Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: refactor internal API to prevent panics #4028

Merged
merged 1 commit into from
Aug 12, 2024
Merged

fix: refactor internal API to prevent panics #4028

merged 1 commit into from
Aug 12, 2024

Conversation

zepatrik
Copy link
Member

@zepatrik zepatrik commented Aug 9, 2024
edited
Loading

I noticed a nil-pointer dereference panic in github.com/ory/kratos/selfservice/strategy/code.(*Strategy).handleVerificationError

The problem really is that the internal API use(d) pointers where it was not necessary, and lacked nil checks elsewhere. This change adds nil checks, and also improves the internal API to avoid pointers when not strictly needed.

@zepatrik zepatrik requested review from aeneasr and hperl as code owners August 9, 2024 13:11
@zepatrik zepatrik changed the title fix(refactor): internal API to prevent panics fix(refactor): refactor internal API to prevent panics Aug 9, 2024
zepatrik
zepatrik commented Aug 9, 2024
View reviewed changes
selfservice/strategy/code/strategy_verification.go
f.UI.GetNodes().Upsert(
node.NewInputField("email", body.Email, node.CodeGroup, node.InputAttributeTypeEmail, node.WithRequiredInputAttribute).WithMetaLabel(text.NewInfoNodeInputEmail()),
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could panic.

selfservice/strategy/link/strategy_verification.go
f.UI.GetNodes().Upsert(
// v0.5: form.Field{Name: "email", Type: "email", Required: true, Value: body.Body.Email}
node.NewInputField("email", body.Email, node.LinkGroup, node.InputAttributeTypeEmail, node.WithRequiredInputAttribute).WithMetaLabel(text.NewInfoNodeInputEmail()),
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could also panic.

@codecov Codecov
Copy link

codecov bot commented Aug 9, 2024

Codecov Report

Attention: Patch coverage is 61.65049% with 79 lines in your changes missing coverage. Please review.

Project coverage is 78.37%. Comparing base (955bd8f) to head (fd6fffe).
Report is 2 commits behind head on master.

Files Patch % Lines
selfservice/strategy/lookup/settings.go 59.25% 4 Missing and 7 partials ⚠️
selfservice/strategy/code/strategy_verification.go 44.44% 10 Missing ⚠️
selfservice/strategy/link/strategy_verification.go 52.38% 10 Missing ⚠️
...fservice/strategy/profile/two_step_registration.go 20.00% 7 Missing and 1 partial ⚠️
selfservice/strategy/webauthn/registration.go 56.25% 7 Missing ⚠️
selfservice/strategy/totp/settings.go 72.72% 4 Missing and 2 partials ⚠️
selfservice/strategy/idfirst/strategy_login.go 37.50% 5 Missing ⚠️
selfservice/strategy/password/registration.go 54.54% 5 Missing ⚠️
selfservice/strategy/passkey/passkey_settings.go 55.55% 4 Missing ⚠️
selfservice/strategy/password/login.go 66.66% 3 Missing ⚠️
... and 5 more
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4028      +/-   ##
==========================================
+ Coverage   78.35%   78.37%   +0.02%     
==========================================
  Files         370      370              
  Lines       26113    26120       +7     
==========================================
+ Hits        20460    20472      +12     
+ Misses       4094     4090       -4     
+ Partials     1559     1558       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@zepatrik zepatrik changed the title fix(refactor): refactor internal API to prevent panics fix: refactor internal API to prevent panics Aug 9, 2024
@zepatrik zepatrik merged commit 81bc152 into master Aug 12, 2024
29 of 34 checks passed
@zepatrik zepatrik deleted the fix/verification-error-panic branch August 12, 2024 08:37
EPoikans pushed a commit to OskarsPakers/kratos that referenced this pull request Aug 13, 2024
@zepatrik
fix: refactor internal API to prevent panics (ory#4028)
2887a0b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr aeneasr approved these changes

@hperl hperl Awaiting requested review from hperl

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zepatrik @aeneasr