-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Start enforcing passwords on log in and sign up #2364
Conversation
ae3de03
to
0601159
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only some minor things, but frontend mostly looks fine
|
||
message SetPasswordReq { | ||
// the frontend should ask for the password twice and whatnot | ||
string new_password = 1 [ (sensitive) = true ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does grpc do to sensitive fields?
(Obviously unrelated to the frontend review, mainly curious about this)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's used in the backend to clear those fields before they're stored in to a debugging table:
couchers/app/backend/src/couchers/interceptors.py
Lines 185 to 195 in bfdfb49
def _sanitized_bytes(self, proto): | |
""" | |
Remove fields marked sensitive and return serialized bytes | |
""" | |
if not proto: | |
return None | |
new_proto = deepcopy(proto) | |
for name, descriptor in new_proto.DESCRIPTOR.fields_by_name.items(): | |
if descriptor.GetOptions().Extensions[annotations_pb2.sensitive]: | |
new_proto.ClearField(name) | |
return new_proto.SerializeToString() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Backend looks fine, two minor comments
89e9d35
to
0415a49
Compare
Start of the end of magic login links.
Backend checklist
autoflake -r -i --remove-all-unused-imports src && isort . && black .
inapp/backend
develop
if necessary for linear migration historyWeb frontend checklist
yarn format && yarn lint --fix
yarn lint