Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added caching of Github credentials #1792

Merged
merged 6 commits into from
Jul 16, 2021
Merged

Added caching of Github credentials #1792

merged 6 commits into from
Jul 16, 2021

Conversation

chownces
Copy link
Contributor

Description

DO NOT MERGE YET (potential security risk)

I'm not sure how our GitHub OAuth app has been configured, but by default the access tokens do not have an expiry date... The optional setting for expiring tokens as stated in GitHub's documentation seems to be missing too.

This is potentially very dangerous, as we are storing this account-wide access token in local storage.

Type of change

  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update

How to test

Log in to our GitHub Assessments page and refresh the browser.

Checklist

  • I have tested this code
  • I have updated the documentation

@chownces chownces linked an issue Jun 14, 2021 that may be closed by this pull request
Github interface: caching credentials #1728
Closed
@coveralls
Copy link

coveralls commented Jun 14, 2021
edited
Loading

Pull Request Test Coverage Report for Build 967129830

  • 8 of 9 (88.89%) changed or added relevant lines in 4 files are covered.
  • 1 unchanged line in 1 file lost coverage.
  • Overall coverage increased (+0.03%) to 30.102%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/commons/sagas/GitHubPersistenceSaga.ts 1 2 50.0%
Files with Coverage Reduction New Missed Lines %
src/commons/sagas/GitHubPersistenceSaga.ts 1 13.51%
Totals Coverage Status
Change from base Build 966753988: 0.03%
Covered Lines: 3213
Relevant Lines: 9833
💛 - Coveralls

@coveralls
Copy link

coveralls commented Jun 29, 2021
edited
Loading

Pull Request Test Coverage Report for Build 1035823582

  • 8 of 9 (88.89%) changed or added relevant lines in 4 files are covered.
  • 1 unchanged line in 1 file lost coverage.
  • Overall coverage increased (+0.03%) to 30.041%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/commons/sagas/GitHubPersistenceSaga.ts 1 2 50.0%
Files with Coverage Reduction New Missed Lines %
src/commons/sagas/GitHubPersistenceSaga.ts 1 13.51%
Totals Coverage Status
Change from base Build 1028531753: 0.03%
Covered Lines: 3201
Relevant Lines: 9811
💛 - Coveralls

@martin-henz martin-henz marked this pull request as ready for review July 16, 2021 00:29
@martin-henz martin-henz requested review from martin-henz and removed request for ChengGeng97 July 16, 2021 02:49
martin-henz
martin-henz approved these changes Jul 16, 2021
View reviewed changes
Copy link
Member

@martin-henz martin-henz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security concerns discussed (and dismissed) in telegram "SA 2122 Summer Development"

@martin-henz martin-henz merged commit e7924fd into source-academy:master Jul 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martin-henz martin-henz martin-henz approved these changes

@angelsl angelsl Awaiting requested review from angelsl

@chekjun chekjun Awaiting requested review from chekjun

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Github interface: caching credentials
3 participants
@chownces @coveralls @martin-henz