Skip to content

Stop reading old recovery code columns#2313

Merged
jmhooper merged 1 commit intomasterfrom
jmhooper-stop-writing-old-recovery-code-columns
Jul 18, 2018
Merged

Stop reading old recovery code columns#2313
jmhooper merged 1 commit intomasterfrom
jmhooper-stop-writing-old-recovery-code-columns

Conversation

@jmhooper
Copy link
Contributor

@jmhooper jmhooper commented Jul 10, 2018

Why: We're phasing out the old personal key columns in favor of
using encrypted_recovery_code_digest.

The old code was actually using the #personal_key method in a lot of
places to determine if a user had a personal key, so this code switches
that up. It also refactors the personal key to behave a bit more like a
password. That could lay the groundwork for some more refactoring, but I
didn't want to pursue it too far until @jgsmith-usds gets the 2FA
refactor done.

Hi! Before submitting your PR for review, and/or before merging it, please
go through the following checklist:

  • For DB changes, check for missing indexes, check to see if the changes
    affect other apps (such as the dashboard), make sure the DB columns in the
    various environments are properly populated, coordinate with devops, plan
    migrations in separate steps.

  • For route changes, make sure GET requests don't change state or result in
    destructive behavior. GET requests should only result in information being
    read, not written.

  • For encryption changes, make sure it is compatible with data that was
    encrypted with the old code.

  • For secrets changes, make sure to update the S3 secrets bucket with the
    new configs in all environments.

  • Do not disable Rubocop or Reek offenses unless you are absolutely sure
    they are false positives. If you're not sure how to fix the offense, please
    ask a teammate.

  • When reading data, write tests for nil values, empty strings,
    and invalid formats.

  • When calling redirect_to in a controller, use _url, not _path.

  • When adding user data to the session, use the user_session helper
    instead of the session helper so the data does not persist beyond the user's
    session.

  • When adding a new controller that requires the user to be fully
    authenticated, make sure to add before_action :confirm_two_factor_authenticated.

@jmhooper
Stop reading personal key columns
8f00ab5 
**Why**: We're phasing out the old personal key columns in favor of
using `encrypted_recovery_code_digest`.

The old code was actually using the `#personal_key` method in a lot of
places to determine if a user had a personal key, so this code switches
that up. It also refactors the personal key to behave a bit more like a
password. That could lay the groundwork for some more refactoring, but I
didn't want to pursue it too far until @jgsmith-usds gets the 2FA
refactor done.
@jmhooper jmhooper changed the title Stop reading personal key columns Stop reading old recovery code columns Jul 10, 2018
jgsmith-usds
jgsmith-usds approved these changes Jul 13, 2018
View reviewed changes
Copy link
Contributor

@jgsmith-usds jgsmith-usds left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally looks good to me.

app/models/concerns/user_access_key_overrides.rb
end

def personal_key
@personal_key
Copy link
Contributor

@jgsmith-usds jgsmith-usds Jul 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor style: or attr_reader :personal_key

@jmhooper
Copy link
Contributor Author

jmhooper commented Jul 17, 2018

This one missed the release, but that is okay because I want to do some more testing with it before it starts rolling out.

@jmhooper jmhooper merged commit 050a998 into master Jul 18, 2018
jmhooper added a commit that referenced this pull request Jul 18, 2018
@jmhooper
Revert "Stop reading personal key columns (#2313)"
ff34f04 
This reverts commit 050a998.
jmhooper added a commit that referenced this pull request Jul 18, 2018
@jmhooper
Revert "Stop reading personal key columns (#2313)" (#2336)
109485d 
This reverts commit 050a998.
jmhooper added a commit that referenced this pull request Jul 18, 2018
@jmhooper
Revert "Revert "Stop reading personal key columns (#2313)" (#2336)"
476303a 
This reverts commit 109485d.
jmhooper added a commit that referenced this pull request Jul 19, 2018
@jmhooper
Fix personal key 2fa selection (#2337)
352d343 
* Revert "Revert "Stop reading personal key columns (#2313)" (#2336)"

This reverts commit 109485d.

* Use encrypted digest to check personal key config

**Why**: Personal key has been changed to behave like password, where it
is nil until a key is assigned to the user during a request. This commit
checks the digest instead of the personal key method to determine if a
user can sign in with a personal key.
@jmhooper jmhooper mentioned this pull request Jul 24, 2018
Merged
9 tasks
@jmhooper jmhooper deleted the jmhooper-stop-writing-old-recovery-code-columns branch February 15, 2019 19:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@monfresh monfresh Awaiting requested review from monfresh

@stevegsa stevegsa Awaiting requested review from stevegsa

@mryenq mryenq Awaiting requested review from mryenq

1 more reviewer

@jgsmith-usds jgsmith-usds jgsmith-usds approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

status - ready for review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jmhooper @jgsmith-usds