Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable to validate by old system secret #1249

Merged
merged 3 commits into from Jan 3, 2019

Conversation

Projects
None yet
2 participants
@sawadashota
Copy link
Contributor

commented Dec 27, 2018

Related issue

none

Proposed changes

Enable to validate by old system secret when setting ROTATED_SYSTEM_SECRET.

Checklist

  • I have read the contributing guidelines
  • I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security
    vulnerability, I confirm that I got green light (please contact hi@ory.sh) from the maintainers to push the changes.
  • I signed the Developer's Certificate of Origin
    by signing my commit(s). You can amend your signature to the most recent commit by using git commit --amend -s. If you
    amend the commit, you might need to force push using git push --force HEAD:<branch>. Please be very careful when using
    force push.
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation within the code base (if appropriate)
  • I have documented my changes in the developer guide (if appropriate)

Further comments

none

enable to validate by old system secret when setting `ROTATED_SYSTEM_…
…SECRET`

Signed-off-by: Shota SAWADA <xiootas@gmail.com>

@sawadashota sawadashota force-pushed the sawadashota:load_old_system_secret branch from 7c2e8d5 to 7ece1fc Dec 27, 2018

don't hash when rotated system secret is empty
Signed-off-by: Shota SAWADA <xiootas@gmail.com>

@sawadashota sawadashota force-pushed the sawadashota:load_old_system_secret branch 2 times, most recently from 471248d to 2165eaa Dec 27, 2018

add test for rotated system secret getter
Signed-off-by: Shota SAWADA <xiootas@gmail.com>

@sawadashota sawadashota force-pushed the sawadashota:load_old_system_secret branch from 2165eaa to e0dd102 Dec 27, 2018

@aeneasr

This comment has been minimized.

Copy link
Member

commented Jan 2, 2019

Could you explain in a few sentences what problem this solves?

@sawadashota

This comment has been minimized.

Copy link
Contributor Author

commented Jan 3, 2019

OK,
this PR solves following issue

Set old system secret as environment variable ROTATED_SYSTEM_SECRET however hydra doesn't validate access token created before rotated system secret

I found 2 causes

  • Package cmd doesn't load environment variable ROTATED_SYSTEM_SECRET
  • No codes inject HMACStrategy.RotatedGlobalSecrets rotated system secret

Therefore I created this PR!

@aeneasr

This comment has been minimized.

Copy link
Member

commented Jan 3, 2019

That makes sense! It was intentional at first to not allow that but it makes sense. Thank you :)

@aeneasr aeneasr merged commit e2b88d2 into ory:master Jan 3, 2019

7 checks passed

DCO DCO
Details
ci/circleci: build-docker Your tests passed on CircleCI!
Details
ci/circleci: format Your tests passed on CircleCI!
Details
ci/circleci: test Your tests passed on CircleCI!
Details
ci/circleci: test-e2e-jwt Your tests passed on CircleCI!
Details
ci/circleci: test-e2e-opaque Your tests passed on CircleCI!
Details
ci/circleci: test-e2e-plugin Your tests passed on CircleCI!
Details
@sawadashota

This comment has been minimized.

Copy link
Contributor Author

commented Jan 3, 2019

Sorry for my poor description...
I will write more detail or create issue first next time!

@sawadashota sawadashota deleted the sawadashota:load_old_system_secret branch Jan 3, 2019

@aeneasr

This comment has been minimized.

Copy link
Member

commented Jan 3, 2019

Don't worry about it :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.