Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIX] Fix tests for complete_signup #543

Merged
merged 4 commits into from
May 12, 2021
Merged

[FIX] Fix tests for complete_signup #543

merged 4 commits into from
May 12, 2021

Conversation

pranavrajpal
Copy link
Contributor

Please prefix your pull request with one of the following: [FEATURE] [FIX] [IMPROVEMENT].

In raising this pull request, I confirm the following (please check boxes):

  • I have read and understood the contributors guide.
  • I have checked that another pull request for this purpose does not exist.
  • I have considered, and confirmed that this submission will be valuable to others.
  • I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
  • I give this submission freely, and claim no ownership to its content.

My familiarity with the project is as follows (check one):

  • I have never used the project.
  • I have used the project briefly.
  • I have used the project extensively, but have not contributed previously.
  • I am an active contributor to the project.

This contains a few fixes for some tests for complete_signup in mod_auth. Those fixes are:

  • Fixing a race condition that caused the tests to fail if any of these tests ran more than 1 second after the set up code. More details about the bug can be found at [FIX] Fix incorrect PR comment generation #540 (comment) (fixed in a51ebfe)
  • Changing test_if_link_expired to actually test what would happen when using an expired link. Originally, it was testing what happened when sending an invalid HMAC with a time in the future, which coincidentally resulted in the same outcome. (fixed in cfa6f71)

I also added some logging to complete_signup for when the HMAC or expiry date is invalid to make it easier to debug problems like this if they ever happen again.

@pranavrajpal
Use separate expiry time for HMAC
a51ebfe 
Instead of using the time that the HMAC was created as the expiry time,
use a separate expiry time in the future. This prevents a race condition
where these tests will sometimes fail if they run more than 1 second as
the HMAC would have expired by then.

The expiry time is set to one year from the time that the set up code
runs. That should hopefully be enough time to run the tests, seeing as,
if these tests run for more than a year, we probably have bigger
problems.
@pranavrajpal
Make test_if_link_expired use correct expired HMAC
cfa6f71 
Currently test_if_link_expired uses a HMAC that is incorrect because it
uses a different expiry time than the one uses to generate the HMAC. On
top of this, it uses an expiry time in the future to test the response
when the HMAC is expired, when it should be using an expiry time in the
past.

This causes it to appear to still work because the complete_signup
request fails as expected, but that happens because the hash is
incorrect, not because the link is expired.

This commit fixes that bug to use the correct expiry time and HMAC
combination.
@pranavrajpal
Add logging for HMAC authentication fail
f433680 
Add some log statements to make it easier to debug why signup is
failing.

This doesn't leak any data that the user wouldn't already have
access to (they would probably already know what the expiry time was,
and if it wasn't past the expiry time, it's somewhat obvious that any
invalid registration response is caused by a bad HMAC), so this probably
wouldn't make us any more vulnerable to chosen ciphertext attacks that
rely on knowing when HMAC authentication failed (if any such attacks
even exist).
@pranavrajpal
Use correct expiry time in message for HMAC
092dd19 
Generating the HMAC should use the expiry time in the data, not the time
that the HMAC was created, because complete_signup uses the expiry time
to determine the data used to generate the HMAC.
@pranavrajpal
Copy link
Contributor Author

I don't really understand why the CI is failing. It seems to run all of the tests without failures, and then fails when it's trying to generate the coverage report with the error:

{'detail': ErrorDetail(string='Unable to locate build via Github Actions API. Please upload with the Codecov repository upload token to resolve issue.', code='not_found')}

I'm not very familiar with using Codecov, and I can't seem to find much information about this error online. Does anyone have more information about why this is happening?

@pranavrajpal pranavrajpal mentioned this pull request May 12, 2021
Merged
9 tasks
@codecov
Copy link

codecov bot commented May 12, 2021

Codecov Report

Merging #543 (092dd19) into master (eca27bd) will increase coverage by 0.03%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #543      +/-   ##
==========================================
+ Coverage   80.94%   80.98%   +0.03%     
==========================================
  Files          36       36              
  Lines        3589     3591       +2     
  Branches      408      408              
==========================================
+ Hits         2905     2908       +3     
  Misses        549      549              
+ Partials      135      134       -1
Flag Coverage Δ
unittests 80.98% <100.00%> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
mod_auth/controllers.py 84.02% <100.00%> (+0.42%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update eca27bd...092dd19. Read the comment docs.

thealphadollar
thealphadollar approved these changes May 12, 2021
View reviewed changes
Copy link
Contributor

@thealphadollar thealphadollar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@thealphadollar thealphadollar merged commit 7809700 into CCExtractor:master May 12, 2021
@thealphadollar
Copy link
Contributor

Hey Pranav, thanks for the fix. It was a temporary issue that got fixed by rerun of the CI.

@pranavrajpal pranavrajpal deleted the fix-test-race-condition branch May 12, 2021 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thealphadollar thealphadollar thealphadollar approved these changes

@canihavesomecoffee canihavesomecoffee Awaiting requested review from canihavesomecoffee canihavesomecoffee is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pranavrajpal @thealphadollar