-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hash 3PID lookups #184
Hash 3PID lookups #184
Conversation
Heads up that CI is probably never going to pass on this. |
Removed my assignment as this PR is currently waiting for review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some preliminary thoughts.
Whats the deal with CI? This can't really get merged with it failing. Also, what about some unit tests?
CI has been turned on but without a pipeline, hence it failing.
Blocked on #171 |
Co-Authored-By: Erik Johnston <erik@matrix.org>
…ent into anoa/hashing_3pid_lookups
Co-Authored-By: Erik Johnston <erik@matrix.org>
…ent into anoa/hashing_3pid_lookups
) | ||
self.db.commit() | ||
logger.info("v2 -> v3 schema migration complete") | ||
self._setSchemaVersion(3) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't we need to go back and hash the existing stuff?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That will be done on first run. Sydent checks to see if a pepper is configured in the database, and if not, generate one and rehash all 3PIDs:
Lines 186 to 194 in 424270b
hashing_metadata_store = HashingMetadataStore(self) | |
lookup_pepper = hashing_metadata_store.get_lookup_pepper() | |
if not lookup_pepper: | |
# No pepper defined in the database, generate one | |
lookup_pepper = generateAlphanumericTokenOfLength(5) | |
# Store it in the database and rehash 3PIDs | |
hashing_metadata_store.store_lookup_pepper(sha256_and_url_safe_base64, | |
lookup_pepper) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, OK. Though please add a comment there to say that it must be run before we start serving requests.
Does this all work correctly with canonicalised emails? I.e. things like case-insensitive etc. |
Sydent continues to make use of the @babolivier What is the status of updating this on |
@babolivier says the current state using |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a couple of trivial nits now
@erikjohnston https://matrix.org/docs/spec/identity_service/unstable#get-matrix-identity-api-v1 oh, maybe we should keep the empty 200 return on GET |
Have done this. Simple to remove in the future if we want to clean up that part of the spec for any reason. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only other question is why the local threepid assocs have hashes? Wouldn't we only ever be matching against the global ones?
Conclusion is it's not necessary but we'll remove it in a later PR. (issue #196) |
The implementation of matrix-org/matrix-spec-proposals#2134
TODO:
We need to have a think about how this will work in the replication use case in general. Obviously we don't want to replicate lookup hashes as the receiving server may have a different pepper/algorithm in use than the sending server.When we receive an association, we just rehash the address/medium combo with our own lookup pepper.