Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Warning When Password Authentication is used in Mailupdates #1511

Merged
merged 14 commits into from
Aug 22, 2024
Merged

Add Warning When Password Authentication is used in Mailupdates #1511

merged 14 commits into from
Aug 22, 2024

Conversation

MiguelAHM
Copy link
Contributor

No description provided.

@MiguelAHM MiguelAHM marked this pull request as ready for review August 19, 2024 07:50
@eshryane eshryane changed the title Add Warning When PASSWD is used in Mailupdates Add Warning When Password Authentication is used in Mailupdates Aug 20, 2024
@MiguelAHM MiguelAHM merged commit c3b873a into master Aug 22, 2024
1 check passed
@MiguelAHM MiguelAHM deleted the DB-5609-warn-when-using-passwd-mailupdates branch August 22, 2024 14:39
maggarwal13
maggarwal13 reviewed Oct 21, 2024
View reviewed changes
whois-api/src/test/java/net/ripe/db/whois/api/mail/dequeue/MessageServiceTestIntegration.java
@@ -24,6 +29,13 @@ public class MessageServiceTestIntegration extends AbstractMailMessageIntegratio
@Autowired
private MessageService messageService;

private static final String FORMATTED_PASSWORD_WARN = """
***Warning: Password authentication will be removed from Mailupdates in a future
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not use UpdateMessages.getText()

maggarwal13
maggarwal13 reviewed Oct 21, 2024
View reviewed changes
whois-api/src/main/java/net/ripe/db/whois/api/mail/dequeue/MessageDequeue.java
@@ -272,9 +274,19 @@ private void handleMessageInContext(final String messageId, final MimeMessage me

private void handleUpdates(final MailMessage mailMessage, final UpdateContext updateContext) {
final List<Update> updates = updatesParser.parse(updateContext, mailMessage.getContentWithCredentials());
addWarnIfPasswordExists(updateContext, updates);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought the story says that it should be controlled via feature flag ? If feature flag is set to false return warning and if set to true return error with default sets to false?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Put this change behind a feature flag so it can be enabled or disabled independently of Whois releases. If the flag is OFF then return a warning (make this the default). If the flag is ON then return an error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maggarwal13 maggarwal13 maggarwal13 approved these changes

@eshryane eshryane Awaiting requested review from eshryane eshryane is a code owner

@fmurodov fmurodov Awaiting requested review from fmurodov fmurodov is a code owner

@isvonja isvonja Awaiting requested review from isvonja isvonja is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MiguelAHM @maggarwal13