Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Case insensitive tokens #249

Open
wants to merge 11 commits into
base: master
Choose a base branch
from
Open

Case insensitive tokens #249

wants to merge 11 commits into from
+51 −3

Conversation

StevenClontz
Copy link
Contributor

closes #248

@StevenClontz StevenClontz mentioned this pull request Feb 24, 2025
Open
@StevenClontz StevenClontz marked this pull request as ready for review February 24, 2025 16:29
bluefantail
bluefantail reviewed Mar 2, 2025
View reviewed changes
StevenClontz
StevenClontz commented Mar 2, 2025
View reviewed changes
mikker
mikker reviewed Mar 3, 2025
View reviewed changes
app/models/passwordless/session.rb Outdated
Comment on lines 35 to 38
def token=(token)
Passwordless.config.case_insensitive_tokens ? modified_token = token.upcase : modified_token = token
self.token_digest = Passwordless.digest(modified_token)
@token = (modified_token)
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should do anything at write time. Rather, let's just upcase in SQL when searching for tokens

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
def token=(token)
Passwordless.config.case_insensitive_tokens ? modified_token = token.upcase : modified_token = token
self.token_digest = Passwordless.digest(modified_token)
@token = (modified_token)
def token=(plaintext)
self.token_digest = Passwordless.digest(plaintext)
@token = (plaintext)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we have to do this at write time - we're persisting the token digest, not the token, so I believe we cannot upcase the token digest when searching for tokens.

mikker
mikker reviewed Mar 10, 2025
View reviewed changes
@StevenClontz StevenClontz requested a review from mikker March 10, 2025 16:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bluefantail bluefantail bluefantail left review comments

@mikker mikker Awaiting requested review from mikker

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support case-insensitive tokens?
3 participants
@StevenClontz @mikker @bluefantail