Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: make notification to unknown recipients configurable #3075

Merged
merged 19 commits into from Feb 14, 2023
Merged

feat: make notification to unknown recipients configurable #3075

merged 19 commits into from Feb 14, 2023

Conversation

jonas-jonas
Copy link
Contributor

@jonas-jonas jonas-jonas commented Feb 6, 2023
edited 

BREAKING CHANGES: Added the ability to configure whether the system should notify unknown recipients, if some tries to recover their account or verify their address ("anti-account-enumeration measures"). 
By default, Kratos no longer sends out these Emails. 
If you want to keep notifying unknown addresses (keep the current behavior), set `selfservice.flows.recovery.notify_unknown_recipients` to `true` for recovery, or `selfservice.flows.verification.notify_unknown_recipients` for verification flows.

Related issue(s)

Closes #2345 & supersedes #2585

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    security@ory.sh) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments

@codecov
Copy link

codecov bot commented Feb 6, 2023
edited

Codecov Report

Merging #3075 (e9985e3) into master (e3eb39e) will decrease coverage by 0.16%.
The diff coverage is 82.35%.

@@            Coverage Diff             @@
##           master    #3075      +/-   ##
==========================================
- Coverage   77.45%   77.30%   -0.16%     
==========================================
  Files         315      315              
  Lines       19955    19849     -106     
==========================================
- Hits        15457    15345     -112     
- Misses       3297     3309      +12     
+ Partials     1201     1195       -6
Impacted Files Coverage Δ
selfservice/strategy/code/code_sender.go 78.12% <78.57%> (+0.05%) ⬆️
selfservice/strategy/link/sender.go 71.17% <80.00%> (+1.06%) ⬆️
driver/config/config.go 82.87% <100.00%> (+0.10%) ⬆️
selfservice/strategy/code/strategy_recovery.go 70.19% <100.00%> (ø)
selfservice/strategy/link/strategy_recovery.go 62.71% <100.00%> (ø)
text/message_recovery.go 100.00% <100.00%> (ø)
text/message_verification.go 100.00% <100.00%> (ø)
cmd/courier/watch.go 63.01% <0.00%> (-9.59%) ⬇️
selfservice/strategy/link/strategy_verification.go 58.59% <0.00%> (-7.92%) ⬇️
selfservice/strategy/code/strategy_verification.go 75.11% <0.00%> (-4.33%) ⬇️
... and 2 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

jonas-jonas
jonas-jonas commented Feb 6, 2023
View reviewed changes
driver/config/config.go Outdated Show resolved Hide resolved
@jonas-jonas jonas-jonas self-assigned this Feb 6, 2023
@mszekiel mszekiel mentioned this pull request Feb 6, 2023
Closed
7 tasks
@jonas-jonas jonas-jonas marked this pull request as ready for review February 7, 2023 21:39
zepatrik
zepatrik reviewed Feb 8, 2023
View reviewed changes
Copy link
Member

@zepatrik zepatrik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found a few minor issues to improve this

driver/config/config.go Outdated Show resolved Hide resolved
selfservice/strategy/code/code_sender.go Show resolved Hide resolved
selfservice/strategy/code/code_sender.go Show resolved Hide resolved
selfservice/strategy/code/code_sender_test.go Outdated Show resolved Hide resolved
selfservice/strategy/code/code_sender.go Outdated Show resolved Hide resolved
selfservice/strategy/code/code_sender_test.go Show resolved Hide resolved
selfservice/strategy/code/code_sender_test.go Outdated Show resolved Hide resolved
selfservice/strategy/link/sender.go Outdated Show resolved Hide resolved
selfservice/strategy/link/sender.go Outdated Show resolved Hide resolved
selfservice/strategy/link/sender_test.go Show resolved Hide resolved
aeneasr
aeneasr reviewed Feb 8, 2023
View reviewed changes
Copy link
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking great! Should we add an e2e test covering this case? Or does it not make sense? I'm fine with both

text/message_recovery.go Outdated Show resolved Hide resolved
@jonas-jonas
Copy link
Contributor Author

