[identity] Verify UpdateDeviceList RPC is called by primary device
ClosedPublic
Actions

Authored by bartek on Aug 11 2024, 3:13 AM.

Details

Reviewers

varun
kamil

Commits

rCOMM3701921a7ea6: [identity] Verify UpdateDeviceList RPC is called by primary device

Summary

Addresses ENG-8549.
The only place with missing check was UpdateDeviceList.

Test Plan

Had user with two mobile devices (primary and secondary)
Called the RPC with different auth metadata - switched device_id metadata between primary and secondary
The RPC accepted request from primary device and rejected from the secondary.

Note that the RPC can also reject requests because of invalid signature so it's good to test it without signatures.

Diff Detail

Repository

rCOMM Comm

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

bartek created this revision.Aug 11 2024, 3:13 AM

bartek held this revision as a draft.

Herald added subscribers: tomek, ashoat. · View Herald TranscriptAug 11 2024, 3:13 AM

Harbormaster completed remote builds in B31033: Diff 43294.Aug 11 2024, 3:30 AM

bartek published this revision for review.Aug 12 2024, 12:08 AM

kamil accepted this revision.Aug 12 2024, 8:07 AM

This revision is now accepted and ready to land.Aug 12 2024, 8:07 AM

Closed by commit rCOMM3701921a7ea6: [identity] Verify UpdateDeviceList RPC is called by primary device (authored by bartek). · Explain WhyAug 19 2024, 4:42 AM

This revision was automatically updated to reflect the committed changes.

bartek added a commit: rCOMM3701921a7ea6: [identity] Verify UpdateDeviceList RPC is called by primary device.

Revision Contents
Changeset List

Path

Size

services/

identity/

src/

grpc_services/

authenticated.rs

11 lines

Diff 43444

View Options

services/identity/src/grpc_services/authenticated.rs

[identity] Verify UpdateDeviceList RPC is called by primary deviceClosedPublicActions