Skip to content

Do not attempt to convert nil into PII attributes#6124

Merged
mitchellhenke merged 1 commit intomainfrom
mitchellhenke/no-nil-pii
Mar 30, 2022
Merged

Do not attempt to convert nil into PII attributes#6124
mitchellhenke merged 1 commit intomainfrom
mitchellhenke/no-nil-pii

Conversation

@mitchellhenke
Copy link
Contributor

@mitchellhenke mitchellhenke commented Mar 30, 2022

Follow up to #6121

Do not attempt to convert nil into PII attributes
8fac2b3 
changelog: Bug Fixes, Account Management, Request password to decrypt PII before regenerating personal key
@mitchellhenke mitchellhenke requested a review from jmhooper March 30, 2022 15:19
@mitchellhenke mitchellhenke merged commit daf7265 into main Mar 30, 2022
@mitchellhenke mitchellhenke deleted the mitchellhenke/no-nil-pii branch March 30, 2022 15:24
mitchellhenke pushed a commit that referenced this pull request Mar 30, 2022
Do not attempt to convert nil into PII attributes (#6124)
6ddd40f 
changelog: Bug Fixes, Account Management, Request password to decrypt PII before regenerating personal key
aduth
aduth reviewed Mar 30, 2022
View reviewed changes
app/models/profile.rb
def recover_pii(personal_key)
encryptor = Encryption::Encryptors::PiiEncryptor.new(personal_key)
decrypted_recovery_json = encryptor.decrypt(encrypted_pii_recovery, user_uuid: user.uuid)
return nil if JSON.parse(decrypted_recovery_json).nil?
Copy link
Contributor

@aduth aduth Mar 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this have been implemented in Pii::Attributes.new_from_json to avoid double-parsing, and since we already have at least one check there already?

Here:

identity-idp/app/services/pii/attributes.rb

Lines 22 to 24 in daf7265

return new if pii_json.blank?
pii = JSON.parse(pii_json, symbolize_names: true)
new_from_hash(pii) 

      return new if pii_json.blank?
      pii = JSON.parse(pii_json, symbolize_names: true)
      return new if pii.blank?
      new_from_hash(pii)

Copy link
Contributor Author

@mitchellhenke mitchellhenke Mar 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It could, yeah

The competing factor is this is so far only known to affect recovery PII, and Pii::Attributes is used in more places and this is a quicker fix, so I opted towards the smaller scope, though it should definitely be given a fuller consideration in the follow-up work.

Copy link
Contributor

@zachmargolis zachmargolis Mar 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we have done a truthiness check? in case the value was a literal false ?

Copy link
Contributor Author

@mitchellhenke mitchellhenke Mar 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think for the specific case here the problem value is nil, but we could expand it to be anything that is not a Hash since that's really the only valid type (and we could also validate that it has the expected keys, etc. if we wanted as well)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mdiarra3 mdiarra3 mdiarra3 approved these changes

@jmhooper jmhooper Awaiting requested review from jmhooper

+2 more reviewers

@zachmargolis zachmargolis zachmargolis left review comments

@aduth aduth aduth left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mitchellhenke @zachmargolis @aduth @mdiarra3