Rework password checks in account renewal to rely on early_validation_checks #347
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jonasbardino
added this to the
Janitor service to handle vgrid cache updates and clean up, including pruning of account requests milestone
jonasbardino
force-pushed
the
fix/failed-password-hash-verification-during-account-renew
branch
from
f534171 to
2b5785a
Compare
|
Currently fails CI due to the unrelated #353. |
jonasbardino
changed the title
jonasbardino
force-pushed
the
fix/failed-password-hash-verification-during-account-renew
branch
from
2b5785a to
fa4b842
Compare
jonasbardino
added
the
follow-up pending
…ck_scramble calls in the recently introduced early_validation_checks during account request submission where original password is still available. Fix a use of load_account_dict using configuration where logger is expected. Add unit tests to cover a number of early_validation_checks cases. Still more tests pending e.g. to test renewal with legal and illegal password change.
…dvertently inverted. Rename var to pw_match for consistence. Fix string corruption in pickled MiG-user.db fixture file to allow proper use of password_hash values. Refactor the accountreq unit test module to split into peers testing and filter testing with shared init of users in the latter, too. Relies on the pickled user db from fixtures now. Add test coverage on account renewal for pw check and ID collision. Still acouple of TODOs with test coverage of suspended accounts and the a password to match the pickled hash.
…id_user_dn to make lint happy. Not a new issue but makes sense and adds consistence with other functions using it.
jonasbardino
force-pushed
the
fix/failed-password-hash-verification-during-account-renew
branch
from
fa4b842 to
fe627b2
Compare
jonasbardino
deleted the
fix/failed-password-hash-verification-during-account-renew
branch
jonasbardino
added
follow-up pending
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Rework password checks in account renewal to rely on
check_hash/check_scramblecalls in the recently introducedearly_validation_checksduring account request submission where original password is still available.Fix a use of
load_account_dictusing configuration where logger is expected.Add unit tests to cover a number of
early_validation_checkscases.NOTE: there are still a few tests pending improvements marked with TODO e.g. to better test account access renewal with legal and illegal password change. Tagged the PR with follow-up as we want the fix to land ASAP and the included unit tests are sufficient along with practical deployment tests.