Tests are failing, and I can't repro locally. Going to take another look tomorrow... 😓

@jonas-jonas jonas-jonas changed the title feat: disable mail dispatch for "invalid" recovery/verification emails feat(changelog): make notification to unknown recipients configurable Feb 8, 2023
@aeneasr
Copy link
Member

aeneasr commented Feb 8, 2023

Maybe the feature is enabled on accident for that e2e test, it looks like the test is expecting an email but not receiving one

@jonas-jonas
Copy link
Contributor Author

Maybe the feature is enabled on accident for that e2e test, it looks like the test is expecting an email but not receiving one

The config schema didn't match the config for the key. I fixed that.

Just to double-check, the config schema is manually written, right? And I assume, there is no practical way to generate it?

@jonas-jonas jonas-jonas changed the title feat(changelog): make notification to unknown recipients configurable feat: make notification to unknown recipients configurable Feb 9, 2023
@aeneasr
Copy link
Member

aeneasr commented Feb 9, 2023

Just to double-check, the config schema is manually written, right? And I assume, there is no practical way to generate it?

Correct and correct

@jonas-jonas
Copy link
Contributor Author

Should we add an e2e test covering this case?

I thought about this a bit, and IMO it doesn't make sense to test for an email not arriving. As in theory, we'd need to wait an indefinite amount of time to be sure that no email arrives. This would slow down the E2e test pipeline.

I have updated the existing tests that test for the email arriving to enable this feature.

We already test this config in the go-tests, by checking the DB, which is good enough, IMO.

jonas-jonas
jonas-jonas commented Feb 9, 2023
View reviewed changes
test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
@@ -292,7 +292,7 @@ context("2FA TOTP", () => {

// The React app keeps using the same flow. The following scenario used to be broken,
// because the internal context wasn't populated properly in the flow after settings were saved.
it.only("should allow changing other settings and then setting up totp", () => {
it("should allow changing other settings and then setting up totp", () => {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this was forgotten a few weeks ago. These tests are still passing, though. So crisis averted.

Would be great to have an ESLint rule or some mechanism to prevent .onlys ending up on master. But AFAICT, there is nothing of that sort for cypress :(

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes please! :)

jonas-jonas
jonas-jonas commented Feb 9, 2023
View reviewed changes
test/e2e/cypress/integration/profiles/verification/verify/errors.spec.ts
@@ -138,12 +140,15 @@ context("Account Verification Error", () => {
})
})

it("unable to verify non-existent account", async () => {
cy.get('input[name="email"]').type(gen.identity().email)
it("unable to verify non-existent account", () => {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

async prevented this test from being executed properly. So it never actually tested what it was supposed to.

I checked, and this seemed to be the only instance of an async test body.

aeneasr
aeneasr previously approved these changes Feb 13, 2023
View reviewed changes
Copy link
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, as discussed on Slack, one test change

@jonas-jonas
Copy link
Contributor Author

LGTM, as discussed on Slack, one test change

Added the test to the appropriate places.

@aeneasr aeneasr merged commit 1a5ead4 into master Feb 14, 2023
@aeneasr aeneasr deleted the jonas-jonas/feat/disableMailDispatch branch February 14, 2023 08:49
@uvinw uvinw mentioned this pull request Apr 11, 2023
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zepatrik zepatrik zepatrik left review comments

@kelkarajay kelkarajay kelkarajay left review comments

@aeneasr aeneasr aeneasr approved these changes

@mszekiel mszekiel Awaiting requested review from mszekiel

Assignees

@jonas-jonas jonas-jonas

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Disable mail dispatch on attempted account access
5 participants
@jonas-jonas @aeneasr @zepatrik @kelkarajay @mszekiel