-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Key derivation #889
Key derivation #889
Conversation
… Make it possible to get hold of the current encrypted token and its contents at the endpoints and the key operations, Introduce new errors for exceptional situations regarding token and keys, Remove temporary_key from user model, Derive user key from users password, Generate user key pair using the derived user key, Include sensitive content in the encrypted token, Update development and test db setup accordingly, Update some existing tests accordingly, Clean up some unused imports and Fix minor syntax issues encountered
The work is completed and ready to review. |
Codecov Report
@@ Coverage Diff @@
## dev #889 +/- ##
==========================================
+ Coverage 75.42% 76.29% +0.87%
==========================================
Files 29 29
Lines 2856 2915 +59
==========================================
+ Hits 2154 2224 +70
+ Misses 702 691 -11
Continue to review full report at Codecov.
|
…ted token, Add tests for invite and encrypted token, and authentication
…llision with the password hasher parameter
…for this and Clean up some unused imports
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Some variable names and docstrings etc needed but also not super vital and as with the last PR I can add it at some point.
I think you should make a note in the comment section that we need to do dds auth logout
and then login again for this to work.
Also:
dds_backend | [2022-02-17 10:43:06,633] project [DEBUG] Getting the private key.
dds_backend | 172.19.0.1 - - [17/Feb/2022 10:43:06] "GET /api/v1/proj/private?project=someunit00004 HTTP/1.1" 500 -
dds_backend | Traceback (most recent call last):
dds_backend | File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 2091, in __call__
dds_backend | return self.wsgi_app(environ, start_response)
dds_backend | File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 2076, in wsgi_app
dds_backend | response = self.handle_exception(e)
dds_backend | File "/usr/local/lib/python3.10/site-packages/flask_restful/__init__.py", line 271, in error_router
dds_backend | return original_handler(e)
dds_backend | File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 2073, in wsgi_app
dds_backend | response = self.full_dispatch_request()
dds_backend | File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1518, in full_dispatch_request
dds_backend | rv = self.handle_user_exception(e)
dds_backend | File "/usr/local/lib/python3.10/site-packages/flask_restful/__init__.py", line 271, in error_router
dds_backend | return original_handler(e)
dds_backend | File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1516, in full_dispatch_request
dds_backend | rv = self.dispatch_request()
dds_backend | File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1502, in dispatch_request
dds_backend | return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
dds_backend | File "/usr/local/lib/python3.10/site-packages/flask_restful/__init__.py", line 467, in wrapper
dds_backend | resp = resource(*args, **kwargs)
dds_backend | File "/usr/local/lib/python3.10/site-packages/flask/views.py", line 84, in view
dds_backend | return current_app.ensure_sync(self.dispatch_request)(*args, **kwargs)
dds_backend | File "/usr/local/lib/python3.10/site-packages/flask_restful/__init__.py", line 582, in dispatch_request
dds_backend | resp = meth(*args, **kwargs)
dds_backend | File "/usr/local/lib/python3.10/site-packages/flask_httpauth.py", line 172, in decorated
dds_backend | return self.ensure_sync(f)(*args, **kwargs)
dds_backend | File "/code/dds_web/api/dds_decorators.py", line 107, in wrapper_logging_bind_request
dds_backend | value = func(*args, **kwargs)
dds_backend | File "/code/dds_web/api/project.py", line 243, in get
dds_backend | {"private": obtain_project_private_key(auth.current_user(), project).hex().upper()}
dds_backend | TypeError: obtain_project_private_key() missing 1 required positional argument: 'project'
I didn't understand this. Could you please clarify? |
I try to download so the private key is needed and then I get this traceback. |
This seems like a bug for ProjectRequiredSchema. I will investigate... |
Problem found! It's because of the additional required token. Fixing it and writing more tests... |
…ns with token, Add tests for it, Rearrange and clarify some key related parameters, Clean up some unused imports
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good and I think it works as it should now!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good and the bug is fixed!
Change the way an invite token is verified and transferred to a user, Make it possible to get hold of the current encrypted token and its contents at the endpoints and the key operations, Introduce new errors for exceptional situations regarding token and keys, Remove temporary_key from user model, Derive user key from users password, Generate user key pair using the derived user key, Include sensitive content in the encrypted token, Update development and test db setup accordingly, Update some existing tests accordingly, Clean up some unused imports and Fix minor syntax issues encountered
Closes #738