Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable to validate by old system secret #1249

Merged
merged 3 commits into from
Jan 3, 2019
Merged

Enable to validate by old system secret #1249

merged 3 commits into from
Jan 3, 2019

Conversation

sawadashota
Copy link
Contributor

@sawadashota sawadashota commented Dec 27, 2018
edited
Loading

Related issue

none

Proposed changes

Enable to validate by old system secret when setting ROTATED_SYSTEM_SECRET.

Checklist

  • I have read the contributing guidelines
  • I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security
    vulnerability, I confirm that I got green light (please contact hi@ory.sh) from the maintainers to push the changes.
  • I signed the Developer's Certificate of Origin
    by signing my commit(s). You can amend your signature to the most recent commit by using git commit --amend -s. If you
    amend the commit, you might need to force push using git push --force HEAD:<branch>. Please be very careful when using
    force push.
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation within the code base (if appropriate)
  • I have documented my changes in the developer guide (if appropriate)

Further comments

none

@sawadashota
enable to validate by old system secret when setting `ROTATED_SYSTEM_…
7ece1fc 
…SECRET`

Signed-off-by: Shota SAWADA <xiootas@gmail.com>
@sawadashota sawadashota force-pushed the load_old_system_secret branch from 7c2e8d5 to 7ece1fc Compare December 27, 2018 12:21
@sawadashota
don't hash when rotated system secret is empty
9449b0e 
Signed-off-by: Shota SAWADA <xiootas@gmail.com>
@sawadashota sawadashota force-pushed the load_old_system_secret branch 2 times, most recently from 471248d to 2165eaa Compare December 27, 2018 15:33
@sawadashota
add test for rotated system secret getter
e0dd102 
Signed-off-by: Shota SAWADA <xiootas@gmail.com>
@sawadashota sawadashota force-pushed the load_old_system_secret branch from 2165eaa to e0dd102 Compare December 27, 2018 15:38
@aeneasr
Copy link
Member

aeneasr commented Jan 2, 2019

Could you explain in a few sentences what problem this solves?

@sawadashota
Copy link
Contributor Author

OK,
this PR solves following issue

Set old system secret as environment variable ROTATED_SYSTEM_SECRET however hydra doesn't validate access token created before rotated system secret

I found 2 causes

  • Package cmd doesn't load environment variable ROTATED_SYSTEM_SECRET
  • No codes inject HMACStrategy.RotatedGlobalSecrets rotated system secret

Therefore I created this PR!

@aeneasr
Copy link
Member

aeneasr commented Jan 3, 2019

That makes sense! It was intentional at first to not allow that but it makes sense. Thank you :)

@aeneasr aeneasr merged commit e2b88d2 into ory:master Jan 3, 2019
@sawadashota
Copy link
Contributor Author

Sorry for my poor description...
I will write more detail or create issue first next time!

@sawadashota sawadashota deleted the load_old_system_secret branch January 3, 2019 11:14
@aeneasr
Copy link
Member

aeneasr commented Jan 3, 2019

Don't worry about it :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sawadashota @aeneasr