Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: enforce VAPID aud #225

Merged
merged 1 commit into from
Oct 16, 2020
Merged

bug: enforce VAPID aud #225

merged 1 commit into from
Oct 16, 2020

Conversation

jrconlin
Copy link
Member

Issue: bug 1663922

Note The failing python tests may be fixed by mozilla-services/autopush#1432

@jrconlin jrconlin marked this pull request as draft September 11, 2020 22:22
@jrconlin
Copy link
Member Author

marked as draft until mozilla-services/autopush#1432 lands

@jrconlin jrconlin marked this pull request as ready for review October 2, 2020 21:28
@jrconlin jrconlin requested a review from a team October 2, 2020 21:29
@jrconlin jrconlin added this to In Review in Services Engineering via automation Oct 2, 2020
@jrconlin
Copy link
Member Author

jrconlin commented Oct 2, 2020

Adding directly to review queue since the source is bugzilla.

pjenvey
pjenvey reviewed Oct 6, 2020
View reviewed changes
autoendpoint/src/extractors/subscription.rs Outdated
validate_vapid_jwt(vapid)?;
validate_vapid_jwt(
vapid,
&format!("{}://{}", &state.settings.scheme, &state.settings.host),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you include the non standard ports in here (like the python now does)? Otherwise I think a mismatch could potentially hit someone when testing vapid locally.

Might make sense to make the formatted version w/ port a var or method on Settings.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah cool, we already have that method.

It does not hide the standard ports though, can we fix that here? Or making it a separate issue might make more sense in case it affects something else.

autopush already has logic for this.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, cool. Didn't know about that function.

I'll make a separate issue to fix that. #229

autoendpoint/src/extractors/subscription.rs Outdated Show resolved Hide resolved
tests/test_integration_all_rust.py Show resolved Hide resolved
@jrconlin jrconlin marked this pull request as draft October 7, 2020 00:09
@jrconlin
bug: enforce VAPID aud
cc322c6 
Issue: bug 1663922
@jrconlin jrconlin marked this pull request as ready for review October 9, 2020 21:44
@jrconlin jrconlin merged commit e396326 into master Oct 16, 2020
Services Engineering automation moved this from In Review to Done Oct 16, 2020
jrconlin added a commit that referenced this pull request Oct 16, 2020
@jrconlin
Revert "bug: enforce VAPID aud (#225)"
442e9d4 
This reverts commit e396326.
@jrconlin jrconlin deleted the bug/aud branch October 16, 2020 23:37
@jrconlin jrconlin mentioned this pull request Oct 16, 2020
Merged
@jrconlin jrconlin added the 3 Estimate - Small...ish label Oct 19, 2020
@tublitzed tublitzed moved this from Done to Archived in Services Engineering Oct 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pjenvey pjenvey pjenvey approved these changes

Assignees
No one assigned
Labels
3 Estimate - Small...ish
Projects
Services Engineering
  
Archived
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jrconlin @pjenvey