Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add API endpoint to delete a registered user (resolves joohoi/acme-dns#177) #209

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add API endpoint to delete a registered user (resolves joohoi/acme-dns#177) #209

wants to merge 1 commit into from

Conversation

webcompas
Copy link

This PR implements an API endpoint to delete registered users if they aren't neded anymore. Please check and merge.

@coveralls
Copy link

coveralls commented Feb 5, 2020
edited

Coverage Status

Coverage decreased (-9.3%) to 81.272% when pulling 7910db2 on webcompas:feature_unregister into 19069f5 on joohoi:master.

@webcompas webcompas mentioned this pull request Feb 10, 2020
Closed
@joohoi
Copy link
Owner

joohoi commented Feb 10, 2020

The code looks good generally.

Only one thing pops up:
While I agree that having a proper UUID as username, the password itself doesn't provide much added security, it still is expected in the current code and I'd like the password to be provided and checked for now.

I'm going to be doing a more thorough review later on, but I don't expect large change requests to come up.

About the test coverage: there's plenty of error cases that are I'm not too concerned about testing, but I'd like you to add tests for one of them: the case where invalid subdomain is provided.

@webcompas
Copy link
Author

webcompas commented Feb 17, 2020
edited

I just reworked my changes and added the following improvements:

  • Unregistration requires the same authentication method as DNS updates.
  • With the unregistration request the user's subdomain has to be sent.
  • According tests were also added.

@joohoi Please review the changes and merge if you're OK with them.

@webcompas webcompas force-pushed the feature_unregister branch 3 times, most recently from d43b7e0 to 46a7c62 Compare February 18, 2020 10:02
@webcompas
Copy link
Author

@joohoi Unfortunately the changes haven't been merged yet for two weeks. Please review them and merge if you're OK with them.

@pfranck
Copy link

pfranck commented Jul 20, 2020

@joohoi Would be great if this PR is approved or let us know what we can do to make it better.

joohoi
joohoi requested changes Jul 20, 2020
View reviewed changes
Copy link
Owner

@joohoi joohoi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry that it took so long to get to review this PR. As noted below, I think there should be some changes made to the auth middleware flow, but otherwise this looks good.

auth.go
@@ -55,6 +55,40 @@ func Auth(update httprouter.Handle) httprouter.Handle {
}
}

// AuthUnregister middleware for unregister request
func AuthUnregister(unregister httprouter.Handle) httprouter.Handle {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not very happy about implementing a new authentication middleware, as the core functionality stays the same. I do realize however that the code does need refactoring here and is suboptimal for many parts. I still think that they should be merged.

Another issue that I have is that AuthUnregister endpoint doesn't respect the IP based allowlist, which I think it should. Even though I see the use cases where it would be nice to be able to omit this check (like losing control over an IP address, and wanting to clear up the registrations for that), it's still a security option that the user chooses when registering an acme-dns account and I believe should be restricted in all the subsequent requests.

@bitsofinfo
Copy link

any updates on this? would be great to be able to de-register....

@Ajedi32 Ajedi32 mentioned this pull request May 16, 2022
Open
@bitsofinfo
Copy link

@webcompas can this be updated/merged?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joohoi joohoi joohoi requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@webcompas @coveralls @joohoi @pfranck @bitsofinfo