Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(settings): Move remaining SensitveDataClient calls to new function #18136

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

jonalmeida
Copy link
Contributor

Because

  • We want to remove the remaining deprecated usages in the SensitiveDataClient.

This pull request

  • Replaces the last few calls to setData/getData with setDataType/getDataType.

Issue that this pull request solves

Closes: FXA-10849

Checklist

Put an x in the boxes that apply

  • My commit is GPG signed.
  • If applicable, I have modified or added tests which pass locally.
  • I have added necessary documentation (if appropriate).
  • I have verified that my changes render correctly in RTL (if appropriate).

Screenshots (Optional)

n/a

Other information (Optional)

n/a

@@ -67,7 +67,10 @@ export async function tryFinalizeUpgrade(
} finally {
// Clear out the state. No reason to keep trying this...
// Note that the upgradeClient will report issues to Sentry.
sensitiveDataClient.KeyStretchUpgradeData = undefined;
sensitiveDataClient.setDataType(
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Eek, missed this one in the previous large patch that landed yesterday after fixing the conflicts during the rebase.

Copy link
Contributor

@vpomerleau vpomerleau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the follow up! The small patch makes it easier to review.

Would recommend keeping the sensitiveDataClient for kb value in AccountRecoveryConfirmKey

const newRecoveryKey = formatRecoveryKey(newRecoveryKeyData.buffer);
// We keep the previous non-null assertion on 'newRecoveryKey' here because the
// flow dictates we definitely have it. This is not good practice.
const { recoveryKey: newRecoveryKeyData } = sensitiveDataClient.getDataType(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good call out. I'm wondering what the alternate would be - if recoveryKey is undefined, navigate to ResetPasswordConfirmed?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this is causing a type error that we do want to handle: https://mozilla-hub.atlassian.net/browse/FXA-10869

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, something like that would work. Basically the same flow/style how we use CompleteResetPasswordContainer.hasConfirmedRecoveryKey.

Would you prefer I should fix that in this patch, or in an (immediate) follow-up?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this is causing a type error that we do want to handle: https://mozilla-hub.atlassian.net/browse/FXA-10869

Oh cool. To double-check for my own sanity, I verified that my previous patch hasn't made it into the release where this exception occurs so this patch won't fix the problem, but it at least won't make it worse!

I think a separate patch for FXA-10869 will work with your solution.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think a separate patch for FXA-10869 will work with your solution.

I've updated this patch to point to the bug for now.

@@ -64,7 +63,6 @@ const AccountRecoveryConfirmKeyContainer = (_: RouteComponentProps) => {
uid
);

sensitiveDataClient.setData('reset', { kB });
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at this - I think the intent was to remove kB from location state and pass with sensitiveDataClient but we may have missed retrieving it from sensitiveDataClient in the CompleteResetPassword container. I don't think the duplication with location state was intentional, and we should treat kB as sensitive.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the catch, fixed!

private sensitiveData: { [key: string]: object } = {};

// TODO: Fast follow, use this pattern instead for simpler and better type safety.
public KeyStretchUpgradeData:
Copy link
Contributor

@dschom dschom Dec 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why store things in a map when we could just store on an object?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The map already existed before. I had moved the KeyStretchUpgradeData in a previous patch - this was the remaining bit.

If you're asking for the general case - my goal was to create a pattern that allowed others to copy-paste without thinking about it too much. I don't have strong opinions besides consistency, so if we get everything using the same pattern we can move everything over to holding it in either one.

Copy link
Contributor

@dschom dschom Dec 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was one of the original reviewers on the sensitive data client. I wish I would have said something/caught this when it was created. When I added the KeyStrechUpgrade data field, it was my intent to go back and clean this up by switching over to using object fields.

As far as I can see, there really isn't a reason to have the map. We can use fields on the object directly. I'd recommend fixing this up. IMO, using a generic here is a misuse of generics.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants