#399 Support blind key rotation

Merged
Plume_migration_agent merged 3 commits from blind-key-rotation into master 1 year ago

Fix #398

Fix #398 - [x] try to fetch user when receiving an invalid signature - [x] regenerate new key-pair when sending `Delete` activity
codecov[bot] commented 1 year ago (Migrated from github.com)
Owner

Codecov Report

Merging #399 into master will increase coverage by 0.21%.
The diff coverage is 0%.

@@            Coverage Diff             @@
##           master     #399      +/-   ##
==========================================
+ Coverage   27.87%   28.08%   +0.21%     
==========================================
  Files          63       63              
  Lines        7254     7405     +151     
==========================================
+ Hits         2022     2080      +58     
- Misses       5232     5325      +93
# [Codecov](https://codecov.io/gh/Plume-org/Plume/pull/399?src=pr&el=h1) Report > Merging [#399](https://codecov.io/gh/Plume-org/Plume/pull/399?src=pr&el=desc) into [master](https://codecov.io/gh/Plume-org/Plume/commit/3128e6a3b9963bda81f482e972eb853c0d564d35?src=pr&el=desc) will **increase** coverage by `0.21%`. > The diff coverage is `0%`. ```diff @@ Coverage Diff @@ ## master #399 +/- ## ========================================== + Coverage 27.87% 28.08% +0.21% ========================================== Files 63 63 Lines 7254 7405 +151 ========================================== + Hits 2022 2080 +58 - Misses 5232 5325 +93 ```
igalic (Migrated from github.com) reviewed 1 year ago
igalic (Migrated from github.com) left a comment

👀

Plume_migration_agent commented 1 year ago

should we be printing stuff here?

should we be printing stuff here?
trinity-1686a reviewed 1 year ago
trinity-1686a commented 1 year ago

I kept it because it was here before. If we had a proper logger this should get logged as this could be a an attack trial, but as it is, lost in stdout, I guess it’s more of a debugging print?

I kept it because it was here before. If we had a proper logger this should get logged as this could be a an attack trial, but as it is, lost in stdout, I guess it's more of a debugging print?
igalic (Migrated from github.com) reviewed 1 year ago
Plume_migration_agent commented 1 year ago

i was wondering where our (debugging) log was

i was wondering where our (debugging) log was
elegaanz (Migrated from github.com) reviewed 1 year ago
elegaanz (Migrated from github.com) left a comment

The code looks right, but I think I found a bug (maybe it’s only me). To reproduce:

  • Create a@plume.one and b@plume.two
  • Make them follow each other
  • a@plume.one posts two articles, they are received on plume.two as they should
  • a@plume.one deletes one of these articles, and it is deleted on plume.two too
  • a@plume.one waits more than 10 minutes, and delete the second article
  • the Delete activity gets rejected by plume.two

Edit: also note that the next activities from a@plume.one are correctly received by plume.two

elegaanz (Migrated from github.com) approved these changes 1 year ago
elegaanz (Migrated from github.com) left a comment

It is working now. 👍 (but I don’t understand what was wrong with the previous condition, and this one doesn’t make sense for me)

trinity-1686a commented 1 year ago
Owner

previously, the first if would match in case of invalid request, and the second would do exactly the same, match on invalid request. But the first block is the Ok(()) one, so on invalid request it would say “ok this is fine”.
Now the condition for the second if is inverted, so when the request is valid it returns Ok(()), when the request is invalid it returns the signature error

previously, the first `if` would match in case of invalid request, and the second would do exactly the same, match on invalid request. But the first block is the Ok(()) one, so on _invalid_ request it would say "ok this is fine". Now the condition for the second `if` is inverted, so when the request is _valid_ it returns Ok(()), when the request is invalid it returns the signature error

Reviewers

Plume_migration_agent approved these changes 1 year ago
The pull request has been merged as c4a4ea5b6c.
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This pull request currently doesn't have any dependencies.

Loading…
There is no content yet.