-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deprecate crypto-js #8607
deprecate crypto-js #8607
Conversation
This pull request fixes 2 alerts when merging f602c6c into 34e7405 - view on LGTM.com fixed alerts:
|
Codecov Report
@@ Coverage Diff @@
## main #8607 +/- ##
==========================================
- Coverage 77.94% 77.78% -0.17%
==========================================
Files 237 240 +3
Lines 16810 17112 +302
Branches 3613 3651 +38
==========================================
+ Hits 13102 13310 +208
- Misses 3581 3677 +96
+ Partials 127 125 -2
Continue to review full report at Codecov.
|
This pull request fixes 2 alerts when merging bd4404a into 85e9b97 - view on LGTM.com fixed alerts:
|
@@ -660,6 +657,7 @@ export default class CognitoUser { | |||
authParameters.USERNAME = this.username; | |||
authParameters.DEVICE_KEY = this.deviceKey; | |||
authenticationHelper.getLargeAValue((errAValue, aValue) => { | |||
console.log('get aValue', aValue); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want to keep this log here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good catch! no it is for my local debug, will remove it
* Converts this word array to a string. | ||
* | ||
* @param {Encoder} encoder (Optional) The encoding strategy to use. Default: CryptoJS.enc.Hex | ||
* |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe it is copied from the original file, somehow I feel like each version of the crypto-js keeps the same styles to respect the original author, but I will do a clean up on the format :)
}; | ||
|
||
/** | ||
* Abstract buffered block algorithm template. (checked, similar to crypto-es) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove "(checked, similar to crypto-es)"
/** | ||
* HMAC algorithm. | ||
*/ | ||
(function (algo) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you explain what the algo parameter is in this scenario?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(function (algo) { | ||
|
||
// Initialization and round constants tables | ||
const H = []; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why are the variable names H,K?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
default: jest.fn(() => ''), | ||
}; | ||
}); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should still have some tests for CryptoJSHelper.SHA256 I believe
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I need to think more of whether we want to add tests for it, as it is basically copied from third party logic. If we add test, we probably add similar tests like the original crypto-js. Adding test also means we want to maintain it, which I am trying to avoid.
close as the fix in crypto-js has been released #8626 |
This pull request has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs. Looking for a help forum? We recommend joining the Amplify Community Discord server |
Description of changes
Amplify has a dependency on crypto-js, yet we only use partial of its functions (Base64, SHA256, Hmac256). However, it is not actively maintained, and has introduced issue like NextJS bundle size to Amplify.
After reviewing available options, I decide to extract the Amplify needed codes from
cryto-js
, re-org and refactor a bit based on our own need, and put it in a single fileCryptoJSHelper
(the original partially implementedWordArray
is replaced as well). Below is a brief summary of build size comparison.Alternatives comparison
note: both crypto-js and crypto-es are forked and based on the original
crypto-js
from Jeff Wott, their codes (comments/logic/typing) are almost identical. This means the core algorithms/logics are stable. See more about its history.This is perhaps a temporary solution before we have a better option (either crypto-js merge the bundle size fix PR), or when
aws-cryto
supports more algorithm and flexible data type.Issue #, if available
#7570
#8256
Description of how you validated changes
Checklist
yarn test
passesBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.