Increased retention offer code entropy from 16-bit to 32-bit#26736
Increased retention offer code entropy from 16-bit to 32-bit#26736kevinansfield wants to merge 1 commit intomainfrom
Conversation
Retention offer codes now use Uint32Array instead of Uint16Array, generating 8-character hex codes instead of 4-character ones.
WalkthroughThis pull request modifies the retention offer code generation mechanism in the admin settings interface. The primary change increases the cryptographic randomness used for generating retention offer hashes from 16-bit to 32-bit values, resulting in hash strings of 8 hexadecimal characters instead of 4. The corresponding test suite is updated to validate the new 8-character format for both retention offer names and codes. Possibly related issues
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (1)
apps/admin-x-settings/src/components/settings/growth/offers/edit-retention-offer-modal.tsx (1)
453-455: Extract the hash formatter so the 8-character guarantee can be tested deterministically.This line is correct, but keeping the random generation and hex formatting inline makes the new width requirement hard to lock down. A future padding regression here would still slip past the current acceptance test most runs. Pulling this into a tiny helper would let you stub a value like
0x0000000aand assert0000000adirectly.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@apps/admin-x-settings/src/components/settings/growth/offers/edit-retention-offer-modal.tsx` around lines 453 - 455, Extract the inline hex-padding logic from createRetentionOffer into a small exported helper (e.g., formatHashHex or to8CharHex) that accepts a numeric value and returns an 8-character, zero-padded lowercase hex string; update createRetentionOffer to call this helper with the random number produced by crypto.getRandomValues, and add tests that import the helper and pass deterministic inputs (for example 0x0000000a) to assert it returns "0000000a". Ensure the helper is unit-tested for edge cases (0, max uint32, small values) so the 8-character padding requirement is enforced deterministically.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In
`@apps/admin-x-settings/src/components/settings/growth/offers/edit-retention-offer-modal.tsx`:
- Around line 453-455: Extract the inline hex-padding logic from
createRetentionOffer into a small exported helper (e.g., formatHashHex or
to8CharHex) that accepts a numeric value and returns an 8-character, zero-padded
lowercase hex string; update createRetentionOffer to call this helper with the
random number produced by crypto.getRandomValues, and add tests that import the
helper and pass deterministic inputs (for example 0x0000000a) to assert it
returns "0000000a". Ensure the helper is unit-tested for edge cases (0, max
uint32, small values) so the 8-character padding requirement is enforced
deterministically.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 171554a3-4ec0-44e2-86c1-14aecf0e0970
📒 Files selected for processing (2)
apps/admin-x-settings/src/components/settings/growth/offers/edit-retention-offer-modal.tsxapps/admin-x-settings/test/acceptance/membership/offers.test.ts
|
Closing in favor of #26738, which contains an additional length check for the offer name, as Stripe imposes a 40 char limit to coupon names |
2 participants
no issue
Uint32Arrayinstead ofUint16Array, generating 8-character hex codes instead of 4-character ones