, outputValidator, result);
diff --git a/lib/actions/user-actions.js b/lib/actions/user-actions.js
index 01542ce9f..8eeacb145 100644
--- a/lib/actions/user-actions.js
+++ b/lib/actions/user-actions.js
@@ -95,7 +95,7 @@ const deleteAccount =
     preRequestUserState: PreRequestUserState,
   ) => Promise<LogOutResult>) =>
   async (password, preRequestUserState) => {
-    const response = await callServerEndpoint('delete_account', { password });
+    const response = await callServerEndpoint('delete_account', {});
     return { currentUserInfo: response.currentUserInfo, preRequestUserState };
   };

modified user-actions.js to not send a password -- checked on the keyserver that no password was sent and account deletion was still successful.

undid the modification to user-actions.js and confirmed that older clients that send a password can still delete accounts successfully.

Diff Detail

Repository

rCOMM Comm

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

varun created this revision.Sep 19 2023, 9:04 PM

Herald added a subscriber: tomek. · View Herald TranscriptSep 19 2023, 9:04 PM

Harbormaster completed remote builds in B22748: Diff 31291.Sep 19 2023, 9:23 PM

varun requested review of this revision.Sep 19 2023, 9:23 PM

Please extend the test plan to include testing a request where the password field is not supplied. deleteAccountRequestInputValidator takes a password: t.maybe(tPassword), and it's not clear to me if that will crash when password is not supplied (as opposed to password: undefined or something)
After this change, we no longer need a request passed to deleteAccount at all. While accountDeletionResponder will need to support a request for a while (for old clients), deleteAccount is downstream and should be abstracted from that
- First, this will require some changes in this file so that request is no longer a param. See inline comments
- Second, you'll want to update accountDeletionResponder to no longer pass request in

keyserver/src/deleters/account-deleters.js
30 ↗	(On Diff #31291)	Remove this param
32 ↗	(On Diff #31291)	All script viewers are logged in, so this can be significantly simplified
83 ↗	(On Diff #31291)	There is only one callsite that doesn't pass a `request` in: `keyserver/src/scripts/merge-users.js`. We can replace this with a `viewer.isScriptViewer` check
118–122 ↗	(On Diff #31291)
124–132 ↗	(On Diff #31291)

This revision now requires changes to proceed.Sep 20 2023, 5:52 AM

address feedback

varun edited the test plan for this revision. (Show Details)Oct 5 2023, 9:21 PM

Harbormaster completed remote builds in B23038: Diff 31727.Oct 5 2023, 9:32 PM

Copy-pasting from my last review:

While accountDeletionResponder will need to support a request for a while (for old clients), deleteAccount is downstream and should be abstracted from that

keyserver/src/endpoints.js
286 ↗	(On Diff #31727)	This change will break all existing clients!!

This revision now requires changes to proceed.Oct 6 2023, 10:52 AM

From my updated test plan:

undid the modification to user-actions.js and confirmed that older clients that send a password can still delete accounts successfully.

Am I missing something? It seems like account deletion still works fine on existing clients after these changes

Ah, my bad... I expected to see the old validator still there, and was surprised to see ignoredArgumentValidator (which I wasn't familiar with). After examining it more closely, it looks like it does what I probably should've concluded it does from the name – ignores all arguments

This revision is now accepted and ready to land.Oct 6 2023, 12:46 PM

Closed by commit rCOMMfa2517d77fef: [keyserver] Update keyserver delete account endpoint to not require password (authored by varun). · Explain WhyOct 6 2023, 12:53 PM

This revision was automatically updated to reflect the committed changes.

varun added a commit: rCOMMfa2517d77fef: [keyserver] Update keyserver delete account endpoint to not require password.

ashoat mentioned this in D9424: [lib][native][web] Stop passing password up to deleteAccount endpoint.Oct 9 2023, 7:07 AM

ashoat mentioned this in D9425: [native][web] Remove UI elements that ask for password when deleting account.

ashoat mentioned this in rCOMM1d1e3398754e: [lib][native][web] Stop passing password up to deleteAccount endpoint.Oct 9 2023, 9:49 AM

ashoat mentioned this in rCOMMba9a43c03a7c: [native][web] Remove UI elements that ask for password when deleting account.