Skip to content

Remove all code related to the x509_presented_hash_attribute_requested_issuers #10701

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Sgtpluck merged 2 commits into from
May 29, 2024
Merged

Remove all code related to the x509_presented_hash_attribute_requested_issuers #10701

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9012d1a
Remove all code related to the x509_presented_hash_attribute_requeste…
Sgtpluck May 28, 2024
27e5a37
changelog: Internal, OIDC, Remove gate allowing backward compatabilty…
Sgtpluck May 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 1 addition & 11 deletions app/presenters/openid_connect_user_info_presenter.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ def x509_attributes
{
x509_subject: stringify_attr(x509_data.subject),
x509_issuer: stringify_attr(x509_data.issuer),
x509_presented:,
x509_presented: !!x509_data.presented.raw,
}
end

Expand Down Expand Up @@ -172,16 +172,6 @@ def x509_session?
identity.piv_cac_enabled?
end

def x509_presented
if IdentityConfig.store.x509_presented_hash_attribute_requested_issuers.include?(
identity&.service_provider,
)
x509_data.presented
else
!!x509_data.presented.raw
end
end

def active_profile
identity.user&.active_profile
end
Expand Down
1 change: 0 additions & 1 deletion config/application.yml.default
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -371,7 +371,6 @@ get_usps_proofing_results_job_request_delay_milliseconds: 1000
voice_otp_pause_time: '0.5s'
voice_otp_speech_rate: 'slow'
weekly_auth_funnel_report_config: '[]'
x509_presented_hash_attribute_requested_issuers: '[]'

development:
aamva_private_key: 123abc
Expand Down
1 change: 0 additions & 1 deletion lib/identity_config.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -439,7 +439,6 @@ def self.store
config.add(:voice_otp_speech_rate)
config.add(:vtm_url)
config.add(:weekly_auth_funnel_report_config, type: :json)
config.add(:x509_presented_hash_attribute_requested_issuers, type: :json)
end.freeze
# rubocop:enable Metrics/BlockLength
end
19 changes: 0 additions & 19 deletions spec/presenters/openid_connect_user_info_presenter_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -324,25 +324,6 @@
end
end
end

context 'when the sp requested x509_presented scope before it was fixed to string' do
before do
expect(IdentityConfig.store).to receive(
:x509_presented_hash_attribute_requested_issuers,
).and_return([identity.service_provider])
OutOfBandSessionAccessor.new(rails_session_id).put_x509(x509, 5.minutes.to_i)
end

it 'returns x509_presented as an X509::Attribute' do
# This is guarding against partners who may have coded against
# a bug where we returning the wrong data type for x509_presented
aggregate_failures do
expect(user_info[:x509_subject]).to eq(x509_subject)
expect(user_info[:x509_presented].class).to eq(X509::Attribute)
expect(user_info[:x509_issuer]).to eq(x509_issuer)
end
end
end
end
end
end