Skip to content

Inactive key fixes #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Sep 11, 2020
Merged

Inactive key fixes #66

merged 8 commits into from
Sep 11, 2020

Conversation

janste63
Copy link
Contributor

@janste63 janste63 commented Sep 2, 2020

I found two problems when I had the keys stored on a server with caching enabled.

  1. If the remote server responds with 304, then we will mark as inactive. But they are still active.
  2. When verifying a JWT the inactive keys weren't used, but it seems that the intention was that they should.

I've supplied two fixes for this together with some updated tests. I'm not 100% sure about the fix for the second problem.

@jschlyter jschlyter requested a review from rohe September 3, 2020 07:11
@jschlyter jschlyter self-assigned this Sep 3, 2020
c00kiemon5ter
c00kiemon5ter requested changes Sep 3, 2020
View reviewed changes
@jschlyter jschlyter added the bug label Sep 7, 2020
@jschlyter
Copy link
Collaborator

I've tried to repeat the errors from Travis in my own environment, but failed. Assistance needed by @c00kiemon5ter.

janste63 and others added 5 commits September 10, 2020 17:42
@janste63 @c00kiemon5ter
Fix 2 inactive key problems.
759bd39 
Fix that updated keys are marked as inactive if we get 304 from server.
Make sure we return inactive keys when calling get_jwt_verify_keys().
@janste63 @c00kiemon5ter
review updates
4558d6e
@janste63 @c00kiemon5ter
revert version bump
bbe6a05
@c00kiemon5ter
Minimize the diff
b0bea75 
Signed-off-by: Ivan Kanakarakis <[email protected]>
@c00kiemon5ter
Remove leftover assignment
603bb35 
Signed-off-by: Ivan Kanakarakis <[email protected]>
@c00kiemon5ter c00kiemon5ter force-pushed the inactive_key_fixes branch 3 times, most recently from 7f8ff6c to 33b8070 Compare September 10, 2020 18:43
c00kiemon5ter
c00kiemon5ter reviewed Sep 10, 2020
View reviewed changes
Copy link
Member

@c00kiemon5ter c00kiemon5ter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussion on the comment related to the breaking builds on travis.
Do not merge - we need to cleanup the debug calls.

@c00kiemon5ter c00kiemon5ter force-pushed the inactive_key_fixes branch 5 times, most recently from d494350 to 2ab36b6 Compare September 11, 2020 08:13
c00kiemon5ter
c00kiemon5ter reviewed Sep 11, 2020
View reviewed changes
rohe
rohe requested changes Sep 11, 2020
View reviewed changes
Copy link
Contributor

@rohe rohe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, but I find the updated = ( ... ) construct extremely unreadable.

@c00kiemon5ter c00kiemon5ter requested a review from rohe September 11, 2020 08:48
@rohe rohe merged commit de0b9bc into IdentityPython:develop Sep 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jschlyter jschlyter jschlyter left review comments

@c00kiemon5ter c00kiemon5ter c00kiemon5ter approved these changes

@rohe rohe rohe approved these changes

Assignees

@jschlyter jschlyter

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@janste63 @jschlyter @c00kiemon5ter @rohe