Skip to content
This repository has been archived by the owner on Sep 10, 2024. It is now read-only.

Commit

Permalink
Remove password from rego policy descriptions and Makefile
Browse files Browse the repository at this point in the history
  • Loading branch information
@reivilibre
reivilibre committed Jul 8, 2024
1 parent 9779a21 commit 911f6b2
Show file tree
Hide file tree
Showing 10 changed files with 29 additions and 93 deletions.
2 changes: 1 addition & 1 deletion crates/handlers/src/views/register.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,7 @@ pub(crate) async fn post(
}

let res = policy
.evaluate_register(&form.username, &form.password, &form.email)
.evaluate_register(&form.username, &form.email)
.await?;

for violation in res.violations {
Expand Down
13 changes: 4 additions & 9 deletions crates/policy/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,14 +204,9 @@ impl Policy {
pub async fn evaluate_register(
&mut self,
username: &str,
password: &str,
email: &str,
) -> Result<EvaluationResult, EvaluationError> {
let input = RegisterInput::Password {
username,
password,
email,
};
let input = RegisterInput::Password { username, email };

let [res]: [EvaluationResult; 1] = self
.instance
Expand Down Expand Up @@ -404,19 +399,19 @@ mod tests {
let mut policy = factory.instantiate().await.unwrap();

let res = policy
.evaluate_register("hello", "hunter2", "[email protected]")
.evaluate_register("hello", "[email protected]")
.await
.unwrap();
assert!(!res.valid());

let res = policy
.evaluate_register("hello", "hunter2", "[email protected]")
.evaluate_register("hello", "[email protected]")
.await
.unwrap();
assert!(res.valid());

let res = policy
.evaluate_register("hello", "hunter2", "[email protected]")
.evaluate_register("hello", "[email protected]")
.await
.unwrap();
assert!(!res.valid());
Expand Down
6 changes: 1 addition & 5 deletions crates/policy/src/model.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,7 @@ impl EvaluationResult {
#[cfg_attr(feature = "jsonschema", derive(schemars::JsonSchema))]
pub enum RegisterInput<'a> {
#[serde(rename = "password")]
Password {
username: &'a str,
password: &'a str,
email: &'a str,
},
Password { username: &'a str, email: &'a str },

#[serde(rename = "upstream-oauth2")]
UpstreamOAuth2 {
Expand Down
26 changes: 23 additions & 3 deletions frontend/src/gql/fragment-masking.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,25 +20,45 @@ export function useFragment<TType>(
_documentNode: DocumentTypeDecoration<TType, any>,
fragmentType: FragmentType<DocumentTypeDecoration<TType, any>>
): TType;
// return nullable if `fragmentType` is undefined
export function useFragment<TType>(
_documentNode: DocumentTypeDecoration<TType, any>,
fragmentType: FragmentType<DocumentTypeDecoration<TType, any>> | undefined
): TType | undefined;
// return nullable if `fragmentType` is nullable
export function useFragment<TType>(
_documentNode: DocumentTypeDecoration<TType, any>,
fragmentType: FragmentType<DocumentTypeDecoration<TType, any>> | null
): TType | null;
// return nullable if `fragmentType` is nullable or undefined
export function useFragment<TType>(
_documentNode: DocumentTypeDecoration<TType, any>,
fragmentType: FragmentType<DocumentTypeDecoration<TType, any>> | null | undefined
): TType | null | undefined;
// return array of non-nullable if `fragmentType` is array of non-nullable
export function useFragment<TType>(
_documentNode: DocumentTypeDecoration<TType, any>,
fragmentType: Array<FragmentType<DocumentTypeDecoration<TType, any>>>
): Array<TType>;
// return array of nullable if `fragmentType` is array of nullable
export function useFragment<TType>(
_documentNode: DocumentTypeDecoration<TType, any>,
fragmentType: Array<FragmentType<DocumentTypeDecoration<TType, any>>> | null | undefined
): Array<TType> | null | undefined;
// return readonly array of non-nullable if `fragmentType` is array of non-nullable
export function useFragment<TType>(
_documentNode: DocumentTypeDecoration<TType, any>,
fragmentType: ReadonlyArray<FragmentType<DocumentTypeDecoration<TType, any>>>
): ReadonlyArray<TType>;
// return array of nullable if `fragmentType` is array of nullable
// return readonly array of nullable if `fragmentType` is array of nullable
export function useFragment<TType>(
_documentNode: DocumentTypeDecoration<TType, any>,
fragmentType: ReadonlyArray<FragmentType<DocumentTypeDecoration<TType, any>>> | null | undefined
): ReadonlyArray<TType> | null | undefined;
export function useFragment<TType>(
_documentNode: DocumentTypeDecoration<TType, any>,
fragmentType: FragmentType<DocumentTypeDecoration<TType, any>> | ReadonlyArray<FragmentType<DocumentTypeDecoration<TType, any>>> | null | undefined
): TType | ReadonlyArray<TType> | null | undefined {
fragmentType: FragmentType<DocumentTypeDecoration<TType, any>> | Array<FragmentType<DocumentTypeDecoration<TType, any>>> | ReadonlyArray<FragmentType<DocumentTypeDecoration<TType, any>>> | null | undefined
): TType | Array<TType> | ReadonlyArray<TType> | null | undefined {
return fragmentType as any;
}

Expand Down
2 changes: 0 additions & 2 deletions policies/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ INPUTS := \
client_registration.rego \
register.rego \
authorization_grant.rego \
password.rego \
email.rego

ifeq ($(DOCKER), 1)
Expand All @@ -27,7 +26,6 @@ policy.wasm: $(INPUTS)
-e "client_registration/violation" \
-e "register/violation" \
-e "authorization_grant/violation" \
-e "password/violation" \
-e "email/violation" \
$^
tar xzf bundle.tar.gz /policy.wasm
Expand Down
30 changes: 0 additions & 30 deletions policies/password.rego
View file

This file was deleted.

29 changes: 0 additions & 29 deletions policies/password_test.rego
View file

This file was deleted.

9 changes: 0 additions & 9 deletions policies/register.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
package register

import data.email as email_policy
import data.password as password_policy

import future.keywords.in

Expand Down Expand Up @@ -34,14 +33,6 @@ violation[{"msg": "unknown registration method"}] {
not input.registration_method in ["password", "upstream-oauth2"]
}

violation[object.union({"field": "password"}, v)] {
# Check if the registration method is password
input.registration_method == "password"

# Get the violation object from the password policy
some v in password_policy.violation
}

# Check that we supplied an email for password registration
violation[{"field": "email", "msg": "email required for password-based registration"}] {
input.registration_method == "password"
Expand Down
1 change: 0 additions & 1 deletion policies/register_test.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package register
mock_registration := {
"registration_method": "password",
"username": "hello",
"password": "Hunter2",
"email": "[email protected]",
}

Expand Down
4 changes: 0 additions & 4 deletions policies/schema/register_input.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
"type": "object",
"required": [
"email",
"password",
"registration_method",
"username"
],
Expand All @@ -21,9 +20,6 @@
"username": {
"type": "string"
},
"password": {
"type": "string"
},
"email": {
"type": "string"
}
Expand Down

0 comments on commit 911f6b2

Please sign in to comment.