Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: patch secure email change (double confirm) response format. #1241

Merged
merged 4 commits into from
Sep 6, 2023
Merged

fix: patch secure email change (double confirm) response format. #1241

merged 4 commits into from
Sep 6, 2023

Conversation

J0
Copy link
Contributor

@J0 J0 commented Sep 4, 2023
edited
Loading

What kind of change does this PR introduce?

There are two issues the PR aims to resolve:

  1. Currently, a Token Hash can be re-used twice in place of using the token hash send to the new email and a token has in the current mail. A solve attempt was originally made in fix: clear email change token when token hash is used #1240 but a test was added in this branch.

  2. Currently, the single confirmation response is slightly misformed and has an additional null param

CleanShot 2023-09-04 at 15 47 04@2x

This stems from the return in the transaction. sendJSON doesn't return an error. Consequently, he error returned by the transaction will be nil. This leads to

CleanShot 2023-09-04 at 15 47 41@2x

sendJSON(w, http.StatusOK, token) being run after sendJSON is callled which will write the token (nil in this case) to the existing singleConfirmationResponse. This in turn affects returned response for the first confirmation as the client library is unable to unpack the returned JSON with extra null leading to an error.

What is the new behavior?

Returns response
CleanShot 2023-09-04 at 15 50 07@2x

Additional context

TODO

  • Need to complete a test for the SecureEmailChange TokenHash to prevent a regression

@J0 J0 requested a review from silentworks September 4, 2023 11:50
@J0 J0 marked this pull request as ready for review September 5, 2023 09:17
@J0 J0 requested a review from a team as a code owner September 5, 2023 09:17
@J0 J0 mentioned this pull request Sep 5, 2023
Closed
@kangmingtay
Copy link
Member

nice one, thanks for catching this!

@J0 J0 merged commit 064e8a1 into master Sep 6, 2023
1 check passed
@J0 J0 deleted the j0/patch_email_change_double_confirmation branch September 6, 2023 03:09
@github-actions
Copy link
Contributor

github-actions bot commented Sep 6, 2023

🎉 This PR is included in version 2.95.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kangmingtay kangmingtay kangmingtay approved these changes

@silentworks silentworks Awaiting requested review from silentworks

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@J0 @kangmingtay