HomePhabricator
Diffusion Comm fa2517d77fef

[keyserver] Update keyserver delete account endpoint to not require password
fa2517d77fef
Actions

Description

[keyserver] Update keyserver delete account endpoint to not require password

Summary: in the future we won't be sending passwords to keyservers at all. will update client side to not send password hash to keyserver when account deletion flow goes through identity service.

Test Plan:

 varun  ~  Code  comm  keyserver  git diff                                                            ST 228   ab660e6
diff --git a/keyserver/src/responders/handlers.js b/keyserver/src/responders/handlers.js
index 2ecc83081..b9c0908bc 100644
--- a/keyserver/src/responders/handlers.js
+++ b/keyserver/src/responders/handlers.js
@@ -46,6 +46,7 @@ function createJSONResponder<I, O>(
 ): JSONResponder {
   return {
     responder: async (viewer, input) => {
+      console.log('Got request with password ' + JSON.stringify(input));
       const request = await validateInput(viewer, inputValidator, input);
       const result = await responder(viewer, request);
       return validateOutput(viewer.platformDetails, outputValidator, result);
diff --git a/lib/actions/user-actions.js b/lib/actions/user-actions.js
index 01542ce9f..8eeacb145 100644
--- a/lib/actions/user-actions.js
+++ b/lib/actions/user-actions.js
@@ -95,7 +95,7 @@ const deleteAccount =
     preRequestUserState: PreRequestUserState,
   ) => Promise<LogOutResult>) =>
   async (password, preRequestUserState) => {
-    const response = await callServerEndpoint('delete_account', { password });
+    const response = await callServerEndpoint('delete_account', {});
     return { currentUserInfo: response.currentUserInfo, preRequestUserState };
   };

modified user-actions.js to not send a password -- checked on the keyserver that no password was sent and account deletion was still successful.

undid the modification to user-actions.js and confirmed that older clients that send a password can still delete accounts successfully.

Reviewers: ashoat

Reviewed By: ashoat

Subscribers: tomek

Differential Revision: https://phab.comm.dev/D9236

Details

Provenance
varunAuthored on Sep 19 2023, 9:01 PM
Reviewer
ashoat
Differential Revision
D9236: [keyserver] Update keyserver delete account endpoint to not require password
Parents
rCOMM13d2c8066a70: [native] commCoreModule methods for getting, setting, and clearing the…
Branches
Unknown
Tags
Unknown

Changes (4)

PathSize
keyserver/
src/
deleters/
responders/
lib/
types/

rCOMMfa2517d77fef

View Options

keyserver/src/deleters/account-deleters.js

Loading...
View Options

keyserver/src/endpoints.js

Loading...
View Options

keyserver/src/responders/user-responders.js

Loading...
View Options

lib/types/account-types.js

Loading...